mkdir -p './libpaper.d'
mkdir -p './monit/conf-available'
mkdir -p './mono/certstore'
-mkdir -p './mysql/mariadb.conf.d'
mkdir -p './network/interfaces.d'
mkdir -p './networkd-dispatcher/dormant.d'
mkdir -p './networkd-dispatcher/no-carrier.d'
mkdir -p './samba/tls'
mkdir -p './security/namespace.d'
mkdir -p './smartmontools/smartd_warning.d'
+mkdir -p './ssh/ssh_config.d'
+mkdir -p './ssh/sshd_config.d'
mkdir -p './systemd/system/systemd-networkd.service.d'
mkdir -p './systemd/user'
mkdir -p './udev/hwdb.d'
+mkdir -p './ufw/applications.d/apache2'
mkdir -p './update-notifier'
mkdir -p './usb_modeswitch.d'
maybe chmod 0755 '.'
maybe chmod 0644 'ImageMagick-6/type-apple.xml'
maybe chmod 0644 'ImageMagick-6/type-dejavu.xml'
maybe chmod 0644 'ImageMagick-6/type-ghostscript.xml'
+maybe chmod 0644 'ImageMagick-6/type-urw-base35.xml'
maybe chmod 0644 'ImageMagick-6/type-windows.xml'
maybe chmod 0644 'ImageMagick-6/type.xml'
maybe chmod 0755 'NetworkManager'
maybe chmod 0644 'apparmor.d/abstractions/dbus-strict'
maybe chmod 0644 'apparmor.d/abstractions/dconf'
maybe chmod 0644 'apparmor.d/abstractions/dovecot-common'
+maybe chmod 0644 'apparmor.d/abstractions/dri-common'
+maybe chmod 0644 'apparmor.d/abstractions/dri-enumerate'
maybe chmod 0644 'apparmor.d/abstractions/enchant'
maybe chmod 0644 'apparmor.d/abstractions/evince'
maybe chmod 0644 'apparmor.d/abstractions/fcitx'
maybe chmod 0644 'apparmor.d/abstractions/gnupg'
maybe chmod 0644 'apparmor.d/abstractions/ibus'
maybe chmod 0644 'apparmor.d/abstractions/kde'
+maybe chmod 0644 'apparmor.d/abstractions/kde-globals-write'
+maybe chmod 0644 'apparmor.d/abstractions/kde-icon-cache-write'
+maybe chmod 0644 'apparmor.d/abstractions/kde-language-write'
maybe chmod 0644 'apparmor.d/abstractions/kerberosclient'
maybe chmod 0644 'apparmor.d/abstractions/launchpad-integration'
maybe chmod 0644 'apparmor.d/abstractions/ldapclient'
maybe chmod 0644 'apparmor.d/abstractions/lightdm_chromium-browser'
maybe chmod 0644 'apparmor.d/abstractions/likewise'
maybe chmod 0644 'apparmor.d/abstractions/mdns'
+maybe chmod 0644 'apparmor.d/abstractions/mesa'
maybe chmod 0644 'apparmor.d/abstractions/mir'
maybe chmod 0644 'apparmor.d/abstractions/mozc'
maybe chmod 0644 'apparmor.d/abstractions/mysql'
maybe chmod 0644 'apparmor.d/abstractions/nameservice'
maybe chmod 0644 'apparmor.d/abstractions/nis'
maybe chmod 0644 'apparmor.d/abstractions/nvidia'
+maybe chmod 0644 'apparmor.d/abstractions/opencl'
+maybe chmod 0644 'apparmor.d/abstractions/opencl-common'
+maybe chmod 0644 'apparmor.d/abstractions/opencl-intel'
+maybe chmod 0644 'apparmor.d/abstractions/opencl-mesa'
+maybe chmod 0644 'apparmor.d/abstractions/opencl-nvidia'
+maybe chmod 0644 'apparmor.d/abstractions/opencl-pocl'
maybe chmod 0644 'apparmor.d/abstractions/openssl'
maybe chmod 0644 'apparmor.d/abstractions/orbit2'
maybe chmod 0644 'apparmor.d/abstractions/p11-kit'
maybe chmod 0644 'apparmor.d/abstractions/private-files'
maybe chmod 0644 'apparmor.d/abstractions/private-files-strict'
maybe chmod 0644 'apparmor.d/abstractions/python'
+maybe chmod 0644 'apparmor.d/abstractions/qt5'
+maybe chmod 0644 'apparmor.d/abstractions/qt5-compose-cache-write'
+maybe chmod 0644 'apparmor.d/abstractions/qt5-settings-write'
+maybe chmod 0644 'apparmor.d/abstractions/recent-documents-write'
maybe chmod 0644 'apparmor.d/abstractions/ruby'
maybe chmod 0644 'apparmor.d/abstractions/samba'
maybe chmod 0644 'apparmor.d/abstractions/smbpass'
maybe chmod 0644 'apparmor.d/abstractions/user-tmp'
maybe chmod 0644 'apparmor.d/abstractions/user-write'
maybe chmod 0644 'apparmor.d/abstractions/video'
+maybe chmod 0644 'apparmor.d/abstractions/vulkan'
maybe chmod 0644 'apparmor.d/abstractions/wayland'
maybe chmod 0644 'apparmor.d/abstractions/web-data'
maybe chmod 0644 'apparmor.d/abstractions/winbind'
maybe chmod 0644 'apparmor.d/lightdm-guest-session'
maybe chmod 0755 'apparmor.d/local'
maybe chmod 0644 'apparmor.d/local/README'
+maybe chmod 0644 'apparmor.d/local/lsb_release'
+maybe chmod 0644 'apparmor.d/local/nvidia_modprobe'
maybe chmod 0644 'apparmor.d/local/sbin.dhclient'
maybe chmod 0644 'apparmor.d/local/system_tor'
maybe chmod 0644 'apparmor.d/local/usr.bin.evince'
maybe chmod 0644 'apparmor.d/local/usr.sbin.ntpd'
maybe chmod 0644 'apparmor.d/local/usr.sbin.rsyslogd'
maybe chmod 0644 'apparmor.d/local/usr.sbin.tcpdump'
+maybe chmod 0644 'apparmor.d/lsb_release'
+maybe chmod 0644 'apparmor.d/nvidia_modprobe'
maybe chmod 0644 'apparmor.d/sbin.dhclient'
maybe chmod 0755 'apparmor.d/snap'
maybe chmod 0755 'apparmor.d/snap/abstractions'
maybe chmod 0644 'apparmor.d/tunables/multiarch.d/site.local'
maybe chmod 0644 'apparmor.d/tunables/ntpd'
maybe chmod 0644 'apparmor.d/tunables/securityfs'
+maybe chmod 0644 'apparmor.d/tunables/share'
+maybe chmod 0644 'apparmor.d/tunables/sys'
maybe chmod 0644 'apparmor.d/tunables/xdg-user-dirs'
maybe chmod 0755 'apparmor.d/tunables/xdg-user-dirs.d'
maybe chmod 0644 'apparmor.d/tunables/xdg-user-dirs.d/site.local'
maybe chmod 0755 'apt/auth.conf.d'
maybe chmod 0755 'apt/preferences.d'
maybe chmod 0644 'apt/preferences.d/fglrx.13.350.pref'
+maybe chmod 0644 'apt/preferences.d/nosnap.pref'
maybe chmod 0644 'apt/preferences.d/official-extra-repositories.pref'
maybe chmod 0644 'apt/preferences.d/official-package-repositories.pref'
maybe chmod 0664 'apt/sources.list'
maybe chmod 0644 'default/quota'
maybe chmod 0644 'default/rcS'
maybe chmod 0644 'default/redis-server'
+maybe chmod 0644 'default/rpcbind'
maybe chmod 0644 'default/rsync'
maybe chmod 0644 'default/rsyslog'
maybe chmod 0644 'default/saned'
maybe chmod 0644 'emacs/site-start.d/50dictionaries-common.el'
maybe chmod 0644 'emacs/site-start.el'
maybe chmod 0644 'environment'
+maybe chmod 0755 'environment.d'
+maybe chmod 0644 'environment.d/90atk-adaptor.conf'
+maybe chmod 0644 'environment.d/90qt-a11y.conf'
maybe chmod 0755 'esound'
maybe chmod 0644 'esound/esd.conf'
maybe chmod 0755 'etckeeper'
maybe chmod 0644 'etckeeper/update-ignore.d/README'
maybe chmod 0755 'etckeeper/vcs.d'
maybe chmod 0755 'etckeeper/vcs.d/50vcs-cmd'
+maybe chmod 0644 'ethertypes'
maybe chmod 0644 'exports'
maybe chmod 0755 'fail2ban'
maybe chmod 0755 'fail2ban/action.d'
maybe chmod 0644 'fail2ban/action.d/nftables-allports.conf'
maybe chmod 0644 'fail2ban/action.d/nftables-common.conf'
maybe chmod 0644 'fail2ban/action.d/nftables-multiport.conf'
+maybe chmod 0644 'fail2ban/action.d/nftables.conf'
maybe chmod 0644 'fail2ban/action.d/nginx-block-map.conf'
maybe chmod 0644 'fail2ban/action.d/npf.conf'
maybe chmod 0644 'fail2ban/action.d/nsupdate.conf'
maybe chmod 0644 'fail2ban/filter.d/apache-shellshock.conf'
maybe chmod 0644 'fail2ban/filter.d/assp.conf'
maybe chmod 0644 'fail2ban/filter.d/asterisk.conf'
+maybe chmod 0644 'fail2ban/filter.d/bitwarden.conf'
maybe chmod 0644 'fail2ban/filter.d/botsearch-common.conf'
+maybe chmod 0644 'fail2ban/filter.d/centreon.conf'
maybe chmod 0644 'fail2ban/filter.d/common.conf'
maybe chmod 0644 'fail2ban/filter.d/counter-strike.conf'
maybe chmod 0644 'fail2ban/filter.d/courier-auth.conf'
maybe chmod 0644 'fail2ban/filter.d/stunnel.conf'
maybe chmod 0644 'fail2ban/filter.d/suhosin.conf'
maybe chmod 0644 'fail2ban/filter.d/tine20.conf'
+maybe chmod 0644 'fail2ban/filter.d/traefik-auth.conf'
maybe chmod 0644 'fail2ban/filter.d/uwimap-auth.conf'
maybe chmod 0644 'fail2ban/filter.d/vsftpd.conf'
maybe chmod 0644 'fail2ban/filter.d/webmin-auth.conf'
maybe chmod 0644 'fail2ban/filter.d/wuftpd.conf'
maybe chmod 0644 'fail2ban/filter.d/xinetd-fail.conf'
+maybe chmod 0644 'fail2ban/filter.d/znc-adminlog.conf'
maybe chmod 0644 'fail2ban/filter.d/zoneminder.conf'
maybe chmod 0644 'fail2ban/jail.conf'
maybe chmod 0755 'fail2ban/jail.d'
maybe chmod 0644 'fonts/conf.avail/50-user.conf'
maybe chmod 0644 'fonts/conf.avail/51-local.conf'
maybe chmod 0644 'fonts/conf.avail/53-monospace-lcd-filter.conf'
+maybe chmod 0644 'fonts/conf.avail/56-language-selector-ar.conf'
maybe chmod 0644 'fonts/conf.avail/57-dejavu-sans-mono.conf'
maybe chmod 0644 'fonts/conf.avail/57-dejavu-sans.conf'
maybe chmod 0644 'fonts/conf.avail/57-dejavu-serif.conf'
maybe chown 'nagios' 'icinga2/icinga2.conf.orig'
maybe chgrp 'nagios' 'icinga2/icinga2.conf.orig'
maybe chmod 0640 'icinga2/icinga2.conf.orig'
+maybe chmod 0644 'icinga2/init.conf'
maybe chown 'nagios' 'icinga2/pki'
maybe chgrp 'nagios' 'icinga2/pki'
