+++ /dev/null
-#!/bin/sh
-set -e -f ${DRY_RUN:+-n} -u
-tool=${0%/*}
-. "$tool"/env.sh
-. "$tool"/inc.sh
-
-rule_help () {
- cat >&2 <<-EOF
- DESCRIPTION: ce script regroupe des fonctions utilitaires
- pour gérer la VM des ateliers _depuis_ la VM hébergée ;
- il sert à la fois d'outil et de documentation.
- Voir \`$tool/ateliers_host' pour les utilitaires côté machine hôte.
- SYNTAX: $0 \$RULE \${RULE}_SYNTAX
- RULES:
- $(sed -ne 's/^rule_\([^_][^ ]*\) () {\( *#.*\|\)/\t\1\2/p' "$tool"/env.sh "$0")
- ENVIRONMENT:
- TRACE # affiche les commandes avant leur exécution
- $(sed -ne 's/^readonly \([^ ][^ =]*\).*}\( *#.*\|\)$/\t$\1\2/p' "$tool"/env.sh "$0")
- EOF
- }
-
-rule_filesystem_init () {
- mk_reg mod= own= --append /etc/sysctl.conf <<-EOF
- vm.swappiness = 10 # NOTE: n'utilise le swap qu'en cas d'absolue nécessité
- vm.vfs_cache_pressure=50
- EOF
- }
-rule_shell_source () {
- . /etc/profile
- }
-rule_network_init () {
- mk_reg mod= own= /etc/hostname <<-EOF
- $vm
- EOF
- grep -q " $vm\$" /etc/hosts ||
- mk_reg mod= own= --append /etc/hosts <<-EOF
- 127.0.0.1 $vm_fqdn $vm
- EOF
- mk_reg mod= own= /etc/network/interfaces <<-EOF
- auto lo
- iface lo inet loopback
-
- auto eth0=grenode
- iface grenode inet static
- address $vm_ipv4
- gateway $vm_ipv4 # NOTE: proxy_arp sur la passerelle permet d'utiliser la même adresse
- network $vm_ipv4
- broadcast $vm_ipv4
- netmask 255.255.255.255
- mtu 1300 # TODO: voir si c'est nécessaire à Lyon
- up ip address add $vm_ipv4/32 dev \$IFACE
- down ip address delete $vm_ipv4/32 dev \$IFACE
- EOF
- }
-rule_apt_init () {
- mk_reg mod= own= /etc/apt/sources.list <<-EOF
- deb http://ftp.fr.debian.org/debian $vm_lsb_name main contrib non-free
- EOF
- mk_reg mod= own= /etc/apt/sources.list.d/openerp.list <<-EOF
- deb http://nightly.openerp.com/trunk/nightly/deb/ ./
- EOF
- mk_reg mod= own= /etc/apt/sources.list.d/$vm_lsb_name-backports.list <<-EOF
- deb http://backports.debian.org/debian-backports $vm_lsb_name-backports main contrib non-free
- EOF
- mk_reg mod= own= /etc/apt/preferences <<-EOF
- Package: *
- Pin: release a=$vm_lsb_name
- Pin-Priority: 170
-
- Package: *
- Pin: release a=$vm_lsb_name-backports
- Pin-Priority: 200
- EOF
- }
-rule_boot_init () {
- mk_reg mod= own= /etc/fstab <<-EOF
- # <file system> <mount point> <type> <options> <dump> <pass>
- LABEL=boot /boot ext2 defaults,no-auto 0 0
- proc /proc proc defaults 0 0
- sysfs /sys sysfs defaults 0 0
- tmpfs /tmp tmpfs rw,nosuid,nodev,auto,size=200m,nr_inodes=1000k,mode=1777,noatime,nodiratime 0 0
- /dev/mapper/${vm}_root_deciphered / ext4 defaults,errors=remount-ro,acl,noatime 0 1
- /dev/mapper/${vm}_var_deciphered /var ext4 defaults,errors=remount-ro,acl,noatime 0 1
- /dev/mapper/${vm}_home_deciphered /home ext4 defaults,errors=remount-ro,acl,noatime,usrquota,grpquota 0 0
- /dev/mapper/${vm}_swap_deciphered swap swap sw 0 0
- EOF
- mk_reg mod= own= /etc/crypttab <<-EOF
- # <target name> <source device> <key file> <options>
- ${vm}_root_deciphered LABEL=${vm}_root ${vm}_root luks
- ${vm}_var_deciphered LABEL=${vm}_var ${vm}_root_deciphered luks,lvm=$vm_lvm_vg,keyscript=/lib/cryptsetup/scripts/decrypt_derived
- ${vm}_swap_deciphered LABEL=${vm}_swap ${vm}_root_deciphered luks,lvm=$vm_lvm_vg,keyscript=/lib/cryptsetup/scripts/decrypt_derived
