├── LICENSE ├── README.md ├── examples ├── bozohttpd.conf ├── empty.conf ├── namp.conf ├── nginx.conf ├── nginxflaskapi.conf ├── nginxnode.conf └── nginxphp.conf ├── include ├── define.sh ├── deps.sh ├── helpers.sh ├── mdns.sh └── platform.sh ├── sailor.sh └── ships ├── common ├── Darwin │ └── opt │ │ └── pkg │ │ ├── etc │ │ ├── gnupg │ │ │ └── pkgsrc.gpg │ │ ├── pkg_install.conf │ │ └── pkgin │ │ │ └── repositories.conf │ │ └── share │ │ └── gnupg │ │ └── pkgsrc-security.gpg ├── Linux │ └── etc │ │ ├── group │ │ ├── gshadow │ │ ├── hosts │ │ ├── login.defs │ │ ├── nsswitch.conf │ │ ├── passwd │ │ └── shadow ├── NetBSD │ └── etc │ │ ├── defaults │ │ ├── daily.conf │ │ ├── monthly.conf │ │ ├── pf.boot.conf │ │ ├── rc.conf │ │ ├── security.conf │ │ └── weekly.conf │ │ ├── group │ │ ├── master.passwd │ │ ├── mk.conf │ │ ├── nsswitch.conf │ │ ├── pam.d │ │ ├── README │ │ ├── cron │ │ ├── display_manager │ │ ├── ftpd │ │ ├── gdm │ │ ├── imap │ │ ├── kde │ │ ├── login │ │ ├── other │ │ ├── passwd │ │ ├── pop3 │ │ ├── ppp │ │ ├── racoon │ │ ├── rexecd │ │ ├── rsh │ │ ├── sshd │ │ ├── su │ │ ├── system │ │ ├── telnetd │ │ ├── xdm │ │ └── xserver │ │ ├── passwd │ │ ├── pwd.db │ │ └── spwd.db └── all │ └── etc │ ├── rc.conf │ ├── rc.subr │ └── services ├── namp └── usr │ └── pkg │ └── etc │ └── httpd │ └── httpd.conf ├── nginx └── usr │ └── pkg │ └── etc │ └── nginx │ └── nginx.conf ├── nginxflaskapi ├── PREFIX │ └── etc │ │ └── nginx │ │ ├── nginx.conf │ │ └── sites │ │ └── localhost └── var │ └── flask │ └── example.py ├── nginxnode ├── PREFIX │ └── etc │ │ └── nginx │ │ ├── nginx.conf │ │ └── sites │ │ └── localhost └── var │ └── node │ └── hello.js └── nginxphp ├── PREFIX └── etc │ ├── nginx │ ├── fastcgi_phpfpm │ ├── global.conf │ ├── logs.conf │ ├── nginx.conf │ ├── php.conf │ └── sites │ │ └── localhost │ ├── php-fpm.conf │ └── php.d │ └── extensions.ini └── var └── www └── php └── index.php /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2016 The NetBSD Foundation, Inc. 2 | All rights reserved. 3 | 4 | This code is derived from software contributed to The NetBSD Foundation 5 | by Emile `iMil' Heitor. 6 | 7 | Redistribution and use in source and binary forms, with or without 8 | modification, are permitted provided that the following conditions 9 | are met: 10 | 1. Redistributions of source code must retain the above copyright 11 | notice, this list of conditions and the following disclaimer. 12 | 2. Redistributions in binary form must reproduce the above copyright 13 | notice, this list of conditions and the following disclaimer in the 14 | documentation and/or other materials provided with the distribution. 15 | 16 | THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 17 | ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 18 | TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 19 | PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 20 | BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 21 | CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 22 | SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23 | INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 24 | CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 25 | ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 26 | POSSIBILITY OF SUCH DAMAGE. 27 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # sailor 2 | 3 | ## Wannabe portable container system 4 | 5 | **WARNING** this project is still under heavy development, use it at your own 6 | risk and `pull` frequently! 7 | 8 | `sailor` is based on [chroot][0] and [pkgin][1], it will create a `chrooted` 9 | environment containing _only_ the needed pieces in order to install and / or 10 | run a service. 11 | 12 | For now, `sailor` works on _NetBSD_, _Darwin / Mac OS X_ and _64-bit RHEL (including variants such as CentOS)_. 13 | 14 | Note that `sailor`'s goal is **not** to provide bullet-proof security, `chroot` 15 | is definitely not a trustable isolator; instead, `sailor` is a really 16 | convenient way of trying / testing an evironment without compromising your 17 | workstation filesystem. 18 | 19 | ## demo 20 | 21 | ![gif](https://imil.net/stuff/sailor.gif) 22 | 23 | ## requirements 24 | 25 | `sailor` needs the following third party tools: 26 | 27 | * `pkg_install` 28 | * `pkg_tarup` 29 | * `pkgin` 30 | * `rsync` 31 | 32 | _NetBSD_ users should have those by default, except for `rsync` which can be 33 | installed with `pkgin`. 34 | 35 | _Mac OS X_ users are encouraged to use the [Joyent OS X package repository][12] in order to have a working 36 | environment within seconds. 37 | 38 | _64-bit RHEL (including variants such as CentOS)_ users are encouraged to follow [Joyent Linux package repository][15] in order 39 | to install the required tools. 40 | 41 | ## usage 42 | 43 | * Create a ship 44 | 45 | ``` 46 | # ./sailor.sh build ./nginx.conf 47 | ``` 48 | 49 | * Run the ship 50 | 51 | ``` 52 | # ./sailor.sh start ./nginx.conf 53 | Starting nginx. 54 | ``` 55 | 56 | * List running ships 57 | 58 | ``` 59 | # ./sailor.sh ls 60 | ID | name | configuration file | uptime 61 | -------------------------------------------------------------------------------- 62 | 4ecd1896d35a66c7 | nginx | examples/nginx.conf | 00:01:05 63 | ``` 64 | 65 | * Stop a ship 66 | 67 | ``` 68 | # ./sailor.sh stop 4ecd1896d35a66c7 69 | ``` 70 | 71 | * Destroy a ship 72 | 73 | ``` 74 | # ./sailor.sh destroy ./nginx.conf 75 | ``` 76 | 77 | * Display the `rc.d` name for a service 78 | 79 | ``` 80 | # ./sailor.sh rcd apache 81 | likely name for service: apache 82 | ``` 83 | 84 | * Run commands in the ship 85 | 86 | ``` 87 | # ./sailor.sh run 4ecd1896d35a66c7 ps axuwww 88 | ``` 89 | 90 | * Enter a ship 91 | 92 | ``` 93 | # ./sailor.sh enter 4ecd1896d35a66c7 94 | ``` 95 | 96 | ## configuration file 97 | 98 | A ship is defined by its configuration file which contains: 99 | 100 | _mandatory_ 101 | 102 | * `shipname`: the convenient name you'd like to give to your ship 103 | * `shippath`: full path to your ship 104 | 105 | _most likely_ 106 | 107 | * `services`: the `rc.d` friendly names for services to run(*) 108 | * `packages`: the packages you'd like to install within your ship 109 | 110 | (*) the `rc.d` or _init_ script is generally bundled with the service package, 111 | it is it which is capable of starting or stopping the service. Most of the 112 | times, it has the same name as the service itself, but it is safer to check this 113 | out using `sailor`'s `rc.d` function. 114 | 115 | _optional_ 116 | 117 | * `shipbins`: binaries from the host system you'd like to copy to the ship 118 | * `ro_mounts`: read-only mount points to the ship (NetBSD only for now) 119 | * `rw_mounts`: read/write mount points to the ship (NetBSD only for now) 120 | * `ip_`: IP alias to add to `` 121 | 122 | `run_at_*` commands are run in the chroot: 123 | 124 | * `run_at_build`: run command at build time, can be repeated 125 | * `run_at_start`: run command at start time, can be repeated 126 | * `run_at_stop`: run command at stop time, can be repeated 127 | * `run_at_destroy`: run command at destroy time, can be repeated 128 | 129 | ## real life examples 130 | 131 | In these examples, we will use the `sudo -E` command to run `sailor` with `root` 132 | privileges but still keeping environment variables so the `${HOME}` variable 133 | in the `ship` configuration file is evaluated as our user's home directory. 134 | 135 | #### Fire up a fully working and isolated [nginx][3] + [php-fpm][4] stack 136 | 137 | [Download and install Joyent's OS X boostrap kit][12] if running Mac OS X 138 | 139 | ``` 140 | $ git clone https://github.com/NetBSDfr/sailor.git 141 | $ cd sailor 142 | $ sudo -E ./sailor.sh build examples/nginxphp.conf 143 | $ sudo -E ./sailor.sh start examples/nginxphp.conf 144 | Starting nginx. 145 | Starting php_fpm. 146 | 147 | nginx is listening on port 1080 148 | 149 | $ curl -I localhost:1080 150 | HTTP/1.1 200 OK 151 | Server: nginx/1.9.4 152 | Date: Mon, 11 Jan 2016 15:40:53 GMT 153 | Content-Type: text/html; charset=UTF-8 154 | Connection: keep-alive 155 | X-Powered-By: PHP/5.6.13 156 | ``` 157 | 158 | PHP source code can be found in `nginxphp/var/www/php` which you can `chown` to 159 | your own user and populate with the PHP code you want. 160 | 161 | `nginx` configuration is located in `nginxphp/opt/pkg/etc/nginx` (on OS X), you 162 | might want to change its listen port in 163 | `nginxphp/opt/pkg/etc/nginx/global.conf` 164 | 165 | #### Fire up a fully working and isolated [nginx][3] + [nodejs][6] stack 166 | 167 | [Download and install Joyent's OS X boostrap kit][12] if running Mac OS X 168 | 169 | ``` 170 | $ git clone https://github.com/NetBSDfr/sailor.git 171 | $ cd sailor 172 | $ sudo -E ./sailor.sh build examples/nginxnode.conf 173 | $ sudo -E ./sailor.sh start examples/nginxnode.conf 174 | Starting nginx. 175 | [PM2] Spawning PM2 daemon 176 | [PM2] PM2 Successfully daemonized 177 | [PM2] Starting hello.js in fork_mode (1 instance) 178 | [PM2] Done. 179 | ┌──────────┬────┬──────┬───────┬────────┬─────────┬────────┬────────┬──────────┐ 180 | │ App name │ id │ mode │ pid │ status │ restart │ uptime │ memory │ watching │ 181 | ├──────────┼────┼──────┼───────┼────────┼─────────┼────────┼────────┼──────────┤ 182 | │ hello │ 0 │ fork │ 12874 │ online │ 0 │ 0s │ 0 B │ disabled │ 183 | └──────────┴────┴──────┴───────┴────────┴─────────┴────────┴────────┴──────────┘ 184 | Use `pm2 show ` to get more details about an app 185 | 186 | nginx is listening on port 1080 187 | 188 | $ curl http://localhost:1080/ 189 | Hello from inside the chroot! 190 | ``` 191 | 192 | In this example, an [nginx][3] server is configured to act as a reverse proxy 193 | to a `nodejs` small web app. The application is started by the [pm2][7] process 194 | manager and listens on port 8080. This setup is based on [this great 195 | documentation][8] and automatize all the steps described. 196 | 197 | `node` source code can be found in `nginxphp/var/node` which you can `chown` to 198 | your own user and populate with the `node` code you want. 199 | 200 | #### Others examples 201 | 202 | A couple of other examples are available in the `examples` directory: 203 | 204 | * `namp.conf` 205 | 206 | A basic `apache` / `MySQL` / `PHP` stack 207 | 208 | * `nginx.conf` 209 | 210 | A simple `nginx` server 211 | 212 | * `nginxflaskapi.conf` 213 | 214 | A full `nginx` / `python` / `Flask` / `gunicorn` stack running [Flask-API][9] 215 | to provide an easily programmable `REST` interface. 216 | 217 | Probably more to come... 218 | 219 | ## greetings 220 | 221 | This software has been made possible under Mac OS X thanks to [Joyent][10] and 222 | in particular [Jonathan Perkin][11] who's maintaining OS X [pkgsrc binary 223 | packages][12]. 224 | 225 | Thanks to [Youri Mouton and his awesome work on Save OS X][13] which makes 226 | the use of [pkgin][1] on OS X even simpler. 227 | 228 | Finally, thanks to the [NetBSDfr][14] team for their support, tests and patches. 229 | 230 | Sailor icon by [Freeplk](https://www.flaticon.com/authors/freepik). 231 | 232 | [0]: https://en.wikipedia.org/wiki/Chroot 233 | [1]: http://pkgin.net 234 | [2]: http://saveosx.org/ 235 | [3]: http://nginx.org/ 236 | [4]: http://php.net/manual/en/install.fpm.php 237 | [5]: http://saveosx.org/download-and-install/ 238 | [6]: https://nodejs.org/en/ 239 | [7]: http://pm2.keymetrics.io/ 240 | [8]: https://www.digitalocean.com/community/tutorials/how-to-set-up-a-node-js-application-for-production-on-ubuntu-14-04 241 | [9]: http://www.flaskapi.org/ 242 | [10]: https://www.joyent.com/ 243 | [11]: https://www.perkin.org.uk/ 244 | [12]: https://pkgsrc.joyent.com/install-on-osx/ 245 | [13]: http://saveosx.org/ 246 | [14]: http://www.NetBSDfr.org/ 247 | [15]: https://pkgsrc.joyent.com/install-on-linux/ 248 | -------------------------------------------------------------------------------- /examples/bozohttpd.conf: -------------------------------------------------------------------------------- 1 | services="bozohttpd" 2 | shipname=bozohttpd 3 | shippath="${HOME}/sailor/bozohttpd" 4 | shipbins="/usr/libexec/bozohttpd /sbin/init /bin/ksh /sbin/mount /sbin/ifconfig /sbin/mount_ffs /sbin/route" 5 | -------------------------------------------------------------------------------- /examples/empty.conf: -------------------------------------------------------------------------------- 1 | shipname=empty 2 | shippath="${HOME}/src/sailor/empty" 3 | shipbins="/bin/ksh /usr/bin/printf" 4 | ip_lo0="192.168.101.1/24" 5 | 6 | run_at_build="printf '\\n\\nsuch lines\\nmany script\\n\\n'" 7 | run_at_build="echo 'wow'" 8 | 9 | run_at_start="printf 'starting!\\n'" 10 | run_at_stop="printf 'stopping!\\n'" 11 | 12 | run_at_status="printf 'running!\\n'" 13 | -------------------------------------------------------------------------------- /examples/namp.conf: -------------------------------------------------------------------------------- 1 | services="apache mysqld" 2 | shipname=namp 3 | packages="apache-2.4 mysql-server ap24-php56 php56-mysql php56-pdo_mysql" 4 | shippath="${HOME}/src/sailor/testnamp" 5 | shipbins="/bin/ksh /usr/bin/printf" 6 | ro_mounts="${HOME}/www" 7 | rw_mounts= 8 | 9 | run_at_start="printf '\\nApache is listening on port 2080\\n\\n'" 10 | -------------------------------------------------------------------------------- /examples/nginx.conf: -------------------------------------------------------------------------------- 1 | services="nginx" 2 | shipname=nginx 3 | packages="nginx" 4 | shippath="${HOME}/src/sailor/nginx" 5 | 6 | run_at_start="printf '\\nnginx is listening on port 1080\\n\\n'" 7 | -------------------------------------------------------------------------------- /examples/nginxflaskapi.conf: -------------------------------------------------------------------------------- 1 | services="nginx" 2 | shipname=nginxflaskapi 3 | packages="nginx py34-pip py34-flask" 4 | shippath="${HOME}/src/sailor/nginxflaskapi" 5 | # needed by pip 6 | shipbins="$(which uname)" 7 | 8 | pip="pip3.4" 9 | 10 | run_at_build="${pip} install Flask-API" 11 | run_at_build="${pip} install markdown" 12 | run_at_build="${pip} install gunicorn" 13 | 14 | run_at_start="cd /var/flask && gunicorn -u nginx -D --pid=/var/run/gunicorn.pid example:app" 15 | run_at_start="printf '\\nnginx is listening on port 1080\\n\\n'" 16 | 17 | run_at_stop="printf 'stopping gunicorn.. '" 18 | # note the single quotes in order not for the $() to be interpreted when 19 | # sourcing this configuration file 20 | run_at_stop='kill $(cat /var/run/gunicorn.pid)' 21 | run_at_stop="echo done" 22 | -------------------------------------------------------------------------------- /examples/nginxnode.conf: -------------------------------------------------------------------------------- 1 | # based on 2 | # https://www.digitalocean.com/community/tutorials/how-to-set-up-a-node-js-application-for-production-on-ubuntu-14-04 3 | services="nginx" 4 | shipname=nginxnode 5 | packages="nginx nodejs git-base sudo" 6 | shippath="${HOME}/src/sailor/nginxnode" 7 | 8 | run_at_build="npm install pm2 -g" 9 | 10 | # pm2 can't be told to run as a specific user 11 | run_at_start="cd /var/node && sudo -u nginx pm2 start hello.js" 12 | run_at_start="printf '\\nnginx is listening on port 1080\\n\\n'" 13 | 14 | run_at_stop="sudo -u nginx pm2 kill" 15 | -------------------------------------------------------------------------------- /examples/nginxphp.conf: -------------------------------------------------------------------------------- 1 | services="nginx php_fpm" 2 | shipname=nginxphp 3 | packages="nginx php56-fpm php56-mysql php56-mcrypt php56-mbstring php56-zlib" 4 | shippath="${HOME}/src/sailor/nginxphp" 5 | 6 | run_at_build="${mkdir} ${sysconfdir}/php.d" 7 | run_at_build="${pkg_info} -D ${packages}|${grep} -oE '(zend_)*extension=.+' >>${sysconfdir}/php.d/extensions.ini" 8 | 9 | run_at_start="printf '\\nnginx is listening on port 1080\\n\\n'" 10 | -------------------------------------------------------------------------------- /include/define.sh: -------------------------------------------------------------------------------- 1 | cat=$(command -v cat) 2 | sh=$(command -v sh) 3 | id=$(command -v id) 4 | pax="${debug}$(command -v pax) -rwpe" 5 | cp=$(${debug}command -v cp) 6 | chown=$(command -v chown) 7 | chmod=$(command -v chmod) 8 | awk=$(command -v awk) 9 | sort=$(command -v sort) 10 | grep=$(command -v grep) 11 | tar=$(command -v tar) 12 | mkdir="$(command -v mkdir) -p" 13 | touch=$(command -v touch) 14 | rm="$(command -v rm) -f" 15 | ls=$(command -v ls) 16 | od=$(command -v od) 17 | tr=$(command -v tr) 18 | mount=$(command -v mount) 19 | umount=$(command -v umount) 20 | curl=$(command -v curl) 21 | ifconfig=$(command -v ifconfig) 22 | useradd=$(command -v useradd) 23 | groupadd=$(command -v groupadd) 24 | ping=$(command -v ping) 25 | OS=$(uname -s) 26 | pkg_info=$(command -v pkg_info) 27 | 28 | # columns sizes for ls 29 | cols=${COLUMNS:-$(tput cols)} 30 | col1=$(($((${cols} * 23)) / 100)) 31 | col2=$(($((${cols} * 22)) / 100)) 32 | col3=$(($((${cols} * 30)) / 100)) 33 | col4=$(($((${cols} * 10)) / 100)) 34 | -------------------------------------------------------------------------------- /include/deps.sh: -------------------------------------------------------------------------------- 1 | # functions used to discover and copy libraries required by installed tools 2 | 3 | link_target() 4 | { 5 | lnk=${1} 6 | 7 | if [ -h ${lnk} ]; then 8 | realfile=`${readlink} ${lnk}` 9 | if [ -n "${realfile}" ]; then 10 | if [ ! -f ${realfile} ]; then 11 | d=$(dirname ${lnk}) 12 | realfile="${d}/${realfile}" 13 | fi 14 | reqs="${reqs} ${realfile}" 15 | fi 16 | fi 17 | } 18 | 19 | sync_reqs() 20 | { 21 | [ -z "${reqs}" ] && return 22 | 23 | printf "copying requirements for ${1}.. " 24 | for req in ${reqs} 25 | do 26 | # add symlinks targets 27 | link_target ${req} 28 | done 29 | 30 | ${pax} ${reqs} ${shippath}/ 31 | echo "done" 32 | } 33 | 34 | all_libs() { 35 | for l in `p_ldd ${1}` 36 | do 37 | # library already recorded ? 38 | if ! echo ${libs} | ${grep} -sq ${l}; then 39 | libs="${libs} ${l}" 40 | all_libs ${l} 41 | fi 42 | done 43 | } 44 | 45 | bin_requires() 46 | { 47 | libs="" 48 | reqs="" 49 | # grep link matches both symlinks and ELF executables ;) 50 | if file ${1}|${grep} -sqE '(link|Mach)'; then 51 | all_libs ${1} 52 | reqs="${libs} ${1}" 53 | 54 | sync_reqs ${1} 55 | fi 56 | 57 | [ -f ${1} ] && ${pax} ${1} ${shippath}/ 58 | } 59 | 60 | pkg_requires() 61 | { 62 | reqs="" 63 | # pkg=${1%-[0-9]*} 64 | pkg=${1} 65 | targets="$(${pkgin} pbd ${pkg}|${awk} -F= '/^REQUIRES=/ { print $2 }')" 66 | for req in ${targets} 67 | do 68 | [ -e ${req} ] && reqs="${reqs} ${req}" 69 | done 70 | 71 | sync_reqs ${pkg} 72 | } 73 | 74 | # extract needed tools from pkg_add install script 75 | need_tools() 76 | { 77 | tools="`${pkg_info} -i ${1} | \ 78 | ${awk} -F= '/^[^\=]+="\// {print $2}' | \ 79 | ${grep} -oE '/[^\"\ ]+' | ${sort} -u`" 80 | 81 | for t in ${tools} 82 | do 83 | [ -f ${t} -a -x ${t} ] && bin_requires ${t} 84 | done 85 | } 86 | 87 | get_pkg_deps() 88 | { 89 | pkg=${1} 90 | # retrieve dependencies names 91 | pkg_reqs="$(${pkgin} -y -P -c ${shippath} sfd ${pkg} | \ 92 | awk '/^\t/ {print $1}') ${pkg}" 93 | for p in ${pkg_reqs} 94 | do 95 | # package requirements already copied 96 | if echo "${pkg_reqs_done}"|${grep} -sq ${p}; then 97 | continue 98 | fi 99 | # install all dependencies requirements 100 | pkg_requires ${p} 101 | pkg_reqs_done="${pkg_reqs_done} ${p}" 102 | done 103 | } 104 | -------------------------------------------------------------------------------- /include/helpers.sh: -------------------------------------------------------------------------------- 1 | is_umounted() { 2 | if ! ${mount}|${grep} ${shippath}/${1} >/dev/null 2>&1; then 3 | return 0 4 | fi 5 | return 1 6 | } 7 | 8 | wait_umount() 9 | { 10 | while : 11 | do 12 | ${umount} ${shippath}/${1} >/dev/null 2>&1 13 | if is_umounted ${1}; then break; fi 14 | echo "waiting for ${1} to be released..." 15 | sleep 1 16 | done 17 | } 18 | 19 | epoch_to_hms() 20 | { 21 | secs=${1} 22 | 23 | h=$(( secs / 3600 )) 24 | m=$(( ( secs / 60 ) % 60 )) 25 | s=$(( secs % 60 )) 26 | 27 | printf "%02d:%02d:%02d\n" $h $m $s 28 | } 29 | -------------------------------------------------------------------------------- /include/mdns.sh: -------------------------------------------------------------------------------- 1 | # inspired from https://raw.githubusercontent.com/joyent/pkgbuild/master/scripts/mksandbox-osx 2 | 3 | PB="/usr/libexec/PlistBuddy" 4 | PLIST="/var/run/com.apple.mDNSResponder.plist" 5 | ENTRY="Sockets:Listeners" 6 | 7 | getent_id() 8 | { 9 | sockpath=${1}; plist=${2} 10 | i=0 11 | while : 12 | do 13 | sp=$(${PB} -c "Print ${ENTRY}:${i}:SockPathName" ${plist} 2>&1) 14 | 15 | [ $? -ne 0 ] && break 16 | 17 | if [ "${sp}" = "${sockpath}/var/run/mDNSResponder" ]; then 18 | echo ${i} 19 | break 20 | fi 21 | i=$(($i + 1)) 22 | done 23 | } 24 | 25 | mdns() 26 | { 27 | action=${1} 28 | 29 | PLIST_SYSTEM="/System/Library/LaunchDaemons/com.apple.mDNSResponder.plist" 30 | if [ ! -f ${PLIST} ]; then 31 | cp ${PLIST_SYSTEM} ${PLIST} 32 | ${DEBUG} launchctl unload ${PLIST_SYSTEM} 33 | ${DEBUG} launchctl load -w ${PLIST} 34 | fi 35 | 36 | addlist="/tmp/add.$$.plist" 37 | cat >${addlist}<<-EOF 38 | 39 | 40 | SockFamily 41 | Unix 42 | SockPathName 43 | ${shippath}/var/run/mDNSResponder 44 | SockPathMode 45 | 438 46 | 47 | 48 | EOF 49 | 50 | case ${action} in 51 | add) 52 | # Ensure Sockets:Listeners is an array. 53 | ${PB} -c "Print ${ENTRY}:0" ${PLIST} >/dev/null 2>&1 54 | if [ $? -ne 0 ]; then 55 | tmplist="/tmp/import.