--- /dev/null
+#!/bin/sh
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007, 2008 Michael Tremer & Christian Schmidt #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+#
+# Partly based on scripts by DJ Lucas - dj@linuxfromscratch.org
+#
+
+# Distro Information
+DISTRO="$(</etc/system-release)" # The distro name
+DISTRO_CONTACT="http://bugtracker.ipfire.org" # Bug report address
+
+# This sets default terminal options.
+# stty sane - this has been removed as nobody recalls
+# the reason for it in the first place - if no problems arize,
+# then it will be removed completely at a later date.
+
+# Setup default values for the environment
+umask 022
+
+# If we boot, we should only allow the
+# use tools that are available in /bin:/sbin
+if [ -n "${UPSTART_JOB}" ]; then
+ PATH="/bin:/sbin"
+fi
+
+# Find current screen size
+if [ -z "${COLUMNS}" ]; then
+ COLUMNS=$(stty size)
+ COLUMNS=${COLUMNS##* }
+fi
+
+# When using remote connections, such as a serial port, stty size returns 0
+if [ "${COLUMNS}" = "0" ]; then
+ COLUMNS=80
+fi
+
+## Measurements for positioning result messages
+COL=$((${COLUMNS} - 8))
+WCOL=$((${COL} - 2))
+
+# Set Cursur Position Commands, used via echo -e
+SET_COL="\\033[${COL}G" # at the $COL char
+SET_WCOL="\\033[${WCOL}G" # at the $WCOL char
+CURS_UP="\\033[1A\\033[0G" # Up one line, at the 0'th char
+
+# Normal colors
+CLR_NORM_BLK="\\033[0;30m" # black
+CLR_NORM_RED="\\033[0;31m" # red
+CLR_NORM_GRN="\\033[0;32m" # green
+CLR_NORM_YEL="\\033[0;33m" # yellow
+CLR_NORM_BLU="\\033[0;34m" # blue
+CLR_NORM_MAG="\\033[0;35m" # magenta
+CLR_NORM_CYN="\\033[0;36m" # cyan
+CLR_NORM_WHT="\\033[0;37m" # white
+CLR_NORM_GRY="\\033[0;39m" # grey
+
+# Emphased colors
+CLR_BOLD_BLK="\\033[1;30m" # black
+CLR_BOLD_RED="\\033[1;31m" # red
+CLR_BOLD_GRN="\\033[1;32m" # green
+CLR_BOLD_YEL="\\033[1;33m" # yellow
+CLR_BOLD_BLU="\\033[1;34m" # blue
+CLR_BOLD_MAG="\\033[1;35m" # magenta
+CLR_BOLD_CYN="\\033[1;36m" # cyan
+CLR_BOLD_WHT="\\033[1;37m" # white
+CLR_BOLD_GRY="\\033[1;39m" # grey
+
+# Background colors
+CLR_BACK_BLK="\\033[40m" # black
+CLR_BACK_RED="\\033[41m" # red
+CLR_BACK_GRN="\\033[42m" # green
+CLR_BACK_YEL="\\033[43m" # yellow
+CLR_BACK_BLU="\\033[44m" # blue
+CLR_BACK_MAG="\\033[45m" # magenta
+CLR_BACK_CYN="\\033[46m" # cyan
+CLR_BACK_WHT="\\033[47m" # white
+
+# Action colors
+BOLD=$CLR_BOLD_GRY
+DONE=$CLR_BOLD_GRN
+SKIP=$CLR_BOLD_BLU
+WARN=$CLR_BOLD_MAG
+FAIL=$CLR_BOLD_RED
+NORMAL=$CLR_NORM_GRY
+
+# Color hooks
+BRACKET_L="${CLR_BOLD_BLU}[${NORMAL}"
+BRACKET_R="${CLR_BOLD_BLU}]${NORMAL}"
+
+# Define custom colors used in messages printed to the screen
+BRACKET=${CLR_BOLD_BLU} # Blue
+FAILURE=${CLR_BOLD_RED} # Red
+INFO=${CLR_BOLD_CYN} # Cyan
+NORMAL=${CLR_NORM_GRY} # Grey
+SUCCESS=${CLR_BOLD_GRN} # Green
+WARNING=${CLR_BOLD_YEL} # Yellow
+
+# Prefix boot messages for easier reading on framebuffer consoles
+PREFIX_SUCCESS=" ${SUCCESS}*${NORMAL} "
+PREFIX_WARNING="${WARNING}**${NORMAL} "
+PREFIX_FAILURE="${FAILURE}***${NORMAL}"
+
+welcome_message="Welcome to ${INFO}${DISTRO}${NORMAL}"
+welcome_message_length=$((${#DISTRO} + 11))
+
+# Error message displayed when a script's exit value is not zero
+print_error_msg() {
+ # ${link} and ${error_value} are defined by the rc script
+ echo -e "${FAILURE}FAILURE: You should not be reading this error message."
+ echo -e ""
+ echo -e -n "${FAILURE}It means that an unforseen error took place in"
+ echo -e -n "${INFO} ${link}"
+ echo -e "${FAILURE},"
+ echo -e "${FAILURE}which exited with a return value of ${error_value}."