- ${vm}_home_deciphered LABEL=${vm}_home ${vm}_root_deciphered luks,lvm=$vm_lvm_vg,keyscript=/lib/cryptsetup/scripts/decrypt_derived
- EOF
- mk_reg mod= own= /etc/initramfs-tools/modules <<-EOF
- #loop
- sha1_generic
- sha256_generic
- sha512_generic
- aes-x86_64
- xts
- EOF
- mk_reg mod= own= --append /etc/default/grub <<-EOF
- GRUB_CMDLINE_LINUX="vt.default_utf8=1 rootfstype=ext4 loglevel=5 console=hvc0 resume=/dev/mapper/${vm}_swap_deciphered"
- EOF
- }
-rule_user_admin_add () { # SYNTAX: <name>
- admin=$1
- ! id "$admin" || adduser "$admin"
- eval home="~$admin"
- adduser "$admin" sudo
- mk_reg mod=0400 own="$admin:$admin" "$home"/etc/ssh/authorized_keys <"$tool"/key/"$admin".ssh.pub
- }
-rule_user_mail_format () {
- mk_dir mod=0770 own=root:adm /etc/skel/etc/procmail
- mk_dir mod=0770 own=root:adm /etc/skel/var/mail
- mk_dir mod=0770 own=root:adm /etc/skel/var/cache/procmail
- mk_reg mod=0660 own=root:adm /etc/skel/etc/procmail/delivery.rc <<-EOF
- # vim: ft=procmail
-
- # NOTE: paramètres passés par postfix
- SENDER=\$1
- RECIPIENT=\$2
- USER=\$3
- EXTENSION=\$4
- DOMAIN=\$5
- ORIGINAL_RECIPIENT=\$6
-
- PATH="\$HOME/bin:/usr/local/bin:/usr/bin:/bin"
- MAILDIR="\$HOME/var/mail/"
- DEFAULT="\$MAILDIR"
- #LOGFILE=`cd="\$HOME/var/log/procmail/" d=\$(date +"%Y-%m-%d"); ln -fns "\$d.log" "\$cd/current.log"; printf %s "\$cd/\$d.log"`
- LOGFILE="/dev/null"
- LOGABSTRACT=all
- LOGABSTRACT
- VERBOSE
- SHELL=/bin/sh
- SHELLMETAS=&|<>~;?*%{}
-
- # DESCRIPTION: supprime les doublons en fonction du champ Message-Id
- #:0 Wh: "\$HOME/var/cache/procmail/msgid\$LOCKEXT"
- #| formail -D 8192 "\$HOME/var/cache/procmail/msgid"
-
- # DESCRIPTION: fait suivre à l'adresse configurée dans /etc/passwd ; on peut aussi utiliser ~/.forward
- EMAIL=`sed /etc/passwd -ne "/^\$USER:/s/[^:]*:[^:]*:[^:]*:[^:]*:[^,]*,[^,]*,[^,]*,[^,]*,\([^:]*\):.*/\1/p"`
- # NOTE: récupère l’adresse courriel dans le champ GECOS
- FROM_=`formail -c -x "From " | sed -e 's/^\s*\([^ \t]*\).*/\1/g'`
- # NOTE: récupère l’expéditeur inscrit sur l’enveloppe
- :0
- | \$SENDMAIL -i -bm -f "\$FROM_" "\${EMAIL/@/\${EXTENSION:++\${EXTENSION}}@}"
-
- # DESCRIPTION: IMAP
- #:0
- #| /usr/lib/dovecot/deliver -f "\$SENDER" -a "\$RECIPIENT"
-
- # DESCRIPTION: UUCP
- #:0
- #| /usr/bin/uux \
- # -I "\$HOME/etc/uucp/uucp.cfg" \
- # --nouucico \
- # --notification=error \
- # --requestor "\$USER" \
- # - "\$USER!rmail" "(\$USER)"
- EOF
- mk_reg mod=0664 own=root:root /etc/postfix/main.cf <<-EOF
- # /etc/postfix/main.cf
- # SEE: http://postfix.traduc.org/index.php/TLS_README.html
-
- parent_domain_matches_subdomains =
- #debug_peer_list
- #fast_flush_domains
- #mynetworks
- #permit_mx_backup_networks
- #qmqpd_authorized_clients
- #smtpd_access_maps
- mydomain = $vm_domainname
- myorigin = \$mydomain
- myhostname = $vm_hostname.\$mydomain
- mail_name = \$myhostname
- mydestination =
- $vm_hostname
- \$myhostname
- \$myorigin
- mynetworks =
- 127.0.0.0/8
- #[::1]/128
- inet_protocols = ipv4
- # "all" to activate IPv6
- inet_interfaces = all
- permit_mx_backup_networks =
-
- alias_database =
- hash:/etc/aliases
- # NOTE: fichier de hash contenant une table d’alias mail.