$$.plist" 56 | ${PB} -x -c "Print ${ENTRY}" ${PLIST} >${tmplist} 57 | ${PB} -c "Delete ${ENTRY}" ${PLIST} 58 | ${PB} -c "Add ${ENTRY} array" ${PLIST} 59 | ${PB} -c "Add ${ENTRY}:0 dict" ${PLIST} 60 | ${PB} -c "Merge ${tmplist} ${ENTRY}:0" ${PLIST} 61 | rm -f ${tmplist} 62 | fi 63 | ${PB} -c "Merge ${addlist} ${ENTRY}" ${PLIST} 64 | ;; 65 | del) 66 | i=$(getent_id ${shippath} ${PLIST}) 67 | [ -n "${i}" ] && \ 68 | ${PB} -c "Delete Sockets:Listeners:${i}" ${PLIST} 69 | ;; 70 | esac 71 | 72 | rm -f ${addlist} 73 | ${DEBUG} launchctl unload ${PLIST} 74 | ${DEBUG} launchctl load -w ${PLIST} 75 | # wait for name resolution to be ready 76 | [ "${action}" = "add" ] && while : 77 | do 78 | echo "waiting for resolver..." 79 | chroot ${shippath} \ 80 | ${ping} -c 1 localhost >/dev/null 2>&1 81 | [ $? -eq 0 ] && break 82 | sleep 1 83 | done 84 | } 85 | -------------------------------------------------------------------------------- /include/platform.sh: -------------------------------------------------------------------------------- 1 | # platform specific variables and functions 2 | 3 | # needed 3rd party programs 4 | for bin in pkg_info pkg_tarup pkgin rsync curl 5 | do 6 | binpath=$(command -v ${bin}) 7 | if [ -z "${binpath}" ]; then 8 | echo "${bin} is required for sailor to work (probably not in \$PATH)" 9 | exit 1 10 | fi 11 | eval ${bin}=${binpath} 12 | done 13 | 14 | rsync="${rsync} -av" 15 | 16 | case $OS in 17 | Darwin) 18 | . ${include}/mdns.sh 19 | 20 | p_ldd() { 21 | /usr/bin/otool -L ${1}|${awk} '/\/[lL]ib.+\(/ {print $1}' 22 | } 23 | mkdevs() { 24 | true 25 | } 26 | mounts() { 27 | mcmd=${1} 28 | 29 | case ${mcmd} in 30 | mount) 31 | ${mount} -t devfs devfs ${shippath}/dev 32 | ;; 33 | umount) 34 | wait_umount dev 35 | ;; 36 | esac 37 | } 38 | iflist() { 39 | ${ifconfig} -l 40 | } 41 | dns() { 42 | mdns ${1} 43 | } 44 | 45 | readlink=$(which readlink) 46 | master_passwd=master.passwd 47 | # dyld is OS X's dynamic loader 48 | # /System/Library/Frameworks* are needed by dscl which is needed by 49 | # useradd / groupadd wrappers 50 | SLF="/System/Library/Frameworks" 51 | def_bins="/usr/lib/dyld /usr/bin/dscl /usr/bin/cut /usr/bin/which \ 52 | ${SLF}/Foundation.framework/Versions/C/Foundation \ 53 | ${SLF}/DirectoryService.framework/Versions/A/DirectoryService \ 54 | ${SLF}/CoreFoundation.framework/Versions/A/CoreFoundation" 55 | # request-schema.plist needed for dscl 56 | def_files="/System/Library/OpenDirectory/request-schema.plist" 57 | ;; 58 | NetBSD) 59 | p_ldd() { 60 | /usr/bin/ldd -f'%p\n' ${1} 61 | } 62 | mkdevs() { 63 | ${cp} /dev/MAKEDEV ${shippath}/etc 64 | chroot ${shippath} sh -c "cd /dev && /etc/MAKEDEV -M std" 65 | } 66 | mounts() { 67 | mcmd=${1} 68 | # mount / umounts ro and ro mountpoints declared in 69 | # ship configuration file 70 | for mtype in ro rw 71 | do 72 | eval mnt=\$"${mtype}_mounts" 73 | [ -z "${mnt}" ] && continue 74 | for mp in ${mnt} 75 | do 76 | [ ! -d "${mp}" ] && continue 77 | ${mkdir} ${shippath}/${mp} 78 | [ "${mcmd}" = "mount" ] && \ 79 | ${loopmount} -o ${mtype} \ 80 | ${mp} ${shippath}/${mp} 81 | [ "${mcmd}" = "umount" ] && \ 82 | ${umount} ${shippath}/${mp} 83 | done 84 | done 85 | # umount devfs / tmpfs 86 | [ "${mcmd}" = "umount" ] && \ 87 | ${mount}|grep -q ${shippath}/dev && \ 88 | ${umount} ${shippath}/dev 89 | } 90 | iflist() { 91 | ${ifconfig} -l 92 | } 93 | dns() { 94 | true 95 | } 96 | 97 | readlink="$(which readlink) -f" 98 | master_passwd=master.passwd 99 | def_bins="/libexec/ld.elf_so /usr/libexec/ld.elf_so $(which pwd_mkdb)" 100 | for s in $(awk '/^[^#].+\.so/ {print $3}' /etc/pam.d/su) 101 | do 102 | def_bins="$def_bins /usr/lib/security/${s}*" 103 | done 104 | loopmount="/sbin/mount -t null" 105 | ;; 106 | Linux) 107 | # Linux is on the works right now 108 | p_ldd() { 109 | /usr/bin/ldd ${1}|${grep} -oE '[^[:space:]]*/lib[^[:space:]]+' 110 | } 111 | mkdevs() { 112 | true 113 | } 114 | mounts() { 115 | mcmd=${1} 116 | 117 | for m in run dev proc sys 118 | do 119 | case ${mcmd} in 120 | mount) 121 | ${mkdir} ${shippath}/${m} 122 | mount --bind /${m} ${shippath}/${m} 123 | ;; 124 | umount) 125 | wait_umount ${m} 126 | ;; 127 | esac 128 | done 129 | } 130 | iflist() { 131 | ls -1 /sys/class/net|xargs 132 | } 133 | dns() { 134 | true 135 | } 136 | 137 | readlink="$(which readlink) -f" 138 | master_passwd=shadow 139 | def_bins="/lib/ld-linux.so.2 /lib64/ld-linux-x86-64.so.2 \ 140 | /lib64/libresolv.so.2 /lib64/libnss_dns.so.2 \ 141 | /lib64/libnss_files.so.2" 142 | ;; 143 | esac 144 | 145 | # binaries needed by many packages and not listed in +INSTALL 146 | # most installation and startup scripts also need /bin/sh 147 | def_bins="${def_bins} ${useradd} ${groupadd} ${pkg_info} ${pkgin} \ 148 | /bin/sh /bin/test $(which nologin) /bin/echo /bin/ps /bin/sleep \ 149 | $(which sysctl) $(which logger) $(which kill) $(which printf) \ 150 | /bin/sh ${ping} /sbin/mknod /sbin/mount_tmpfs /sbin/mount_mfs \ 151 | /bin/cat /bin/ln /bin/chmod" 152 | -------------------------------------------------------------------------------- /sailor.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | include=include 4 | 5 | usage() 6 | { 7 | echo "usage: $0 build " 8 | echo " $0 start " 9 | echo " $0 stop " 10 | echo " $0 status " 11 | echo " $0 destroy " 12 | echo " $0 run ..." 13 | echo " $0 enter [user]" 14 | echo " $0 rcd " 15 | echo " $0 ls" 16 | exit 1 17 | } 18 | 19 | [ $# -lt 1 ] && usage 20 | 21 | cmd=${1} 22 | param=${2} 23 | 24 | . ${include}/define.sh 25 | 26 | prefix=$(${pkg_info} -QLOCALBASE pkgin) 27 | PATH=${PATH}:${prefix}/bin:${prefix}/sbin 28 | 29 | . ${include}/platform.sh 30 | . ${include}/deps.sh 31 | . ${include}/helpers.sh 32 | 33 | if [ "$(${id} -u)" != "0" ]; then 34 | echo "please run $0 with UID 0" 35 | exit 1 36 | fi 37 | 38 | reqs="" 39 | libs="" 40 | varbase=$(${pkg_info} -QVARBASE pkgin) 41 | varrun="${varbase}/run/sailor" 42 | sysconfdir=$(${pkg_info} -QPKG_SYSCONFDIR pkgin) 43 | globships=${sysconfdir}/sailor/ships 44 | 45 | : ${varbase:=/var} 46 | : ${sysconfdir:=${prefix}/etc} 47 | 48 | [ ! -d "${varrun}" ] && ${mkdir} ${varrun} 49 | 50 | # system path for ships configuration files 51 | _param=${globships}/${param} 52 | 53 | # ship parameter is a path 54 | if [ -e "${param}" ]; then 55 | param="$(dirname ${param})/$(basename ${param})" 56 | # parameter is a file, source it 57 | [ -f ${param} ] && . ${param} 58 | # try if ship configuration is a global system path 59 | elif [ -f ${_param} ]; then 60 | . ${_param} 61 | param=${_param} 62 | fi 63 | 64 | has_services() 65 | { 66 | [ -z "${services}" ] && return 1 || return 0 67 | } 68 | 69 | build() 70 | { 71 | # 1. ship directory does not exist 72 | # 2. ship directory exists but is empty (i.e. mount point) 73 | [ -z "$(ls -A ${shippath} 2>/dev/null)" ] && \ 74 | ${mkdir} -p ${shippath} || \ 75 | exit 1 76 | 77 | # copy binaries and dependencies from host 78 | for bin in ${def_bins} ${shipbins} 79 | do 80 | bin_requires ${bin} 81 | done 82 | # copy flat files from host 83 | for file in ${def_files} 84 | do 85 | ${pax} ${file} ${shippath}/ 86 | done 87 | 88 | # devices 89 | for d in dev etc/rc.d 90 | do 91 | ${mkdir} -p ${shippath}/${d} 92 | done 93 | mkdevs 94 | 95 | # needed for pkg_install / pkgin to work 96 | for d in db/pkg db/pkgin log run tmp 97 | do 98 | ${mkdir} ${shippath}/${varbase}/${d} 99 | done 100 | 101 | # tmp directory 102 | ${mkdir} ${shippath}/tmp 103 | chmod 1777 ${shippath}/tmp ${shippath}/var/tmp 104 | 105 | ${rsync} ${prefix}/etc/pkgin ${shippath}/${sysconfdir}/ 106 | 107 | # raw pkg_install / pkgin installation 108 | pkg_requires pkg_install 109 | for p in pkg_install pkgin mozilla-rootcerts-openssl 110 | do 111 | ${pkg_tarup} -d ${shippath}/tmp ${p} 112 | ${tar} zxfp ${shippath}/tmp/${p}*tgz -C ${shippath}/${prefix} 113 | done 114 | bin_requires ${prefix}/sbin/pkg_add 115 | bin_requires ${prefix}/bin/pkgin 116 | # install pkg{_install,in} the right way 117 | chroot ${shippath} ${prefix}/sbin/pkg_add \ 118 | /tmp/pkg_install* /tmp/mozilla-rootcerts* 119 | 120 | # minimal etc provisioning 121 | ${mkdir} ${shippath}/etc 122 | ${cp} /usr/share/zoneinfo/GMT ${shippath}/etc/localtime 123 | ${cp} /etc/resolv.conf ${shippath}/etc/ 124 | # custom DNS (mDNSresponder for OS X) 125 | dns add 126 | # custom /etc 127 | common="ships/common" 128 | # populate commons 129 | for t in all ${OS} 130 | do 131 | [ -d ${common}/${t} ] && ${rsync} ${common}/${t}/ ${shippath}/ 132 | done 133 | # populate 3rd party 134 | [ -d ships/${shipname} ] && ${rsync} ships/${shipname}/ ${shippath}/ 135 | 136 | # ${prefix} changes depending on the OS, configurations to be copied 137 | # to ship's ${prefix} are located in ships/${shipname}/PREFIX and 138 | # then copied to ${shippath}/PREFIX. The following will move them to 139 | # the correct ${prefix} 140 | [ -d ${shippath}/PREFIX ] && \ 141 | ${rsync} ${shippath}/PREFIX/ ${shippath}/${prefix}/ 142 | # fix etc perms 143 | ${chown} -R root:wheel ${shippath}/etc 144 | ship_master_passwd=${shippath}/etc/${master_passwd} 145 | [ -f ${ship_master_passwd} ] && ${chmod} 600 ${ship_master_passwd} 146 | 147 | need_tools pkgin 148 | 149 | pkg_reqs_done="" 150 | # install pkgin dependencies REQUIRES / libraries 151 | get_pkg_deps pkgin 152 | 153 | # reinstall pkgin properly 154 | ${pkgin} -y -c ${shippath} in pkgin 155 | 156 | ${pkgin} -y -c ${shippath} update 157 | 158 | for pkg in ${packages} 159 | do 160 | get_pkg_deps ${pkg} 161 | done 162 | 163 | # mounts might be needed at build for software installation 164 | mounts mount 165 | 166 | if [ -n "${packages}" ]; then 167 | PKG_RCD_SCRIPTS=yes ${pkgin} -y -c ${shippath} in ${packages} 168 | ${pkgin} -y clean 169 | fi 170 | 171 | has_services && for s in ${services} 172 | do 173 | echo "${s}=YES" >> ${shippath}/etc/rc.conf 174 | done 175 | shipid=`${od} -A n -t x -N 8 /dev/urandom|${tr} -d ' '` 176 | echo ${shipid} > ${shippath}/shipid 177 | } 178 | 179 | ipupdown() 180 | { 181 | [ "${1}" = "up" ] && action="alias" || action="-alias" 182 | 183 | for iface in $(iflist) 184 | do 185 | eval address=\$ip_${iface} 186 | [ -n "${address}" ] && break 187 | done 188 | [ -z "${iface}" -o -z "${address}" ] && return 189 | 190 | ${ifconfig} ${iface} ${address} ${action} 191 | } 192 | 193 | has_shipid() 194 | { 195 | [ -f ${shippath}/shipid ] && return 0 || return 1 196 | } 197 | 198 | has_shipidfile() 199 | { 200 | if [ ! -f ${shipidfile} ]; then 201 | echo "ship ${shipid} is not running" 202 | exit 1 203 | fi 204 | . ${shipidfile} 205 | } 206 | 207 | provide_conf_file() 208 | { 209 | if [ ! -f "${1}" ]; then 210 | echo "please provide ship configuration file" 211 | exit 1 212 | fi 213 | } 214 | 215 | get_shipid() 216 | { 217 | has_shipid && ${cat} ${shippath}/shipid 218 | } 219 | 220 | at_cmd_run() 221 | { 222 | [ ! -d ${shippath} ] && return 223 | cmd=${1}; file=${2} 224 | ${grep} "^run_at_${cmd}" ${file}|while read line 225 | do 226 | eval ${line} 227 | eval chroot ${shippath} ${sh} -c \"\$run_at_${cmd}\" 228 | done 229 | } 230 | 231 | sh_cmd_run() 232 | { 233 | chroot ${shippath} $@ 234 | } 235 | 236 | rc_d_name() 237 | { 238 | pkgurl=$(${pkgin} pkg-build-defs ${1} | \ 239 | ${grep} -oE "(ft|ht)tps?://[^:]+t[bg]z") 240 | [ -z "${pkgurl}" ] && exit 1 241 | pkgname=${pkgurl##*/} 242 | tempdir=$(mktemp -d /tmp/_sailor.XXXXX) 243 | cd ${tempdir} 244 | ${curl} -s -o ${pkgname} "${pkgurl}" 245 | if ! file -b ${pkgname}|${grep} gzip >/dev/null 2>&1; then 246 | # ar does not support stdin as argument 247 | ar x ${pkgname} 248 | pkgext=${pkgname##*.} 249 | pkgname=${pkgname%*.tgz}.tmp.${pkgext} 250 | fi 251 | for rcd in $(${tar} zxvf ${pkgname} 2>&1|${grep} -oE '[^\ \t]+/rc.d/.+') 252 | do 253 | eval $(${grep} '^name=' ${rcd}) 254 | [ ! -z "${name}" ] && \ 255 | echo "likely name for service: ${name}" 256 | done 257 | rm -rf ${tempdir} 258 | } 259 | 260 | rc_d_cmd() 261 | { 262 | cmd=${1} 263 | 264 | has_services && for s in ${services} 265 | do 266 | if ! chroot ${shippath} /etc/rc.d/${s} ${cmd}; then 267 | echo "error while chrooting to ${shippath}" 268 | fi 269 | done 270 | } 271 | 272 | case ${cmd} in 273 | rcd|ls) 274 | # no ship id / conf file needed 275 | ;; 276 | *) 277 | shipidfile="" 278 | # parameter is a directory, probably a shippath 279 | if [ -d ${param} ]; then 280 | shippath=${param} 281 | # must be a shipid then 282 | elif [ ! -f ${param} ]; then 283 | shipidfile=${varrun}/${param}.ship 284 | if [ ! -f ${shipidfile} ]; then 285 | echo "\"${param}\": invalid id or file" 286 | exit 1 287 | fi 288 | . ${shipidfile} 289 | fi 290 | 291 | # no shipid recorded yet, have we got one in shippath? 292 | [ -z ${shipid} ] && has_shipid && shipid=$(get_shipid) 293 | # shipid exists, build a shipfileid path 294 | [ -n "${shipid}" -a -z "${shipidfile}" ] && \ 295 | shipidfile="${varrun}/${shipid}.ship" 296 | ;; 297 | esac 298 | 299 | case ${cmd} in 300 | build|create|make) 301 | if [ -z "${shippath}" -o "${shippath}" = "/" ]; then 302 | echo "ABORTING: \"\$shippath\" set to \"$shippath\"" 303 | exit 1 304 | fi 305 | if [ -n "${shipid}" ]; then 306 | echo "ship already exists with id ${shipid}" 307 | exit 1 308 | fi 309 | 310 | build 311 | 312 | # run user commands after the jail is built 313 | at_cmd_run build ${param} 314 | # umount devfs and loopback mounts 315 | mounts umount 316 | # remove mDNS (OS X) 317 | dns del 318 | ;; 319 | destroy) 320 | provide_conf_file ${param} 321 | if [ -z "${shipid}" ]; then 322 | echo "ship does not exist or is incomplete" 323 | exit 1 324 | fi 325 | if [ -f ${shipidfile} ]; then 326 | echo "ship is running with id ${shipid}, not destroying" 327 | exit 1 328 | fi 329 | printf "really delete ship ${shippath}? [y/N] " 330 | read reply 331 | case ${reply} in 332 | y|yes) 333 | # run user commands before removing data 334 | at_cmd_run destroy ${param} 335 | # delete the ship 336 | [ "${shippath}" != "/" ] && ${rm} -rf ${shippath} 337 | ;; 338 | *) 339 | exit 0 340 | ;; 341 | esac 342 | ;; 343 | start|stop|status) 344 | if [ "${cmd}" != "start" -a -z "${shipid}" ]; then 345 | echo "please use ship id ${shipid}" 346 | exit 1 347 | fi 348 | 349 | case ${cmd} in 350 | start) 351 | provide_conf_file ${param} 352 | if [ -n "${shipidfile}" -a -f "${shipidfile}" ]; then 353 | echo "ship ${shipid} is already started" 354 | exit 1 355 | fi 356 | if [ -z "${shipid}" ]; then 357 | echo "nonexistent ship" 358 | exit 1 359 | fi 360 | echo "shipid=${shipid}" > ${shipidfile} 361 | echo "conf=${param}" >> ${shipidfile} 362 | echo "starttime=$(date +%s)" >> ${shipidfile} 363 | ${cat} ${param} >> ${shipidfile} 364 | # start user commands after the service is started 365 | ipupdown up 366 | # add mDNS entry (OS X) 367 | dns add 368 | # mount loopbacks and devfs 369 | mounts mount 370 | # execute rc.d scripts if any 371 | rc_d_cmd ${cmd} 372 | # start custom run_at_start commands 373 | at_cmd_run start ${param} 374 | echo "ship id: ${shipid}" 375 | ;; 376 | stop) 377 | has_shipidfile 378 | # execute rc.d scripts if any 379 | rc_d_cmd ${cmd} 380 | # shutdown ip aliases if any 381 | ipupdown down 382 | # start user commands after the service is stopped 383 | at_cmd_run stop ${shipidfile} 384 | # remove mDNS entry (OS X) 385 | dns del 386 | # umount loopbacks and devfs 387 | mounts umount 388 | ${rm} ${shipidfile} 389 | ;; 390 | status) 391 | has_shipidfile 392 | # execute rc.d scripts if any 393 | rc_d_cmd ${cmd} 394 | at_cmd_run status ${shipidfile} 395 | ;; 396 | esac 397 | ;; 398 | ls) 399 | format="%-${col1}s | %-${col2}s | %-${col3}s | %-${col4}s\n" 400 | printf "${format}" "ID" "name" "configuration file" "uptime" 401 | printf "%${cols}s\n"|tr ' ' '-' 402 | now=$(date +%s) 403 | for f in ${varrun}/*.ship 404 | do 405 | [ ! -f "${f}" ] && exit 0 406 | . ${f} 407 | . ${conf} 408 | up=$(epoch_to_hms $((${now} - ${starttime}))) 409 | conf=$(basename ${conf}) 410 | printf "${format}" "${shipid}" "${shipname}" "${conf}" "${up}" 411 | done 412 | ;; 413 | rcd) 414 | rc_d_name ${param} 415 | ;; 416 | run) 417 | shift; shift # remove command and ship id 418 | sh_cmd_run $@ 419 | ;; 420 | enter) 421 | has_shipidfile 422 | [ $# -gt 2 ] && suser="sudo -u ${3}" 423 | chroot ${shippath} ${suser} ${sh} 424 | ;; 425 | *) 426 | usage 427 | ;; 428 | esac 429 | 430 | exit 0 431 | -------------------------------------------------------------------------------- /ships/common/Darwin/opt/pkg/etc/gnupg/pkgsrc.gpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NetBSDfr/sailor/3eeedf82410b3f92e687867c5e879f592cbd06f1/ships/common/Darwin/opt/pkg/etc/gnupg/pkgsrc.gpg -------------------------------------------------------------------------------- /ships/common/Darwin/opt/pkg/etc/pkg_install.conf: -------------------------------------------------------------------------------- 1 | GPG_KEYRING_VERIFY=/opt/pkg/etc/gnupg/pkgsrc.gpg 2 | GPG_KEYRING_PKGVULN=/opt/pkg/share/gnupg/pkgsrc-security.gpg 3 | PKG_PATH=http://pkgsrc.joyent.com/packages/Darwin/trunk/x86_64/All 4 | VERIFIED_INSTALLATION=always 5 | -------------------------------------------------------------------------------- /ships/common/Darwin/opt/pkg/etc/pkgin/repositories.conf: -------------------------------------------------------------------------------- 1 | http://pkgsrc.joyent.com/packages/Darwin/trunk/x86_64/All 2 | -------------------------------------------------------------------------------- /ships/common/Darwin/opt/pkg/share/gnupg/pkgsrc-security.gpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NetBSDfr/sailor/3eeedf82410b3f92e687867c5e879f592cbd06f1/ships/common/Darwin/opt/pkg/share/gnupg/pkgsrc-security.gpg -------------------------------------------------------------------------------- /ships/common/Linux/etc/group: -------------------------------------------------------------------------------- 1 | root:x:0: 2 | bin:x:1:bin,daemon 3 | daemon:x:2:bin,daemon 4 | sys:x:3:bin,adm 5 | adm:x:4:adm,daemon,centos 6 | tty:x:5: 7 | disk:x:6: 8 | lp:x:7:daemon 9 | mem:x:8: 10 | kmem:x:9: 11 | wheel:x:10:centos 12 | mail:x:12:mail,postfix 13 | uucp:x:14: 14 | man:x:15: 15 | games:x:20: 16 | gopher:x:30: 17 | video:x:39: 18 | dip:x:40: 19 | ftp:x:50: 20 | lock:x:54: 21 | audio:x:63: 22 | nobody:x:99: 23 | users:x:100: 24 | utmp:x:22: 25 | utempter:x:35: 26 | floppy:x:19: 27 | vcsa:x:69: 28 | cdrom:x:11: 29 | tape:x:33: 30 | dialout:x:18: 31 | saslauth:x:76: 32 | postdrop:x:90: 33 | postfix:x:89: 34 | cgred:x:499: 35 | sshd:x:74: 36 | centos:x:500: 37 | -------------------------------------------------------------------------------- /ships/common/Linux/etc/gshadow: -------------------------------------------------------------------------------- 1 | root::: 2 | bin:::bin,daemon 3 | daemon:::bin,daemon 4 | sys:::bin,adm 5 | adm:::adm,daemon,centos 6 | tty::: 7 | disk::: 8 | lp:::daemon 9 | mem::: 10 | kmem::: 11 | wheel:::centos 12 | mail:::mail,postfix 13 | uucp::: 14 | man::: 15 | games::: 16 | gopher::: 17 | video::: 18 | dip::: 19 | ftp::: 20 | lock::: 21 | audio::: 22 | nobody::: 23 | users::: 24 | utmp:!:: 25 | utempter:!:: 26 | floppy:!:: 27 | vcsa:!:: 28 | cdrom:!:: 29 | tape:!:: 30 | dialout:!:: 31 | saslauth:!:: 32 | postdrop:!:: 33 | postfix:!:: 34 | cgred:!:: 35 | sshd:!:: 36 | centos:!:: 37 | -------------------------------------------------------------------------------- /ships/common/Linux/etc/hosts: -------------------------------------------------------------------------------- 1 | 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 2 | ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 3 | -------------------------------------------------------------------------------- /ships/common/Linux/etc/login.defs: -------------------------------------------------------------------------------- 1 | # 2 | # Please note that the parameters in this configuration file control the 3 | # behavior of the tools from the shadow-utils component. None of these 4 | # tools uses the PAM mechanism, and the utilities that use PAM (such as the 5 | # passwd command) should therefore be configured elsewhere. Refer to 6 | # /etc/pam.d/system-auth for more information. 7 | # 8 | 9 | # *REQUIRED* 10 | # Directory where mailboxes reside, _or_ name of file, relative to the 11 | # home directory. If you _do_ define both, MAIL_DIR takes precedence. 12 | # QMAIL_DIR is for Qmail 13 | # 14 | #QMAIL_DIR Maildir 15 | MAIL_DIR /var/spool/mail 16 | #MAIL_FILE .mail 17 | 18 | # Password aging controls: 19 | # 20 | # PASS_MAX_DAYS Maximum number of days a password may be used. 21 | # PASS_MIN_DAYS Minimum number of days allowed between password changes. 22 | # PASS_MIN_LEN Minimum acceptable password length. 23 | # PASS_WARN_AGE Number of days warning given before a password expires. 24 | # 25 | PASS_MAX_DAYS 99999 26 | PASS_MIN_DAYS 0 27 | PASS_MIN_LEN 5 28 | PASS_WARN_AGE 7 29 | 30 | # 31 | # Min/max values for automatic uid selection in useradd 32 | # 33 | UID_MIN 500 34 | UID_MAX 60000 35 | 36 | # 37 | # Min/max values for automatic gid selection in groupadd 38 | # 39 | GID_MIN 500 40 | GID_MAX 60000 41 | 42 | # 43 | # If defined, this command is run when removing a user. 44 | # It should remove any at/cron/print jobs etc. owned by 45 | # the user to be removed (passed as the first argument). 46 | # 47 | #USERDEL_CMD /usr/sbin/userdel_local 48 | 49 | # 50 | # If useradd should create home directories for users by default 51 | # On RH systems, we do. This option is overridden with the -m flag on 52 | # useradd command line. 53 | # 54 | CREATE_HOME yes 55 | 56 | # The permission mask is initialized to this value. If not specified, 57 | # the permission mask will be initialized to 022. 