% vim conf/gitolite.conf
% git commit
% ../../vm_remote gitolite_push
+TASK: configurer une zone DNS
+ % vm runit_configure nsd3 -- heureux-cyclage.org
+TASK: configurer un membre du groupe php5-fpm
+ % vm runit_configure nginx -- lhc-www
+TASK: configurer un site nginx
+ % vm runit_configure nginx -- www.heureux-cyclage.org
rule apt_get_install gitweb highlight
-sudo adduser www-data git-data
+#sudo adduser www-data git-data
sudo adduser www-"$site"-tls www-"$site"
--- /dev/null
+local hint="run vm_remote nginx_configure before"
+assert "sudo test -f /etc/nginx/x509.d/\"$site\"/key.pem" hint
+sudo install -m 664 -o www -g www \
+ "$tool"/var/pub/x509/sympa.heureux-cyclage.org/crt+ca.pem \
+ /etc/nginx/x509.d/"$site"/crt.pem
--- /dev/null
+listen 443;
+include /etc/nginx/conf.d/ssl.conf;
+ssl_certificate /etc/nginx/x509.d/sympa/crt.pem;
+ssl_certificate_key /etc/nginx/x509.d/sympa/key.pem;
+ssl_session_timeout 5m;
--- /dev/null
+server_name sympa.heureux-cyclage.org;
+
+client_body_buffer_size 8k;
+client_max_body_size 10m;
+location /static-sympa {
+ alias /var/lib/sympa/static_content;
+ }
+location ~ /\. {
+ access_log off;
+ deny all;
+ log_not_found off;
+ }
+location / {
+ index index.html index.htm;
+ include /etc/nginx/conf.d/fastcgi.conf;
+ set $no_cache "0";
+ if ($request_method !~ ^(GET|HEAD)$) {
+ # NOTE: if non GET/HEAD, don't cache and mark user as uncacheable for 1 second via cookie.
+ set $no_cache "1";
+ }
+ if ($no_cache = "1") {
+ # NOTE: drop no cache cookie if need be (for some reason, add_header fails if included in prior if-block).
+ add_header Set-Cookie "_mcnc=1; Max-Age=2; Path=/";
+ add_header X-Microcachable "0";
+ }
+ if ($http_cookie ~* "_mcnc") {
+ # NOTE: bypass cache if no-cache cookie is set.
+ set $no_cache "1";
+ }
+ fastcgi_cache_bypass $no_cache;
+ fastcgi_cache_use_stale updating;
+ fastcgi_cache_valid 200 10s;
+ fastcgi_cache_valid 404 30m;
+ fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
+ fastcgi_max_temp_file_size 2M;
+ fastcgi_no_cache $no_cache;
+ fastcgi_param PATH_INFO $uri;
+
+ fastcgi_pass_header Cookie;
+ fastcgi_pass_header Set-Cookie;
+ fastcgi_split_path_info ^(.+\.cgi)(/.+)$;
+
+ fastcgi_pass unix:/run/spawn-fcgi/sympa;
+ }
+
+# vim: ft=sh
--- /dev/null
+sympa.heureux-cyclage.org
# ipv6-edns-size: 4096
# logfile: "/var/log/nsd.log"
# nsid: "aabbccdd"
-pidfile: "/dev/null"
+pidfile: "/run/nsd3.pid"
+ # NOTE: utilisé par nsdc reload pour envoyer SIGHUP ou SIGUSR1,
+ # attention que SIGHUP fait changer le pid, et du coup fonctionne mal avec runsv
port: 53
rrl-ratelimit: 200
rrl-size: 10000
- # NOTE : rrl-size vaut 1000000 par défaut, et cela consomme ~40Mio de RAM..
+ # NOTE: rrl-size vaut 1000000 par défaut, et cela consomme ~40Mio de RAM..
# le RRL http://www.nlnetlabs.nl/blog/2012/10/11/nsd-ratelimit/
# n'est pas vraiment nécessaire pour nous,
# du coup on baisse un peu sa consommation.
define(`LAUTRENET_MX2_NAME', `mx2.lautre.net.')
divert(0)dnl
-; vim: ft=bindzone
-
$TTL 1d ; TTL (Time To Live) par défaut pour les enregistrements
; ENREGISTREMENT « SOA » (Start Of Authority).
)
; ENREGISTREMENTS « A » (DNS -> adresse IPv4)
-@ A IP4(LAUTRENET)
-ateliers A IP4(GRESILLE)
-bicloud A IP4(KIMSUFI)
-burette A IP4(KIMSUFI)
-cartes A IP4(LAUTRENET)
-demo.burette A IP4(KIMSUFI)
-formations A IP4(LAUTRENET)
-git A IP4(GRESILLE)
-imap A IP4(GRESILLE)
-mail A IP4(LAUTRENET)
-mx A IP4(GRESILLE)
-ns A IP4(GRESILLE)
-questionnaires 60 A IP4(KIMSUFI)
-remorque 60 A IP4(KIMSUFI)
-smtp A IP4(GRESILLE)
-stats 3600 A IP4(LAUTRENET)
-submission A IP4(GRESILLE)
-www A IP4(LAUTRENET)
+@ A IP4(LAUTRENET)
+ateliers A IP4(GRESILLE)
+bicloud A IP4(KIMSUFI)
+burette A IP4(KIMSUFI)
+cartes A IP4(LAUTRENET)
+demo.burette A IP4(KIMSUFI)
+formations A IP4(LAUTRENET)
+git A IP4(GRESILLE)
+imap A IP4(GRESILLE)
+mail A IP4(LAUTRENET)
+mx A IP4(GRESILLE)
+ns A IP4(GRESILLE)
+questionnaires 60 A IP4(KIMSUFI)
+remorque 60 A IP4(KIMSUFI)
+smtp A IP4(GRESILLE)
+stats 3600 A IP4(LAUTRENET)
+submission A IP4(GRESILLE)
+sympa A IP4(GRESILLE)
+www A IP4(LAUTRENET)
; ENREGISTREMENTS « CNAME » (Canonical NAME)
; NOTE : l'utilisation de CNAME n'est judicieuse que si la ressource pointée
define(`LAUTRENET_MX2_NAME', `mx2.lautre.net.')
divert(0)dnl
-; vim: ft=bindzone
-
$TTL 1d ; TTL (Time To Live) par défaut pour les enregistrements
; ENREGISTREMENT « SOA » (Start Of Authority).
[ extensions ]
basicConstraints = critical,CA:TRUE,pathlen:0
keyUsage = keyCertSign,cRLSign,digitalSignature,keyEncipherment
- subjectAltName = email:contact+$SERVICE@$ENV::x509_host,DNS:$SERVICE.$ENV::x509_host,DNS:$ENV::x509_host
+ subjectAltName = email:contact+$SERVICE@$ENV::x509_host,DNS:$SERVICE.$ENV::x509_host
subjectKeyIdentifier = hash
issuerAltName = issuer:copy
authorityKeyIdentifier = keyid:always,issuer:always
[ self_signed_extensions ]
basicConstraints = critical,CA:TRUE,pathlen:0
keyUsage = keyCertSign,cRLSign,digitalSignature,keyEncipherment
- subjectAltName = email:contact+$SERVICE@$ENV::x509_host,DNS:$SERVICE.$ENV::x509_host,DNS:$ENV::x509_host
+ subjectAltName = email:contact+$SERVICE@$ENV::x509_host,DNS:$SERVICE.$ENV::x509_host
subjectKeyIdentifier = hash
issuerAltName = issuer:copy
authorityKeyIdentifier = keyid:always,issuer:always
- SERVICE = www
+ SERVICE = stats
HOME = .
RANDFILE = var/sec/x509/openssl.rand
[ req ]
stateOrProvinceName = $ENV::STATE_OR_PROVINCE
#localityName =
0.organizationName = $ENV::ORGANIZATION
- organizationalUnitName = Certificat utilisateurice du service Web
+ organizationalUnitName = Certificat utilisateurice du service de statistiques
commonName = $ENV::USER
--- /dev/null
+../heureux-cyclage.org
\ No newline at end of file
--- /dev/null
+ SERVICE = sympa
+ RANDFILE = var/sec/x509/openssl.rand
+ oid_section = extra_oids
+[ extra_oids ]
+ # NOTE: pour une éventuelle validation étendue (Extended Validation (EV))
+ jurisdictionOfIncorporationLocalityName = 1.3.6.1.4.1.311.60.2.1.1
+ jurisdictionOfIncorporationStateOrProvinceName = 1.3.6.1.4.1.311.60.2.1.2
+ jurisdictionOfIncorporationCountryName = 1.3.6.1.4.1.311.60.2.1.3
+[ req ]
+ prompt = no
+ distinguished_name = distinguished_name
+ string_mask = pkix
+ #x509_extensions = root_extensions
+ #req_extensions = extension
+ #attributes = req_attributes
+[ distinguished_name ]
+ countryName = $ENV::x509_country
+ stateOrProvinceName = $ENV::x509_state_or_province
+ localityName = $ENV::x509_state_or_province
+ 0.organizationName = $ENV::x509_organization
+ organizationalUnitName = SYsteme de Multi-Postage Automatique
+ commonName = $SERVICE.$ENV::x509_host
+ businessCategory = $ENV::x509_business_category
+ jurisdictionOfIncorporationLocalityName = $ENV::x509_state_or_province
+ jurisdictionOfIncorporationStateOrProvinceName = $ENV::x509_state_or_province
+ jurisdictionOfIncorporationCountryName = $ENV::x509_country
+[ extensions ]
+ basicConstraints = critical,CA:TRUE,pathlen:0
+ keyUsage = keyCertSign,cRLSign,digitalSignature,keyEncipherment
+ subjectAltName = email:contact+$SERVICE@$ENV::x509_host,DNS:$SERVICE.$ENV::x509_host
+ subjectKeyIdentifier = hash
+ issuerAltName = issuer:copy
+ authorityKeyIdentifier = keyid:always,issuer:always
+ authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/x509/crt.pem
+ crlDistributionPoints = URI:http://www.$ENV::x509_host/x509/$SERVICE/crl.pem
+ certificatePolicies = @certificate_policies
+[ self_signed_extensions ]
+ basicConstraints = critical,CA:TRUE,pathlen:0
+ keyUsage = keyCertSign,cRLSign,digitalSignature,keyEncipherment
+ subjectAltName = email:contact+$SERVICE@$ENV::x509_host,DNS:$SERVICE.$ENV::x509_host
+ subjectKeyIdentifier = hash
+ issuerAltName = issuer:copy
+ authorityKeyIdentifier = keyid:always,issuer:always
+ authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/x509/$SERVICE/crt.pem
+ crlDistributionPoints = URI:http://www.$ENV::x509_host/x509/$SERVICE/crl.pem
+[ user_extensions ]
+ basicConstraints = critical,CA:FALSE,pathlen:0
+ keyUsage = digitalSignature,keyEncipherment
+ subjectAltName = email:$ENV::user@$ENV::x509_host
+ subjectKeyIdentifier = hash
+ issuerAltName = issuer:copy
+ authorityKeyIdentifier = keyid:always,issuer:always
+ authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/x509/$SERVICE/crt.pem
+[ certificate_policies ]
+ policyIdentifier = 1.2.250.1.42
+ CPS.1 = https://www.$ENV::x509_host/x509/cps
+[ ca ]
+ private_key = var/sec/x509/$ENV::x509/key.pem
+ dir = var/pub/x509/$ENV::x509
+ crl_dir = $dir
+ crlnumber = $dir/crl.num
+ crl = $dir/crl.pem
+ database = $dir/idx.txt
+[ self_signed_ca ]
+ private_key = var/sec/x509/$ENV::x509/key.pem
+ dir = var/pub/x509/$ENV::x509
+ crl_dir = $dir
+ crlnumber = $dir/crl.self-signed.num
+ crl = $dir/crl.self-signed.pem
+ database = $dir/idx.self-signed.txt
--- /dev/null
+ SERVICE = sympa
+ HOME = .
+ RANDFILE = var/sec/x509/openssl.rand
+[ req ]
+ prompt = no
+ distinguished_name = user_distinguished_name
+ string_mask = pkix
+[ user_distinguished_name ]
+ countryName = $ENV::COUNTRY
+ stateOrProvinceName = $ENV::STATE_OR_PROVINCE
+ #localityName =
+ 0.organizationName = $ENV::ORGANIZATION
+ organizationalUnitName = Certificat utilisateurice du SYsteme de Multi-Postage Automatique
+ commonName = $ENV::USER
--- /dev/null
+# See man 5 aliases for format
+abuse: root
+admin: root
+contact: root
+hostmaster: root
+mailer-daemon: root
+postmaster: root
+root: esyscmd(getent group sudo | cut -f 4 -d : | tr '\054' ' ')
+
+#-- SYMPA begin
+abuse-feedback-report: "| /usr/lib/sympa/bin/bouncequeue sympa@heureux-cyclage.org"
+bounce+*: "| /usr/lib/sympa/bin/bouncequeue sympa@heureux-cyclage.org"
+listmaster: "| /usr/lib/sympa/bin/queue listmaster@heureux-cyclage.org"
+sympa: "| /usr/lib/sympa/bin/queue sympa@heureux-cyclage.org"