+ echo -e ""
+ echo -e -n "${FAILURE}If you are able to track this error down to a bug"
+ echo -e "${FAILURE}in one of the files"
+ echo -e -n "provided by ${INFO}${DISTRO}${FAILURE}, "
+ echo -e -n "${FAILURE}please be so kind to inform us at "
+ echo -e "${INFO}${DISTRO_CONTACT}${FAILURE}.${NORMAL}"
+ echo -e ""
+ echo -e "${INFO}Press Enter to continue..."
+ echo -e "${NORMAL}"
+ read ENTER
+}
+
+################################################################################
+# log_success_msg() #
+# Usage: log_success_msg [$MESSAGE | "message"] #
+# #
+# Purpose: Print a successful status message to the screen and optionally #
+# a boot log file. #
+# #
+# Inputs: accepts one string value, either a quoted string or optionally #
+# the value of $MESSAGE if set in the running environment. #
+# #
+# Return values: Not used #
+################################################################################
+log_success_msg() {
+ echo -n -e "${PREFIX_SUCCESS}${INDENT}${@}"
+ echo -e "${SET_COL}${BRACKET}[${SUCCESS} OK ${BRACKET}]${NORMAL}"
+}
+
+################################################################################
+# log_failure_msg() #
+# Usage: log_failure_msg [$MESSAGE | "message"] #
+# #
+# Purpose: Print a failure status message to the screen and optionally #
+# a boot log file. #
+# #
+# Inputs: accepts one string value, either a quoted string or optionally #
+# the value of $MESSAGE if set in the running environment. #
+# #
+# Return values: Not used #
+################################################################################
+log_failure_msg() {
+ echo -n -e "${PREFIX_FAILURE}${INDENT}${@}"
+ echo -e "${SET_COL}${BRACKET}[${FAILURE} FAIL ${BRACKET}]${NORMAL}"
+}
+
+################################################################################
+# log_warning_msg() #
+# Usage: log_warning_msg [$MESSAGE | "message"] #
+# #
+# Purpose: Print a warning status message to the screen and optionally #
+# a boot log file. #
+# #
+# Inputs: accepts one string value, either a quoted string or optionally #
+# the value of $MESSAGE if set in the running environment. #
+# #
+# Return values: Not used #
+################################################################################
+log_warning_msg() {
+ echo -n -e "${PREFIX_WARNING}${INDENT}${@}"
+ echo -e "${SET_COL}${BRACKET}[${WARNING} WARN ${BRACKET}]${NORMAL}"
+}
+
+############################## evaluate_retval() ###############################
+# evaluate_retval requires that you pass exactly one evaluation parameter of #
+# (start, stop, other) based on the previous action that is being evaluated. #
+# This function is intended for use with start_daemon and killproc to #
+# interpret the LSB exit codes properly, othewise the checks only for success #
+# or failure. #
+################################################################################
+evaluate_retval() {
+ local error_value="${?}"
+
+ # Handle LSB defined return values
+ case "${1}" in
+ start)
+ case "${error_value}" in
+ 0)
+ log_success_msg "Starting ${MESSAGE} "
+ return "${error_value}"
+ ;;
+ 2)
+ log_failure_msg "Starting ${MESSAGE} Error: Invalid argument!"
+ return "${error_value}"
+ ;;
+ 5)
+ log_failure_msg "Starting ${MESSAGE} Error: Not available!"
+ return "${error_value}"
+ ;;
+ *)
+ log_failure_msg "Starting ${MESSAGE} Error: General failure!"
+ return "${error_value}"
+ ;;
+ esac
+ ;;
+
+ stop)
+ case "${error_value}" in
+ 0)
+ log_success_msg "Stopping ${MESSAGE} "
+ return "${error_value}"
+ ;;
+ 2)
+ log_failure_msg "Stopping ${MESSAGE} Error: Invalid argument!"
+ return "${error_value}"
+ ;;
+ 5)
+ log_failure_msg "Stopping ${MESSAGE} Error: Not available!"
+ return "${error_value}"
+ ;;
+ 7)
+ log_warning_msg "Stopping ${MESSAGE} Warning: Not running!"
+ return "${error_value}"
+ ;;
+ *)
+ log_failure_msg "Stopping ${MESSAGE} Error: General failure!"
+ return "${error_value}"
+ ;;
+ esac
+ ;;
+
+ force-reload)
+ message="Forcefully reloading "
+ ;;
+
+ reload)
+ message="Reloading "
+ ;;
+
+ restart)
+ message="Restarting "
+ ;;
+
+ try-restart)
+ message="Trying restart "
+ ;;
+
+ standard)
+ # $message or $MESSAGE must be set, but not both in order
+ # to use the 'standard' target.