58 | UMASK 077 59 | 60 | # This enables userdel to remove user groups if no members exist. 61 | # 62 | USERGROUPS_ENAB yes 63 | 64 | # Use SHA512 to encrypt password. 65 | ENCRYPT_METHOD MD5 66 | 67 | MD5_CRYPT_ENAB yes 68 | -------------------------------------------------------------------------------- /ships/common/Linux/etc/nsswitch.conf: -------------------------------------------------------------------------------- 1 | # 2 | # /etc/nsswitch.conf 3 | # 4 | # An example Name Service Switch config file. This file should be 5 | # sorted with the most-used services at the beginning. 6 | # 7 | # The entry '[NOTFOUND=return]' means that the search for an 8 | # entry should stop if the search in the previous entry turned 9 | # up nothing. Note that if the search failed due to some other reason 10 | # (like no NIS server responding) then the search continues with the 11 | # next entry. 12 | # 13 | # Valid entries include: 14 | # 15 | # nisplus Use NIS+ (NIS version 3) 16 | # nis Use NIS (NIS version 2), also called YP 17 | # dns Use DNS (Domain Name Service) 18 | # files Use the local files 19 | # db Use the local database (.db) files 20 | # compat Use NIS on compat mode 21 | # hesiod Use Hesiod for user lookups 22 | # [NOTFOUND=return] Stop searching if not found so far 23 | # 24 | 25 | # To use db, put the "db" in front of "files" for entries you want to be 26 | # looked up first in the databases 27 | # 28 | # Example: 29 | #passwd: db files nisplus nis 30 | #shadow: db files nisplus nis 31 | #group: db files nisplus nis 32 | 33 | passwd: files 34 | shadow: files 35 | group: files 36 | 37 | #hosts: db files nisplus nis dns 38 | hosts: files dns 39 | 40 | # Example - obey only what nisplus tells us... 41 | #services: nisplus [NOTFOUND=return] files 42 | #networks: nisplus [NOTFOUND=return] files 43 | #protocols: nisplus [NOTFOUND=return] files 44 | #rpc: nisplus [NOTFOUND=return] files 45 | #ethers: nisplus [NOTFOUND=return] files 46 | #netmasks: nisplus [NOTFOUND=return] files 47 | 48 | bootparams: nisplus [NOTFOUND=return] files 49 | 50 | ethers: files 51 | netmasks: files 52 | networks: files 53 | protocols: files 54 | rpc: files 55 | services: files 56 | 57 | netgroup: nisplus 58 | 59 | publickey: nisplus 60 | 61 | automount: files nisplus 62 | aliases: files nisplus 63 | 64 | -------------------------------------------------------------------------------- /ships/common/Linux/etc/passwd: -------------------------------------------------------------------------------- 1 | root:x:0:0:root:/root:/bin/bash 2 | bin:x:1:1:bin:/bin:/sbin/nologin 3 | daemon:x:2:2:daemon:/sbin:/sbin/nologin 4 | adm:x:3:4:adm:/var/adm:/sbin/nologin 5 | lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin 6 | sync:x:5:0:sync:/sbin:/bin/sync 7 | shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown 8 | halt:x:7:0:halt:/sbin:/sbin/halt 9 | mail:x:8:12:mail:/var/spool/mail:/sbin/nologin 10 | uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin 11 | operator:x:11:0:operator:/root:/sbin/nologin 12 | games:x:12:100:games:/usr/games:/sbin/nologin 13 | gopher:x:13:30:gopher:/var/gopher:/sbin/nologin 14 | ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin 15 | nobody:x:99:99:Nobody:/:/sbin/nologin 16 | vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin 17 | saslauth:x:499:76:Saslauthd user:/var/empty/saslauth:/sbin/nologin 18 | postfix:x:89:89::/var/spool/postfix:/sbin/nologin 19 | sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin 20 | centos:x:500:500:Cloud User:/home/centos:/bin/bash 21 | -------------------------------------------------------------------------------- /ships/common/Linux/etc/shadow: -------------------------------------------------------------------------------- 1 | root:!!$1$wUp5S653$7rA3/beu7446tMNvK9Iab.:16821:0:99999:7::: 2 | bin:*:15980:0:99999:7::: 3 | daemon:*:15980:0:99999:7::: 4 | adm:*:15980:0:99999:7::: 5 | lp:*:15980:0:99999:7::: 6 | sync:*:15980:0:99999:7::: 7 | shutdown:*:15980:0:99999:7::: 8 | halt:*:15980:0:99999:7::: 9 | mail:*:15980:0:99999:7::: 10 | uucp:*:15980:0:99999:7::: 11 | operator:*:15980:0:99999:7::: 12 | games:*:15980:0:99999:7::: 13 | gopher:*:15980:0:99999:7::: 14 | ftp:*:15980:0:99999:7::: 15 | nobody:*:15980:0:99999:7::: 16 | vcsa:!!:16715:::::: 17 | saslauth:!!:16715:::::: 18 | postfix:!!:16715:::::: 19 | sshd:!!:16715:::::: 20 | centos:!!:16821:0:99999:7::: 21 | -------------------------------------------------------------------------------- /ships/common/NetBSD/etc/defaults/daily.conf: -------------------------------------------------------------------------------- 1 | # $NetBSD: daily.conf,v 1.16.2.2 2012/08/08 14:31:33 martin Exp $ 2 | # 3 | # /etc/defaults/daily.conf -- 4 | # default configuration of /etc/daily.conf 5 | # 6 | # see daily.conf(5) for more information. 7 | # 8 | # DO NOT EDIT THIS FILE DIRECTLY; IT MAY BE REPLACED DURING A SYSTEM UPGRADE. 9 | # EDIT /etc/daily.conf INSTEAD. 10 | # 11 | 12 | find_core=YES 13 | find_core_ignore_fstypes="!local rdonly fdesc null kernfs procfs ptyfs" 14 | find_core_ignore_paths="" 15 | expire_news=NO 16 | purge_accounting=YES 17 | run_msgs=YES 18 | # if you have replaced /usr/bin/cpp with a version of cpp which does not understand 19 | # the CPP_RESTRICTED environment variable, calendar -a can be used as a local DOS by 20 | # making an included file a named pipe 21 | run_calendar=YES 22 | check_disks=YES 23 | show_remote_fs=NO 24 | check_mailq=YES 25 | check_network=YES 26 | full_netstat=NO 27 | run_fsck=NO 28 | run_fsck_flags="" 29 | run_makemandb=YES 30 | run_rdist=YES 31 | run_security=YES 32 | separate_security_email=YES 33 | run_skeyaudit=YES 34 | fetch_pkg_vulnerabilities="" # set to NO to disable and not be warned about 35 | 36 | send_empty_security=NO 37 | -------------------------------------------------------------------------------- /ships/common/NetBSD/etc/defaults/monthly.conf: -------------------------------------------------------------------------------- 1 | # $NetBSD: monthly.conf,v 1.2 2000/11/08 23:17:50 lukem Exp $ 2 | # 3 | # /etc/defaults/monthly.conf -- 4 | # default configuration of /etc/monthly.conf 5 | # 6 | # see monthly.conf(5) for more information. 7 | # 8 | # DO NOT EDIT THIS FILE DIRECTLY; IT MAY BE REPLACED DURING A SYSTEM UPGRADE. 9 | # EDIT /etc/monthly.conf INSTEAD. 10 | # 11 | 12 | -------------------------------------------------------------------------------- /ships/common/NetBSD/etc/defaults/pf.boot.conf: -------------------------------------------------------------------------------- 1 | # $NetBSD: pf.boot.conf,v 1.3 2007/09/02 15:28:43 tron Exp $ 2 | # 3 | # /etc/defaults/pf.boot.conf -- 4 | # initial configuration for pf(4) 5 | # 6 | # see pf.boot.conf(5) for more information. 7 | # 8 | # DO NOT EDIT THIS FILE DIRECTLY; IT MAY BE REPLACED DURING A SYSTEM UPGRADE. 9 | # EDIT /etc/pf.boot.conf INSTEAD. 10 | # 11 | 12 | # Default deny. 13 | block all 14 | 15 | # Don't block loopback. 16 | pass on lo0 17 | 18 | # Allow outgoing dns, needed by pfctl to resolve names. 19 | pass out proto { tcp, udp } from any to any port 53 keep state 20 | 21 | # Allow outgoing ping request, might be needed by dhclient to validate 22 | # old (but valid) leases in /var/db/dhclient.leases in case it needs to 23 | # fall back to such a lease (the dhcp server can be down or not responding). 24 | pass out inet proto icmp all icmp-type echoreq keep state 25 | 26 | # Allow IPv6 router/neighbor solicitation and advertisement. 27 | pass out inet6 proto ipv6-icmp all icmp6-type neighbrsol 28 | pass in inet6 proto ipv6-icmp all icmp6-type neighbradv 29 | pass out inet6 proto ipv6-icmp all icmp6-type routersol 30 | pass in inet6 proto ipv6-icmp all icmp6-type routeradv 31 | -------------------------------------------------------------------------------- /ships/common/NetBSD/etc/defaults/rc.conf: -------------------------------------------------------------------------------- 1 | # $NetBSD: rc.conf,v 1.119 2012/02/07 19:13:30 joerg Exp $ 2 | # 3 | # /etc/defaults/rc.conf -- 4 | # default configuration of /etc/rc.conf 5 | # 6 | # see rc.conf(5) for more information. 7 | # 8 | # DO NOT EDIT THIS FILE DIRECTLY; IT MAY BE REPLACED DURING A SYSTEM UPGRADE. 9 | # EDIT /etc/rc.conf INSTEAD. 10 | # 11 | 12 | # 13 | # Use program=YES to enable program, NO to disable it. program_flags are 14 | # passed to the program on the command line. 15 | # 16 | 17 | # Uncomment this if you want to use local paths in rc. 18 | # 19 | #export PATH=$PATH:/usr/pkg/sbin:/usr/pkg/bin:/usr/local/sbin:/usr/local/bin 20 | 21 | # Uncomment the following to execute each /etc/rc.d script in 22 | # the current shell rather than in a subshell. This may be 23 | # faster on very slow machines that have an expensive fork(2). 24 | # NOTE: USE THIS AT YOUR OWN RISK; A ROGUE COMMAND 25 | # MAY INADVERTENTLY PREVENT BOOT TO MULTIUSER. 26 | # 27 | #rc_fast_and_loose=YES 28 | 29 | # If rc_silent is true then /etc/rc will suppress most output to 30 | # the console. The default is taken from the AB_SILENT flag passed 31 | # from the boot loader to the kernel in the boothowto(9) variable. 32 | # 33 | # rc_silent_cmd is executed once for each suppressed line of output. 34 | # Useful values are ":" and "twiddle". 35 | # 36 | rc_silent=$( [ "$(( $(/sbin/sysctl -n kern.boothowto 2>/dev/null || echo 0) \ 37 | & 0x40000 ))" != 0 ] && echo true || echo false ) 38 | rc_silent_cmd=twiddle 39 | 40 | # Additional flags to the rcorder(8) that's run by /etc/rc. 41 | # 42 | rc_rcorder_flags="" 43 | 44 | # The directories searched for rc scripts. 45 | # These directories must be part of the root filesystem. 46 | rc_directories=/etc/rc.d 47 | 48 | # If this is set to NO, shutdown(8) will not run /etc/rc.shutdown. 49 | # 50 | do_rcshutdown=YES 51 | 52 | # Additional flags to the rcorder(8) that's run by /etc/rc.shutdown. 53 | # 54 | rcshutdown_rcorder_flags="" 55 | 56 | # If this is non-blank, use as the number of seconds to run a watchdog 57 | # timer which will terminate /etc/rc.shutdown if the timeout expires. 58 | # 59 | rcshutdown_timeout="" 60 | 61 | 62 | # Basic network configuration 63 | # 64 | 65 | # Fully Qualified Internet Domain Name (a.k.a. hostname, e.g. foo.baz.edu). 66 | # If blank, use /etc/myname. 67 | # 68 | hostname="" 69 | 70 | # If there's only one way out of your IPv4 network, set this to the hostname 71 | # or the IPv4 address of the router that will get your packets off the LAN. 72 | # If blank, use /etc/mygate. 73 | # 74 | defaultroute="" 75 | 76 | # Same thing for IPv6. If blank, use /etc/mygate6. 77 | # 78 | defaultroute6="" 79 | 80 | # The NIS domain name (formerly known as Yellow Pages); not in any way 81 | # related to Internet domain names. 82 | # If blank, use /etc/defaultdomain. 83 | # 84 | domainname="" 85 | 86 | # Filesystems to mount early in boot-up. 87 | # Note that `/var' is needed in $critical_filesystems_local (or 88 | # implied as part of `/') as certain services that need /var (such as 89 | # dhclient) may be needed to get the network operational enough to mount 90 | # the $critical_filesystems_remote. Prepending "OPTIONAL:" means it 91 | # will not be an error if that file system is not present in fstab(5). 92 | # 93 | critical_filesystems_local="OPTIONAL:/var" 94 | critical_filesystems_remote="OPTIONAL:/usr" 95 | 96 | # Swap device controls. 97 | # 98 | no_swap=NO # Set to YES if you have purposefully setup no swap 99 | # partitions and don't want to be warned about it. 100 | swapoff=YES # Remove block-type swap partitions upon shutdown 101 | # This defaults to yes, so that raids shutdown cleanly 102 | 103 | # Concatenated disk driver. 104 | # 105 | ccd=YES 106 | 107 | # RAIDframe driver (manually configured devices). 108 | # 109 | raidframe=YES 110 | 111 | # Crypto file system. 112 | # 113 | cgd=YES 114 | 115 | # Logical Volume Manager 116 | # 117 | lvm=NO 118 | 119 | # One-time actions and programs on boot-up. 120 | # 121 | savecore=YES savecore_flags="-z" 122 | savecore_dir="/var/crash" 123 | per_user_tmp=NO # per-user /tmp directories 124 | per_user_tmp_dir="/private/tmp" # real storage for /tmp 125 | clear_tmp=YES # clear /tmp after reboot 126 | update_motd=YES # updates /etc/motd 127 | dmesg=YES dmesg_flags="" # write /var/run/dmesg.boot 128 | accounting=NO # uses /var/account/acct 129 | newsyslog=NO newsyslog_flags="" # trim log files 130 | quota=YES # check and enable quotas 131 | ldconfig=YES # rebuild a.out ldconfig cache 132 | sysdb=YES # build system databases 133 | rndctl=NO rndctl_flags="" # configure rndctl(8) 134 | gpio=NO # configure GPIO devices 135 | 136 | # cope with other OSes using the real time clock at localtime on this 137 | # machine (by adjusting kern.rtc_offset at boot) 138 | rtclocaltime=NO 139 | 140 | # NOTE: default coredump name now set in /etc/sysctl.conf 141 | 142 | # 143 | # File system check flags; default to preen mode, checking filesystems 144 | # that are listed in /etc/fstab in parallel as the fsck pass number 145 | # permits. Fix minor faults automatically, and exit with non 0 only 146 | # when major errors occur. 147 | # 148 | fsck_flags=-p 149 | 150 | # Security setting. If $securelevel is non-empty, the system securelevel 151 | # is set to this value early in the boot sequence. Otherwise the default 152 | # action is taken (see init(8)). 153 | # 154 | securelevel="" # securelevel to set to 155 | 156 | # To set the IP address of an interface either use 157 | # ifconfig_xxN="IP-NO" 158 | # where xxN is the interface. If this variable is not set then 159 | # contents of the file /etc/ifconfig.xxN is used. 160 | 161 | # Networking startup. 162 | # 163 | mdnsd=NO 164 | npf=NO 165 | ipfilter=NO ipfilter_flags="" # uses /etc/ipf.conf 166 | ipnat=NO # uses /etc/ipnat.conf 167 | ipfs=NO ipfs_flags="" # save/load ipnat and ipf states 168 | ipsec=NO # uses /etc/ipsec.conf 169 | ipmon=NO ipmon_flags="-Dns" # syslog ipfilter messages 170 | pf=NO pf_rules="/etc/pf.conf" pf_flags="" 171 | pflogd=NO 172 | ftp_proxy=NO 173 | racoon=NO # IKE daemon 174 | auto_ifconfig=YES # config all avail. interfaces 175 | net_interfaces="" # used only if above is NO 176 | flushroutes=YES # flush routes in netstart 177 | dhcpcd=NO 178 | dhcpcd_flags="-q" # For ifconfig_XXX=dhcp. 179 | dhclient=NO # behave as a DHCP client 180 | dhclient_flags="" # blank: config all interfaces 181 | ntpdate=NO ntpdate_flags="-b -s" # May need '-u' thru firewall 182 | ppp_peers="" # /etc/ppp/peers to call 183 | ip6mode=host # host, autohost or router 184 | ip6uniquelocal=NO # IPv6 unique-local forwarding 185 | rtsol=NO rtsol_flags="-a" # for ip6mode=autohost only 186 | 187 | # Special treatment for interfaces that need to be downed on 188 | # shutdown (because they might cause unnecessary costs or block resources 189 | # on the peer). All pppoe* interfaces are automatically included in this 190 | # list, add others here manually. 191 | #force_down_interfaces="" 192 | 193 | ifwatchd=NO # execute up/down scripts for in-kernel PPPoE interfaces 194 | ifwatchd_flags="-u /etc/ppp/ip-up -d /etc/ppp/ip-down pppoe0" 195 | 196 | # ALTQ configuration/monitoring daemon 197 | altqd=NO altqd_flags="" 198 | 199 | # Daemons required by servers. These are not needed for strictly client use. 200 | # 201 | 202 | # inetd is used to start the IP-based services enabled in /etc/inetd.conf 203 | # 204 | inetd=YES inetd_flags="-l" # -l logs libwrap 205 | 206 | # identd 207 | # 208 | identd=NO identd_flags="-b -l -u nobody" 209 | 210 | # rpcbind (formerly known as 'portmap') is used to look up RPC-based services. 211 | # 212 | rpcbind=NO rpcbind_flags="-l" # -l logs libwrap 213 | 214 | # Commonly used daemons. 215 | # 216 | syslogd=YES syslogd_flags="-s" # -s "secure" unix domain only 217 | cron=YES 218 | named=NO named_flags="" # see below for named_chrootdir 219 | timed=NO timed_flags="" 220 | ntpd=NO ntpd_flags="" # see below for ntpd_chrootdir 221 | # The default setting for postfix here is YES, but gets re-examined by 222 | # the rc.d/postfix startup script when it runs. The script sets 223 | # _rc_d_postfix to "check", and then causes all rc.conf settings to 224 | # be re-evaluated. If the value of $postfix after this is "check", 225 | # the script then checks to see if /etc/mailer.conf selects the system 226 | # postfix. If not, it does print a warning and does not start postfix 227 | # to avoid conflict with a different MTA. 228 | postfix=${_rc_d_postfix:-YES} 229 | lpd=NO lpd_flags="-s" # -s "secure" unix domain only 230 | sshd=NO sshd_flags="" 231 | ssh_keygen_flags="-b 1024" # generate 1024 bit keys if host keys missing 232 | ftpd=NO ftpd_flags="-ll" 233 | httpd=NO httpd_flags="" 234 | httpd_wwwdir="/var/www" 235 | httpd_wwwuser="_httpd" 236 | 237 | # To run the named(8) DNS server as an unprivileged user under a 238 | # chroot(2) cage, uncomment the following after migrating the contents 239 | # of /etc/namedb to /var/chroot/named/etc/namedb 240 | # 241 | #named_chrootdir="/var/chroot/named" 242 | 243 | # To run the ntpd(8) NTP server as an unprivileged user under a 244 | # chroot(2) cage, uncomment the following, after ensuring that: 245 | # - The kernel has "pseudo-device clockctl" compiled in 246 | # - /dev/clockctl is present 247 | # 248 | #ntpd_chrootdir="/var/chroot/ntpd" 249 | 250 | # Routing daemons. 251 | # 252 | routed=NO routed_flags="-q" 253 | gated=NO 254 | mrouted=NO mrouted_flags="" 255 | route6d=NO route6d_flags="" 256 | rtsold=NO rtsold_flags="-a" # for ip6mode=autohost only 257 | ldpd=NO 258 | 259 | # Daemons used to boot other hosts over a network. 260 | # 261 | rarpd=NO rarpd_flags="-a" 262 | bootparamd=NO bootparamd_flags="" 263 | dhcpd=NO dhcpd_flags="-q" 264 | dhcrelay=NO dhcrelay_flags="" 265 | rbootd=NO rbootd_flags="" 266 | mopd=NO mopd_flags="-a" 267 | ndbootd=NO ndbootd_flags="-s /tftpboot /tftpboot/bootyy" 268 | rtadvd=NO rtadvd_flags="" 269 | isibootd=NO isibootd_flags="" 270 | 271 | # X11 daemons. 272 | # 273 | xfs=NO xfs_flags="" # X11 font server 274 | xdm=NO xdm_flags="" # X11 display manager; needs 275 | # wscons=YES for local displays. 276 | 277 | # Update fontconfig cache at boot 278 | fccache=YES 279 | 280 | # YP (NIS) daemons. 281 | # 282 | ypbind=NO ypbind_flags="" 283 | ypserv=NO ypserv_flags="-d" 284 | yppasswdd=NO yppasswdd_flags="" 285 | 286 | # NFS daemons and parameters. 287 | # 288 | mountd=NO mountd_flags="" # NFS mount requests daemon 289 | nfs_client=NO # enable client daemons 290 | nfs_server=NO # enable server daemons 291 | nfsd_flags="-6tun 4" 292 | lockd=NO lockd_flags="" 293 | statd=NO statd_flags="" 294 | amd=NO amd_flags="-l syslog -x error,noinfo,nostats" 295 | amd_dir=/amd # mount dir 296 | 297 | # Heimdal Kerberos 5 KDC (with Kerberos IV compatibility) 298 | kdc=NO kdc_flags="--detach" 299 | 300 | # iSCSI target 301 | iscsi_target=NO iscsi_target_flags="" 302 | 303 | # WPA daemons. 304 | hostapd=NO hostapd_flags="-B /etc/hostapd.conf" 305 | wpa_supplicant=NO wpa_supplicant_flags="-B" # -i -c 306 | 307 | # ISDN daemon 308 | isdnd=NO isdnd_flags="" 309 | 310 | # Bluetooth configuration 311 | bluetooth=NO 312 | # and the following are used when bluetooth=YES 313 | btconfig_devices="" # all 314 | bthcid=YES bthcid_flags="" 315 | sdpd=YES sdpd_flags="" 316 | 317 | # Other daemons. 318 | # 319 | rwhod=NO rwhod_flags="-u _rwhod" 320 | devpubd=NO devpubd_flags="" # autocreate nodes for new devs 321 | envsys=NO # Set /etc/envsys.conf preferences 322 | 323 | # Hardware daemons. 324 | # 325 | apmd=NO apmd_flags="" # APM power management daemon. 326 | powerd=NO powerd_flags="" # power management daemon 327 | screenblank=NO screenblank_flags="" # wscons and FBIO screenblanker 328 | 329 | moused=NO # serial mouse handler 330 | moused_flags="-p /dev/tty00" 331 | 332 | wdogctl=NO # watchdog timer control 333 | # wdogctl_flags="-k devicename" 334 | irdaattach=NO # attach serial lines to IrDA 335 | irdaattach_flags="tty00" 336 | 337 | # Configuration of "wscons" console driver virtual screens. 338 | # 339 | wscons=NO wscons_flags="" # setup wscons from wscons.conf 340 | 341 | # Configuration of "wsmoused" console driver cut-n-paste support 342 | # 343 | wsmoused=NO wsmoused_flags="" 344 | 345 | # Configuration of "tpctl" touch panel calibration utility 346 | # 347 | tpctl=NO tpctl_flags="" 348 | 349 | # Mixer setting 350 | # 351 | mixerctl=NO mixerctl_mixers="" # "mixer0 mixer1" means saving 352 | # and restoring their settings 353 | 354 | # Vi recovery notification. Vi(1)'s -r option can recover files which were 355 | # accidentally closed. See vi(1) for more details. 356 | # 357 | virecover=YES 358 | 359 | # Veriexec signature loading. 360 | # 361 | veriexec=NO 362 | veriexec_strict=0 363 | veriexec_verbose=0 364 | veriexec_flags="-k" 365 | 366 | # Entropy load/save to/from /dev/random at startup/shutdown 367 | # 368 | random_seed=YES 369 | 370 | # Creating / updating of man page index on boot 371 | makemandb=YES 372 | # $NetBSD: rc.conf.append,v 1.2 2011/12/04 13:09:07 jmcneill Exp $ 373 | # 374 | # Arch-specific rc.conf(5) configuration. 375 | 376 | # powerd(8) is required under Xen to manage save/restore events. 377 | # 378 | if /sbin/sysctl -q machdep.xen; then 379 | powerd=YES 380 | fi 381 | 382 | # powerd(8) is recommended if ACPI is enabled to handle PM events. 383 | # 384 | if /sbin/sysctl -q hw.acpi.root; then 385 | powerd=YES 386 | fi 387 | -------------------------------------------------------------------------------- /ships/common/NetBSD/etc/defaults/security.conf: -------------------------------------------------------------------------------- 1 | # $NetBSD: security.conf,v 1.23 2010/02/05 16:29:02 jmmv Exp $ 2 | # 3 | # /etc/defaults/security.conf -- 4 | # default configuration of /etc/security.conf 5 | # 6 | # see security.conf(5) for more information. 