+sympa-owner: postmaster@heureux-cyclage.org
+sympa-request: postmaster@heureux-cyclage.org
+
+# NOTE: compatibilité avec d'autres gestionnaires de listes
+listserv: sympa
+listserv-request: sympa-request
+majordomo: sympa
+listserv-owner: sympa-owner
+#-- SYMPA end
# DOC: http://postfix.traduc.org/index.php/TLS_README.html
-alias_database = hash:/etc/postfix/aliases
-alias_maps = hash:/etc/postfix/aliases
+alias_database =
+ hash:/etc/postfix/aliases
+ hash:/etc/mail/sympa/aliases
+alias_maps =
+ hash:/etc/postfix/aliases
+ hash:/etc/mail/sympa/aliases
append_dot_mydomain = no
# NOTE: appending .domain is the MUA's job.
biff = no
# NOTE: séparateur entre le nom d’utilisateur et les extensions d’adresse.
#relayhost =
relay_clientcerts = hash:/etc/postfix/$mydomain/smtpd/relay_clientcerts
-relay_domains = $mydestination
+relay_domains =
+ $mydestination
+ sympa.$mydomain
# NOTE: ajouter les domaines pour lesquels on est backup MX ici, pas dans mydestination ou virtual_alias...
smtp_body_checks =
#smtp_cname_overrides_servername = no
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache
#smtpd_tls_session_cache_timeout = 3600s
strict_rfc821_envelopes = yes
+sympa_destination_recipient_limit = 1
+sympabounce_destination_recipient_limit = 1
#tls_high_cipherlist = AES256-SHA
# NOTE: postconf(5) déconseille de changer ceci
#tls_random_bytes = 32
#tls_random_reseed_period = 3600s
#tls_random_source = dev:/dev/urandom
# NOTE: non-blocking
-transport_maps = hash:/etc/postfix/$mydomain/transport
+transport_maps =
+ hash:/etc/postfix/$mydomain/transport
+ #regexp:/etc/sympa/transport
#virtual_alias_domains =
virtual_alias_maps =
hash:/etc/postfix/$mydomain/virtual_alias
+ #regexp:/etc/sympa/virtual_alias
# NOTE: do not specify virtual alias domain names in the main.cf
# mydestination or relay_domains configuration parameters.
#
user=policyd-spf argv=/usr/sbin/postfix-policyd-spf-perl
noclue unix - n n - - pipe
flags=q user=noclue argv=/usr/local/bin/noclue-delivery ${recipient} ${sender}
+sympa unix - n n - - pipe
+ flags=R user=sympa argv=/usr/lib/sympa/bin/queue ${recipient}
+sympabounce unix - n n - - pipe
+ flags=R user=sympa argv=/usr/lib/sympa/bin/bouncequeue ${recipient}
#!/bin/sh -eux
-db="$1"
-owner="${2:-$db}"
-sudo -u postgres psql "$db" -a -f - <<-EOF
+user="$1"
+db="${2-}"
+sudo -u postgres psql "${db-}" -a -f - <<-EOF
\set ON_ERROR_STOP on
DO LANGUAGE plpgsql \$\$
BEGIN
END;
\$\$;
GRANT USAGE ON SCHEMA public TO $user;
- GRANT CONNECT,TEMPORARY ON DATABASE $db TO $user;
+ ${db:+GRANT CONNECT,TEMPORARY ON DATABASE $db TO $user;}
EOF
rule runit_sv_configure postgres
rule runit_sv_start postgres
-
while ! sudo -u postgres psql </dev/null
do sleep 1; done
-~postgres/bin/createdb "$sv"
+rule runit_sv_configure postfix
+rule runit_sv_start postfix
+sudo postfix quiet-reload
rule apt_get_install openerp --force-yes
# XXX: --force-yes car les paquets de nightly.openerp.com
# ne sont pas signés par OpenPGP..
rule insserv_remove openerp
+sudo -u postgres psql -a -c "DROP USER IF EXISTS openerp;"
+~postgres/bin/createdb "$sv"
+
rule adduser "$sv" \
--disabled-login \
--disabled-password \
--- /dev/null
+eval "home=~$sv/log"
+
+rule adduser log-"$sv"\
+ --disabled-login \
+ --disabled-password \
+ --group \
+ --home "$home" \
+ --shell /bin/false \
+ --system
+
+sudo install -d -m 770 -o log-"$sv" -g log-"$sv" \
+ "$home"
#!/bin/sh -eux
sv=${PWD%/log}
sv=${sv#/etc/sv/}
-eval "home=~$sv/log"
-
-getent passwd log-"$sv" >/dev/null ||
-adduser log-"$sv"\
- --disabled-login \
- --disabled-password \
- --group \
- --home "$home" \
- --shell /bin/false \
- --system
-
-install -d -m 770 -o log-"$sv" -g log-"$sv" \
- "$home"
+eval home="~log-$sv"
cd "$home"
exec chpst -u log-"$sv":log-"$sv" \
--- /dev/null
+rule apt_get_install dovecot-imapd dovecot-managesieved dovecot-sieve
+rule insserv_remove dovecot
+local hint="run vm_remote dovecot_key_send before"
+assert "sudo test -f /etc/dovecot/\"$vm_domainname\"/imap/x509/key.pem" hint
+sudo install -m 400 -o root -g root \
+ "$tool"/var/pub/x509/imap."$vm_domainname"/crt+crl.self-signed.pem \
+ /etc/dovecot/"$vm_domainname"/imap/x509/crt+crl.self-signed.pem
+sudo install -d -m 770 -o root -g root \
+ /etc/skel/etc/mail \
+ /etc/skel/etc/sieve
+sudo install -d -m 1777 -o root -g root \
+ /var/lib/dovecot-control \
+ /var/lib/dovecot-index
+m4 \
+ --define=VM_DOMAINNAME=$vm_domainname \
+ <"$tool"/etc/dovecot/local.conf.m4 |
+sudo install -m 644 -o root -g root /dev/stdin \
+ /etc/dovecot/local.conf
+sudo install -m 755 -o root -g root /dev/stdin /usr/local/bin/dovecot-passwd <<-EOF
+ #!/bin/sh -efux
+ # DESCRIPTION: permet à un-e utilisateurice d'initialiser ellui-même son mot-de-passe dovecot.
+ install -d -m 770 ~/etc/dovecot
+ install -m 640 /dev/stdin ~/etc/dovecot/passwd <<_EOF
+ \$USER:\$(/usr/bin/doveadm pw -s SHA512-CRYPT):::::::
+ _EOF
+ EOF
--- /dev/null
+home=~git/log/daemon
+
+rule adduser log-"$sv" \
+ --disabled-login \
+ --disabled-password \
+ --group \
+ --home "$home" \
+ --shell /bin/false \
+ --system
+
+sudo install -d -m 770 -o log-"$sv" -g log-"$sv" \
+ "$home"
+
+adduser log-git "$sv"
#!/bin/sh -eux
sv=${PWD%/log}
sv=${sv#/etc/sv/}
-home=~git/log/daemon
-
-getent passwd log-"$sv" >/dev/null ||
-adduser log-"$sv" \
- --disabled-login \
- --disabled-password \
- --group \
- --home "$home" \
- --shell /bin/false \
- --system
-
-install -d -m 770 -o log-"$sv" -g log-"$sv" \
- "$home"
-
-adduser log-git "$sv"
+eval home="~log-$sv"
cd "$home"
exec chpst -u log-"$sv":log-"$sv" \
home=~git-data
+
+rule apt_get_install gitweb highlight
+
rule adduser fcgi-"$sv" \
--disabled-login \
--disabled-password \
--- /dev/null
+home=~www/log/"$sv"/spawn-fcgi
+
+rule adduser log-fcgi-"$sv" \
+ --disabled-login \
+ --disabled-password \
+ --group \
+ --home "$home" \
+ --shell /bin/false \
+ --system
+
+sudo install -d -m 770 -o log-fcgi-"$sv" -g log-fcgi-"$sv" \
+ "$home"
#!/bin/sh -eux
sv=${PWD%/log}
sv=${sv#/etc/sv/}
-home=~www/log/"$sv"/spawn-fcgi
-
-getent passwd log-fcgi-"$sv" >/dev/null ||
-adduser log-fcgi-"$sv" \
- --disabled-login \
- --disabled-password \
- --group \
- --home "$home" \
- --shell /bin/false \
- --system
-
-install -d -m 770 -o log-fcgi-"$sv" -g log-fcgi-"$sv" \
- "$home"
+eval home="~log-fcgi-$sv"
cd "$home"
exec chpst -u log-fcgi-"$sv":log-fcgi-"$sv" \
install -d -m 1771 -o root -g root \
/run/spawn-fcgi
-install -d -m 1771 -o fcgi-gitweb -g fcgi-gitweb \
- /run/shm/tmp/gitweb
+install -d -m 770 -o fcgi-"$sv" -g fcgi-"$sv" \
+ /run/shm/tmp/"$sv"
exec /usr/bin/spawn-fcgi \
-u fcgi-"$sv" \
rule www_configure
-home=~www/pub/"$sv"
+home=~www-data/"$sv"
rule adduser fcgi-"$sv" \
--disabled-login \
--- /dev/null
+home=~www/log/"$sv"/spawn-fcgi
+
+rule adduser log-fcgi-"$sv" \
+ --disabled-login \
+ --disabled-password \
+ --group \
+ --home "$home" \
+ --shell /bin/false \
+ --system
+
+sudo install -d -m 770 -o log-fcgi-"$sv" -g log-fcgi-"$sv" \
+ "$home"
+
+cd "$home"
+exec chpst -u log-fcgi-"$sv":log-fcgi-"$sv" \
+ svlogd -v -tt "$home"
#!/bin/sh -eux
sv=${PWD%/log}
sv=${sv#/etc/sv/}
-home=~www/log/"$sv"/spawn-fcgi
-
-getent passwd log-fcgi-"$sv" >/dev/null ||
-adduser log-fcgi-"$sv" \
- --disabled-login \
- --disabled-password \
- --group \
- --home "$home" \
- --shell /bin/false \
- --system
-
-install -d -m 770 -o log-fcgi-"$sv" -g log-fcgi-"$sv" \
- "$home"
+eval home="~log-$sv"
cd "$home"
exec chpst -u log-fcgi-"$sv":log-fcgi-"$sv" \
--- /dev/null
+eval "home=~$sv/log"
+
+rule adduser log-"$sv" \
+ --disabled-login \
+ --disabled-password \
+ --group \
+ --home "$home" \
+ --shell /bin/false \
+ --system
+
+sudo install -d -m 770 -o log-"$sv" -g log-"$sv" \
+ "$home"
#!/bin/sh -eux
sv=${PWD%/log}
sv=${sv#/etc/sv/}
-eval "home=~$sv/log"
-
-getent passwd log-"$sv" >/dev/null ||
-adduser log-"$sv" \
- --disabled-login \
- --disabled-password \
- --group \
- --home "$home" \
- --shell /bin/false \
- --system
-
-install -d -m 770 -o log-"$sv" -g log-"$sv" \
- "$home"
+eval home="~log-$sv"
cd "$home"
exec chpst -u log-"$sv":log-"$sv" \
-rule runit_configure php5-fpm
+rule runit_sv_configure php5-fpm "$@"
+rule runit_sv_restart php5-fpm "$@"
rule apt_get_install nginx spawn-fcgi fcgiwrap
rule insserv_remove nginx
rule insserv_remove fcgiwrap
rule www_configure
-sudo rm -rf \
- /etc/nginx/conf.d \
- /etc/nginx/site.d
sudo install -d -m 770 -o www -g www \
/etc/nginx \
/etc/nginx/conf.d \
sudo install -m 660 -o www -g www \
"$tool"/etc/nginx/nginx.conf \
/etc/nginx/nginx.conf
-local conf
-for conf in "$tool"/etc/nginx/conf.d/*.conf
- do conf=${conf#"$tool"/etc/nginx/conf.d/}
+
+for conf in $(find "$tool"/etc/nginx/conf.d \
+ -mindepth 1 -maxdepth 1 -type f \
+ -name '*.conf' \
+ -printf '%f\n')
+ do
sudo install -m 660 -o www -g www \
"$tool"/etc/nginx/conf.d/"$conf" \
/etc/nginx/conf.d/"$conf"
done
-for conf in "$tool"/etc/nginx/site.d/*/site.conf
- do conf=${conf#"$tool"/etc/nginx/site.d/}
- local site="${conf%/site.conf}"
+
+for site in $(find "$tool"/etc/nginx/site.d \
+ -mindepth 1 -maxdepth 1 -type d \
+ -false ${@:+$(printf -- '-or -name %s\n' "$@")} \
+ -printf '%f\n')
+ do
rule adduser www-"$site" \
--disabled-login \
--disabled-password \
include /etc/nginx/site.d/$site/site.inc;
}
EOF
+ (
test ! -r "$tool"/etc/nginx/site.d/"$site"/configure.sh ||
- . "$tool"/etc/nginx/site.d/"$site"/configure.sh
+ . "$tool"/etc/nginx/site.d/"$site"/configure.sh || return 1
+ )
done
ip4-only: yes
EOF
cat "$tool"/etc/nsd3/nsd.conf
- local conf
- for conf in "$tool"/etc/nsd3/zone.d/*.conf
- do conf=${conf#"$tool"/etc/nsd3/zone.d/}
- local domain=${conf%.conf}
- if test -e "$tool"/etc/nsd3/zone.d/"$domain".zone.m4
+ for zone in $(find "$tool"/etc/nsd3/zone.d \
+ -mindepth 1 -maxdepth 1 -type f \
+ -false ${@:+$(printf -- '-or -name %s.conf\n' "$@")} \
+ -printf '%f\n')
+ do zone=${zone%.conf}
+ if test -e "$tool"/etc/nsd3/zone.d/"$zone".zone.m4
then m4 \
- --define=ZONE_DOMAIN=$domain \
- --define=ZONE_SERIAL=$(cd "$tool" && git log -1 --format="%ct" -- etc/nsd3/zone.d/"$domain".zone.m4) \
+ --define=ZONE_DOMAIN=$zone \
+ --define=ZONE_SERIAL=$(cd "$tool" && git log -1 --format="%ct" -- etc/nsd3/zone.d/"$zone".zone.m4) \
--define=VM_IP4=$vm_ipv4 \
- "$tool"/etc/nsd3/zone.d/"$domain".zone.m4
- else cat "$tool"/etc/nsd3/zone.d/"$domain".zone
+ "$tool"/etc/nsd3/zone.d/"$zone".zone.m4
+ else cat "$tool"/etc/nsd3/zone.d/"$zone".zone
fi |
sudo install -m 440 -o root -g nsd /dev/stdin \
- /etc/nsd3/zone.d/"$domain".zone
+ /etc/nsd3/zone.d/"$zone".zone
cat <<-EOF
zone:
- name: $domain
- zonefile: /etc/nsd3/zone.d/$domain.zone
- $(cat "$tool"/etc/nsd3/zone.d/"$conf")
+ name: $zone
+ zonefile: /etc/nsd3/zone.d/$zone.zone
+ $(cat "$tool"/etc/nsd3/zone.d/"$zone".conf)
EOF
done
} |
sudo install -m 640 -o root -g nsd /dev/stdin \
/etc/nsd3/nsd.conf
+
+rule runit_sv_start "$sv"
sudo nsdc rebuild
+sudo nsdc reload
+#sudo nsdc notify
exec 2>&1
sv=${PWD#/etc/sv/}
-install -d -m 770 -o root -g root \
- /run/nsd3
+! nsdc running ||
+pkill -TERM -F /run/nsd3.pid
+rm -f /run/nsd3.pid
+# XXX: sv reload ou nsdc reload envoient SIGHUP à nsd
+# ce qui le détache de runsv et du coup il n'est plus suivi..
+# comme on ne peut pas se rattacher à un processus,
+# on le tue si il se trouve déjà exécuté ;
+# gérer ce SIGHUP permet à NSD d'envoyer
+# les notify DNS sitôt une zone mise-à-jour.
exec /usr/sbin/nsd \
-c /etc/nsd3/nsd.conf \
- -d
+ -d \
+ -N 1 \
+ -u nsd
sudo ln -fns \
/etc/php5/fpm \
/home/www/etc/php5
-sudo rm -rf \
- /etc/php5/fpm/conf.d \
- /etc/php5/fpm/pool.d
sudo install -d -m 770 -o php5 -g php5 \
/etc/php5/fpm/conf.d \
/etc/php5/fpm/pool.d
sudo install -m 440 -o php5 -g php5 \
"$tool"/etc/php5/fpm/php-fpm.conf \
/etc/php5/fpm/php-fpm.conf
-local conf
-#for conf in "$tool"/etc/php5/fpm/conf.d/*.conf
-# do conf=${conf#"$tool"/etc/php5/fpm/conf.d/}
-# sudo install -m 660 -o php5 -g php5 \
-# "$tool"/etc/php5/fpm/conf.d/"$conf" \
-# /etc/php5/fpm/conf.d/"$conf"
-# done
-for conf in "$tool"/etc/php5/fpm/pool.d/*.conf
- do conf=${conf#"$tool"/etc/php5/fpm/pool.d/}
- IFS=. read -r pool <<-EOF
- ${conf%.conf}
- EOF
- assert 'test "${pool:+set}"'
+for conf in $(find "$tool"/etc/php5/fpm/conf.d \
+ -mindepth 1 -maxdepth 1 -type f \
+ -name '*.conf' \
+ -printf '%f\n' || true)
+ do
+ sudo install -m 660 -o php5 -g php5 \
+ "$tool"/etc/php5/fpm/conf.d/"$conf" \
+ /etc/php5/fpm/conf.d/"$conf"
+ done
+for pool in $(find "$tool"/etc/php5/fpm/pool.d/ \
+ -mindepth 1 -maxdepth 1 -type d \
+ -false ${@:+$(printf -- '-or -name %s.conf\n' "$@")} \
+ -printf '%f\n')
+ do pool=${pool%\.conf}
rule adduser php5-"$pool" \
--disabled-login \
--disabled-password \
sudo debconf-set-selections <<-EOF
postfix postfix/main_mailer_type select No configuration
EOF
-rule apt_get_install postfix procmail
+#rule apt_get_install postfix procmail
rule insserv_remove postfix
sudo install -m 640 -o root -g root /dev/stdin /etc/postfix/.gitignore <<-EOF
*.db
sudo install -m 640 -o root -g root \
"$tool"/etc/postfix/$vm_domainname/header_checks \
/etc/postfix/$vm_domainname/header_checks
+m4 <"$tool"/etc/postfix/aliases.m4 |
sudo install -m 644 -o root -g root /dev/stdin \
- /etc/postfix/aliases <<-EOF
- # See man 5 aliases for format
- abuse: root
- admin: root
- contact: root
- mailer-daemon: root
- postmaster: root
- root: $(getent group sudo | cut -f 4 -d : | tr , ' ')