+ ;;
+ esac
+
+ # Print messages for the generic force-reload, reload, restart,
+ # and try-restart targets
+ if [ "${error_value}" = "0" ]; then
+ log_success_msg "${message}${MESSAGE} "
+ return "${error_value}"
+ else
+ log_failure_msg "${message}${MESSAGE} "
+ return "${error_value}"
+ fi
+}
--- /dev/null
+description "Check / filesystem"
+author "IPFire Team"
+
+start on stopped udevtrigger
+
+console output
+
+script
+ # If requested, do not check the filesystems
+ [ -f /fastboot ] && exit 0
+
+ set -e
+ . /etc/init/functions
+
+ mount -n -o remount,ro / >/dev/null
+ if [ ${?} != 0 ]; then
+ log_failure_msg "Mounting root file system in read-only mode"
+ echo -e "${FAILURE}FAILURE:\n"
+ echo -e -n "${FAILURE}Cannot check root filesystem because it "
+ echo -e "${FAILURE}could not be mounted"
+ echo -e "${FAILURE}in read-only mode.\n\n"
+ echo -e -n "${FAILURE}After you press Enter, this system will be "
+ echo -e "${FAILURE}halted and powered off.\n"
+ echo -e "${INFO}Press enter to continue...${NORMAL}"
+ read ENTER
+ ## XXX need to shutdown the system cleanly here
+ fi
+
+ # Force check if /forcefsck is found
+ if [ -f /forcefsck ]; then
+ options="-f"
+ else
+ options=""
+ fi
+
+ # Note: -a option used to be -p; but this fails e.g.
+ # on fsck.minix
+ fsck ${options} -a -A -C -T
+ error_value=${?}
+
+ if [ "${error_value}" = 1 ]; then
+ log_warning_msg "Checking file systems..."
+ echo -e "${WARNING}WARNING:\n"
+ echo -e "${WARNING}File system errors were found and have been"
+ echo -e "${WARNING}corrected. You may want to double-check that"
+ echo -e "${WARNING}everything was fixed properly.${NORMAL}"
+ elif [ "${error_value}" = 2 -o "${error_value}" = 3 ]; then
+ log_warning_msg "Checking file systems..."
+ echo -e "${WARNING}WARNING:\n"
+ echo -e "${WARNING}File system errors were found and have been been"
+ echo -e "${WARNING}corrected, but the nature of the errors require"
+ echo -e "${WARNING}this system to be rebooted.\n"
+ echo -e "After you press enter, this system will be rebooted.\n"
+ echo -e "${INFO}Press Enter to continue...${NORMAL}"
+ read ENTER
+ ## XXX need to reboot the system here
+ elif [ "${error_value}" -gt 3 -a "${error_value}" -lt 16 ]; then
+ log_failure_msg "Checking file systems..."
+ echo -e "${FAILURE}FAILURE:\n"
+ echo -e "${FAILURE}File system errors were encountered that could"
+ echo -e "${FAILURE}not be fixed automatically. This system cannot"
+ echo -e "${FAILURE}continue to boot and will therefore be halted"
+ echo -e "${FAILURE}until those errors are fixed manually by a"
+ echo -e "${FAILURE}System Administrator.\n"
+ echo -e "${FAILURE}After you press Enter, this system will be"
+ echo -e "${FAILURE}halted and powered off.\n"
+ echo -e "${INFO}Press Enter to continue...${NORMAL}"
+ read ENTER
+ ## XXX need to shutdown the system here
+ elif [ "${error_value}" -ge 16 ]; then
+ log_failure_msg "Checking file systems..."
+ echo -e "${FAILURE}FAILURE:\n"
+ echo -e "${FAILURE}Unexpected Failure running fsck. Exited with error"
+ echo -e "${FAILURE}code: ${error_value}.${NORMAL}"
+ exit ${error_value}
+ fi
+end script
--- /dev/null
+description "Cleaning / filesystem"
+author "IPFire Team"
+
+start on stopping mountfs
+
+pre-start script
+ rm -rf /tmp/* /var/{lock,run}/*
+end script
--- /dev/null
+description "Control-Alt-Delete / Handling"
+author "IPFire Team"
+
+start on control-alt-delete
+
+exec initctl emit --no-wait reboot
--- /dev/null
+description "Trigger coldplug events"
+author "IPFire Team"
+
+start on stopped mount-kernel-filesystems
+
+script
+ # Exit if there's no modules file or there are no
+ # valid entries
+ [ -r /etc/sysconfig/modules ] &&
+ egrep -qv '^($|#)' /etc/sysconfig/modules ||
+ exit 0
+
+ # If proc is mounted, find the current kernel
+ # message level
+ if [ -f /proc/sys/kernel/printk ]; then
+ prev_msg=`cat /proc/sys/kernel/printk | \
+ sed 'l 1' | sed -n '2~0p' | \
+ sed 's/\\\//'`
+ else
+ prev_msg="6"
+ fi
+
+ # Now set the message level to 1 so not to make too
+ # much noise when loading modules
+ dmesg -n 1
+
+ # Only try to load modules if the user has actually given us
+ # some modules to load.
+ if egrep -qv '^(#|$)' /etc/sysconfig/modules 2>/dev/null; then
+ # Read in the configuration file.
+ exec 9>&0 < /etc/sysconfig/modules
+
+ while read module args; do
+ # Ignore comments and blank lines.
+ case "${module}" in
+ ""|\#*) continue ;;
+ esac
+
+ # Attempt to load the module, making
+ # sure to pass any arguments provided.
