From e6d75a76602a8d1f1022589c77b5ba754f62975a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicol=C3=A1s=20Reynolds?= Date: Tue, 3 Jun 2014 14:28:31 -0300 Subject: pacman: secure options for gpg --- libre/pacman/PKGBUILD | 20 +++++++++----- libre/pacman/gpg.conf | 50 +++++++++++++++++++++++++++++++++++ libre/pacman/refresh-pacman-keys | 3 +++ libre/pacman/sks-keyservers.netCA.pem | 32 ++++++++++++++++++++++ 4 files changed, 98 insertions(+), 7 deletions(-) create mode 100644 libre/pacman/gpg.conf create mode 100644 libre/pacman/refresh-pacman-keys create mode 100644 libre/pacman/sks-keyservers.netCA.pem diff --git a/libre/pacman/PKGBUILD b/libre/pacman/PKGBUILD index 8fb58771b..f446e6e72 100644 --- a/libre/pacman/PKGBUILD +++ b/libre/pacman/PKGBUILD @@ -24,13 +24,10 @@ source=(ftp://ftp.archlinux.org/other/pacman/$pkgname-$pkgver.tar.gz{,.sig} pacman.conf.i686 pacman.conf.x86_64 pacman.conf.mips64el - makepkg.conf) -md5sums=('063c8b0ff6bdf903dc235445525627cd' - 'SKIP' - '688feb0a552f42643a76f72e7198bfe4' - '77c5fd379e73cf86fc08a4bd5c4b1ba1' - '9e0c64937ef751ae4273fa4d73381484' - 'f0f310df411f943dbc4e2dd376c88662') + makepkg.conf + gpg.conf + sks-keyservers.netCA.pem + refresh-pacman-keys) build() { cd "$pkgname-$pkgver" @@ -96,4 +93,13 @@ package() { done install -Dm644 contrib/PKGBUILD.vim "$pkgdir/usr/share/vim/vimfiles/syntax/PKGBUILD.vim" + + install -Dm755 "${srcdir}/refresh-pacman-keys" \ + "${pkgdir}/etc/cron.weekly/refresh-pacman-keys" + + install -Dm644 "${srcdir}/sks-keyservers.netCA.pem" \ + "${pkgdir}/etc/pacman.d/sks-keyservers.netCA.pem" + + install -Dm644 "${srcdir}/gpg.conf" \ + "${pkgdir}/etc/pacman.d/gpg.conf" } diff --git a/libre/pacman/gpg.conf b/libre/pacman/gpg.conf new file mode 100644 index 000000000..7fc6fc661 --- /dev/null +++ b/libre/pacman/gpg.conf @@ -0,0 +1,50 @@ +# pacman-key default options +no-greeting +no-permission-warning +lock-never +keyserver-options timeout=20 + +# From duraconf +# personal digest preferences +personal-digest-preferences SHA512 + +# message digest algorithm used when signing a key +cert-digest-algo SHA512 + +# Set the list of default preferences to string. +# used for new keys and default for "setpref" +default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed + +# From +# https://crabgrass.riseup.net/riseuplabs+paow/openpgp-best-practices +# Only use secure keyservers +keyserver hkps://hkps.pool.sks-keyservers.net +keyserver-options ca-cert-file=~/.gnupg/sks-keyservers.netCA.pem +keyserver-options no-honor-keyserver-url + +# when outputting certificates, view user IDs distinctly from keys: +fixed-list-mode + +# short-keyids are trivially spoofed; it's easy to create a long-keyid +# collision; if you care about strong key identifiers, you always want +# to see the fingerprint: +keyid-format 0xlong +fingerprint + +# when multiple digests are supported by all recipients, choose the +# strongest one: +personal-digest-preferences SHA512 SHA384 SHA256 SHA224 + +# If you use a graphical environment (and even if you don't) +# you should be using an agent: (similar arguments as +# https://www.debian-administration.org/users/dkg/weblog/64) +use-agent + +# You should always know at a glance which User IDs gpg thinks are +# legitimately bound to the keys in your keyring: +verify-options show-uid-validity +list-options show-uid-validity + +# include an unambiguous indicator of which key made a signature: (see +# http://thread.gmane.org/gmane.mail.notmuch.general/3721/focus=7234) +sig-notation issuer-fpr@notations.openpgp.fifthhorseman.net=%g diff --git a/libre/pacman/refresh-pacman-keys b/libre/pacman/refresh-pacman-keys new file mode 100644 index 000000000..e96dc34e5 --- /dev/null +++ b/libre/pacman/refresh-pacman-keys @@ -0,0 +1,3 @@ +#!