- EOF
+ /etc/postfix/aliases
sudo newaliases -oA/etc/postfix/aliases
+sudo ln -fns \
+ /etc/postfix/aliases \
+ /etc/aliases
cat /dev/stdin "$tool"/etc/postfix/main.cf <<-EOF |
mydomain = $vm_domainname
myorigin = \$mydomain
mail_name = \$myhostname
mydestination = $vm_hostname \$myhostname \$myorigin
EOF
-sudo install -m 640 -o root -g root /dev/stdin \
+sudo install -m 644 -o root -g root /dev/stdin \
/etc/postfix/main.cf
sudo install -m 640 -o root -g root \
"$tool"/etc/postfix/master.cf \
# DOC: http://wiki.postgresql.org/wiki/Shared_Database_Hosting
-rule apt_get_install postgresql-9.1
+#rule apt_get_install postgresql-9.1
rule insserv_remove postgresql
rule adduser postgres \
--disabled-login \
sudo install -m 640 -o postgres -g postgres /dev/stdin \
/etc/postgresql/9.1/main/pg_ident.conf <<-EOF
# MAPNAME SYSTEM-USERNAME PG-USERNAME
+ admin postgres postgres
+ admin root postgres
EOF
sudo install -m 640 -o postgres -g postgres /dev/stdin \
/etc/postgresql/9.1/main/start.conf <<-EOF
EOF
sudo install -m 640 -o postgres -g postgres /dev/stdin \
/etc/postgresql/9.1/main/pg_hba.conf <<-EOF
- local all postgres peer
+ local all postgres peer map=admin
local all all peer
EOF
sudo install -m 640 -o postgres -g postgres-data \
# et utilisateurices depuis public.
sudo -u postgres psql template1 -a -f - <<-EOF
\set ON_ERROR_STOP on
- REVOKE ALL ON pg_auth_members FROM public;
- REVOKE ALL ON pg_authid FROM public;
- REVOKE ALL ON pg_database FROM public;
- REVOKE ALL ON pg_group FROM public;
- REVOKE ALL ON pg_roles FROM public;
- REVOKE ALL ON pg_settings FROM public;
- REVOKE ALL ON pg_tablespace FROM public;
- REVOKE ALL ON pg_user FROM public;
+ REVOKE ALL ON ALL TABLES IN SCHEMA pg_catalog FROM public;
+ REVOKE ALL ON SCHEMA pg_catalog FROM public;
+ -- REVOKE ALL ON pg_auth_members FROM public;
+ -- REVOKE ALL ON pg_authid FROM public;
+ -- REVOKE ALL ON pg_database FROM public;
+ -- REVOKE ALL ON pg_group FROM public;
+ -- REVOKE ALL ON pg_roles FROM public;
+ -- REVOKE ALL ON pg_settings FROM public;
+ -- REVOKE ALL ON pg_tablespace FROM public;
+ -- REVOKE ALL ON pg_user FROM public;
EOF
--- /dev/null
+eval "home=~$sv/log/9.1/main"
+
+rule adduser log-"$sv" \
+ --disabled-login \
+ --disabled-password \
+ --group \
+ --home "$home" \
+ --shell /bin/false \
+ --system
+
+sudo install -d -m 2770 -o "$sv" -g log-"$sv" \
+ "$home" \
+ "$home"/9.1 \
+ "$home"/9.1/main
#!/bin/sh -eux
sv=${PWD%/log}
sv=${sv#/etc/sv/}
-eval "home=~$sv/log/9.1/main"
-
-getent passwd log-"$sv" >/dev/null ||
-adduser log-"$sv" \
- --disabled-login \
- --disabled-password \
- --group \
- --home "$home" \
- --shell /bin/false \
- --system
-
-sudo install -d -m 2770 -o postgres -g log-postgres \
- "$home" \
- "$home"/9.1 \
- "$home"/9.1/main
+eval home="~log-$sv"
cd "$home"
exec chpst -u log-"$sv":log-"$sv" \
--- /dev/null
+#!/bin/sh -eux
+exec 2>&1
+sv=${PWD#/etc/sv/}
+
+install -d -m 770 -o sympa -g sympa \
+ /run/shm/tmp/sympa \
+ /run/sympa
+
+exec /usr/bin/chpst \
+ -u sympa:sympa:postgres-data \
+ /usr/lib/sympa/bin/archived.pl \
+ --foreground
--- /dev/null
+#!/bin/sh -eux
+exec 2>&1
+sv=${PWD#/etc/sv/}
+
+install -d -m 770 -o sympa -g sympa \
+ /run/shm/tmp/sympa \
+ /run/sympa
+
+exec /usr/bin/chpst \
+ -u sympa:sympa:postgres-data \
+ /usr/lib/sympa/bin/bounced.pl \
+ --foreground
--- /dev/null
+#!/bin/sh -eux
+exec 2>&1
+sv=${PWD#/etc/sv/}
+
+install -d -m 770 -o sympa -g sympa \
+ /run/shm/tmp/sympa \
+ /run/sympa
+
+exec /usr/bin/chpst \
+ -u sympa:sympa:postgres-data \
+ /usr/lib/sympa/bin/bulk.pl \
+ --foreground
--- /dev/null
+#!/bin/sh -eux
+exec 2>&1
+sv=${PWD#/etc/sv/}
+
+install -d -m 770 -o sympa -g sympa \
+ /run/shm/tmp/sympa \
+ /run/sympa
+
+exec /usr/bin/chpst \
+ -u sympa:sympa:postgres-data \
+ /usr/lib/sympa/bin/task_manager.pl \
+ --foreground
--- /dev/null
+home=/home/sympa
+
+rule runit_sv_configure postgres
+rule runit_sv_start postgres
+while ! sudo -u postgres psql </dev/null
+do sleep 1; done
+~postgres/bin/createuser "$sv"
+sudo -u postgres psql template1 -a -f - <<-EOF
+ \set ON_ERROR_STOP on
+ -- NOTE: pour /usr/share/sympa/lib/Upgrade.pm
+ -- appelant DBI->tables
+ GRANT USAGE ON SCHEMA pg_catalog TO $sv;
+ GRANT SELECT ON TABLE pg_catalog.pg_class TO $sv;
+ GRANT SELECT ON TABLE pg_catalog.pg_description TO $sv;
+ GRANT SELECT ON TABLE pg_catalog.pg_namespace TO $sv;
+ GRANT SELECT ON TABLE pg_catalog.pg_tablespace TO $sv;
+ -- NOTE: pour /usr/share/sympa/bin/create_db.Pg
+ -- CREATE SCHEMA $sv AUTHORIZATION $sv;
+ -- XXX: ne fonctionne pas à cause de cette vermine :
+ -- https://sourcesup.renater.fr/tracker/index.php?func=detail&aid=7459&group_id=23&atid=167
+ -- du coup on met les tables de SYMPA dans le schema public :
+ GRANT USAGE,CREATE ON SCHEMA public TO $sv;
+ EOF
+
+rule adduser "$sv" \
+ --disabled-login \
+ --disabled-password \
+ --group \
+ --home "$home" \
+ --shell /bin/false \
+ --system
+sudo adduser sympa postgres-data
+
+sudo install -d -m 770 -o "$sv" -g "$sv" \
+ "$home" \
+ "$home"/list_data \
+ "$home"/spool
+sudo install -d -m 755 -o root -g root \
+ /etc/sympa \
+ /etc/sympa/x509.d
+sudo install -m 644 -o root -g root \
+ /dev/stdin \
+ /etc/sympa/.gitignore <<-EOF
+ cookie
+ key_passwd
+ EOF
+m4 \
+ --define=VM_DOMAINNAME="$vm_domainname" \
+ --define=HOME="$home" \
+ "$tool"/etc/sympa/sympa.conf.m4 |
+sudo install -m 640 -o "$sv" -g "$sv" /dev/stdin \
+ /etc/sympa/sympa.conf
+
+sudo debconf-set-selections <<-EOF || true
+ sympa sympa/app-password-confirm password
+ sympa sympa/password-confirm password
+ # Mot de passe de connexion PostgreSQL pour sympa :
+ sympa sympa/dbconfig-install boolean true
+ sympa sympa/pgsql/app-pass password
+ ##sympa sympa/mysql/admin-pass password
+ sympa sympa/pgsql/admin-pass password
+ # Mot de passe de connexion MySQL pour sympa :
+ ##sympa sympa/mysql/app-pass password
+ # Faut-il configurer la base de données de sympa avec dbconfig-common ?
+ sympa sympa/dbconfig-install boolean true
+ # Nom d'hôte du serveur pour sympa :
+ sympa sympa/remote/newhost string
+ sympa sympa/listmaster string listmaster@$vm_domainname
+ sympa wwsympa/wwsympa_url string https://$sv.$vm_domainname/wws
+ sympa wwsympa/webserver_restart boolean false
+ sympa sympa/remote/port string
+ sympa sympa/pgsql/manualconf note
+ # Faut-il sauvegarder la base de données pour sympa avant la mise à jour ?
+ sympa sympa/upgrade-backup boolean true
+ sympa sympa/pgsql/changeconf boolean false
+ # Nom d'hôte du serveur « sympa » :
+ sympa sympa/hostname string $sv.$vm_domainname
+ sympa sympa/pgsql/authmethod-user select unix socket
+ # Faut-il mettre à jour la base de données pour sympa avec dbconfig-common ?
+ sympa sympa/dbconfig-upgrade boolean true
+ sympa sympa/use_soap boolean false
+ # Nom de la base de données pour sympa :
+ sympa sympa/db/dbname string $sv
+ sympa sympa/internal/skip-preseed boolean true
+ # Type de serveur de bases de données à utiliser avec sympa :
+ sympa sympa/database-type select pgsql
+ # Répertoire pour la base de données pour sympa :
+ sympa sympa/db/basepath string
+ # Nom d'hôte du serveur de bases de données pour sympa :
+ sympa sympa/remote/host select /run/postgresql/
+ sympa wwsympa/fastcgi boolean true
+ sympa sympa/internal/reconfiguring boolean false
+ # Identifiant pour sympa :
+ sympa sympa/db/app-user string $sv
+ # Faut-il purger la base de données pour sympa ?
+ sympa sympa/purge boolean false
+ sympa sympa/remove-error select abort
+ sympa wwsympa/webserver_type select Other
+ ##sympa sympa/mysql/admin-user string root
+ # Faut-il défaire la configuration de la base de donnée de sympa avec dbconfig-common ?
+ sympa sympa/dbconfig-remove boolean
+ # Méthode de connexion pour la base de données MySQL de sympa:
+ ##sympa sympa/mysql/method select unix socket
+ # Faut-il réinstaller la base de données pour sympa ?
+ sympa sympa/dbconfig-reinstall boolean false
+ sympa sympa/pgsql/admin-user string postgres
+ sympa sympa/upgrade-error select abort
+ sympa sympa/language select fr
+ # Méthode de connexion pour la base de données PostgreSQL de sympa :
+ sympa sympa/pgsql/method select unix socket
+ sympa sympa/install-error select abort
+ #sympa sympa/pgsql/no-empty-passwords error
+ sympa sympa/pgsql/authmethod-admin select unix socket
+ EOF
+sudo install -d -m 755 -o root -g root \
+ /etc/dbconfig-common
+sudo install -m 600 -o root -g root /dev/stdin \
+ /etc/dbconfig-common/sympa.conf <<-EOF
+ dbc_authmethod_admin='ident'
+ dbc_authmethod_user='ident'
+ dbc_basepath=''
+ dbc_dbadmin='postgres'
+ dbc_dbname='sympa'
+ dbc_dbpass=''
+ dbc_dbport=''
+ dbc_dbserver='/run/postgresql'
+ dbc_dbtype='pgsql'
+ dbc_dbuser='$sv'
+ dbc_install='true'
+ dbc_remove=''
+ dbc_ssl=''
+ dbc_upgrade='true'
+ EOF
+
+! sudo etckeeper unclean ||
+sudo etckeeper commit -m "rule_runit_configure $sv"
+
+rule apt_get_install --no-install-recommends sympa
+ # NOTE: évite d'installer apache2 ..
