From b27661cf8e40872543f86a00922d18573ef83612 Mon Sep 17 00:00:00 2001 From: Julien Moutinho Date: Sat, 13 Apr 2013 13:48:21 +0200 Subject: [PATCH] Ajout : etc/sv/sympa/ . --- README | 6 + etc/nginx/site.d/gitweb/configure.sh | 2 +- etc/nginx/site.d/sympa/configure.sh | 5 + etc/nginx/site.d/sympa/local.conf | 5 + etc/nginx/site.d/sympa/site.conf | 46 ++++++ etc/nginx/site.d/sympa/x509_host | 1 + etc/nsd3/nsd.conf | 6 +- etc/nsd3/zone.d/heureux-cyclage.org.zone.m4 | 39 +++-- etc/nsd3/zone.d/wiklou.org.zone.m4 | 2 - .../stats.heureux-cyclage.org/host.cfg | 4 +- .../stats.heureux-cyclage.org/user.cfg | 4 +- etc/openssl/sympa.heureux-cyclage.org/ca | 1 + .../sympa.heureux-cyclage.org/host.cfg | 70 +++++++++ .../sympa.heureux-cyclage.org/user.cfg | 14 ++ etc/postfix/aliases.m4 | 23 +++ etc/postfix/main.cf | 19 ++- etc/postfix/master.cf | 4 + etc/postgresql/bin/createuser | 8 +- etc/sv/cyclo_paris_est__openerp/configure.sh | 8 +- .../cyclo_paris_est__openerp/log/configure.sh | 12 ++ etc/sv/cyclo_paris_est__openerp/log/run | 14 +- etc/sv/dovecot/configure.sh | 26 ++++ etc/sv/git-daemon/log/configure.sh | 14 ++ etc/sv/git-daemon/log/run | 16 +- etc/sv/gitweb/configure.sh | 3 + etc/sv/gitweb/log/configure.sh | 12 ++ etc/sv/gitweb/log/run | 14 +- etc/sv/gitweb/run | 4 +- etc/sv/lhc-remorque/configure.sh | 2 +- etc/sv/lhc-remorque/log/configure.sh | 16 ++ etc/sv/lhc-remorque/log/run | 14 +- etc/sv/mysql/log/configure.sh | 12 ++ etc/sv/mysql/log/run | 14 +- etc/sv/nginx/configure.sh | 28 ++-- etc/sv/nsd3/configure.sh | 31 ++-- etc/sv/nsd3/run | 15 +- etc/sv/php5-fpm/configure.sh | 30 ++-- etc/sv/postfix/configure.sh | 18 +-- etc/sv/postgres/configure.sh | 24 +-- etc/sv/postgres/log/configure.sh | 14 ++ etc/sv/postgres/log/run | 16 +- etc/sv/sympa-archived/run | 12 ++ etc/sv/sympa-bounced/run | 12 ++ etc/sv/sympa-bulk/run | 12 ++ etc/sv/sympa-task_manager/run | 12 ++ etc/sv/sympa/configure.sh | 141 ++++++++++++++++++ etc/sv/sympa/run | 15 ++ etc/sv/wwsympa/configure.sh | 18 +++ etc/sv/wwsympa/run | 28 ++++ etc/sympa/aliases | 0 etc/sympa/sympa.conf.m4 | 115 ++++++++++++++ etc/sympa/transport | 2 + etc/sympa/virtual_alias | 1 + etc/sympa/wwsympa.conf.m4 | 45 ++++++ var/pub/x509/sympa.heureux-cyclage.org/ca | 1 + .../x509/sympa.heureux-cyclage.org/crl.num | 1 + .../sympa.heureux-cyclage.org/crl.num.old | 1 + .../x509/sympa.heureux-cyclage.org/crl.pem | 23 +++ .../crl.self-signed.num | 1 + .../crl.self-signed.num.old | 1 + .../crl.self-signed.pem | 23 +++ .../x509/sympa.heureux-cyclage.org/crt+ca.pem | 107 +++++++++++++ .../sympa.heureux-cyclage.org/crt+crl.pem | 79 ++++++++++ .../crt+crl.self-signed.pem | 82 ++++++++++ .../x509/sympa.heureux-cyclage.org/crt.pem | 56 +++++++ .../sympa.heureux-cyclage.org/crt.pem.asc | 17 +++ .../crt.self-signed.pem | 59 ++++++++ .../crt.self-signed.pem.asc | 17 +++ .../idx.self-signed.txt | 0 .../x509/sympa.heureux-cyclage.org/idx.txt | 0 .../x509/sympa.heureux-cyclage.org/req.pem | 33 ++++ vm_hosted | 93 ++++++++---- 72 files changed, 1405 insertions(+), 218 deletions(-) create mode 100644 etc/nginx/site.d/sympa/configure.sh create mode 100644 etc/nginx/site.d/sympa/local.conf create mode 100644 etc/nginx/site.d/sympa/site.conf create mode 100644 etc/nginx/site.d/sympa/x509_host create mode 120000 etc/openssl/sympa.heureux-cyclage.org/ca create mode 100644 etc/openssl/sympa.heureux-cyclage.org/host.cfg create mode 100644 etc/openssl/sympa.heureux-cyclage.org/user.cfg create mode 100644 etc/postfix/aliases.m4 create mode 100644 etc/sv/cyclo_paris_est__openerp/log/configure.sh mode change 100644 => 100755 etc/sv/cyclo_paris_est__openerp/log/run create mode 100644 etc/sv/dovecot/configure.sh create mode 100644 etc/sv/git-daemon/log/configure.sh create mode 100644 etc/sv/gitweb/log/configure.sh create mode 100644 etc/sv/lhc-remorque/log/configure.sh create mode 100644 etc/sv/mysql/log/configure.sh create mode 100644 etc/sv/postgres/log/configure.sh create mode 100755 etc/sv/sympa-archived/run create mode 100755 etc/sv/sympa-bounced/run create mode 100755 etc/sv/sympa-bulk/run create mode 100755 etc/sv/sympa-task_manager/run create mode 100644 etc/sv/sympa/configure.sh create mode 100755 etc/sv/sympa/run create mode 100644 etc/sv/wwsympa/configure.sh create mode 100755 etc/sv/wwsympa/run create mode 100644 etc/sympa/aliases create mode 100644 etc/sympa/sympa.conf.m4 create mode 100644 etc/sympa/transport create mode 100644 etc/sympa/virtual_alias create mode 100644 etc/sympa/wwsympa.conf.m4 create mode 120000 var/pub/x509/sympa.heureux-cyclage.org/ca create mode 100644 var/pub/x509/sympa.heureux-cyclage.org/crl.num create mode 100644 var/pub/x509/sympa.heureux-cyclage.org/crl.num.old create mode 100644 var/pub/x509/sympa.heureux-cyclage.org/crl.pem create mode 100644 var/pub/x509/sympa.heureux-cyclage.org/crl.self-signed.num create mode 100644 var/pub/x509/sympa.heureux-cyclage.org/crl.self-signed.num.old create mode 100644 var/pub/x509/sympa.heureux-cyclage.org/crl.self-signed.pem create mode 100644 var/pub/x509/sympa.heureux-cyclage.org/crt+ca.pem create mode 100644 var/pub/x509/sympa.heureux-cyclage.org/crt+crl.pem create mode 100644 var/pub/x509/sympa.heureux-cyclage.org/crt+crl.self-signed.pem create mode 100644 var/pub/x509/sympa.heureux-cyclage.org/crt.pem create mode 100644 var/pub/x509/sympa.heureux-cyclage.org/crt.pem.asc create mode 100644 var/pub/x509/sympa.heureux-cyclage.org/crt.self-signed.pem create mode 100644 var/pub/x509/sympa.heureux-cyclage.org/crt.self-signed.pem.asc create mode 100644 var/pub/x509/sympa.heureux-cyclage.org/idx.self-signed.txt create mode 100644 var/pub/x509/sympa.heureux-cyclage.org/idx.txt create mode 100644 var/pub/x509/sympa.heureux-cyclage.org/req.pem diff --git a/README b/README index f9aa543..d3f24b4 100644 --- a/README +++ b/README @@ -59,3 +59,9 @@ TASK: gérer gitolite % vim conf/gitolite.conf % git commit % ../../vm_remote gitolite_push +TASK: configurer une zone DNS + % vm runit_configure nsd3 -- heureux-cyclage.org +TASK: configurer un membre du groupe php5-fpm + % vm runit_configure nginx -- lhc-www +TASK: configurer un site nginx + % vm runit_configure nginx -- www.heureux-cyclage.org diff --git a/etc/nginx/site.d/gitweb/configure.sh b/etc/nginx/site.d/gitweb/configure.sh index 07a681c..8e5b1a0 100644 --- a/etc/nginx/site.d/gitweb/configure.sh +++ b/etc/nginx/site.d/gitweb/configure.sh @@ -1,4 +1,4 @@ rule apt_get_install gitweb highlight -sudo adduser www-data git-data +#sudo adduser www-data git-data sudo adduser www-"$site"-tls www-"$site" diff --git a/etc/nginx/site.d/sympa/configure.sh b/etc/nginx/site.d/sympa/configure.sh new file mode 100644 index 0000000..48bd64c --- /dev/null +++ b/etc/nginx/site.d/sympa/configure.sh @@ -0,0 +1,5 @@ +local hint="run vm_remote nginx_configure before" +assert "sudo test -f /etc/nginx/x509.d/\"$site\"/key.pem" hint +sudo install -m 664 -o www -g www \ + "$tool"/var/pub/x509/sympa.heureux-cyclage.org/crt+ca.pem \ + /etc/nginx/x509.d/"$site"/crt.pem diff --git a/etc/nginx/site.d/sympa/local.conf b/etc/nginx/site.d/sympa/local.conf new file mode 100644 index 0000000..1b1edf0 --- /dev/null +++ b/etc/nginx/site.d/sympa/local.conf @@ -0,0 +1,5 @@ +listen 443; +include /etc/nginx/conf.d/ssl.conf; +ssl_certificate /etc/nginx/x509.d/sympa/crt.pem; +ssl_certificate_key /etc/nginx/x509.d/sympa/key.pem; +ssl_session_timeout 5m; diff --git a/etc/nginx/site.d/sympa/site.conf b/etc/nginx/site.d/sympa/site.conf new file mode 100644 index 0000000..33a0863 --- /dev/null +++ b/etc/nginx/site.d/sympa/site.conf @@ -0,0 +1,46 @@ +server_name sympa.heureux-cyclage.org; + +client_body_buffer_size 8k; +client_max_body_size 10m; +location /static-sympa { + alias /var/lib/sympa/static_content; + } +location ~ /\. { + access_log off; + deny all; + log_not_found off; + } +location / { + index index.html index.htm; + include /etc/nginx/conf.d/fastcgi.conf; + set $no_cache "0"; + if ($request_method !~ ^(GET|HEAD)$) { + # NOTE: if non GET/HEAD, don't cache and mark user as uncacheable for 1 second via cookie. + set $no_cache "1"; + } + if ($no_cache = "1") { + # NOTE: drop no cache cookie if need be (for some reason, add_header fails if included in prior if-block). + add_header Set-Cookie "_mcnc=1; Max-Age=2; Path=/"; + add_header X-Microcachable "0"; + } + if ($http_cookie ~* "_mcnc") { + # NOTE: bypass cache if no-cache cookie is set. + set $no_cache "1"; + } + fastcgi_cache_bypass $no_cache; + fastcgi_cache_use_stale updating; + fastcgi_cache_valid 200 10s; + fastcgi_cache_valid 404 30m; + fastcgi_ignore_headers Cache-Control Expires Set-Cookie; + fastcgi_max_temp_file_size 2M; + fastcgi_no_cache $no_cache; + fastcgi_param PATH_INFO $uri; + + fastcgi_pass_header Cookie; + fastcgi_pass_header Set-Cookie; + fastcgi_split_path_info ^(.+\.cgi)(/.+)$; + + fastcgi_pass unix:/run/spawn-fcgi/sympa; + } + +# vim: ft=sh diff --git a/etc/nginx/site.d/sympa/x509_host b/etc/nginx/site.d/sympa/x509_host new file mode 100644 index 0000000..52d4e45 --- /dev/null +++ b/etc/nginx/site.d/sympa/x509_host @@ -0,0 +1 @@ +sympa.heureux-cyclage.org diff --git a/etc/nsd3/nsd.conf b/etc/nsd3/nsd.conf index 35e05b9..67d5da7 100644 --- a/etc/nsd3/nsd.conf +++ b/etc/nsd3/nsd.conf @@ -10,11 +10,13 @@ ipv4-edns-size: 4096 # ipv6-edns-size: 4096 # logfile: "/var/log/nsd.log" # nsid: "aabbccdd" -pidfile: "/dev/null" +pidfile: "/run/nsd3.pid" + # NOTE: utilisé par nsdc reload pour envoyer SIGHUP ou SIGUSR1, + # attention que SIGHUP fait changer le pid, et du coup fonctionne mal avec runsv port: 53 rrl-ratelimit: 200 rrl-size: 10000 - # NOTE : rrl-size vaut 1000000 par défaut, et cela consomme ~40Mio de RAM.. + # NOTE: rrl-size vaut 1000000 par défaut, et cela consomme ~40Mio de RAM.. # le RRL http://www.nlnetlabs.nl/blog/2012/10/11/nsd-ratelimit/ # n'est pas vraiment nécessaire pour nous, # du coup on baisse un peu sa consommation. diff --git a/etc/nsd3/zone.d/heureux-cyclage.org.zone.m4 b/etc/nsd3/zone.d/heureux-cyclage.org.zone.m4 index a8d9028..489d2b8 100644 --- a/etc/nsd3/zone.d/heureux-cyclage.org.zone.m4 +++ b/etc/nsd3/zone.d/heureux-cyclage.org.zone.m4 @@ -20,8 +20,6 @@ define(`LAUTRENET_MX_NAME', `mx.lautre.net.') define(`LAUTRENET_MX2_NAME', `mx2.lautre.net.') divert(0)dnl -; vim: ft=bindzone - $TTL 1d ; TTL (Time To Live) par défaut pour les enregistrements ; ENREGISTREMENT « SOA » (Start Of Authority). @@ -34,24 +32,25 @@ $TTL 1d ; TTL (Time To Live) par défaut pour les enregistrements ) ; ENREGISTREMENTS « A » (DNS -> adresse IPv4) -@ A IP4(LAUTRENET) -ateliers A IP4(GRESILLE) -bicloud A IP4(KIMSUFI) -burette A IP4(KIMSUFI) -cartes A IP4(LAUTRENET) -demo.burette A IP4(KIMSUFI) -formations A IP4(LAUTRENET) -git A IP4(GRESILLE) -imap A IP4(GRESILLE) -mail A IP4(LAUTRENET) -mx A IP4(GRESILLE) -ns A IP4(GRESILLE) -questionnaires 60 A IP4(KIMSUFI) -remorque 60 A IP4(KIMSUFI) -smtp A IP4(GRESILLE) -stats 3600 A IP4(LAUTRENET) -submission A IP4(GRESILLE) -www A IP4(LAUTRENET) +@ A IP4(LAUTRENET) +ateliers A IP4(GRESILLE) +bicloud A IP4(KIMSUFI) +burette A IP4(KIMSUFI) +cartes A IP4(LAUTRENET) +demo.burette A IP4(KIMSUFI) +formations A IP4(LAUTRENET) +git A IP4(GRESILLE) +imap A IP4(GRESILLE) +mail A IP4(LAUTRENET) +mx A IP4(GRESILLE) +ns A IP4(GRESILLE) +questionnaires 60 A IP4(KIMSUFI) +remorque 60 A IP4(KIMSUFI) +smtp A IP4(GRESILLE) +stats 3600 A IP4(LAUTRENET) +submission A IP4(GRESILLE) +sympa A IP4(GRESILLE) +www A IP4(LAUTRENET) ; ENREGISTREMENTS « CNAME » (Canonical NAME) ; NOTE : l'utilisation de CNAME n'est judicieuse que si la ressource pointée diff --git a/etc/nsd3/zone.d/wiklou.org.zone.m4 b/etc/nsd3/zone.d/wiklou.org.zone.m4 index 6f5ed21..4eda00a 100644 --- a/etc/nsd3/zone.d/wiklou.org.zone.m4 +++ b/etc/nsd3/zone.d/wiklou.org.zone.m4 @@ -17,8 +17,6 @@ define(`LAUTRENET_MX_NAME', `mx.lautre.net.') define(`LAUTRENET_MX2_NAME', `mx2.lautre.net.') divert(0)dnl -; vim: ft=bindzone - $TTL 1d ; TTL (Time To Live) par défaut pour les enregistrements ; ENREGISTREMENT « SOA » (Start Of Authority). diff --git a/etc/openssl/stats.heureux-cyclage.org/host.cfg b/etc/openssl/stats.heureux-cyclage.org/host.cfg index 8e676cd..daee966 100644 --- a/etc/openssl/stats.heureux-cyclage.org/host.cfg +++ b/etc/openssl/stats.heureux-cyclage.org/host.cfg @@ -27,7 +27,7 @@ [ extensions ] basicConstraints = critical,CA:TRUE,pathlen:0 keyUsage = keyCertSign,cRLSign,digitalSignature,keyEncipherment - subjectAltName = email:contact+$SERVICE@$ENV::x509_host,DNS:$SERVICE.