maybe chmod 0700 'icinga2/pki'
maybe chmod 0644 'insserv.conf'
maybe chmod 0755 'insserv.conf.d'
maybe chmod 0644 'insserv.conf.d/bind9'
+maybe chmod 0644 'insserv.conf.d/mariadb'
maybe chmod 0644 'insserv.conf.d/postfix'
maybe chmod 0644 'insserv.conf.d/rpcbind'
maybe chmod 0755 'insserv/overrides'
maybe chmod 0644 'letsencrypt/csr/3427_csr-certbot.pem'
maybe chmod 0644 'letsencrypt/csr/3428_csr-certbot.pem'
maybe chmod 0644 'letsencrypt/csr/3429_csr-certbot.pem'
+maybe chmod 0644 'letsencrypt/csr/3430_csr-certbot.pem'
+maybe chmod 0644 'letsencrypt/csr/3431_csr-certbot.pem'
maybe chmod 0700 'letsencrypt/keys'
maybe chmod 0600 'letsencrypt/keys/0000_key-certbot.pem'
maybe chmod 0600 'letsencrypt/keys/0001_key-certbot.pem'
maybe chmod 0600 'letsencrypt/keys/3428_key-certbot.pem'
maybe chmod 0600 'letsencrypt/keys/3429_key-certbot.pem'
maybe chmod 0600 'letsencrypt/keys/3430_key-certbot.pem'
+maybe chmod 0600 'letsencrypt/keys/3431_key-certbot.pem'
+maybe chmod 0600 'letsencrypt/keys/3432_key-certbot.pem'
maybe chmod 0755 'letsencrypt/live'
maybe chmod 0755 'letsencrypt/live/ccu.hoellein.online'
maybe chmod 0644 'letsencrypt/live/ccu.hoellein.online/README'
maybe chmod 0755 'logcheck'
maybe chmod 0755 'logcheck/ignore.d.paranoid'
maybe chmod 0644 'logcheck/ignore.d.paranoid/cracklib-runtime'
+maybe chmod 0644 'logcheck/ignore.d.paranoid/mariadb-server-10_1'
maybe chmod 0644 'logcheck/ignore.d.paranoid/mariadb-server-10_3'
maybe chmod 0644 'logcheck/ignore.d.paranoid/mysql-server-5_5'
maybe chmod 0644 'logcheck/ignore.d.paranoid/mysql-server-5_7'
maybe chmod 0644 'logcheck/ignore.d.server/hddtemp'
maybe chmod 0644 'logcheck/ignore.d.server/iodined'
maybe chmod 0644 'logcheck/ignore.d.server/libsasl2-modules'
+maybe chmod 0644 'logcheck/ignore.d.server/mariadb-server-10_1'
maybe chmod 0644 'logcheck/ignore.d.server/mariadb-server-10_3'
maybe chmod 0644 'logcheck/ignore.d.server/mysql-server-5_5'
maybe chmod 0644 'logcheck/ignore.d.server/mysql-server-5_7'
maybe chmod 0755 'logcheck/ignore.d.workstation'
maybe chmod 0644 'logcheck/ignore.d.workstation/autossh'
maybe chmod 0644 'logcheck/ignore.d.workstation/fetchmail'
+maybe chmod 0644 'logcheck/ignore.d.workstation/mariadb-server-10_1'
maybe chmod 0644 'logcheck/ignore.d.workstation/mariadb-server-10_3'
maybe chmod 0644 'logcheck/ignore.d.workstation/mysql-server-5_5'
maybe chmod 0644 'logcheck/ignore.d.workstation/mysql-server-5_7'
maybe chmod 0644 'logrotate.d/apt'
maybe chmod 0644 'logrotate.d/aptitude'
maybe chmod 0644 'logrotate.d/asterisk'
+maybe chmod 0644 'logrotate.d/btmp'
maybe chmod 0644 'logrotate.d/certbot'
maybe chmod 0644 'logrotate.d/consolekit'
maybe chmod 0644 'logrotate.d/cups-daemon'
maybe chmod 0644 'logrotate.d/unattended-upgrades'
maybe chmod 0644 'logrotate.d/unifi'
maybe chmod 0644 'logrotate.d/upstart'
+maybe chmod 0644 'logrotate.d/wtmp'
maybe chmod 0644 'logrotate.d/zoneminder'
maybe chmod 0755 'loolwsd'
maybe chmod 0644 'loolwsd/loolkitconfig.xcu'
maybe chmod 0644 'mysql/conf.d/mysqldump.cnf'
maybe chmod 0755 'mysql/debian-start'
maybe chmod 0600 'mysql/debian.cnf'
+maybe chmod 0600 'mysql/debian.cnf-10.3'
maybe chmod 0644 'mysql/mariadb.cnf'
maybe chmod 0755 'mysql/mariadb.conf.d'
+maybe chmod 0644 'mysql/mariadb.conf.d/50-client.cnf'
+maybe chmod 0644 'mysql/mariadb.conf.d/50-mysql-clients.cnf'
+maybe chmod 0644 'mysql/mariadb.conf.d/50-mysqld_safe.cnf'
+maybe chmod 0644 'mysql/mariadb.conf.d/50-server.cnf'
maybe chmod 0644 'mysql/my.cnf.bak'
maybe chmod 0644 'mysql/my.cnf.fallback'
maybe chmod 0644 'mysql/my.cnf.migrated'
maybe chmod 0644 'profile.d/bash_completion.sh'
maybe chmod 0644 'profile.d/cedilla-portuguese.sh'
maybe chmod 0644 'profile.d/flatpak.sh'
+maybe chmod 0644 'profile.d/im-config_wayland.sh'
maybe chmod 0644 'profile.d/input-method-config.sh'
maybe chmod 0644 'profile.d/ssh_mail.sh'
maybe chmod 0644 'profile.d/vte-2.91.sh'
maybe chmod 0644 'spamassassin/v340.pre'
maybe chmod 0644 'spamassassin/v341.pre'
maybe chmod 0644 'spamassassin/v342.pre'
+maybe chmod 0644 'spamassassin/v343.pre'
maybe chmod 0755 'speech-dispatcher'
maybe chmod 0755 'speech-dispatcher/clients'
maybe chmod 0644 'speech-dispatcher/clients/emacs.conf'
maybe chmod 0755 'speech-dispatcher/modules'
+maybe chmod 0644 'speech-dispatcher/modules/baratinoo.conf'
maybe chmod 0644 'speech-dispatcher/modules/cicero.conf'
maybe chmod 0644 'speech-dispatcher/modules/dtk-generic.conf'
maybe chmod 0644 'speech-dispatcher/modules/epos-generic.conf'
maybe chmod 0644 'speech-dispatcher/modules/espeak-generic.conf'
maybe chmod 0644 'speech-dispatcher/modules/espeak-mbrola-generic.conf'
+maybe chmod 0644 'speech-dispatcher/modules/espeak-ng-mbrola-generic.conf'
maybe chmod 0644 'speech-dispatcher/modules/espeak-ng.conf'
maybe chmod 0644 'speech-dispatcher/modules/espeak.conf'
maybe chmod 0644 'speech-dispatcher/modules/festival.conf'
maybe chmod 0644 'speech-dispatcher/modules/flite.conf'
maybe chmod 0644 'speech-dispatcher/modules/ibmtts.conf'
maybe chmod 0644 'speech-dispatcher/modules/ivona.conf'
+maybe chmod 0644 'speech-dispatcher/modules/kali.conf'
maybe chmod 0644 'speech-dispatcher/modules/llia_phon-generic.conf'
+maybe chmod 0644 'speech-dispatcher/modules/mary-generic.conf'
maybe chmod 0644 'speech-dispatcher/modules/pico-generic.conf'
maybe chmod 0644 'speech-dispatcher/modules/swift-generic.conf'
maybe chmod 0644 'speech-dispatcher/speechd.conf'
maybe chmod 0755 'ssh'
maybe chmod 0644 'ssh/moduli'
maybe chmod 0644 'ssh/ssh_config'
+maybe chmod 0755 'ssh/ssh_config.d'
maybe chmod 0600 'ssh/ssh_host_dsa_key'
maybe chmod 0644 'ssh/ssh_host_dsa_key.pub'
maybe chmod 0600 'ssh/ssh_host_ecdsa_key'
maybe chmod 0600 'ssh/ssh_host_rsa_key'
maybe chmod 0644 'ssh/ssh_host_rsa_key.pub'
maybe chmod 0644 'ssh/sshd_config'
+maybe chmod 0755 'ssh/sshd_config.d'
maybe chmod 0755 'ssl'
maybe chmod 0755 'ssl/certs'
maybe chmod 0644 'ssl/certs/UbuntuOne-Go_Daddy_CA.pem'
maybe chmod 0644 'systemd/logind.conf'
maybe chmod 0755 'systemd/network'
maybe chmod 0644 'systemd/network/wired.network'
+maybe chmod 0644 'systemd/networkd.conf'
+maybe chmod 0644 'systemd/pstore.conf'
maybe chmod 0644 'systemd/resolved.conf'
+maybe chmod 0644 'systemd/sleep.conf'
maybe chmod 0755 'systemd/system'
maybe chmod 0644 'systemd/system.conf'
maybe chmod 0755 'systemd/system.conf.d'
maybe chmod 0640 'ufw/after.rules'
maybe chmod 0640 'ufw/after6.rules'
maybe chmod 0755 'ufw/applications.d'
+maybe chmod 0755 'ufw/applications.d/apache2'
maybe chmod 0644 'ufw/applications.d/apache2-utils.ufw.profile'
maybe chmod 0644 'ufw/applications.d/bind9'
maybe chmod 0644 'ufw/applications.d/cups'
maybe chmod 0755 'wpa_supplicant/functions.sh'
maybe chmod 0755 'wpa_supplicant/ifupdown.sh'
maybe chmod 0755 'x2go'
+maybe chmod 0755 'x2go/Xsession'
+maybe chmod 0644 'x2go/Xsession.options'
maybe chmod 0644 'x2go/keystrokes.cfg'
maybe chmod 0755 'x2go/plugin-provider'
maybe chmod 0644 'x2go/plugin-provider/x2goplugin.html'
maybe chmod 0600 'x2go/x2gosql/passwords/mysqladmin'
maybe chmod 0600 'x2go/x2gosql/passwords/pgadmin'
maybe chmod 0644 'x2go/x2gosql/sql'
+maybe chmod 0644 'xattr.conf'
maybe chmod 0755 'xdg'
maybe chmod 0644 'xdg/Trolltech.conf'
maybe chmod 0755 'xdg/autostart'
maybe chmod 0644 'xdg/autostart/cinnamon-settings-daemon-xrandr.desktop'
maybe chmod 0644 'xdg/autostart/cinnamon-settings-daemon-xsettings.desktop'
maybe chmod 0644 'xdg/autostart/cinnamon-sound-applet.desktop'
+maybe chmod 0644 'xdg/autostart/geoclue-demo-agent.desktop'
maybe chmod 0644 'xdg/autostart/gnome-keyring-pkcs11.desktop'
maybe chmod 0644 'xdg/autostart/gnome-keyring-secrets.desktop'
maybe chmod 0644 'xdg/autostart/gnome-keyring-ssh.desktop'
maybe chmod 0644 'xdg/autostart/gnome-user-share-obexpush.desktop'
maybe chmod 0644 'xdg/autostart/gnome-user-share-webdav.desktop'
maybe chmod 0644 'xdg/autostart/gsettings-data-convert.desktop'
+maybe chmod 0644 'xdg/autostart/im-launch.desktop'
maybe chmod 0644 'xdg/autostart/mint-ctrl-alt-backspace.desktop'
maybe chmod 0644 'xdg/autostart/mintinstall-update-flatpak.desktop'
maybe chmod 0644 'xdg/autostart/mintreport.desktop'
maybe chmod 0644 'xdg/autostart/pulseaudio.desktop'
maybe chmod 0644 'xdg/autostart/user-dirs-update-gtk.desktop'
maybe chmod 0644 'xdg/autostart/vino-server.desktop'
+maybe chmod 0644 'xdg/autostart/xapp-sn-watcher.desktop'
maybe chmod 0644 'xdg/autostart/xdg-user-dirs.desktop'