+
+rule insserv_remove sympa
--- /dev/null
+#!/bin/sh -eux
+exec 2>&1
+sv=${PWD#/etc/sv/}
+
+sv start \
+ /etc/sv/sympa-bulk
+
+install -d -m 770 -o sympa -g sympa \
+ /run/shm/tmp/sympa \
+ /run/sympa
+
+exec /usr/bin/chpst \
+ -u "$sv":"$sv":postgres-data \
+ /usr/lib/sympa/bin/sympa.pl \
+ --foreground
--- /dev/null
+rule runit_configure sympa
+
+sv=sympa
+#home=~www-data/"$sv"
+home=~sympa/"$sv"
+
+#sudo adduser "$sv" www-sympa
+
+sudo install -d -o 2770 -o "$sv" -g "$sv" \
+ "$home"/wwsarchive \
+ "$home"/wwsbounce
+# TODO: quota
+
+m4 \
+ --define=HOME="$home" \
+ "$tool"/etc/sympa/wwsympa.conf.m4 |
+sudo install -m 640 -o "$sv" -g "$sv" /dev/stdin \
+ /etc/sympa/wwsympa.conf
--- /dev/null
+#!/bin/sh -eux
+exec 2>&1
+#sv=${PWD#/etc/sv/}
+sv=sympa
+
+sv start \
+ /etc/sv/sympa \
+ /etc/sv/sympa-archived \
+ /etc/sv/sympa-bounced \
+ /etc/sv/sympa-task_manager
+
+install -d -m 770 -o "$sv" -g "$sv" \
+ /run/sympa
+
+install -d -m 1771 -o root -g root \
+ /run/spawn-fcgi
+
+exec /usr/bin/spawn-fcgi \
+ -u "$sv" \
+ -g "$sv" \
+ -U www-data \
+ -G www-data \
+ -M 0660 \
+ -n \
+ -s /run/spawn-fcgi/"$sv" \
+ -- /usr/bin/multiwatch \
+ --forks 3 \
+ -- /usr/lib/cgi-bin/sympa/wwsympa.fcgi
--- /dev/null
+changequote(,)
+###\\\\ Directories and file location ////###
+etc /etc/sympa
+home HOME/list_data
+http_host https://VM_DOMAINNAME
+pidfile /run/sympa/sympa.pid
+pidfile_bulk /run/sympa/bulk.pid
+pidfile_creation /run/sympa/sympa-creation.pid
+pidfile_distribute /run/sympa/sympa-distribute.pid
+queue HOME/spool/msg
+queueauth HOME/spool/auth
+queueautomatic HOME/spool/automatic
+queuebounce HOME/spool/bounce
+queuedigest HOME/spool/digest
+queuemod HOME/spool/moderation
+queueoutgoing HOME/spool/outgoing
+queuesubscribe HOME/spool/subscribe
+queuetask HOME/spool/task
+queuetopic HOME/spool/topic
+spool HOME/spool
+static_content_path /var/lib/sympa/static_content
+static_content_url /static-sympa
+tmpdir /run/shm/tmp/sympa
+umask 007
+
+###\\\\ Syslog ////###
+log_level 0
+log_smtp off
+log_socket_type unix
+logs_expiration_period 3
+syslog `cat /etc/sympa/facility`
+
+###\\\\ General definition ////###
+create_list public_listmaster
+domain sympa.VM_DOMAINNAME
+edit_list owner
+email sympa
+listmaster listmaster@VM_DOMAINNAME
+
+###\\\\ Tuning ////###
+bulk_fork_threshold 1
+bulk_lazytime 600
+bulk_max_count 3
+bulk_sleep 1
+bulk_wait_to_fork 10
+cache_list_config none
+cookie `cat /etc/sympa/cookie`
+default_distribution_ttl 300
+default_list_priority 5
+default_sql_fetch_timeout 300
+default_ttl 3600
+legacy_character_support_feature off
+max_size 5242880
+owner_priority 9
+reject_mail_from_automates_feature on
+remove_headers X-Sympa-To,X-Family-To,Return-Receipt-To,Precedence,X-Sequence,Disposition-Notification-To
+request_priority 0
+rfc2369_header_fields help,subscribe,unsubscribe,post,owner,archive
+sympa_packet_priority 5
+sympa_priority 1
+use_blacklist send,create_list
+
+###\\\\ Internationalization ////###
+lang fr
+supported_lang fr
+
+###\\\\ Errors management ////###
+bounce_halt_rate 50
+bounce_warn_rate 30
+#expire_bounce_task daily
+#welcome_return_path unique
+
+###\\\\ MTA related ////###
+alias_manager /usr/lib/sympa/bin/alias_manager.pl
+avg 10
+maxsmtp 40
+nrcpt 25
+sendmail /usr/sbin/sendmail
+sendmail_aliases /etc/mail/sympa/aliases
+
+###\\\\ Plugin ////###
+#antivirus_args --secure --summary --dat /usr/local/uvscan
+#antivirus_path /usr/local/uvscan/uvscan
+
+###\\\\ DKIM ////###
+dkim_add_signature_to robot,list
+dkim_feature off
+dkim_header_list from:sender:reply-to:subject:date:message-id:to:cc:list-id:list-help:list-unsubscribe:list-subscribe:list-post:list-owner:list-archive:in-reply-to:references:resent-date:resent-from:resent-sender:resent-to:resent-cc:resent-message-id:mime-version:content-type:content-transfer-encoding:content-id:content-description
+dkim_signature_apply_on md5_authenticated_messages,smime_authenticated_messages,dkim_authenticated_messages,editor_validated_messages
+
+###\\\\ S/MIME pluggin ////###
+#cafile
+capath /etc/sympa/x509.d
+crl_dir HOME/list_data/crl
+#key_passwd `cat /etc/sympa/key_passwd`
+openssl /usr/bin/openssl
+ssl_cert_dir HOME/list_data/x509.d
+
+###\\\\ Database ////###
+#db_additional_subscriber_fields billing_delay,subscription_expiration
+#db_additional_user_fields age,address
+db_host /run/postgresql
+db_name sympa
+#db_passwd your_passwd
+db_type Pg
+db_user sympa
+
+###\\\\ Web interface ////###
+antispam_tag_header_ham_regexp ^\s*No
+antispam_tag_header_name X-Spam-Status
+antispam_tag_header_spam_regexp ^\s*Yes
+max_wrong_password 19
+soap_url http://--HOST--/sympasoap
+spam_status x-spam-status
+wwsympa_url https://sympa.VM_DOMAINNAME/wws
--- /dev/null
+/^.*+owner\@sympa\.heureux-cyclage\.org$/ sympabounce:
+/^.*\@sympa\.heureux-cyclage\.org$/ sympa:
--- /dev/null
+/^(.*)-owner\@heureux-cyclage\.org$/ $1+owner@heureux-cyclage.org
--- /dev/null
+changequote(,)
+###\\\\ Directories and file location ////###
+archived_pidfile /run/sympa/archived.pid
+bounced_pidfile /run/sympa/bounced.pid
+task_manager_pidfile /run/sympa/task_manager.pid
+arc_path HOME/wwsarchive
+bounce_path HOME/wwsbounce
+
+###\\\\ Syslog ////###
+log_condition
+log_facility mail
+log_module
+
+###\\\\ General definition ////###
+
+###\\\\ Tuning ////###
+password_case sensitive
+
+## HTTP cookies lifetime
+cookie_expire 0
+
+## HTTP cookies validity domain
+cookie_domain localhost
+
+###\\\\ Internationalization ////###
+
+###\\\\ Errors management ////###
+
+###\\\\ MTA related ////###
+
+###\\\\ Plugin ////###
+mhonarc /usr/bin/mhonarc
+
+###\\\\ DKIM ////###
+
+###\\\\ S/MIME pluggin ////###
+ldap_force_canonical_email 1
+
+###\\\\ Database ////###
+
+###\\\\ Web interface ////###
+archive_default_index thrd
+default_home home
+title Mailing lists service
+use_fast_cgi 1
--- /dev/null
+../heureux-cyclage.org
\ No newline at end of file
--- /dev/null
+-----BEGIN X509 CRL-----
+MIIDzjCCAbYCAQEwDQYJKoZIhvcNAQENBQAwggFyMQswCQYDVQQGEwJGUjEfMB0G
+A1UECB4WAFIAaAD0AG4AZQAtAEEAbABwAGUAczEfMB0GA1UEBx4WAFIAaAD0AG4A
+ZQAtAEEAbABwAGUAczEaMBgGA1UEChMRTCdIZXVyZXV4IEN5Y2xhZ2UxLTArBgNV
+BAsTJFNZc3RlbWUgZGUgTXVsdGktUG9zdGFnZSBBdXRvbWF0aXF1ZTEiMCAGA1UE
+AxMZc3ltcGEuaGV1cmV1eC1jeWNsYWdlLm9yZzFLMEkGA1UEDx5CAFYAMQAuADAA
+LAAgAG4AaQAgAGQAaQBlAHUAIABuAGkAIABtAGEA7gB0AHIAZQAgAG4AaQAgAG0A
+bwB0AGUAdQByMScwJQYLKwYBBAGCNzwCAQEeFgBSAGgA9ABuAGUALQBBAGwAcABl
+AHMxJzAlBgsrBgEEAYI3PAIBAh4WAFIAaAD0AG4AZQAtAEEAbABwAGUAczETMBEG
+CysGAQQBgjc8AgEDEwJGUhcNMTMwNDE0MDAyMDEzWhcNMjMwNDE1MDAyMDEzWqAO
+MAwwCgYDVR0UBAMCAQAwDQYJKoZIhvcNAQENBQADggIBAJ/nEvqbiaE6I3baB+ov
+KJXKVRSn33x6UwQh5x0UgjCYnfxxWGUxZMqg0vQbrN+dL55P4zxgErUPQjqOsdYf
+IYR3oQd9qzxy/EdpA04J/Kr8Lmevc+ExW6E8H0ulXubzkUkCEGYEJx8M2pJoiJ0U
+FcFiQa1mFUoeO07foCXmQi86NCG+06miz63mkVgSbPcyTmsY6hmheIAaiZDLgFC2
+Ue9lYPIJuuENgmAh0UvLBsgGERhoBflq1UNrE1RKwTyXZyDj9ON7zoV1IcazunsP
+X0gM1qUZG9UHSvgDHveDJNFGTv9C86w+cIvMGn4lhy+KG4g0PJADPCsj+kTSj9gI
+1UiKJIY8PFEMGxI4RreIffsJ6ttQsGUqwXboiE+CvilJ/Io9cPy3Je6ndQtJe8/W
+xeN9tpGshCbaI2RqSZiShXvb9Q7lcK91U4ezxU64H9MVpATIafifaQWLGJhgo4z2
+WeAQ82//ZylrtRStsu788N816fGmqnJ5aagxOmiau8vfNyRmHZKShcuHwX5atOm4
+d1Y/YQlRo2l9Gw6U7Qd5t+kjlvllj+P4xFVuoydYnDHa2G6loENQtJvKcBH54sRw
++2X/LOBLclK5ZOWebJ7QUGk5OcH3Cip0VcxKfwk1hjNJohzcvmX4woTeMK7x4Lnu
+0mDyz7RpIbs/tUgDHMZwT3b9
+-----END X509 CRL-----
--- /dev/null
+-----BEGIN X509 CRL-----
+MIIDzjCCAbYCAQEwDQYJKoZIhvcNAQENBQAwggFyMQswCQYDVQQGEwJGUjEfMB0G
+A1UECB4WAFIAaAD0AG4AZQAtAEEAbABwAGUAczEfMB0GA1UEBx4WAFIAaAD0AG4A
+ZQAtAEEAbABwAGUAczEaMBgGA1UEChMRTCdIZXVyZXV4IEN5Y2xhZ2UxLTArBgNV
+BAsTJFNZc3RlbWUgZGUgTXVsdGktUG9zdGFnZSBBdXRvbWF0aXF1ZTEiMCAGA1UE
+AxMZc3ltcGEuaGV1cmV1eC1jeWNsYWdlLm9yZzFLMEkGA1UEDx5CAFYAMQAuADAA
+LAAgAG4AaQAgAGQAaQBlAHUAIABuAGkAIABtAGEA7gB0AHIAZQAgAG4AaQAgAG0A
+bwB0AGUAdQByMScwJQYLKwYBBAGCNzwCAQEeFgBSAGgA9ABuAGUALQBBAGwAcABl
+AHMxJzAlBgsrBgEEAYI3PAIBAh4WAFIAaAD0AG4AZQAtAEEAbABwAGUAczETMBEG
+CysGAQQBgjc8AgEDEwJGUhcNMTMwNDE0MDAyMDE0WhcNMjMwNDE1MDAyMDE0WqAO
+MAwwCgYDVR0UBAMCAQAwDQYJKoZIhvcNAQENBQADggIBAJIs49a3qnjacl22s+tc
+CNwjx77gd3a096B91od6dbGyMVJ00VhHyDEqZnKVbRsgvsVCLu+C4II99Eo0BSk4
+sDl7So+5SblCyRE3TwDYg0XlPTd85FtrklGR5W3b0J/mwKA8idw5NsJ4+7fJXOFf
+m51ph4j9aAnRoEepHJup+EbGi+w47Ozxu/LDm72CriPtkkqgiPfJ9rqrPmIUzpnW