7 | # 8 | # DO NOT EDIT THIS FILE DIRECTLY; IT MAY BE REPLACED DURING A SYSTEM UPGRADE. 9 | # EDIT /etc/security.conf INSTEAD. 10 | # 11 | 12 | check_passwd=YES 13 | check_group=YES 14 | check_rootdotfiles=YES 15 | check_ftpusers=YES 16 | check_aliases=YES 17 | check_rhosts=YES 18 | check_homes=YES 19 | check_varmail=YES 20 | check_nfs=YES 21 | check_devices=YES 22 | check_mtree=YES 23 | check_disklabels=YES 24 | check_pkgs=YES 25 | check_changelist=YES 26 | check_lvm=NO 27 | check_pkg_vulnerabilities=YES 28 | check_pkg_signatures=YES 29 | 30 | backup_dir=/var/backups 31 | backup_uses_rcs=YES 32 | diff_options=-u 33 | pkg_info=/usr/sbin/pkg_info 34 | 35 | check_homes_permit_usergroups=NO 36 | 37 | check_devices_ignore_fstypes="!local fdesc kernfs null procfs ptyfs ntfs msdos" 38 | check_devices_ignore_paths="" 39 | 40 | check_mtree_follow_symlinks=NO 41 | 42 | check_passwd_nowarn_shells="/sbin/nologin" 43 | check_passwd_nowarn_users="" 44 | check_passwd_permit_star=NO 45 | check_passwd_permit_nonalpha=NO 46 | max_loginlen=16 47 | max_grouplen=16 48 | -------------------------------------------------------------------------------- /ships/common/NetBSD/etc/defaults/weekly.conf: -------------------------------------------------------------------------------- 1 | # $NetBSD: weekly.conf,v 1.4 2012/02/07 19:13:30 joerg Exp $ 2 | # 3 | # /etc/defaults/weekly.conf -- 4 | # default configuration of /etc/weekly.conf 5 | # 6 | # see weekly.conf(5) for more information. 7 | # 8 | # DO NOT EDIT THIS FILE DIRECTLY; IT MAY BE REPLACED DURING A SYSTEM UPGRADE. 9 | # EDIT /etc/weekly.conf INSTEAD. 10 | # 11 | 12 | rebuild_locatedb=YES 13 | rebuild_whatisdb=NO 14 | rebuild_mandb=YES 15 | -------------------------------------------------------------------------------- /ships/common/NetBSD/etc/group: -------------------------------------------------------------------------------- 1 | wheel:*:0:root 2 | daemon:*:1:daemon 3 | kmem:*:2:root 4 | sys:*:3:root 5 | tty:*:4:root 6 | operator:*:5:root 7 | mail:*:6: 8 | bin:*:7: 9 | wsrc:*:9: 10 | maildrop:*:11: 11 | postfix:*:12: 12 | games:*:13: 13 | named:*:14: 14 | ntpd:*:15: 15 | sshd:*:16: 16 | _pflogd:*:18: 17 | _rwhod:*:19: 18 | staff:*:20:root 19 | _proxy:*:21: 20 | _timedc:*:22: 21 | _sdpd:*:23: 22 | _httpd:*:24: 23 | _mdnsd:*:25: 24 | _tests:*:26: 25 | _tcpdump:*:27: 26 | _tss:*:28: 27 | guest:*:31:root 28 | nobody:*:39: 29 | utmp:*:45: 30 | authpf:*:72: 31 | users:*:100: 32 | dialer:*:117: 33 | nogroup:*:32766: 34 | -------------------------------------------------------------------------------- /ships/common/NetBSD/etc/master.passwd: -------------------------------------------------------------------------------- 1 | root::0:0::0:0:Charlie &:/root:/bin/sh 2 | toor:*:0:0::0:0:Bourne-again Superuser:/root:/bin/sh 3 | daemon:*:1:1::0:0:The devil himself:/:/sbin/nologin 4 | operator:*:2:5::0:0:System &:/usr/guest/operator:/sbin/nologin 5 | bin:*:3:7::0:0:Binaries Commands and Source:/:/sbin/nologin 6 | games:*:7:13::0:0:& pseudo-user:/usr/games:/sbin/nologin 7 | postfix:*:12:12::0:0:& pseudo-user:/var/spool/postfix:/sbin/nologin 8 | named:*:14:14::0:0:& pseudo-user:/var/chroot/named:/sbin/nologin 9 | ntpd:*:15:15::0:0:& pseudo-user:/var/chroot/ntpd:/sbin/nologin 10 | sshd:*:16:16::0:0:& pseudo-user:/var/chroot/sshd:/sbin/nologin 11 | _pflogd:*:18:18::0:0:& pseudo-user:/var/chroot/pflogd:/sbin/nologin 12 | _rwhod:*:19:19::0:0:& pseudo-user:/var/rwho:/sbin/nologin 13 | _proxy:*:21:21::0:0:Proxy Services:/nonexistent:/sbin/nologin 14 | _timedc:*:22:22::0:0:& pseudo-user:/nonexistent:/sbin/nologin 15 | _sdpd:*:23:23::0:0:& pseudo-user:/nonexistent:/sbin/nologin 16 | _httpd:*:24:24::0:0:& pseudo-user:/var/www:/sbin/nologin 17 | _mdnsd:*:25:25::0:0:& pseudo-user:/nonexistent:/sbin/nologin 18 | _tests:*:26:26::0:0:& pseudo-user:/nonexistent:/sbin/nologin 19 | _tcpdump:*:27:27::0:0:& pseudo-user:/var/chroot/tcpdump:/sbin/nologin 20 | _tss:*:28:28::0:0:& pseudo-user:/var/tpm:/sbin/nologin 21 | uucp:*:66:1::0:0:UNIX-to-UNIX Copy:/nonexistent:/sbin/nologin 22 | nobody:*:32767:39::0:0:Unprivileged user:/nonexistent:/sbin/nologin 23 | -------------------------------------------------------------------------------- /ships/common/NetBSD/etc/mk.conf: -------------------------------------------------------------------------------- 1 | PKG_RCD_SCRIPTS= yes 2 | -------------------------------------------------------------------------------- /ships/common/NetBSD/etc/nsswitch.conf: -------------------------------------------------------------------------------- 1 | # $NetBSD: nsswitch.conf,v 1.6 2009/10/25 00:17:06 tsarna Exp $ 2 | # 3 | # nsswitch.conf(5) - 4 | # name service switch configuration file 5 | # 6 | 7 | 8 | # These are the defaults in libc 9 | # 10 | group: compat 11 | group_compat: nis 12 | hosts: files dns 13 | netgroup: files [notfound=return] nis 14 | networks: files 15 | passwd: compat 16 | passwd_compat: nis 17 | shells: files 18 | 19 | 20 | # List of supported sources for each database 21 | # 22 | # group: compat, dns, files, nis 23 | # group_compat: dns, nis 24 | # hosts: dns, files, nis, mdnsd, multicast_dns 25 | # netgroup: files, nis 26 | # networks: dns, files, nis 27 | # passwd: compat, dns, files, nis 28 | # passwd_compat: dns, nis 29 | # shells: dns, files, nis 30 | -------------------------------------------------------------------------------- /ships/common/NetBSD/etc/pam.d/README: -------------------------------------------------------------------------------- 1 | 2 | This directory contains configuration files for the Pluggable 3 | Authentication Modules (PAM) library. 4 | 5 | Each file details the module chain for a single service, and must be 6 | named after that service. If no configuration file is found for a 7 | particular service, the /etc/pam.d/other is used instead. If that 8 | file does not exist, /etc/pam.conf is searched for entries matching 9 | the specified service or, failing that, the "other" service. 10 | 11 | See the pam(8) manual page for an explanation of the workings of the 12 | PAM library and descriptions of the various files and modules. Below 13 | is a summary of the format for the pam.conf and /etc/pam.d/* files. 14 | 15 | Configuration lines take the following form: 16 | 17 | module-type control-flag module-path arguments 18 | 19 | Comments are introduced with a hash mark ('#'). Blank lines and lines 20 | consisting entirely of comments are ignored. 21 | 22 | The meanings of the different fields are as follows: 23 | 24 | module-type: 25 | auth: prompt for a password to authenticate that the user is 26 | who they say they are, and set any credentials. 27 | account: non-authentication based authorization, based on time, 28 | resources, etc. 29 | session: housekeeping before and/or after login. 30 | password: update authentication tokens. 31 | 32 | control-flag: How libpam handles success or failure of the module. 33 | required: success is required; on failure all remaining 34 | modules are run, but the request will be denied. 35 | requisite: success is required, and on failure no remaining 36 | modules are run. 37 | sufficient: success is sufficient, and if no previous required 38 | module failed, no remaining modules are run. 39 | binding: success is sufficient; on failure all remaining 40 | modules are run, but the request will be denied. 41 | optional: ignored unless the other modules return PAM_IGNORE. 42 | 43 | arguments: Module-specific options, plus some generic ones: 44 | debug: syslog debug info. 45 | no_warn: return no warning messages to the application. 46 | Remove this to feed back to the user the 47 | reason(s) they are being rejected. 48 | use_first_pass: try authentication using password from the 49 | preceding auth module. 50 | try_first_pass: first try authentication using password from 51 | the preceding auth module, and if that fails 52 | prompt for a new password. 53 | use_mapped_pass: convert cleartext password to a crypto key. 54 | expose_account: allow printing more info about the user when 55 | prompting. 56 | 57 | Note that having a "sufficient" module as the last entry for a 58 | particular service and module type may result in surprising behaviour. 59 | To get the intended semantics, add a "required" entry listing the 60 | pam_deny module at the end of the chain. 61 | 62 | $FreeBSD: src/etc/pam.d/README,v 1.5 2004/06/06 11:46:29 schweikh Exp $ 63 | $NetBSD: README,v 1.2 2004/12/12 08:54:34 christos Exp $ 64 | -------------------------------------------------------------------------------- /ships/common/NetBSD/etc/pam.d/cron: -------------------------------------------------------------------------------- 1 | # $NetBSD: cron,v 1.1 2017/06/09 17:28:34 christos Exp $ 2 | # 3 | # PAM configuration for the "cron" service 4 | # 5 | 6 | # auth 7 | auth required pam_rootok.so 8 | 9 | # account 10 | account include system 11 | 12 | # session 13 | session include system 14 | 15 | # password 16 | password required pam_deny.so 17 | -------------------------------------------------------------------------------- /ships/common/NetBSD/etc/pam.d/display_manager: -------------------------------------------------------------------------------- 1 | # $NetBSD: display_manager,v 1.6 2023/06/20 22:00:00 riastradh Exp $ 2 | # 3 | # PAM configuration for the display manager services. Specific display 4 | # manager service configurations can include this one. 5 | # 6 | 7 | # auth 8 | auth required pam_nologin.so no_warn 9 | auth sufficient pam_skey.so no_warn try_first_pass 10 | #auth sufficient pam_krb5.so no_warn try_first_pass 11 | auth optional pam_afslog.so no_warn try_first_pass 12 | # pam_ssh has potential security risks. See pam_ssh(8). 13 | #auth sufficient pam_ssh.so no_warn try_first_pass 14 | auth required pam_unix.so no_warn try_first_pass 15 | 16 | # account 17 | #account required pam_krb5.so 18 | account required pam_unix.so 19 | 20 | # session 21 | # XXX pam_lastlog.so? 22 | # pam_ssh has potential security risks. See pam_ssh(8). 23 | #session optional pam_ssh.so want_agent 24 | session required pam_permit.so 25 | -------------------------------------------------------------------------------- /ships/common/NetBSD/etc/pam.d/ftpd: -------------------------------------------------------------------------------- 1 | # $NetBSD: ftpd,v 1.8 2023/06/20 22:00:00 riastradh Exp $ 2 | # 3 | # PAM configuration for the "ftpd" service 4 | # 5 | 6 | # auth 7 | # This looks very much like "system", but lacks the "nullok" option on 8 | # pam_unix. 9 | auth required pam_nologin.so no_warn 10 | auth sufficient pam_skey.so no_warn try_first_pass 11 | #auth sufficient pam_krb5.so no_warn try_first_pass 12 | auth optional pam_afslog.so no_warn try_first_pass 13 | auth required pam_unix.so no_warn try_first_pass 14 | 15 | # account 16 | # Even though this is identical to "system", we open code it here because 17 | # we open code the auth stack. 18 | #account required pam_krb5.so 19 | account required pam_unix.so 20 | 21 | # session 22 | session required pam_permit.so 23 | -------------------------------------------------------------------------------- /ships/common/NetBSD/etc/pam.d/gdm: -------------------------------------------------------------------------------- 1 | # $NetBSD: gdm,v 1.4 2005/02/27 03:40:14 thorpej Exp $ 2 | # 3 | # PAM configuration for the "gdm" service 4 | # 5 | 6 | # auth 7 | auth include display_manager 8 | 9 | # account 10 | account include display_manager 11 | 12 | # session 13 | session include display_manager 14 | -------------------------------------------------------------------------------- /ships/common/NetBSD/etc/pam.d/imap: -------------------------------------------------------------------------------- 1 | # $NetBSD: imap,v 1.4 2005/02/27 03:40:14 thorpej Exp $ 2 | # 3 | # PAM configuration for the "imap" service 4 | # 5 | 6 | # auth 7 | auth required pam_nologin.so no_warn 8 | auth include system 9 | -------------------------------------------------------------------------------- /ships/common/NetBSD/etc/pam.d/kde: -------------------------------------------------------------------------------- 1 | # $NetBSD: kde,v 1.4 2005/02/27 03:40:14 thorpej Exp $ 2 | # 3 | # PAM configuration for the "kde" service 4 | # 5 | 6 | # auth 7 | auth include display_manager 8 | 9 | # account 10 | account include display_manager 11 | 12 | # session 13 | session include display_manager 14 | -------------------------------------------------------------------------------- /ships/common/NetBSD/etc/pam.d/login: -------------------------------------------------------------------------------- 1 | # $NetBSD: login,v 1.4 2005/02/27 03:40:14 thorpej Exp $ 2 | # 3 | # PAM configuration for the "login" service 4 | # 5 | 6 | # auth 7 | auth sufficient pam_self.so no_warn 8 | auth required pam_nologin.so no_warn 9 | auth include system 10 | 11 | # account 12 | account requisite pam_securetty.so 13 | account required pam_login_access.so 14 | account include system 15 | 16 | # session 17 | session include system 18 | 19 | # password 20 | password include system 21 | -------------------------------------------------------------------------------- /ships/common/NetBSD/etc/pam.d/other: -------------------------------------------------------------------------------- 1 | # $NetBSD: other,v 1.4 2005/02/27 03:40:14 thorpej Exp $ 2 | # 3 | # PAM configuration for the "other" service 4 | # 5 | 6 | # auth 7 | auth required pam_nologin.so no_warn 8 | auth include system 9 | 10 | # account 11 | account include system 12 | 13 | # session 14 | session required pam_permit.so 15 | 16 | # password 17 | password required pam_permit.so 18 | -------------------------------------------------------------------------------- /ships/common/NetBSD/etc/pam.d/passwd: -------------------------------------------------------------------------------- 1 | # $NetBSD: passwd,v 1.3 2005/02/27 03:40:14 thorpej Exp $ 2 | # 3 | # PAM configuration for the "passwd" service 4 | # 5 | 6 | # passwd(1) does not use the auth, account or session services. 7 | 8 | # password 9 | password include system 10 | -------------------------------------------------------------------------------- /ships/common/NetBSD/etc/pam.d/pop3: -------------------------------------------------------------------------------- 1 | # $NetBSD: pop3,v 1.4 2005/02/27 03:40:14 thorpej Exp $ 2 | # 3 | # PAM configuration for the "pop3" service 4 | # 5 | 6 | # auth 7 | #auth required pam_nologin.so no_warn 8 | auth include system 9 | -------------------------------------------------------------------------------- /ships/common/NetBSD/etc/pam.d/ppp: -------------------------------------------------------------------------------- 1 | # $NetBSD: ppp,v 1.1 2005/02/27 19:29:43 christos Exp $ 2 | # 3 | # PAM configuration for the "ppp" service, identical with ftp for now 4 | # 5 | 6 | # auth 7 | auth include ftpd 8 | 9 | # account 10 | account include ftpd 11 | 12 | # session 13 | session include ftpd 14 | -------------------------------------------------------------------------------- /ships/common/NetBSD/etc/pam.d/racoon: -------------------------------------------------------------------------------- 1 | # $NetBSD: racoon,v 1.1 2007/12/07 20:30:31 christos Exp $ 2 | # 3 | # PAM configuration for the "racoon" service, identical with ftp for now 4 | # 5 | 6 | # auth 7 | auth include ftpd 8 | 9 | # account 10 | account include ftpd 11 | 12 | # session 13 | session include ftpd 14 | -------------------------------------------------------------------------------- /ships/common/NetBSD/etc/pam.d/rexecd: -------------------------------------------------------------------------------- 1 | # $NetBSD: rexecd,v 1.4 2005/02/28 02:21:46 christos Exp $ 2 | # 3 | # PAM configuration for the "rexecd" service 4 | # 5 | 6 | # auth 7 | auth required pam_nologin.so no_warn 8 | auth required pam_unix.so no_warn use_first_pass 9 | 10 | # account 11 | # Disabled man pam_ftpusers for why. 12 | #account required pam_ftpusers.so no_warn disallow 13 | account required pam_unix.so no_warn 14 | 15 | # session 16 | session required pam_permit.so 17 | 18 | # password 19 | password required pam_deny.so 20 | -------------------------------------------------------------------------------- /ships/common/NetBSD/etc/pam.d/rsh: -------------------------------------------------------------------------------- 1 | # $NetBSD: rsh,v 1.5 2005/05/14 15:17:47 chs Exp $ 2 | # 3 | # PAM configuration for the "rsh" service 4 | # 5 | 6 | # auth 7 | auth required pam_nologin.so no_warn 8 | auth sufficient pam_rhosts.so no_warn allow_root 9 | auth required pam_unix.so no_warn try_first_pass nullok 10 | 11 | # account 12 | account required pam_unix.so 13 | 14 | # session 15 | session required pam_permit.so 16 | 17 | # password 18 | password required pam_deny.so 19 | -------------------------------------------------------------------------------- /ships/common/NetBSD/etc/pam.d/sshd: -------------------------------------------------------------------------------- 1 | # $NetBSD: sshd,v 1.10 2023/06/20 22:00:00 riastradh Exp $ 2 | # 3 | # PAM configuration for the "sshd" service 4 | # 5 | 6 | # auth 7 | auth required pam_nologin.so no_warn 8 | auth sufficient pam_skey.so no_warn try_first_pass 9 | #auth sufficient pam_krb5.so no_warn try_first_pass 10 | auth optional pam_afslog.so no_warn try_first_pass 11 | # pam_ssh has potential security risks. See pam_ssh(8). 12 | #auth sufficient pam_ssh.so no_warn try_first_pass 13 | auth required pam_unix.so no_warn try_first_pass 14 | 15 | # account 16 | #account required pam_krb5.so 17 | account required pam_login_access.so 18 | account required pam_unix.so 19 | 20 | # session 21 | # pam_ssh has potential security risks. See pam_ssh(8). 22 | #session optional pam_ssh.so 23 | session required pam_permit.so 24 | 25 | # password 26 | #password sufficient pam_krb5.so no_warn try_first_pass 27 | password required pam_unix.so no_warn try_first_pass 28 | -------------------------------------------------------------------------------- /ships/common/NetBSD/etc/pam.d/su: -------------------------------------------------------------------------------- 1 | # $NetBSD: su,v 1.9 2023/06/20 22:00:00 riastradh Exp $ 2 | # 3 | # PAM configuration for the "su" service 4 | # 5 | 6 | # auth 7 | auth sufficient pam_rootok.so no_warn 8 | auth sufficient pam_self.so no_warn 9 | auth sufficient pam_skey.so no_warn try_first_pass 10 | #auth sufficient pam_u2f.so authfile=/etc/u2f_mappings cue 11 | #auth sufficient pam_ksu.so no_warn try_first_pass 12 | #auth sufficient pam_group.so no_warn group=rootauth root_only authenticate 13 | auth requisite pam_group.so no_warn group=wheel root_only fail_safe 14 | auth required pam_unix.so no_warn try_first_pass nullok 15 | 16 | # account 17 | account required pam_login_access.so 18 | account include system 19 | 20 | # session 21 | session required pam_permit.so 22 | -------------------------------------------------------------------------------- /ships/common/NetBSD/etc/pam.d/system: -------------------------------------------------------------------------------- 1 | # $NetBSD: system,v 1.9 2023/06/20 22:00:00 riastradh Exp $ 2 | # 3 | # System-wide defaults 4 | # 5 | 6 | # auth 7 | auth sufficient pam_skey.so no_warn try_first_pass 8 | #auth sufficient pam_krb5.so no_warn try_first_pass 9 | auth optional pam_afslog.so no_warn try_first_pass 10 | auth required pam_unix.so no_warn try_first_pass nullok 11 | 12 | # account 13 | #account required pam_krb5.so 14 | account required pam_unix.so 15 | 16 | # session 17 | session required pam_lastlog.so no_fail no_nested 18 | 19 | # password 20 | #password sufficient pam_krb5.so no_warn try_first_pass 21 | password required pam_unix.so no_warn try_first_pass 22 | -------------------------------------------------------------------------------- /ships/common/NetBSD/etc/pam.d/telnetd: -------------------------------------------------------------------------------- 1 | # $NetBSD: telnetd,v 1.6 2005/05/13 02:56:34 lukem Exp $ 2 | # 3 | # PAM configuration for the "telnetd" service 4 | # 5 | # NOTE: This service is only used if telnetd is using a built-in 6 | # authenticator such as SRA. For non-authenticated telnet sessions, 7 | # telnetd invokes login(1), which uses the "login" service. 