maybe chmod 0644 'xdg/karchive.categories'
maybe chmod 0644 'xdg/kauth.categories'
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE typemap [
+ <!ELEMENT typemap (type)+>
+ <!ATTLIST typemap xmlns CDATA #FIXED ''>
+ <!ELEMENT type EMPTY>
+ <!ATTLIST type xmlns CDATA #FIXED '' encoding NMTOKEN #IMPLIED
+ family CDATA #REQUIRED format NMTOKEN #REQUIRED foundry NMTOKEN #REQUIRED
+ fullname CDATA #REQUIRED glyphs CDATA #REQUIRED metrics CDATA #REQUIRED
+ name NMTOKEN #REQUIRED stretch NMTOKEN #REQUIRED style NMTOKEN #REQUIRED
+ version CDATA #IMPLIED weight CDATA #REQUIRED>
+]>
+<!--
+ ImageMagick URW-base35 font configuration.
+-->
+<typemap>
+ <type name="AvantGarde-Book" fullname="AvantGarde Book" family="AvantGarde" foundry="URW" weight="400" style="normal" stretch="normal" format="type1" metrics="URWGothic-Book.afm" glyphs="URWGothic-Book.t1"/>
+ <type name="AvantGarde-BookOblique" fullname="AvantGarde Book Oblique" family="AvantGarde" foundry="URW" weight="400" style="oblique" stretch="normal" format="type1" metrics="URWGothic-BookOblique.afm" glyphs="URWGothic-BookOblique.t1"/>
+ <type name="AvantGarde-Demi" fullname="AvantGarde DemiBold" family="AvantGarde" foundry="URW" weight="600" style="normal" stretch="normal" format="type1" metrics="URWGothic-Demi.afm" glyphs="URWGothic-Demi.t1"/>
+ <type name="AvantGarde-DemiOblique" fullname="AvantGarde DemiOblique" family="AvantGarde" foundry="URW" weight="600" style="oblique" stretch="normal" format="type1" metrics="URWGothic-DemiOblique.afm" glyphs="URWGothic-DemiOblique.t1"/>
+ <type name="Bookman-Demi" fullname="Bookman DemiBold" family="Bookman" foundry="URW" weight="600" style="normal" stretch="normal" format="type1" metrics="URWBookman-Demi.afm" glyphs="URWBookman-Demi.t1"/>
+ <type name="Bookman-DemiItalic" fullname="Bookman DemiBold Italic" family="Bookman" foundry="URW" weight="600" style="italic" stretch="normal" format="type1" metrics="URWBookman-DemiItalic.afm" glyphs="URWBookman-DemiItalic.t1"/>
+ <type name="Bookman-Light" fullname="Bookman Light" family="Bookman" foundry="URW" weight="300" style="normal" stretch="normal" format="type1" metrics="URWBookman-Light.afm" glyphs="URWBookman-Light.t1"/>
+ <type name="Bookman-LightItalic" fullname="Bookman Light Italic" family="Bookman" foundry="URW" weight="300" style="italic" stretch="normal" format="type1" metrics="URWBookman-LightItalic.afm" glyphs="URWBookman-LightItalic.t1"/>
+ <type name="Courier" fullname="Courier Regular" family="Courier" foundry="URW" weight="400" style="normal" stretch="normal" format="type1" metrics="NimbusMonoPS-Refular.afm" glyphs="NimbusMonoPS-Regular.t1"/>
+ <type name="Courier-Bold" fullname="Courier Bold" family="Courier" foundry="URW" weight="700" style="normal" stretch="normal" format="type1" metrics="NimbusMonoPS-Bold.afm" glyphs="NimbusMonoPS-Bold.t1"/>
+ <type name="Courier-Oblique" fullname="Courier Regular Oblique" family="Courier" foundry="URW" weight="400" style="oblique" stretch="normal" format="type1" metrics="NimbusMonoPS-Italic.afm" glyphs="NimbusMonoPS-Italic.t1"/>
+ <type name="Courier-BoldOblique" fullname="Courier Bold Oblique" family="Courier" foundry="URW" weight="700" style="oblique" stretch="normal" format="type1" metrics="NimbusMonoPS-BoldItalic.afm" glyphs="NimbusMonoPS-BoldItalic.t1"/>
+ <type name="fixed" fullname="Helvetica Regular" family="Helvetica" foundry="URW" weight="400" style="normal" stretch="normal" format="type1" metrics="NimbusSans-Regular.afm" glyphs="NimbusSans-Regular.t1"/>
+ <type name="Helvetica" fullname="Helvetica Regular" family="Helvetica" foundry="URW" weight="400" style="normal" stretch="normal" format="type1" metrics="NimbusSans-Regular.afm" glyphs="NimbusSans-Regular.t1"/>
+ <type name="Helvetica-Bold" fullname="Helvetica Bold" family="Helvetica" foundry="URW" weight="700" style="normal" stretch="normal" format="type1" metrics="NimbusSans-Bold.afm" glyphs="NimbusSans-Bold.t1"/>
+ <type name="Helvetica-Oblique" fullname="Helvetica Regular Italic" family="Helvetica" foundry="URW" weight="400" style="italic" stretch="normal" format="type1" metrics="NimbusSans-Italic.afm" glyphs="NimbusSans-Italic.t1"/>
+ <type name="Helvetica-BoldOblique" fullname="Helvetica Bold Italic" family="Helvetica" foundry="URW" weight="700" style="italic" stretch="normal" format="type1" metrics="NimbusSans-BoldItalic.afm" glyphs="NimbusSans-BoldItalic.t1"/>
+ <type name="Helvetica-Narrow" fullname="Helvetica Narrow" family="Helvetica Narrow" foundry="URW" weight="400" style="normal" stretch="condensed" format="type1" metrics="NimbusSansNarrow-Regular.afm" glyphs="NimbusSansNarrow-Regular.t1"/>
+ <type name="Helvetica-Narrow-Oblique" fullname="Helvetica Narrow Oblique" family="Helvetica Narrow" foundry="URW" weight="400" style="oblique" stretch="condensed" format="type1" metrics="NimbusSansNarrow-Oblique.afm" glyphs="NimbusSansNarrow-Oblique.t1"/>
+ <type name="Helvetica-Narrow-Bold" fullname="Helvetica Narrow Bold" family="Helvetica Narrow" foundry="URW" weight="700" style="normal" stretch="condensed" format="type1" metrics="NimbusSansNarrow-Bold.afm" glyphs="NimbusSansNarrow-Bold.t1"/>
+ <type name="Helvetica-Narrow-BoldOblique" fullname="Helvetica Narrow Bold Oblique" family="Helvetica Narrow" foundry="URW" weight="700" style="oblique" stretch="condensed" format="type1" metrics="nNimbusSansNarrow-BdOblique.afm" glyphs="NimbusSansNarrow-BdOblique.t1"/>
+ <type name="NewCenturySchlbk-Roman" fullname="New Century Schoolbook" family="NewCenturySchlbk" foundry="URW" weight="400" style="normal" stretch="normal" format="type1" metrics="C059-Roman.afm" glyphs="C059-Roman.t1"/>
+ <type name="NewCenturySchlbk-Italic" fullname="New Century Schoolbook Italic" family="NewCenturySchlbk" foundry="URW" weight="400" style="italic" stretch="normal" format="type1" metrics="C059-Italic.afm" glyphs="C059-Italic.t1"/>
+ <type name="NewCenturySchlbk-Bold" fullname="New Century Schoolbook Bold" family="NewCenturySchlbk" foundry="URW" weight="700" style="normal" stretch="normal" format="type1" metrics="C059-Bold.afm" glyphs="C059-Bold.t1"/>
+ <type name="NewCenturySchlbk-BoldItalic" fullname="New Century Schoolbook Bold Italic" family="NewCenturySchlbk" foundry="URW" weight="700" style="italic" stretch="normal" format="type1" metrics="C059-BdIta.afm" glyphs="C059-BdIta.t1"/>
+ <type name="Palatino-Roman" fullname="Palatino Regular" family="Palatino" foundry="URW" weight="400" style="normal" stretch="normal" format="type1" metrics="P052-Roman.afm" glyphs="P052-Roman.t1"/>
+ <type name="Palatino-Italic" fullname="Palatino Italic" family="Palatino" foundry="URW" weight="400" style="italic" stretch="normal" format="type1" metrics="P052-Italic.afm" glyphs="P052-Italic.t1"/>
+ <type name="Palatino-Bold" fullname="Palatino Bold" family="Palatino" foundry="URW" weight="700" style="normal" stretch="normal" format="type1" metrics="P052-Bold.afm" glyphs="P052-Bold.t1"/>
+ <type name="Palatino-BoldItalic" fullname="Palatino Bold Italic" family="Palatino" foundry="URW" weight="700" style="italic" stretch="normal" format="type1" metrics="P052-BoldItalic.afm" glyphs="P052-BoldItalic.t1"/>
+ <type name="Times-Roman" fullname="Times Regular" family="Times" foundry="URW" weight="400" style="normal" stretch="normal" format="type1" metrics="NimbusRoman-Regular.afm" glyphs="NimbusRoman-Regular.t1"/>
+ <type name="Times-Bold" fullname="Times Medium" family="Times" foundry="URW" weight="700" style="normal" stretch="normal" format="type1" metrics="NimbusRoman-Bold.afm" glyphs="NimbusRoman-Bold.t1"/>
+ <type name="Times-Italic" fullname="Times Regular Italic" family="Times" foundry="URW" weight="400" style="italic" stretch="normal" format="type1" metrics="NimbusRoman-Italic.afm" glyphs="NimbusRoman-Italic.t1"/>
+ <type name="Times-BoldItalic" fullname="Times Medium Italic" family="Times" foundry="URW" weight="700" style="italic" stretch="normal" format="type1" metrics="NimbusRoman-BoldItalic.afm" glyphs="NimbusRoman-BoldItalic.t1"/>
+ <type name="Symbol" fullname="Symbol" family="Symbol" foundry="URW" weight="400" style="normal" stretch="normal" format="type1" metrics="StandardSymbolsPS.afm" glyphs="StandardSymbolsPS.t1" version="2.0" encoding="AdobeCustom"/>
+</typemap>
--- /dev/null
+# vim:syntax=apparmor
+
+# This file contains common DRI-specific rules useful for GUI applications
+# (needed by libdrm and similar).