+fSCKx2lqkandP9GnMWAdzRI0CwIQeo945E5nro/qUAqhCnXejm5PokekifKcnzHp
+tjkE+PEXj+76gnA9sx8AN2bUvkTF6mKMkaMUXCBl6YuQY/wdWq0S0yYPsPN3a/4P
++hAHQZ8BKP7wJbXXHDyBarp05ebEzmSVRkPUDKEzQgUbIExpszNLHXIcxF5T0VE9
+b0GjzjAF8jsMfFu8YZKy30uKTfpfygHdt4lDQExSAaqqnw3G6wPFPIyqkAw6yANl
+eC0FyVGoFwZqwU660WZzysBTn4PzPAmtVF6s/Y5khVz7XuXnJ/Kjfxu2D9fpAnaX
+YwPFDa11HH2+68aKTfWeAtN3GVoeKJ4qg9VMhycX+RTPX50gNpt7RK43jTkPtIy+
+gXzoBcjtgpN0gXprAyIg3rPimuVTnHd47ePmvc9d8pBJkRaF+CR2mzg/t/j+tiqK
+TO1Avx+k6UDYE0KjX2G6irbR
+-----END X509 CRL-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIJ7TCCB9WgAwIBAgIHIBMEFAIgEjANBgkqhkiG9w0BAQ0FADCCARUxHDAaBgNV
+BAMTE2hldXJldXgtY3ljbGFnZS5vcmcxCzAJBgNVBAYTAkZSMQwwCgYDVQQrEwNM
+SEMxGjAYBgNVBAoTEUwnSGV1cmV1eCBDeWNsYWdlMVcwVQYDVQQLHk4AQQBuAHQA
+aQAtAGEAdQB0AG8AcgBpAHQA6QAgAGQAZQAgAGMAZQByAHQAaQBmAGkAYwBhAHQA
+aQBvAG4AIABwAHIAaQBtAGEAaQByAGUxDjAMBgNVBBETBTY5MDAxMR8wHQYDVQQI
+HhYAUgBoAPQAbgBlAC0AQQBsAHAAZQBzMR8wHQYDVQQJExYxMCBydWUgU2FpbnQg
+UG9seWNhcnBlMRMwEQYDVQQUHgoAbgDpAGEAbgB0MB4XDTEzMDQxNDAwMjAxMloX
+DTIzMDQxNTAwMjAxMlowggFyMQswCQYDVQQGEwJGUjEfMB0GA1UECB4WAFIAaAD0
+AG4AZQAtAEEAbABwAGUAczEfMB0GA1UEBx4WAFIAaAD0AG4AZQAtAEEAbABwAGUA
+czEaMBgGA1UEChMRTCdIZXVyZXV4IEN5Y2xhZ2UxLTArBgNVBAsTJFNZc3RlbWUg
+ZGUgTXVsdGktUG9zdGFnZSBBdXRvbWF0aXF1ZTEiMCAGA1UEAxMZc3ltcGEuaGV1
+cmV1eC1jeWNsYWdlLm9yZzFLMEkGA1UEDx5CAFYAMQAuADAALAAgAG4AaQAgAGQA
+aQBlAHUAIABuAGkAIABtAGEA7gB0AHIAZQAgAG4AaQAgAG0AbwB0AGUAdQByMScw
+JQYLKwYBBAGCNzwCAQEeFgBSAGgA9ABuAGUALQBBAGwAcABlAHMxJzAlBgsrBgEE
+AYI3PAIBAh4WAFIAaAD0AG4AZQAtAEEAbABwAGUAczETMBEGCysGAQQBgjc8AgED
+EwJGUjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKiXA1P3lE0TXmbQ
+oUWiJwkZWhQvnp2U+Xju9PzDw793Fll94Z4FqzkD7iIc6s9wKsmrbRyck4u1fZPx
+rSjicSXUUcRinFNh9AuMRA/olm3jQDaQpDyzhjOuI3XW7sqVkERhfHESkkeGttnU
+kzUJT2+RMcoinvulW9pDALEN6RwN5DbRQdsZOObBbNt7ahr0wtK+Q5AjW/dANTju
+sKxoA2POYZ6qW6Sp8NroQZ0qDg+pfvD9c/Rkn7uvrIlUMN+s9/euZvtAURClz0DO
+UXtgbg5705Kicdw4so7qAzehFS4xz6Y1vTVBuLzcFQZPhwuhi3GGDxkAt50bFZBn
+9oqHL2/ACg8Hsx3g3o5D5byGn6MyNd2D/s/iu4y5FQjlc52j31lNrRrlIQws3hBA
+ycWRbk4MsrSP1kzWJl7Oyn4wbjSzWodbbpNvjadweJ1Raa79anibC5TyTypTnivZ
+15BKr5kh+XsWqNk/7b2gVJ8+gBn1YezkKfLR778Q6lS9yDJ92NZZqubQTWtFHKbC
+O6ybDPDQqK7kKxrjsfl0c68fxcpbNi2NoCMyPwafVWXxl1MknwYCPe4hqvPDe64J
+St77775s4vQcOY4LdDOmM41E1AnIc4/3AhxUR2Jb3WPJk/7K6h4Cc7zg7sRJnLUp
+iNPpfgIk4mUoedPzbe035Pa/d1IVAgMBAAGjggLfMIIC2zASBgNVHRMBAf8ECDAG
+AQH/AgEAMAsGA1UdDwQEAwIBpjBHBgNVHREEQDA+gSFjb250YWN0K3N5bXBhQGhl
+dXJldXgtY3ljbGFnZS5vcmeCGXN5bXBhLmhldXJldXgtY3ljbGFnZS5vcmcwHQYD
+VR0OBBYEFL5Hl/nuubAdmATcjiKaT0DpE6+jMCYGA1UdEgQfMB2BG2NvbnRhY3RA
+aGV1cmV1eC1jeWNsYWdlLm9yZzCCAU0GA1UdIwSCAUQwggFAgBTQQETok+Fk9woJ
+QMBtg2e8t7ntSqGCAR2kggEZMIIBFTEcMBoGA1UEAxMTaGV1cmV1eC1jeWNsYWdl
+Lm9yZzELMAkGA1UEBhMCRlIxDDAKBgNVBCsTA0xIQzEaMBgGA1UEChMRTCdIZXVy
+ZXV4IEN5Y2xhZ2UxVzBVBgNVBAseTgBBAG4AdABpAC0AYQB1AHQAbwByAGkAdADp
+ACAAZABlACAAYwBlAHIAdABpAGYAaQBjAGEAdABpAG8AbgAgAHAAcgBpAG0AYQBp
+AHIAZTEOMAwGA1UEERMFNjkwMDExHzAdBgNVBAgeFgBSAGgA9ABuAGUALQBBAGwA
+cABlAHMxHzAdBgNVBAkTFjEwIHJ1ZSBTYWludCBQb2x5Y2FycGUxEzARBgNVBBQe
+CgBuAOkAYQBuAHSCByATAyYJODEwRwYIKwYBBQUHAQEEOzA5MDcGCCsGAQUFBzAC
+hitodHRwOi8vd3d3LmhldXJldXgtY3ljbGFnZS5vcmcveDUwOS9jcnQucGVtMEIG
+A1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly93d3cuaGV1cmV1eC1jeWNsYWdlLm9yZy94
+NTA5L3N5bXBhL2NybC5wZW0wSgYDVR0gBEMwQTA/BgUqgXoBKjA2MDQGCCsGAQUF
+BwIBFihodHRwczovL3d3dy5oZXVyZXV4LWN5Y2xhZ2Uub3JnL3g1MDkvY3BzMA0G
+CSqGSIb3DQEBDQUAA4ICAQAJ6RQWFyQDtnKonctz9TR6EEU4+0JsJzLK26Qn3NuA
+5kwSwRNsdZ8Yc0kFV1YjH3CvEmn05Bhw0HXO9hmrnt48l4PNhZokPcoKzJUiy4IK
+aSeAoUWn7NSywVZu7Rkh+5eIS+1Ok9Vza6pLqxyYP2X8bL39hYr6eQWuPSVP88aC
+vuwFTaloOWtYy89yS+8+0HZi3Qu+jIY++tZIOr2Q3vBJE56C/b2ib8GTW5K+nebR
+ilde8ajOL/W6LJybW532B65y2cyL2HqaFEdmswFy0ud+pAHDuyWu9zOtagW/nphi
+YKg5cA6ucz5FiSLjWCYHtLVPGFK+bfLUzD80dNPxWt+4NXIpijtichX+Y2TIuWY2
+amAlF3lhukLA+k78FVmE8GPW7+8iuvEu5WDjqANOjzZbYkLfxgZTyZl7nxwQrW5a
+Gj5ohnEgy9lFDk+1gLS2p74+w3PjcvMfniG+OHmekAo09M4YHfYlUoyvYVTW3FGp
+E2nMrxnmRfKiHnNnnH8JzYHjTEcpgSwl++NvzSuhTFJGqNz9XsAEPCErPTHWKrjS
+S5MpPcIaJfSj0RODt8qeeMq5dolSqV/ZzaJMZxmaxjxZAPksUKGB9RDU/Au0Vl0N
+cAGkE9w8zP1Xy8UnIW0bHEfD6XmfuwNLlS2tuVdoBfsEsnk+O1CZKPprWy50b2YL
+dw==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIJHTCCBwWgAwIBAgIHIBMDJgk4MTANBgkqhkiG9w0BAQ0FADCCARUxHDAaBgNV
+BAMTE2hldXJldXgtY3ljbGFnZS5vcmcxCzAJBgNVBAYTAkZSMQwwCgYDVQQrEwNM
+SEMxGjAYBgNVBAoTEUwnSGV1cmV1eCBDeWNsYWdlMVcwVQYDVQQLHk4AQQBuAHQA
+aQAtAGEAdQB0AG8AcgBpAHQA6QAgAGQAZQAgAGMAZQByAHQAaQBmAGkAYwBhAHQA
+aQBvAG4AIABwAHIAaQBtAGEAaQByAGUxDjAMBgNVBBETBTY5MDAxMR8wHQYDVQQI
+HhYAUgBoAPQAbgBlAC0AQQBsAHAAZQBzMR8wHQYDVQQJExYxMCBydWUgU2FpbnQg
+UG9seWNhcnBlMRMwEQYDVQQUHgoAbgDpAGEAbgB0MB4XDTEzMDMyNjA4MzgzMVoX
+DTIzMDMyNzA4MzgzMVowggEVMRwwGgYDVQQDExNoZXVyZXV4LWN5Y2xhZ2Uub3Jn
+MQswCQYDVQQGEwJGUjEMMAoGA1UEKxMDTEhDMRowGAYDVQQKExFMJ0hldXJldXgg
+Q3ljbGFnZTFXMFUGA1UECx5OAEEAbgB0AGkALQBhAHUAdABvAHIAaQB0AOkAIABk
+AGUAIABjAGUAcgB0AGkAZgBpAGMAYQB0AGkAbwBuACAAcAByAGkAbQBhAGkAcgBl
+MQ4wDAYDVQQREwU2OTAwMTEfMB0GA1UECB4WAFIAaAD0AG4AZQAtAEEAbABwAGUA
+czEfMB0GA1UECRMWMTAgcnVlIFNhaW50IFBvbHljYXJwZTETMBEGA1UEFB4KAG4A
+6QBhAG4AdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMQW7t6xtjiy
+B++qKw1fetUPyF/LbMHllX4c3pxyRXjN7AnvDbVoTH7RItPoabAkmh5BFInXwP6P
+UtbX2uLyGNsnEh5MueMJcmcZ0woDFZe60An1sVCm0RLnNL2LvZBACZI4ZtnFVczO
+HL+kzUqik2PLyIqt0sicwsAvsY4iJLlRmfjjyp4jbiBhLaj3AgcqHhkf+6csNc+Y
+6LQC+C+9dcPq4RcJ8w939tU1VNth5Llil/jBkUS5SxEmXyo/yuPqkd5FxL0qGkm3
+8gf3AVZYwDwpwOBJPzjSg1lAonjNAuH/JD0AvytvTecPi1TYCJDW6VswB9X54ZJD
+cIuBWF7yCQSH/czAMppuQopuQJ8F6bdVyyDIKWJTXA9SdOQRrAZeIpVFu//8fbyv
+0yhLroTp1xXSRC+s+jEhdjZsOJGsY/0TH1biRQt9JvBTEzhFPww76FczYVa9Bxoq
+ipLjCwfzh68w948nsdOwRnsjMEJkIgv6rVsC4jxgaTc6ay2PnqbLxGmH1YENpHvf
+UuO2nB7aIvakxf6OsH95KBTzgvKSwYnp2QiPCpBTtOihD2RkA2uDPefHLU6058pb
+heXwMMKwUVn18rs9TH8T3N5q5AHpMK1H2Mvn9pskLpT16UKTOKkoktR1jgkJN6vR
+GNzjFB391ZVKfV90eXjtjsckyAcUNTdhAgMBAAGjggJsMIICaDASBgNVHRMBAf8E
+CDAGAQH/AgEBMAsGA1UdDwQEAwIBBjAmBgNVHREEHzAdgRtjb250YWN0QGhldXJl
+dXgtY3ljbGFnZS5vcmcwHQYDVR0OBBYEFNBAROiT4WT3CglAwG2DZ7y3ue1KMCYG
+A1UdEgQfMB2BG2NvbnRhY3RAaGV1cmV1eC1jeWNsYWdlLm9yZzCCAU0GA1UdIwSC
+AUQwggFAgBTQQETok+Fk9woJQMBtg2e8t7ntSqGCAR2kggEZMIIBFTEcMBoGA1UE
+AxMTaGV1cmV1eC1jeWNsYWdlLm9yZzELMAkGA1UEBhMCRlIxDDAKBgNVBCsTA0xI
+QzEaMBgGA1UEChMRTCdIZXVyZXV4IEN5Y2xhZ2UxVzBVBgNVBAseTgBBAG4AdABp
+AC0AYQB1AHQAbwByAGkAdADpACAAZABlACAAYwBlAHIAdABpAGYAaQBjAGEAdABp
+AG8AbgAgAHAAcgBpAG0AYQBpAHIAZTEOMAwGA1UEERMFNjkwMDExHzAdBgNVBAge
+FgBSAGgA9ABuAGUALQBBAGwAcABlAHMxHzAdBgNVBAkTFjEwIHJ1ZSBTYWludCBQ
+b2x5Y2FycGUxEzARBgNVBBQeCgBuAOkAYQBuAHSCByATAyYJODEwRwYIKwYBBQUH
+AQEEOzA5MDcGCCsGAQUFBzAChitodHRwOi8vd3d3LmhldXJldXgtY3ljbGFnZS5v
+cmcveDUwOS9jcnQucGVtMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly93d3cuaGV1
+cmV1eC1jeWNsYWdlLm9yZy94NTA5L2NybC5wZW0wDQYJKoZIhvcNAQENBQADggIB
+AAbK2IQ6dCmvBgB44XZ0g0K1xuJ91vGJfMq78bwamBzWOhSgXws7dbtrUD0oGq93
+I22GccnkjrbdsLVpQyQMEhK3eVgj0r3W+sN3ECqcNT35qqNO82RX2RCdKrC8OsWU
+tFUtyhMgZyjXWFcwZnK8CISxtc1KXm2qrUC/Mh/NFGn8OngLaIu2WbDNeDO6ZUbr
+ET4pIbfbwMGEvCYKx9Owqp5NYa8/JyUzHoihzc+CLam2WFp1BrjveacfU6l0+NwX
+i5uYtSJI/K3iKiy+W+8dkdzRYKh09icOCL+GKPEiioJrxfNYX6/HNTbfV/rJWCqd
+gIIpWxvWs1y8wgg6t+VqMm5OG5nsPkkbZiO1cljUnMDAn8kGrp2sORrxCzVgDAKV
+uhXthAdbKPSombuwjKo2M1rzPCGkYTOcgw9N6iaLcD2J1+h25MsZy96L2bNfWB3h
+1iZxQ8ohe+kUmG5NyH6Q9+lYzPfD3PZotehIYI05legurJnK0WM3K+imUw3ZvPxM
+aD0K2+9m/7WFyf9Di34ZeW9Fe9/dYPosoloAJv0w6YrCz8lu5+Vb8BEdaOIFYlr1
+jDlOO94dlg30hCMsP2UpNB+HA1xJEXkFvTnqjAfBHheke97i3y/4FBho3nLDT8Ee
++VZp12H3/m46pxvVjkU4nWqFutDphHDJqN/G8ferAZgt
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIJ7TCCB9WgAwIBAgIHIBMEFAIgEjANBgkqhkiG9w0BAQ0FADCCARUxHDAaBgNV
+BAMTE2hldXJldXgtY3ljbGFnZS5vcmcxCzAJBgNVBAYTAkZSMQwwCgYDVQQrEwNM
+SEMxGjAYBgNVBAoTEUwnSGV1cmV1eCBDeWNsYWdlMVcwVQYDVQQLHk4AQQBuAHQA
+aQAtAGEAdQB0AG8AcgBpAHQA6QAgAGQAZQAgAGMAZQByAHQAaQBmAGkAYwBhAHQA
+aQBvAG4AIABwAHIAaQBtAGEAaQByAGUxDjAMBgNVBBETBTY5MDAxMR8wHQYDVQQI
+HhYAUgBoAPQAbgBlAC0AQQBsAHAAZQBzMR8wHQYDVQQJExYxMCBydWUgU2FpbnQg
+UG9seWNhcnBlMRMwEQYDVQQUHgoAbgDpAGEAbgB0MB4XDTEzMDQxNDAwMjAxMloX
+DTIzMDQxNTAwMjAxMlowggFyMQswCQYDVQQGEwJGUjEfMB0GA1UECB4WAFIAaAD0
+AG4AZQAtAEEAbABwAGUAczEfMB0GA1UEBx4WAFIAaAD0AG4AZQAtAEEAbABwAGUA
+czEaMBgGA1UEChMRTCdIZXVyZXV4IEN5Y2xhZ2UxLTArBgNVBAsTJFNZc3RlbWUg
+ZGUgTXVsdGktUG9zdGFnZSBBdXRvbWF0aXF1ZTEiMCAGA1UEAxMZc3ltcGEuaGV1