+ modprobe ${module} ${args} > /dev/null
+ done
+
+ exec 0>&9 9>&-
+
+ fi
+ # Set the kernel message level back to it's previous value.
+ dmesg -n "${prev_msg}"
+end script
--- /dev/null
+description "Bringing up the local network"
+author "IPFire Team"
+
+start on started udev
+
+script
+ [ -e "/etc/sysconfig/network" ] && \
+ . /etc/sysconfig/network
+
+ ip addr add 127.0.0.1/8 label lo dev lo
+ ip link set lo up
+
+ if [ -n "${HOSTNAME}" ]; then
+ hostname "${HOSTNAME}"
+ fi
+end script
--- /dev/null
+description "Mount kernel virtual systems"
+author "IPFire Team"
+
+start on stopped welcome
+
+script
+ if ! mountpoint /proc > /dev/null; then
+ mount -n /proc || failed=1
+ fi
+
+ if ! mountpoint /sys > /dev/null; then
+ mount -n /sys || failed=1
+ fi
+
+ exit ${failed}
+end script
--- /dev/null
+description "Mount / filesystem"
+author "IPFire Team"
+
+start on stopped checkfs
+
+console output
+
+script
+ mount -n -o remount,rw / >/dev/null
+
+ # Remove fsck-related file system watermarks.
+ rm -f /fastboot /forcefsck
+
+ > /etc/mtab
+ mount -f /
+ mount -f /proc
+ mount -f /sys
+
+ # This will mount all filesystems that do not have _netdev in
+ # their option list. _netdev denotes a network filesystem.
+ mount -a -O no_netdev >/dev/null
+end script
--- /dev/null
+description "Start a tty"
+author "IPFire Team"
+
+# Automatically start a configured serial console
+#
+# How this works:
+#
+# On boot, a udev helper examines /dev/console. If a serial console is the
+# primary console (last console on the commandline in grub), the event
+# 'serial-console-available <port name> <speed>' is emitted, which
+# triggers this script.
+#
+# If your serial console is not the primary console, or you want a getty
+# on serial even if it's not the console, create your own event by copying
+# /etc/init/tty[2-6], and changing the getty line in that file.
+
+start on serial-console-available *
+stop on starting shutdown or starting reboot
+
+pre-start script
+ /sbin/securetty $DEV
+end script
+
+exec /sbin/agetty $DEV $SPEED vt100-nav
--- /dev/null
+description "Shutdown or reboot the system"
+author "IPFire Team"
+
+start on shutdown or reboot
+
+console output
+
+script
+ # Exterminate any lil' process that managed to evade my merciless
+ # terminating.
+ killall5 -15 || true
+ sleep 5
+ killall5 -9 || true
+
+ mount -n -o remount,ro / || true
+
+ # The UPSTART_EVENTS variable contains the event that has been called.
+ # The script use it to perform the requested action.
+ if [ "${UPSTART_EVENTS}" = "reboot" ]; then
+ reboot -pf
+ else
+ halt -pf
+ fi
+end script
--- /dev/null
+description "Activating swap partitions"
+author "IPFire Team"
+
+start on stopped checkfs
+
+exec /sbin/swapon -a
--- /dev/null
+description "Set sysctl settings"
+author "IPFire Team"
+
+start on stopped mount-kernel-filesystems
+
+script
+ if [ -f "/etc/sysctl.conf" ]; then
+ sysctl -q -p
+ fi
+ if [ -d "/proc/sys/kernel/grsecurity" -a \
+ -f "/etc/grsec/sysctl.conf" ]; then
+ sysctl -q -p /etc/grsec/sysctl.conf
+ fi
+end script
--- /dev/null
+description "Start a tty"
+author "IPFire Team"
+
+start on stopped mountfs
+stop on starting shutdown
+
+respawn
+exec /sbin/agetty 9600 tty1
--- /dev/null
+description "Start a tty"
+author "IPFire Team"
+
+start on stopped mountfs
+stop on starting shutdown
+
+respawn
+exec /sbin/agetty 9600 tty2
--- /dev/null
+description "Start a tty"
+author "IPFire Team"
+
+start on stopped mountfs
+stop on starting shutdown
+
+respawn
+exec /sbin/agetty 9600 tty3
--- /dev/null
+description "Start a tty"
+author "IPFire Team"
+
+start on stopped mountfs
+stop on starting shutdown
+
+respawn
+exec /sbin/agetty 9600 tty4
--- /dev/null
+description "Start Udev Daemon"
+author "IPFire Team"
+
+start on stopped mount-kernel-filesystems
+stop on starting shutdown
+
+emits block-device-added block-device-removed
+emits network-device-added network-device-removed
+
+console output
+
+pre-start script
+ # Mount a temporary file system over /dev, so that any devices
+ # made or removed during this boot don't affect the next one.
+ # The reason we don't write to mtab is because we don't ever
+ # want /dev to be unavailable (such as by `umount -a').