+
+ /usr/lib{,32,64}/dri/** mr,
+ /usr/lib/@{multiarch}/dri/** mr,
+ /usr/lib/fglrx/dri/** mr,
+ /dev/dri/ r,
+ /dev/dri/** rw,
+ /etc/drirc r,
+ /usr/share/drirc.d/{,*.conf} r,
+ owner @{HOME}/.drirc r,
+
--- /dev/null
+# vim:syntax=apparmor
+
+# This file contains common DRI-specific rules useful for GUI applications that
+# needs to enumerate graphic devices (as with drmParsePciDeviceInfo() from
+# libdrm).
+
+ @{sys}/devices/pci[0-9]*/**/{device,subsystem_device,subsystem_vendor,uevent,vendor} r,
+
--- /dev/null
+# vim:syntax=apparmor
+# Rules for changing KDE settings (for KFileDialog and other).
+
+ # User files
+
+ owner @{HOME}/.config/#[0-9]* rw,
+ owner @{HOME}/.config/kdeglobals rw,
+ owner @{HOME}/.config/kdeglobals.?????? rwl -> @{HOME}/.config/#[0-9]*,
+ owner @{HOME}/.config/kdeglobals.lock rwk,
+
--- /dev/null
+# vim:syntax=apparmor
+# Rules for writing KDE icon cache
+
+ # User files
+
+ owner @{HOME}/.cache/icon-cache.kcache rw, # for KIconLoader
+
--- /dev/null
+# vim:syntax=apparmor
+# Rules for changing per-application language settings on KDE. Some KDE
+# applications have "Help -> Switch Application Language..." option, that needs
+# write access to language settings file.
+
+ # User files
+
+ owner @{HOME}/.config/#[0-9]* rw,
+ owner @{HOME}/.config/klanguageoverridesrc rw,
+ owner @{HOME}/.config/klanguageoverridesrc.?????? rwl -> @{HOME}/.config/#[0-9]*,
+ owner @{HOME}/.config/klanguageoverridesrc.lock rwk,
+
--- /dev/null
+# vim:syntax=apparmor
+# Rules for Mesa implementation of the OpenGL API
+
+ # System files
+ /dev/dri/ r, # libGLX_mesa.so calls drmGetDevice2()
+
+ # Needed to check if the kernel supports the i915 perf interface
+ # (src/intel/perf/gen_perf.c, load_oa_metrics())
+ @{PROC}/sys/dev/i915/perf_stream_paranoid r,
+
+ # User files
+ owner @{HOME}/.cache/ w, # if user clears all caches
+ owner @{HOME}/.cache/mesa_shader_cache/ w,
+ owner @{HOME}/.cache/mesa_shader_cache/index rw,
+ owner @{HOME}/.cache/mesa_shader_cache/??/ w,
+ owner @{HOME}/.cache/mesa_shader_cache/??/* rwk,
+
--- /dev/null
+# vim:syntax=apparmor
+# OpenCL access requirements
+
+ # TODO: use conditionals to select allowed implementations
+ #include <abstractions/opencl-intel>
+ #include <abstractions/opencl-mesa>
+ #include <abstractions/opencl-nvidia>
+ #include <abstractions/opencl-pocl>
+
--- /dev/null
+# vim:syntax=apparmor
+# implementation-independent OpenCL access requirements
+
+ # System files
+
+ /etc/OpenCL/** r,
+ @{sys}/bus/pci/devices/ r, # libpocl.so -> libhwlock.so, libnvidia-opencl.so, beignet/libcl.so -> libdrm_intel.so
+ @{sys}/devices/system/node/ r, # for clGetPlatformIDs() from libOpenCL.so
+ @{sys}/devices/system/node/node[0-9]*/meminfo r, # for clGetPlatformIDs() from libOpenCL.so
+
--- /dev/null
+# vim:syntax=apparmor
+# OpenCL access requirements for Intel implementation
+
+ #include <abstractions/opencl-common>
+
+ # for libcl.so (libOpenCL.so -> beignet/libcl.so calls XOpenDisplay())
+ #include <abstractions/X>
+
+ # for libOpenCL.so -> beignet/libcl.so -> libpciaccess.so
+ #include <abstractions/dri-enumerate>
+
+ # System files
+
+ /dev/dri/card[0-9]* rw, # beignet/libcl.so
+ @{sys}/devices/pci[0-9]*/**/{class,config,resource,revision} r, # libcl.so -> libdrm_intel.so -> libpciaccess.so (move to dri-enumerate ?)
+ /usr/lib/@{multiarch}/beignet/** r,
+
--- /dev/null
+# vim:syntax=apparmor
+# OpenCL access requirements for Mesa implementation
+
+ #include <abstractions/opencl-common>
+
+ # Additional libraries
+
+ /usr/lib/@{multiarch}/gallium-pipe/*.so mr, # libMesaOpenCL.so
+ /usr/lib{,64}/gallium-pipe/*.so mr, # libMesaOpenCL.so on openSUSE
+
+ # System files
+
+ /dev/dri/ r, # libMesaOpenCL.so -> libdrm.so
+ /dev/dri/render* rw, # libMesaOpenCL.so
+ /etc/drirc r, # libMesaOpenCL.so
+
+ # User files
+
+ owner @{HOME}/.cache/mesa_shader_cache/{,**} rw, # libMesaOpenCL.so -> pipe_nouveau.so
+
--- /dev/null
+# vim:syntax=apparmor
+# OpenCL access requirements for NVIDIA implementation
+
+ #include <abstractions/nvidia>
+ #include <abstractions/opencl-common>
+
+ # Executables
+
+ # https://github.com/NVIDIA/nvidia-modprobe
+ # This setuid executable is used to create various device files and load the
+ # the nvidia kernel module.
+ /usr/bin/nvidia-modprobe Px -> nvidia_modprobe,
+
+ # System files
+
+ # libnvidia-opencl.so rules:
+ /dev/nvidia-uvm rw,
+ /dev/nvidia-uvm-tools rw,
+ @{sys}/devices/pci[0-9]*/**/config r,
+ @{sys}/devices/system/memory/block_size_bytes r,
+ /usr/share/nvidia/** r,
+ @{PROC}/devices r,
+ @{PROC}/sys/vm/mmap_min_addr r,
+
+ # User files
+
+ owner @{HOME}/.nv/ComputeCache/ w,
+ owner @{HOME}/.nv/ComputeCache/** rw,
+ owner @{HOME}/.nv/ComputeCache/index rwk,
+
--- /dev/null
+# vim:syntax=apparmor
+# OpenCL access requirements for POCL implementation
+
+ #include <abstractions/opencl-common>
+
+ # Executables
+
+ /usr/bin/{,@{multiarch}-}ld.bfd Cx -> opencl_pocl_ld,
+ /usr/lib/llvm-[0-9]*.[0-9]*/bin/clang Cx -> opencl_pocl_clang,
+
+ # System files
+
+ / r, # libpocl.so -> libhwloc.so
+ @{sys}/bus/pci/slots/ r, # libpocl.so -> hwloc_topology_load() from libhwloc.so
+ @{sys}/bus/{cpu,node}/devices/ r, # libpocl.so -> libhwlock.so
+ @{sys}/class/net/ r, # libpocl.so -> hwloc_pci_traverse_lookuposdevices_cb() from libhwloc.so
+ @{sys}/devices/pci[0-9]*/**/ r, # for libpocl -> hwloc_linux_lookup_block_class() from libhwloc.so
+ @{sys}/devices/pci[0-9]*/**/block/*/dev r, # libpocl.so -> hwloc_linux_lookup_host_block_class() from libhwloc.so
+ @{sys}/devices/pci[0-9]*/**/{class,local_cpus} r, # libpocl.so -> libhwlock.so
+ @{sys}/devices/pci[0-9]*/*/net/*/address r, # libpocl.so -> hwloc_pci_traverse_lookuposdevices_cb() from libhwloc.so
+ @{sys}/devices/system/cpu/ r, # libpocl.so -> libnuma.so
+ @{sys}/devices/system/cpu/cpu[0-9]*/cache/index[0-9]*/* r, # libpocl.so -> libhwloc.so
+ @{sys}/devices/system/cpu/cpu[0-9]*/online r, # libpocl.so -> libhwlock.so
+ @{sys}/devices/system/cpu/cpu[0-9]*/topology/* r, # *_siblings, physical_package_id and lot's of others, for libpocl.so -> libhwloc.so
+ @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/* r, # for clGetPlatformIDs() from libpocl.so
+ @{sys}/devices/system/cpu/possible r, # libpocl.so -> libhwloc.so
+ @{sys}/devices/virtual/dmi/id/{,*} r, # libpocl.so -> libhwloc.so
+ @{sys}/fs/cgroup/cpuset/cpuset.{cpus,mems} r, # libpocl.so -> libhwloc.so
+ @{sys}/kernel/mm/hugepages{/,/**} r, # libpocl.so -> libhwloc.so
+ /usr/share/pocl/** r,
+ /{,var/}run/udev/data/*:* r, # libpocl.so -> hwloc_linux_block_class_fillinfos() from libhwloc.so
+
+ # User files
+
+ owner @{HOME}/.cache/pocl/ w,
+ owner @{HOME}/.cache/pocl/kcache/ w,
+ owner @{HOME}/.cache/pocl/kcache/** rw,
+ owner @{HOME}/.cache/pocl/kcache/**.so mrw, # dangerous!