+cmV1eC1jeWNsYWdlLm9yZzFLMEkGA1UEDx5CAFYAMQAuADAALAAgAG4AaQAgAGQA
+aQBlAHUAIABuAGkAIABtAGEA7gB0AHIAZQAgAG4AaQAgAG0AbwB0AGUAdQByMScw
+JQYLKwYBBAGCNzwCAQEeFgBSAGgA9ABuAGUALQBBAGwAcABlAHMxJzAlBgsrBgEE
+AYI3PAIBAh4WAFIAaAD0AG4AZQAtAEEAbABwAGUAczETMBEGCysGAQQBgjc8AgED
+EwJGUjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKiXA1P3lE0TXmbQ
+oUWiJwkZWhQvnp2U+Xju9PzDw793Fll94Z4FqzkD7iIc6s9wKsmrbRyck4u1fZPx
+rSjicSXUUcRinFNh9AuMRA/olm3jQDaQpDyzhjOuI3XW7sqVkERhfHESkkeGttnU
+kzUJT2+RMcoinvulW9pDALEN6RwN5DbRQdsZOObBbNt7ahr0wtK+Q5AjW/dANTju
+sKxoA2POYZ6qW6Sp8NroQZ0qDg+pfvD9c/Rkn7uvrIlUMN+s9/euZvtAURClz0DO
+UXtgbg5705Kicdw4so7qAzehFS4xz6Y1vTVBuLzcFQZPhwuhi3GGDxkAt50bFZBn
+9oqHL2/ACg8Hsx3g3o5D5byGn6MyNd2D/s/iu4y5FQjlc52j31lNrRrlIQws3hBA
+ycWRbk4MsrSP1kzWJl7Oyn4wbjSzWodbbpNvjadweJ1Raa79anibC5TyTypTnivZ
+15BKr5kh+XsWqNk/7b2gVJ8+gBn1YezkKfLR778Q6lS9yDJ92NZZqubQTWtFHKbC
+O6ybDPDQqK7kKxrjsfl0c68fxcpbNi2NoCMyPwafVWXxl1MknwYCPe4hqvPDe64J
+St77775s4vQcOY4LdDOmM41E1AnIc4/3AhxUR2Jb3WPJk/7K6h4Cc7zg7sRJnLUp
+iNPpfgIk4mUoedPzbe035Pa/d1IVAgMBAAGjggLfMIIC2zASBgNVHRMBAf8ECDAG
+AQH/AgEAMAsGA1UdDwQEAwIBpjBHBgNVHREEQDA+gSFjb250YWN0K3N5bXBhQGhl
+dXJldXgtY3ljbGFnZS5vcmeCGXN5bXBhLmhldXJldXgtY3ljbGFnZS5vcmcwHQYD
+VR0OBBYEFL5Hl/nuubAdmATcjiKaT0DpE6+jMCYGA1UdEgQfMB2BG2NvbnRhY3RA
+aGV1cmV1eC1jeWNsYWdlLm9yZzCCAU0GA1UdIwSCAUQwggFAgBTQQETok+Fk9woJ
+QMBtg2e8t7ntSqGCAR2kggEZMIIBFTEcMBoGA1UEAxMTaGV1cmV1eC1jeWNsYWdl
+Lm9yZzELMAkGA1UEBhMCRlIxDDAKBgNVBCsTA0xIQzEaMBgGA1UEChMRTCdIZXVy
+ZXV4IEN5Y2xhZ2UxVzBVBgNVBAseTgBBAG4AdABpAC0AYQB1AHQAbwByAGkAdADp
+ACAAZABlACAAYwBlAHIAdABpAGYAaQBjAGEAdABpAG8AbgAgAHAAcgBpAG0AYQBp
+AHIAZTEOMAwGA1UEERMFNjkwMDExHzAdBgNVBAgeFgBSAGgA9ABuAGUALQBBAGwA
+cABlAHMxHzAdBgNVBAkTFjEwIHJ1ZSBTYWludCBQb2x5Y2FycGUxEzARBgNVBBQe
+CgBuAOkAYQBuAHSCByATAyYJODEwRwYIKwYBBQUHAQEEOzA5MDcGCCsGAQUFBzAC
+hitodHRwOi8vd3d3LmhldXJldXgtY3ljbGFnZS5vcmcveDUwOS9jcnQucGVtMEIG
+A1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly93d3cuaGV1cmV1eC1jeWNsYWdlLm9yZy94
+NTA5L3N5bXBhL2NybC5wZW0wSgYDVR0gBEMwQTA/BgUqgXoBKjA2MDQGCCsGAQUF
+BwIBFihodHRwczovL3d3dy5oZXVyZXV4LWN5Y2xhZ2Uub3JnL3g1MDkvY3BzMA0G
+CSqGSIb3DQEBDQUAA4ICAQAJ6RQWFyQDtnKonctz9TR6EEU4+0JsJzLK26Qn3NuA
+5kwSwRNsdZ8Yc0kFV1YjH3CvEmn05Bhw0HXO9hmrnt48l4PNhZokPcoKzJUiy4IK
+aSeAoUWn7NSywVZu7Rkh+5eIS+1Ok9Vza6pLqxyYP2X8bL39hYr6eQWuPSVP88aC
+vuwFTaloOWtYy89yS+8+0HZi3Qu+jIY++tZIOr2Q3vBJE56C/b2ib8GTW5K+nebR
+ilde8ajOL/W6LJybW532B65y2cyL2HqaFEdmswFy0ud+pAHDuyWu9zOtagW/nphi
+YKg5cA6ucz5FiSLjWCYHtLVPGFK+bfLUzD80dNPxWt+4NXIpijtichX+Y2TIuWY2
+amAlF3lhukLA+k78FVmE8GPW7+8iuvEu5WDjqANOjzZbYkLfxgZTyZl7nxwQrW5a
+Gj5ohnEgy9lFDk+1gLS2p74+w3PjcvMfniG+OHmekAo09M4YHfYlUoyvYVTW3FGp
+E2nMrxnmRfKiHnNnnH8JzYHjTEcpgSwl++NvzSuhTFJGqNz9XsAEPCErPTHWKrjS
+S5MpPcIaJfSj0RODt8qeeMq5dolSqV/ZzaJMZxmaxjxZAPksUKGB9RDU/Au0Vl0N
+cAGkE9w8zP1Xy8UnIW0bHEfD6XmfuwNLlS2tuVdoBfsEsnk+O1CZKPprWy50b2YL
+dw==
+-----END CERTIFICATE-----
+-----BEGIN X509 CRL-----
+MIIDzjCCAbYCAQEwDQYJKoZIhvcNAQENBQAwggFyMQswCQYDVQQGEwJGUjEfMB0G
+A1UECB4WAFIAaAD0AG4AZQAtAEEAbABwAGUAczEfMB0GA1UEBx4WAFIAaAD0AG4A
+ZQAtAEEAbABwAGUAczEaMBgGA1UEChMRTCdIZXVyZXV4IEN5Y2xhZ2UxLTArBgNV
+BAsTJFNZc3RlbWUgZGUgTXVsdGktUG9zdGFnZSBBdXRvbWF0aXF1ZTEiMCAGA1UE
+AxMZc3ltcGEuaGV1cmV1eC1jeWNsYWdlLm9yZzFLMEkGA1UEDx5CAFYAMQAuADAA
+LAAgAG4AaQAgAGQAaQBlAHUAIABuAGkAIABtAGEA7gB0AHIAZQAgAG4AaQAgAG0A
+bwB0AGUAdQByMScwJQYLKwYBBAGCNzwCAQEeFgBSAGgA9ABuAGUALQBBAGwAcABl
+AHMxJzAlBgsrBgEEAYI3PAIBAh4WAFIAaAD0AG4AZQAtAEEAbABwAGUAczETMBEG
+CysGAQQBgjc8AgEDEwJGUhcNMTMwNDE0MDAyMDEzWhcNMjMwNDE1MDAyMDEzWqAO
+MAwwCgYDVR0UBAMCAQAwDQYJKoZIhvcNAQENBQADggIBAJ/nEvqbiaE6I3baB+ov
+KJXKVRSn33x6UwQh5x0UgjCYnfxxWGUxZMqg0vQbrN+dL55P4zxgErUPQjqOsdYf
+IYR3oQd9qzxy/EdpA04J/Kr8Lmevc+ExW6E8H0ulXubzkUkCEGYEJx8M2pJoiJ0U
+FcFiQa1mFUoeO07foCXmQi86NCG+06miz63mkVgSbPcyTmsY6hmheIAaiZDLgFC2
+Ue9lYPIJuuENgmAh0UvLBsgGERhoBflq1UNrE1RKwTyXZyDj9ON7zoV1IcazunsP
+X0gM1qUZG9UHSvgDHveDJNFGTv9C86w+cIvMGn4lhy+KG4g0PJADPCsj+kTSj9gI
+1UiKJIY8PFEMGxI4RreIffsJ6ttQsGUqwXboiE+CvilJ/Io9cPy3Je6ndQtJe8/W
+xeN9tpGshCbaI2RqSZiShXvb9Q7lcK91U4ezxU64H9MVpATIafifaQWLGJhgo4z2
+WeAQ82//ZylrtRStsu788N816fGmqnJ5aagxOmiau8vfNyRmHZKShcuHwX5atOm4
+d1Y/YQlRo2l9Gw6U7Qd5t+kjlvllj+P4xFVuoydYnDHa2G6loENQtJvKcBH54sRw
++2X/LOBLclK5ZOWebJ7QUGk5OcH3Cip0VcxKfwk1hjNJohzcvmX4woTeMK7x4Lnu
+0mDyz7RpIbs/tUgDHMZwT3b9
+-----END X509 CRL-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIKgjCCCGqgAwIBAgIHIBMEFAIgFDANBgkqhkiG9w0BAQ0FADCCAXIxCzAJBgNV
+BAYTAkZSMR8wHQYDVQQIHhYAUgBoAPQAbgBlAC0AQQBsAHAAZQBzMR8wHQYDVQQH
+HhYAUgBoAPQAbgBlAC0AQQBsAHAAZQBzMRowGAYDVQQKExFMJ0hldXJldXggQ3lj
+bGFnZTEtMCsGA1UECxMkU1lzdGVtZSBkZSBNdWx0aS1Qb3N0YWdlIEF1dG9tYXRp
+cXVlMSIwIAYDVQQDExlzeW1wYS5oZXVyZXV4LWN5Y2xhZ2Uub3JnMUswSQYDVQQP
+HkIAVgAxAC4AMAAsACAAbgBpACAAZABpAGUAdQAgAG4AaQAgAG0AYQDuAHQAcgBl
+ACAAbgBpACAAbQBvAHQAZQB1AHIxJzAlBgsrBgEEAYI3PAIBAR4WAFIAaAD0AG4A
+ZQAtAEEAbABwAGUAczEnMCUGCysGAQQBgjc8AgECHhYAUgBoAPQAbgBlAC0AQQBs
+AHAAZQBzMRMwEQYLKwYBBAGCNzwCAQMTAkZSMB4XDTEzMDQxNDAwMjAxNFoXDTIz
+MDQxNTAwMjAxNFowggFyMQswCQYDVQQGEwJGUjEfMB0GA1UECB4WAFIAaAD0AG4A
+ZQAtAEEAbABwAGUAczEfMB0GA1UEBx4WAFIAaAD0AG4AZQAtAEEAbABwAGUAczEa
+MBgGA1UEChMRTCdIZXVyZXV4IEN5Y2xhZ2UxLTArBgNVBAsTJFNZc3RlbWUgZGUg
+TXVsdGktUG9zdGFnZSBBdXRvbWF0aXF1ZTEiMCAGA1UEAxMZc3ltcGEuaGV1cmV1
+eC1jeWNsYWdlLm9yZzFLMEkGA1UEDx5CAFYAMQAuADAALAAgAG4AaQAgAGQAaQBl
+AHUAIABuAGkAIABtAGEA7gB0AHIAZQAgAG4AaQAgAG0AbwB0AGUAdQByMScwJQYL
+KwYBBAGCNzwCAQEeFgBSAGgA9ABuAGUALQBBAGwAcABlAHMxJzAlBgsrBgEEAYI3
+PAIBAh4WAFIAaAD0AG4AZQAtAEEAbABwAGUAczETMBEGCysGAQQBgjc8AgEDEwJG
+UjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKiXA1P3lE0TXmbQoUWi
+JwkZWhQvnp2U+Xju9PzDw793Fll94Z4FqzkD7iIc6s9wKsmrbRyck4u1fZPxrSji
+cSXUUcRinFNh9AuMRA/olm3jQDaQpDyzhjOuI3XW7sqVkERhfHESkkeGttnUkzUJ
+T2+RMcoinvulW9pDALEN6RwN5DbRQdsZOObBbNt7ahr0wtK+Q5AjW/dANTjusKxo
+A2POYZ6qW6Sp8NroQZ0qDg+pfvD9c/Rkn7uvrIlUMN+s9/euZvtAURClz0DOUXtg
+bg5705Kicdw4so7qAzehFS4xz6Y1vTVBuLzcFQZPhwuhi3GGDxkAt50bFZBn9oqH
+L2/ACg8Hsx3g3o5D5byGn6MyNd2D/s/iu4y5FQjlc52j31lNrRrlIQws3hBAycWR
+bk4MsrSP1kzWJl7Oyn4wbjSzWodbbpNvjadweJ1Raa79anibC5TyTypTnivZ15BK
+r5kh+XsWqNk/7b2gVJ8+gBn1YezkKfLR778Q6lS9yDJ92NZZqubQTWtFHKbCO6yb
+DPDQqK7kKxrjsfl0c68fxcpbNi2NoCMyPwafVWXxl1MknwYCPe4hqvPDe64JSt77
+775s4vQcOY4LdDOmM41E1AnIc4/3AhxUR2Jb3WPJk/7K6h4Cc7zg7sRJnLUpiNPp
+fgIk4mUoedPzbe035Pa/d1IVAgMBAAGjggMXMIIDEzASBgNVHRMBAf8ECDAGAQH/
+AgEAMAsGA1UdDwQEAwIBpjBHBgNVHREEQDA+gSFjb250YWN0K3N5bXBhQGhldXJl
+dXgtY3ljbGFnZS5vcmeCGXN5bXBhLmhldXJldXgtY3ljbGFnZS5vcmcwHQYDVR0O
+BBYEFL5Hl/nuubAdmATcjiKaT0DpE6+jMEcGA1UdEgRAMD6BIWNvbnRhY3Qrc3lt
+cGFAaGV1cmV1eC1jeWNsYWdlLm9yZ4IZc3ltcGEuaGV1cmV1eC1jeWNsYWdlLm9y
+ZzCCAaoGA1UdIwSCAaEwggGdgBS+R5f57rmwHZgE3I4imk9A6ROvo6GCAXqkggF2
+MIIBcjELMAkGA1UEBhMCRlIxHzAdBgNVBAgeFgBSAGgA9ABuAGUALQBBAGwAcABl
+AHMxHzAdBgNVBAceFgBSAGgA9ABuAGUALQBBAGwAcABlAHMxGjAYBgNVBAoTEUwn
+SGV1cmV1eCBDeWNsYWdlMS0wKwYDVQQLEyRTWXN0ZW1lIGRlIE11bHRpLVBvc3Rh
+Z2UgQXV0b21hdGlxdWUxIjAgBgNVBAMTGXN5bXBhLmhldXJldXgtY3ljbGFnZS5v
+cmcxSzBJBgNVBA8eQgBWADEALgAwACwAIABuAGkAIABkAGkAZQB1ACAAbgBpACAA
+bQBhAO4AdAByAGUAIABuAGkAIABtAG8AdABlAHUAcjEnMCUGCysGAQQBgjc8AgEB
+HhYAUgBoAPQAbgBlAC0AQQBsAHAAZQBzMScwJQYLKwYBBAGCNzwCAQIeFgBSAGgA
+9ABuAGUALQBBAGwAcABlAHMxEzARBgsrBgEEAYI3PAIBAxMCRlKCByATBBQCIBQw
+TQYIKwYBBQUHAQEEQTA/MD0GCCsGAQUFBzAChjFodHRwOi8vd3d3LmhldXJldXgt
+Y3ljbGFnZS5vcmcveDUwOS9zeW1wYS9jcnQucGVtMEIGA1UdHwQ7MDkwN6A1oDOG
+MWh0dHA6Ly93d3cuaGV1cmV1eC1jeWNsYWdlLm9yZy94NTA5L3N5bXBhL2NybC5w
+ZW0wDQYJKoZIhvcNAQENBQADggIBABIpFGv1dYvoPyJ2f+umA20OFiciSpfcJA74
+UgjyS6ASgziiPtoCCzOKsbQWNGViqDv8nYvCByVMWlgwuf7u/l/XaOB1vjV10t5T
+z+I+kGm5LKhVEEaaC5JQaNrYVd/wocg2R64q+3XVuVYrFm8e4gxN5+NSSX+FYqsN
+QUOGSSm7ih5mdAC97NzP/TjnEQFexx0w+SI0Qm44kKEi7yv6F2G7XmstXfwlBVf4
+TB4ScKd/89A4mQs4eQA0s1kkKI6v3MoL0S1OJGr5mAgie70RC8pUER0NST6bXpRE
+LmBAqagfipbmz8o/KWlKsahX4v0uOgJQsKzFZSZLnLfLnv+tuQT74f5W6oC+O6pw
+1B/1qyBmbh0Qi3HPeUL7YWSrQ0nsO3al4a2xfMHRzsI8Dk9xcUrg0rmmcPY8eUiZ
+48sr6GUpSXEOR8nVd4sXXdp3/1ewSGrOGueZWypnY1lk/TLwCZgwNc/TTblRe7rU
+0cJPSrkvIotjIdps4nyHzBZY3vwyF3wm8Zwlv5lJ6PVMaFswBLAkfsJlZxpemK1Z
+41+t6XtpKDCAHtn4EeEG7RzG1Yo6u7afmhGXSzRfwczm+B4ZK0MvcxlRr2+0A01p
+okp7s+5+Q2eS2iY95SUbmuyXMbDS32PyGXuOidUcpVYF7HisM7fFw5b2ffHMe+jc
+NwmU1H4C
+-----END CERTIFICATE-----
+-----BEGIN X509 CRL-----
+MIIDzjCCAbYCAQEwDQYJKoZIhvcNAQENBQAwggFyMQswCQYDVQQGEwJGUjEfMB0G
+A1UECB4WAFIAaAD0AG4AZQAtAEEAbABwAGUAczEfMB0GA1UEBx4WAFIAaAD0AG4A