$ENV::x509_host,DNS:$ENV::x509_host + subjectAltName = email:contact+$SERVICE@$ENV::x509_host,DNS:$SERVICE.$ENV::x509_host subjectKeyIdentifier = hash issuerAltName = issuer:copy authorityKeyIdentifier = keyid:always,issuer:always @@ -37,7 +37,7 @@ [ self_signed_extensions ] basicConstraints = critical,CA:TRUE,pathlen:0 keyUsage = keyCertSign,cRLSign,digitalSignature,keyEncipherment - subjectAltName = email:contact+$SERVICE@$ENV::x509_host,DNS:$SERVICE.$ENV::x509_host,DNS:$ENV::x509_host + subjectAltName = email:contact+$SERVICE@$ENV::x509_host,DNS:$SERVICE.$ENV::x509_host subjectKeyIdentifier = hash issuerAltName = issuer:copy authorityKeyIdentifier = keyid:always,issuer:always diff --git a/etc/openssl/stats.heureux-cyclage.org/user.cfg b/etc/openssl/stats.heureux-cyclage.org/user.cfg index 6da31de..5675215 100644 --- a/etc/openssl/stats.heureux-cyclage.org/user.cfg +++ b/etc/openssl/stats.heureux-cyclage.org/user.cfg @@ -1,4 +1,4 @@ - SERVICE = www + SERVICE = stats HOME = . RANDFILE = var/sec/x509/openssl.rand [ req ] @@ -10,5 +10,5 @@ stateOrProvinceName = $ENV::STATE_OR_PROVINCE #localityName = 0.organizationName = $ENV::ORGANIZATION - organizationalUnitName = Certificat utilisateurice du service Web + organizationalUnitName = Certificat utilisateurice du service de statistiques commonName = $ENV::USER diff --git a/etc/openssl/sympa.heureux-cyclage.org/ca b/etc/openssl/sympa.heureux-cyclage.org/ca new file mode 120000 index 0000000..6d4a070 --- /dev/null +++ b/etc/openssl/sympa.heureux-cyclage.org/ca @@ -0,0 +1 @@ +../heureux-cyclage.org \ No newline at end of file diff --git a/etc/openssl/sympa.heureux-cyclage.org/host.cfg b/etc/openssl/sympa.heureux-cyclage.org/host.cfg new file mode 100644 index 0000000..652ecb4 --- /dev/null +++ b/etc/openssl/sympa.heureux-cyclage.org/host.cfg @@ -0,0 +1,70 @@ + SERVICE = sympa + RANDFILE = var/sec/x509/openssl.rand + oid_section = extra_oids +[ extra_oids ] + # NOTE: pour une éventuelle validation étendue (Extended Validation (EV)) + jurisdictionOfIncorporationLocalityName = 1.3.6.1.4.1.311.60.2.1.1 + jurisdictionOfIncorporationStateOrProvinceName = 1.3.6.1.4.1.311.60.2.1.2 + jurisdictionOfIncorporationCountryName = 1.3.6.1.4.1.311.60.2.1.3 +[ req ] + prompt = no + distinguished_name = distinguished_name + string_mask = pkix + #x509_extensions = root_extensions + #req_extensions = extension + #attributes = req_attributes +[ distinguished_name ] + countryName = $ENV::x509_country + stateOrProvinceName = $ENV::x509_state_or_province + localityName = $ENV::x509_state_or_province + 0.organizationName = $ENV::x509_organization + organizationalUnitName = SYsteme de Multi-Postage Automatique + commonName = $SERVICE.$ENV::x509_host + businessCategory = $ENV::x509_business_category + jurisdictionOfIncorporationLocalityName = $ENV::x509_state_or_province + jurisdictionOfIncorporationStateOrProvinceName = $ENV::x509_state_or_province + jurisdictionOfIncorporationCountryName = $ENV::x509_country +[ extensions ] + basicConstraints = critical,CA:TRUE,pathlen:0 + keyUsage = keyCertSign,cRLSign,digitalSignature,keyEncipherment + subjectAltName = email:contact+$SERVICE@$ENV::x509_host,DNS:$SERVICE.$ENV::x509_host + subjectKeyIdentifier = hash + issuerAltName = issuer:copy + authorityKeyIdentifier = keyid:always,issuer:always + authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/x509/crt.pem + crlDistributionPoints = URI:http://www.$ENV::x509_host/x509/$SERVICE/crl.pem + certificatePolicies = @certificate_policies +[ self_signed_extensions ] + basicConstraints = critical,CA:TRUE,pathlen:0 + keyUsage = keyCertSign,cRLSign,digitalSignature,keyEncipherment + subjectAltName = email:contact+$SERVICE@$ENV::x509_host,DNS:$SERVICE.$ENV::x509_host + subjectKeyIdentifier = hash + issuerAltName = issuer:copy + authorityKeyIdentifier = keyid:always,issuer:always + authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/x509/$SERVICE/crt.pem + crlDistributionPoints = URI:http://www.$ENV::x509_host/x509/$SERVICE/crl.pem +[ user_extensions ] + basicConstraints = critical,CA:FALSE,pathlen:0 + keyUsage = digitalSignature,keyEncipherment + subjectAltName = email:$ENV::user@$ENV::x509_host + subjectKeyIdentifier = hash + issuerAltName = issuer:copy + authorityKeyIdentifier = keyid:always,issuer:always + authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/x509/$SERVICE/crt.pem +[ certificate_policies ] + policyIdentifier = 1.2.250.1.42 + CPS.1 = https://www.$ENV::x509_host/x509/cps +[ ca ] + private_key = var/sec/x509/$ENV::x509/key.pem + dir = var/pub/x509/$ENV::x509 + crl_dir = $dir + crlnumber = $dir/crl.num + crl = $dir/crl.pem + database = $dir/idx.txt +[ self_signed_ca ] + private_key = var/sec/x509/$ENV::x509/key.pem + dir = var/pub/x509/$ENV::x509 + crl_dir = $dir + crlnumber = $dir/crl.self-signed.num + crl = $dir/crl.self-signed.pem + database = $dir/idx.self-signed.txt diff --git a/etc/openssl/sympa.heureux-cyclage.org/user.cfg b/etc/openssl/sympa.heureux-cyclage.org/user.cfg new file mode 100644 index 0000000..202e53e --- /dev/null +++ b/etc/openssl/sympa.heureux-cyclage.org/user.cfg @@ -0,0 +1,14 @@ + SERVICE = sympa + HOME = . + RANDFILE = var/sec/x509/openssl.rand +[ req ] + prompt = no + distinguished_name = user_distinguished_name + string_mask = pkix +[ user_distinguished_name ] + countryName = $ENV::COUNTRY + stateOrProvinceName = $ENV::STATE_OR_PROVINCE + #localityName = + 0.organizationName = $ENV::ORGANIZATION + organizationalUnitName = Certificat utilisateurice du SYsteme de Multi-Postage Automatique + commonName = $ENV::USER diff --git a/etc/postfix/aliases.m4 b/etc/postfix/aliases.m4 new file mode 100644 index 0000000..3e7f975 --- /dev/null +++ b/etc/postfix/aliases.m4 @@ -0,0 +1,23 @@ +# See man 5 aliases for format +abuse: root +admin: root +contact: root +hostmaster: root +mailer-daemon: root +postmaster: root +root: esyscmd(getent group sudo | cut -f 4 -d : | tr '\054' ' ') + +#-- SYMPA begin +abuse-feedback-report: "| /usr/lib/sympa/bin/bouncequeue sympa@heureux-cyclage.org" +bounce+*: "| /usr/lib/sympa/bin/bouncequeue sympa@heureux-cyclage.org" +listmaster: "| /usr/lib/sympa/bin/queue listmaster@heureux-cyclage.org" +sympa: "| /usr/lib/sympa/bin/queue sympa@heureux-cyclage.org" +sympa-owner: postmaster@heureux-cyclage.org +sympa-request: postmaster@heureux-cyclage.org + +# NOTE: compatibilité avec d'autres gestionnaires de listes +listserv: sympa +listserv-request: sympa-request +majordomo: sympa +listserv-owner: sympa-owner +#-- SYMPA end diff --git a/etc/postfix/main.cf b/etc/postfix/main.cf index f812f01..58edb3e 100644 --- a/etc/postfix/main.cf +++ b/etc/postfix/main.cf @@ -1,7 +1,11 @@ # DOC: http://postfix.traduc.org/index.php/TLS_README.html -alias_database = hash:/etc/postfix/aliases -alias_maps = hash:/etc/postfix/aliases +alias_database = + hash:/etc/postfix/aliases + hash:/etc/mail/sympa/aliases +alias_maps = + hash:/etc/postfix/aliases + hash:/etc/mail/sympa/aliases append_dot_mydomain = no # NOTE: appending .domain is the MUA's job. biff = no @@ -57,7 +61,9 @@ recipient_delimiter = + # NOTE: séparateur entre le nom d’utilisateur et les extensions d’adresse. #relayhost = relay_clientcerts = hash:/etc/postfix/$mydomain/smtpd/relay_clientcerts -relay_domains = $mydestination +relay_domains = + $mydestination + sympa.$mydomain # NOTE: ajouter les domaines pour lesquels on est backup MX ici, pas dans mydestination ou virtual_alias... smtp_body_checks = #smtp_cname_overrides_servername = no @@ -180,6 +186,8 @@ smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache #smtpd_tls_session_cache_timeout = 3600s strict_rfc821_envelopes = yes +sympa_destination_recipient_limit = 1 +sympabounce_destination_recipient_limit = 1 #tls_high_cipherlist = AES256-SHA # NOTE: postconf(5) déconseille de changer ceci #tls_random_bytes = 32 @@ -189,10 +197,13 @@ strict_rfc821_envelopes = yes #tls_random_reseed_period = 3600s #tls_random_source = dev:/dev/urandom # NOTE: non-blocking -transport_maps = hash:/etc/postfix/$mydomain/transport +transport_maps = + hash:/etc/postfix/$mydomain/transport + #regexp:/etc/sympa/transport #virtual_alias_domains = virtual_alias_maps = hash:/etc/postfix/$mydomain/virtual_alias + #regexp:/etc/sympa/virtual_alias # NOTE: do not specify virtual alias domain names in the main.cf # mydestination or relay_domains configuration parameters. # diff --git a/etc/postfix/master.cf b/etc/postfix/master.cf index de2d283..8c5c565 100644 --- a/etc/postfix/master.cf +++ b/etc/postfix/master.cf @@ -90,3 +90,7 @@ spfcheck unix - n n - 0 spawn user=policyd-spf argv=/usr/sbin/postfix-policyd-spf-perl noclue unix - n n - - pipe flags=q user=noclue argv=/usr/local/bin/noclue-delivery ${recipient} ${sender} +sympa unix - n n - - pipe + flags=R user=sympa argv=/usr/lib/sympa/bin/queue ${recipient} +sympabounce unix - n n - - pipe + flags=R user=sympa argv=/usr/lib/sympa/bin/bouncequeue ${recipient} diff --git a/etc/postgresql/bin/createuser b/etc/postgresql/bin/createuser index 16e5e04..56b37c9 100755 --- a/etc/postgresql/bin/createuser +++ b/etc/postgresql/bin/createuser @@ -1,7 +1,7 @@ #!/bin/sh -eux -db="$1" -owner="${2:-$db}" -sudo -u postgres psql "$db" -a -f - <<-EOF +user="$1" +db="${2-}" +sudo -u postgres psql "${db-}" -a -f - <<-EOF \set ON_ERROR_STOP on DO LANGUAGE plpgsql \$\$ BEGIN @@ -21,5 +21,5 @@ sudo -u postgres psql "$db" -a -f - <<-EOF END; \$\$; GRANT USAGE ON SCHEMA public TO $user; - GRANT CONNECT,TEMPORARY ON DATABASE $db TO $user; + ${db:+GRANT CONNECT,TEMPORARY ON DATABASE $db TO $user;} EOF diff --git a/etc/sv/cyclo_paris_est__openerp/configure.sh b/etc/sv/cyclo_paris_est__openerp/configure.sh index 33d826f..9ec8028 100644 --- a/etc/sv/cyclo_paris_est__openerp/configure.sh +++ b/etc/sv/cyclo_paris_est__openerp/configure.sh @@ -2,16 +2,20 @@ home=/home/"$sv" rule runit_sv_configure postgres rule runit_sv_start postgres - while ! sudo -u postgres psql /dev/null || -adduser log-"$sv"\ - --disabled-login \ - --disabled-password \ - --group \ - --home "$home" \ - --shell /bin/false \ - --system - -install -d -m 770 -o log-"$sv" -g log-"$sv" \ - "$home" +eval home="~log-$sv" cd "$home" exec chpst -u log-"$sv":log-"$sv" \ diff --git a/etc/sv/dovecot/configure.sh b/etc/sv/dovecot/configure.sh new file mode 100644 index 0000000..b1aa08d --- /dev/null +++ b/etc/sv/dovecot/configure.sh @@ -0,0 +1,26 @@ +rule apt_get_install dovecot-imapd dovecot-managesieved dovecot-sieve +rule insserv_remove dovecot +local hint="run vm_remote dovecot_key_send before" +assert "sudo test -f /etc/dovecot/\"$vm_domainname\"/imap/x509/key.pem" hint +sudo install -m 400 -o root -g root \ + "$tool"/var/pub/x509/imap."