+ owner @{PROC}/@{pid}/{cgroup,cpuset,status} r, # libpocl.so -> libhwloc.so, status for libpocl.so -> libnuma.so
+
+ # Child profiles
+
+ profile opencl_pocl_ld {
+ #include <abstractions/base>
+
+ # Main executables
+
+ /usr/bin/{,@{multiarch}-}ld.bfd mr,
+
+ # User files
+
+ owner @{HOME}/.cache/pocl/kcache/tempfile*.so rw,
+ owner @{HOME}/.cache/pocl/kcache/**.so.o r,
+ }
+
+ profile opencl_pocl_clang {
+ #include <abstractions/base>
+
+ # Main executables
+
+ /usr/lib/llvm-[0-9]*.[0-9]*/bin/clang mr,
+
+ # Additional executables
+
+ /usr/bin/{,@{multiarch}-}ld.bfd ix, # TODO: transfer to opencl_ld child profile?
+
+ # System files
+
+ /etc/debian-version r,
+ /etc/lsb-release r,
+
+ # User files
+
+ owner @{HOME}/.cache/pocl/kcache/*/*/*/*/*.so{,.o} rw,
+ }
+
--- /dev/null
+# vim:syntax=apparmor
+# Common rules for Qt5-based applications
+
+ # Additional libraries
+
+ /usr/lib{,64,/@{multiarch}}/qt5/plugins/**.so mr,
+ /usr/lib{,64,/@{multiarch}}/qt5/qml/**.so mr,
+ /usr/lib{,64,/@{multiarch}}/qt5/qml/**.{qmlc,jsc} mr, # Precompiled QML/JavaScript modules
+
+ # System files
+
+ /etc/xdg/QtProject/qtlogging.ini r,
+ /usr/share/qt5/translations/*.qm r,
+ /usr/lib{,64,/@{multiarch}}/qt5/plugins/** r,
+ /usr/lib{,64,/@{multiarch}}/qt5/qml/** r,
+
+ # User files
+
+ owner @{HOME}/.config/QtProject/qtlogging.ini r,
+ owner @{HOME}/.config/QtProject.conf r, # common settings for QFileDialog, etc (application might need write access)
+ owner @{HOME}/.cache/qt_compose_cache_{little,big}_endian_* r, # for "platforminputcontexts" plugins
+
--- /dev/null
+# vim:syntax=apparmor
+# Allow writing cache for Qt5 "platforminputcontexts" plugins
+
+ # User files
+
+ owner @{HOME}/.cache/qt_compose_cache_{little,big}_endian_* rwl -> @{HOME}/.cache/#[0-9]*[0-9],
+ owner @{HOME}/.cache/#[0-9]*[0-9] rw, # QSaveFile (anonymous shared memory)
+
--- /dev/null
+# vim:syntax=apparmor
+# Allow writing shared settings for Qt-based applications
+
+ # User files
+
+ owner @{HOME}/.config/#[0-9]*[0-9] rw,
+ owner @{HOME}/.config/QtProject.conf rwl -> @{HOME}/.config/#[0-9]*[0-9],
+ # for temporary files like QtProject.conf.Aqrgeb
+ owner @{HOME}/.config/QtProject.conf.?????? rwl -> @{HOME}/.config/#[0-9]*[0-9],
+ owner @{HOME}/.config/QtProject.conf.lock rwk,
+
--- /dev/null
+# vim:syntax=apparmor
+# Allow updating recent documents
+
+ # User files
+
+ owner @{HOME}/.local/share/RecentDocuments/ rw,
+ owner @{HOME}/.local/share/RecentDocuments/#[0-9]* rw,
+ owner @{HOME}/.local/share/RecentDocuments/*.desktop rwl -> @{HOME}/.local/share/RecentDocuments/#[0-9]*,
+ owner @{HOME}/.local/share/RecentDocuments/*.lock rwk,
+
--- /dev/null
+# vim:syntax=apparmor
+# Vulkan access requirements
+
+ # System files
+ /dev/dri/ r, # libvulkan_radeon.so, libvulkan_intel.so (Mesa)
+ /etc/vulkan/icd.d/{,*.json} r,
+ /etc/vulkan/{explicit,implicit}_layer.d/{,*.json} r,
+ # for drmGetMinorNameForFD() from libvulkan_intel.so (Mesa)
+ @{sys}/devices/pci[0-9]*/*/drm/ r,
+ /usr/share/vulkan/icd.d/{,*.json} r,
+ /usr/share/vulkan/{explicit,implicit}_layer.d/{,*.json} r,
+
+ # User files
+ owner @{HOME}/.local/share/vulkan/implicit_layer.d/{,*.json} r,
+
--- /dev/null
+# Note: This profile does not specify an attachment path because it is
+# intended to be used only via "Px -> lsb_release" exec transitions from
+# other profiles. We want to confine the lsb_release(1) utility when it
+# is invoked from other confined applications, but not when it is used
+# in regular (unconfined) shell scripts or run directly by the user.
+
+#include <tunables/global>
+
+# Do not attach to /usr/bin/lsb_release by default
+profile lsb_release {
+ #include <abstractions/base>
+ #include <abstractions/python>
+
+ owner @{PROC}/@{pid}/fd/ r,
+
+ /dev/tty rw,
+
+ /usr/bin/lsb_release r,
+ /usr/bin/python3.[0-9] mr,
+
+ /etc/debian_version r,
+ /etc/default/apport r,
+ /etc/dpkg/origins/** r,
+ /etc/lsb-release r,
+ /etc/lsb-release.d/ r,
+
+ /{usr/,}bin/bash ixr,
+ /{usr/,}bin/dash ixr,
+ /usr/bin/basename ixr,
+ /usr/bin/dpkg-query ixr,
+ /usr/bin/getopt ixr,
+ /usr/bin/sed ixr,
+ /usr/bin/tr ixr,
+
+ # TODO - many more permissions needed for this to work
+ deny /usr/bin/apt-cache x,
+
+ /usr/bin/ r,
+ /usr/include/python*/pyconfig.h r,
+ /usr/share/distro-info/** r,
+ /usr/share/dpkg/** r,
+ /usr/share/terminfo/** r,
+ /var/lib/dpkg/** r,
+
+ # file_inherit
+ deny /tmp/gtalkplugin.log w,
+
+ # Site-specific additions and overrides. See local/README for details.
+ #include <local/lsb_release>
+}
--- /dev/null
+# vim:syntax=apparmor
+
+#include <tunables/global>
+
+profile nvidia_modprobe {
+ #include <abstractions/base>
+
+ # Capabilities
+
+ capability chown,
+ capability mknod,
+ capability setuid,
+ capability sys_admin,
+
+ # Main executable
+
+ /usr/bin/nvidia-modprobe mr,
+
+ # Other executables
+
+ /usr/bin/kmod Cx -> kmod,
+
+ # System files
+
+ /dev/nvidia-uvm w,
+ /dev/nvidia-uvm-tools w,
+ @{sys}/bus/pci/devices/ r,
+ @{sys}/devices/pci[0-9]*/**/config r,
+ @{PROC}/devices r,
+ @{PROC}/modules r,
+ @{PROC}/sys/kernel/modprobe r,
+
+ # Child profiles
+
+ profile kmod {
+ #include <abstractions/base>
+
+ # Capabilities
+
+ capability sys_module,
+
+ # Main executable
+
+ /usr/bin/kmod mrix,
+
+ # Other executables
+
+ /{,usr/}bin/{,ba,da}sh ix,
+
+ # System files
+
+ /etc/modprobe.d/{,*.conf} r,
+ /etc/nvidia/current/*.conf r,
+ @{sys}/module/ipmi_devintf/initstate r,
+ @{sys}/module/ipmi_msghandler/initstate r,
+ @{sys}/module/nvidia/initstate r,
+ @{PROC}/cmdline r,
+ }
+
+ # Site-specific additions and overrides. See local/README for details.
+ #include <local/nvidia_modprobe>
+}
+
--- /dev/null
+@{flatpak_exports_root} = {flatpak/exports,flatpak/{app,runtime}/*/*/*/*/export}
+
+# System-wide directories with behaviour analogous to /usr/share
+# in patterns like the freedesktop.org basedir spec. These are
+# owned by root or a system user, appear in XDG_DATA_DIRS, and
+# are the parent directory for `applications`, `themes`,
+# `dbus-1/services`, etc.
+@{system_share_dirs} = /{usr,usr/local,var/lib/@{flatpak_exports_root}}/share
+
+# Per-user/personal directories with behaviour analogous to
+# ~/.local/share in patterns like the freedesktop.org basedir spec.
+# These are owned by the user running an application, appear in
+# XDG_DATA_DIRS or XDG_DATA_HOME, and are the parent directory
+# for the same subdirectories as @{system_share_dirs}
+@{user_share_dirs} = @{HOME}/.local{,/share/@{flatpak_exports_root}}/share
--- /dev/null
+# Copyright (C) 2012 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+#This file is DEPRECATED! @{sys} is defined in tunables/kernelvars now.
--- /dev/null
+# To prevent repository packages from triggering the installation of Snap,
+# this file forbids snapd from being installed by APT.