8 | # 9 | 10 | # auth 11 | auth required pam_nologin.so no_warn 12 | auth include system 13 | 14 | # account 15 | account include login 16 | 17 | # session 18 | session include login 19 | 20 | # password 21 | password include login 22 | -------------------------------------------------------------------------------- /ships/common/NetBSD/etc/pam.d/xdm: -------------------------------------------------------------------------------- 1 | # $NetBSD: xdm,v 1.4 2005/02/27 03:40:14 thorpej Exp $ 2 | # 3 | # PAM configuration for the "xdm" service 4 | # 5 | 6 | # auth 7 | auth include display_manager 8 | 9 | # account 10 | account include display_manager 11 | 12 | # session 13 | session include display_manager 14 | 15 | # password 16 | password required pam_deny.so 17 | -------------------------------------------------------------------------------- /ships/common/NetBSD/etc/pam.d/xserver: -------------------------------------------------------------------------------- 1 | # $NetBSD: xserver,v 1.3 2005/03/18 15:15:25 christos Exp $ 2 | # 3 | # PAM configuration for the "X Windows Server" 4 | # 5 | 6 | # auth 7 | auth required pam_self.so 8 | 9 | # account 10 | account include system 11 | 12 | # session 13 | session include system 14 | 15 | # password 16 | password required pam_deny.so 17 | -------------------------------------------------------------------------------- /ships/common/NetBSD/etc/passwd: -------------------------------------------------------------------------------- 1 | root:*:0:0:Charlie &:/root:/bin/sh 2 | toor:*:0:0:Bourne-again Superuser:/root:/bin/sh 3 | daemon:*:1:1:The devil himself:/:/sbin/nologin 4 | operator:*:2:5:System &:/usr/guest/operator:/sbin/nologin 5 | bin:*:3:7:Binaries Commands and Source:/:/sbin/nologin 6 | games:*:7:13:& pseudo-user:/usr/games:/sbin/nologin 7 | postfix:*:12:12:& pseudo-user:/var/spool/postfix:/sbin/nologin 8 | named:*:14:14:& pseudo-user:/var/chroot/named:/sbin/nologin 9 | ntpd:*:15:15:& pseudo-user:/var/chroot/ntpd:/sbin/nologin 10 | sshd:*:16:16:& pseudo-user:/var/chroot/sshd:/sbin/nologin 11 | _pflogd:*:18:18:& pseudo-user:/var/chroot/pflogd:/sbin/nologin 12 | _rwhod:*:19:19:& pseudo-user:/var/rwho:/sbin/nologin 13 | _proxy:*:21:21:Proxy Services:/nonexistent:/sbin/nologin 14 | _timedc:*:22:22:& pseudo-user:/nonexistent:/sbin/nologin 15 | _sdpd:*:23:23:& pseudo-user:/nonexistent:/sbin/nologin 16 | _httpd:*:24:24:& pseudo-user:/var/www:/sbin/nologin 17 | _mdnsd:*:25:25:& pseudo-user:/nonexistent:/sbin/nologin 18 | _tests:*:26:26:& pseudo-user:/nonexistent:/sbin/nologin 19 | _tcpdump:*:27:27:& pseudo-user:/var/chroot/tcpdump:/sbin/nologin 20 | _tss:*:28:28:& pseudo-user:/var/tpm:/sbin/nologin 21 | uucp:*:66:1:UNIX-to-UNIX Copy:/nonexistent:/sbin/nologin 22 | nobody:*:32767:39:Unprivileged user:/nonexistent:/sbin/nologin 23 | -------------------------------------------------------------------------------- /ships/common/NetBSD/etc/pwd.db: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NetBSDfr/sailor/3eeedf82410b3f92e687867c5e879f592cbd06f1/ships/common/NetBSD/etc/pwd.db -------------------------------------------------------------------------------- /ships/common/NetBSD/etc/spwd.db: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NetBSDfr/sailor/3eeedf82410b3f92e687867c5e879f592cbd06f1/ships/common/NetBSD/etc/spwd.db -------------------------------------------------------------------------------- /ships/common/all/etc/rc.conf: -------------------------------------------------------------------------------- 1 | # $NetBSD: rc.conf,v 1.97 2014/07/14 12:29:48 mbalmer Exp $ 2 | # 3 | # See rc.conf(5) for more information. 4 | # 5 | # Use program=YES to enable program, NO to disable it. program_flags are 6 | # passed to the program on the command line. 7 | # 8 | 9 | # Load the defaults in from /etc/defaults/rc.conf (if it's readable). 10 | # These can be overridden below. 11 | # 12 | if [ -r /etc/defaults/rc.conf ]; then 13 | . /etc/defaults/rc.conf 14 | fi 15 | 16 | # If this is not set to YES, the system will drop into single-user mode. 17 | # 18 | rc_configured=YES 19 | 20 | # Add local overrides below. 21 | # 22 | -------------------------------------------------------------------------------- /ships/common/all/etc/rc.subr: -------------------------------------------------------------------------------- 1 | # $NetBSD: rc.subr,v 1.98 2016/03/06 18:49:42 christos Exp $ 2 | # 3 | # Copyright (c) 1997-2011 The NetBSD Foundation, Inc. 4 | # All rights reserved. 5 | # 6 | # This code is derived from software contributed to The NetBSD Foundation 7 | # by Luke Mewburn. 8 | # 9 | # Redistribution and use in source and binary forms, with or without 10 | # modification, are permitted provided that the following conditions 11 | # are met: 12 | # 1. Redistributions of source code must retain the above copyright 13 | # notice, this list of conditions and the following disclaimer. 14 | # 2. Redistributions in binary form must reproduce the above copyright 15 | # notice, this list of conditions and the following disclaimer in the 16 | # documentation and/or other materials provided with the distribution. 17 | # 18 | # THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 19 | # ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 20 | # TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 21 | # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 22 | # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 23 | # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 24 | # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25 | # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 26 | # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 27 | # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 28 | # POSSIBILITY OF SUCH DAMAGE. 29 | # 30 | # rc.subr 31 | # functions used by various rc scripts 32 | # 33 | 34 | : ${rcvar_manpage:='rc.conf(5)'} 35 | : ${RC_PID:=$$} ; export RC_PID 36 | nl=' 37 | ' # a literal newline 38 | 39 | # 40 | # functions 41 | # --------- 42 | 43 | # 44 | # checkyesno var 45 | # Test $1 variable. 46 | # Return 0 if it's "yes" (et al), 1 if it's "no" (et al), 2 otherwise. 47 | # 48 | checkyesnox() 49 | { 50 | eval _value=\$${1} 51 | case $_value in 52 | 53 | # "yes", "true", "on", or "1" 54 | [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) 55 | return 0 56 | ;; 57 | 58 | # "no", "false", "off", or "0" 59 | [Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|[Oo][Ff][Ff]|0) 60 | return 1 61 | ;; 62 | *) 63 | return 2 64 | ;; 65 | esac 66 | } 67 | 68 | # 69 | # checkyesno var 70 | # Test $1 variable, and warn if not set to YES or NO. 71 | # Return 0 if it's "yes" (et al), nonzero otherwise. 72 | # 73 | checkyesno() 74 | { 75 | local var 76 | 77 | checkyesnox $1 78 | var=$? 79 | [ $var = 0 -o $var = 1 ] && return $var 80 | warn "\$${1} is not set properly - see ${rcvar_manpage}." 81 | return 1 82 | } 83 | 84 | # 85 | # yesno_to_truefalse var 86 | # Convert the value of a variable from any of the values 87 | # understood by checkyesno() to "true" or "false". 88 | # 89 | yesno_to_truefalse() 90 | { 91 | local var=$1 92 | if checkyesno $var; then 93 | eval $var=true 94 | return 0 95 | else 96 | eval $var=false 97 | return 1 98 | fi 99 | } 100 | 101 | # 102 | # reverse_list list 103 | # print the list in reverse order 104 | # 105 | reverse_list() 106 | { 107 | _revlist= 108 | for _revfile; do 109 | _revlist="$_revfile $_revlist" 110 | done 111 | echo $_revlist 112 | } 113 | 114 | # 115 | # If booting directly to multiuser, send SIGTERM to 116 | # the parent (/etc/rc) to abort the boot. 117 | # Otherwise just exit. 118 | # 119 | stop_boot() 120 | { 121 | if [ "$autoboot" = yes ]; then 122 | echo "ERROR: ABORTING BOOT (sending SIGTERM to parent)!" 123 | kill -TERM ${RC_PID} 124 | fi 125 | exit 1 126 | } 127 | 128 | # 129 | # mount_critical_filesystems type 130 | # Go through the list of critical file systems as provided in 131 | # the rc.conf(5) variable $critical_filesystems_${type}, checking 132 | # each one to see if it is mounted, and if it is not, mounting it. 133 | # It's not an error if file systems prefixed with "OPTIONAL:" 134 | # are not mentioned in /etc/fstab. 135 | # 136 | mount_critical_filesystems() 137 | { 138 | eval _fslist=\$critical_filesystems_${1} 139 | _mountcrit_es=0 140 | for _fs in $_fslist; do 141 | _optional=false 142 | case "$_fs" in 143 | OPTIONAL:*) 144 | _optional=true 145 | _fs="${_fs#*:}" 146 | ;; 147 | esac 148 | _ismounted=false 149 | # look for a line like "${fs} on * type *" 150 | # or "* on ${fs} type *" in the output from mount. 151 | case "${nl}$( mount )${nl}" in 152 | *" on ${_fs} type "*) 153 | _ismounted=true 154 | ;; 155 | *"${nl}${_fs} on "*) 156 | _ismounted=true 157 | ;; 158 | esac 159 | if $_ismounted; then 160 | print_rc_metadata \ 161 | "note:File system ${_fs} was already mounted" 162 | else 163 | _mount_output=$( mount $_fs 2>&1 ) 164 | _mount_es=$? 165 | case "$_mount_output" in 166 | *"${nl}"*) 167 | # multiple lines can't be good, 168 | # not even if $_optional is true 169 | ;; 170 | *[uU]'nknown special file or file system'*) 171 | if $_optional; then 172 | # ignore this error 173 | print_rc_metadata \ 174 | "note:Optional file system ${_fs} is not present" 175 | _mount_es=0 176 | _mount_output="" 177 | fi 178 | ;; 179 | esac 180 | if [ -n "$_mount_output" ]; then 181 | printf >&2 "%s\n" "$_mount_output" 182 | fi 183 | if [ "$_mount_es" != 0 ]; then 184 | _mountcrit_es="$_mount_es" 185 | fi 186 | fi 187 | done 188 | return $_mountcrit_es 189 | } 190 | 191 | # 192 | # check_pidfile pidfile procname [interpreter] 193 | # Parses the first line of pidfile for a PID, and ensures 194 | # that the process is running and matches procname. 195 | # Prints the matching PID upon success, nothing otherwise. 196 | # interpreter is optional; see _find_processes() for details. 197 | # 198 | check_pidfile() 199 | { 200 | _pidfile=$1 201 | _procname=$2 202 | _interpreter=$3 203 | if [ -z "$_pidfile" -o -z "$_procname" ]; then 204 | err 3 'USAGE: check_pidfile pidfile procname [interpreter]' 205 | fi 206 | if [ ! -f $_pidfile ]; then 207 | return 208 | fi 209 | read _pid _junk < $_pidfile 210 | if [ -z "$_pid" ]; then 211 | return 212 | fi 213 | _find_processes $_procname ${_interpreter:-.} '-p '"$_pid" 214 | } 215 | 216 | # 217 | # check_process procname [interpreter] 218 | # Ensures that a process (or processes) named procname is running. 219 | # Prints a list of matching PIDs. 220 | # interpreter is optional; see _find_processes() for details. 221 | # 222 | check_process() 223 | { 224 | _procname=$1 225 | _interpreter=$2 226 | if [ -z "$_procname" ]; then 227 | err 3 'USAGE: check_process procname [interpreter]' 228 | fi 229 | _find_processes $_procname ${_interpreter:-.} '-ax' 230 | } 231 | 232 | # 233 | # _find_processes procname interpreter psargs 234 | # Search for procname in the output of ps generated by psargs. 235 | # Prints the PIDs of any matching processes, space separated. 236 | # 237 | # If interpreter == ".", check the following variations of procname 238 | # against the first word of each command: 239 | # procname 240 | # `basename procname` 241 | # `basename procname` + ":" 242 | # "(" + `basename procname` + ")" 243 | # 244 | # If interpreter != ".", read the first line of procname, remove the 245 | # leading #!, normalise whitespace, append procname, and attempt to 246 | # match that against each command, either as is, or with extra words 247 | # at the end. As an alternative, to deal with interpreted daemons 248 | # using perl, the basename of the interpreter plus a colon is also 249 | # tried as the prefix to procname. 250 | # 251 | _find_processes() 252 | { 253 | if [ $# -ne 3 ]; then 254 | err 3 'USAGE: _find_processes procname interpreter psargs' 255 | fi 256 | _procname=$1 257 | _interpreter=$2 258 | _psargs=$3 259 | 260 | _pref= 261 | _procnamebn=${_procname##*/} 262 | if [ $_interpreter != "." ]; then # an interpreted script 263 | read _interp < ${_chroot:-}/$_procname # read interpreter name 264 | _interp=${_interp#\#!} # strip #! 265 | set -- $_interp 266 | if [ $1 = "/usr/bin/env" ]; then 267 | shift 268 | set -- $(type $1) 269 | shift $(($# - 1)) 270 | _interp="${1##*/} $_procname" 271 | else 272 | _interp="$* $_procname" 273 | fi 274 | if [ $_interpreter != $1 ]; then 275 | warn "\$command_interpreter $_interpreter != $1" 276 | fi 277 | _interpbn=${1##*/} 278 | _fp_args='_argv' 279 | _fp_match='case "$_argv" in 280 | ${_interp}|"${_interp} "*|"${_interpbn}: "*${_procnamebn}*)' 281 | else # a normal daemon 282 | _fp_args='_arg0 _argv' 283 | _fp_match='case "$_arg0" in 284 | $_procname|$_procnamebn|${_procnamebn}:|"(${_procnamebn})")' 285 | fi 286 | 287 | _proccheck=' 288 | ps -o "pid,command" '"$_psargs"' | 289 | while read _npid '"$_fp_args"'; do 290 | case "$_npid" in 291 | PID) 292 | continue ;; 293 | esac ; '"$_fp_match"' 294 | echo -n "$_pref$_npid" ; 295 | _pref=" " 296 | ;; 297 | esac 298 | done' 299 | 300 | #echo 1>&2 "proccheck is :$_proccheck:" 301 | eval $_proccheck 302 | } 303 | 304 | # 305 | # wait_for_pids pid [pid ...] 306 | # spins until none of the pids exist 307 | # 308 | wait_for_pids() 309 | { 310 | _list="$@" 311 | if [ -z "$_list" ]; then 312 | return 313 | fi 314 | _prefix= 315 | while true; do 316 | _nlist=""; 317 | for _j in $_list; do 318 | if kill -0 $_j 2>/dev/null; then 319 | _nlist="${_nlist}${_nlist:+ }$_j" 320 | fi 321 | done 322 | if [ -z "$_nlist" ]; then 323 | break 324 | fi 325 | if [ "$_list" != "$_nlist" ]; then 326 | _list=$_nlist 327 | echo -n ${_prefix:-"Waiting for PIDS: "}$_list 328 | _prefix=", " 329 | fi 330 | # We want this to be a tight loop for a fast exit 331 | sleep 0.05 332 | done 333 | if [ -n "$_prefix" ]; then 334 | echo "." 335 | fi 336 | } 337 | 338 | # 339 | # run_rc_command argument [parameters] 340 | # Search for argument in the list of supported commands, which is: 341 | # "start stop restart rcvar status poll ${extra_commands}" 342 | # If there's a match, run ${argument}_cmd or the default method 343 | # (see below), and pass the optional list of parameters to it. 344 | # 345 | # If argument has a given prefix, then change the operation as follows: 346 | # Prefix Operation 347 | # ------ --------- 348 | # fast Skip the pid check, and set rc_fast=yes 349 | # force Set ${rcvar} to YES, and set rc_force=yes 350 | # one Set ${rcvar} to YES 351 | # 352 | # The following globals are used: 353 | # 354 | # Name Needed Purpose 355 | # ---- ------ ------- 356 | # name y Name of script. 357 | # 358 | # command n Full path to command. 359 | # Not needed if ${rc_arg}_cmd is set for 360 | # each keyword. 361 | # 362 | # command_args n Optional args/shell directives for command. 363 | # 364 | # command_interpreter n If not empty, command is interpreted, so 365 | # call check_{pidfile,process}() appropriately. 366 | # 367 | # extra_commands n List of extra commands supported. 368 | # 369 | # pidfile n If set, use check_pidfile $pidfile $command, 370 | # otherwise use check_process $command. 371 | # In either case, only check if $command is set. 372 | # 373 | # procname n Process name to check for instead of $command. 374 | # 375 | # rcvar n This is checked with checkyesno to determine 376 | # if the action should be run. 377 | # 378 | # ${name}_chroot n Directory to chroot to before running ${command} 379 | # Requires /usr to be mounted. 380 | # 381 | # ${name}_chdir n Directory to cd to before running ${command} 382 | # (if not using ${name}_chroot). 383 | # 384 | # ${name}_flags n Arguments to call ${command} with. 385 | # NOTE: $flags from the parent environment 386 | # can be used to override this. 387 | # 388 | # ${name}_env n Additional environment variable settings 389 | # for running ${command} 390 | # 391 | # ${name}_nice n Nice level to run ${command} at. 392 | # 393 | # ${name}_user n User to run ${command} as, using su(1) if not 394 | # using ${name}_chroot. 395 | # Requires /usr to be mounted. 396 | # 397 | # ${name}_group n Group to run chrooted ${command} as. 398 | # Requires /usr to be mounted. 399 | # 400 | # ${name}_groups n Comma separated list of supplementary groups 401 | # to run the chrooted ${command} with. 402 | # Requires /usr to be mounted. 403 | # 404 | # ${rc_arg}_cmd n If set, use this as the method when invoked; 405 | # Otherwise, use default command (see below) 406 | # 407 | # ${rc_arg}_precmd n If set, run just before performing the 408 | # ${rc_arg}_cmd method in the default 409 | # operation (i.e, after checking for required 410 | # bits and process (non)existence). 411 | # If this completes with a non-zero exit code, 412 | # don't run ${rc_arg}_cmd. 413 | # 414 | # ${rc_arg}_postcmd n If set, run just after performing the 415 | # ${rc_arg}_cmd method, if that method 416 | # returned a zero exit code. 417 | # 418 | # required_dirs n If set, check for the existence of the given 419 | # directories before running the default 420 | # (re)start command. 421 | # 422 | # required_files n If set, check for the readability of the given 423 | # files before running the default (re)start 424 | # command. 425 | # 426 | # required_vars n If set, perform checkyesno on each of the 427 | # listed variables before running the default 428 | # (re)start command. 429 | # 430 | # Default behaviour for a given argument, if no override method is 431 | # provided: 432 | # 433 | # Argument Default behaviour 434 | # -------- ----------------- 435 | # start if !running && checkyesno ${rcvar} 436 | # ${command} 437 | # 438 | # stop if ${pidfile} 439 | # rc_pid=$(check_pidfile $pidfile $command) 440 | # else 441 | # rc_pid=$(check_process $command) 442 | # kill $sig_stop $rc_pid 443 | # wait_for_pids $rc_pid 444 | # ($sig_stop defaults to TERM.) 445 | # 446 | # reload Similar to stop, except use $sig_reload instead, 447 | # and doesn't wait_for_pids. 448 | # $sig_reload defaults to HUP. 449 | # 450 | # restart Run `stop' then `start'. 451 | # 452 | # status Show if ${command} is running, etc. 453 | # 454 | # poll Wait for ${command} to exit. 455 | # 456 | # rcvar Display what rc.conf variable is used (if any). 457 | # 458 | # Variables available to methods, and after run_rc_command() has 459 | # completed: 460 | # 461 | # Variable Purpose 462 | # -------- ------- 463 | # rc_arg Argument to command, after fast/force/one processing 464 | # performed 465 | # 466 | # rc_flags Flags to start the default command with. 467 | # Defaults to ${name}_flags, unless overridden 468 | # by $flags from the environment. 469 | # This variable may be changed by the precmd method. 470 | # 471 | # rc_pid PID of command (if appropriate) 472 | # 473 | # rc_fast Not empty if "fast" was provided (q.v.) 474 | # 475 | # rc_force Not empty if "force" was provided (q.v.) 476 | # 477 | # 478 | run_rc_command() 479 | { 480 | rc_arg=$1 481 | if [ -z "$name" ]; then 482 | err 3 'run_rc_command: $name is not set.' 483 | fi 484 | 485 | _rc_prefix= 486 | case "$rc_arg" in 487 | fast*) # "fast" prefix; don't check pid 488 | rc_arg=${rc_arg#fast} 489 | rc_fast=yes 490 | ;; 491 | force*) # "force" prefix; always run 492 | rc_force=yes 493 | _rc_prefix=force 494 | rc_arg=${rc_arg#${_rc_prefix}} 495 | if [ -n "${rcvar}" ]; then 496 | eval ${rcvar}=YES 497 | fi 498 | ;; 499 | one*) # "one" prefix; set ${rcvar}=yes 500 | _rc_prefix=one 501 | rc_arg=${rc_arg#${_rc_prefix}} 502 | if [ -n "${rcvar}" ]; then 503 | eval ${rcvar}=YES 504 | fi 505 | ;; 506 | esac 507 | 508 | _keywords="start stop restart rcvar" 509 | if [ -n "$extra_commands" ]; then 510 | _keywords="${_keywords} ${extra_commands}" 511 | fi 512 | rc_pid= 513 | _pidcmd= 514 | _procname=${procname:-${command}} 515 | 516 | # setup pid check command if not fast 517 | if [ -z "$rc_fast" -a -n "$_procname" ]; then 518 | if [ -n "$pidfile" ]; then 519 | _pidcmd='rc_pid=$(check_pidfile '"$pidfile $_procname $command_interpreter"')' 520 | else 521 | _pidcmd='rc_pid=$(check_process '"$_procname $command_interpreter"')' 522 | fi 523 | if [ -n "$_pidcmd" ]; then 524 | _keywords="${_keywords} status poll" 525 | fi 526 | fi 527 | 528 | if [ -z "$rc_arg" ]; then 529 | rc_usage "$_keywords" 530 | fi 531 | shift # remove $rc_arg from the positional parameters 532 | 533 | if [ -n "$flags" ]; then # allow override from environment 534 | rc_flags=$flags 535 | else 536 | eval rc_flags=\$${name}_flags 537 | fi 538 | eval _chdir=\$${name}_chdir _chroot=\$${name}_chroot \ 539 | _nice=\$${name}_nice _user=\$${name}_user \ 540 | _group=\$${name}_group _groups=\$${name}_groups \ 541 | _env=\"\$${name}_env\" 542 | 543 | if [ -n "$_user" ]; then # unset $_user if running as that user 544 | if [ "$_user" = "$(id -un)" ]; then 545 | unset _user 546 | fi 547 | fi 548 | 549 | # if ${rcvar} is set, and $1 is not 550 | # "rcvar", then run 551 | # checkyesno ${rcvar} 552 | # and return if that failed or warn 553 | # user and exit when interactive 554 | # 555 | if [ -n "${rcvar}" -a "$rc_arg" != "rcvar" ]; then 556 | if ! checkyesno ${rcvar}; then 557 | # check whether interactive or not 558 | if [ -n "$_run_rc_script" ]; then 559 | return 0 560 | fi 561 | for _elem in $_keywords; do 562 | if [ "$_elem" = "$rc_arg" ]; then 563 | cat 1>&2 <&2 "$0: unknown directive '$rc_arg'." 572 | rc_usage "$_keywords" 573 | fi 574 | fi 575 | 576 | eval $_pidcmd # determine the pid if necessary 577 | 578 | for _elem in $_keywords; do 579 | if [ "$_elem" != "$rc_arg" ]; then 580 | continue 581 | fi 582 | 583 | # if there's a custom ${XXX_cmd}, 584 | # run that instead of the default 585 | # 586 | eval _cmd=\$${rc_arg}_cmd _precmd=\$${rc_arg}_precmd \ 587 | _postcmd=\$${rc_arg}_postcmd 588 | if [ -n "$_cmd" ]; then 589 | # if the precmd failed and force 590 | # isn't set, exit 591 | # 592 | if ! eval $_precmd && [ -z "$rc_force" ]; then 593 | return 1 594 | fi 595 | 596 | if ! eval $_cmd \"\${@}\" && [ -z "$rc_force" ]; then 597 | return 1 598 | fi 599 | eval $_postcmd 600 | return 0 601 | fi 602 | 603 | if [ ${#} -gt 0 ]; then 604 | err 1 "the $rc_arg command does not take any parameters" 605 | fi 606 | 607 | case "$rc_arg" in # default operations... 608 | 609 | status) 610 | if [ -n "$rc_pid" ]; then 611 | echo "${name} is running as pid $rc_pid." 612 | else 613 | echo "${name} is not running." 614 | return 1 615 | fi 616 | ;; 617 | 618 | start) 619 | if [ -n "$rc_pid" ]; then 620 | echo 1>&2 "${name} already running? (pid=$rc_pid)." 621 | exit 1 622 | fi 623 | 624 | if [ ! -x ${_chroot}${command} ]; then 625 | return 0 626 | fi 627 | 628 | # check for required variables, 629 | # directories, and files 630 | # 631 | for _f in $required_vars; do 632 | if ! checkyesno $_f; then 633 | warn "\$${_f} is not enabled." 634 | if [ -z "$rc_force" ]; then 635 | return 1 636 | fi 637 | fi 638 | done 639 | for _f in $required_dirs; do 640 | if [ ! -d "${_f}/." ]; then 641 | warn "${_f} is not a directory." 