+ mount -n -t tmpfs tmpfs /dev -o mode=755
+
+ # Udev handles uevents itself, so we don't need to have
+ # the kernel call out to any binary in response to them
+ echo > /proc/sys/kernel/hotplug
+
+ # Copy static device nodes to /dev
+ cp -a /lib/udev/devices/* /dev
+end script
+
+exec /sbin/udevd
+respawn
--- /dev/null
+description "Trigger udev events"
+author "IPFire Team"
+
+start on started udev
+
+console output
+
+script
+ # Now traverse /sys in order to "coldplug" devices that have
+ # already been discovered
+ udevadm trigger
+
+ # Now wait for udevd to process the uevents we triggered
+ udevadm settle --timeout=5 || true
+end script
--- /dev/null
+description "Display a welcome message to the user"
+author "IPFire Team"
+
+start on startup
+
+console output
+
+script
+ . /etc/init/functions
+
+ # dcol are spaces before the message to center the
+ # message on screen.
+ dcol=$(( $(( ${COLUMNS} - ${welcome_message_length} )) / 2 ))
+ echo -e "\\033[${dcol}G${welcome_message}"
+
+ system_message=$(uname -r)
+ system_message_length=${#system_message}
+ system_message="Running on Linux ${FAILURE}${system_message}${NORMAL}"
+ system_message_length=$((17 + ${system_message_length}))
+ dcol=$(( $(( ${COLUMNS} - ${system_message_length} )) / 2 ))
+ echo -e "\\033[${dcol}G${system_message}"
+
+ echo ""
+end script
--- /dev/null
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007, 2008 Michael Tremer & Christian Schmidt #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include $(PKGROOT)/Include
+
+PKG_NAME = initscripts
+PKG_VER = $(DISTRO_VER)
+PKG_REL = 0
+
+PKG_MAINTAINER =
+PKG_GROUP = System/Boot
+PKG_URL =
+PKG_LICENSE = GPLv3+
+PKG_SUMMARY = The set of scripts that initalize the system.
+
+PKG_DEPS += coreutils e2fsprogs module-init-tools procps sysvinit \
+ system-release upstart util-linux-ng
+
+define PKG_DESCRIPTION
+ The initscripts package contains the basic system scripts used to boot \
+ your system and shut the system down cleanly.
+endef
+
+DIR_APP = $(DIR_SOURCE)
+
+define STAGE_PREPARE_CMDS
+ cd $(DIR_APP)/src && make clean
+endef
+
+define STAGE_BUILD
+ cd $(DIR_APP)/src && make $(PARALLELISMFLAGS)
+endef
+
+define STAGE_INSTALL
+ cd $(DIR_APP)/src && make install clean DESTDIR=$(BUILDROOT)
+
+ -mkdir -pv $(BUILDROOT)/etc/{init,sysconfig}
+
+ cp -vf $(DIR_SOURCE)/functions $(BUILDROOT)/etc/init/
+
+ for i in $(DIR_SOURCE)/sysconfig/*; do \
+ install -v -m 644 $$i $(BUILDROOT)/etc/sysconfig/; \
+ done
+ chmod -v 755 $(BUILDROOT)/etc/sysconfig/rc.local
+
+ cp -vf $(DIR_SOURCE)/sysctl.conf $(BUILDROOT)/etc
+endef
--- /dev/null
+
+PROGS = console_check securetty
+
+CFLAGS += -D_GNU_SOURCE
+
+all: $(PROGS)
+
+clean:
+ rm -vf $(PROGS) *.o
+
+install:
+ -mkdir -pv $(DESTDIR)/lib/udev $(DESTDIR)/sbin
+ install -v -m 755 console_check $(DESTDIR)/lib/udev/
+ install -v -m 755 securetty $(DESTDIR)/sbin
+
+
+console_check: console_check.o
+ $(CC) $(LDFLAGS) -o $@ $<
+
+securetty: securetty.o
+ $(CC) $(LDFLAGS) -o $@ $<
--- /dev/null
+
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <termios.h>
+#include <unistd.h>
+
+#include <sys/ioctl.h>
+
+#include <linux/serial.h>
+#include <linux/serial_core.h>
+
+struct speeds
+{
+ speed_t speed;
+ unsigned long value;
+};
+
+struct speeds speed_map[] =
+{
+ {B50, 50},
+ {B75, 75},
+ {B110, 110},
+ {B134, 134},
+ {B150, 150},
+ {B200, 200},
+ {B300, 300},
+ {B600, 600},
+ {B1200, 1200},
+ {B1800, 1800},
+ {B2400, 2400},
+ {B4800, 4800},
+ {B9600, 9600},
+ {B19200, 19200},
+ {B38400, 38400},
+#ifdef B57600
+ {B57600, 57600},
+#endif
+#ifdef B115200
+ {B115200, 115200},