/bin/bash + +pacman-key --refresh-keys diff --git a/libre/pacman/sks-keyservers.netCA.pem b/libre/pacman/sks-keyservers.netCA.pem new file mode 100644 index 000000000..24a2ad2e8 --- /dev/null +++ b/libre/pacman/sks-keyservers.netCA.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFizCCA3OgAwIBAgIJAK9zyLTPn4CPMA0GCSqGSIb3DQEBBQUAMFwxCzAJBgNV +BAYTAk5PMQ0wCwYDVQQIDARPc2xvMR4wHAYDVQQKDBVza3Mta2V5c2VydmVycy5u +ZXQgQ0ExHjAcBgNVBAMMFXNrcy1rZXlzZXJ2ZXJzLm5ldCBDQTAeFw0xMjEwMDkw +MDMzMzdaFw0yMjEwMDcwMDMzMzdaMFwxCzAJBgNVBAYTAk5PMQ0wCwYDVQQIDARP +c2xvMR4wHAYDVQQKDBVza3Mta2V5c2VydmVycy5uZXQgQ0ExHjAcBgNVBAMMFXNr +cy1rZXlzZXJ2ZXJzLm5ldCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBANdsWy4PXWNUCkS3L//nrd0GqN3dVwoBGZ6w94Tw2jPDPifegwxQozFXkG6I +6A4TK1CJLXPvfz0UP0aBYyPmTNadDinaB9T4jIwd4rnxl+59GiEmqkN3IfPsv5Jj +MkKUmJnvOT0DEVlEaO1UZIwx5WpfprB3mR81/qm4XkAgmYrmgnLXd/pJDAMk7y1F +45b5zWofiD5l677lplcIPRbFhpJ6kDTODXh/XEdtF71EAeaOdEGOvyGDmCO0GWqS +FDkMMPTlieLA/0rgFTcz4xwUYj/cD5e0ZBuSkYsYFAU3hd1cGfBue0cPZaQH2HYx +Qk4zXD8S3F4690fRhr+tki5gyG6JDR67aKp3BIGLqm7f45WkX1hYp+YXywmEziM4 +aSbGYhx8hoFGfq9UcfPEvp2aoc8u5sdqjDslhyUzM1v3m3ZGbhwEOnVjljY6JJLx +MxagxnZZSAY424ZZ3t71E/Mn27dm2w+xFRuoy8JEjv1d+BT3eChM5KaNwrj0IO/y +u8kFIgWYA1vZ/15qMT+tyJTfyrNVV/7Df7TNeWyNqjJ5rBmt0M6NpHG7CrUSkBy9 +p8JhimgjP5r0FlEkgg+lyD+V79H98gQfVgP3pbJICz0SpBQf2F/2tyS4rLm+49rP +fcOajiXEuyhpcmzgusAj/1FjrtlynH1r9mnNaX4e+rLWzvU5AgMBAAGjUDBOMB0G +A1UdDgQWBBTkwyoJFGfYTVISTpM8E+igjdq28zAfBgNVHSMEGDAWgBTkwyoJFGfY +TVISTpM8E+igjdq28zAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4ICAQAR +OXnYwu3g1ZjHyley3fZI5aLPsaE17cOImVTehC8DcIphm2HOMR/hYTTL+V0G4P+u +gH+6xeRLKSHMHZTtSBIa6GDL03434y9CBuwGvAFCMU2GV8w92/Z7apkAhdLToZA/ +X/iWP2jeaVJhxgEcH8uPrnSlqoPBcKC9PrgUzQYfSZJkLmB+3jEa3HKruy1abJP5 +gAdQvwvcPpvYRnIzUc9fZODsVmlHVFBCl2dlu/iHh2h4GmL4Da2rRkUMlbVTdioB +UYIvMycdOkpH5wJftzw7cpjsudGas0PARDXCFfGyKhwBRFY7Xp7lbjtU5Rz0Gc04 +lPrhDf0pFE98Aw4jJRpFeWMjpXUEaG1cq7D641RpgcMfPFvOHY47rvDTS7XJOaUT +BwRjmDt896s6vMDcaG/uXJbQjuzmmx3W2Idyh3s5SI0GTHb0IwMKYb4eBUIpQOnB +cE77VnCYqKvN1NVYAqhWjXbY7XasZvszCRcOG+W3FqNaHOK/n/0ueb0uijdLan+U +f4p1bjbAox8eAOQS/8a3bzkJzdyBNUKGx1BIK2IBL9bn/HravSDOiNRSnZ/R3l9G +ZauX0tu7IIDlRCILXSyeazu0aj/vdT3YFQXPcvt5Fkf5wiNTo53f72/jYEJd6qph +WrpoKqrwGwTpRUCMhYIUt65hsTxCiJJ5nKe39h46sg== +-----END CERTIFICATE----- -- cgit v1.2.3-2-g168b From 5a53dfa50322787f5a4d8af16743c83cab48f0fa Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Wed, 4 Jun 2014 13:33:56 -0400 Subject: add java/byaccj --- java/byaccj/PKGBUILD | 36 ++++++++++++++++++++++++++++++++++++ java/byaccj/ldflags.patch | 12 ++++++++++++ 2 files changed, 48 insertions(+) create mode 100644 java/byaccj/PKGBUILD create mode 100644 java/byaccj/ldflags.patch diff --git a/java/byaccj/PKGBUILD b/java/byaccj/PKGBUILD new file mode 100644 index 000000000..6ae2317fd --- /dev/null +++ b/java/byaccj/PKGBUILD @@ -0,0 +1,36 @@ +# Maintainer: Luke Shumaker +# Maintainer (AUR): + +pkgname=byaccj +pkgver=1.15 +pkgdesc="Berkeley yacc with Java output" +url="http://byaccj.sourceforge.net/" +license=('custom:Public Domain') + +pkgrel=1 +arch=('i686' 'x86_64') +source=(http://downloads.sourceforge.net/project/byaccj/${pkgname}/${pkgver}/${pkgname}${pkgver}_src.tar.gz + http://metadata.ftp-master.debian.org/changelogs/main/b/byacc-j/byacc-j_${pkgver}-1_copyright + ldflags.patch) +md5sums=('5ee9959af35f245ac2c4355f85fdf351' + 'cc9e2ed821e7f2e5ef8f2be0fdc97b46' + '76fd678b41d614497cf77c6dba5de63e') + +prepare() { + cd "$srcdir"/$pkgname$pkgver + patch -Np1 -i ../ldflags.patch +} + +build() { + cd "$srcdir"/$pkgname$pkgver + make -C src linux CFLAGS="$CFLAGS" LDFLAGS="$LDFLAGS" +} + +package() { + cd "$srcdir"/$pkgname$pkgver + install -Dm755 src/yacc.linux "$pkgdir"/usr/bin/byaccj + install -Dm644 src/yacc.1 "$pkgdir"/usr/share/man/man1/byaccj.1 + install -d "$pkgdir"/usr/share/doc/$pkgname + install -m644 docs/* -t "$pkgdir"/usr/share/doc/$pkgname + install -Dm644 ../byacc-j_$pkgver-1_copyright "$pkgdir"/usr/share/licenses/$pkgname/copyright +} diff --git a/java/byaccj/ldflags.patch b/java/byaccj/ldflags.patch new file mode 100644 index 000000000..81574d011 --- /dev/null +++ b/java/byaccj/ldflags.patch @@ -0,0 +1,12 @@ +diff -ru byaccj1.15.orig/src/Makefile byaccj1.15/src/Makefile +--- byaccj1.15.orig/src/Makefile 2014-06-04 11:10:43.711980001 -0400 ++++ byaccj1.15/src/Makefile 2014-06-04 11:13:00.635987894 -0400 +@@ -75,7 +75,7 @@ + $(CC) -c $(CFLAGS) $(INC) $< -o $@ + + yacc: $(OBJ) +- $(CC) -o yacc -arch i386 -isysroot /Developer/SDKs/MacOSX10.4u.sdk -mmacosx-version-min=10.4 $(OBJ) ++ $(CC) -o yacc $(LDFLAGS) $(OBJ) + @echo "done" + + clean: -- cgit v1.2.3-2-g168b From 7b57b2de011c92d119b2c0527cf1565a4e262d8d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicol=C3=A1s=20Reynolds?= Date: Wed, 4 Jun 2014 16:03:20 -0300 Subject: babeld: upgrade to 1.5 --- pcr/babeld/PKGBUILD | 49 +++++++++++++++++++++++++++++------------------ pcr/babeld/babeld.conf | 49 +++++++++++++++++++++++++++++++++++++++++++++++ pcr/babeld/babeld.service | 12 ++++++++++++ 3 files changed, 91 insertions(+), 19 deletions(-) create mode 100644 pcr/babeld/babeld.conf create mode 100644 pcr/babeld/babeld.service diff --git a/pcr/babeld/PKGBUILD b/pcr/babeld/PKGBUILD index 3b0dd994a..08a82fbb3 100644 --- a/pcr/babeld/PKGBUILD +++ b/pcr/babeld/PKGBUILD @@ -1,32 +1,43 @@ -# Maintainer (AUR): Yann Lopez -# Maintainer: fauno +# Maintainer: Baptiste Jonglez +# Contributor: Yann Lopez pkgname=babeld -pkgver=1.4.1 +pkgver=1.5.0 pkgrel=1 -pkgdesc="Loop-free distance-vector routing protocol" -arch=(i686 x86_64 mips64el) -url="http://www.pps.jussieu.fr/~jch/software/babel/" -license=('custom') -depends=(glibc) -source=(http://www.pps.jussieu.fr/~jch/software/files/$pkgname-$pkgver.tar.gz{,.asc}) -install=babeld.install +pkgdesc="A loop-avoiding distance-vector routing protocol" +arch=('i686' 'x86_64') +url="http://www.pps.univ-paris-diderot.fr/~jch/software/babel/" +license=('MIT') +depends=('glibc') +optdepends=('ahcpd: for autoconfiguration of addresses and other informations') +backup=('etc/babeld.conf') +source=("http://www.pps.univ-paris-diderot.fr/~jch/software/files/$pkgname-$pkgver.tar.gz" + "http://www.pps.univ-paris-diderot.fr/~jch/software/files/$pkgname-$pkgver.tar.gz.asc" + "babeld.conf" + "babeld.service") +md5sums=('ac884beb644792bdb79f0042755820ee' + 