$vm_domainname"/crt+crl.self-signed.pem \ + /etc/dovecot/"$vm_domainname"/imap/x509/crt+crl.self-signed.pem +sudo install -d -m 770 -o root -g root \ + /etc/skel/etc/mail \ + /etc/skel/etc/sieve +sudo install -d -m 1777 -o root -g root \ + /var/lib/dovecot-control \ + /var/lib/dovecot-index +m4 \ + --define=VM_DOMAINNAME=$vm_domainname \ + <"$tool"/etc/dovecot/local.conf.m4 | +sudo install -m 644 -o root -g root /dev/stdin \ + /etc/dovecot/local.conf +sudo install -m 755 -o root -g root /dev/stdin /usr/local/bin/dovecot-passwd <<-EOF + #!/bin/sh -efux + # DESCRIPTION: permet à un-e utilisateurice d'initialiser ellui-même son mot-de-passe dovecot. + install -d -m 770 ~/etc/dovecot + install -m 640 /dev/stdin ~/etc/dovecot/passwd <<_EOF + \$USER:\$(/usr/bin/doveadm pw -s SHA512-CRYPT)::::::: + _EOF + EOF diff --git a/etc/sv/git-daemon/log/configure.sh b/etc/sv/git-daemon/log/configure.sh new file mode 100644 index 0000000..f4d5e03 --- /dev/null +++ b/etc/sv/git-daemon/log/configure.sh @@ -0,0 +1,14 @@ +home=~git/log/daemon + +rule adduser log-"$sv" \ + --disabled-login \ + --disabled-password \ + --group \ + --home "$home" \ + --shell /bin/false \ + --system + +sudo install -d -m 770 -o log-"$sv" -g log-"$sv" \ + "$home" + +adduser log-git "$sv" diff --git a/etc/sv/git-daemon/log/run b/etc/sv/git-daemon/log/run index ce0d8d5..4382b39 100755 --- a/etc/sv/git-daemon/log/run +++ b/etc/sv/git-daemon/log/run @@ -1,21 +1,7 @@ #!/bin/sh -eux sv=${PWD%/log} sv=${sv#/etc/sv/} -home=~git/log/daemon - -getent passwd log-"$sv" >/dev/null || -adduser log-"$sv" \ - --disabled-login \ - --disabled-password \ - --group \ - --home "$home" \ - --shell /bin/false \ - --system - -install -d -m 770 -o log-"$sv" -g log-"$sv" \ - "$home" - -adduser log-git "$sv" +eval home="~log-$sv" cd "$home" exec chpst -u log-"$sv":log-"$sv" \ diff --git a/etc/sv/gitweb/configure.sh b/etc/sv/gitweb/configure.sh index ce7f920..3e735a7 100644 --- a/etc/sv/gitweb/configure.sh +++ b/etc/sv/gitweb/configure.sh @@ -1,4 +1,7 @@ home=~git-data + +rule apt_get_install gitweb highlight + rule adduser fcgi-"$sv" \ --disabled-login \ --disabled-password \ diff --git a/etc/sv/gitweb/log/configure.sh b/etc/sv/gitweb/log/configure.sh new file mode 100644 index 0000000..863893d --- /dev/null +++ b/etc/sv/gitweb/log/configure.sh @@ -0,0 +1,12 @@ +home=~www/log/"$sv"/spawn-fcgi + +rule adduser log-fcgi-"$sv" \ + --disabled-login \ + --disabled-password \ + --group \ + --home "$home" \ + --shell /bin/false \ + --system + +sudo install -d -m 770 -o log-fcgi-"$sv" -g log-fcgi-"$sv" \ + "$home" diff --git a/etc/sv/gitweb/log/run b/etc/sv/gitweb/log/run index 92290b3..f8924cd 100755 --- a/etc/sv/gitweb/log/run +++ b/etc/sv/gitweb/log/run @@ -1,19 +1,7 @@ #!/bin/sh -eux sv=${PWD%/log} sv=${sv#/etc/sv/} -home=~www/log/"$sv"/spawn-fcgi - -getent passwd log-fcgi-"$sv" >/dev/null || -adduser log-fcgi-"$sv" \ - --disabled-login \ - --disabled-password \ - --group \ - --home "$home" \ - --shell /bin/false \ - --system - -install -d -m 770 -o log-fcgi-"$sv" -g log-fcgi-"$sv" \ - "$home" +eval home="~log-fcgi-$sv" cd "$home" exec chpst -u log-fcgi-"$sv":log-fcgi-"$sv" \ diff --git a/etc/sv/gitweb/run b/etc/sv/gitweb/run index 0dc098f..ae24edb 100755 --- a/etc/sv/gitweb/run +++ b/etc/sv/gitweb/run @@ -4,8 +4,8 @@ sv=${PWD#/etc/sv/} install -d -m 1771 -o root -g root \ /run/spawn-fcgi -install -d -m 1771 -o fcgi-gitweb -g fcgi-gitweb \ - /run/shm/tmp/gitweb +install -d -m 770 -o fcgi-"$sv" -g fcgi-"$sv" \ + /run/shm/tmp/"$sv" exec /usr/bin/spawn-fcgi \ -u fcgi-"$sv" \ diff --git a/etc/sv/lhc-remorque/configure.sh b/etc/sv/lhc-remorque/configure.sh index ee0e4bc..61f70df 100644 --- a/etc/sv/lhc-remorque/configure.sh +++ b/etc/sv/lhc-remorque/configure.sh @@ -1,6 +1,6 @@ rule www_configure -home=~www/pub/"$sv" +home=~www-data/"$sv" rule adduser fcgi-"$sv" \ --disabled-login \ diff --git a/etc/sv/lhc-remorque/log/configure.sh b/etc/sv/lhc-remorque/log/configure.sh new file mode 100644 index 0000000..e2b3a63 --- /dev/null +++ b/etc/sv/lhc-remorque/log/configure.sh @@ -0,0 +1,16 @@ +home=~www/log/"$sv"/spawn-fcgi + +rule adduser log-fcgi-"$sv" \ + --disabled-login \ + --disabled-password \ + --group \ + --home "$home" \ + --shell /bin/false \ + --system + +sudo install -d -m 770 -o log-fcgi-"$sv" -g log-fcgi-"$sv" \ + "$home" + +cd "$home" +exec chpst -u log-fcgi-"$sv":log-fcgi-"$sv" \ + svlogd -v -tt "$home" diff --git a/etc/sv/lhc-remorque/log/run b/etc/sv/lhc-remorque/log/run index 92290b3..9ee1c7d 100755 --- a/etc/sv/lhc-remorque/log/run +++ b/etc/sv/lhc-remorque/log/run @@ -1,19 +1,7 @@ #!/bin/sh -eux sv=${PWD%/log} sv=${sv#/etc/sv/} -home=~www/log/"$sv"/spawn-fcgi - -getent passwd log-fcgi-"$sv" >/dev/null || -adduser log-fcgi-"$sv" \ - --disabled-login \ - --disabled-password \ - --group \ - --home "$home" \ - --shell /bin/false \ - --system - -install -d -m 770 -o log-fcgi-"$sv" -g log-fcgi-"$sv" \ - "$home" +eval home="~log-$sv" cd "$home" exec chpst -u log-fcgi-"$sv":log-fcgi-"$sv" \ diff --git a/etc/sv/mysql/log/configure.sh b/etc/sv/mysql/log/configure.sh new file mode 100644 index 0000000..2cc2c36 --- /dev/null +++ b/etc/sv/mysql/log/configure.sh @@ -0,0 +1,12 @@ +eval "home=~$sv/log" + +rule adduser log-"$sv" \ + --disabled-login \ + --disabled-password \ + --group \ + --home "$home" \ + --shell /bin/false \ + --system + +sudo install -d -m 770 -o log-"$sv" -g log-"$sv" \ + "$home" diff --git a/etc/sv/mysql/log/run b/etc/sv/mysql/log/run index 7390b03..4382b39 100755 --- a/etc/sv/mysql/log/run +++ b/etc/sv/mysql/log/run @@ -1,19 +1,7 @@ #!/bin/sh -eux sv=${PWD%/log} sv=${sv#/etc/sv/} -eval "home=~$sv/log" - -getent passwd log-"$sv" >/dev/null || -adduser log-"$sv" \ - --disabled-login \ - --disabled-password \ - --group \ - --home "$home" \ - --shell /bin/false \ - --system - -install -d -m 770 -o log-"$sv" -g log-"$sv" \ - "$home" +eval home="~log-$sv" cd "$home" exec chpst -u log-"$sv":log-"$sv" \ diff --git a/etc/sv/nginx/configure.sh b/etc/sv/nginx/configure.sh index c413979..7c2943a 100644 --- a/etc/sv/nginx/configure.sh +++ b/etc/sv/nginx/configure.sh @@ -1,13 +1,11 @@ -rule runit_configure php5-fpm +rule runit_sv_configure php5-fpm "$@" +rule runit_sv_restart php5-fpm "$@" rule apt_get_install nginx spawn-fcgi fcgiwrap rule insserv_remove nginx rule insserv_remove fcgiwrap rule www_configure -sudo rm -rf \ - /etc/nginx/conf.d \ - /etc/nginx/site.d sudo install -d -m 770 -o www -g www \ /etc/nginx \ /etc/nginx/conf.d \ @@ -19,16 +17,22 @@ sudo ln -fns \ sudo install -m 660 -o www -g www \ "$tool"/etc/nginx/nginx.conf \ /etc/nginx/nginx.conf -local conf -for conf in "$tool"/etc/nginx/conf.d/*.conf - do conf=${conf#"$tool"/etc/nginx/conf.d/} + +for conf in $(find "$tool"/etc/nginx/conf.d \ + -mindepth 1 -maxdepth 1 -type f \ + -name '*.conf' \ + -printf '%f\n') + do sudo install -m 660 -o www -g www \ "$tool"/etc/nginx/conf.d/"$conf" \ /etc/nginx/conf.d/"$conf" done -for conf in "$tool"/etc/nginx/site.d/*/site.conf - do conf=${conf#"$tool"/etc/nginx/site.d/} - local site="${conf%/site.conf}" + +for site in $(find "$tool"/etc/nginx/site.d \ + -mindepth 1 -maxdepth 1 -type d \ + -false ${@:+$(printf -- '-or -name %s\n' "$@")} \ + -printf '%f\n') + do rule adduser www-"$site" \ --disabled-login \ --disabled-password \ @@ -70,6 +74,8 @@ for conf in "$tool"/etc/nginx/site.d/*/site.conf include /etc/nginx/site.d/$site/site.inc; } EOF + ( test ! -r "$tool"/etc/nginx/site.d/"$site"/configure.sh || - . "$tool"/etc/nginx/site.d/"$site"/configure.sh + . "$tool"/etc/nginx/site.d/"$site"/configure.sh || return 1 + ) done diff --git a/etc/sv/nsd3/configure.sh b/etc/sv/nsd3/configure.sh index 2d8ac85..5c093c6 100644 --- a/etc/sv/nsd3/configure.sh +++ b/etc/sv/nsd3/configure.sh @@ -12,28 +12,33 @@ sudo install -d -m 750 -o root -g nsd \ ip4-only: yes EOF cat "$tool"/etc/nsd3/nsd.conf - local conf - for conf in "$tool"/etc/nsd3/zone.d/*.conf - do conf=${conf#"$tool"/etc/nsd3/zone.d/} - local domain=${conf%.conf} - if test -e "$tool"/etc/nsd3/zone.d/"$domain".zone.m4 + for zone in $(find "$tool"/etc/nsd3/zone.d \ + -mindepth 1 -maxdepth 1 -type f \ + -false ${@:+$(printf -- '-or -name %s.conf\n' "$@")} \ + -printf '%f\n') + do zone=${zone%.conf} + if test -e "$tool"/etc/nsd3/zone.d/"$zone".zone.m4 then m4 \ - --define=ZONE_DOMAIN=$domain \ - --define=ZONE_SERIAL=$(cd "$tool" && git log -1 --format="%ct" -- etc/nsd3/zone.d/"$domain".zone.m4) \ + --define=ZONE_DOMAIN=$zone \ + --define=ZONE_SERIAL=$(cd "$tool" && git log -1 --format="%ct" -- etc/nsd3/zone.d/"$zone".zone.m4) \ --define=VM_IP4=$vm_ipv4 \ - "$tool"/etc/nsd3/zone.d/"$domain".zone.m4 - else cat "$tool"/etc/nsd3/zone.d/"$domain".zone + "$tool"/etc/nsd3/zone.d/"$zone".zone.m4 + else cat "$tool"/etc/nsd3/zone.d/"$zone".zone fi | sudo install -m 440 -o root -g nsd /dev/stdin \ - /etc/nsd3/zone.d/"$domain".zone + /etc/nsd3/zone.d/"$zone".zone cat <<-EOF zone: - name: $domain - zonefile: /etc/nsd3/zone.d/$domain.zone - $(cat "$tool"/etc/nsd3/zone.d/"$conf") + name: $zone + zonefile: /etc/nsd3/zone.d/$zone.zone + $(cat "$tool"/etc/nsd3/zone.d/"$zone".conf) EOF done } | sudo install -m 640 -o root -g nsd /dev/stdin \ /etc/nsd3/nsd.conf + +rule runit_sv_start "$sv" sudo nsdc rebuild +sudo nsdc reload +#sudo nsdc notify diff --git a/etc/sv/nsd3/run b/etc/sv/nsd3/run index 6212559..f835c40 100755 --- a/etc/sv/nsd3/run +++ b/etc/sv/nsd3/run @@ -2,9 +2,18 @@ exec 2>&1 sv=${PWD#/etc/sv/} -install -d -m 770 -o root -g root \ - /run/nsd3 +! nsdc running || +pkill -TERM -F /run/nsd3.pid +rm -f /run/nsd3.pid +# XXX: sv reload ou nsdc reload envoient SIGHUP à nsd +# ce qui le détache de runsv et du coup il n'est plus suivi.. +# comme on ne peut pas se rattacher à un processus, +# on le tue si il se trouve déjà exécuté ; +# gérer ce SIGHUP permet à NSD d'envoyer +# les notify DNS sitôt une zone mise-à-jour. exec /usr/sbin/nsd \ -c /etc/nsd3/nsd.conf \ - -d + -d \ + -N 1 \ + -u nsd diff --git a/etc/sv/php5-fpm/configure.sh b/etc/sv/php5-fpm/configure.sh index 5639822..d349e1f 100644 --- a/etc/sv/php5-fpm/configure.sh +++ b/etc/sv/php5-fpm/configure.sh @@ -20,28 +20,26 @@ rule adduser log-php5 \ sudo ln -fns \ /etc/php5/fpm \ /home/www/etc/php5 -sudo rm -rf \ - /etc/php5/fpm/conf.d \ - /etc/php5/fpm/pool.d sudo install -d -m 770 -o php5 -g php5 \ /etc/php5/fpm/conf.d \ /etc/php5/fpm/pool.d sudo install -m 440 -o php5 -g php5 \ "$tool"/etc/php5/fpm/php-fpm.conf \ /etc/php5/fpm/php-fpm.conf -local conf -#for conf in "$tool"/etc/php5/fpm/conf.d/*.conf -# do conf=${conf#"$tool"/etc/php5/fpm/conf.d/} -# sudo install -m 660 -o php5 -g php5 \ -# "$tool"/etc/php5/fpm/conf.d/"$conf" \ -# /etc/php5/fpm/conf.d/"$conf" -# done -for conf in "$tool"/etc/php5/fpm/pool.d/*.conf - do conf=${conf#"$tool"/etc/php5/fpm/pool.d/} - IFS=. read -r pool <<-EOF - ${conf%.conf} - EOF - assert 'test "${pool:+set}"' +for conf in $(find "$tool"/etc/php5/fpm/conf.d \ + -mindepth 1 -maxdepth 1 -type f \ + -name '*.conf' \ + -printf '%f\n' || true) + do + sudo install -m 660 -o php5 -g php5 \ + "$tool"/etc/php5/fpm/conf.d/"$conf" \ + /etc/php5/fpm/conf.d/"$conf" + done +for pool in $(find "$tool"/etc/php5/fpm/pool.d/ \ + -mindepth 1 -maxdepth 1 -type d \ + -false ${@:+$(printf -- '-or -name %s.conf\n' "$@")} \ + -printf '%f\n') + do pool=${pool%\.conf} rule adduser php5-"$pool" \ --disabled-login \ --disabled-password \ diff --git a/etc/sv/postfix/configure.sh b/etc/sv/postfix/configure.sh index e17af10..803798d 100644 --- a/etc/sv/postfix/configure.sh +++ b/etc/sv/postfix/configure.sh @@ -4,7 +4,7 @@ assert "test -f /etc/postfix/$vm_domainname/smtpd/x509/key.pem" hint sudo debconf-set-selections <<-EOF postfix postfix/main_mailer_type select No configuration EOF -rule apt_get_install postfix procmail +#rule apt_get_install postfix procmail rule insserv_remove postfix sudo install -m 640 -o root -g root /dev/stdin /etc/postfix/.gitignore <<-EOF *.db @@ -36,17 +36,13 @@ sudo install -m 400 -o root -g root \ sudo install -m 640 -o root -g root \ "$tool"/etc/postfix/$vm_domainname/header_checks \ /etc/postfix/$vm_domainname/header_checks +m4 <"$tool"/etc/postfix/aliases.m4 | sudo install -m 644 -o root -g root /dev/stdin \ - /etc/postfix/aliases <<-EOF - # See man 5 aliases for format - abuse: root - admin: root - contact: root - mailer-daemon: root - postmaster: root - root: $(getent group sudo | cut -f 4 -d : | tr , ' ') - EOF + /etc/postfix/aliases sudo newaliases -oA/etc/postfix/aliases +sudo ln -fns \ + /etc/postfix/aliases \ + /etc/aliases cat /dev/stdin "$tool"/etc/postfix/main.cf <<-EOF | mydomain = $vm_domainname myorigin = \$mydomain @@ -54,7 +50,7 @@ cat /dev/stdin "$tool"/etc/postfix/main.cf <<-EOF | mail_name = \$myhostname mydestination = $vm_hostname \$myhostname \$myorigin EOF -sudo install -m 640 -o root -g root /dev/stdin \ +sudo install -m 644 -o root -g root /dev/stdin \ /etc/postfix/main.cf sudo install -m 640 -o root -g root \ "$tool"/etc/postfix/master.cf \ diff --git a/etc/sv/postgres/configure.sh b/etc/sv/postgres/configure.sh index db32e16..7950179 100644 --- a/etc/sv/postgres/configure.sh +++ b/etc/sv/postgres/configure.sh @@ -1,6 +1,6 @@ # DOC: http://wiki.postgresql.org/wiki/Shared_Database_Hosting -rule apt_get_install postgresql-9.1 +#rule apt_get_install postgresql-9.1 rule insserv_remove postgresql rule adduser postgres \ --disabled-login \ @@ -50,13 +50,15 @@ sudo install -m 640 -o postgres -g postgres /dev/stdin \ sudo install -m 640 -o postgres -g postgres /dev/stdin \ /etc/postgresql/9.1/main/pg_ident.conf <<-EOF # MAPNAME SYSTEM-USERNAME PG-USERNAME + admin postgres postgres + admin root postgres EOF sudo install -m 640 -o postgres -g postgres /dev/stdin \ /etc/postgresql/9.1/main/start.conf <<-EOF EOF sudo install -m 640 -o postgres -g postgres /dev/stdin \ /etc/postgresql/9.1/main/pg_hba.conf <<-EOF - local all postgres peer + local all postgres peer map=admin local all all peer EOF sudo install -m 640 -o postgres -g postgres-data \ @@ -110,12 +112,14 @@ sudo -u postgres psql template1 -a -f - <<-EOF # et utilisateurices depuis public. sudo -u postgres psql template1 -a -f - <<-EOF \set ON_ERROR_STOP on - REVOKE ALL ON pg_auth_members FROM public; - REVOKE ALL ON pg_authid FROM public; - REVOKE ALL ON pg_database FROM public; - REVOKE ALL ON pg_group FROM public; - REVOKE ALL ON pg_roles FROM public; - REVOKE ALL ON pg_settings FROM public; - REVOKE ALL ON pg_tablespace FROM public; - REVOKE ALL ON pg_user FROM public; + REVOKE ALL ON ALL TABLES IN SCHEMA pg_catalog FROM public; + REVOKE ALL ON SCHEMA pg_catalog FROM public; + -- REVOKE ALL ON pg_auth_members FROM public; + -- REVOKE ALL ON pg_authid FROM public; + -- REVOKE ALL ON pg_database FROM public; + -- REVOKE ALL ON pg_group FROM public; + -- REVOKE ALL ON pg_roles FROM public; + -- REVOKE ALL ON pg_settings FROM public; + -- REVOKE ALL ON pg_tablespace FROM public; + -- REVOKE ALL ON pg_user FROM public; EOF diff --git a/etc/sv/postgres/log/configure.sh b/etc/sv/postgres/log/configure.sh new file mode 100644 index 0000000..d468c0c --- /dev/null +++ b/etc/sv/postgres/log/configure.sh @@ -0,0 +1,14 @@ +eval "home=~$sv/log/9.1/main" + +rule adduser log-"$sv" \ + --disabled-login \ + --disabled-password \ + --group \ + --home "$home" \ + --shell /bin/false \ + --system + +sudo install -d -m 2770 -o "$sv" -g log-"$sv" \ + "$home" \ + "$home"/9.1 \ + "$home"/9.1/main diff --git a/etc/sv/postgres/log/run b/etc/sv/postgres/log/run index 33db455..4382b39 100755 --- a/etc/sv/postgres/log/run +++ b/etc/sv/postgres/log/run @@ -1,21 +1,7 @@ #!/bin/sh -eux sv=${PWD%/log} sv=${sv#/etc/sv/} -eval "home=~$sv/log/9.1/main" - -getent passwd log-"$sv" >/dev/null || -adduser log-"$sv" \ - --disabled-login \ - --disabled-password \ - --group \ - --home "$home" \ - --shell /bin/false \ - --system - -sudo install -d -m 2770 -o postgres -g log-postgres \ - "$home" \ - "$home"/9.1 \ - "$home"/9.1/main +eval home="~log-$sv" cd "$home" exec chpst -u log-"$sv":log-"$sv" \ diff --git a/etc/sv/sympa-archived/run b/etc/sv/sympa-archived/run new file mode 100755 index 0000000..ce2c0fc --- /dev/null +++ b/etc/sv/sympa-archived/run @@ -0,0 +1,12 @@ +#!/bin/sh -eux +exec 2>&1 +sv=${PWD#/etc/sv/} + +install -d -m 770 -o sympa -g sympa \ + /run/shm/tmp/sympa \ + /run/sympa + +exec /usr/bin/chpst \ + -u sympa:sympa:postgres-data \ + /usr/lib/sympa/bin/archived.pl \ + --foreground diff --git a/etc/sv/sympa-bounced/run b/etc/sv/sympa-bounced/run new file mode 100755 index 0000000..ca31e62 --- /dev/null +++ b/etc/sv/sympa-bounced/run @@ -0,0 +1,12 @@ +#!/bin/sh -eux +exec 2>&1 +sv=${PWD#/etc/sv/} + +install -d -m 770 -o sympa -g sympa \ + /run/shm/tmp/sympa \ + /run/sympa + +exec /usr/bin/chpst \ + -u sympa:sympa:postgres-data \ + /usr/lib/sympa/bin/bounced.pl \ + --foreground diff --git a/etc/sv/sympa-bulk/run b/etc/sv/sympa-bulk/run new file mode 100755 index 0000000..5c7d67a --- /dev/null +++ b/etc/sv/sympa-bulk/run @@ -0,0 +1,12 @@ +#!/bin/sh -eux +exec 2>&1 +sv=${PWD#/etc/sv/} + +install -d -m 770 -o sympa -g sympa \ + /run/shm/tmp/sympa \ + /run/sympa + +exec /usr/bin/chpst \ + -u sympa:sympa:postgres-data \ + /usr/lib/sympa/bin/bulk.pl \ + --foreground diff --git a/etc/sv/sympa-task_manager/run b/etc/sv/sympa-task_manager/run new file mode 100755 index 0000000..93ba12e --- /dev/null +++ b/etc/sv/sympa-task_manager/run @@ -0,0 +1,12 @@ +#!/bin/sh -eux +exec 2>&1 +sv=${PWD#/etc/sv/} + +install -d -m 770 -o sympa -g sympa \ + /run/shm/tmp/sympa \ + /run/sympa + +exec /usr/bin/chpst \ + -u sympa:sympa:postgres-data \ + /usr/lib/sympa/bin/task_manager.pl \ + --foreground diff --git a/etc/sv/sympa/configure.sh b/etc/sv/sympa/configure.sh new file mode 100644 index 0000000..be2e62b --- /dev/null +++ b/etc/sv/sympa/configure.sh @@ -0,0 +1,141 @@ +home=/home/sympa + +rule runit_sv_configure postgres +rule runit_sv_start postgres +while ! sudo -u postgres psql tables + GRANT USAGE ON SCHEMA pg_catalog TO $sv; + GRANT SELECT ON TABLE pg_catalog.pg_class TO $sv; + GRANT SELECT ON TABLE pg_catalog.pg_description TO $sv; + GRANT SELECT ON TABLE pg_catalog.pg_namespace TO $sv; + GRANT SELECT ON TABLE pg_catalog.pg_tablespace TO $sv; + -- NOTE: pour /usr/share/sympa/bin/create_db.Pg + -- CREATE SCHEMA $sv AUTHORIZATION $sv; + -- XXX: ne fonctionne pas à cause de cette vermine : + -- https://sourcesup.renater.fr/tracker/index.php?func=detail&aid=7459&group_id=23&atid=167 + -- du coup on met les tables de SYMPA dans le schema public : + GRANT USAGE,CREATE ON SCHEMA public TO $sv; + EOF + +rule adduser "$sv" \ + --disabled-login \ + --disabled-password \ + --group \ + --home "$home" \ + --shell /bin/false \ + --system +sudo adduser sympa postgres-data + +sudo install -d -m 770 -o "$sv" -g "$sv" \ + "$home" \ + "$home"/list_data \ + "$home"/spool +sudo install -d -m 755 -o root -g root \ + /etc/sympa \ + /etc/sympa/x509.d +sudo install -m 644 -o root -g root \ + /dev/stdin \ + /etc/sympa/.gitignore <<-EOF + cookie + key_passwd + EOF +m4 \ + --define=VM_DOMAINNAME="$vm_domainname" \ + --define=HOME="$home" \ + "$tool"/etc/sympa/sympa.conf.m4 | +sudo install -m 640 -o "$sv" -g "$sv" /dev/stdin \ + /etc/sympa/sympa.conf + +sudo debconf-set-selections <<-EOF || true + sympa sympa/app-password-confirm password + sympa sympa/password-confirm password + # Mot de passe de connexion PostgreSQL pour sympa : + sympa sympa/dbconfig-install boolean true + sympa sympa/pgsql/app-pass password + ##sympa sympa/mysql/admin-pass password + sympa sympa/pgsql/admin-pass password + # Mot de passe de connexion MySQL pour sympa : + ##sympa sympa/mysql/app-pass password + # Faut-il configurer la base de données de sympa avec dbconfig-common ? + sympa sympa/dbconfig-install boolean true + # Nom d'hôte du serveur pour sympa : + sympa sympa/remote/newhost string + sympa sympa/listmaster string listmaster@$vm_domainname + sympa wwsympa/wwsympa_url string https://$sv.$vm_domainname/wws + sympa wwsympa/webserver_restart boolean false + sympa sympa/remote/port string + sympa sympa/pgsql/manualconf note + # Faut-il sauvegarder la base de données pour sympa avant la mise à jour ? + sympa sympa/upgrade-backup boolean true + sympa sympa/pgsql/changeconf boolean false + # Nom d'hôte du serveur « sympa » : + sympa sympa/hostname string $sv.$vm_domainname + sympa sympa/pgsql/authmethod-user select unix socket + # Faut-il mettre à jour la base de données pour sympa avec dbconfig-common ? + sympa sympa/dbconfig-upgrade boolean true + sympa sympa/use_soap boolean false + # Nom de la base de données pour sympa : + sympa sympa/db/dbname string $sv + sympa sympa/internal/skip-preseed boolean true + # Type de serveur de bases de données à utiliser avec sympa : + sympa sympa/database-type select pgsql + # Répertoire pour la base de données pour sympa : + sympa sympa/db/basepath string + # Nom d'hôte du serveur de bases de données pour sympa : + sympa sympa/remote/host select /run/postgresql/ + sympa wwsympa/fastcgi boolean true + sympa sympa/internal/reconfiguring boolean false + # Identifiant pour sympa : + sympa sympa/db/app-user string $sv + # Faut-il purger la base de données pour sympa ? + sympa sympa/purge boolean false + sympa sympa/remove-error select abort + sympa wwsympa/webserver_type select Other + ##sympa sympa/mysql/admin-user string root + # Faut-il défaire la configuration de la base de donnée de sympa avec dbconfig-common ? + sympa sympa/dbconfig-remove boolean + # Méthode de connexion pour la base de données MySQL de sympa: + ##sympa sympa/mysql/method select unix socket + # Faut-il réinstaller la base de données pour sympa ? + sympa sympa/dbconfig-reinstall boolean false + sympa sympa/pgsql/admin-user string postgres + sympa sympa/upgrade-error select abort + sympa sympa/language select fr + # Méthode de connexion pour la base de données PostgreSQL de sympa : + sympa sympa/pgsql/method select unix socket + sympa sympa/install-error select abort + #sympa sympa/pgsql/no-empty-passwords error + sympa sympa/pgsql/authmethod-admin select unix socket + EOF +sudo install -d -m 755 -o root -g root \ + /etc/dbconfig-common +sudo install -m 600 -o root -g root /dev/stdin \ + /etc/dbconfig-common/sympa.conf <<-EOF + dbc_authmethod_admin='ident' + dbc_authmethod_user='ident' + dbc_basepath='' + dbc_dbadmin='postgres' + dbc_dbname='sympa' + dbc_dbpass='' + dbc_dbport='' + dbc_dbserver='/run/postgresql' + dbc_dbtype='pgsql' + dbc_dbuser='$sv' + dbc_install='true' + dbc_remove='' + dbc_ssl='' + dbc_upgrade='true' + EOF + +! sudo etckeeper unclean || +sudo etckeeper commit -m "rule_runit_configure $sv" + +rule apt_get_install --no-install-recommends sympa + # NOTE: évite d'installer apache2 .. + +rule insserv_remove sympa diff --git a/etc/sv/sympa/run b/etc/sv/sympa/run new file mode 100755 index 0000000..ff3484d --- /dev/null +++ b/etc/sv/sympa/run @@ -0,0 +1,15 @@ +#!