+#endif
+#ifdef B230400
+ {B230400, 230400},
+#endif
+#ifdef B460800
+ {B460800, 460800},
+#endif
+ {0, 0}
+};
+
+int termcmp(struct termios *a, struct termios *b) {
+ if (a->c_iflag != b->c_iflag || a->c_oflag != b->c_oflag ||
+ a->c_cflag != b->c_cflag || a->c_lflag != b->c_lflag ||
+ cfgetispeed(a) != cfgetispeed(b) || cfgetospeed(a) != cfgetospeed(b))
+ return 1;
+ return memcmp(a->c_cc, b->c_cc, sizeof(a->c_cc));
+}
+
+int get_serial_speed(int fd) {
+ struct termios mode;
+
+ if (!tcgetattr(fd, &mode)) {
+ int i;
+ speed_t speed;
+
+ speed = cfgetospeed(&mode);
+ for (i = 0; speed_map[i].value != 0; i++)
+ if (speed_map[i].speed == speed)
+ return speed_map[i].value;
+ }
+ return 0;
+}
+
+int compare_termios_to_console(char *dev, int *speed) {
+ struct termios cmode, mode;
+ int fd, cfd;
+
+ cfd = open ("/dev/console", O_RDONLY);
+ tcgetattr(cfd, &cmode);
+ close(cfd);
+
+ fd = open(dev, O_RDONLY|O_NONBLOCK);
+ tcgetattr(fd, &mode);
+
+ if (!termcmp(&cmode, &mode)) {
+ *speed = get_serial_speed(fd);
+ close(fd);
+ return 1;
+ }
+ close(fd);
+ return 0;
+}
+
+char *serial_tty_name(int type) {
+ switch (type) {
+ case PORT_8250...PORT_MAX_8250:
+ return "ttyS";
+ case PORT_PMAC_ZILOG:
+ return "ttyPZ";
+ case PORT_MPSC:
+ return "ttyMM";
+ case PORT_CPM:
+ return "ttyCPM";
+ case PORT_MPC52xx:
+ return "ttyPSC";
+ default:
+ return NULL;
+ }
+}
+
+char *check_serial_console(int *speed) {
+ int fd;
+ char *ret = NULL, *device;
+ char twelve = 12;
+ struct serial_struct si, si2;
+ char *tty_name;
+
+ memset(&si, 0, sizeof(si));
+ memset(&si2, 0, sizeof(si));
+
+ fd = open("/dev/console", O_RDWR);
+ if (ioctl (fd, TIOCLINUX, &twelve) >= 0)
+ goto out;
+
+ if (ioctl(fd, TIOCGSERIAL, &si) < 0)
+ goto out;
+ close(fd);
+
+ tty_name = serial_tty_name(si.type);
+ if (!tty_name)
+ goto out;
+
+ asprintf(&device, "%s%d", tty_name, si.line);
+ fd = open(device, O_RDWR|O_NONBLOCK);
+ if (fd == -1)
+ goto out;
+
+ if (ioctl(fd, TIOCGSERIAL, &si2) < 0)
+ goto out;
+
+ if (memcmp(&si,&si2, sizeof(si)))
+ goto out;
+
+ *speed = get_serial_speed(fd);
+ ret = device;
+out:
+ close(fd);
+ return ret;
+}
+
+int emit_console_event(char *dev, int speed) {
+ char *args[] = { "initctl", "emit", "--no-wait", "serial-console-available", NULL, NULL, NULL };
+
+ asprintf(&args[4],"DEV=%s", dev);
+ if (speed)
+ asprintf(&args[5],"SPEED=%d", speed);
+ execv("/sbin/initctl", args);
+ return 1;
+}
+
+int main(int argc, char **argv) {
+ char *device;
+ int speed;
+
+ if (argc < 2) {
+ printf("usage: console_check <device>\n");
+ exit(1);
+ }
+ chdir("/dev");
+ device = argv[1];
+ if (!strcmp(device, "console")) {
+ device = check_serial_console(&speed);
+ if (device)
+ return emit_console_event(device, speed);
+ } else if (compare_termios_to_console(device, &speed)) {
+ return emit_console_event(device, speed);
+ }
+ return 0;
+}
--- /dev/null
+
+#include <errno.h>
+#include <fcntl.h>
+#include <signal.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <syslog.h>
+#include <unistd.h>
+
+#include <sys/types.h>
+#include <sys/stat.h>
+
+void alarm_handler(int num) {
+ return;
+}
+
+int open_and_lock_securetty() {
+ int fd;
+ struct flock lock;
+ struct sigaction act, oldact;
+
+ lock.l_type = F_WRLCK;
+ lock.l_whence = SEEK_SET;
+ lock.l_start = 0;
+ lock.l_len = 0;
+
+ fd = open("/etc/securetty", O_RDWR);
+ if (fd == -1) {
+ syslog(LOG_ERR, "Couldn't open /etc/securetty: %s",strerror(errno));
+ return -1;
+ }
+ act.sa_handler = alarm_handler;
+ act.sa_flags = 0;
+ sigaction(SIGALRM, &act, &oldact);
+ alarm(2);
+ while (fcntl(fd, F_SETLKW, &lock) == -1) {