+ZQAtAEEAbABwAGUAczEaMBgGA1UEChMRTCdIZXVyZXV4IEN5Y2xhZ2UxLTArBgNV
+BAsTJFNZc3RlbWUgZGUgTXVsdGktUG9zdGFnZSBBdXRvbWF0aXF1ZTEiMCAGA1UE
+AxMZc3ltcGEuaGV1cmV1eC1jeWNsYWdlLm9yZzFLMEkGA1UEDx5CAFYAMQAuADAA
+LAAgAG4AaQAgAGQAaQBlAHUAIABuAGkAIABtAGEA7gB0AHIAZQAgAG4AaQAgAG0A
+bwB0AGUAdQByMScwJQYLKwYBBAGCNzwCAQEeFgBSAGgA9ABuAGUALQBBAGwAcABl
+AHMxJzAlBgsrBgEEAYI3PAIBAh4WAFIAaAD0AG4AZQAtAEEAbABwAGUAczETMBEG
+CysGAQQBgjc8AgEDEwJGUhcNMTMwNDE0MDAyMDE0WhcNMjMwNDE1MDAyMDE0WqAO
+MAwwCgYDVR0UBAMCAQAwDQYJKoZIhvcNAQENBQADggIBAJIs49a3qnjacl22s+tc
+CNwjx77gd3a096B91od6dbGyMVJ00VhHyDEqZnKVbRsgvsVCLu+C4II99Eo0BSk4
+sDl7So+5SblCyRE3TwDYg0XlPTd85FtrklGR5W3b0J/mwKA8idw5NsJ4+7fJXOFf
+m51ph4j9aAnRoEepHJup+EbGi+w47Ozxu/LDm72CriPtkkqgiPfJ9rqrPmIUzpnW
+fSCKx2lqkandP9GnMWAdzRI0CwIQeo945E5nro/qUAqhCnXejm5PokekifKcnzHp
+tjkE+PEXj+76gnA9sx8AN2bUvkTF6mKMkaMUXCBl6YuQY/wdWq0S0yYPsPN3a/4P
++hAHQZ8BKP7wJbXXHDyBarp05ebEzmSVRkPUDKEzQgUbIExpszNLHXIcxF5T0VE9
+b0GjzjAF8jsMfFu8YZKy30uKTfpfygHdt4lDQExSAaqqnw3G6wPFPIyqkAw6yANl
+eC0FyVGoFwZqwU660WZzysBTn4PzPAmtVF6s/Y5khVz7XuXnJ/Kjfxu2D9fpAnaX
+YwPFDa11HH2+68aKTfWeAtN3GVoeKJ4qg9VMhycX+RTPX50gNpt7RK43jTkPtIy+
+gXzoBcjtgpN0gXprAyIg3rPimuVTnHd47ePmvc9d8pBJkRaF+CR2mzg/t/j+tiqK
+TO1Avx+k6UDYE0KjX2G6irbR
+-----END X509 CRL-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIJ7TCCB9WgAwIBAgIHIBMEFAIgEjANBgkqhkiG9w0BAQ0FADCCARUxHDAaBgNV
+BAMTE2hldXJldXgtY3ljbGFnZS5vcmcxCzAJBgNVBAYTAkZSMQwwCgYDVQQrEwNM
+SEMxGjAYBgNVBAoTEUwnSGV1cmV1eCBDeWNsYWdlMVcwVQYDVQQLHk4AQQBuAHQA
+aQAtAGEAdQB0AG8AcgBpAHQA6QAgAGQAZQAgAGMAZQByAHQAaQBmAGkAYwBhAHQA
+aQBvAG4AIABwAHIAaQBtAGEAaQByAGUxDjAMBgNVBBETBTY5MDAxMR8wHQYDVQQI
+HhYAUgBoAPQAbgBlAC0AQQBsAHAAZQBzMR8wHQYDVQQJExYxMCBydWUgU2FpbnQg
+UG9seWNhcnBlMRMwEQYDVQQUHgoAbgDpAGEAbgB0MB4XDTEzMDQxNDAwMjAxMloX
+DTIzMDQxNTAwMjAxMlowggFyMQswCQYDVQQGEwJGUjEfMB0GA1UECB4WAFIAaAD0
+AG4AZQAtAEEAbABwAGUAczEfMB0GA1UEBx4WAFIAaAD0AG4AZQAtAEEAbABwAGUA
+czEaMBgGA1UEChMRTCdIZXVyZXV4IEN5Y2xhZ2UxLTArBgNVBAsTJFNZc3RlbWUg
+ZGUgTXVsdGktUG9zdGFnZSBBdXRvbWF0aXF1ZTEiMCAGA1UEAxMZc3ltcGEuaGV1
+cmV1eC1jeWNsYWdlLm9yZzFLMEkGA1UEDx5CAFYAMQAuADAALAAgAG4AaQAgAGQA
+aQBlAHUAIABuAGkAIABtAGEA7gB0AHIAZQAgAG4AaQAgAG0AbwB0AGUAdQByMScw
+JQYLKwYBBAGCNzwCAQEeFgBSAGgA9ABuAGUALQBBAGwAcABlAHMxJzAlBgsrBgEE
+AYI3PAIBAh4WAFIAaAD0AG4AZQAtAEEAbABwAGUAczETMBEGCysGAQQBgjc8AgED
+EwJGUjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKiXA1P3lE0TXmbQ
+oUWiJwkZWhQvnp2U+Xju9PzDw793Fll94Z4FqzkD7iIc6s9wKsmrbRyck4u1fZPx
+rSjicSXUUcRinFNh9AuMRA/olm3jQDaQpDyzhjOuI3XW7sqVkERhfHESkkeGttnU
+kzUJT2+RMcoinvulW9pDALEN6RwN5DbRQdsZOObBbNt7ahr0wtK+Q5AjW/dANTju
+sKxoA2POYZ6qW6Sp8NroQZ0qDg+pfvD9c/Rkn7uvrIlUMN+s9/euZvtAURClz0DO
+UXtgbg5705Kicdw4so7qAzehFS4xz6Y1vTVBuLzcFQZPhwuhi3GGDxkAt50bFZBn
+9oqHL2/ACg8Hsx3g3o5D5byGn6MyNd2D/s/iu4y5FQjlc52j31lNrRrlIQws3hBA
+ycWRbk4MsrSP1kzWJl7Oyn4wbjSzWodbbpNvjadweJ1Raa79anibC5TyTypTnivZ
+15BKr5kh+XsWqNk/7b2gVJ8+gBn1YezkKfLR778Q6lS9yDJ92NZZqubQTWtFHKbC
+O6ybDPDQqK7kKxrjsfl0c68fxcpbNi2NoCMyPwafVWXxl1MknwYCPe4hqvPDe64J
+St77775s4vQcOY4LdDOmM41E1AnIc4/3AhxUR2Jb3WPJk/7K6h4Cc7zg7sRJnLUp
+iNPpfgIk4mUoedPzbe035Pa/d1IVAgMBAAGjggLfMIIC2zASBgNVHRMBAf8ECDAG
+AQH/AgEAMAsGA1UdDwQEAwIBpjBHBgNVHREEQDA+gSFjb250YWN0K3N5bXBhQGhl
+dXJldXgtY3ljbGFnZS5vcmeCGXN5bXBhLmhldXJldXgtY3ljbGFnZS5vcmcwHQYD
+VR0OBBYEFL5Hl/nuubAdmATcjiKaT0DpE6+jMCYGA1UdEgQfMB2BG2NvbnRhY3RA
+aGV1cmV1eC1jeWNsYWdlLm9yZzCCAU0GA1UdIwSCAUQwggFAgBTQQETok+Fk9woJ
+QMBtg2e8t7ntSqGCAR2kggEZMIIBFTEcMBoGA1UEAxMTaGV1cmV1eC1jeWNsYWdl
+Lm9yZzELMAkGA1UEBhMCRlIxDDAKBgNVBCsTA0xIQzEaMBgGA1UEChMRTCdIZXVy
+ZXV4IEN5Y2xhZ2UxVzBVBgNVBAseTgBBAG4AdABpAC0AYQB1AHQAbwByAGkAdADp
+ACAAZABlACAAYwBlAHIAdABpAGYAaQBjAGEAdABpAG8AbgAgAHAAcgBpAG0AYQBp
+AHIAZTEOMAwGA1UEERMFNjkwMDExHzAdBgNVBAgeFgBSAGgA9ABuAGUALQBBAGwA
+cABlAHMxHzAdBgNVBAkTFjEwIHJ1ZSBTYWludCBQb2x5Y2FycGUxEzARBgNVBBQe
+CgBuAOkAYQBuAHSCByATAyYJODEwRwYIKwYBBQUHAQEEOzA5MDcGCCsGAQUFBzAC
+hitodHRwOi8vd3d3LmhldXJldXgtY3ljbGFnZS5vcmcveDUwOS9jcnQucGVtMEIG
+A1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly93d3cuaGV1cmV1eC1jeWNsYWdlLm9yZy94
+NTA5L3N5bXBhL2NybC5wZW0wSgYDVR0gBEMwQTA/BgUqgXoBKjA2MDQGCCsGAQUF
+BwIBFihodHRwczovL3d3dy5oZXVyZXV4LWN5Y2xhZ2Uub3JnL3g1MDkvY3BzMA0G
+CSqGSIb3DQEBDQUAA4ICAQAJ6RQWFyQDtnKonctz9TR6EEU4+0JsJzLK26Qn3NuA
+5kwSwRNsdZ8Yc0kFV1YjH3CvEmn05Bhw0HXO9hmrnt48l4PNhZokPcoKzJUiy4IK
+aSeAoUWn7NSywVZu7Rkh+5eIS+1Ok9Vza6pLqxyYP2X8bL39hYr6eQWuPSVP88aC
+vuwFTaloOWtYy89yS+8+0HZi3Qu+jIY++tZIOr2Q3vBJE56C/b2ib8GTW5K+nebR
+ilde8ajOL/W6LJybW532B65y2cyL2HqaFEdmswFy0ud+pAHDuyWu9zOtagW/nphi
+YKg5cA6ucz5FiSLjWCYHtLVPGFK+bfLUzD80dNPxWt+4NXIpijtichX+Y2TIuWY2
+amAlF3lhukLA+k78FVmE8GPW7+8iuvEu5WDjqANOjzZbYkLfxgZTyZl7nxwQrW5a
+Gj5ohnEgy9lFDk+1gLS2p74+w3PjcvMfniG+OHmekAo09M4YHfYlUoyvYVTW3FGp
+E2nMrxnmRfKiHnNnnH8JzYHjTEcpgSwl++NvzSuhTFJGqNz9XsAEPCErPTHWKrjS
+S5MpPcIaJfSj0RODt8qeeMq5dolSqV/ZzaJMZxmaxjxZAPksUKGB9RDU/Au0Vl0N
+cAGkE9w8zP1Xy8UnIW0bHEfD6XmfuwNLlS2tuVdoBfsEsnk+O1CZKPprWy50b2YL
+dw==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.12 (GNU/Linux)
+
+iQIcBAABCgAGBQJRafY8AAoJEF4nGc9w/oqevqgP/RJEf3vX+ddIdtSomcpUuADE
+Nk/40UfYYwhXDME9oGJVsLUuKfEvubLCPx+nnHNuQcJtWiXpezckBjlV4w9/vbjx
+yQCAJFBVSb6BEiHh02y6vUGDHg01JTYj8u6+8WrFLxwmcVslLEuMLB4ikKOxWJux
+fUh76tQudKOgEZfFbxh8kti5gXHg+CEYVyMKBIdmxdkAeiR/GjGewxECSYTAohSB
+nhXAMlkSR2DxSqCdSI0a3YL1QGhdzQ3H7zotpBz4DrEKBufMz0ztxg5MmXE3jVOw
+mxgIMcIwR6TWyrMV16rNxtKnlSaDR0NA6PBgNF0TJAhwvY6eJxZfxzM1odaseTrz
+E+7GY8OdaBlp1zWaMt71PxWcj9qOA5lsGfmkdH8OXp/r+66tKg6o6VX4EQRbfnGP
+qaKQLOjOn/n9oQdlb/rgPoly1KNKgkVMY80AkMW12k9sH/RBk89K573Y6MSuWld8
+PyVlSNoH39zgx51j1W5nUwT1ahl01gbVy+gPvmJ65zqulxOw+kRXxDGgfjUNY4NE
+sUmCCZlIZnE8hAJOBeVGNjhaAnSHidSE2S5VicN762qMxSh/N+/O7t+Obavguf/+
+kK8aO/0tkRsIekcObhM7IGydx3AxJnKmdCK1RPTdmNkQMg9g59iN9GRjsXMnDHtb
+yB0bjdzDxWeADXWQ9B/N
+=7oqB
+-----END PGP SIGNATURE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIKgjCCCGqgAwIBAgIHIBMEFAIgFDANBgkqhkiG9w0BAQ0FADCCAXIxCzAJBgNV
+BAYTAkZSMR8wHQYDVQQIHhYAUgBoAPQAbgBlAC0AQQBsAHAAZQBzMR8wHQYDVQQH
+HhYAUgBoAPQAbgBlAC0AQQBsAHAAZQBzMRowGAYDVQQKExFMJ0hldXJldXggQ3lj
+bGFnZTEtMCsGA1UECxMkU1lzdGVtZSBkZSBNdWx0aS1Qb3N0YWdlIEF1dG9tYXRp
+cXVlMSIwIAYDVQQDExlzeW1wYS5oZXVyZXV4LWN5Y2xhZ2Uub3JnMUswSQYDVQQP
+HkIAVgAxAC4AMAAsACAAbgBpACAAZABpAGUAdQAgAG4AaQAgAG0AYQDuAHQAcgBl
+ACAAbgBpACAAbQBvAHQAZQB1AHIxJzAlBgsrBgEEAYI3PAIBAR4WAFIAaAD0AG4A
+ZQAtAEEAbABwAGUAczEnMCUGCysGAQQBgjc8AgECHhYAUgBoAPQAbgBlAC0AQQBs
+AHAAZQBzMRMwEQYLKwYBBAGCNzwCAQMTAkZSMB4XDTEzMDQxNDAwMjAxNFoXDTIz
+MDQxNTAwMjAxNFowggFyMQswCQYDVQQGEwJGUjEfMB0GA1UECB4WAFIAaAD0AG4A
+ZQAtAEEAbABwAGUAczEfMB0GA1UEBx4WAFIAaAD0AG4AZQAtAEEAbABwAGUAczEa
+MBgGA1UEChMRTCdIZXVyZXV4IEN5Y2xhZ2UxLTArBgNVBAsTJFNZc3RlbWUgZGUg
+TXVsdGktUG9zdGFnZSBBdXRvbWF0aXF1ZTEiMCAGA1UEAxMZc3ltcGEuaGV1cmV1
+eC1jeWNsYWdlLm9yZzFLMEkGA1UEDx5CAFYAMQAuADAALAAgAG4AaQAgAGQAaQBl
+AHUAIABuAGkAIABtAGEA7gB0AHIAZQAgAG4AaQAgAG0AbwB0AGUAdQByMScwJQYL
+KwYBBAGCNzwCAQEeFgBSAGgA9ABuAGUALQBBAGwAcABlAHMxJzAlBgsrBgEEAYI3
+PAIBAh4WAFIAaAD0AG4AZQAtAEEAbABwAGUAczETMBEGCysGAQQBgjc8AgEDEwJG
+UjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKiXA1P3lE0TXmbQoUWi
+JwkZWhQvnp2U+Xju9PzDw793Fll94Z4FqzkD7iIc6s9wKsmrbRyck4u1fZPxrSji
+cSXUUcRinFNh9AuMRA/olm3jQDaQpDyzhjOuI3XW7sqVkERhfHESkkeGttnUkzUJ
+T2+RMcoinvulW9pDALEN6RwN5DbRQdsZOObBbNt7ahr0wtK+Q5AjW/dANTjusKxo
+A2POYZ6qW6Sp8NroQZ0qDg+pfvD9c/Rkn7uvrIlUMN+s9/euZvtAURClz0DOUXtg
+bg5705Kicdw4so7qAzehFS4xz6Y1vTVBuLzcFQZPhwuhi3GGDxkAt50bFZBn9oqH
+L2/ACg8Hsx3g3o5D5byGn6MyNd2D/s/iu4y5FQjlc52j31lNrRrlIQws3hBAycWR
+bk4MsrSP1kzWJl7Oyn4wbjSzWodbbpNvjadweJ1Raa79anibC5TyTypTnivZ15BK
+r5kh+XsWqNk/7b2gVJ8+gBn1YezkKfLR778Q6lS9yDJ92NZZqubQTWtFHKbCO6yb
+DPDQqK7kKxrjsfl0c68fxcpbNi2NoCMyPwafVWXxl1MknwYCPe4hqvPDe64JSt77
+775s4vQcOY4LdDOmM41E1AnIc4/3AhxUR2Jb3WPJk/7K6h4Cc7zg7sRJnLUpiNPp
+fgIk4mUoedPzbe035Pa/d1IVAgMBAAGjggMXMIIDEzASBgNVHRMBAf8ECDAGAQH/
+AgEAMAsGA1UdDwQEAwIBpjBHBgNVHREEQDA+gSFjb250YWN0K3N5bXBhQGhldXJl
+dXgtY3ljbGFnZS5vcmeCGXN5bXBhLmhldXJldXgtY3ljbGFnZS5vcmcwHQYDVR0O
+BBYEFL5Hl/nuubAdmATcjiKaT0DpE6+jMEcGA1UdEgRAMD6BIWNvbnRhY3Qrc3lt
+cGFAaGV1cmV1eC1jeWNsYWdlLm9yZ4IZc3ltcGEuaGV1cmV1eC1jeWNsYWdlLm9y
+ZzCCAaoGA1UdIwSCAaEwggGdgBS+R5f57rmwHZgE3I4imk9A6ROvo6GCAXqkggF2
+MIIBcjELMAkGA1UEBhMCRlIxHzAdBgNVBAgeFgBSAGgA9ABuAGUALQBBAGwAcABl
+AHMxHzAdBgNVBAceFgBSAGgA9ABuAGUALQBBAGwAcABlAHMxGjAYBgNVBAoTEUwn
+SGV1cmV1eCBDeWNsYWdlMS0wKwYDVQQLEyRTWXN0ZW1lIGRlIE11bHRpLVBvc3Rh
+Z2UgQXV0b21hdGlxdWUxIjAgBgNVBAMTGXN5bXBhLmhldXJldXgtY3ljbGFnZS5v