/bin/sh -eux +exec 2>&1 +sv=${PWD#/etc/sv/} + +sv start \ + /etc/sv/sympa-bulk + +install -d -m 770 -o sympa -g sympa \ + /run/shm/tmp/sympa \ + /run/sympa + +exec /usr/bin/chpst \ + -u "$sv":"$sv":postgres-data \ + /usr/lib/sympa/bin/sympa.pl \ + --foreground diff --git a/etc/sv/wwsympa/configure.sh b/etc/sv/wwsympa/configure.sh new file mode 100644 index 0000000..bb8751d --- /dev/null +++ b/etc/sv/wwsympa/configure.sh @@ -0,0 +1,18 @@ +rule runit_configure sympa + +sv=sympa +#home=~www-data/"$sv" +home=~sympa/"$sv" + +#sudo adduser "$sv" www-sympa + +sudo install -d -o 2770 -o "$sv" -g "$sv" \ + "$home"/wwsarchive \ + "$home"/wwsbounce +# TODO: quota + +m4 \ + --define=HOME="$home" \ + "$tool"/etc/sympa/wwsympa.conf.m4 | +sudo install -m 640 -o "$sv" -g "$sv" /dev/stdin \ + /etc/sympa/wwsympa.conf diff --git a/etc/sv/wwsympa/run b/etc/sv/wwsympa/run new file mode 100755 index 0000000..de1f498 --- /dev/null +++ b/etc/sv/wwsympa/run @@ -0,0 +1,28 @@ +#!/bin/sh -eux +exec 2>&1 +#sv=${PWD#/etc/sv/} +sv=sympa + +sv start \ + /etc/sv/sympa \ + /etc/sv/sympa-archived \ + /etc/sv/sympa-bounced \ + /etc/sv/sympa-task_manager + +install -d -m 770 -o "$sv" -g "$sv" \ + /run/sympa + +install -d -m 1771 -o root -g root \ + /run/spawn-fcgi + +exec /usr/bin/spawn-fcgi \ + -u "$sv" \ + -g "$sv" \ + -U www-data \ + -G www-data \ + -M 0660 \ + -n \ + -s /run/spawn-fcgi/"$sv" \ + -- /usr/bin/multiwatch \ + --forks 3 \ + -- /usr/lib/cgi-bin/sympa/wwsympa.fcgi diff --git a/etc/sympa/aliases b/etc/sympa/aliases new file mode 100644 index 0000000..e69de29 diff --git a/etc/sympa/sympa.conf.m4 b/etc/sympa/sympa.conf.m4 new file mode 100644 index 0000000..4468c34 --- /dev/null +++ b/etc/sympa/sympa.conf.m4 @@ -0,0 +1,115 @@ +changequote(,) +###\\\\ Directories and file location ////### +etc /etc/sympa +home HOME/list_data +http_host https://VM_DOMAINNAME +pidfile /run/sympa/sympa.pid +pidfile_bulk /run/sympa/bulk.pid +pidfile_creation /run/sympa/sympa-creation.pid +pidfile_distribute /run/sympa/sympa-distribute.pid +queue HOME/spool/msg +queueauth HOME/spool/auth +queueautomatic HOME/spool/automatic +queuebounce HOME/spool/bounce +queuedigest HOME/spool/digest +queuemod HOME/spool/moderation +queueoutgoing HOME/spool/outgoing +queuesubscribe HOME/spool/subscribe +queuetask HOME/spool/task +queuetopic HOME/spool/topic +spool HOME/spool +static_content_path /var/lib/sympa/static_content +static_content_url /static-sympa +tmpdir /run/shm/tmp/sympa +umask 007 + +###\\\\ Syslog ////### +log_level 0 +log_smtp off +log_socket_type unix +logs_expiration_period 3 +syslog `cat /etc/sympa/facility` + +###\\\\ General definition ////### +create_list public_listmaster +domain sympa.VM_DOMAINNAME +edit_list owner +email sympa +listmaster listmaster@VM_DOMAINNAME + +###\\\\ Tuning ////### +bulk_fork_threshold 1 +bulk_lazytime 600 +bulk_max_count 3 +bulk_sleep 1 +bulk_wait_to_fork 10 +cache_list_config none +cookie `cat /etc/sympa/cookie` +default_distribution_ttl 300 +default_list_priority 5 +default_sql_fetch_timeout 300 +default_ttl 3600 +legacy_character_support_feature off +max_size 5242880 +owner_priority 9 +reject_mail_from_automates_feature on +remove_headers X-Sympa-To,X-Family-To,Return-Receipt-To,Precedence,X-Sequence,Disposition-Notification-To +request_priority 0 +rfc2369_header_fields help,subscribe,unsubscribe,post,owner,archive +sympa_packet_priority 5 +sympa_priority 1 +use_blacklist send,create_list + +###\\\\ Internationalization ////### +lang fr +supported_lang fr + +###\\\\ Errors management ////### +bounce_halt_rate 50 +bounce_warn_rate 30 +#expire_bounce_task daily +#welcome_return_path unique + +###\\\\ MTA related ////### +alias_manager /usr/lib/sympa/bin/alias_manager.pl +avg 10 +maxsmtp 40 +nrcpt 25 +sendmail /usr/sbin/sendmail +sendmail_aliases /etc/mail/sympa/aliases + +###\\\\ Plugin ////### +#antivirus_args --secure --summary --dat /usr/local/uvscan +#antivirus_path /usr/local/uvscan/uvscan + +###\\\\ DKIM ////### +dkim_add_signature_to robot,list +dkim_feature off +dkim_header_list from:sender:reply-to:subject:date:message-id:to:cc:list-id:list-help:list-unsubscribe:list-subscribe:list-post:list-owner:list-archive:in-reply-to:references:resent-date:resent-from:resent-sender:resent-to:resent-cc:resent-message-id:mime-version:content-type:content-transfer-encoding:content-id:content-description +dkim_signature_apply_on md5_authenticated_messages,smime_authenticated_messages,dkim_authenticated_messages,editor_validated_messages + +###\\\\ S/MIME pluggin ////### +#cafile +capath /etc/sympa/x509.d +crl_dir HOME/list_data/crl +#key_passwd `cat /etc/sympa/key_passwd` +openssl /usr/bin/openssl +ssl_cert_dir HOME/list_data/x509.d + +###\\\\ Database ////### +#db_additional_subscriber_fields billing_delay,subscription_expiration +#db_additional_user_fields age,address +db_host /run/postgresql +db_name sympa +#db_passwd your_passwd +db_type Pg +db_user sympa + +###\\\\ Web interface ////### +antispam_tag_header_ham_regexp ^\s*No +antispam_tag_header_name X-Spam-Status +antispam_tag_header_spam_regexp ^\s*Yes +max_wrong_password 19 +soap_url http://--HOST--/sympasoap +spam_status x-spam-status +wwsympa_url https://sympa.VM_DOMAINNAME/wws diff --git a/etc/sympa/transport b/etc/sympa/transport new file mode 100644 index 0000000..f11ffe3 --- /dev/null +++ b/etc/sympa/transport @@ -0,0 +1,2 @@ +/^.*+owner\@sympa\.heureux-cyclage\.org$/ sympabounce: +/^.*\@sympa\.heureux-cyclage\.org$/ sympa: diff --git a/etc/sympa/virtual_alias b/etc/sympa/virtual_alias new file mode 100644 index 0000000..fd8965e --- /dev/null +++ b/etc/sympa/virtual_alias @@ -0,0 +1 @@ +/^(.*)-owner\@heureux-cyclage\.org$/ $1+owner@heureux-cyclage.org diff --git a/etc/sympa/wwsympa.conf.m4 b/etc/sympa/wwsympa.conf.m4 new file mode 100644 index 0000000..9fbbb79 --- /dev/null +++ b/etc/sympa/wwsympa.conf.m4 @@ -0,0 +1,45 @@ +changequote(,) +###\\\\ Directories and file location ////### +archived_pidfile /run/sympa/archived.pid +bounced_pidfile /run/sympa/bounced.pid +task_manager_pidfile /run/sympa/task_manager.pid +arc_path HOME/wwsarchive +bounce_path HOME/wwsbounce + +###\\\\ Syslog ////### +log_condition +log_facility mail +log_module + +###\\\\ General definition ////### + +###\\\\ Tuning ////### +password_case sensitive + +## HTTP cookies lifetime +cookie_expire 0 + +## HTTP cookies validity domain +cookie_domain localhost + +###\\\\ Internationalization ////### + +###\\\\ Errors management ////### + +###\\\\ MTA related ////### + +###\\\\ Plugin ////### +mhonarc /usr/bin/mhonarc + +###\\\\ DKIM ////### + +###\\\\ S/MIME pluggin ////### +ldap_force_canonical_email 1 + +###\\\\ Database ////### + +###\\\\ Web interface ////### +archive_default_index thrd +default_home home +title Mailing lists service +use_fast_cgi 1 diff --git a/var/pub/x509/sympa.heureux-cyclage.org/ca b/var/pub/x509/sympa.heureux-cyclage.org/ca new file mode 120000 index 0000000..6d4a070 --- /dev/null +++ b/var/pub/x509/sympa.heureux-cyclage.org/ca @@ -0,0 +1 @@ +../heureux-cyclage.org \ No newline at end of file diff --git a/var/pub/x509/sympa.heureux-cyclage.org/crl.num b/var/pub/x509/sympa.heureux-cyclage.org/crl.num new file mode 100644 index 0000000..8a0f05e --- /dev/null +++ b/var/pub/x509/sympa.heureux-cyclage.org/crl.num @@ -0,0 +1 @@ +01 diff --git a/var/pub/x509/sympa.heureux-cyclage.org/crl.num.old b/var/pub/x509/sympa.heureux-cyclage.org/crl.num.old new file mode 100644 index 0000000..4daddb7 --- /dev/null +++ b/var/pub/x509/sympa.heureux-cyclage.org/crl.num.old @@ -0,0 +1 @@ +00 diff --git a/var/pub/x509/sympa.heureux-cyclage.org/crl.pem b/var/pub/x509/sympa.heureux-cyclage.org/crl.pem new file mode 100644 index 0000000..625450b --- /dev/null +++ b/var/pub/x509/sympa.heureux-cyclage.org/crl.pem @@ -0,0 +1,23 @@ +-----BEGIN X509 CRL----- +MIIDzjCCAbYCAQEwDQYJKoZIhvcNAQENBQAwggFyMQswCQYDVQQGEwJGUjEfMB0G +A1UECB4WAFIAaAD0AG4AZQAtAEEAbABwAGUAczEfMB0GA1UEBx4WAFIAaAD0AG4A +ZQAtAEEAbABwAGUAczEaMBgGA1UEChMRTCdIZXVyZXV4IEN5Y2xhZ2UxLTArBgNV +BAsTJFNZc3RlbWUgZGUgTXVsdGktUG9zdGFnZSBBdXRvbWF0aXF1ZTEiMCAGA1UE +AxMZc3ltcGEuaGV1cmV1eC1jeWNsYWdlLm9yZzFLMEkGA1UEDx5CAFYAMQAuADAA +LAAgAG4AaQAgAGQAaQBlAHUAIABuAGkAIABtAGEA7gB0AHIAZQAgAG4AaQAgAG0A +bwB0AGUAdQByMScwJQYLKwYBBAGCNzwCAQEeFgBSAGgA9ABuAGUALQBBAGwAcABl +AHMxJzAlBgsrBgEEAYI3PAIBAh4WAFIAaAD0AG4AZQAtAEEAbABwAGUAczETMBEG +CysGAQQBgjc8AgEDEwJGUhcNMTMwNDE0MDAyMDEzWhcNMjMwNDE1MDAyMDEzWqAO +MAwwCgYDVR0UBAMCAQAwDQYJKoZIhvcNAQENBQADggIBAJ/nEvqbiaE6I3baB+ov +KJXKVRSn33x6UwQh5x0UgjCYnfxxWGUxZMqg0vQbrN+dL55P4zxgErUPQjqOsdYf +IYR3oQd9qzxy/EdpA04J/Kr8Lmevc+ExW6E8H0ulXubzkUkCEGYEJx8M2pJoiJ0U +FcFiQa1mFUoeO07foCXmQi86NCG+06miz63mkVgSbPcyTmsY6hmheIAaiZDLgFC2 +Ue9lYPIJuuENgmAh0UvLBsgGERhoBflq1UNrE1RKwTyXZyDj9ON7zoV1IcazunsP +X0gM1qUZG9UHSvgDHveDJNFGTv9C86w+cIvMGn4lhy+KG4g0PJADPCsj+kTSj9gI +1UiKJIY8PFEMGxI4RreIffsJ6ttQsGUqwXboiE+CvilJ/Io9cPy3Je6ndQtJe8/W +xeN9tpGshCbaI2RqSZiShXvb9Q7lcK91U4ezxU64H9MVpATIafifaQWLGJhgo4z2 +WeAQ82//ZylrtRStsu788N816fGmqnJ5aagxOmiau8vfNyRmHZKShcuHwX5atOm4 +d1Y/YQlRo2l9Gw6U7Qd5t+kjlvllj+P4xFVuoydYnDHa2G6loENQtJvKcBH54sRw ++2X/LOBLclK5ZOWebJ7QUGk5OcH3Cip0VcxKfwk1hjNJohzcvmX4woTeMK7x4Lnu +0mDyz7RpIbs/tUgDHMZwT3b9 +-----END X509 CRL----- diff --git a/var/pub/x509/sympa.heureux-cyclage.org/crl.self-signed.num b/var/pub/x509/sympa.heureux-cyclage.org/crl.self-signed.num new file mode 100644 index 0000000..8a0f05e --- /dev/null +++ b/var/pub/x509/sympa.heureux-cyclage.org/crl.self-signed.num @@ -0,0 +1 @@ +01 diff --git a/var/pub/x509/sympa.heureux-cyclage.org/crl.self-signed.num.old b/var/pub/x509/sympa.heureux-cyclage.org/crl.self-signed.num.old new file mode 100644 index 0000000..4daddb7 --- /dev/null +++ b/var/pub/x509/sympa.heureux-cyclage.org/crl.self-signed.num.old @@ -0,0 +1 @@ +00 diff --git a/var/pub/x509/sympa.heureux-cyclage.org/crl.self-signed.pem b/var/pub/x509/sympa.heureux-cyclage.org/crl.self-signed.pem new file mode 100644 index 0000000..08a013b --- /dev/null +++ b/var/pub/x509/sympa.heureux-cyclage.org/crl.self-signed.pem @@ -0,0 +1,23 @@ +-----BEGIN X509 CRL----- +MIIDzjCCAbYCAQEwDQYJKoZIhvcNAQENBQAwggFyMQswCQYDVQQGEwJGUjEfMB0G +A1UECB4WAFIAaAD0AG4AZQAtAEEAbABwAGUAczEfMB0GA1UEBx4WAFIAaAD0AG4A +ZQAtAEEAbABwAGUAczEaMBgGA1UEChMRTCdIZXVyZXV4IEN5Y2xhZ2UxLTArBgNV +BAsTJFNZc3RlbWUgZGUgTXVsdGktUG9zdGFnZSBBdXRvbWF0aXF1ZTEiMCAGA1UE +AxMZc3ltcGEuaGV1cmV1eC1jeWNsYWdlLm9yZzFLMEkGA1UEDx5CAFYAMQAuADAA +LAAgAG4AaQAgAGQAaQBlAHUAIABuAGkAIABtAGEA7gB0AHIAZQAgAG4AaQAgAG0A +bwB0AGUAdQByMScwJQYLKwYBBAGCNzwCAQEeFgBSAGgA9ABuAGUALQBBAGwAcABl +AHMxJzAlBgsrBgEEAYI3PAIBAh4WAFIAaAD0AG4AZQAtAEEAbABwAGUAczETMBEG +CysGAQQBgjc8AgEDEwJGUhcNMTMwNDE0MDAyMDE0WhcNMjMwNDE1MDAyMDE0WqAO +MAwwCgYDVR0UBAMCAQAwDQYJKoZIhvcNAQENBQADggIBAJIs49a3qnjacl22s+tc +CNwjx77gd3a096B91od6dbGyMVJ00VhHyDEqZnKVbRsgvsVCLu+C4II99Eo0BSk4 +sDl7So+5SblCyRE3TwDYg0XlPTd85FtrklGR5W3b0J/mwKA8idw5NsJ4+7fJXOFf +m51ph4j9aAnRoEepHJup+EbGi+w47Ozxu/LDm72CriPtkkqgiPfJ9rqrPmIUzpnW +fSCKx2lqkandP9GnMWAdzRI0CwIQeo945E5nro/qUAqhCnXejm5PokekifKcnzHp +tjkE+PEXj+76gnA9sx8AN2bUvkTF6mKMkaMUXCBl6YuQY/wdWq0S0yYPsPN3a/4P ++hAHQZ8BKP7wJbXXHDyBarp05ebEzmSVRkPUDKEzQgUbIExpszNLHXIcxF5T0VE9 +b0GjzjAF8jsMfFu8YZKy30uKTfpfygHdt4lDQExSAaqqnw3G6wPFPIyqkAw6yANl +eC0FyVGoFwZqwU660WZzysBTn4PzPAmtVF6s/Y5khVz7XuXnJ/Kjfxu2D9fpAnaX +YwPFDa11HH2+68aKTfWeAtN3GVoeKJ4qg9VMhycX+RTPX50gNpt7RK43jTkPtIy+ +gXzoBcjtgpN0gXprAyIg3rPimuVTnHd47ePmvc9d8pBJkRaF+CR2mzg/t/j+tiqK +TO1Avx+k6UDYE0KjX2G6irbR +-----END X509 CRL----- diff --git a/var/pub/x509/sympa.heureux-cyclage.org/crt+ca.pem b/var/pub/x509/sympa.heureux-cyclage.org/crt+ca.pem new file mode 100644 index 0000000..59675aa --- /dev/null +++ b/var/pub/x509/sympa.heureux-cyclage.org/crt+ca.pem @@ -0,0 +1,107 @@ +-----BEGIN CERTIFICATE----- +MIIJ7TCCB9WgAwIBAgIHIBMEFAIgEjANBgkqhkiG9w0BAQ0FADCCARUxHDAaBgNV +BAMTE2hldXJldXgtY3ljbGFnZS5vcmcxCzAJBgNVBAYTAkZSMQwwCgYDVQQrEwNM +SEMxGjAYBgNVBAoTEUwnSGV1cmV1eCBDeWNsYWdlMVcwVQYDVQQLHk4AQQBuAHQA +aQAtAGEAdQB0AG8AcgBpAHQA6QAgAGQAZQAgAGMAZQByAHQAaQBmAGkAYwBhAHQA +aQBvAG4AIABwAHIAaQBtAGEAaQByAGUxDjAMBgNVBBETBTY5MDAxMR8wHQYDVQQI +HhYAUgBoAPQAbgBlAC0AQQBsAHAAZQBzMR8wHQYDVQQJExYxMCBydWUgU2FpbnQg +UG9seWNhcnBlMRMwEQYDVQQUHgoAbgDpAGEAbgB0MB4XDTEzMDQxNDAwMjAxMloX +DTIzMDQxNTAwMjAxMlowggFyMQswCQYDVQQGEwJGUjEfMB0GA1UECB4WAFIAaAD0 +AG4AZQAtAEEAbABwAGUAczEfMB0GA1UEBx4WAFIAaAD0AG4AZQAtAEEAbABwAGUA +czEaMBgGA1UEChMRTCdIZXVyZXV4IEN5Y2xhZ2UxLTArBgNVBAsTJFNZc3RlbWUg +ZGUgTXVsdGktUG9zdGFnZSBBdXRvbWF0aXF1ZTEiMCAGA1UEAxMZc3ltcGEuaGV1 +cmV1eC1jeWNsYWdlLm9yZzFLMEkGA1UEDx5CAFYAMQAuADAALAAgAG4AaQAgAGQA +aQBlAHUAIABuAGkAIABtAGEA7gB0AHIAZQAgAG4AaQAgAG0AbwB0AGUAdQByMScw +JQYLKwYBBAGCNzwCAQEeFgBSAGgA9ABuAGUALQBBAGwAcABlAHMxJzAlBgsrBgEE +AYI3PAIBAh4WAFIAaAD0AG4AZQAtAEEAbABwAGUAczETMBEGCysGAQQBgjc8AgED +EwJGUjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKiXA1P3lE0TXmbQ +oUWiJwkZWhQvnp2U+Xju9PzDw793Fll94Z4FqzkD7iIc6s9wKsmrbRyck4u1fZPx +rSjicSXUUcRinFNh9AuMRA/olm3jQDaQpDyzhjOuI3XW7sqVkERhfHESkkeGttnU +kzUJT2+RMcoinvulW9pDALEN6RwN5DbRQdsZOObBbNt7ahr0wtK+Q5AjW/dANTju +sKxoA2POYZ6qW6Sp8NroQZ0qDg+pfvD9c/Rkn7uvrIlUMN+s9/euZvtAURClz0DO +UXtgbg5705Kicdw4so7qAzehFS4xz6Y1vTVBuLzcFQZPhwuhi3GGDxkAt50bFZBn +9oqHL2/ACg8Hsx3g3o5D5byGn6MyNd2D/s/iu4y5FQjlc52j31lNrRrlIQws3hBA +ycWRbk4MsrSP1kzWJl7Oyn4wbjSzWodbbpNvjadweJ1Raa79anibC5TyTypTnivZ +15BKr5kh+XsWqNk/7b2gVJ8+gBn1YezkKfLR778Q6lS9yDJ92NZZqubQTWtFHKbC +O6ybDPDQqK7kKxrjsfl0c68fxcpbNi2NoCMyPwafVWXxl1MknwYCPe4hqvPDe64J +St77775s4vQcOY4LdDOmM41E1AnIc4/3AhxUR2Jb3WPJk/7K6h4Cc7zg7sRJnLUp +iNPpfgIk4mUoedPzbe035Pa/d1IVAgMBAAGjggLfMIIC2zASBgNVHRMBAf8ECDAG +AQH/AgEAMAsGA1UdDwQEAwIBpjBHBgNVHREEQDA+gSFjb250YWN0K3N5bXBhQGhl +dXJldXgtY3ljbGFnZS5vcmeCGXN5bXBhLmhldXJldXgtY3ljbGFnZS5vcmcwHQYD +VR0OBBYEFL5Hl/nuubAdmATcjiKaT0DpE6+jMCYGA1UdEgQfMB2BG2NvbnRhY3RA +aGV1cmV1eC1jeWNsYWdlLm9yZzCCAU0GA1UdIwSCAUQwggFAgBTQQETok+Fk9woJ +QMBtg2e8t7ntSqGCAR2kggEZMIIBFTEcMBoGA1UEAxMTaGV1cmV1eC1jeWNsYWdl +Lm9yZzELMAkGA1UEBhMCRlIxDDAKBgNVBCsTA0xIQzEaMBgGA1UEChMRTCdIZXVy +ZXV4IEN5Y2xhZ2UxVzBVBgNVBAseTgBBAG4AdABpAC0AYQB1AHQAbwByAGkAdADp +ACAAZABlACAAYwBlAHIAdABpAGYAaQBjAGEAdABpAG8AbgAgAHAAcgBpAG0AYQBp +AHIAZTEOMAwGA1UEERMFNjkwMDExHzAdBgNVBAgeFgBSAGgA9ABuAGUALQBBAGwA +cABlAHMxHzAdBgNVBAkTFjEwIHJ1ZSBTYWludCBQb2x5Y2FycGUxEzARBgNVBBQe +CgBuAOkAYQBuAHSCByATAyYJODEwRwYIKwYBBQUHAQEEOzA5MDcGCCsGAQUFBzAC +hitodHRwOi8vd3d3LmhldXJldXgtY3ljbGFnZS5vcmcveDUwOS9jcnQucGVtMEIG +A1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly93d3cuaGV1cmV1eC1jeWNsYWdlLm9yZy94 +NTA5L3N5bXBhL2NybC5wZW0wSgYDVR0gBEMwQTA/BgUqgXoBKjA2MDQGCCsGAQUF +BwIBFihodHRwczovL3d3dy5oZXVyZXV4LWN5Y2xhZ2Uub3JnL3g1MDkvY3BzMA0G +CSqGSIb3DQEBDQUAA4ICAQAJ6RQWFyQDtnKonctz9TR6EEU4+0JsJzLK26Qn3NuA +5kwSwRNsdZ8Yc0kFV1YjH3CvEmn05Bhw0HXO9hmrnt48l4PNhZokPcoKzJUiy4IK +aSeAoUWn7NSywVZu7Rkh+5eIS+1Ok9Vza6pLqxyYP2X8bL39hYr6eQWuPSVP88aC +vuwFTaloOWtYy89yS+8+0HZi3Qu+jIY++tZIOr2Q3vBJE56C/b2ib8GTW5K+nebR +ilde8ajOL/W6LJybW532B65y2cyL2HqaFEdmswFy0ud+pAHDuyWu9zOtagW/nphi +YKg5cA6ucz5FiSLjWCYHtLVPGFK+bfLUzD80dNPxWt+4NXIpijtichX+Y2TIuWY2 +amAlF3lhukLA+k78FVmE8GPW7+8iuvEu5WDjqANOjzZbYkLfxgZTyZl7nxwQrW5a +Gj5ohnEgy9lFDk+1gLS2p74+w3PjcvMfniG+OHmekAo09M4YHfYlUoyvYVTW3FGp +E2nMrxnmRfKiHnNnnH8JzYHjTEcpgSwl++NvzSuhTFJGqNz9XsAEPCErPTHWKrjS +S5MpPcIaJfSj0RODt8qeeMq5dolSqV/ZzaJMZxmaxjxZAPksUKGB9RDU/Au0Vl0N +cAGkE9w8zP1Xy8UnIW0bHEfD6XmfuwNLlS2tuVdoBfsEsnk+O1CZKPprWy50b2YL +dw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIJHTCCBwWgAwIBAgIHIBMDJgk4MTANBgkqhkiG9w0BAQ0FADCCARUxHDAaBgNV +BAMTE2hldXJldXgtY3ljbGFnZS5vcmcxCzAJBgNVBAYTAkZSMQwwCgYDVQQrEwNM +SEMxGjAYBgNVBAoTEUwnSGV1cmV1eCBDeWNsYWdlMVcwVQYDVQQLHk4AQQBuAHQA +aQAtAGEAdQB0AG8AcgBpAHQA6QAgAGQAZQAgAGMAZQByAHQAaQBmAGkAYwBhAHQA +aQBvAG4AIABwAHIAaQBtAGEAaQByAGUxDjAMBgNVBBETBTY5MDAxMR8wHQYDVQQI +HhYAUgBoAPQAbgBlAC0AQQBsAHAAZQBzMR8wHQYDVQQJExYxMCBydWUgU2FpbnQg +UG9seWNhcnBlMRMwEQYDVQQUHgoAbgDpAGEAbgB0MB4XDTEzMDMyNjA4MzgzMVoX +DTIzMDMyNzA4MzgzMVowggEVMRwwGgYDVQQDExNoZXVyZXV4LWN5Y2xhZ2Uub3Jn +MQswCQYDVQQGEwJGUjEMMAoGA1UEKxMDTEhDMRowGAYDVQQKExFMJ0hldXJldXgg +Q3ljbGFnZTFXMFUGA1UECx5OAEEAbgB0AGkALQBhAHUAdABvAHIAaQB0AOkAIABk +AGUAIABjAGUAcgB0AGkAZgBpAGMAYQB0AGkAbwBuACAAcAByAGkAbQBhAGkAcgBl +MQ4wDAYDVQQREwU2OTAwMTEfMB0GA1UECB4WAFIAaAD0AG4AZQAtAEEAbABwAGUA +czEfMB0GA1UECRMWMTAgcnVlIFNhaW50IFBvbHljYXJwZTETMBEGA1UEFB4KAG4A +6QBhAG4AdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMQW7t6xtjiy +B++qKw1fetUPyF/LbMHllX4c3pxyRXjN7AnvDbVoTH7RItPoabAkmh5BFInXwP6P +UtbX2uLyGNsnEh5MueMJcmcZ0woDFZe60An1sVCm0RLnNL2LvZBACZI4ZtnFVczO +HL+kzUqik2PLyIqt0sicwsAvsY4iJLlRmfjjyp4jbiBhLaj3AgcqHhkf+6csNc+Y +6LQC+C+9dcPq4RcJ8w939tU1VNth5Llil/jBkUS5SxEmXyo/yuPqkd5FxL0qGkm3 +8gf3AVZYwDwpwOBJPzjSg1lAonjNAuH/JD0AvytvTecPi1TYCJDW6VswB9X54ZJD +cIuBWF7yCQSH/czAMppuQopuQJ8F6bdVyyDIKWJTXA9SdOQRrAZeIpVFu//8fbyv +0yhLroTp1xXSRC+s+jEhdjZsOJGsY/0TH1biRQt9JvBTEzhFPww76FczYVa9Bxoq +ipLjCwfzh68w948nsdOwRnsjMEJkIgv6rVsC4jxgaTc6ay2PnqbLxGmH1YENpHvf +UuO2nB7aIvakxf6OsH95KBTzgvKSwYnp2QiPCpBTtOihD2RkA2uDPefHLU6058pb +heXwMMKwUVn18rs9TH8T3N5q5AHpMK1H2Mvn9pskLpT16UKTOKkoktR1jgkJN6vR +GNzjFB391ZVKfV90eXjtjsckyAcUNTdhAgMBAAGjggJsMIICaDASBgNVHRMBAf8E +CDAGAQH/AgEBMAsGA1UdDwQEAwIBBjAmBgNVHREEHzAdgRtjb250YWN0QGhldXJl +dXgtY3ljbGFnZS5vcmcwHQYDVR0OBBYEFNBAROiT4WT3CglAwG2DZ7y3ue1KMCYG +A1UdEgQfMB2BG2NvbnRhY3RAaGV1cmV1eC1jeWNsYWdlLm9yZzCCAU0GA1UdIwSC +AUQwggFAgBTQQETok+Fk9woJQMBtg2e8t7ntSqGCAR2kggEZMIIBFTEcMBoGA1UE +AxMTaGV1cmV1eC1jeWNsYWdlLm9yZzELMAkGA1UEBhMCRlIxDDAKBgNVBCsTA0xI +QzEaMBgGA1UEChMRTCdIZXVyZXV4IEN5Y2xhZ2UxVzBVBgNVBAseTgBBAG4AdABp +AC0AYQB1AHQAbwByAGkAdADpACAAZABlACAAYwBlAHIAdABpAGYAaQBjAGEAdABp +AG8AbgAgAHAAcgBpAG0AYQBpAHIAZTEOMAwGA1UEERMFNjkwMDExHzAdBgNVBAge +FgBSAGgA9ABuAGUALQBBAGwAcABlAHMxHzAdBgNVBAkTFjEwIHJ1ZSBTYWludCBQ +b2x5Y2FycGUxEzARBgNVBBQeCgBuAOkAYQBuAHSCByATAyYJODEwRwYIKwYBBQUH +AQEEOzA5MDcGCCsGAQUFBzAChitodHRwOi8vd3d3LmhldXJldXgtY3ljbGFnZS5v +cmcveDUwOS9jcnQucGVtMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly93d3cuaGV1 +cmV1eC1jeWNsYWdlLm9yZy94NTA5L2NybC5wZW0wDQYJKoZIhvcNAQENBQADggIB +AAbK2IQ6dCmvBgB44XZ0g0K1xuJ91vGJfMq78bwamBzWOhSgXws7dbtrUD0oGq93 +I22GccnkjrbdsLVpQyQMEhK3eVgj0r3W+sN3ECqcNT35qqNO82RX2RCdKrC8OsWU +tFUtyhMgZyjXWFcwZnK8CISxtc1KXm2qrUC/Mh/NFGn8OngLaIu2WbDNeDO6ZUbr +ET4pIbfbwMGEvCYKx9Owqp5NYa8/JyUzHoihzc+CLam2WFp1BrjveacfU6l0+NwX +i5uYtSJI/K3iKiy+W+8dkdzRYKh09icOCL+GKPEiioJrxfNYX6/HNTbfV/rJWCqd +gIIpWxvWs1y8wgg6t+VqMm5OG5nsPkkbZiO1cljUnMDAn8kGrp2sORrxCzVgDAKV +uhXthAdbKPSombuwjKo2M1rzPCGkYTOcgw9N6iaLcD2J1+h25MsZy96L2bNfWB3h +1iZxQ8ohe+kUmG5NyH6Q9+lYzPfD3PZotehIYI05legurJnK0WM3K+imUw3ZvPxM +aD0K2+9m/7WFyf9Di34ZeW9Fe9/dYPosoloAJv0w6YrCz8lu5+Vb8BEdaOIFYlr1 +jDlOO94dlg30hCMsP2UpNB+HA1xJEXkFvTnqjAfBHheke97i3y/4FBho3nLDT8Ee ++VZp12H3/m46pxvVjkU4nWqFutDphHDJqN/G8ferAZgt +-----END CERTIFICATE----- diff --git a/var/pub/x509/sympa.heureux-cyclage.org/crt+crl.pem b/var/pub/x509/sympa.heureux-cyclage.org/crt+crl.pem new file mode 100644 index 0000000..1f612b3 --- /dev/null +++ b/var/pub/x509/sympa.heureux-cyclage.org/crt+crl.pem @@ -0,0 +1,79 @@ +-----BEGIN CERTIFICATE----- +MIIJ7TCCB9WgAwIBAgIHIBMEFAIgEjANBgkqhkiG9w0BAQ0FADCCARUxHDAaBgNV +BAMTE2hldXJldXgtY3ljbGFnZS5vcmcxCzAJBgNVBAYTAkZSMQwwCgYDVQQrEwNM +SEMxGjAYBgNVBAoTEUwnSGV1cmV1eCBDeWNsYWdlMVcwVQYDVQQLHk4AQQBuAHQA +aQAtAGEAdQB0AG8AcgBpAHQA6QAgAGQAZQAgAGMAZQByAHQAaQBmAGkAYwBhAHQA +aQBvAG4AIABwAHIAaQBtAGEAaQByAGUxDjAMBgNVBBETBTY5MDAxMR8wHQYDVQQI +HhYAUgBoAPQAbgBlAC0AQQBsAHAAZQBzMR8wHQYDVQQJExYxMCBydWUgU2FpbnQg +UG9seWNhcnBlMRMwEQYDVQQUHgoAbgDpAGEAbgB0MB4XDTEzMDQxNDAwMjAxMloX +DTIzMDQxNTAwMjAxMlowggFyMQswCQYDVQQGEwJGUjEfMB0GA1UECB4WAFIAaAD0 +AG4AZQAtAEEAbABwAGUAczEfMB0GA1UEBx4WAFIAaAD0AG4AZQAtAEEAbABwAGUA +czEaMBgGA1UEChMRTCdIZXVyZXV4IEN5Y2xhZ2UxLTArBgNVBAsTJFNZc3RlbWUg +ZGUgTXVsdGktUG9zdGFnZSBBdXRvbWF0aXF1ZTEiMCAGA1UEAxMZc3ltcGEuaGV1 +cmV1eC1jeWNsYWdlLm9yZzFLMEkGA1UEDx5CAFYAMQAuADAALAAgAG4AaQAgAGQA +aQBlAHUAIABuAGkAIABtAGEA7gB0AHIAZQAgAG4AaQAgAG0AbwB0AGUAdQByMScw +JQYLKwYBBAGCNzwCAQEeFgBSAGgA9ABuAGUALQBBAGwAcABlAHMxJzAlBgsrBgEE +AYI3PAIBAh4WAFIAaAD0AG4AZQAtAEEAbABwAGUAczETMBEGCysGAQQBgjc8AgED +EwJGUjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKiXA1P3lE0TXmbQ +oUWiJwkZWhQvnp2U+Xju9PzDw793Fll94Z4FqzkD7iIc6s9wKsmrbRyck4u1fZPx +rSjicSXUUcRinFNh9AuMRA/olm3jQDaQpDyzhjOuI3XW7sqVkERhfHESkkeGttnU +kzUJT2+RMcoinvulW9pDALEN6RwN5DbRQdsZOObBbNt7ahr0wtK+Q5AjW/dANTju +sKxoA2POYZ6qW6Sp8NroQZ0qDg+pfvD9c/Rkn7uvrIlUMN+s9/euZvtAURClz0DO +UXtgbg5705Kicdw4so7qAzehFS4xz6Y1vTVBuLzcFQZPhwuhi3GGDxkAt50bFZBn +9oqHL2/ACg8Hsx3g3o5D5byGn6MyNd2D/s/iu4y5FQjlc52j31lNrRrlIQws3hBA +ycWRbk4MsrSP1kzWJl7Oyn4wbjSzWodbbpNvjadweJ1Raa79anibC5TyTypTnivZ +15BKr5kh+XsWqNk/7b2gVJ8+gBn1YezkKfLR778Q6lS9yDJ92NZZqubQTWtFHKbC +O6ybDPDQqK7kKxrjsfl0c68fxcpbNi2NoCMyPwafVWXxl1MknwYCPe4hqvPDe64J +St77775s4vQcOY4LdDOmM41E1AnIc4/3AhxUR2Jb3WPJk/7K6h4Cc7zg7sRJnLUp +iNPpfgIk4mUoedPzbe035Pa/d1IVAgMBAAGjggLfMIIC2zASBgNVHRMBAf8ECDAG +AQH/AgEAMAsGA1UdDwQEAwIBpjBHBgNVHREEQDA+gSFjb250YWN0K3N5bXBhQGhl +dXJldXgtY3ljbGFnZS5vcmeCGXN5bXBhLmhldXJldXgtY3ljbGFnZS5vcmcwHQYD +VR0OBBYEFL5Hl/nuubAdmATcjiKaT0DpE6+jMCYGA1UdEgQfMB2BG2NvbnRhY3RA +aGV1cmV1eC1jeWNsYWdlLm9yZzCCAU0GA1UdIwSCAUQwggFAgBTQQETok+Fk9woJ +QMBtg2e8t7ntSqGCAR2kggEZMIIBFTEcMBoGA1UEAxMTaGV1cmV1eC1jeWNsYWdl +Lm9yZzELMAkGA1UEBhMCRlIxDDAKBgNVBCsTA0xIQzEaMBgGA1UEChMRTCdIZXVy +ZXV4IEN5Y2xhZ2UxVzBVBgNVBAseTgBBAG4AdABpAC0AYQB1AHQAbwByAGkAdADp +ACAAZABlACAAYwBlAHIAdABpAGYAaQBjAGEAdABpAG8AbgAgAHAAcgBpAG0AYQBp +AHIAZTEOMAwGA1UEERMFNjkwMDExHzAdBgNVBAgeFgBSAGgA9ABuAGUALQBBAGwA +cABlAHMxHzAdBgNVBAkTFjEwIHJ1ZSBTYWludCBQb2x5Y2FycGUxEzARBgNVBBQe +CgBuAOkAYQBuAHSCByATAyYJODEwRwYIKwYBBQUHAQEEOzA5MDcGCCsGAQUFBzAC +hitodHRwOi8vd3d3LmhldXJldXgtY3ljbGFnZS5vcmcveDUwOS9jcnQucGVtMEIG +A1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly93d3cuaGV1cmV1eC1jeWNsYWdlLm9yZy94 +NTA5L3N5bXBhL2NybC5wZW0wSgYDVR0gBEMwQTA/BgUqgXoBKjA2MDQGCCsGAQUF +BwIBFihodHRwczovL3d3dy5oZXVyZXV4LWN5Y2xhZ2Uub3JnL3g1MDkvY3BzMA0G +CSqGSIb3DQEBDQUAA4ICAQAJ6RQWFyQDtnKonctz9TR6EEU4+0JsJzLK26Qn3NuA +5kwSwRNsdZ8Yc0kFV1YjH3CvEmn05Bhw0HXO9hmrnt48l4PNhZokPcoKzJUiy4IK +aSeAoUWn7NSywVZu7Rkh+5eIS+1Ok9Vza6pLqxyYP2X8bL39hYr6eQWuPSVP88aC +vuwFTaloOWtYy89yS+8+0HZi3Qu+jIY++tZIOr2Q3vBJE56C/b2ib8GTW5K+nebR +ilde8ajOL/W6LJybW532B65y2cyL2HqaFEdmswFy0ud+pAHDuyWu9zOtagW/nphi +YKg5cA6ucz5FiSLjWCYHtLVPGFK+bfLUzD80dNPxWt+4NXIpijtichX+Y2TIuWY2 +amAlF3lhukLA+k78FVmE8GPW7+8iuvEu5WDjqANOjzZbYkLfxgZTyZl7nxwQrW5a +Gj5ohnEgy9lFDk+1gLS2p74+w3PjcvMfniG+OHmekAo09M4YHfYlUoyvYVTW3FGp +E2nMrxnmRfKiHnNnnH8JzYHjTEcpgSwl++NvzSuhTFJGqNz9XsAEPCErPTHWKrjS +S5MpPcIaJfSj0RODt8qeeMq5dolSqV/ZzaJMZxmaxjxZAPksUKGB9RDU/Au0Vl0N +cAGkE9w8zP1Xy8UnIW0bHEfD6XmfuwNLlS2tuVdoBfsEsnk+O1CZKPprWy50b2YL +dw== +-----END CERTIFICATE----- +-----BEGIN X509 CRL----- +MIIDzjCCAbYCAQEwDQYJKoZIhvcNAQENBQAwggFyMQswCQYDVQQGEwJGUjEfMB0G +A1UECB4WAFIAaAD0AG4AZQAtAEEAbABwAGUAczEfMB0GA1UEBx4WAFIAaAD0AG4A +ZQAtAEEAbABwAGUAczEaMBgGA1UEChMRTCdIZXVyZXV4IEN5Y2xhZ2UxLTArBgNV +BAsTJFNZc3RlbWUgZGUgTXVsdGktUG9zdGFnZSBBdXRvbWF0aXF1ZTEiMCAGA1UE +AxMZc3ltcGEuaGV1cmV1eC1jeWNsYWdlLm9yZzFLMEkGA1UEDx5CAFYAMQAuADAA +LAAgAG4AaQAgAGQAaQBlAHUAIABuAGkAIABtAGEA7gB0AHIAZQAgAG4AaQAgAG0A +bwB0AGUAdQByMScwJQYLKwYBBAGCNzwCAQEeFgBSAGgA9ABuAGUALQBBAGwAcABl +AHMxJzAlBgsrBgEEAYI3PAIBAh4WAFIAaAD0AG4AZQAtAEEAbABwAGUAczETMBEG +CysGAQQBgjc8AgEDEwJGUhcNMTMwNDE0MDAyMDEzWhcNMjMwNDE1MDAyMDEzWqAO +MAwwCgYDVR0UBAMCAQAwDQYJKoZIhvcNAQENBQADggIBAJ/nEvqbiaE6I3baB+ov +KJXKVRSn33x6UwQh5x0UgjCYnfxxWGUxZMqg0vQbrN+dL55P4zxgErUPQjqOsdYf +IYR3oQd9qzxy/EdpA04J/Kr8Lmevc+ExW6E8H0ulXubzkUkCEGYEJx8M2pJoiJ0U +FcFiQa1mFUoeO07foCXmQi86NCG+06miz63mkVgSbPcyTmsY6hmheIAaiZDLgFC2 +Ue9lYPIJuuENgmAh0UvLBsgGERhoBflq1UNrE1RKwTyXZyDj9ON7zoV1IcazunsP +X0gM1qUZG9UHSvgDHveDJNFGTv9C86w+cIvMGn4lhy+KG4g0PJADPCsj+kTSj9gI +1UiKJIY8PFEMGxI4RreIffsJ6ttQsGUqwXboiE+CvilJ/Io9cPy3Je6ndQtJe8/W +xeN9tpGshCbaI2RqSZiShXvb9Q7lcK91U4ezxU64H9MVpATIafifaQWLGJhgo4z2 +WeAQ82//ZylrtRStsu788N816fGmqnJ5aagxOmiau8vfNyRmHZKShcuHwX5atOm4 +d1Y/YQlRo2l9Gw6U7Qd5t+kjlvllj+P4xFVuoydYnDHa2G6loENQtJvKcBH54sRw ++2X/LOBLclK5ZOWebJ7QUGk5OcH3Cip0VcxKfwk1hjNJohzcvmX4woTeMK7x4Lnu +0mDyz7RpIbs/tUgDHMZwT3b9 +-----END X509 CRL----- diff --git a/var/pub/x509/sympa.heureux-cyclage.org/crt+crl.self-signed.pem b/var/pub/x509/sympa.heureux-cyclage.org/crt+crl.self-signed.pem new file mode 100644 index 0000000..46f2bd3 --- /dev/null +++ b/var/pub/x509/sympa.heureux-cyclage.org/crt+crl.self-signed.pem @@ -0,0 +1,82 @@ +-----BEGIN CERTIFICATE----- +MIIKgjCCCGqgAwIBAgIHIBMEFAIgFDANBgkqhkiG9w0BAQ0FADCCAXIxCzAJBgNV +BAYTAkZSMR8wHQYDVQQIHhYAUgBoAPQAbgBlAC0AQQBsAHAAZQBzMR8wHQYDVQQH +HhYAUgBoAPQAbgBlAC0AQQBsAHAAZQBzMRowGAYDVQQKExFMJ0hldXJldXggQ3lj +bGFnZTEtMCsGA1UECxMkU1lzdGVtZSBkZSBNdWx0aS1Qb3N0YWdlIEF1dG9tYXRp +cXVlMSIwIAYDVQQDExlzeW1wYS5oZXVyZXV4LWN5Y2xhZ2Uub3JnMUswSQYDVQQP +HkIAVgAxAC4AMAAsACAAbgBpACAAZABpAGUAdQAgAG4AaQAgAG0AYQDuAHQAcgBl +ACAAbgBpACAAbQBvAHQAZQB1AHIxJzAlBgsrBgEEAYI3PAIBAR4WAFIAaAD0AG4A +ZQAtAEEAbABwAGUAczEnMCUGCysGAQQBgjc8AgECHhYAUgBoAPQAbgBlAC0AQQBs +AHAAZQBzMRMwEQYLKwYBBAGCNzwCAQMTAkZSMB4XDTEzMDQxNDAwMjAxNFoXDTIz +MDQxNTAwMjAxNFowggFyMQswCQYDVQQGEwJGUjEfMB0GA1UECB4WAFIAaAD0AG4A +ZQAtAEEAbABwAGUAczEfMB0GA1UEBx4WAFIAaAD0AG4AZQAtAEEAbABwAGUAczEa +MBgGA1UEChMRTCdIZXVyZXV4IEN5Y2xhZ2UxLTArBgNVBAsTJFNZc3RlbWUgZGUg +TXVsdGktUG9zdGFnZSBBdXRvbWF0aXF1ZTEiMCAGA1UEAxMZc3ltcGEuaGV1cmV1 +eC1jeWNsYWdlLm9yZzFLMEkGA1UEDx5CAFYAMQAuADAALAAgAG4AaQAgAGQAaQBl +AHUAIABuAGkAIABtAGEA7gB0AHIAZQAgAG4AaQAgAG0AbwB0AGUAdQByMScwJQYL +KwYBBAGCNzwCAQEeFgBSAGgA9ABuAGUALQBBAGwAcABlAHMxJzAlBgsrBgEEAYI3 +PAIBAh4WAFIAaAD0AG4AZQAtAEEAbABwAGUAczETMBEGCysGAQQBgjc8AgEDEwJG +UjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKiXA1P3lE0TXmbQoUWi +JwkZWhQvnp2U+Xju9PzDw793Fll94Z4FqzkD7iIc6s9wKsmrbRyck4u1fZPxrSji +cSXUUcRinFNh9AuMRA/olm3jQDaQpDyzhjOuI3XW7sqVkERhfHESkkeGttnUkzUJ +T2+RMcoinvulW9pDALEN6RwN5DbRQdsZOObBbNt7ahr0wtK+Q5AjW/dANTjusKxo +A2POYZ6qW6Sp8NroQZ0qDg+pfvD9c/Rkn7uvrIlUMN+s9/euZvtAURClz0DOUXtg +bg5705Kicdw4so7qAzehFS4xz6Y1vTVBuLzcFQZPhwuhi3GGDxkAt50bFZBn9oqH +L2/ACg8Hsx3g3o5D5byGn6MyNd2D/s/iu4y5FQjlc52j31lNrRrlIQws3hBAycWR +bk4MsrSP1kzWJl7Oyn4wbjSzWodbbpNvjadweJ1Raa79anibC5TyTypTnivZ15BK +r5kh+XsWqNk/7b2gVJ8+gBn1YezkKfLR778Q6lS9yDJ92NZZqubQTWtFHKbCO6yb +DPDQqK7kKxrjsfl0c68fxcpbNi2NoCMyPwafVWXxl1MknwYCPe4hqvPDe64JSt77 +775s4vQcOY4LdDOmM41E1AnIc4/3AhxUR2Jb3WPJk/7K6h4Cc7zg7sRJnLUpiNPp +fgIk4mUoedPzbe035Pa/d1IVAgMBAAGjggMXMIIDEzASBgNVHRMBAf8ECDAGAQH/ +AgEAMAsGA1UdDwQEAwIBpjBHBgNVHREEQDA+gSFjb250YWN0K3N5bXBhQGhldXJl +dXgtY3ljbGFnZS5vcmeCGXN5bXBhLmhldXJldXgtY3ljbGFnZS5vcmcwHQYDVR0O +BBYEFL5Hl/nuubAdmATcjiKaT0DpE6+jMEcGA1UdEgRAMD6BIWNvbnRhY3Qrc3lt +cGFAaGV1cmV1eC1jeWNsYWdlLm9yZ4IZc3ltcGEuaGV1cmV1eC1jeWNsYWdlLm9y +ZzCCAaoGA1UdIwSCAaEwggGdgBS+R5f57rmwHZgE3I4imk9A6ROvo6GCAXqkggF2 +MIIBcjELMAkGA1UEBhMCRlIxHzAdBgNVBAgeFgBSAGgA9ABuAGUALQBBAGwAcABl +AHMxHzAdBgNVBAceFgBSAGgA9ABuAGUALQBBAGwAcABlAHMxGjAYBgNVBAoTEUwn +SGV1cmV1eCBDeWNsYWdlMS0wKwYDVQQLEyRTWXN0ZW1lIGRlIE11bHRpLVBvc3Rh +Z2UgQXV0b21hdGlxdWUxIjAgBgNVBAMTGXN5bXBhLmhldXJldXgtY3ljbGFnZS5v +cmcxSzBJBgNVBA8eQgBWADEALgAwACwAIABuAGkAIABkAGkAZQB1ACAAbgBpACAA +bQBhAO4AdAByAGUAIABuAGkAIABtAG8AdABlAHUAcjEnMCUGCysGAQQBgjc8AgEB +HhYAUgBoAPQAbgBlAC0AQQBsAHAAZQBzMScwJQYLKwYBBAGCNzwCAQIeFgBSAGgA +9ABuAGUALQBBAGwAcABlAHMxEzARBgsrBgEEAYI3PAIBAxMCRlKCByATBBQCIBQw +TQYIKwYBBQUHAQEEQTA/MD0GCCsGAQUFBzAChjFodHRwOi8vd3d3LmhldXJldXgt +Y3ljbGFnZS5vcmcveDUwOS9zeW1wYS9jcnQucGVtMEIGA1UdHwQ7MDkwN6A1oDOG +MWh0dHA6Ly93d3cuaGV1cmV1eC1jeWNsYWdlLm9yZy94NTA5L3N5bXBhL2NybC5w +ZW0wDQYJKoZIhvcNAQENBQADggIBABIpFGv1dYvoPyJ2f+umA20OFiciSpfcJA74 +UgjyS6ASgziiPtoCCzOKsbQWNGViqDv8nYvCByVMWlgwuf7u/l/XaOB1vjV10t5T +z+I+kGm5LKhVEEaaC5JQaNrYVd/wocg2R64q+3XVuVYrFm8e4gxN5+NSSX+FYqsN +QUOGSSm7ih5mdAC97NzP/TjnEQFexx0w+SI0Qm44kKEi7yv6F2G7XmstXfwlBVf4 +TB4ScKd/89A4mQs4eQA0s1kkKI6v3MoL0S1OJGr5mAgie70RC8pUER0NST6bXpRE +LmBAqagfipbmz8o/KWlKsahX4v0uOgJQsKzFZSZLnLfLnv+tuQT74f5W6oC+O6pw +1B/1qyBmbh0Qi3HPeUL7YWSrQ0nsO3al4a2xfMHRzsI8Dk9xcUrg0rmmcPY8eUiZ +48sr6GUpSXEOR8nVd4sXXdp3/1ewSGrOGueZWypnY1lk/TLwCZgwNc/TTblRe7rU +0cJPSrkvIotjIdps4nyHzBZY3vwyF3wm8Zwlv5lJ6PVMaFswBLAkfsJlZxpemK1Z +41+t6XtpKDCAHtn4EeEG7RzG1Yo6u7afmhGXSzRfwczm+B4ZK0MvcxlRr2+0A01p +okp7s+5+Q2eS2iY95SUbmuyXMbDS32PyGXuOidUcpVYF7HisM7fFw5b2ffHMe+jc +NwmU1H4C +-----END CERTIFICATE----- +-----BEGIN X509 CRL----- +MIIDzjCCAbYCAQEwDQYJKoZIhvcNAQENBQAwggFyMQswCQYDVQQGEwJGUjEfMB0G +A1UECB4WAFIAaAD0AG4AZQAtAEEAbABwAGUAczEfMB0GA1UEBx4WAFIAaAD0AG4A +ZQAtAEEAbABwAGUAczEaMBgGA1UEChMRTCdIZXVyZXV4IEN5Y2xhZ2UxLTArBgNV +BAsTJFNZc3RlbWUgZGUgTXVsdGktUG9zdGFnZSBBdXRvbWF0aXF1ZTEiMCAGA1UE +AxMZc3ltcGEuaGV1cmV1eC1jeWNsYWdlLm9yZzFLMEkGA1UEDx5CAFYAMQAuADAA +LAAgAG4AaQAgAGQAaQBlAHUAIABuAGkAIABtAGEA7gB0AHIAZQAgAG4AaQAgAG0A +bwB0AGUAdQByMScwJQYLKwYBBAGCNzwCAQEeFgBSAGgA9ABuAGUALQBBAGwAcABl +AHMxJzAlBgsrBgEEAYI3PAIBAh4WAFIAaAD0AG4AZQAtAEEAbABwAGUAczETMBEG +CysGAQQBgjc8AgEDEwJGUhcNMTMwNDE0MDAyMDE0WhcNMjMwNDE1MDAyMDE0WqAO +MAwwCgYDVR0UBAMCAQAwDQYJKoZIhvcNAQENBQADggIBAJIs49a3qnjacl22s+tc +CNwjx77gd3a096B91od6dbGyMVJ00VhHyDEqZnKVbRsgvsVCLu+C4II99Eo0BSk4 +sDl7So+5SblCyRE3TwDYg0XlPTd85FtrklGR5W3b0J/mwKA8idw5NsJ4+7fJXOFf +m51ph4j9aAnRoEepHJup+EbGi+w47Ozxu/LDm72CriPtkkqgiPfJ9rqrPmIUzpnW +fSCKx2lqkandP9GnMWAdzRI0CwIQeo945E5nro/qUAqhCnXejm5PokekifKcnzHp +tjkE+PEXj+76gnA9sx8AN2bUvkTF6mKMkaMUXCBl6YuQY/wdWq0S0yYPsPN3a/4P ++hAHQZ8BKP7wJbXXHDyBarp05ebEzmSVRkPUDKEzQgUbIExpszNLHXIcxF5T0VE9 +b0GjzjAF8jsMfFu8YZKy30uKTfpfygHdt4lDQExSAaqqnw3G6wPFPIyqkAw6yANl +eC0FyVGoFwZqwU660WZzysBTn4PzPAmtVF6s/Y5khVz7XuXnJ/Kjfxu2D9fpAnaX +YwPFDa11HH2+68aKTfWeAtN3GVoeKJ4qg9VMhycX+RTPX50gNpt7RK43jTkPtIy+ +gXzoBcjtgpN0gXprAyIg3rPimuVTnHd47ePmvc9d8pBJkRaF+CR2mzg/t/j+tiqK +TO1Avx+k6UDYE0KjX2G6irbR +-----END X509 CRL----- diff --git a/var/pub/x509/sympa.heureux-cyclage.org/crt.pem b/var/pub/x509/sympa.heureux-cyclage.org/crt.pem new file mode 100644 index 0000000..7424e8d --- /dev/null +++ b/var/pub/x509/sympa.heureux-cyclage.org/crt.pem @@ -0,0 +1,56 @@ +-----BEGIN CERTIFICATE----- +MIIJ7TCCB9WgAwIBAgIHIBMEFAIgEjANBgkqhkiG9w0BAQ0FADCCARUxHDAaBgNV +BAMTE2hldXJldXgtY3ljbGFnZS5vcmcxCzAJBgNVBAYTAkZSMQwwCgYDVQQrEwNM +SEMxGjAYBgNVBAoTEUwnSGV1cmV1eCBDeWNsYWdlMVcwVQYDVQQLHk4AQQBuAHQA +aQAtAGEAdQB0AG8AcgBpAHQA6QAgAGQAZQAgAGMAZQByAHQAaQBmAGkAYwBhAHQA +aQBvAG4AIABwAHIAaQBtAGEAaQByAGUxDjAMBgNVBBETBTY5MDAxMR8wHQYDVQQI +HhYAUgBoAPQAbgBlAC0AQQBsAHAAZQBzMR8wHQYDVQQJExYxMCBydWUgU2FpbnQg +UG9seWNhcnBlMRMwEQYDVQQUHgoAbgDpAGEAbgB0MB4XDTEzMDQxNDAwMjAxMloX +DTIzMDQxNTAwMjAxMlowggFyMQswCQYDVQQGEwJGUjEfMB0GA1UECB4WAFIAaAD0 +AG4AZQAtAEEAbABwAGUAczEfMB0GA1UEBx4WAFIAaAD0AG4AZQAtAEEAbABwAGUA +czEaMBgGA1UEChMRTCdIZXVyZXV4IEN5Y2xhZ2UxLTArBgNVBAsTJFNZc3RlbWUg +ZGUgTXVsdGktUG9zdGFnZSBBdXRvbWF0aXF1ZTEiMCAGA1UEAxMZc3ltcGEuaGV1 +cmV1eC1jeWNsYWdlLm9yZzFLMEkGA1UEDx5CAFYAMQAuADAALAAgAG4AaQAgAGQA +aQBlAHUAIABuAGkAIABtAGEA7gB0AHIAZQAgAG4AaQAgAG0AbwB0AGUAdQByMScw +JQYLKwYBBAGCNzwCAQEeFgBSAGgA9ABuAGUALQBBAGwAcABlAHMxJzAlBgsrBgEE +AYI3PAIBAh4WAFIAaAD0AG4AZQAtAEEAbABwAGUAczETMBEGCysGAQQBgjc8AgED +EwJGUjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKiXA1P3lE0TXmbQ +oUWiJwkZWhQvnp2U+Xju9PzDw793Fll94Z4FqzkD7iIc6s9wKsmrbRyck4u1fZPx +rSjicSXUUcRinFNh9AuMRA/olm3jQDaQpDyzhjOuI3XW7sqVkERhfHESkkeGttnU +kzUJT2+RMcoinvulW9pDALEN6RwN5DbRQdsZOObBbNt7ahr0wtK+Q5AjW/dANTju +sKxoA2POYZ6qW6Sp8NroQZ0qDg+pfvD9c/Rkn7uvrIlUMN+s9/euZvtAURClz0DO +UXtgbg5705Kicdw4so7qAzehFS4xz6Y1vTVBuLzcFQZPhwuhi3GGDxkAt50bFZBn +9oqHL2/ACg8Hsx3g3o5D5byGn6MyNd2D/s/iu4y5FQjlc52j31lNrRrlIQws3hBA +ycWRbk4MsrSP1kzWJl7Oyn4wbjSzWodbbpNvjadweJ1Raa79anibC5TyTypTnivZ +15BKr5kh+XsWqNk/7b2gVJ8+gBn1YezkKfLR778Q6lS9yDJ92NZZqubQTWtFHKbC +O6ybDPDQqK7kKxrjsfl0c68fxcpbNi2NoCMyPwafVWXxl1MknwYCPe4hqvPDe64J +St77775s4vQcOY4LdDOmM41E1AnIc4/3AhxUR2Jb3WPJk/7K6h4Cc7zg7sRJnLUp +iNPpfgIk4mUoedPzbe035Pa/d1IVAgMBAAGjggLfMIIC2zASBgNVHRMBAf8ECDAG +AQH/AgEAMAsGA1UdDwQEAwIBpjBHBgNVHREEQDA+gSFjb250YWN0K3N5bXBhQGhl +dXJldXgtY3ljbGFnZS5vcmeCGXN5bXBhLmhldXJldXgtY3ljbGFnZS5vcmcwHQYD +VR0OBBYEFL5Hl/nuubAdmATcjiKaT0DpE6+jMCYGA1UdEgQfMB2BG2NvbnRhY3RA +aGV1cmV1eC1jeWNsYWdlLm9yZzCCAU0GA1UdIwSCAUQwggFAgBTQQETok+Fk9woJ +QMBtg2e8t7ntSqGCAR2kggEZMIIBFTEcMBoGA1UEAxMTaGV1cmV1eC1jeWNsYWdl +Lm9yZzELMAkGA1UEBhMCRlIxDDAKBgNVBCsTA0xIQzEaMBgGA1UEChMRTCdIZXVy +ZXV4IEN5Y2xhZ2UxVzBVBgNVBAseTgBBAG4AdABpAC0AYQB1AHQAbwByAGkAdADp +ACAAZABlACAAYwBlAHIAdABpAGYAaQBjAGEAdABpAG8AbgAgAHAAcgBpAG0AYQBp +AHIAZTEOMAwGA1UEERMFNjkwMDExHzAdBgNVBAgeFgBSAGgA9ABuAGUALQBBAGwA +cABlAHMxHzAdBgNVBAkTFjEwIHJ1ZSBTYWludCBQb2x5Y2FycGUxEzARBgNVBBQe +CgBuAOkAYQBuAHSCByATAyYJODEwRwYIKwYBBQUHAQEEOzA5MDcGCCsGAQUFBzAC +hitodHRwOi8vd3d3LmhldXJldXgtY3ljbGFnZS5vcmcveDUwOS9jcnQucGVtMEIG +A1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly93d3cuaGV1cmV1eC1jeWNsYWdlLm9yZy94 +NTA5L3N5bXBhL2NybC5wZW0wSgYDVR0gBEMwQTA/BgUqgXoBKjA2MDQGCCsGAQUF +BwIBFihodHRwczovL3d3dy5oZXVyZXV4LWN5Y2xhZ2Uub3JnL3g1MDkvY3BzMA0G +CSqGSIb3DQEBDQUAA4ICAQAJ6RQWFyQDtnKonctz9TR6EEU4+0JsJzLK26Qn3NuA +5kwSwRNsdZ8Yc0kFV1YjH3CvEmn05Bhw0HXO9hmrnt48l4PNhZokPcoKzJUiy4IK +aSeAoUWn7NSywVZu7Rkh+5eIS+1Ok9Vza6pLqxyYP2X8bL39hYr6eQWuPSVP88aC +vuwFTaloOWtYy89yS+8+0HZi3Qu+jIY++tZIOr2Q3vBJE56C/b2ib8GTW5K+nebR +ilde8ajOL/W6LJybW532B65y2cyL2HqaFEdmswFy0ud+pAHDuyWu9zOtagW/nphi +YKg5cA6ucz5FiSLjWCYHtLVPGFK+bfLUzD80dNPxWt+4NXIpijtichX+Y2TIuWY2 +amAlF3lhukLA+k78FVmE8GPW7+8iuvEu5WDjqANOjzZbYkLfxgZTyZl7nxwQrW5a +Gj5ohnEgy9lFDk+1gLS2p74+w3PjcvMfniG+OHmekAo09M4YHfYlUoyvYVTW3FGp +E2nMrxnmRfKiHnNnnH8JzYHjTEcpgSwl++NvzSuhTFJGqNz9XsAEPCErPTHWKrjS +S5MpPcIaJfSj0RODt8qeeMq5dolSqV/ZzaJMZxmaxjxZAPksUKGB9RDU/Au0Vl0N +cAGkE9w8zP1Xy8UnIW0bHEfD6XmfuwNLlS2tuVdoBfsEsnk+O1CZKPprWy50b2YL +dw== +-----END CERTIFICATE----- diff --git a/var/pub/x509/sympa.heureux-cyclage.org/crt.pem.asc b/var/pub/x509/sympa.heureux-cyclage.org/crt.pem.asc new file mode 100644 index 0000000..48d9f00 --- /dev/null +++ b/var/pub/x509/sympa.heureux-cyclage.org/crt.pem.