+# For more information: https://linuxmint-user-guide.readthedocs.io/en/latest/snap.html
+
+Package: snapd
+Pin: release a=*
+Pin-Priority: -10
# Written by cupsd
# DO NOT EDIT THIS FILE WHEN CUPSD IS RUNNING
<Printer HP_Color_LaserJet_MFP_M277dw_9D0E59_>
-UUID urn:uuid:d9682c07-5793-3acb-62ff-09affed6ac13
+UUID urn:uuid:eb25fb10-fb06-3141-7db1-2a5d2b9246c2
Info
Location
MakeModel Color LaserJet MFP M277dw
-DeviceURI ipp://NPI9D0E59.local:631/ipp/print
+DeviceURI ipps://NPI9D0E59.local:443/ipp/print
State Idle
-StateTime 1651060888
-ConfigTime 1651060891
+StateTime 1651061482
+ConfigTime 1651137013
Type 4188
Accepting Yes
Shared No
KLimit 0
OpPolicy default
ErrorPolicy retry-job
-Option cups-browsed true
</Printer>
# Written by cupsd
# DO NOT EDIT THIS FILE WHEN CUPSD IS RUNNING
<Printer HP_Color_LaserJet_MFP_M277dw_9D0E59_>
-UUID urn:uuid:62204677-8cbd-313c-49ec-18a22b4327c1
+UUID urn:uuid:eb25fb10-fb06-3141-7db1-2a5d2b9246c2
Info
Location
MakeModel Color LaserJet MFP M277dw
DeviceURI ipp://NPI9D0E59.local:631/ipp/print
State Idle
-StateTime 1651059158
-ConfigTime 1651059162
+StateTime 1651061482
+ConfigTime 1651061485
Type 4188
Accepting Yes
Shared No
--- /dev/null
+# /etc/init.d/rpcbind
+
+OPTIONS=""
+
+# Cause rpcbind to do a "warm start" utilizing a state file (default)
+OPTIONS="-w"
+
+# Uncomment the following line to restrict rpcbind to localhost only for UDP requests
+# OPTIONS="${OPTIONS} -h 127.0.0.1 -h ::1"
+
+# Uncomment the following line to enable libwrap TCP-Wrapper connection logging
+# OPTIONS="${OPTIONS} -l "
--- /dev/null
+GTK_MODULES=${GTK_MODULES:+$GTK_MODULES:}gail:atk-bridge
--- /dev/null
+QT_ACCESSIBILITY=1
--- /dev/null
+# Ethernet frame types
+#
+# The EtherType is a two-octet field of Ethernet frames used to indicate
+# which protocol is contained in their payload.
+#
+# More entries, mostly historical, can be found on:
+# https://www.iana.org/assignments/ieee-802-numbers/
+# http://standards-oui.ieee.org/ethertype/eth.txt
+#
+# <name> <hexnumber> <alias1>...<alias35> # Comment
+#
+IPv4 0800 ip ip4 # IP (IPv4)
+X25 0805
+ARP 0806 ether-arp # Address Resolution Protocol
+FR_ARP 0808 # Frame Relay ARP [RFC1701]
+BPQ 08FF # G8BPQ AX.25 over Ethernet
+TRILL 22F3 # TRILL [RFC6325]
+L2-IS-IS 22F4 # TRILL IS-IS [RFC6325]
+TEB 6558 # Transparent Ethernet Bridging [RFC1701]
+RAW_FR 6559 # Raw Frame Relay [RFC1701]
+RARP 8035 # Reverse ARP [RFC903]
+ATALK 809B # Appletalk
+AARP 80F3 # Appletalk Address Resolution Protocol
+802_1Q 8100 8021q 1q 802.1q dot1q # VLAN tagged frame [802.1q]
+IPX 8137 # Novell IPX
+NetBEUI 8191 # NetBEUI
+IPv6 86DD ip6 # IP version 6
+PPP 880B # Point-to-Point Protocol
+MPLS 8847 # MPLS [RFC5332]
+MPLS_MULTI 8848 # MPLS with upstream-assigned label [RFC5332]
+ATMMPOA 884C # MultiProtocol over ATM
+PPP_DISC 8863 # PPP over Ethernet discovery stage
+PPP_SES 8864 # PPP over Ethernet session stage
+ATMFATE 8884 # Frame-based ATM Transport over Ethernet
+EAPOL 888E # EAP over LAN [802.1x]
+S-TAG 88A8 # QinQ Service VLAN tag identifier [802.1q]
+EAP_PREAUTH 88C7 # EAPOL Pre-Authentication [802.11i]
+LLDP 88CC # Link Layer Discovery Protocol [802.1ab]
+MACSEC 88E5 # Media Access Control Security [802.1ae]
+PBB 88E7 macinmac # Provider Backbone Bridging [802.1ah]
+MVRP 88F5 # Multiple VLAN Registration Protocol [802.1q]
+PTP 88F7 # Precision Time Protocol
+FCOE 8906 # Fibre Channel over Ethernet
+FIP 8914 # FCoE Initialization Protocol
+ROCE 8915 # RDMA over Converged Ethernet
--- /dev/null
+# Fail2Ban configuration file
+#
+# Author: Daniel Black
+# Author: Cyril Jaquier
+# Modified: Yaroslav O. Halchenko <debian@onerussian.com>
+# made active on all ports from original iptables.conf
+# Modified: Alexander Belykh <albel727@ngs.ru>
+# adapted for nftables
+#
+# This is a included configuration file and includes the definitions for the nftables
+# used in all nftables based actions by default.
+#
+# The user can override the defaults in nftables-common.local
+# Example: redirect flow to honeypot
+#
+# [Init]
+# table_family = ip
+# chain_type = nat
+# chain_hook = prerouting
+# chain_priority = -50
+# blocktype = counter redirect to 2222
+
+[INCLUDES]
+
+after = nftables-common.local
+
+[Definition]
+
+# Option: type
+# Notes.: type of the action.
+# Values: [ multiport | allports ] Default: multiport
+#
+type = multiport
+
+rule_match-custom =
+rule_match-allports = meta l4proto \{ <protocol> \}
+rule_match-multiport = $proto dport \{ <port> \}
+match = <rule_match-<type>>
+
+# Option: rule_stat
+# Notes.: statement for nftables filter rule.
+# leaving it empty will block all (include udp and icmp)
+# Values: nftables statement
+#
+rule_stat = %(match)s <addr_family> saddr @<addr_set> <blocktype>
+
+# optional interator over protocol's:
+_nft_for_proto-custom-iter =
+_nft_for_proto-custom-done =
+_nft_for_proto-allports-iter =
+_nft_for_proto-allports-done =
+_nft_for_proto-multiport-iter = for proto in $(echo '<protocol>' | sed 's/,/ /g'); do
+_nft_for_proto-multiport-done = done
+
+_nft_list = <nftables> -a list chain <table_family> <table> <chain>
+_nft_get_handle_id = grep -oP '@<addr_set>\s+.*\s+\Khandle\s+(\d+)$'
+
+_nft_add_set = <nftables> add set <table_family> <table> <addr_set> \{ type <addr_type>\; \}
+ <_nft_for_proto-<type>-iter>
+ <nftables> add rule <table_family> <table> <chain> %(rule_stat)s
+ <_nft_for_proto-<type>-done>
+_nft_del_set = { %(_nft_list)s | %(_nft_get_handle_id)s; } | while read -r hdl; do
+ <nftables> delete rule <table_family> <table> <chain> $hdl; done
+ <nftables> delete set <table_family> <table> <addr_set>
+
+# Option: _nft_shutdown_table
+# Notes.: command executed after the stop in order to delete table (it checks that no sets are available):
+# Values: CMD
+#
+_nft_shutdown_table = { <nftables> list table <table_family> <table> | grep -qP '^\s+set\s+'; } || {
+ <nftables> delete table <table_family> <table>
+ }
+
+# Option: actionstart
+# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
+# Values: CMD
+#
+actionstart = <nftables> add table <table_family> <table>
+ <nftables> -- add chain <table_family> <table> <chain> \{ type <chain_type> hook <chain_hook> priority <chain_priority> \; \}
+ %(_nft_add_set)s
+
+# Option: actionflush
+# Notes.: command executed once to flush IPS, by shutdown (resp. by stop of the jail or this action);
+# uses `nft flush set ...` and as fallback (e. g. unsupported) recreates the set (with references)
+# Values: CMD
+#
+actionflush = { <nftables> flush set <table_family> <table> <addr_set> 2> /dev/null; } || {
+ %(_nft_del_set)s
+ %(_nft_add_set)s
+ }
+
+# Option: actionstop
+# Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
+# Values: CMD
+#
+actionstop = %(_nft_del_set)s
+ <_nft_shutdown_table>
+
+# Option: actioncheck
+# Notes.: command executed once before each actionban command
+# Values: CMD
+#
+actioncheck = <nftables> list chain <table_family> <table> <chain> | grep -q '@<addr_set>[ \t]'
+
+# Option: actionban
+# Notes.: command executed when banning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: See jail.conf(5) man page
+# Values: CMD
+#
+actionban = <nftables> add element <table_family> <table> <addr_set> \{ <ip> \}
+
+# Option: actionunban
+# Notes.: command executed when unbanning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: See jail.conf(5) man page
+# Values: CMD
+#
+actionunban = <nftables> delete element <table_family> <table> <addr_set> \{ <ip> \}
+
+[Init]
+
+# Option: table
+# Notes.: main table to store chain and sets (automatically created on demand)
+# Values: STRING Default: f2b-table
+table = f2b-table
+
+# Option: table_family
+# Notes.: address family to work in
+# Values: [ip | ip6 | inet] Default: inet
+table_family = inet
+
+# Option: chain
+# Notes.: main chain to store rules
+# Values: STRING Default: f2b-chain
+chain = f2b-chain
+
+# Option: chain_type
+# Notes.: refers to the kind of chain to be created
+# Values: [filter | route | nat] Default: filter
+#
+chain_type = filter
+
+# Option: chain_hook
+# Notes.: refers to the kind of chain to be created
+# Values: [ prerouting | input | forward | output | postrouting ] Default: input
+#
+chain_hook = input
+
+# Option: chain_priority
+# Notes.: priority in the chain.
+# Values: NUMBER Default: -1
+#
+chain_priority = -1
+
+# Option: addr_type
+# Notes.: address type to work with
+# Values: [ipv4_addr | ipv6_addr] Default: ipv4_addr
+#
+addr_type = ipv4_addr
+
+# Default name of the filtering set
+#
+name = default
+
+# Option: port
+# Notes.: specifies port to monitor
+# Values: [ NUM | STRING ] Default:
+#
+port = ssh
+
+# Option: protocol
+# Notes.: internally used by config reader for interpolations.