+ if (errno == EINTR) {
+ syslog(LOG_ERR, "Couldn't lock /etc/securetty: Timeout exceeded");
+ } else {
+ syslog(LOG_ERR, "Couldn't lock /etc/securetty: %s",strerror(errno));
+ }
+ return -1;
+ }
+ alarm(0);
+ sigaction(SIGALRM, &oldact, NULL);
+ return fd;
+}
+
+int rewrite_securetty(char *terminal) {
+ int fd;
+ char *buf, *pos;
+ struct stat sbuf;
+
+ fd = open_and_lock_securetty();
+ if (fd == -1)
+ return 1;
+ if (fstat(fd, &sbuf) == -1) {
+ close(fd);
+ syslog(LOG_ERR, "Couldn't stat /etc/securetty: %s",strerror(errno));
+ return 1;
+ }
+ buf = malloc(sbuf.st_size + 1);
+ if (read(fd, buf, sbuf.st_size) != sbuf.st_size) {
+ close(fd);
+ syslog(LOG_ERR, "Couldn't read /etc/securetty: %s",strerror(errno));
+ return 1;
+ }
+ if (!strncmp(buf,terminal,strlen(terminal)) && buf[strlen(terminal)] == '\n')
+ goto out_ok;
+ if ((pos = strstr(buf, terminal))) {
+ if (pos[strlen(terminal)] == '\n' && *(pos-1) == '\n')
+ goto out_ok;
+ }
+ if (lseek(fd, 0, SEEK_END) == -1) {
+ close(fd);
+ syslog(LOG_ERR, "Couldn't seek to end of /etc/securetty: %s",strerror(errno));
+ return 1;
+ }
+ write(fd, terminal, strlen(terminal));
+ write(fd, "\n", 1);
+out_ok:
+ close(fd);
+ return 0;
+}
+
+int main(int argc, char **argv) {
+ if (argc < 2 ) {
+ fprintf(stderr, "Usage: securetty <device>\n");
+ exit(1);
+ }
+ openlog("securetty", LOG_CONS, LOG_DAEMON);
+ return rewrite_securetty(argv[1]);
+}
--- /dev/null
+########################################################################
+# Begin /etc/sysconfig/createfiles
+#
+# Description : Createfiles script config file
+#
+# Authors :
+#
+# Version : 00.00
+#
+# Notes : The syntax of this file is as follows:
+# if type is equal to "file" or "dir"
+# <filename> <type> <permissions> <user> <group>
+# if type is equal to "dev"
+# <filename> <type> <permissions> <user> <group> <devtype> <major> <minor>
+#
+# <filename> is the name of the file which is to be created
+# <type> is either file, dir, or dev.
+# file creates a new file
+# dir creates a new directory
+# dev creates a new device
+# <devtype> is either block, char or pipe
+# block creates a block device
+# char creates a character deivce
+# pipe creates a pipe, this will ignore the <major> and <minor> fields
+# <major> and <minor> are the major and minor numbers used for the device.
+########################################################################
+
+# End /etc/sysconfig/createfiles
--- /dev/null
+########################################################################
+# Begin /etc/sysconfig/modules
+#
+# Description : Module auto-loading configuration
+#
+# Authors :
+#
+# Version : 00.00
+#
+# Notes : The syntax of this file is as follows:
+# <module> [<arg1> <arg2> ...]
+#
+# Each module should be on it's own line, and any options that you want
+# passed to the module should follow it. The line deliminator is either
+# a space or a tab.
+########################################################################
+
+# For dialin with pppd
+ppp_generic
+
+# End /etc/sysconfig/modules
--- /dev/null
+HOSTNAME=ipfire.localdomain
--- /dev/null
+# Begin /etc/sysconfig/rc
+
+# Author: DJ Lucas - dj@linuxfromscratch.org
+# Version: 1.0 LSB V.3.1
+
+# Global variable inherited by initscripts are in caps
+# Local variables for the rc script are in lowercase
+
+# Source site specific rc configuration
+. /etc/sysconfig/rc.site
+
+# This sets default terminal options.
+# stty sane - this has been removed as nobody recalls
+# the reason for it in the first place - if no problems arize,
+# then it will be removed completely at a later date.