'SKIP' + 'e51d49295075e6137679f6c70ed45f97' + 'd6407e493f79aad1887394639ef5d50e') +sha1sums=('9a1c19a8934a4437fa48e3c410c3a262d2e11c9f' + 'SKIP' + '531cb04a793534a080885be0417db343239b8d51' + '864840cfafeeb3f29c0f91421bc210a8c1f4b245') +sha256sums=('faa473b3bf58b568b8bcc24028bc0deb4bb7596eb6bb007c388b1cadf20ff552' + 'SKIP' + '732ad2444013f3579bbfac2fd71934418f0c5298b0ca7365a44df2dbc7f858d5' + 'fde7554e0d8a200d99b0766bd0ce23cbd7d14593c43d96de158e2fa2c379c1c5') build() { cd "$srcdir/$pkgname-$pkgver" - sed -e "s,/man/,/share&,g" -i Makefile - - make PREFIX=/usr CFLAGS="$CFLAGS" + make PREFIX="/usr" } package() { cd "$srcdir/$pkgname-$pkgver" - make PREFIX=/usr TARGET=$pkgdir install - - gzip -f $pkgdir/usr/share/man/man8/$pkgname.8 + make PREFIX="/usr" TARGET="$pkgdir" install - install -Dm 644 LICENCE $pkgdir/usr/share/licenses/$pkgname/LICENCE + install -Dm644 ../babeld.conf "${pkgdir}"/etc/babeld.conf + install -Dm644 ../babeld.service "${pkgdir}"/usr/lib/systemd/system/babeld.service } -md5sums=('406bbd940e3a9019d832d20e277266f2' - 'SKIP') diff --git a/pcr/babeld/babeld.conf b/pcr/babeld/babeld.conf new file mode 100644 index 000000000..948671463 --- /dev/null +++ b/pcr/babeld/babeld.conf @@ -0,0 +1,49 @@ +# Configuration for babeld. See the man page babeld(8) for +# details on the configuration format. + +# You must provide at least one interface for babeld to operate on. +#interface eth0 +#interface wlan0 + +# Global options you might want to set. There are many more, see the man page. +#debug 1 +#local-port 33123 +#diversity true +#random-id true + +# Per-interface configuration. Note that each interface referenced here +# will be used by babeld. +#interface eth1 rxcost 10 +#interface tun0 faraway true +#interface wlan0 hello-interval 1 + +# Since 1.4.2, you can also specify defaults for interface parameters, which +# will be used for all interfaces except specified otherwise (see above). +#default rxcost 42 +#default hello-interval 5 + +# Since 1.5.0, you can use the RTT-based metric, most useful for a network +# with tunnels (overlay network). +#default enable-timestamps true +#interface tun0 max-rtt-penalty 150 +#interface tun0 rtt-max 100 + + +# Filtering rules. + +# Only accept routes included in a specific prefix. +#in ip 192.168.42.0/24 allow +#in ip 2001:db8:cafe:cafe::/64 allow +#in deny + +# Only redistribute addresses from a given prefix, to avoid redistributing +# all local addresses +#redistribute ip 192.168.1.0/24 local allow +#redistribute ip 2001:db8:cafe:cafe::/64 local allow +#redistribute local deny + +# Redistribute a default route obtained otherwise (here, through DHCP or +# configured statically). +# Note that babeld ignores kernel routes with proto 3 (boot) by default. +#redistribute proto 3 ip 0.0.0.0/0 eq 0 metric 50 +#redistribute proto 3 ip ::/0 eq 0 metric 50 diff --git a/pcr/babeld/babeld.service b/pcr/babeld/babeld.service new file mode 100644 index 000000000..bad1aff93 --- /dev/null +++ b/pcr/babeld/babeld.service @@ -0,0 +1,12 @@ +[Unit] +Description=Babel routing daemon +Documentation=man:babeld(8) http://www.pps.univ-paris-diderot.fr/~jch/software/babel/ +After=network.target + +[Service] +Type=forking +ExecStart=/usr/bin/babeld -D +PIDFile=/var/run/babeld.pid + +[Install] +WantedBy=multi-user.target -- cgit v1.2.3-2-g168b