+cmcxSzBJBgNVBA8eQgBWADEALgAwACwAIABuAGkAIABkAGkAZQB1ACAAbgBpACAA
+bQBhAO4AdAByAGUAIABuAGkAIABtAG8AdABlAHUAcjEnMCUGCysGAQQBgjc8AgEB
+HhYAUgBoAPQAbgBlAC0AQQBsAHAAZQBzMScwJQYLKwYBBAGCNzwCAQIeFgBSAGgA
+9ABuAGUALQBBAGwAcABlAHMxEzARBgsrBgEEAYI3PAIBAxMCRlKCByATBBQCIBQw
+TQYIKwYBBQUHAQEEQTA/MD0GCCsGAQUFBzAChjFodHRwOi8vd3d3LmhldXJldXgt
+Y3ljbGFnZS5vcmcveDUwOS9zeW1wYS9jcnQucGVtMEIGA1UdHwQ7MDkwN6A1oDOG
+MWh0dHA6Ly93d3cuaGV1cmV1eC1jeWNsYWdlLm9yZy94NTA5L3N5bXBhL2NybC5w
+ZW0wDQYJKoZIhvcNAQENBQADggIBABIpFGv1dYvoPyJ2f+umA20OFiciSpfcJA74
+UgjyS6ASgziiPtoCCzOKsbQWNGViqDv8nYvCByVMWlgwuf7u/l/XaOB1vjV10t5T
+z+I+kGm5LKhVEEaaC5JQaNrYVd/wocg2R64q+3XVuVYrFm8e4gxN5+NSSX+FYqsN
+QUOGSSm7ih5mdAC97NzP/TjnEQFexx0w+SI0Qm44kKEi7yv6F2G7XmstXfwlBVf4
+TB4ScKd/89A4mQs4eQA0s1kkKI6v3MoL0S1OJGr5mAgie70RC8pUER0NST6bXpRE
+LmBAqagfipbmz8o/KWlKsahX4v0uOgJQsKzFZSZLnLfLnv+tuQT74f5W6oC+O6pw
+1B/1qyBmbh0Qi3HPeUL7YWSrQ0nsO3al4a2xfMHRzsI8Dk9xcUrg0rmmcPY8eUiZ
+48sr6GUpSXEOR8nVd4sXXdp3/1ewSGrOGueZWypnY1lk/TLwCZgwNc/TTblRe7rU
+0cJPSrkvIotjIdps4nyHzBZY3vwyF3wm8Zwlv5lJ6PVMaFswBLAkfsJlZxpemK1Z
+41+t6XtpKDCAHtn4EeEG7RzG1Yo6u7afmhGXSzRfwczm+B4ZK0MvcxlRr2+0A01p
+okp7s+5+Q2eS2iY95SUbmuyXMbDS32PyGXuOidUcpVYF7HisM7fFw5b2ffHMe+jc
+NwmU1H4C
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.12 (GNU/Linux)
+
+iQIcBAABCgAGBQJRafY+AAoJEF4nGc9w/oqeyjoP/0KRPZb9inehT5Ni3gV7V1Wv
+Pi1BXIdv8yow6H+RtKkniy0ridlEc9FUI80dnsNomKrxbms7hEUn05vkm/SShvAd
+Vl3sfMQDc6gSGLNJgR2DEPl8fg3jELARnVB2XW3GebP2L70iSfldPllMZxPmCK7I
+kKNLX5mtlqXzFqDBOlBboyzlXMnqPaq76pM3c2hRhmtlL1aJpOB2WBfUjIcFNApY
+WyK2XwHZ5ILB0KH52XsPQd1giq+Zb80tQWfi4m4wRCY+xgC587V+S8texX4gjFmf
+Vhey1KY/L+vAmpKw3R0ofWOoNUuuCWiALyPp2uPOSKv+d0EekHO2TZ/6p9fpF66E
+9NsTVHarVZrymdF+flyTbTSXSrXw3VKdXT+5VloirWQC6O9QIkzsPOJya0N55qqI
+eec/FJL8V/GoLlErq2TxhZjmdjuyn516lixp3f0pOUplmeX5rEJJd14vJ69dZk5K
+1WPQGXilYSJHZBZX7EiwwZ0cAs7NssejYvdjCdAnY8FPPgQVoDjIdI1aZHi2VoLu
+LXs5F5D+J81MQDYGs3QR/xRJltGO2rxZXrOklbVS/OHi6yDLXsmS9GLREKrIJaQS
+yLQqt5VHluL16+EAnfSyT0mr5wNDc8Ul/u0T33uJdaUhf8ZztNw4vJVRZDe4PUht
+Gp7eptLAKErLIlBZbl2G
+=nSdC
+-----END PGP SIGNATURE-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIIFuTCCA6ECAQAwggFyMQswCQYDVQQGEwJGUjEfMB0GA1UECB4WAFIAaAD0AG4A
+ZQAtAEEAbABwAGUAczEfMB0GA1UEBx4WAFIAaAD0AG4AZQAtAEEAbABwAGUAczEa
+MBgGA1UEChMRTCdIZXVyZXV4IEN5Y2xhZ2UxLTArBgNVBAsTJFNZc3RlbWUgZGUg
+TXVsdGktUG9zdGFnZSBBdXRvbWF0aXF1ZTEiMCAGA1UEAxMZc3ltcGEuaGV1cmV1
+eC1jeWNsYWdlLm9yZzFLMEkGA1UEDx5CAFYAMQAuADAALAAgAG4AaQAgAGQAaQBl
+AHUAIABuAGkAIABtAGEA7gB0AHIAZQAgAG4AaQAgAG0AbwB0AGUAdQByMScwJQYL
+KwYBBAGCNzwCAQEeFgBSAGgA9ABuAGUALQBBAGwAcABlAHMxJzAlBgsrBgEEAYI3
+PAIBAh4WAFIAaAD0AG4AZQAtAEEAbABwAGUAczETMBEGCysGAQQBgjc8AgEDEwJG
+UjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKiXA1P3lE0TXmbQoUWi
+JwkZWhQvnp2U+Xju9PzDw793Fll94Z4FqzkD7iIc6s9wKsmrbRyck4u1fZPxrSji
+cSXUUcRinFNh9AuMRA/olm3jQDaQpDyzhjOuI3XW7sqVkERhfHESkkeGttnUkzUJ
+T2+RMcoinvulW9pDALEN6RwN5DbRQdsZOObBbNt7ahr0wtK+Q5AjW/dANTjusKxo
+A2POYZ6qW6Sp8NroQZ0qDg+pfvD9c/Rkn7uvrIlUMN+s9/euZvtAURClz0DOUXtg
+bg5705Kicdw4so7qAzehFS4xz6Y1vTVBuLzcFQZPhwuhi3GGDxkAt50bFZBn9oqH
+L2/ACg8Hsx3g3o5D5byGn6MyNd2D/s/iu4y5FQjlc52j31lNrRrlIQws3hBAycWR
+bk4MsrSP1kzWJl7Oyn4wbjSzWodbbpNvjadweJ1Raa79anibC5TyTypTnivZ15BK
+r5kh+XsWqNk/7b2gVJ8+gBn1YezkKfLR778Q6lS9yDJ92NZZqubQTWtFHKbCO6yb
+DPDQqK7kKxrjsfl0c68fxcpbNi2NoCMyPwafVWXxl1MknwYCPe4hqvPDe64JSt77
+775s4vQcOY4LdDOmM41E1AnIc4/3AhxUR2Jb3WPJk/7K6h4Cc7zg7sRJnLUpiNPp
+fgIk4mUoedPzbe035Pa/d1IVAgMBAAGgADANBgkqhkiG9w0BAQ0FAAOCAgEAph0j
+9w5CWT2HKBTTY/Im4Y74YBANoBS7w9Oku4mucVplodA1oxt8ZzKs/sPzDl/jBFO1
+rsBHFzKerT0hp+VEn3hlkMbk3NPAJ6ZkmFURVkX0hnrTZ6NyVbPzEjkZ/N4XsGZF
+k0BmzkPv7eZRJrb0anwPL4PMpx3RBv5yq7Ci2la5FgL/SwZ4JpDrnjFvdeJy0SsK
+cy8Y2afie5GPs/OlN/n+IQEHWZUAsF2ENXKvkJhTieRYaMLDLHwjapSb6PyALeh6
+7vqvak9y2elucIPOMZuPHFeeJOhQyqXr5ie4pspnISN2a81eg3tl1KfyHVvCA/Km
+SSuDM5DZyWsQjTguEJhB1F43aqeeyapTEZ2hGdvyFax6vmv4nbPvN5CO3T1W1F7U
+fnVPeBxsAnsoChjrLB2/gS7u1KYkxpRpZCSbjM8Tsv9CC0tAcWkZ68PQdfGwFoEH
+amsjidegP3uwbRa0tiAIgoOwcTnc99rAWxJiptdm9eEOxaH3wxFsN0uaWbvS+aa9
+bjvh+k82c+vtujMBnEvIZGmP5FIg7i86SUFmIIqeoMTVkgQAgZ4aDnejghHnRFdM
+jqXXS0xIdTc2kPtpLhPj7CW3jy+Xlu53B0NIWPPp4vUGUKE4XmAkXLg7FeQHLFQR
+ShszfYJhJPlhNP1TBvoczqs4MNWdh3ED2jg7Inc=
+-----END CERTIFICATE REQUEST-----
sudo adduser "$@" "$user"
}
rule_apt_get_install () { # SYNTAX: $package
- sudo DEBIAN_FRONTEND=noninteractive apt-get install --yes "$@"
+ sudo \
+ DEBIAN_FRONTEND=noninteractive \
+ DEBIAN_PRIORITY=low \
+ apt-get install --yes "$@"
}
rule_dpkg_reconfigure () { # SYNTAX: $package
- sudo DEBIAN_FRONTEND=noninteractive dpkg-reconfigure "$@"
+ sudo \
+ DEBIAN_FRONTEND=noninteractive \
+ DEBIAN_PRIORITY=low \
+ dpkg-reconfigure "$@"
}
rule__chrooted_configure () { # NOTE: est-ce bien utile à un moment ?
sudo install -m 660 -o root -g root /dev/stdin /etc/apt/sources.list.d/openerp.list <<-EOF
deb http://nightly.openerp.com/7.0/nightly/deb/ ./
EOF
- sudo install -m 660 -o root -g root /dev/stdin /etc/apt/preferences <<-EOF
+ sudo install -m 664 -o root -g root /dev/stdin /etc/apt/preferences <<-EOF
Package: *
Pin: release a=$vm_lsb_name
Pin-Priority: 200
/etc/network/interfaces
}
rule_runit_configure () { # SYNTAX: $sv
- rule apt_get_install runit
- local -; set +f
- sudo find /etc/sv -mindepth 1 -maxdepth 1 -type d -name "${1:-*}" -exec \
- /bin/sh -efux -c 'case $(sv stop "$1") in
- (*": runsv not running") true;;
- (*": unable to open supervise/ok: file does not exist") true;;
- ("ok: down:"*) true;;
- (*) false;;
- esac' '' {} +
- for sv in ${1-"$tool"/etc/sv/*}
- do sv=${sv##*/}
- rule runit_sv_configure "$sv"
- rule runit_sv_start "$sv"
- done
- #sleep 3
- #sudo find -L /etc/service -type l -delete
+ #rule apt_get_install runit
+ if test $# = 0
+ then
+ set +x
+ sudo sv status \
+ $(sudo find /etc/sv \
+ -mindepth 1 -maxdepth 1 -type d \
+ -printf '%p\n' | sort)
+ else
+ local services=
+ while [ $# -gt 0 ]
+ do case $1 in
+ (--) shift; break;;
+ (*) services="$services $1"; shift;;
+ esac
+ done
+ #for sv in $(sudo find /etc/sv \
+ # -mindepth 1 -maxdepth 1 -type d \
+ # -false $(printf -- '-or -name %s\n' $services) \
+ # -printf '%f\n')
+ # do
+ # case $(sudo sv stop "$sv" | tee /dev/stderr) in
+ # (*": runsv not running") true;;
+ # (*": unable to open supervise/ok: file does not exist") true;;
+ # ("ok: down:"*) true;;
+ # (*) false;;
+ # esac
+ # done
+ for sv in $(find "$tool"/etc/sv \
+ -mindepth 1 -maxdepth 1 -type d \
+ -false $(printf -- '-or -name %s\n' $services) \
+ -printf '%f\n')
+ do
+ rule runit_sv_configure "$sv" "$@"
+ rule runit_sv_start "$sv"
+ done
+ #sleep 3
+ #sudo find -L /etc/service -type l -delete
+ fi
}
-rule_runit_sv_configure () { # SYNTAX: $sv
- local sv="$1"
+rule_runit_sv_configure () { # SYNTAX: $sv $configure_options
+ local sv="$1"; shift
sudo install -d -m 770 -o root -g root \
/etc/sv/"$sv"
sudo install -m 770 -o root -g root \
fi
(
test ! -r "$tool"/etc/sv/"$sv"/configure.sh ||
- . "$tool"/etc/sv/"$sv"/configure.sh
+ . "$tool"/etc/sv/"$sv"/configure.sh || return 1
+ )
+ (
test ! -r "$tool"/etc/sv/"$sv"/log/configure.sh ||
- . "$tool"/etc/sv/"$sv"/log/configure.sh
+ . "$tool"/etc/sv/"$sv"/log/configure.sh || return 1
)
sudo ln -fns \
../sv/"$sv" \
rule_runit_sv_restart () { # SYNTAX: $sv
local sv="$1"
while true
- do case $(sudo sv restart "$sv") in
- ("fail: $sv: runsv not running") sleep 1;;
- ("warning: $sv: unable to open supervise/ok: file does not exists") sleep 1;;
+ do case $(sudo sv restart "$sv" | tee /dev/stderr) in
+ (*": runsv not running") sleep 1;;
+ (*": unable to open supervise/ok: file does not exist") sleep 1;;
(*) break;;
esac
done
rule_runit_sv_start () { # SYNTAX: $sv
local sv="$1"
while true
- do case $(sudo sv start "$sv") in
- ("fail: $sv: runsv not running") sleep 1;;
- ("warning: $sv: unable to open supervise/ok: file does not exists") sleep 1;;
+ do case $(sudo sv start "$sv" | tee /dev/stderr) in
+ (*": runsv not running") sleep 1;;
+ (*": unable to open supervise/ok: file does not exist") sleep 1;;
(*) break;;
esac
done
for sh in "$tool"/etc/user.d/*/configure.sh
do sh=${sh#"$tool"/etc/user.d/}
local user="${sh%/configure.sh}"
- . "$tool"/etc/user.d/"$sh"
+ (
+ . "$tool"/etc/user.d/"$sh" || return 1
+ )
done
}
rule_user_admin_add () { # SYNTAX: $user