+# Values: [ tcp | udp ] Default: tcp
+#
+protocol = tcp
+
+# Option: blocktype
+# Note: This is what the action does with rules. This can be any jump target
+# as per the nftables man page (section 8). Common values are drop,
+# reject, reject with icmpx type host-unreachable, redirect to 2222
+# Values: STRING
+blocktype = reject
+
+# Option: nftables
+# Notes.: Actual command to be executed, including common to all calls options
+# Values: STRING
+nftables = nft
+
+# Option: addr_set
+# Notes.: The name of the nft set used to store banned addresses
+# Values: STRING
+addr_set = addr-set-<name>
+
+# Option: addr_family
+# Notes.: The family of the banned addresses
+# Values: [ ip | ip6 ]
+addr_family = ip
+
+[Init?family=inet6]
+addr_family = ip6
+addr_type = ipv6_addr
+addr_set = addr6-set-<name>
--- /dev/null
+# Fail2Ban filter for Bitwarden
+# Detecting failed login attempts
+# Logged in bwdata/logs/identity/Identity/log.txt
+
+[Definition]
+failregex = ^\s*\[WRN\]\s+Failed login attempt(?:, 2FA invalid)?\. <HOST>$
--- /dev/null
+# Fail2Ban filter for Centreon Web
+# Detecting unauthorized access to the Centreon Web portal
+# typically logged in /var/log/centreon/login.log
+
+[Init]
+datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S
+
+[Definition]
+failregex = ^(?:\|-?\d+){3}\|\[[^\]]*\] \[<HOST>\] Authentication failed for '<F-USER>[^']+</F-USER>'
--- /dev/null
+# Fail2ban filter configuration for traefik :: auth
+# used to ban hosts, that were failed through traefik
+#
+# Author: CrazyMax
+#
+# To use 'traefik-auth' filter you have to configure your Traefik instance to write
+# the access logs as describe in https://docs.traefik.io/configuration/logs/#access-logs
+# into a log file on host and specifiy users for Basic Authentication
+# https://docs.traefik.io/configuration/entrypoints/#basic-authentication
+#
+# Example:
+#
+# version: "3.2"
+#
+# services:
+# traefik:
+# image: traefik:latest
+# command:
+# - "--loglevel=INFO"
+# - "--accesslog=true"
+# - "--accessLog.filePath=/var/log/access.log"
+# # - "--accessLog.filters.statusCodes=400-499"
+# - "--defaultentrypoints=http,https"
+# - "--entryPoints=Name:http Address::80"
+# - "--entryPoints=Name:https Address::443 TLS"
+# - "--docker.domain=example.com"
+# - "--docker.watch=true"
+# - "--docker.exposedbydefault=false"
+# - "--api=true"
+# - "--api.dashboard=true"
+# ports:
+# - target: 80
+# published: 80
+# protocol: tcp
+# mode: host
+# - target: 443
+# published: 443
+# protocol: tcp
+# mode: host
+# labels:
+# - "traefik.enable=true"
+# - "traefik.port=8080"
+# - "traefik.backend=traefik"
+# - "traefik.frontend.rule=Host:traefik.example.com"
+# - "traefik.frontend.auth.basic.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/"
+# volumes:
+# - "/var/log/traefik:/var/log"
+# - "/var/run/docker.sock:/var/run/docker.sock"
+# restart: always
+#
+
+[Definition]
+
+failregex = ^<HOST> \- (?!- )\S+ \[\] \"(GET|POST|HEAD) [^\"]+\" 401\b
+
+ignoreregex =
--- /dev/null
+# Fail2Ban filter for ZNC (requires adminlog module)
+#
+# to use this module, enable the adminlog module from within ZNC and point
+# logpath to its logfile (e.g. /var/lib/znc/moddata/adminlog/znc.log).
+
+[DEFAULT]
+
+logtype = file
+
+[Definition]
+
+_daemon = znc
+
+# Prefix for different logtype (file, journal):
+#
+__prefix_file = (?:\[\]\s+)?
+__prefix_short = (?:\S+\s+%(_daemon)s\[\d+\]:)\s+
+__prefix_journal = %(__prefix_short)s
+
+__prefix_line = <__prefix_<logtype>>
+
+failregex = ^%(__prefix_line)s\[[^]]+\] failed to login from <ADDR>
+
+ignoreregex =
+
+journalmatch = _SYSTEMD_UNIT=znc.service + _COMM=znc
+
+# DEV Notes:
+# Log format is: [<DATE+TIME>] [<USERNAME>] <ACTION> from <ADDR>
+# [2018-10-27 01:40:17] [girst] connected to ZNC from 1.2.3.4
+# [2018-10-27 01:40:21] [girst] disconnected from ZNC from 1.2.3.4
+# [2018-10-27 01:40:55] [girst] failed to login from 1.2.3.4
+#
+# Author: Tobias Girstmair (//gir.st/)
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+<fontconfig>
+ <match target="pattern">
+ <test name="lang">
+ <string>ar</string>
+ </test>
+ <test qual="any" name="family">
+ <string>sans-serif</string>
+ </test>
+ <edit name="family" mode="prepend">
+ <string>Noto Sans</string>
+ <string>Noto Sans Arabic UI</string>
+ </edit>
+ </match>
+ <match target="pattern">
+ <test name="lang">
+ <string>ar</string>
+ </test>
+ <test qual="any" name="family">
+ <string>serif</string>
+ </test>
+ <edit name="family" mode="prepend">
+ <string>Noto Serif</string>
+ <string>Noto Naskh Arabic</string>
+ </edit>
+ </match>
+</fontconfig>
--- /dev/null
+../conf.avail/56-language-selector-ar.conf
\ No newline at end of file
--- /dev/null
+/**
+ * This file is read by Icinga 2 before the main
+ * configuration file (icinga2.conf) is processed.
+ */
+
+const RunAsUser = "nagios"
+const RunAsGroup = "nagios"
--- /dev/null
+$database mysql
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIICdTCCAV0CAQIwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALFO
+lXdEd27wSNbshxt0szWniDHtC2ayB8hRhew+SPALJoX0riLgCdW7JVcwnbWa5yyc
+8qUiXC9vuVirUBaw6I28HCiwQquaB6i5qpBPeQF69aPoGdIqQTWEdSzzMAOnXEZ/
+veJfWg5Pdn6uvMF9xa3iMex9EMOsGribWFhWvw5E3wwOX1BRFZFrlsAR8C/F9ksr
+ohCcu6k3VD7sgpk+a1BjbW/iI80B4ByZU+7VjhJhvWRuItcyBM+PxMw0orzo9yb9
+USZ0VvNDj44diPrEpaFdgTK2spu/Yii1jKyFrN8bM2Hle89SUIpT5R8u08KI7NzV
+Si9UA0eaI+5NGeVgt3ECAwEAAaAwMC4GCSqGSIb3DQEJDjEhMB8wHQYDVR0RBBYw
+FIISdHYuaG9lbGxlaW4ub25saW5lMA0GCSqGSIb3DQEBCwUAA4IBAQAEwBcZGGPO
+eZ+AkbV3/ZJNmOwydpJ3QvGfREaY1jFhGD5QuiCnI87rE47z4xvwTHhvCHLhod10
+Aqp/pdegJSApFmTU9nK5zr/BJkEmp36EU5Yjnkq+mjC8aLzXT2G9GV0oIackDdep
+xC+ZYlrxzHPa8WG1RRCX5iyBB4GIlEvq+k17PXhUq0670fEvD1YuLks8h/S0Agsy
+MtcdHQ/EiAFVjlnxXgZ2/NL9pc9hjpzObk54ORGywOtBDe/RMMiyFzXhiJol/TcF
+UdMBa7pNoZImtF2uLJNbAtDE/f7LJvMyLxiHdM8Lhd67s9Jm9g+w0ebXbet8/6C9
+luorFpAw5pSz
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIICdTCCAV0CAQIwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL+9
+CQ+IpXRN/x5to41JHeJqI0rGKTnSR3H7n4+t8+gi+3dGeRxV9uj5gi8fYghzccWi
+7KPSTDWQ+KDHgQRe+TqGuaB9VnCgXoHh5aLbSDzpaphohS28bJCAHDuQpqZGz0oG
+PwPjW21S0Z/ugrVOpTyE4RoSeyZq3UcBkbOT9HL3/00faz0b4iD7mN4aVsbA8hjl
+jWIeWwLUtWfxSCJ+RR2Qyk8frY/7wekY8dAoNoc4rCVKgftkXE8K1nB9j1iwYoUT
+MY47DWZ8VohbUQSB5m7avyuHXHdm1rU5gz39hEpBhhisw33bdg2dFY7LiDmqJnNz
+ubZJK2LRB3tGChxSeCkCAwEAAaAwMC4GCSqGSIb3DQEJDjEhMB8wHQYDVR0RBBYw
+FIISdHYuaG9lbGxlaW4ub25saW5lMA0GCSqGSIb3DQEBCwUAA4IBAQCdlXuHAHPe
+SZ+a2vcV++MgSxyjSgrdV+q85tdr1EJ6DAdDNSaADZdQOdhdCjAkeQfuIf0hEXWA
+JJEm9fRQGhmYYA/hAN9QfGmPbeo2w+zYFHJj+eX3OGV/j7xeZHHDz7H2mk8FzZOT
+XnFrl1GUG/9gmEYAJYgwm2/3edsw3jX2eTal59AZt+ai01SAByXOqxVfXZYSylb9