642 | if [ -z "$rc_force" ]; then 643 | return 1 644 | fi 645 | fi 646 | done 647 | for _f in $required_files; do 648 | if [ ! -r "${_f}" ]; then 649 | warn "${_f} is not readable." 650 | if [ -z "$rc_force" ]; then 651 | return 1 652 | fi 653 | fi 654 | done 655 | 656 | # if the precmd failed and force 657 | # isn't set, exit 658 | # 659 | if ! eval $_precmd && [ -z "$rc_force" ]; then 660 | return 1 661 | fi 662 | 663 | # setup the command to run, and run it 664 | # 665 | echo "Starting ${name}." 666 | if [ -n "$_chroot" ]; then 667 | _doit="\ 668 | ${_env:+env $_env }\ 669 | ${_nice:+nice -n $_nice }\ 670 | chroot ${_user:+-u $_user }${_group:+-g $_group }${_groups:+-G $_groups }\ 671 | $_chroot $command $rc_flags $command_args" 672 | else 673 | _doit="\ 674 | ${_chdir:+cd $_chdir; }\ 675 | ${_env:+env $_env }\ 676 | ${_nice:+nice -n $_nice }\ 677 | $command $rc_flags $command_args" 678 | if [ -n "$_user" ]; then 679 | _doit="su -m $_user -c 'sh -c \"$_doit\"'" 680 | fi 681 | fi 682 | 683 | # if the cmd failed and force 684 | # isn't set, exit 685 | # 686 | if ! eval $_doit && [ -z "$rc_force" ]; then 687 | return 1 688 | fi 689 | 690 | # finally, run postcmd 691 | # 692 | eval $_postcmd 693 | ;; 694 | 695 | stop) 696 | if [ -z "$rc_pid" ]; then 697 | if [ -n "$pidfile" ]; then 698 | echo 1>&2 \ 699 | "${name} not running? (check $pidfile)." 700 | else 701 | echo 1>&2 "${name} not running?" 702 | fi 703 | exit 1 704 | fi 705 | 706 | # if the precmd failed and force 707 | # isn't set, exit 708 | # 709 | if ! eval $_precmd && [ -z "$rc_force" ]; then 710 | return 1 711 | fi 712 | 713 | # send the signal to stop 714 | # 715 | echo "Stopping ${name}." 716 | _doit="kill -${sig_stop:-TERM} $rc_pid" 717 | if [ -n "$_user" ]; then 718 | _doit="su -m $_user -c 'sh -c \"$_doit\"'" 719 | fi 720 | 721 | # if the stop cmd failed and force 722 | # isn't set, exit 723 | # 724 | if ! eval $_doit && [ -z "$rc_force" ]; then 725 | return 1 726 | fi 727 | 728 | # wait for the command to exit, 729 | # and run postcmd. 730 | wait_for_pids $rc_pid 731 | eval $_postcmd 732 | ;; 733 | 734 | reload) 735 | if [ -z "$rc_pid" ]; then 736 | if [ -n "$pidfile" ]; then 737 | echo 1>&2 \ 738 | "${name} not running? (check $pidfile)." 739 | else 740 | echo 1>&2 "${name} not running?" 741 | fi 742 | exit 1 743 | fi 744 | echo "Reloading ${name} config files." 745 | if ! eval $_precmd && [ -z "$rc_force" ]; then 746 | return 1 747 | fi 748 | _doit="kill -${sig_reload:-HUP} $rc_pid" 749 | if [ -n "$_user" ]; then 750 | _doit="su -m $_user -c 'sh -c \"$_doit\"'" 751 | fi 752 | if ! eval $_doit && [ -z "$rc_force" ]; then 753 | return 1 754 | fi 755 | eval $_postcmd 756 | ;; 757 | 758 | restart) 759 | if ! eval $_precmd && [ -z "$rc_force" ]; then 760 | return 1 761 | fi 762 | # prevent restart being called more 763 | # than once by any given script 764 | # 765 | if ${_rc_restart_done:-false}; then 766 | return 0 767 | fi 768 | _rc_restart_done=true 769 | 770 | ( $0 ${_rc_prefix}stop ) 771 | $0 ${_rc_prefix}start 772 | 773 | eval $_postcmd 774 | ;; 775 | 776 | poll) 777 | if [ -n "$rc_pid" ]; then 778 | wait_for_pids $rc_pid 779 | fi 780 | ;; 781 | 782 | rcvar) 783 | echo "# $name" 784 | if [ -n "$rcvar" ]; then 785 | if checkyesno ${rcvar}; then 786 | echo "\$${rcvar}=YES" 787 | else 788 | echo "\$${rcvar}=NO" 789 | fi 790 | fi 791 | ;; 792 | 793 | *) 794 | rc_usage "$_keywords" 795 | ;; 796 | 797 | esac 798 | return 0 799 | done 800 | 801 | echo 1>&2 "$0: unknown directive '$rc_arg'." 802 | rc_usage "$_keywords" 803 | exit 1 804 | } 805 | 806 | # 807 | # _have_rc_postprocessor 808 | # Test whether the current script is running in a context that 809 | # was invoked from /etc/rc with a postprocessor. 810 | # 811 | # If the test fails, some variables may be unset to make 812 | # such tests more efficient in future. 813 | # 814 | _have_rc_postprocessor() 815 | { 816 | # Cheap tests that fd and pid are set, fd is writable. 817 | [ -n "${_rc_pid}" ] || { unset _rc_pid; return 1; } 818 | [ -n "${_rc_postprocessor_fd}" ] || { unset _rc_pid; return 1; } 819 | eval ": >&${_rc_postprocessor_fd}" 2>/dev/null \ 820 | || { unset _rc_pid; return 1; } 821 | 822 | return 0 823 | } 824 | 825 | # 826 | # run_rc_script file arg 827 | # Start the script `file' with `arg', and correctly handle the 828 | # return value from the script. If `file' ends with `.sh', it's 829 | # sourced into the current environment. If `file' appears to be 830 | # a backup or scratch file, ignore it. Otherwise if it's 831 | # executable run as a child process. 832 | # 833 | # If `file' contains "KEYWORD: interactive" and if we are 834 | # running inside /etc/rc with postprocessing, then the script's 835 | # stdout and stderr are redirected to $_rc_original_stdout_fd and 836 | # $_rc_original_stderr_fd, so the output will be displayed on the 837 | # console but not intercepted by /etc/rc's postprocessor. 838 | # 839 | run_rc_script() 840 | { 841 | _file=$1 842 | _arg=$2 843 | if [ -z "$_file" -o -z "$_arg" ]; then 844 | err 3 'USAGE: run_rc_script file arg' 845 | fi 846 | 847 | _run_rc_script=true 848 | 849 | unset name command command_args command_interpreter \ 850 | extra_commands pidfile procname \ 851 | rcvar required_dirs required_files required_vars 852 | eval unset ${_arg}_cmd ${_arg}_precmd ${_arg}_postcmd 853 | 854 | _must_redirect=false 855 | if _have_rc_postprocessor \ 856 | && _has_rcorder_keyword interactive $_file 857 | then 858 | _must_redirect=true 859 | fi 860 | 861 | case "$_file" in 862 | *.sh) # run in current shell 863 | if $_must_redirect; then 864 | print_rc_metadata \ 865 | "note:Output from ${_file} is not logged" 866 | no_rc_postprocess eval \ 867 | 'set $_arg ; . $_file' 868 | else 869 | set $_arg ; . $_file 870 | fi 871 | ;; 872 | *[~#]|*.OLD|*.orig|*,v) # scratch file; skip 873 | warn "Ignoring scratch file $_file" 874 | ;; 875 | *) # run in subshell 876 | if [ -x $_file ] && $_must_redirect; then 877 | print_rc_metadata \ 878 | "note:Output from ${_file} is not logged" 879 | if [ -n "$rc_fast_and_loose" ]; then 880 | no_rc_postprocess eval \ 881 | 'set $_arg ; . $_file' 882 | else 883 | no_rc_postprocess eval \ 884 | '( set $_arg ; . $_file )' 885 | fi 886 | elif [ -x $_file ]; then 887 | if [ -n "$rc_fast_and_loose" ]; then 888 | set $_arg ; . $_file 889 | else 890 | ( set $_arg ; . $_file ) 891 | fi 892 | else 893 | warn "Ignoring non-executable file $_file" 894 | fi 895 | ;; 896 | esac 897 | } 898 | 899 | # 900 | # load_rc_config command 901 | # Source in the configuration file for a given command. 902 | # 903 | load_rc_config() 904 | { 905 | _command=$1 906 | if [ -z "$_command" ]; then 907 | err 3 'USAGE: load_rc_config command' 908 | fi 909 | 910 | if ${_rc_conf_loaded:-false}; then 911 | : 912 | else 913 | . /etc/rc.conf 914 | _rc_conf_loaded=true 915 | fi 916 | if [ -f /etc/rc.conf.d/"$_command" ]; then 917 | . /etc/rc.conf.d/"$_command" 918 | fi 919 | } 920 | 921 | # 922 | # load_rc_config_var cmd var 923 | # Read the rc.conf(5) var for cmd and set in the 924 | # current shell, using load_rc_config in a subshell to prevent 925 | # unwanted side effects from other variable assignments. 926 | # 927 | load_rc_config_var() 928 | { 929 | if [ $# -ne 2 ]; then 930 | err 3 'USAGE: load_rc_config_var cmd var' 931 | fi 932 | eval $(eval '( 933 | load_rc_config '$1' >/dev/null; 934 | if [ -n "${'$2'}" -o "${'$2'-UNSET}" != "UNSET" ]; then 935 | echo '$2'=\'\''${'$2'}\'\''; 936 | fi 937 | )' ) 938 | } 939 | 940 | # 941 | # rc_usage commands 942 | # Print a usage string for $0, with `commands' being a list of 943 | # valid commands. 944 | # 945 | rc_usage() 946 | { 947 | echo -n 1>&2 "Usage: $0 [fast|force|one](" 948 | 949 | _sep= 950 | for _elem; do 951 | echo -n 1>&2 "$_sep$_elem" 952 | _sep="|" 953 | done 954 | echo 1>&2 ")" 955 | exit 1 956 | } 957 | 958 | # 959 | # err exitval message 960 | # Display message to stderr and log to the syslog, and exit with exitval. 961 | # 962 | err() 963 | { 964 | exitval=$1 965 | shift 966 | 967 | if [ -x /usr/bin/logger ]; then 968 | logger "$0: ERROR: $*" 969 | fi 970 | echo 1>&2 "$0: ERROR: $*" 971 | exit $exitval 972 | } 973 | 974 | # 975 | # warn message 976 | # Display message to stderr and log to the syslog. 977 | # 978 | warn() 979 | { 980 | if [ -x /usr/bin/logger ]; then 981 | logger "$0: WARNING: $*" 982 | fi 983 | echo 1>&2 "$0: WARNING: $*" 984 | } 985 | 986 | # 987 | # backup_file action file cur backup 988 | # Make a backup copy of `file' into `cur', and save the previous 989 | # version of `cur' as `backup' or use rcs for archiving. 990 | # 991 | # This routine checks the value of the backup_uses_rcs variable, 992 | # which can be either YES or NO. 993 | # 994 | # The `action' keyword can be one of the following: 995 | # 996 | # add `file' is now being backed up (and is possibly 997 | # being reentered into the backups system). `cur' 998 | # is created and RCS files, if necessary, are 999 | # created as well. 1000 | # 1001 | # update `file' has changed and needs to be backed up. 1002 | # If `cur' exists, it is copied to to `back' or 1003 | # checked into RCS (if the repository file is old), 1004 | # and then `file' is copied to `cur'. Another RCS 1005 | # check in done here if RCS is being used. 1006 | # 1007 | # remove `file' is no longer being tracked by the backups 1008 | # system. If RCS is not being used, `cur' is moved 1009 | # to `back', otherwise an empty file is checked in, 1010 | # and then `cur' is removed. 1011 | # 1012 | # 1013 | backup_file() 1014 | { 1015 | _action=$1 1016 | _file=$2 1017 | _cur=$3 1018 | _back=$4 1019 | 1020 | if checkyesno backup_uses_rcs; then 1021 | _msg0="backup archive" 1022 | _msg1="update" 1023 | 1024 | # ensure that history file is not locked 1025 | if [ -f $_cur,v ]; then 1026 | rcs -q -u -U -M $_cur 1027 | fi 1028 | 1029 | # ensure after switching to rcs that the 1030 | # current backup is not lost 1031 | if [ -f $_cur ]; then 1032 | # no archive, or current newer than archive 1033 | if [ ! -f $_cur,v -o $_cur -nt $_cur,v ]; then 1034 | ci -q -f -u -t-"$_msg0" -m"$_msg1" $_cur 1035 | rcs -q -kb -U $_cur 1036 | co -q -f -u $_cur 1037 | fi 1038 | fi 1039 | 1040 | case $_action in 1041 | add|update) 1042 | cp -p $_file $_cur 1043 | ci -q -f -u -t-"$_msg0" -m"$_msg1" $_cur 1044 | rcs -q -kb -U $_cur 1045 | co -q -f -u $_cur 1046 | chown root:wheel $_cur $_cur,v 1047 | ;; 1048 | remove) 1049 | cp /dev/null $_cur 1050 | ci -q -f -u -t-"$_msg0" -m"$_msg1" $_cur 1051 | rcs -q -kb -U $_cur 1052 | chown root:wheel $_cur $_cur,v 1053 | rm $_cur 1054 | ;; 1055 | esac 1056 | else 1057 | case $_action in 1058 | add|update) 1059 | if [ -f $_cur ]; then 1060 | cp -p $_cur $_back 1061 | fi 1062 | cp -p $_file $_cur 1063 | chown root:wheel $_cur 1064 | ;; 1065 | remove) 1066 | mv -f $_cur $_back 1067 | ;; 1068 | esac 1069 | fi 1070 | } 1071 | 1072 | # 1073 | # handle_fsck_error fsck_exit_code 1074 | # Take action depending on the return code from fsck. 1075 | # 1076 | handle_fsck_error() 1077 | { 1078 | case $1 in 1079 | 0) # OK 1080 | return 1081 | ;; 1082 | 2) # Needs re-run, still fs errors 1083 | echo "File system still has errors; re-run fsck manually!" 1084 | ;; 1085 | 4) # Root modified 1086 | echo "Root file system was modified, rebooting ..." 1087 | reboot -n 1088 | echo "Reboot failed; help!" 1089 | ;; 1090 | 8) # Check failed 1091 | echo "Automatic file system check failed; help!" 1092 | ;; 1093 | 12) # Got signal 1094 | echo "Boot interrupted." 1095 | ;; 1096 | *) 1097 | echo "Unknown error $1; help!" 1098 | ;; 1099 | esac 1100 | stop_boot 1101 | } 1102 | 1103 | # 1104 | # _has_rcorder_keyword word file 1105 | # Check whether a file contains a "# KEYWORD:" comment with a 1106 | # specified keyword in the style used by rcorder(8). 1107 | # 1108 | _has_rcorder_keyword() 1109 | { 1110 | local word="$1" 1111 | local file="$2" 1112 | local line 1113 | 1114 | [ -r "$file" ] || return 1 1115 | while read line; do 1116 | case "${line} " in 1117 | "# KEYWORD:"*[\ \ ]"${word}"[\ \ ]*) 1118 | return 0 1119 | ;; 1120 | "#"*) 1121 | continue 1122 | ;; 1123 | *[A-Za-z0-9]*) 1124 | # give up at the first non-empty non-comment line 1125 | return 1 1126 | ;; 1127 | esac 1128 | done <"$file" 1129 | return 1 1130 | } 1131 | 1132 | # 1133 | # print_rc_metadata string 1134 | # Print the specified string in such a way that the post-processor 1135 | # inside /etc/rc will treat it as meta-data. 1136 | # 1137 | # If we are not running inside /etc/rc, do nothing. 1138 | # 1139 | # For public use by any rc.d script, the string must begin with 1140 | # "note:", followed by arbitrary text. The intent is that the text 1141 | # will appear in a log file but not on the console. 1142 | # 1143 | # For private use within /etc/rc, the string must contain a 1144 | # keyword recognised by the rc_postprocess_metadata() function 1145 | # defined in /etc/rc, followed by a colon, followed by one or more 1146 | # colon-separated arguments associated with the keyword. 1147 | # 1148 | print_rc_metadata() 1149 | { 1150 | # _rc_postprocessor fd, if defined, is the fd to which we must 1151 | # print, prefixing the output with $_rc_metadata_prefix. 1152 | # 1153 | if _have_rc_postprocessor; then 1154 | command printf "%s%s\n" "$rc_metadata_prefix" "$1" \ 1155 | >&${_rc_postprocessor_fd} 1156 | fi 1157 | } 1158 | 1159 | # 1160 | # _flush_rc_output 1161 | # Arrange for output to be flushed, if we are running 1162 | # inside /etc/rc with postprocessing. 1163 | # 1164 | _flush_rc_output() 1165 | { 1166 | print_rc_metadata "nop" 1167 | } 1168 | 1169 | # 1170 | # print_rc_normal [-n] string 1171 | # Print the specified string in such way that it is treated as 1172 | # normal output, regardless of whether or not we are running 1173 | # inside /etc/rc with post-processing. 1174 | # 1175 | # If "-n" is specified in $1, then the string in $2 is printed 1176 | # without a newline; otherwise, the string in $1 is printed 1177 | # with a newline. 1178 | # 1179 | # Intended use cases include: 1180 | # 1181 | # o An rc.d script can use ``print_rc_normal -n'' to print a 1182 | # partial line in such a way that it appears immediately 1183 | # instead of being buffered by rc(8)'s post-processor. 1184 | # 1185 | # o An rc.d script that is run via the no_rc_postprocess 1186 | # function (so most of its output is invisible to rc(8)'s 1187 | # post-processor) can use print_rc_normal to force some of its 1188 | # output to be seen by the post-processor. 1189 | # 1190 | # 1191 | print_rc_normal() 1192 | { 1193 | # print to stdout or _rc_postprocessor_fd, depending on 1194 | # whether not we have an rc postprocessor. 1195 | # 1196 | local fd=1 1197 | _have_rc_postprocessor && fd="${_rc_postprocessor_fd}" 1198 | case "$1" in 1199 | "-n") 1200 | command printf "%s" "$2" >&${fd} 1201 | _flush_rc_output 1202 | ;; 1203 | *) 1204 | command printf "%s\n" "$1" >&${fd} 1205 | ;; 1206 | esac 1207 | } 1208 | 1209 | # 1210 | # no_rc_postprocess cmd... 1211 | # Execute the specified command in such a way that its output 1212 | # bypasses the post-processor that handles the output from 1213 | # most commands that are run inside /etc/rc. If we are not 1214 | # inside /etc/rc, then just execute the command without special 1215 | # treatment. 1216 | # 1217 | # The intent is that interactive commands can be run via 1218 | # no_rc_postprocess(), and their output will apear immediately 1219 | # on the console instead of being hidden or delayed by the 1220 | # post-processor. An unfortunate consequence of the output 1221 | # bypassing the post-processor is that the output will not be 1222 | # logged. 1223 | # 1224 | no_rc_postprocess() 1225 | { 1226 | if _have_rc_postprocessor; then 1227 | "$@" >&${_rc_original_stdout_fd} 2>&${_rc_original_stderr_fd} 1228 | else 1229 | "$@" 1230 | fi 1231 | } 1232 | 1233 | # 1234 | # twiddle 1235 | # On each call, print a different one of "/", "-", "\\", "|", 1236 | # followed by a backspace. The most recently printed value is 1237 | # saved in $_twiddle_state. 1238 | # 1239 | # Output is to /dev/tty, so this function may be useful even inside 1240 | # a script whose output is redirected. 1241 | # 1242 | twiddle() 1243 | { 1244 | case "$_twiddle_state" in 1245 | '/') _next='-' ;; 1246 | '-') _next='\' ;; 1247 | '\') _next='|' ;; 1248 | *) _next='/' ;; 1249 | esac 1250 | command printf "%s\b" "$_next" >/dev/tty 1251 | _twiddle_state="$_next" 1252 | } 1253 | 1254 | # 1255 | # human_exit_code 1256 | # Print the a human version of the exit code. 1257 | # 1258 | human_exit_code() 1259 | { 1260 | if [ "$1" -lt 127 ] 1261 | then 1262 | echo "exited with code $1" 1263 | elif [ "$(expr $1 % 256)" -eq 127 ] 1264 | then 1265 | # This cannot really happen because the shell will not 1266 | # pass stopped job status out and the exit code is limited 1267 | # to 8 bits. This code is here just for completeness. 1268 | echo "stopped with signal $(expr $1 / 256)" 1269 | else 1270 | echo "terminated with signal $(expr $1 - 128)" 1271 | fi 1272 | } 1273 | 1274 | # 1275 | # collapse_backslash_newline 1276 | # Copy input to output, collapsing 1277 | # to nothing, but leaving other backslashes alone. 1278 | # 1279 | collapse_backslash_newline() 1280 | { 1281 | local line 1282 | while read -r line ; do 1283 | case "$line" in 1284 | *\\) 1285 | # print it, without the backslash or newline 1286 | command printf "%s" "${line%?}" 1287 | ;; 1288 | *) 1289 | # print it, with a newline 1290 | command printf "%s\n" "${line}" 1291 | ;; 1292 | esac 1293 | done 1294 | } 1295 | 1296 | # Shell implementations of basename and dirname, usable before 1297 | # the /usr file system is mounted. 1298 | # 1299 | basename() 1300 | { 1301 | local file="$1" 1302 | local suffix="$2" 1303 | local base 1304 | 1305 | base="${file##*/}" # remove up to and including last '/' 1306 | base="${base%${suffix}}" # remove suffix, if any 1307 | command printf "%s\n" "${base}" 1308 | } 1309 | 1310 | dirname() 1311 | { 1312 | local file="$1" 1313 | local dir 1314 | 1315 | case "$file" in 1316 | /*/*) dir="${file%/*}" ;; # common case: absolute path 1317 | /*) dir="/" ;; # special case: name in root dir 1318 | */*) dir="${file%/*}" ;; # common case: relative path with '/' 1319 | *) dir="." ;; # special case: name without '/' 1320 | esac 1321 | command printf "%s\n" "${dir}" 1322 | } 1323 | 1324 | # Override the normal "echo" and "printf" commands, so that 1325 | # partial lines printed by rc.d scripts appear immediately, 1326 | # instead of being buffered by rc(8)'s post-processor. 1327 | # 1328 | # Naive use of the echo or printf commands from rc.d scripts, 1329 | # elsewhere in rc.subr, or anything else that sources rc.subr, 1330 | # will call these functions. To call the real echo and printf 1331 | # commands, use "command echo" or "command printf". 1332 | # 1333 | echo() 1334 | { 1335 | command echo "$@" 1336 | case "$1" in 1337 | '-n') _flush_rc_output ;; 1338 | esac 1339 | } 1340 | printf() 1341 | { 1342 | command printf "$@" 1343 | case "$1" in 1344 | *'\n') : ;; 1345 | *) _flush_rc_output ;; 1346 | esac 1347 | } 1348 | 1349 | kat() { 1350 | local i 1351 | local v 1352 | for i; do 1353 | while read -r v; do 1354 | v="${v%%#*}" 1355 | if [ -z "$v" ]; then 1356 | continue 1357 | fi 1358 | echo "$v" 1359 | done < "$i" 1360 | done 1361 | } 1362 | 1363 | _rc_subr_loaded=: 1364 | -------------------------------------------------------------------------------- /ships/common/all/etc/services: -------------------------------------------------------------------------------- 1 | # Network services, Internet style 2 | # 3 | # Updated from https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml . 4 | # 5 | # New ports will be added on request if they have been officially assigned 6 | # by IANA and used in the real-world or are needed by a debian package. 7 | # If you need a huge list of used numbers please install the nmap package. 