- # Celle-ci est éditable dans /etc/aliases, puis (indispensable)
- # regénérée en hash grâce à la commande newaliases qui produit /etc/aliases.db
- alias_maps =
- hash:/etc/aliases
- recipient_delimiter = +
- # NOTE: séparateur entre le nom d’utilisateur
- # et les extensions d’adresse (par défaut le signe +).
- #virtual_alias_domains =
- virtual_alias_maps =
- hash:/etc/postfix/\$mydomain/virtual
- # NOTE: do not specify virtual alias domain names in the main.cf
- # mydestination or relay_domains configuration parameters.
- #
- # With a virtual alias domain, the Postfix SMTP server
- # accepts mail for known-user@virtual-alias.domain, and
- # rejects mail for unknown-user@virtual-alias.domain as
- # undeliverable.
- #relayhost =
- relay_clientcerts =
- hash:/etc/postfix/\$mydomain/smtpd/tls/relay_clientcerts
- relay_domains =
- \$mydestination
- # NOTE: ajouter les domaines pour lesquels on est backup MX ici,
- # pas dans mydestination ou virtual_alias...
-
- maximal_queue_lifetime = 5d
-
- header_checks =
- regexp:/etc/postfix/\$mydomain/header_checks
- mime_header_checks =
- nested_header_checks =
- milter_header_checks =
- body_checks =
-
- #content_filter = amavisfeed:[127.0.0.1]:10024
- #receive_override_options = no_address_mappings
- # no_unknown_recipient_checks
- # Do not try to reject unknown recipients (SMTP server only).
- # This is typically specified AFTER an external content filter.
- # no_address_mappings
- # Disable canonical address mapping, virtual alias map expansion,
- # address masquerading, and automatic BCC (blind carbon-copy) recipients.
- # This is typically specified BEFORE an external content filter (eg. amavis).
- # no_header_body_checks
- # Disable header/body_checks. This is typically specified AFTER an external content filter.
- # no_milters
- # Disable Milter (mail filter) applications. This is typically specified AFTER an external content filter.
- #local_header_rewrite_clients =
- transport_maps =
- hash:/etc/postfix/\$mydomain/transport_maps
- mailbox_command =
- /usr/bin/procmail -t -a "\$SENDER" -a "\$RECIPIENT" -a "\$USER" -a "\$EXTENSION" -a "\$DOMAIN" -a "\$ORIGINAL_RECIPIENT" "\$HOME/etc/procmail/delivery.rc"
- mailbox_size_limit = 0
- biff = no
- # Activer la notification en cas de réception de nouveaux e-mails dans la console (yes / no).
- append_dot_mydomain = no
- # appending .domain is the MUA's job.