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.12 (GNU/Linux) + +iQIcBAABCgAGBQJRafY8AAoJEF4nGc9w/oqevqgP/RJEf3vX+ddIdtSomcpUuADE +Nk/40UfYYwhXDME9oGJVsLUuKfEvubLCPx+nnHNuQcJtWiXpezckBjlV4w9/vbjx +yQCAJFBVSb6BEiHh02y6vUGDHg01JTYj8u6+8WrFLxwmcVslLEuMLB4ikKOxWJux +fUh76tQudKOgEZfFbxh8kti5gXHg+CEYVyMKBIdmxdkAeiR/GjGewxECSYTAohSB +nhXAMlkSR2DxSqCdSI0a3YL1QGhdzQ3H7zotpBz4DrEKBufMz0ztxg5MmXE3jVOw +mxgIMcIwR6TWyrMV16rNxtKnlSaDR0NA6PBgNF0TJAhwvY6eJxZfxzM1odaseTrz +E+7GY8OdaBlp1zWaMt71PxWcj9qOA5lsGfmkdH8OXp/r+66tKg6o6VX4EQRbfnGP +qaKQLOjOn/n9oQdlb/rgPoly1KNKgkVMY80AkMW12k9sH/RBk89K573Y6MSuWld8 +PyVlSNoH39zgx51j1W5nUwT1ahl01gbVy+gPvmJ65zqulxOw+kRXxDGgfjUNY4NE +sUmCCZlIZnE8hAJOBeVGNjhaAnSHidSE2S5VicN762qMxSh/N+/O7t+Obavguf/+ +kK8aO/0tkRsIekcObhM7IGydx3AxJnKmdCK1RPTdmNkQMg9g59iN9GRjsXMnDHtb +yB0bjdzDxWeADXWQ9B/N +=7oqB +-----END PGP SIGNATURE----- diff --git a/var/pub/x509/sympa.heureux-cyclage.org/crt.self-signed.pem b/var/pub/x509/sympa.heureux-cyclage.org/crt.self-signed.pem new file mode 100644 index 0000000..15b21d3 --- /dev/null +++ b/var/pub/x509/sympa.heureux-cyclage.org/crt.self-signed.pem @@ -0,0 +1,59 @@ +-----BEGIN CERTIFICATE----- +MIIKgjCCCGqgAwIBAgIHIBMEFAIgFDANBgkqhkiG9w0BAQ0FADCCAXIxCzAJBgNV +BAYTAkZSMR8wHQYDVQQIHhYAUgBoAPQAbgBlAC0AQQBsAHAAZQBzMR8wHQYDVQQH +HhYAUgBoAPQAbgBlAC0AQQBsAHAAZQBzMRowGAYDVQQKExFMJ0hldXJldXggQ3lj +bGFnZTEtMCsGA1UECxMkU1lzdGVtZSBkZSBNdWx0aS1Qb3N0YWdlIEF1dG9tYXRp +cXVlMSIwIAYDVQQDExlzeW1wYS5oZXVyZXV4LWN5Y2xhZ2Uub3JnMUswSQYDVQQP +HkIAVgAxAC4AMAAsACAAbgBpACAAZABpAGUAdQAgAG4AaQAgAG0AYQDuAHQAcgBl +ACAAbgBpACAAbQBvAHQAZQB1AHIxJzAlBgsrBgEEAYI3PAIBAR4WAFIAaAD0AG4A +ZQAtAEEAbABwAGUAczEnMCUGCysGAQQBgjc8AgECHhYAUgBoAPQAbgBlAC0AQQBs +AHAAZQBzMRMwEQYLKwYBBAGCNzwCAQMTAkZSMB4XDTEzMDQxNDAwMjAxNFoXDTIz +MDQxNTAwMjAxNFowggFyMQswCQYDVQQGEwJGUjEfMB0GA1UECB4WAFIAaAD0AG4A +ZQAtAEEAbABwAGUAczEfMB0GA1UEBx4WAFIAaAD0AG4AZQAtAEEAbABwAGUAczEa +MBgGA1UEChMRTCdIZXVyZXV4IEN5Y2xhZ2UxLTArBgNVBAsTJFNZc3RlbWUgZGUg +TXVsdGktUG9zdGFnZSBBdXRvbWF0aXF1ZTEiMCAGA1UEAxMZc3ltcGEuaGV1cmV1 +eC1jeWNsYWdlLm9yZzFLMEkGA1UEDx5CAFYAMQAuADAALAAgAG4AaQAgAGQAaQBl +AHUAIABuAGkAIABtAGEA7gB0AHIAZQAgAG4AaQAgAG0AbwB0AGUAdQByMScwJQYL +KwYBBAGCNzwCAQEeFgBSAGgA9ABuAGUALQBBAGwAcABlAHMxJzAlBgsrBgEEAYI3 +PAIBAh4WAFIAaAD0AG4AZQAtAEEAbABwAGUAczETMBEGCysGAQQBgjc8AgEDEwJG +UjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKiXA1P3lE0TXmbQoUWi +JwkZWhQvnp2U+Xju9PzDw793Fll94Z4FqzkD7iIc6s9wKsmrbRyck4u1fZPxrSji +cSXUUcRinFNh9AuMRA/olm3jQDaQpDyzhjOuI3XW7sqVkERhfHESkkeGttnUkzUJ +T2+RMcoinvulW9pDALEN6RwN5DbRQdsZOObBbNt7ahr0wtK+Q5AjW/dANTjusKxo +A2POYZ6qW6Sp8NroQZ0qDg+pfvD9c/Rkn7uvrIlUMN+s9/euZvtAURClz0DOUXtg +bg5705Kicdw4so7qAzehFS4xz6Y1vTVBuLzcFQZPhwuhi3GGDxkAt50bFZBn9oqH +L2/ACg8Hsx3g3o5D5byGn6MyNd2D/s/iu4y5FQjlc52j31lNrRrlIQws3hBAycWR +bk4MsrSP1kzWJl7Oyn4wbjSzWodbbpNvjadweJ1Raa79anibC5TyTypTnivZ15BK +r5kh+XsWqNk/7b2gVJ8+gBn1YezkKfLR778Q6lS9yDJ92NZZqubQTWtFHKbCO6yb +DPDQqK7kKxrjsfl0c68fxcpbNi2NoCMyPwafVWXxl1MknwYCPe4hqvPDe64JSt77 +775s4vQcOY4LdDOmM41E1AnIc4/3AhxUR2Jb3WPJk/7K6h4Cc7zg7sRJnLUpiNPp +fgIk4mUoedPzbe035Pa/d1IVAgMBAAGjggMXMIIDEzASBgNVHRMBAf8ECDAGAQH/ +AgEAMAsGA1UdDwQEAwIBpjBHBgNVHREEQDA+gSFjb250YWN0K3N5bXBhQGhldXJl +dXgtY3ljbGFnZS5vcmeCGXN5bXBhLmhldXJldXgtY3ljbGFnZS5vcmcwHQYDVR0O +BBYEFL5Hl/nuubAdmATcjiKaT0DpE6+jMEcGA1UdEgRAMD6BIWNvbnRhY3Qrc3lt +cGFAaGV1cmV1eC1jeWNsYWdlLm9yZ4IZc3ltcGEuaGV1cmV1eC1jeWNsYWdlLm9y +ZzCCAaoGA1UdIwSCAaEwggGdgBS+R5f57rmwHZgE3I4imk9A6ROvo6GCAXqkggF2 +MIIBcjELMAkGA1UEBhMCRlIxHzAdBgNVBAgeFgBSAGgA9ABuAGUALQBBAGwAcABl +AHMxHzAdBgNVBAceFgBSAGgA9ABuAGUALQBBAGwAcABlAHMxGjAYBgNVBAoTEUwn +SGV1cmV1eCBDeWNsYWdlMS0wKwYDVQQLEyRTWXN0ZW1lIGRlIE11bHRpLVBvc3Rh +Z2UgQXV0b21hdGlxdWUxIjAgBgNVBAMTGXN5bXBhLmhldXJldXgtY3ljbGFnZS5v +cmcxSzBJBgNVBA8eQgBWADEALgAwACwAIABuAGkAIABkAGkAZQB1ACAAbgBpACAA +bQBhAO4AdAByAGUAIABuAGkAIABtAG8AdABlAHUAcjEnMCUGCysGAQQBgjc8AgEB +HhYAUgBoAPQAbgBlAC0AQQBsAHAAZQBzMScwJQYLKwYBBAGCNzwCAQIeFgBSAGgA +9ABuAGUALQBBAGwAcABlAHMxEzARBgsrBgEEAYI3PAIBAxMCRlKCByATBBQCIBQw +TQYIKwYBBQUHAQEEQTA/MD0GCCsGAQUFBzAChjFodHRwOi8vd3d3LmhldXJldXgt +Y3ljbGFnZS5vcmcveDUwOS9zeW1wYS9jcnQucGVtMEIGA1UdHwQ7MDkwN6A1oDOG +MWh0dHA6Ly93d3cuaGV1cmV1eC1jeWNsYWdlLm9yZy94NTA5L3N5bXBhL2NybC5w +ZW0wDQYJKoZIhvcNAQENBQADggIBABIpFGv1dYvoPyJ2f+umA20OFiciSpfcJA74 +UgjyS6ASgziiPtoCCzOKsbQWNGViqDv8nYvCByVMWlgwuf7u/l/XaOB1vjV10t5T +z+I+kGm5LKhVEEaaC5JQaNrYVd/wocg2R64q+3XVuVYrFm8e4gxN5+NSSX+FYqsN +QUOGSSm7ih5mdAC97NzP/TjnEQFexx0w+SI0Qm44kKEi7yv6F2G7XmstXfwlBVf4 +TB4ScKd/89A4mQs4eQA0s1kkKI6v3MoL0S1OJGr5mAgie70RC8pUER0NST6bXpRE +LmBAqagfipbmz8o/KWlKsahX4v0uOgJQsKzFZSZLnLfLnv+tuQT74f5W6oC+O6pw +1B/1qyBmbh0Qi3HPeUL7YWSrQ0nsO3al4a2xfMHRzsI8Dk9xcUrg0rmmcPY8eUiZ +48sr6GUpSXEOR8nVd4sXXdp3/1ewSGrOGueZWypnY1lk/TLwCZgwNc/TTblRe7rU +0cJPSrkvIotjIdps4nyHzBZY3vwyF3wm8Zwlv5lJ6PVMaFswBLAkfsJlZxpemK1Z +41+t6XtpKDCAHtn4EeEG7RzG1Yo6u7afmhGXSzRfwczm+B4ZK0MvcxlRr2+0A01p +okp7s+5+Q2eS2iY95SUbmuyXMbDS32PyGXuOidUcpVYF7HisM7fFw5b2ffHMe+jc +NwmU1H4C +-----END CERTIFICATE----- diff --git a/var/pub/x509/sympa.heureux-cyclage.org/crt.self-signed.pem.asc b/var/pub/x509/sympa.heureux-cyclage.org/crt.self-signed.pem.asc new file mode 100644 index 0000000..280a184 --- /dev/null +++ b/var/pub/x509/sympa.heureux-cyclage.org/crt.self-signed.pem.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.12 (GNU/Linux) + +iQIcBAABCgAGBQJRafY+AAoJEF4nGc9w/oqeyjoP/0KRPZb9inehT5Ni3gV7V1Wv +Pi1BXIdv8yow6H+RtKkniy0ridlEc9FUI80dnsNomKrxbms7hEUn05vkm/SShvAd +Vl3sfMQDc6gSGLNJgR2DEPl8fg3jELARnVB2XW3GebP2L70iSfldPllMZxPmCK7I +kKNLX5mtlqXzFqDBOlBboyzlXMnqPaq76pM3c2hRhmtlL1aJpOB2WBfUjIcFNApY +WyK2XwHZ5ILB0KH52XsPQd1giq+Zb80tQWfi4m4wRCY+xgC587V+S8texX4gjFmf +Vhey1KY/L+vAmpKw3R0ofWOoNUuuCWiALyPp2uPOSKv+d0EekHO2TZ/6p9fpF66E +9NsTVHarVZrymdF+flyTbTSXSrXw3VKdXT+5VloirWQC6O9QIkzsPOJya0N55qqI +eec/FJL8V/GoLlErq2TxhZjmdjuyn516lixp3f0pOUplmeX5rEJJd14vJ69dZk5K +1WPQGXilYSJHZBZX7EiwwZ0cAs7NssejYvdjCdAnY8FPPgQVoDjIdI1aZHi2VoLu +LXs5F5D+J81MQDYGs3QR/xRJltGO2rxZXrOklbVS/OHi6yDLXsmS9GLREKrIJaQS +yLQqt5VHluL16+EAnfSyT0mr5wNDc8Ul/u0T33uJdaUhf8ZztNw4vJVRZDe4PUht +Gp7eptLAKErLIlBZbl2G +=nSdC +-----END PGP SIGNATURE----- diff --git a/var/pub/x509/sympa.heureux-cyclage.org/idx.self-signed.txt b/var/pub/x509/sympa.heureux-cyclage.org/idx.self-signed.txt new file mode 100644 index 0000000..e69de29 diff --git a/var/pub/x509/sympa.heureux-cyclage.org/idx.txt b/var/pub/x509/sympa.heureux-cyclage.org/idx.txt new file mode 100644 index 0000000..e69de29 diff --git a/var/pub/x509/sympa.heureux-cyclage.org/req.pem b/var/pub/x509/sympa.heureux-cyclage.org/req.pem new file mode 100644 index 0000000..1f34193 --- /dev/null +++ b/var/pub/x509/sympa.heureux-cyclage.org/req.pem @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIFuTCCA6ECAQAwggFyMQswCQYDVQQGEwJGUjEfMB0GA1UECB4WAFIAaAD0AG4A +ZQAtAEEAbABwAGUAczEfMB0GA1UEBx4WAFIAaAD0AG4AZQAtAEEAbABwAGUAczEa +MBgGA1UEChMRTCdIZXVyZXV4IEN5Y2xhZ2UxLTArBgNVBAsTJFNZc3RlbWUgZGUg +TXVsdGktUG9zdGFnZSBBdXRvbWF0aXF1ZTEiMCAGA1UEAxMZc3ltcGEuaGV1cmV1 +eC1jeWNsYWdlLm9yZzFLMEkGA1UEDx5CAFYAMQAuADAALAAgAG4AaQAgAGQAaQBl +AHUAIABuAGkAIABtAGEA7gB0AHIAZQAgAG4AaQAgAG0AbwB0AGUAdQByMScwJQYL +KwYBBAGCNzwCAQEeFgBSAGgA9ABuAGUALQBBAGwAcABlAHMxJzAlBgsrBgEEAYI3 +PAIBAh4WAFIAaAD0AG4AZQAtAEEAbABwAGUAczETMBEGCysGAQQBgjc8AgEDEwJG +UjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKiXA1P3lE0TXmbQoUWi +JwkZWhQvnp2U+Xju9PzDw793Fll94Z4FqzkD7iIc6s9wKsmrbRyck4u1fZPxrSji +cSXUUcRinFNh9AuMRA/olm3jQDaQpDyzhjOuI3XW7sqVkERhfHESkkeGttnUkzUJ +T2+RMcoinvulW9pDALEN6RwN5DbRQdsZOObBbNt7ahr0wtK+Q5AjW/dANTjusKxo +A2POYZ6qW6Sp8NroQZ0qDg+pfvD9c/Rkn7uvrIlUMN+s9/euZvtAURClz0DOUXtg +bg5705Kicdw4so7qAzehFS4xz6Y1vTVBuLzcFQZPhwuhi3GGDxkAt50bFZBn9oqH +L2/ACg8Hsx3g3o5D5byGn6MyNd2D/s/iu4y5FQjlc52j31lNrRrlIQws3hBAycWR +bk4MsrSP1kzWJl7Oyn4wbjSzWodbbpNvjadweJ1Raa79anibC5TyTypTnivZ15BK +r5kh+XsWqNk/7b2gVJ8+gBn1YezkKfLR778Q6lS9yDJ92NZZqubQTWtFHKbCO6yb +DPDQqK7kKxrjsfl0c68fxcpbNi2NoCMyPwafVWXxl1MknwYCPe4hqvPDe64JSt77 +775s4vQcOY4LdDOmM41E1AnIc4/3AhxUR2Jb3WPJk/7K6h4Cc7zg7sRJnLUpiNPp +fgIk4mUoedPzbe035Pa/d1IVAgMBAAGgADANBgkqhkiG9w0BAQ0FAAOCAgEAph0j +9w5CWT2HKBTTY/Im4Y74YBANoBS7w9Oku4mucVplodA1oxt8ZzKs/sPzDl/jBFO1 +rsBHFzKerT0hp+VEn3hlkMbk3NPAJ6ZkmFURVkX0hnrTZ6NyVbPzEjkZ/N4XsGZF +k0BmzkPv7eZRJrb0anwPL4PMpx3RBv5yq7Ci2la5FgL/SwZ4JpDrnjFvdeJy0SsK +cy8Y2afie5GPs/OlN/n+IQEHWZUAsF2ENXKvkJhTieRYaMLDLHwjapSb6PyALeh6 +7vqvak9y2elucIPOMZuPHFeeJOhQyqXr5ie4pspnISN2a81eg3tl1KfyHVvCA/Km +SSuDM5DZyWsQjTguEJhB1F43aqeeyapTEZ2hGdvyFax6vmv4nbPvN5CO3T1W1F7U +fnVPeBxsAnsoChjrLB2/gS7u1KYkxpRpZCSbjM8Tsv9CC0tAcWkZ68PQdfGwFoEH +amsjidegP3uwbRa0tiAIgoOwcTnc99rAWxJiptdm9eEOxaH3wxFsN0uaWbvS+aa9 +bjvh+k82c+vtujMBnEvIZGmP5FIg7i86SUFmIIqeoMTVkgQAgZ4aDnejghHnRFdM +jqXXS0xIdTc2kPtpLhPj7CW3jy+Xlu53B0NIWPPp4vUGUKE4XmAkXLg7FeQHLFQR +ShszfYJhJPlhNP1TBvoczqs4MNWdh3ED2jg7Inc= +-----END CERTIFICATE REQUEST----- diff --git a/vm_hosted b/vm_hosted index b9275fa..3ac6ced 100755 --- a/vm_hosted +++ b/vm_hosted @@ -61,10 +61,16 @@ rule_adduser () { sudo adduser "$@" "$user" } rule_apt_get_install () { # SYNTAX: $package - sudo DEBIAN_FRONTEND=noninteractive apt-get install --yes "$@" + sudo \ + DEBIAN_FRONTEND=noninteractive \ + DEBIAN_PRIORITY=low \ + apt-get install --yes "$@" } rule_dpkg_reconfigure () { # SYNTAX: $package - sudo DEBIAN_FRONTEND=noninteractive dpkg-reconfigure "$@" + sudo \ + DEBIAN_FRONTEND=noninteractive \ + DEBIAN_PRIORITY=low \ + dpkg-reconfigure "$@" } rule__chrooted_configure () { # NOTE: est-ce bien utile à un moment ? @@ -252,7 +258,7 @@ rule_apt_configure () { sudo install -m 660 -o root -g root /dev/stdin /etc/apt/sources.list.d/openerp.list <<-EOF deb http://nightly.openerp.com/7.0/nightly/deb/ ./ EOF - sudo install -m 660 -o root -g root /dev/stdin /etc/apt/preferences <<-EOF + sudo install -m 664 -o root -g root /dev/stdin /etc/apt/preferences <<-EOF Package: * Pin: release a=$vm_lsb_name Pin-Priority: 200 @@ -553,25 +559,48 @@ rule_network_configure () { /etc/network/interfaces } rule_runit_configure () { # SYNTAX: $sv - rule apt_get_install runit - local -; set +f - sudo find /etc/sv -mindepth 1 -maxdepth 1 -type d -name "${1:-*}" -exec \ - /bin/sh -efux -c 'case $(sv stop "$1") in - (*": runsv not running") true;; - (*": unable to open supervise/ok: file does not exist") true;; - ("ok: down:"*) true;; - (*) false;; - esac' '' {} + - for sv in ${1-"$tool"/etc/sv/*} - do sv=${sv##*/} - rule runit_sv_configure "$sv" - rule runit_sv_start "$sv" - done - #sleep 3 - #sudo find -L /etc/service -type l -delete + #rule apt_get_install runit + if test $# = 0 + then + set +x + sudo sv status \ + $(sudo find /etc/sv \ + -mindepth 1 -maxdepth 1 -type d \ + -printf '%p\n' | sort) + else + local services= + while [ $# -gt 0 ] + do case $1 in + (--) shift; break;; + (*) services="$services $1"; shift;; + esac + done + #for sv in $(sudo find /etc/sv \ + # -mindepth 1 -maxdepth 1 -type d \ + # -false $(printf -- '-or -name %s\n' $services) \ + # -printf '%f\n') + # do + # case $(sudo sv stop "$sv" | tee /dev/stderr) in + # (*": runsv not running") true;; + # (*": unable to open supervise/ok: file does not exist") true;; + # ("ok: down:"*) true;; + # (*) false;; + # esac + # done + for sv in $(find "$tool"/etc/sv \ + -mindepth 1 -maxdepth 1 -type d \ + -false $(printf -- '-or -name %s\n' $services) \ + -printf '%f\n') + do + rule runit_sv_configure "$sv" "$@" + rule runit_sv_start "$sv" + done + #sleep 3 + #sudo find -L /etc/service -type l -delete + fi } -rule_runit_sv_configure () { # SYNTAX: $sv - local sv="$1" +rule_runit_sv_configure () { # SYNTAX: $sv $configure_options + local sv="$1"; shift sudo install -d -m 770 -o root -g root \ /etc/sv/"$sv" sudo install -m 770 -o root -g root \ @@ -587,9 +616,11 @@ rule_runit_sv_configure () { # SYNTAX: $sv fi ( test ! -r "$tool"/etc/sv/"$sv"/configure.sh || - . "$tool"/etc/sv/"$sv"/configure.sh + . "$tool"/etc/sv/"$sv"/configure.sh || return 1 + ) + ( test ! -r "$tool"/etc/sv/"$sv"/log/configure.sh || - . "$tool"/etc/sv/"$sv"/log/configure.sh + . "$tool"/etc/sv/"$sv"/log/configure.sh || return 1 ) sudo ln -fns \ ../sv/"$sv" \ @@ -598,9 +629,9 @@ rule_runit_sv_configure () { # SYNTAX: $sv rule_runit_sv_restart () { # SYNTAX: $sv local sv="$1" while true - do case $(sudo sv restart "$sv") in - ("fail: $sv: runsv not running") sleep 1;; - ("warning: $sv: unable to open supervise/ok: file does not exists") sleep 1;; + do case $(sudo sv restart "$sv" | tee /dev/stderr) in + (*": runsv not running") sleep 1;; + (*": unable to open supervise/ok: file does not exist") sleep 1;; (*) break;; esac done @@ -608,9 +639,9 @@ rule_runit_sv_restart () { # SYNTAX: $sv rule_runit_sv_start () { # SYNTAX: $sv local sv="$1" while true - do case $(sudo sv start "$sv") in - ("fail: $sv: runsv not running") sleep 1;; - ("warning: $sv: unable to open supervise/ok: file does not exists") sleep 1;; + do case $(sudo sv start "$sv" | tee /dev/stderr) in + (*": runsv not running") sleep 1;; + (*": unable to open supervise/ok: file does not exist") sleep 1;; (*) break;; esac done @@ -752,7 +783,9 @@ rule_user_configure () { for sh in "$tool"/etc/user.d/*/configure.sh do sh=${sh#"$tool"/etc/user.d/} local user="${sh%/configure.sh}" - . "$tool"/etc/user.d/"$sh" + ( + . "$tool"/etc/user.d/"$sh" || return 1 + ) done } rule_user_admin_add () { # SYNTAX: $user -- 2.20.1