8 | 9 | tcpmux 1/tcp # TCP port service multiplexer 10 | echo 7/tcp 11 | echo 7/udp 12 | discard 9/tcp sink null 13 | discard 9/udp sink null 14 | systat 11/tcp users 15 | daytime 13/tcp 16 | daytime 13/udp 17 | netstat 15/tcp 18 | qotd 17/tcp quote 19 | chargen 19/tcp ttytst source 20 | chargen 19/udp ttytst source 21 | ftp-data 20/tcp 22 | ftp 21/tcp 23 | fsp 21/udp fspd 24 | ssh 22/tcp # SSH Remote Login Protocol 25 | telnet 23/tcp 26 | smtp 25/tcp mail 27 | time 37/tcp timserver 28 | time 37/udp timserver 29 | whois 43/tcp nicname 30 | tacacs 49/tcp # Login Host Protocol (TACACS) 31 | tacacs 49/udp 32 | domain 53/tcp # Domain Name Server 33 | domain 53/udp 34 | bootps 67/udp 35 | bootpc 68/udp 36 | tftp 69/udp 37 | gopher 70/tcp # Internet Gopher 38 | finger 79/tcp 39 | http 80/tcp www # WorldWideWeb HTTP 40 | kerberos 88/tcp kerberos5 krb5 kerberos-sec # Kerberos v5 41 | kerberos 88/udp kerberos5 krb5 kerberos-sec # Kerberos v5 42 | iso-tsap 102/tcp tsap # part of ISODE 43 | acr-nema 104/tcp dicom # Digital Imag. & Comm. 300 44 | pop3 110/tcp pop-3 # POP version 3 45 | sunrpc 111/tcp portmapper # RPC 4.0 portmapper 46 | sunrpc 111/udp portmapper 47 | auth 113/tcp authentication tap ident 48 | nntp 119/tcp readnews untp # USENET News Transfer Protocol 49 | ntp 123/udp # Network Time Protocol 50 | epmap 135/tcp loc-srv # DCE endpoint resolution 51 | netbios-ns 137/udp # NETBIOS Name Service 52 | netbios-dgm 138/udp # NETBIOS Datagram Service 53 | netbios-ssn 139/tcp # NETBIOS session service 54 | imap2 143/tcp imap # Interim Mail Access P 2 and 4 55 | snmp 161/tcp # Simple Net Mgmt Protocol 56 | snmp 161/udp 57 | snmp-trap 162/tcp snmptrap # Traps for SNMP 58 | snmp-trap 162/udp snmptrap 59 | cmip-man 163/tcp # ISO mgmt over IP (CMOT) 60 | cmip-man 163/udp 61 | cmip-agent 164/tcp 62 | cmip-agent 164/udp 63 | mailq 174/tcp # Mailer transport queue for Zmailer 64 | xdmcp 177/udp # X Display Manager Control Protocol 65 | bgp 179/tcp # Border Gateway Protocol 66 | smux 199/tcp # SNMP Unix Multiplexer 67 | qmtp 209/tcp # Quick Mail Transfer Protocol 68 | z3950 210/tcp wais # NISO Z39.50 database 69 | ipx 213/udp # IPX [RFC1234] 70 | ptp-event 319/udp 71 | ptp-general 320/udp 72 | pawserv 345/tcp # Perf Analysis Workbench 73 | zserv 346/tcp # Zebra server 74 | rpc2portmap 369/tcp 75 | rpc2portmap 369/udp # Coda portmapper 76 | codaauth2 370/tcp 77 | codaauth2 370/udp # Coda authentication server 78 | clearcase 371/udp Clearcase 79 | ldap 389/tcp # Lightweight Directory Access Protocol 80 | ldap 389/udp 81 | svrloc 427/tcp # Server Location 82 | svrloc 427/udp 83 | https 443/tcp # http protocol over TLS/SSL 84 | https 443/udp # HTTP/3 85 | snpp 444/tcp # Simple Network Paging Protocol 86 | microsoft-ds 445/tcp # Microsoft Naked CIFS 87 | kpasswd 464/tcp 88 | kpasswd 464/udp 89 | submissions 465/tcp ssmtp smtps urd # Submission over TLS [RFC8314] 90 | saft 487/tcp # Simple Asynchronous File Transfer 91 | isakmp 500/udp # IPSEC key management 92 | rtsp 554/tcp # Real Time Stream Control Protocol 93 | rtsp 554/udp 94 | nqs 607/tcp # Network Queuing system 95 | asf-rmcp 623/udp # ASF Remote Management and Control Protocol 96 | qmqp 628/tcp 97 | ipp 631/tcp # Internet Printing Protocol 98 | ldp 646/tcp # Label Distribution Protocol 99 | ldp 646/udp 100 | # 101 | # UNIX specific services 102 | # 103 | exec 512/tcp 104 | biff 512/udp comsat 105 | login 513/tcp 106 | who 513/udp whod 107 | shell 514/tcp cmd syslog # no passwords used 108 | syslog 514/udp 109 | printer 515/tcp spooler # line printer spooler 110 | talk 517/udp 111 | ntalk 518/udp 112 | route 520/udp router routed # RIP 113 | gdomap 538/tcp # GNUstep distributed objects 114 | gdomap 538/udp 115 | uucp 540/tcp uucpd # uucp daemon 116 | klogin 543/tcp # Kerberized `rlogin' (v5) 117 | kshell 544/tcp krcmd # Kerberized `rsh' (v5) 118 | dhcpv6-client 546/udp 119 | dhcpv6-server 547/udp 120 | afpovertcp 548/tcp # AFP over TCP 121 | nntps 563/tcp snntp # NNTP over SSL 122 | submission 587/tcp # Submission [RFC4409] 123 | ldaps 636/tcp # LDAP over SSL 124 | ldaps 636/udp 125 | tinc 655/tcp # tinc control port 126 | tinc 655/udp 127 | silc 706/tcp 128 | kerberos-adm 749/tcp # Kerberos `kadmin' (v5) 129 | # 130 | domain-s 853/tcp # DNS over TLS [RFC7858] 131 | domain-s 853/udp # DNS over DTLS [RFC8094] 132 | rsync 873/tcp 133 | ftps-data 989/tcp # FTP over SSL (data) 134 | ftps 990/tcp 135 | telnets 992/tcp # Telnet over SSL 136 | imaps 993/tcp # IMAP over SSL 137 | pop3s 995/tcp # POP-3 over SSL 138 | # 139 | # From ``Assigned Numbers'': 140 | # 141 | #> The Registered Ports are not controlled by the IANA and on most systems 142 | #> can be used by ordinary user processes or programs executed by ordinary 143 | #> users. 144 | # 145 | #> Ports are used in the TCP [45,106] to name the ends of logical 146 | #> connections which carry long term conversations. For the purpose of 147 | #> providing services to unknown callers, a service contact port is 148 | #> defined. This list specifies the port used by the server process as its 149 | #> contact port. While the IANA can not control uses of these ports it 150 | #> does register or list uses of these ports as a convienence to the 151 | #> community. 152 | # 153 | socks 1080/tcp # socks proxy server 154 | proofd 1093/tcp 155 | rootd 1094/tcp 156 | openvpn 1194/tcp 157 | openvpn 1194/udp 158 | rmiregistry 1099/tcp # Java RMI Registry 159 | lotusnote 1352/tcp lotusnotes # Lotus Note 160 | ms-sql-s 1433/tcp # Microsoft SQL Server 161 | ms-sql-m 1434/udp # Microsoft SQL Monitor 162 | ingreslock 1524/tcp 163 | datametrics 1645/tcp old-radius 164 | datametrics 1645/udp old-radius 165 | sa-msg-port 1646/tcp old-radacct 166 | sa-msg-port 1646/udp old-radacct 167 | kermit 1649/tcp 168 | groupwise 1677/tcp 169 | l2f 1701/udp l2tp 170 | radius 1812/tcp 171 | radius 1812/udp 172 | radius-acct 1813/tcp radacct # Radius Accounting 173 | radius-acct 1813/udp radacct 174 | cisco-sccp 2000/tcp # Cisco SCCP 175 | nfs 2049/tcp # Network File System 176 | nfs 2049/udp # Network File System 177 | gnunet 2086/tcp 178 | gnunet 2086/udp 179 | rtcm-sc104 2101/tcp # RTCM SC-104 IANA 1/29/99 180 | rtcm-sc104 2101/udp 181 | gsigatekeeper 2119/tcp 182 | gris 2135/tcp # Grid Resource Information Server 183 | cvspserver 2401/tcp # CVS client/server operations 184 | venus 2430/tcp # codacon port 185 | venus 2430/udp # Venus callback/wbc interface 186 | venus-se 2431/tcp # tcp side effects 187 | venus-se 2431/udp # udp sftp side effect 188 | codasrv 2432/tcp # not used 189 | codasrv 2432/udp # server port 190 | codasrv-se 2433/tcp # tcp side effects 191 | codasrv-se 2433/udp # udp sftp side effect 192 | mon 2583/tcp # MON traps 193 | mon 2583/udp 194 | dict 2628/tcp # Dictionary server 195 | f5-globalsite 2792/tcp 196 | gsiftp 2811/tcp 197 | gpsd 2947/tcp 198 | gds-db 3050/tcp gds_db # InterBase server 199 | icpv2 3130/udp icp # Internet Cache Protocol 200 | isns 3205/tcp # iSNS Server Port 201 | isns 3205/udp # iSNS Server Port 202 | iscsi-target 3260/tcp 203 | mysql 3306/tcp 204 | ms-wbt-server 3389/tcp 205 | nut 3493/tcp # Network UPS Tools 206 | nut 3493/udp 207 | distcc 3632/tcp # distributed compiler 208 | daap 3689/tcp # Digital Audio Access Protocol 209 | svn 3690/tcp subversion # Subversion protocol 210 | suucp 4031/tcp # UUCP over SSL 211 | sysrqd 4094/tcp # sysrq daemon 212 | sieve 4190/tcp # ManageSieve Protocol 213 | epmd 4369/tcp # Erlang Port Mapper Daemon 214 | remctl 4373/tcp # Remote Authenticated Command Service 215 | f5-iquery 4353/tcp # F5 iQuery 216 | ntske 4460/tcp # Network Time Security Key Establishment 217 | ipsec-nat-t 4500/udp # IPsec NAT-Traversal [RFC3947] 218 | iax 4569/udp # Inter-Asterisk eXchange 219 | mtn 4691/tcp # monotone Netsync Protocol 220 | radmin-port 4899/tcp # RAdmin Port 221 | sip 5060/tcp # Session Initiation Protocol 222 | sip 5060/udp 223 | sip-tls 5061/tcp 224 | sip-tls 5061/udp 225 | xmpp-client 5222/tcp jabber-client # Jabber Client Connection 226 | xmpp-server 5269/tcp jabber-server # Jabber Server Connection 227 | cfengine 5308/tcp 228 | mdns 5353/udp # Multicast DNS 229 | postgresql 5432/tcp postgres # PostgreSQL Database 230 | freeciv 5556/tcp rptp # Freeciv gameplay 231 | amqps 5671/tcp # AMQP protocol over TLS/SSL 232 | amqp 5672/tcp 233 | amqp 5672/sctp 234 | x11 6000/tcp x11-0 # X Window System 235 | x11-1 6001/tcp 236 | x11-2 6002/tcp 237 | x11-3 6003/tcp 238 | x11-4 6004/tcp 239 | x11-5 6005/tcp 240 | x11-6 6006/tcp 241 | x11-7 6007/tcp 242 | gnutella-svc 6346/tcp # gnutella 243 | gnutella-svc 6346/udp 244 | gnutella-rtr 6347/tcp # gnutella 245 | gnutella-rtr 6347/udp 246 | redis 6379/tcp 247 | sge-qmaster 6444/tcp sge_qmaster # Grid Engine Qmaster Service 248 | sge-execd 6445/tcp sge_execd # Grid Engine Execution Service 249 | mysql-proxy 6446/tcp # MySQL Proxy 250 | babel 6696/udp # Babel Routing Protocol 251 | ircs-u 6697/tcp # Internet Relay Chat via TLS/SSL 252 | bbs 7000/tcp 253 | afs3-fileserver 7000/udp 254 | afs3-callback 7001/udp # callbacks to cache managers 255 | afs3-prserver 7002/udp # users & groups database 256 | afs3-vlserver 7003/udp # volume location database 257 | afs3-kaserver 7004/udp # AFS/Kerberos authentication 258 | afs3-volser 7005/udp # volume managment server 259 | afs3-bos 7007/udp # basic overseer process 260 | afs3-update 7008/udp # server-to-server updater 261 | afs3-rmtsys 7009/udp # remote cache manager service 262 | font-service 7100/tcp xfs # X Font Service 263 | http-alt 8080/tcp webcache # WWW caching service 264 | puppet 8140/tcp # The Puppet master service 265 | bacula-dir 9101/tcp # Bacula Director 266 | bacula-fd 9102/tcp # Bacula File Daemon 267 | bacula-sd 9103/tcp # Bacula Storage Daemon 268 | xmms2 9667/tcp # Cross-platform Music Multiplexing System 269 | nbd 10809/tcp # Linux Network Block Device 270 | zabbix-agent 10050/tcp # Zabbix Agent 271 | zabbix-trapper 10051/tcp # Zabbix Trapper 272 | amanda 10080/tcp # amanda backup services 273 | dicom 11112/tcp 274 | hkp 11371/tcp # OpenPGP HTTP Keyserver 275 | db-lsp 17500/tcp # Dropbox LanSync Protocol 276 | dcap 22125/tcp # dCache Access Protocol 277 | gsidcap 22128/tcp # GSI dCache Access Protocol 278 | wnn6 22273/tcp # wnn6 279 | 280 | # 281 | # Datagram Delivery Protocol services 282 | # 283 | rtmp 1/ddp # Routing Table Maintenance Protocol 284 | nbp 2/ddp # Name Binding Protocol 285 | echo 4/ddp # AppleTalk Echo Protocol 286 | zip 6/ddp # Zone Information Protocol 287 | 288 | #========================================================================= 289 | # The remaining port numbers are not as allocated by IANA. 290 | #========================================================================= 291 | 292 | # Kerberos (Project Athena/MIT) services 293 | kerberos4 750/udp kerberos-iv kdc # Kerberos (server) 294 | kerberos4 750/tcp kerberos-iv kdc 295 | kerberos-master 751/udp kerberos_master # Kerberos authentication 296 | kerberos-master 751/tcp 297 | passwd-server 752/udp passwd_server # Kerberos passwd server 298 | krb-prop 754/tcp krb_prop krb5_prop hprop # Kerberos slave propagation 299 | zephyr-srv 2102/udp # Zephyr server 300 | zephyr-clt 2103/udp # Zephyr serv-hm connection 301 | zephyr-hm 2104/udp # Zephyr hostmanager 302 | iprop 2121/tcp # incremental propagation 303 | supfilesrv 871/tcp # Software Upgrade Protocol server 304 | supfiledbg 1127/tcp # Software Upgrade Protocol debugging 305 | 306 | # 307 | # Services added for the Debian GNU/Linux distribution 308 | # 309 | poppassd 106/tcp # Eudora 310 | moira-db 775/tcp moira_db # Moira database 311 | moira-update 777/tcp moira_update # Moira update protocol 312 | moira-ureg 779/udp moira_ureg # Moira user registration 313 | spamd 783/tcp # spamassassin daemon 314 | skkserv 1178/tcp # skk jisho server port 315 | predict 1210/udp # predict -- satellite tracking 316 | rmtcfg 1236/tcp # Gracilis Packeten remote config server 317 | xtel 1313/tcp # french minitel 318 | xtelw 1314/tcp # french minitel 319 | zebrasrv 2600/tcp # zebra service 320 | zebra 2601/tcp # zebra vty 321 | ripd 2602/tcp # ripd vty (zebra) 322 | ripngd 2603/tcp # ripngd vty (zebra) 323 | ospfd 2604/tcp # ospfd vty (zebra) 324 | bgpd 2605/tcp # bgpd vty (zebra) 325 | ospf6d 2606/tcp # ospf6d vty (zebra) 326 | ospfapi 2607/tcp # OSPF-API 327 | isisd 2608/tcp # ISISd vty (zebra) 328 | fax 4557/tcp # FAX transmission service (old) 329 | hylafax 4559/tcp # HylaFAX client-server protocol (new) 330 | munin 4949/tcp lrrd # Munin 331 | rplay 5555/udp # RPlay audio service 332 | nrpe 5666/tcp # Nagios Remote Plugin Executor 333 | nsca 5667/tcp # Nagios Agent - NSCA 334 | canna 5680/tcp # cannaserver 335 | syslog-tls 6514/tcp # Syslog over TLS [RFC5425] 336 | sane-port 6566/tcp sane saned # SANE network scanner daemon 337 | ircd 6667/tcp # Internet Relay Chat 338 | zope-ftp 8021/tcp # zope management by ftp 339 | tproxy 8081/tcp # Transparent Proxy 340 | omniorb 8088/tcp # OmniORB 341 | clc-build-daemon 8990/tcp # Common lisp build daemon 342 | xinetd 9098/tcp 343 | git 9418/tcp # Git Version Control System 344 | zope 9673/tcp # zope server 345 | webmin 10000/tcp 346 | kamanda 10081/tcp # amanda backup services (Kerberos) 347 | amandaidx 10082/tcp # amanda backup services 348 | amidxtape 10083/tcp # amanda backup services 349 | sgi-cmsd 17001/udp # Cluster membership services daemon 350 | sgi-crsd 17002/udp 351 | sgi-gcd 17003/udp # SGI Group membership daemon 352 | sgi-cad 17004/tcp # Cluster Admin daemon 353 | binkp 24554/tcp # binkp fidonet protocol 354 | asp 27374/tcp # Address Search Protocol 355 | asp 27374/udp 356 | csync2 30865/tcp # cluster synchronization tool 357 | dircproxy 57000/tcp # Detachable IRC Proxy 358 | tfido 60177/tcp # fidonet EMSI over telnet 359 | fido 60179/tcp # fidonet EMSI over TCP 360 | 361 | # Local services 362 | -------------------------------------------------------------------------------- /ships/namp/usr/pkg/etc/httpd/httpd.conf: -------------------------------------------------------------------------------- 1 | # 2 | # This is the main Apache HTTP server configuration file. It contains the 3 | # configuration directives that give the server its instructions. 4 | # See for detailed information. 5 | # In particular, see 6 | # 7 | # for a discussion of each configuration directive. 8 | # 9 | # Do NOT simply read the instructions in here without understanding 10 | # what they do. They're here only as hints or reminders. If you are unsure 11 | # consult the online docs. You have been warned. 12 | # 13 | # Configuration and logfile names: If the filenames you specify for many 14 | # of the server's control files begin with "/" (or "drive:/" for Win32), the 15 | # server will use that explicit path. If the filenames do *not* begin 16 | # with "/", the value of ServerRoot is prepended -- so "/var/log/httpd/access_log" 17 | # with ServerRoot set to "/usr/local/apache2" will be interpreted by the 18 | # server as "/usr/local/apache2//var/log/httpd/access_log", whereas "//var/log/httpd/access_log" 19 | # will be interpreted as '//var/log/httpd/access_log'. 20 | 21 | # 22 | # ServerRoot: The top of the directory tree under which the server's 23 | # configuration, error, and log files are kept. 24 | # 25 | # Do not add a slash at the end of the directory path. If you point 26 | # ServerRoot at a non-local disk, be sure to specify a local disk on the 27 | # Mutex directive, if file-based mutexes are used. If you wish to share the 28 | # same ServerRoot for multiple httpd daemons, you will need to change at 29 | # least PidFile. 30 | # 31 | ServerRoot "/usr/pkg" 32 | 33 | # 34 | # Mutex: Allows you to set the mutex mechanism and mutex file directory 35 | # for individual mutexes, or change the global defaults 36 | # 37 | # Uncomment and change the directory if mutexes are file-based and the default 38 | # mutex file directory is not on a local disk or is not appropriate for some 39 | # other reason. 40 | # 41 | # Mutex default:/var/run 42 | 43 | # 44 | # Listen: Allows you to bind Apache to specific IP addresses and/or 45 | # ports, instead of the default. See also the 46 | # directive. 47 | # 48 | # Change this to Listen on specific IP addresses as shown below to 49 | # prevent Apache from glomming onto all bound IP addresses. 50 | # 51 | #Listen 12.34.56.78:80 52 | Listen 0.0.0.0:2080 53 | 54 | # 55 | # Dynamic Shared Object (DSO) Support 56 | # 57 | # To be able to use the functionality of a module which was built as a DSO you 58 | # have to place corresponding `LoadModule' lines at this location so the 59 | # directives contained in it are actually available _before_ they are used. 60 | # Statically compiled modules (those listed by `httpd -l') do not need 61 | # to be loaded here. 62 | # 63 | # Example: 64 | # LoadModule foo_module modules/mod_foo.so 65 | # 66 | LoadModule authn_file_module lib/httpd/mod_authn_file.so 67 | #LoadModule authn_dbm_module lib/httpd/mod_authn_dbm.so 68 | #LoadModule authn_anon_module lib/httpd/mod_authn_anon.so 69 | #LoadModule authn_dbd_module lib/httpd/mod_authn_dbd.so 70 | #LoadModule authn_socache_module lib/httpd/mod_authn_socache.so 71 | LoadModule authn_core_module lib/httpd/mod_authn_core.so 72 | LoadModule authz_host_module lib/httpd/mod_authz_host.so 73 | LoadModule authz_groupfile_module lib/httpd/mod_authz_groupfile.so 74 | LoadModule authz_user_module lib/httpd/mod_authz_user.so 75 | #LoadModule authz_dbm_module lib/httpd/mod_authz_dbm.so 76 | #LoadModule authz_owner_module lib/httpd/mod_authz_owner.so 77 | #LoadModule authz_dbd_module lib/httpd/mod_authz_dbd.so 78 | LoadModule authz_core_module lib/httpd/mod_authz_core.so 79 | LoadModule access_compat_module lib/httpd/mod_access_compat.so 80 | LoadModule auth_basic_module lib/httpd/mod_auth_basic.so 81 | #LoadModule auth_form_module lib/httpd/mod_auth_form.so 82 | #LoadModule auth_digest_module lib/httpd/mod_auth_digest.so 83 | #LoadModule allowmethods_module lib/httpd/mod_allowmethods.so 84 | #LoadModule file_cache_module lib/httpd/mod_file_cache.so 85 | #LoadModule cache_module lib/httpd/mod_cache.so 86 | #LoadModule cache_disk_module lib/httpd/mod_cache_disk.so 87 | #LoadModule cache_socache_module lib/httpd/mod_cache_socache.so 88 | #LoadModule socache_shmcb_module lib/httpd/mod_socache_shmcb.so 89 | #LoadModule socache_dbm_module lib/httpd/mod_socache_dbm.so 90 | #LoadModule socache_memcache_module lib/httpd/mod_socache_memcache.so 91 | #LoadModule watchdog_module lib/httpd/mod_watchdog.so 92 | #LoadModule macro_module lib/httpd/mod_macro.so 93 | #LoadModule dbd_module lib/httpd/mod_dbd.so 94 | #LoadModule dumpio_module lib/httpd/mod_dumpio.so 95 | #LoadModule echo_module lib/httpd/mod_echo.so 96 | #LoadModule buffer_module lib/httpd/mod_buffer.so 97 | #LoadModule data_module lib/httpd/mod_data.so 98 | #LoadModule ratelimit_module lib/httpd/mod_ratelimit.so 99 | LoadModule reqtimeout_module lib/httpd/mod_reqtimeout.so 100 | #LoadModule ext_filter_module lib/httpd/mod_ext_filter.so 101 | #LoadModule request_module lib/httpd/mod_request.so 102 | #LoadModule include_module lib/httpd/mod_include.so 103 | LoadModule filter_module lib/httpd/mod_filter.so 104 | #LoadModule reflector_module lib/httpd/mod_reflector.so 105 | #LoadModule substitute_module lib/httpd/mod_substitute.so 106 | #LoadModule sed_module lib/httpd/mod_sed.so 107 | #LoadModule charset_lite_module lib/httpd/mod_charset_lite.so 108 | #LoadModule deflate_module lib/httpd/mod_deflate.so 109 | LoadModule mime_module lib/httpd/mod_mime.so 110 | LoadModule log_config_module lib/httpd/mod_log_config.so 111 | #LoadModule log_debug_module lib/httpd/mod_log_debug.so 112 | #LoadModule log_forensic_module lib/httpd/mod_log_forensic.so 113 | #LoadModule logio_module lib/httpd/mod_logio.so 114 | LoadModule env_module lib/httpd/mod_env.so 115 | #LoadModule mime_magic_module lib/httpd/mod_mime_magic.so 116 | #LoadModule expires_module lib/httpd/mod_expires.so 117 | LoadModule headers_module lib/httpd/mod_headers.so 118 | #LoadModule usertrack_module lib/httpd/mod_usertrack.so 119 | #LoadModule unique_id_module lib/httpd/mod_unique_id.so 120 | LoadModule setenvif_module lib/httpd/mod_setenvif.so 121 | LoadModule version_module lib/httpd/mod_version.so 122 | #LoadModule remoteip_module lib/httpd/mod_remoteip.so 123 | #LoadModule proxy_module lib/httpd/mod_proxy.so 124 | #LoadModule proxy_connect_module lib/httpd/mod_proxy_connect.so 125 | #LoadModule proxy_ftp_module lib/httpd/mod_proxy_ftp.so 126 | #LoadModule proxy_http_module lib/httpd/mod_proxy_http.so 127 | #LoadModule proxy_fcgi_module lib/httpd/mod_proxy_fcgi.so 128 | #LoadModule proxy_scgi_module lib/httpd/mod_proxy_scgi.so 129 | #LoadModule proxy_fdpass_module lib/httpd/mod_proxy_fdpass.so 130 | #LoadModule proxy_wstunnel_module lib/httpd/mod_proxy_wstunnel.so 131 | #LoadModule proxy_ajp_module lib/httpd/mod_proxy_ajp.so 132 | #LoadModule proxy_balancer_module lib/httpd/mod_proxy_balancer.so 133 | #LoadModule proxy_express_module lib/httpd/mod_proxy_express.so 134 | #LoadModule session_module lib/httpd/mod_session.so 135 | #LoadModule session_cookie_module lib/httpd/mod_session_cookie.so 136 | #LoadModule session_dbd_module lib/httpd/mod_session_dbd.so 137 | #LoadModule slotmem_shm_module lib/httpd/mod_slotmem_shm.so 138 | #LoadModule slotmem_plain_module lib/httpd/mod_slotmem_plain.so 139 | #LoadModule ssl_module lib/httpd/mod_ssl.so 140 | #LoadModule dialup_module lib/httpd/mod_dialup.so 141 | #LoadModule lbmethod_byrequests_module lib/httpd/mod_lbmethod_byrequests.so 142 | #LoadModule lbmethod_bytraffic_module lib/httpd/mod_lbmethod_bytraffic.so 143 | #LoadModule lbmethod_bybusyness_module lib/httpd/mod_lbmethod_bybusyness.so 144 | #LoadModule lbmethod_heartbeat_module lib/httpd/mod_lbmethod_heartbeat.so 145 | #LoadModule mpm_event_module lib/httpd/mod_mpm_event.so 146 | LoadModule mpm_prefork_module lib/httpd/mod_mpm_prefork.so 147 | #LoadModule mpm_worker_module lib/httpd/mod_mpm_worker.so 148 | LoadModule unixd_module lib/httpd/mod_unixd.so 149 | #LoadModule heartbeat_module lib/httpd/mod_heartbeat.so 150 | #LoadModule heartmonitor_module lib/httpd/mod_heartmonitor.so 151 | #LoadModule dav_module lib/httpd/mod_dav.so 152 | LoadModule status_module lib/httpd/mod_status.so 153 | LoadModule autoindex_module lib/httpd/mod_autoindex.so 154 | #LoadModule asis_module lib/httpd/mod_asis.so 155 | #LoadModule info_module lib/httpd/mod_info.so 156 | #LoadModule cgid_module lib/httpd/mod_cgid.so 157 | #LoadModule dav_fs_module lib/httpd/mod_dav_fs.so 158 | #LoadModule dav_lock_module lib/httpd/mod_dav_lock.so 159 | #LoadModule vhost_alias_module lib/httpd/mod_vhost_alias.so 160 | #LoadModule negotiation_module lib/httpd/mod_negotiation.so 161 | LoadModule dir_module lib/httpd/mod_dir.so 162 | #LoadModule actions_module lib/httpd/mod_actions.so 163 | #LoadModule speling_module lib/httpd/mod_speling.so 164 | #LoadModule userdir_module lib/httpd/mod_userdir.so 165 | LoadModule alias_module lib/httpd/mod_alias.so 166 | #LoadModule rewrite_module lib/httpd/mod_rewrite.so 167 | LoadModule php5_module lib/httpd/mod_php5.so 168 | 169 | SetHandler application/x-httpd-php 170 | 171 | 172 | 173 | 174 | # 175 | # If you wish httpd to run as a different user or group, you must run 176 | # httpd as root initially and it will switch. 