-
- #tls_random_source =
- # dev:/dev/urandom
- # Non-blocking
- #tls_random_reseed_period = 3600s
- #tls_random_exchange_name =
- # \${data_directory}/prng_exch
- # NOTE: à ne pas mettre dans la cage chroot
- #tls_random_bytes = 32
- #tls_random_prng_update_period = 3600s
- #tls_high_cipherlist = AES256-SHA
- # NOTE: postconf(5) déconseille de changer ceci
-
- #smtp_cname_overrides_servername = no
- smtp_connect_timeout = 60s
- #smtp_tls_CAfile = /etc/postfix/\$mydomain/smtp/tls/ca/crt.pem
- #smtp_tls_CApath = /etc/postfix/\$mydomain/smtp/tls/ca/
- #smtp_tls_cert_file = /etc/postfix/\$mydomain/smtp/tls/crt.pem
- #smtp_tls_key_file = /etc/postfix/\$mydomain/smtp/tls/key.pem
- #smtp_tls_per_site = hash:/etc/postfix/\$mydomain/smtp/tls/per_site
- # NOTE: déprécié en faveur de smtp_tls_policy_maps
- smtp_tls_policy_maps = hash:/etc/postfix/\$mydomain/smtp/tls/policy
- smtp_tls_fingerprint_digest = sha1
- smtp_tls_scert_verifydepth = 5
- #smtp_tls_secure_cert_match = nexthop, dot-nexthop
- #smtp_tls_verify_cert_match = hostname
- #smtp_tls_note_starttls_offer = yes
- smtp_tls_loglevel = 1
- smtp_tls_protocols = !SSLv2, !SSLv3
- # Only allow TLSv*
- smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache
- #smtp_tls_session_cache_timeout = 3600s
- smtp_tls_security_level = may
- smtp_header_checks = regexp:/etc/postfix/\$mydomain/smtp/header_checks
- smtp_body_checks =
- smtp_mime_header_checks =
- smtp_nested_header_checks =
-
- smtpd_starttls_timeout = 300s
- smtpd_banner =
- \$myhostname ESMTP \$mail_name (Debian/GNU)
-
- # Restrictions
- smtpd_helo_required = yes
- strict_rfc821_envelopes = yes
- smtpd_authorized_xclient_hosts = 127.0.0.1
- # NOTE: utile pour tester les restrictions
-
- smtpd_helo_restrictions =
- reject_invalid_helo_hostname
- reject_non_fqdn_helo_hostname
- #reject_unknown_helo_hostname
- # NOTE: pourrait pourtant être utile pour lutter contre le spam
- permit
-
- smtpd_sender_restrictions =
- permit_mynetworks
- permit_tls_clientcerts
- permit_sasl_authenticated
- check_sender_access hash:/etc/postfix/\$mydomain/smtpd/sender_access
- check_sender_access hash:/etc/postfix/sender_blacklist
- reject_unauth_pipelining
- reject_non_fqdn_sender
- #reject_unknown_sender_domain
- # NOTE: temporaire
- permit
-
- smtpd_client_new_tls_session_rate_limit = 0
- smtpd_client_event_limit_exceptions = \$mynetworks
- smtpd_client_recipient_rate_limit = 0
- smtpd_client_connection_count_limit = 50
- smtpd_client_connection_rate_limit = 0
- smtpd_client_message_rate_limit = 0
- smtpd_client_port_logging = no
-
- smtpd_client_restrictions =
- check_client_access hash:/etc/postfix/client_blacklist
-
- policy_time_limit = 3600
- default_extra_recipient_limit = 5000
- duplicate_filter_limit = 5000
- smtpd_recipient_limit = 5000
- smtpd_recipient_overshoot_limit = 5000
- smtpd_recipient_restrictions =
- reject_non_fqdn_recipient
- #reject_invalid_hostname
- # NOTE: postfix < 2.3. voir reject_invalid_helo_hostname
- # dans smtpd_helo_restrictions
- reject_unknown_recipient_domain
- #reject_non_fqdn_sender
- # NOTE: dans smtpd_sender_restrictions
- reject_unauth_pipelining
- # NOTE: dans smtpd_client_restrictions ou smtpd_data_restrictions
- permit_mynetworks
- permit_tls_clientcerts
- permit_sasl_authenticated
- reject_unauth_destination
- # NOTE: ne pas passer par SPFCheck / Postgrey si le mail n'est pas pour nous
- # ou quelqu'un pour lequel on tient lieu de backup_mx
- check_policy_service inet:127.0.0.1:10023
- # NOTE: Postgrey (greylisting)
- check_policy_service unix:private/spfcheck
- permit_auth_destination
- # NOTE: une fois Postgrey passé, on accepte ce qui nous est destiné
- # (voir permit_auth_destination) ; sans doute redondant
- reject
- #check_relay_domains <- removed from postfix
- #reject_unknown_sender_domain
- # aurait probablement été mieux dans smtpd_sender_restrictions
- #reject_rbl_client bl.spamcop.net
- #reject_rbl_client list.dsbl.org
- #reject_rbl_client zen.spamhaus.org
- #reject_rbl_client dnsbl.sorbs.net
-
- smtpd_data_restrictions =
- reject_unauth_pipelining
- # NOTE: obliger le serveur en face à attendre qu'on lui aie dit OK
- permit
-
- #smtpd_end_of_data_restrictions =
-
- #smtpd_restriction_classes =
-
- smtpd_error_sleep_time = 5
- # NOTE: forcer quelqu'un qui nous embête à attendre cinq secondes.