+
+# Setup default values for the environment
+umask 022
+PATH="/bin:/sbin"
+
+# Find current screen size
+if [ -z "${COLUMNS}" ]; then
+ COLUMNS=$(stty size)
+ COLUMNS=${COLUMNS##* }
+fi
+
+# When using remote connections, such as a serial port, stty size returns 0
+if [ "${COLUMNS}" = "0" ]; then
+ COLUMNS=80
+fi
+
+## Measurements for positioning result messages
+COL=$((${COLUMNS} - 8))
+WCOL=$((${COL} - 2))
+
+# Set Cursur Position Commands, used via echo -e
+SET_COL="\\033[${COL}G" # at the $COL char
+SET_WCOL="\\033[${WCOL}G" # at the $WCOL char
+CURS_UP="\\033[1A\\033[0G" # Up one line, at the 0'th char
+
+# Bootlogging and interactive startup require a valid tempfs mount
+# if this mount is not present, disable them
+if [ "${TEMPFS_MOUNT}" = "" -o ! -d "${TEMPFS_MOUNT}" ]; then
+ TEMPFS_MOUNT=""
+ iprompt=""
+ BOOTLOG_ENAB=""
+fi
+
+# Export the environment variables so they are inherited by the scripts
+export PATH SET_COL SET_WCOL CURS_UP TEMPFS_MOUNT BOOTLOG_ENAB RUNLEVEL
+
+# End /etc/sysconfig/rc
--- /dev/null
+#!/bin/sh
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+# Used for private calls after boot #
+###############################################################################
+
+# power button shutdown
+if grep -q '^button' /proc/modules ; then
+ head -1 /proc/acpi/event | grep -q 'button/power PWRF' && init 0 &
+fi
--- /dev/null
+# Set base directory information
+RC_BASE="/etc"
+RC_FUNCTIONS="${RC_BASE}/init.d/ipfire-functions"
+
+# Location of network device scripts and config files
+NETWORK_SCRIPTS="/etc/init.d/networking"
+NETWORK_DEVICES="/etc/sysconfig/network-devices"
+
+# Directory to store boot process accounting information
+# Used for boot logging and interactive flag when rootfs
+# is not writable
+TEMPFS_MOUNT="${RC_BASE}/init.d/boottemp"
+
+# Bootlogging (requires a tempfs mount)
+BOOTLOG_ENAB="yes"
+
+# Distro Information
+DISTRO="$(cat /etc/system-release)" # The distro name
+DISTRO_CONTACT="http://bugtracker.ipfire.org" # Bug report address
+DISTRO_MINI="ipfire" # Short name used in filenames for distro config
+
+# Define custom colors used in messages printed to the screen
+BRACKET="\\033[1;34m" # Blue
+FAILURE="\\033[1;31m" # Red
+INFO="\\033[1;36m" # Cyan
+NORMAL="\\033[0;39m" # Grey
+SUCCESS="\\033[1;32m" # Green
+WARNING="\\033[1;33m" # Yellow
+
+# Prefix boot messages for easier reading on framebuffer consoles
+PREFIX_SUCCESS=" ${SUCCESS}*${NORMAL} "
+PREFIX_WARNING="${WARNING}**${NORMAL} "
+PREFIX_FAILURE="${FAILURE}***${NORMAL}"
+
+# Export varialbles so that they are inherited by the initscripts
+export RC_BASE RC_FUNCTIONS TEMPFS_MOUNT BOOTLOG_ENAB
+export NETWORK_DEVICES NETWORK_SCRIPTS
+export DISTRO DISTRO_CONTACT DISTRO_MINI
+export BRACKET FAILURE INFO NORMAL SUCCESS WARNING
+export PREFIX_SUCCESS PREFIX_WARNING PREFIX_FAILURE
+
+# Interactive startup
+iprompt="yes" # Wether to display the interactive boot promp
+itime="2" # The ammount of time (in seconds) to display the prompt
+dlen="$(( 11 + ${#DISTRO} ))" # The total length of the distro welcome string
+ilen="38" # The total length of the interactive message
+welcome_message="Welcome to ${INFO}${DISTRO}${NORMAL}"
+i_message="Press '${FAILURE}I${NORMAL}' to enter interactive startup"
+
+# Error message displayed when a script's exit value is not zero
+print_error_msg()
+{
+ # ${link} and ${error_value} are defined by the rc script
+ echo -e "${FAILURE}FAILURE: You should not be reading this error message."
+ echo -e ""
+ echo -e -n "${FAILURE}It means that an unforseen error took place in"
+ echo -e -n "${INFO} ${link}"
+ echo -e "${FAILURE},"
+ echo -e "${FAILURE}which exited with a return value of ${error_value}."
+ echo -e ""
+ echo -e -n "${FAILURE}If you are able to track this error down to a bug"
+ echo -e "${FAILURE}in one of the files"
+ echo -e -n "provided by ${INFO}${DISTRO}${FAILURE}, "
+ echo -e -n "${FAILURE}please be so kind to inform us at "
+ echo -e "${INFO}${DISTRO_CONTACT}${FAILURE}.${NORMAL}"
+ echo -e ""
+ echo -e "${INFO}Press Enter to continue..."
+ echo -e "${NORMAL}"
+ read ENTER
+}
+
--- /dev/null
+net.ipv4.ip_forward = 1
+net.ipv4.ip_dynaddr = 1
+net.ipv4.icmp_echo_ignore_broadcasts = 1
+net.ipv4.icmp_ignore_bogus_error_responses = 1
+
+net.ipv4.tcp_sack = 0
+net.ipv4.tcp_timestamps = 0
+net.ipv4.tcp_syncookies = 1
+net.ipv4.tcp_fin_timeout = 30
+net.ipv4.tcp_window_scaling = 0
+net.ipv4.tcp_syn_retries = 3
+net.ipv4.tcp_synack_retries = 3
+
+net.ipv4.conf.default.rp_filter = 0
+net.ipv4.conf.default.accept_redirects = 0
+net.ipv4.conf.default.accept_source_route = 0
+net.ipv4.conf.default.log_martians = 1
+
+net.ipv4.conf.all.rp_filter = 0
+net.ipv4.conf.all.accept_redirects = 0
+net.ipv4.conf.all.accept_source_route = 0
+net.ipv4.conf.all.log_martians = 1
+
+kernel.printk = 1 4 1 7
projects / ipfire-3.x.git / commitdiff