177 | # 178 | # User/Group: The name (or #number) of the user/group to run httpd as. 179 | # It is usually good practice to create a dedicated user and group for 180 | # running httpd, as with most system services. 181 | # 182 | User www 183 | Group www 184 | 185 | 186 | 187 | # 'Main' server configuration 188 | # 189 | # The directives in this section set up the values used by the 'main' 190 | # server, which responds to any requests that aren't handled by a 191 | # definition. These values also provide defaults for 192 | # any containers you may define later in the file. 193 | # 194 | # All of these directives may appear inside containers, 195 | # in which case these default settings will be overridden for the 196 | # virtual host being defined. 197 | # 198 | 199 | # 200 | # ServerAdmin: Your address, where problems with the server should be 201 | # e-mailed. This address appears on some server-generated pages, such 202 | # as error documents. e.g. admin@your-domain.com 203 | # 204 | ServerAdmin you@example.com 205 | 206 | # 207 | # ServerName gives the name and port that the server uses to identify itself. 208 | # This can often be determined automatically, but we recommend you specify 209 | # it explicitly to prevent problems during startup. 210 | # 211 | # If your host doesn't have a registered DNS name, enter its IP address here. 212 | # 213 | #ServerName www.example.com:80 214 | 215 | # 216 | # Deny access to the entirety of your server's filesystem. You must 217 | # explicitly permit access to web content directories in other 218 | # blocks below. 219 | # 220 | 221 | AllowOverride none 222 | Require all denied 223 | 224 | 225 | # 226 | # Note that from this point forward you must specifically allow 227 | # particular features to be enabled - so if something's not working as 228 | # you might expect, make sure that you have specifically enabled it 229 | # below. 230 | # 231 | 232 | # 233 | # DocumentRoot: The directory out of which you will serve your 234 | # documents. By default, all requests are taken from this directory, but 235 | # symbolic links and aliases may be used to point to other locations. 236 | # 237 | DocumentRoot "/usr/pkg/share/httpd/htdocs" 238 | 239 | # 240 | # Possible values for the Options directive are "None", "All", 241 | # or any combination of: 242 | # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews 243 | # 244 | # Note that "MultiViews" must be named *explicitly* --- "Options All" 245 | # doesn't give it to you. 246 | # 247 | # The Options directive is both complicated and important. Please see 248 | # http://httpd.apache.org/docs/2.4/mod/core.html#options 249 | # for more information. 250 | # 251 | Options Indexes FollowSymLinks 252 | 253 | # 254 | # AllowOverride controls what directives may be placed in .htaccess files. 255 | # It can be "All", "None", or any combination of the keywords: 256 | # AllowOverride FileInfo AuthConfig Limit 257 | # 258 | AllowOverride None 259 | 260 | # 261 | # Controls who can get stuff from this server. 262 | # 263 | Require all granted 264 | 265 | 266 | # 267 | # DirectoryIndex: sets the file that Apache will serve if a directory 268 | # is requested. 269 | # 270 | 271 | DirectoryIndex index.html 272 | 273 | 274 | # 275 | # The following lines prevent .htaccess and .htpasswd files from being 276 | # viewed by Web clients. 277 | # 278 | 279 | Require all denied 280 | 281 | 282 | # 283 | # ErrorLog: The location of the error log file. 284 | # If you do not specify an ErrorLog directive within a 285 | # container, error messages relating to that virtual host will be 286 | # logged here. If you *do* define an error logfile for a 287 | # container, that host's errors will be logged there and not here. 288 | # 289 | ErrorLog "/var/log/httpd/error_log" 290 | 291 | # 292 | # LogLevel: Control the number of messages logged to the error_log. 293 | # Possible values include: debug, info, notice, warn, error, crit, 294 | # alert, emerg. 295 | # 296 | LogLevel warn 297 | 298 | 299 | # 300 | # The following directives define some format nicknames for use with 301 | # a CustomLog directive (see below). 302 | # 303 | LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined 304 | LogFormat "%h %l %u %t \"%r\" %>s %b" common 305 | 306 | 307 | # You need to enable mod_logio.c to use %I and %O 308 | LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio 309 | 310 | 311 | # 312 | # The location and format of the access logfile (Common Logfile Format). 313 | # If you do not define any access logfiles within a 314 | # container, they will be logged here. Contrariwise, if you *do* 315 | # define per- access logfiles, transactions will be 316 | # logged therein and *not* in this file. 317 | # 318 | CustomLog "/var/log/httpd/access_log" common 319 | 320 | # 321 | # If you prefer a logfile with access, agent, and referer information 322 | # (Combined Logfile Format) you can use the following directive. 323 | # 324 | #CustomLog "/var/log/httpd/access_log" combined 325 | 326 | 327 | 328 | # 329 | # Redirect: Allows you to tell clients about documents that used to 330 | # exist in your server's namespace, but do not anymore. The client 331 | # will make a new request for the document at its new location. 332 | # Example: 333 | # Redirect permanent /foo http://www.example.com/bar 334 | 335 | # 336 | # Alias: Maps web paths into filesystem paths and is used to 337 | # access content that does not live under the DocumentRoot. 338 | # Example: 339 | # Alias /webpath /full/filesystem/path 340 | # 341 | # If you include a trailing / on /webpath then the server will 342 | # require it to be present in the URL. You will also likely 343 | # need to provide a section to allow access to 344 | # the filesystem path. 345 | 346 | # 347 | # ScriptAlias: This controls which directories contain server scripts. 348 | # ScriptAliases are essentially the same as Aliases, except that 349 | # documents in the target directory are treated as applications and 350 | # run by the server when requested rather than as documents sent to the 351 | # client. The same rules about trailing "/" apply to ScriptAlias 352 | # directives as to Alias. 353 | # 354 | ScriptAlias /cgi-bin/ "/usr/pkg/libexec/cgi-bin/" 355 | 356 | 357 | 358 | 359 | # 360 | # ScriptSock: On threaded servers, designate the path to the UNIX 361 | # socket used to communicate with the CGI daemon of mod_cgid. 362 | # 363 | #Scriptsock cgisock 364 | 365 | 366 | # 367 | # "/usr/pkg/libexec/cgi-bin" should be changed to whatever your ScriptAliased 368 | # CGI directory exists, if you have that configured. 369 | # 370 | 371 | AllowOverride None 372 | Options None 373 | Require all granted 374 | 375 | 376 | 377 | # 378 | # TypesConfig points to the file containing the list of mappings from 379 | # filename extension to MIME-type. 380 | # 381 | TypesConfig etc/httpd/mime.types 382 | 383 | # 384 | # AddType allows you to add to or override the MIME configuration 385 | # file specified in TypesConfig for specific file types. 386 | # 387 | #AddType application/x-gzip .tgz 388 | # 389 | # AddEncoding allows you to have certain browsers uncompress 390 | # information on the fly. Note: Not all browsers support this. 391 | # 392 | #AddEncoding x-compress .Z 393 | #AddEncoding x-gzip .gz .tgz 394 | # 395 | # If the AddEncoding directives above are commented-out, then you 396 | # probably should define those extensions to indicate media types: 397 | # 398 | AddType application/x-compress .Z 399 | AddType application/x-gzip .gz .tgz 400 | 401 | # 402 | # AddHandler allows you to map certain file extensions to "handlers": 403 | # actions unrelated to filetype. These can be either built into the server 404 | # or added with the Action directive (see below) 405 | # 406 | # To use CGI scripts outside of ScriptAliased directories: 407 | # (You will also need to add "ExecCGI" to the "Options" directive.) 408 | # 409 | #AddHandler cgi-script .cgi 410 | 411 | # For type maps (negotiated resources): 412 | #AddHandler type-map var 413 | 414 | # 415 | # Filters allow you to process content before it is sent to the client. 416 | # 417 | # To parse .shtml files for server-side includes (SSI): 418 | # (You will also need to add "Includes" to the "Options" directive.) 419 | # 420 | #AddType text/html .shtml 421 | #AddOutputFilter INCLUDES .shtml 422 | 423 | 424 | # 425 | # The mod_mime_magic module allows the server to use various hints from the 426 | # contents of the file itself to determine its type. The MIMEMagicFile 427 | # directive tells the module where the hint definitions are located. 428 | # 429 | #MIMEMagicFile etc/httpd/magic 430 | 431 | # 432 | # Customizable error responses come in three flavors: 433 | # 1) plain text 2) local redirects 3) external redirects 434 | # 435 | # Some examples: 436 | #ErrorDocument 500 "The server made a boo boo." 437 | #ErrorDocument 404 /missing.html 438 | #ErrorDocument 404 "/cgi-bin/missing_handler.pl" 439 | #ErrorDocument 402 http://www.example.com/subscription_info.html 440 | # 441 | 442 | # 443 | # MaxRanges: Maximum number of Ranges in a request before 444 | # returning the entire resource, or one of the special 445 | # values 'default', 'none' or 'unlimited'. 446 | # Default setting is to accept 200 Ranges. 447 | #MaxRanges unlimited 448 | 449 | # 450 | # EnableMMAP and EnableSendfile: On systems that support it, 451 | # memory-mapping or the sendfile syscall may be used to deliver 452 | # files. This usually improves server performance, but must 453 | # be turned off when serving from networked-mounted 454 | # filesystems or if support for these functions is otherwise 455 | # broken on your system. 456 | # Defaults: EnableMMAP On, EnableSendfile Off 457 | # 458 | #EnableMMAP off 459 | #EnableSendfile on 460 | 461 | # Supplemental configuration 462 | # 463 | # The configuration files in the etc/httpd/extra/ directory can be 464 | # included to add extra features or to modify the default configuration of 465 | # the server, or you may simply copy their contents here and change as 466 | # necessary. 467 | 468 | # Server-pool management (MPM specific) 469 | #Include etc/httpd/httpd-mpm.conf 470 | 471 | # Multi-language error messages 472 | #Include etc/httpd/httpd-multilang-errordoc.conf 473 | 474 | # Fancy directory listings 475 | #Include etc/httpd/httpd-autoindex.conf 476 | 477 | # Language settings 478 | #Include etc/httpd/httpd-languages.conf 479 | 480 | # User home directories 481 | #Include etc/httpd/httpd-userdir.conf 482 | 483 | # Real-time info on requests and configuration 484 | #Include etc/httpd/httpd-info.conf 485 | 486 | # Virtual hosts 487 | #Include etc/httpd/httpd-vhosts.conf 488 | 489 | # Local access to the Apache HTTP Server Manual 490 | #Include etc/httpd/httpd-manual.conf 491 | 492 | # Distributed authoring and versioning (WebDAV) 493 | #Include etc/httpd/httpd-dav.conf 494 | 495 | # Various default settings 496 | #Include etc/httpd/httpd-default.conf 497 | 498 | # Configure mod_proxy_html to understand HTML4/XHTML1 499 | 500 | Include etc/httpd/proxy-html.conf 501 | 502 | 503 | # Secure (SSL/TLS) connections 504 | #Include etc/httpd/httpd-ssl.conf 505 | # 506 | # Note: The following must must be present to support 507 | # starting without SSL on platforms with no /dev/random equivalent 508 | # but a statically compiled-in mod_ssl. 509 | # 510 | 511 | SSLRandomSeed startup builtin 512 | SSLRandomSeed connect builtin 513 | 514 | # 515 | # uncomment out the below to deal with user agents that deliberately 516 | # violate open standards by misusing DNT (DNT *must* be a specific 517 | # end-user choice) 518 | # 519 | # 520 | #BrowserMatch "MSIE 10.0;" bad_DNT 521 | # 522 | # 523 | #RequestHeader unset DNT env=bad_DNT 524 | # 525 | 526 | -------------------------------------------------------------------------------- /ships/nginx/usr/pkg/etc/nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | 2 | user nginx nginx; 3 | worker_processes 1; 4 | 5 | events { 6 | # After increasing this value You probably should increase limit 7 | # of file descriptors (for example in start_precmd in startup script) 8 | worker_connections 1024; 9 | } 10 | 11 | 12 | http { 13 | include /usr/pkg/etc/nginx/mime.types; 14 | default_type application/octet-stream; 15 | 16 | #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 17 | # '$status $body_bytes_sent "$http_referer" ' 18 | # '"$http_user_agent" "$http_x_forwarded_for"'; 19 | 20 | #access_log /var/log/nginx/access.log main; 21 | 22 | sendfile on; 23 | #tcp_nopush on; 24 | 25 | #keepalive_timeout 0; 26 | keepalive_timeout 65; 27 | 28 | #gzip on; 29 | 30 | server { 31 | listen 1080; 32 | server_name localhost; 33 | 34 | #charset koi8-r; 35 | 36 | #access_log /var/log/nginx/host.access.log main; 37 | 38 | location / { 39 | root share/examples/nginx/html; 40 | index index.html index.htm; 41 | } 42 | 43 | #error_page 404 /404.html; 44 | 45 | # redirect server error pages to the static page /50x.html 46 | # 47 | error_page 500 502 503 504 /50x.html; 48 | location = /50x.html { 49 | root share/examples/nginx/html; 50 | } 51 | 52 | # proxy the PHP scripts to Apache listening on 127.0.0.1:80 53 | # 54 | #location ~ \.php$ { 55 | # proxy_pass http://127.0.0.1; 56 | #} 57 | 58 | # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 59 | # 60 | #location ~ \.php$ { 61 | # root html; 62 | # fastcgi_pass 127.0.0.1:9000; 63 | # fastcgi_index index.php; 64 | # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; 65 | # include /usr/pkg/etc/nginx/fastcgi_params; 66 | #} 67 | 68 | # deny access to .htaccess files, if Apache's document root 69 | # concurs with nginx's one 70 | # 71 | #location ~ /\.ht { 72 | # deny all; 73 | #} 74 | } 75 | 76 | 77 | # another virtual host using mix of IP-, name-, and port-based configuration 78 | # 79 | #server { 80 | # listen 8000; 81 | # listen somename:8080; 82 | # server_name somename alias another.alias; 83 | 84 | # location / { 85 | # root share/examples/nginx/html; 86 | # index index.html index.htm; 87 | # } 88 | #} 89 | 90 | 91 | # HTTPS server 92 | # 93 | #server { 94 | # listen 443 ssl; 95 | # server_name localhost; 96 | 97 | # ssl_certificate cert.pem; 98 | # ssl_certificate_key cert.key; 99 | 100 | # ssl_session_cache shared:SSL:1m; 101 | # ssl_session_timeout 5m; 102 | 103 | # ssl_ciphers HIGH:!aNULL:!MD5; 104 | # ssl_prefer_server_ciphers on; 105 | 106 | # location / { 107 | # root share/examples/nginx/html; 108 | # index index.html index.htm; 109 | # } 110 | #} 111 | 112 | } 113 | -------------------------------------------------------------------------------- /ships/nginxflaskapi/PREFIX/etc/nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | user nginx nginx; 2 | worker_processes 1; 3 | error_log /var/log/nginx/error.log; 4 | 5 | events { 6 | worker_connections 1024; 7 | } 8 | 9 | http { 10 | include mime.types; 11 | default_type text/plain; 12 | sendfile on; 13 | keepalive_timeout 65; 14 | 15 | include sites/*; 16 | } 17 | -------------------------------------------------------------------------------- /ships/nginxflaskapi/PREFIX/etc/nginx/sites/localhost: -------------------------------------------------------------------------------- 1 | server { 2 | listen 1080; 3 | 4 | server_name localhost; 5 | 6 | location / { 7 | proxy_pass http://localhost:8000; 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /ships/nginxflaskapi/var/flask/example.py: -------------------------------------------------------------------------------- 1 | # example from http://www.flaskapi.org/ 2 | 3 | from flask import request, url_for 4 | from flask.ext.api import FlaskAPI, status, exceptions 5 | 6 | app = FlaskAPI(__name__) 7 | 8 | 9 | notes = { 10 | 0: 'do the shopping', 11 | 1: 'build the codez', 12 | 2: 'paint the door', 13 | } 14 | 15 | def note_repr(key): 16 | return { 17 | 'url': request.host_url.rstrip('/') + url_for('notes_detail', key=key), 18 | 'text': notes[key] 19 | } 20 | 21 | 22 | @app.route("/", methods=['GET', 'POST']) 23 | def notes_list(): 24 | """ 25 | List or create notes. 26 | """ 27 | if request.method == 'POST': 28 | note = str(request.data.get('text', '')) 29 | idx = max(notes.keys()) + 1 30 | notes[idx] = note 31 | return note_repr(idx), status.HTTP_201_CREATED 32 | 33 | # request.method == 'GET' 34 | return [note_repr(idx) for idx in sorted(notes.keys())] 35 | 36 | 37 | @app.route("//", methods=['GET', 'PUT', 'DELETE']) 38 | def notes_detail(key): 39 | """ 40 | Retrieve, update or delete note instances. 41 | """ 42 | if request.method == 'PUT': 43 | note = str(request.data.get('text', '')) 44 | notes[key] = note 45 | return note_repr(key) 46 | 47 | elif request.method == 'DELETE': 48 | notes.pop(key, None) 49 | return '', status.HTTP_204_NO_CONTENT 50 | 51 | # request.method == 'GET' 52 | if key not in notes: 53 | raise exceptions.NotFound() 54 | return note_repr(key) 55 | 56 | 57 | if __name__ == "__main__": 58 | app.run(debug=True) 59 | -------------------------------------------------------------------------------- /ships/nginxnode/PREFIX/etc/nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | user nginx nginx; 2 | worker_processes 1; 3 | error_log /var/log/nginx/error.log; 4 | 5 | events { 6 | worker_connections 1024; 7 | } 8 | 9 | http { 10 | include mime.types; 11 | default_type text/plain; 12 | sendfile on; 13 | keepalive_timeout 65; 14 | 15 | include sites/*; 16 | } 17 | -------------------------------------------------------------------------------- /ships/nginxnode/PREFIX/etc/nginx/sites/localhost: -------------------------------------------------------------------------------- 1 | server { 2 | listen 1080; 3 | 4 | server_name localhost; 5 | 6 | location / { 7 | proxy_pass http://localhost:8080; 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /ships/nginxnode/var/node/hello.js: -------------------------------------------------------------------------------- 1 | var http = require('http'); 2 | http.createServer(function (req, res) { 3 | res.writeHead(200, {'Content-Type': 'text/plain'}); 4 | res.end('Hello from inside the chroot!\n'); 5 | }).listen(8080, 'localhost'); 6 | console.log('Server running at http://localhost:8080/'); 7 | -------------------------------------------------------------------------------- /ships/nginxphp/PREFIX/etc/nginx/fastcgi_phpfpm: -------------------------------------------------------------------------------- 1 | fastcgi_pass unix:/tmp/fcgi-php.sock; 2 | fastcgi_index index.php; 3 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 4 | fastcgi_buffers 256 4k; 5 | -------------------------------------------------------------------------------- /ships/nginxphp/PREFIX/etc/nginx/global.conf: -------------------------------------------------------------------------------- 1 | listen 1080; 2 | 3 | location = /favicon.ico { 4 | log_not_found off; 5 | access_log off; 6 | } 7 | 8 | location = /robots.txt { 9 | allow all; 10 | log_not_found off; 11 | access_log off; 12 | } 13 | 14 | location ~ /\.ht.* { 15 | deny all; 16 | } 17 | 18 | location ~* /(?:uploads|files)/.*\.php$ { 19 | deny all; 20 | } 21 | -------------------------------------------------------------------------------- /ships/nginxphp/PREFIX/etc/nginx/logs.conf: -------------------------------------------------------------------------------- 1 | access_log /var/log/nginx/$host.access_log; 2 | -------------------------------------------------------------------------------- /ships/nginxphp/PREFIX/etc/nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | user nginx nginx; 2 | worker_processes 1; 3 | error_log /var/log/nginx/error.log; 4 | 5 | events { 6 | worker_connections 1024; 7 | } 8 | 9 | http { 10 | include mime.types; 11 | default_type text/plain; 12 | sendfile on; 13 | keepalive_timeout 65; 14 | 15 | include sites/*; 16 | } 17 | -------------------------------------------------------------------------------- /ships/nginxphp/PREFIX/etc/nginx/php.conf: -------------------------------------------------------------------------------- 1 | client_max_body_size 20M; 2 | 3 | include logs.conf; 4 | include global.conf; 5 | 6 | location / { 7 | index index.php index.html; 8 | try_files $uri $uri/ /index.php?$args; 9 | } 10 | 11 | location ~ \.php$ { 12 | include fastcgi_params; 13 | include fastcgi_phpfpm; 14 | } 15 | -------------------------------------------------------------------------------- /ships/nginxphp/PREFIX/etc/nginx/sites/localhost: -------------------------------------------------------------------------------- 1 | server { 2 | server_name localhost; 3 | root /var/www/php; 4 | 5 | include php.conf; 6 | } 7 | -------------------------------------------------------------------------------- /ships/nginxphp/PREFIX/etc/php-fpm.conf: -------------------------------------------------------------------------------- 1 | pid = run/php-fpm.pid 2 | 3 | [www] 4 | user = nginx 5 | group = nginx 6 | listen = /tmp/fcgi-php.sock 7 | listen = /tmp/fcgi-php.sock 8 | listen.owner = nginx 9 | listen.group = nginx 10 | 11 | pm = dynamic 12 | pm.max_children = 5 13 | pm.start_servers = 2 14 | pm.min_spare_servers = 1 15 | pm.max_spare_servers = 3 16 | -------------------------------------------------------------------------------- /ships/nginxphp/PREFIX/etc/php.d/extensions.ini: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NetBSDfr/sailor/3eeedf82410b3f92e687867c5e879f592cbd06f1/ships/nginxphp/PREFIX/etc/php.d/extensions.ini -------------------------------------------------------------------------------- /ships/nginxphp/var/www/php/index.php: -------------------------------------------------------------------------------- 1 | 2 | --------------------------------------------------------------------------------