-
- # SASL
- smtpd_sasl_auth_enable = yes
- smtpd_sasl_type = dovecot
- smtpd_sasl_path = private/auth
- smtpd_sasl_security_options = noanonymous
- smtpd_sasl_domain = \$mydomain
-
- # SMTPD TLS
- smtpd_discard_ehlo_keywords = starttls
- # NOTE: les clients mails tentant d'utiliser le chiffrement opportuniste
- # se mangent une erreur en tentant un starttls
- smtpd_tls_fingerprint_digest = sha1
- # sha512 ?
- smtpd_tls_mandatory_protocols = TLSv1
- smtpd_tls_mandatory_ciphers = high
- smtpd_tls_ciphers = high
- # restrictif. s/high/medium/ ?
- smtpd_tls_CAfile = /etc/postfix/\$mydomain/smtpd/tls/ca/crt+crl.slf.pem
- smtpd_tls_CApath = /etc/postfix/\$mydomain/smtpd/tls/ca/
- smtpd_tls_cert_file = /etc/postfix/\$mydomain/smtpd/tls/crt+crl.slf.pem
- smtpd_tls_key_file = /etc/postfix/\$mydomain/smtpd/tls/key.pem
- ##
- #smtpd_tls_received_header = no
- smtpd_tls_session_cache_database =
- btree:/var/lib/postfix/smtpd_tls_session_cache
- #smtpd_tls_session_cache_timeout = 3600s
- smtpd_tls_security_level = may
- # Postfix 2.3 and later
- # encrypt
- # Mandatory TLS encryption: announce STARTTLS support to SMTP clients, and require that clients use TLS
- # encryption. According to [1720]RFC 2487 this MUST NOT be applied in case of a publicly-referenced
- # SMTP server. Instead, this option should be used only on dedicated servers.
- smtpd_tls_loglevel = 1
- smtpd_tls_ccert_verifydepth = 5
- smtpd_tls_auth_only = yes
- # Pas d'AUTH SASL sans TLS
- smtpd_tls_ask_ccert = no
- smtpd_tls_req_ccert = no
- #smtpd_tls_always_issue_session_ids = yes
- smtpd_peername_lookup = yes
- # Nécessaire pour postgrey, etc
- smtpd_milters =
- non_smtpd_milters =
- line_length_limit = 2048
- queue_minfree = 0
- message_size_limit = 20480000
- #smtpd_enforce_tls # NOTE: obsolète
- #smtpd_use_tls # NOTE: obsolète
- #smtpd_tls_cipherlist # NOTE: obsolète
-
- readme_directory = no
- #delay_warning_time = 4h
- # NOTE: uncomment the previous line to generate "delayed mail" warnings
- #debug_peer_level = 4
- #debug_peer_list = .\$myhostname
- EOF
- mk_reg mod=0664 own=root:root /etc/dovecot/dovecot.conf <<-EOF
- auth_ssl_username_from_cert = yes
- listen = *
- log_timestamp = "%Y-%m-%d %H:%M:%S "
- mail_debug = yes
- mail_location = maildir:~/var/mail
- mail_privileged_group = mail
- passdb {
- args = /home/%u/etc/dovecot/passwd
- driver = passwd-file
- }
- protocols = imap
- service auth {
- unix_listener /var/spool/postfix/private/auth {
- group = postfix
- mode = 0660
- user = postfix
- }
- user = root
- }
- ssl_ca = </etc/dovecot/imap/tls/crt+crl.slf.pem
- ssl_cert = </etc/dovecot/imap/tls/crt+crl.slf.pem
- ssl_cipher_list = AES256-SHA
- ssl_key = </etc/dovecot/imap/tls/key.pem
- ssl_verify_client_cert = yes
- userdb {
- driver = passwd
- }
- verbose_ssl = yes
- protocol lda {
- auth_socket_path = /var/run/dovecot/auth-master
- hostname = $vm_domainname
- info_log_path = /var/log/dovecot/lda/info.log
- log_path = /var/log/dovecot/lda/error.log
- mail_plugins = sieve
- postmaster_address = contact+dovecot+lda@$vm_domainname
- }
- EOF
- mk_reg mod=0664 own=root:root /etc/postgrey/whitelist_recipients.local <<-EOF
-
- EOF
- }
-rule_mail_install () {
- sudo apt-get install postfix postgrey dovecot
- }
-rule_user_format () {
- mk_dir mod=0750 own="root:adm" /etc/skel/etc
- mk_dir mod=0770 own="root:adm" /etc/skel/etc/apache2
- mk_dir mod=0770 own="root:adm" /etc/skel/etc/ssh
- mk_dir mod=0700 own="root:adm" /etc/skel/var
- mk_dir mod=0700 own="root:adm" /etc/skel/var/log
- mk_dir mod=0700 own="root:adm" /etc/skel/var/cache
- mk_dir mod=0700 own="root:adm" /etc/skel/var/cache/ssh
- mk_dir mod=0700 own="root:adm" /etc/skel/tmp
- mk_dir mod=0700 own="root:adm" /etc/skel/tmp
- mk_reg mod=0664 own=root:root /etc/ssh/sshd_config <<-EOF
- ListenAddress $vm_ipv4
- #ListenAddress ::
- Port 22
- Protocol 2
- Compression yes
- HostKey /etc/ssh/ssh_host_rsa_key
- UsePrivilegeSeparation yes
- KeyRegenerationInterval 3600
- ServerKeyBits 768
- SyslogFacility AUTH
- LogLevel INFO
- LoginGraceTime 120
- PermitRootLogin no
- StrictModes yes
- RSAAuthentication yes
- PubkeyAuthentication yes
- AuthorizedKeysFile %h/etc/ssh/authorized_keys
- IgnoreRhosts yes
- RhostsRSAAuthentication no
- HostbasedAuthentication no
- IgnoreUserKnownHosts no
- PermitEmptyPasswords no
- ChallengeResponseAuthentication no
- PasswordAuthentication no
- KerberosAuthentication no
- GSSAPIAuthentication no
- X11Forwarding no
- X11DisplayOffset 10
- PrintMotd no
- DebianBanner no
- PrintLastLog yes
- TCPKeepAlive yes
- ClientAliveInterval 0
- AcceptEnv LANG LC_*
- Subsystem sftp /usr/lib/openssh/sftp-server
- UsePAM yes
- EOF
- mk_reg mod=0440 own=root:root /etc/sudoers.d/passwd-init <<-EOF
- %sudo ALL=(ALL) NOPASSWD: /bin/sh -e -f -u -c \
- case \$(/usr/bin/passwd --status "\$SUDO_USER") in \
- ("\$SUDO_USER L "*) /usr/bin/passwd \$SUDO_USER;; esac
- EOF
- mk_reg mod=0440 own=root:root /etc/sudoers.d/etckeeper-unclean <<-EOF
- %sudo ALL=(ALL) NOPASSWD: /usr/sbin/etckeeper unclean
- EOF
- mk_reg mod=0440 own=root:root /etc/sudoers.d/env_keep <<-EOF
- Defaults env_keep = " \
- EDITOR \
- GIT_AUTHOR_NAME \
- GIT_AUTHOR_EMAIL \
- GIT_COMMITTER_NAME \
- GIT_COMMITTER_EMAIL \
- "
- EOF
- mk_reg mod=0555 own=root:root /usr/local/sbin/passwd-init <<-EOF
- #!/bin/sh
- sudo /bin/sh -e -f -u -c \
- 'case \$(/usr/bin/passwd --status "\$SUDO_USER") in ("\$SUDO_USER L "*) /usr/bin/passwd \$SUDO_USER;; esac'
- EOF
- }
-rule_kernel_init () {
- sudo apt-get install --reinstall linux-image-$vm_arch
- }
-
-rule=${1:-help}
-${1+shift}
-set "${TRACE:+-x}"
-rule_$rule "$@"
dépôts / lhc / ateliers.git / blobdiff