+j8Oe0iqTm9bGNG3wHwkILW4IAk/x1gQcwlHHV5/CfzEzNfzGuHVI6LC1hKfpF9Iz
+M1qnDMTZmEUJajyKP6qAWK1M+VsPwJcTEiY4QMQ7xHWb4fM01SvqlrCXm+0xaEnR
+03CMnD+NNJDY
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCxTpV3RHdu8EjW
+7IcbdLM1p4gx7QtmsgfIUYXsPkjwCyaF9K4i4AnVuyVXMJ21mucsnPKlIlwvb7lY
+q1AWsOiNvBwosEKrmgeouaqQT3kBevWj6BnSKkE1hHUs8zADp1xGf73iX1oOT3Z+
+rrzBfcWt4jHsfRDDrBq4m1hYVr8ORN8MDl9QURWRa5bAEfAvxfZLK6IQnLupN1Q+
+7IKZPmtQY21v4iPNAeAcmVPu1Y4SYb1kbiLXMgTPj8TMNKK86Pcm/VEmdFbzQ4+O
+HYj6xKWhXYEytrKbv2IotYyshazfGzNh5XvPUlCKU+UfLtPCiOzc1UovVANHmiPu
+TRnlYLdxAgMBAAECggEAT5z8igApLJwh6Ldt9wsQiO//vIM2klcwHWdVnf1dnMM0
++gMiybAVWm3c12iR+ABk+uhCH5ntELO24rSRko6+7R1g+3ghh5HzDHTJvGCi8eI3
+N/C432BvxUsDnjpX/dwBF/q11VaBRlmx2DI3uR3zTB970Tda9rFpkijWo1vYD9xn
+dhI+STKlVbFAj2UjHpfnflNTuqPB6KMw67KdC8HLukvyRK9PAjQBXEzxO3lrZgpu
+w+MJ+242ct2i0EO0aCNkxNwxfGzr63DB/hyDhr09TFC3U6AhbtKpWk1Cbvv0UtTQ
+ZejfIWFGXrQ++HUkkzdNaFitQTc+z5GzgKAYSxko0QKBgQDZ8DNAe0L2OnkDoFjr
+M/jfuKqvpRwLL2o1QeW/OvaDiUF3qHC8WVRwErnXjNByEjDhapacx8qnWEKKLFim
+r8J+hQIR3qxNlYKSLCOY/5Dhp1hTH4YZ1pgxOZnXYkqs9kCYUr2qc6DNSSjwFZ1i
+BCAJlFUshjq1rp9Hna/ryIkwxQKBgQDQRcx8Grinagd1wesxlF0rHlUMgFVwfNGx
+LzEWovk0nqOsXgR6/ImthiAOvVL9BJFzkg8Cm1Mhkb9Vl//JLZepQIM8Etdn1LRw
++5Qw+RThyy6Z9FQo51vSUZKN40k2QdcAiov7wd/HXyz6cT0wfpUlOnnj92hG4hg/
+Mv7m+ag+vQKBgGX1HcUY5WbUTDEKHw9KLTBc8F1j3Q7Oi92GirlAGHvJBru4LaWw
+FPSpjg/tbMcxA3UxrGyEe6Z2gAqsXHz+1PrjtugtSGazf3Zq9+xoA5vN8mBQ6yfD
+YUgGLpa5AT6Rpf6dFuZbWeswQtqvAgYM8AALSR2fXnAI1bNnbhnco3IRAoGASoXP
+J1EAZZcA2Ffs6i6mL7mIwRJif/+JoJa8P9dMyFFDS3fQrpkSQm7NpbiEq1gpG2tV
+x58AXfCiv+PFeJzBuaQF0UcEoHhxoEPEwMk/eZOUNy4/tush5d2eTPrYxXtFjUIF
+2K2EfvhFRc+jD2kbwNhtqO5r94ELIAIFR2xpkRkCgYEAvEPOsrwKswLFjLrYsiGp
+s+hrYU09/JdaXXCSAB9BIku81uh1DYM83Resy0gVdrwOZNbuJzF5pJzCiaNg4nSX
+Sa3SP1eiLQFgfmb9e1a/FO94Onx75m+kj6RrE0GyskmS8XPQ500mCOJggWkEQtcr
+3j6x8UNrzT+mj0LJuvQ7xAQ=
+-----END PRIVATE KEY-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC/vQkPiKV0Tf8e
+baONSR3iaiNKxik50kdx+5+PrfPoIvt3RnkcVfbo+YIvH2IIc3HFouyj0kw1kPig
+x4EEXvk6hrmgfVZwoF6B4eWi20g86WqYaIUtvGyQgBw7kKamRs9KBj8D41ttUtGf
+7oK1TqU8hOEaEnsmat1HAZGzk/Ry9/9NH2s9G+Ig+5jeGlbGwPIY5Y1iHlsC1LVn
+8UgifkUdkMpPH62P+8HpGPHQKDaHOKwlSoH7ZFxPCtZwfY9YsGKFEzGOOw1mfFaI
+W1EEgeZu2r8rh1x3Zta1OYM9/YRKQYYYrMN923YNnRWOy4g5qiZzc7m2SSti0Qd7
+RgocUngpAgMBAAECggEBALVmL9NNcVN2kz4Ddm+t1CMoTVlp3wkAQ224JD530cE2
+j3hJ6T0Aq4fAvwS8CTB7oBDeUkmvJUCsdj0OYqZzABH58la/He+SGbeBs5L/KPnP
+z3R/tjgOAxw2x/8mnDPF3ElpXWbdS9tDNmW77leAH14BTUIwZ+hxxAVwm5stCGFX
+T7mAsvC8bDtmrJoqENJ0caDmhlJOr+Tcoo0bo0akDQOGGcX4AAPxAy+pR3XYXX/A
+ankLchfzxxE86jscvBr1R4Q6KXvLn6fOH9yZuXiNbSUHTW6kMjw1QAGsWZn9vJxf
+4TUAuzuykfAX1bD7zhMbddKu7bl3e3Zdowc8QkYYJT0CgYEA9ujylC5e7wcj8XFw
+G4U2VFEWfN/yBjsjapkDn95rM39Js+IUcEx3gv/haqbVDBQ3Ive/QzAx1X8hOCd7
+daEKFXO6N6nve9Ym2s6iyN+gbdVcWDqCPIvVfMNJ1HQOs4uBmdv9VkTdQ6r2Ajro
+VG9xQMDJkJA64o2KZ2IHjJD4r4cCgYEAxswc1br8wscfIu9eYGnSPjNjmjn0qlkL
+wNPyvx4rowVfyPkP0oePQ9vTPxNcNe5Y0pQROr3g13oi2rgDEu9arwOTOhZIU1tn
+N8+6rbLjY1vm8TdgecH+GHyjh4no6KA1+NOLd7l/4owqNDf9tpqly6YE4+CqcP2i
+gsv79M/9ps8CgYAz9wj+2NeQFP+ilA5VLG8nxb0m4PcOCqpEiBm0Ltp/Bx4a5s0I
+aX+JqZLmoGAcX7DPAjdVy7HhThVOvTiFpDP8GdQqXPCTLpoU2QJ3pmEcXJhH1WCN
+n5x52pwSQ67IaOcI27zwyCONV1DZXU6CXsYGK80ASOqrvcBQS9hs5CICxwKBgEcd
+NSNv5IN437aLkmNC96awk2zUVqWpfP7Z0vhzPoDupzkpf3N8cs9/j638qvvP645I
+0XEGA6yRUG6VbOQVI4d/6+bXmb/X7rCUat9AIv+kHJUljimAL/lqfMU7nEm7JhOA
++V82yHyuT1qmvOfZon2bQhySfeY1lTDc76C/1qkZAoGAJRd6xUaBVKKAY4VtvUk2
+348RcjmMFKPyGhAHUzXi/i6BbHOTUDgVJ2jLMA+bpmCcogCaKAWwStHR/Ad4Ewhd
+FWuiAAJb6klAiv31k969ydr37qk4xQ7i1hQxsGvw3v7Ap+DP5TiCXOcUNYuF9ZXR
+hAnKG9e6hzr3dTgmvGyMEoQ=
+-----END PRIVATE KEY-----
--- /dev/null
+/etc/init.d/mysql\[[0-9]+\]: Check that mysqld is running and that the socket: '/var/run/mysqld/mysqld.sock' exists\!$
+/etc/init.d/mysql\[[0-9]+\]: '/usr/bin/mysqladmin --defaults-(extra-)?file=/etc/mysql/debian.cnf ping' resulted in$
+/etc/mysql/debian-start\[[0-9]+\]: Checking for crashed MySQL tables\.$
+mysqld\[[0-9]+\]: $
+mysqld\[[0-9]+\]: Version: .* socket: '/var/run/mysqld/mysqld.sock' port: 3306$
+mysqld\[[0-9]+\]: Warning: Ignoring user change to 'mysql' because the user was set to 'mysql' earlier on the command line$
+mysqld_safe\[[0-9]+\]: started$
+usermod\[[0-9]+\]: change user `mysql' GID from `([0-9]+)' to `\1'$
+usermod\[[0-9]+\]: change user `mysql' shell from `/bin/false' to `/bin/false'$
--- /dev/null
+/etc/init.d/mysql\[[0-9]+\]: [0-9]+ processes alive and '/usr/bin/mysqladmin --defaults-(extra-)?file=/etc/mysql/debian.cnf ping' resulted in$
+/etc/init.d/mysql\[[0-9]+\]: Check that mysqld is running and that the socket: '/var/run/mysqld/mysqld.sock' exists\!$
+/etc/init.d/mysql\[[0-9]+\]: '/usr/bin/mysqladmin --defaults-(extra-)?file=/etc/mysql/debian.cnf ping' resulted in$
+/etc/mysql/debian-start\[[0-9]+\]: Checking for crashed MySQL tables\.$
+mysqld\[[0-9]+\]: ?$
+mysqld\[[0-9]+\]: .*InnoDB: Shutdown completed
+mysqld\[[0-9]+\]: .*InnoDB: Started;
+mysqld\[[0-9]+\]: .*InnoDB: Starting shutdown\.\.\.$
+mysqld\[[0-9]+\]: .*\[Note\] /usr/sbin/mysqld: Normal shutdown$
+mysqld\[[0-9]+\]: .*\[Note\] /usr/sbin/mysqld: ready for connections\.$
+mysqld\[[0-9]+\]: .*\[Note\] /usr/sbin/mysqld: Shutdown complete$
+mysqld\[[0-9]+\]: /usr/sbin/mysqld: ready for connections\.$
+mysqld\[[0-9]+\]: .*/usr/sbin/mysqld: Shutdown Complete$
+mysqld\[[0-9]+\]: Version: .* socket
+mysqld\[[0-9]+\]: Warning: Ignoring user change to 'mysql' because the user was set to 'mysql' earlier on the command line$
+mysqld_safe\[[0-9]+\]: ?$
+mysqld_safe\[[0-9]+\]: able to use the new GRANT command!$
+mysqld_safe\[[0-9]+\]: ended$
+mysqld_safe\[[0-9]+\]: http://www.mysql.com$
+mysqld_safe\[[0-9]+\]: NOTE: If you are upgrading from a MySQL <= 3.22.10 you should run$
+mysqld_safe\[[0-9]+\]: PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !$
+mysqld_safe\[[0-9]+\]: Please report any problems at http://mariadb.org/jira$
+mysqld_safe\[[0-9]+\]: See the manual for more instructions.$
+mysqld_safe\[[0-9]+\]: started$
+mysqld_safe\[[0-9]+\]: Support MySQL by buying support/licenses at http://mariadb.org/jira$
+mysqld_safe\[[0-9]+\]: The latest information about MySQL is available on the web at$
+mysqld_safe\[[0-9]+\]: the /usr/bin/mysql_fix_privilege_tables. Otherwise you will not be$
+mysqld_safe\[[0-9]+\]: To do so, start the server, then issue the following commands:$
+mysqld_safe\[[0-9]+\]: /usr/bin/mysqladmin -u root -h app109 password 'new-password'$
+mysqld_safe\[[0-9]+\]: /usr/bin/mysqladmin -u root password 'new-password'$
+usermod\[[0-9]+\]: change user `mysql' GID from `([0-9]+)' to `\1'$
+usermod\[[0-9]+\]: change user `mysql' shell from `/bin/false' to `/bin/false'$
--- /dev/null
+/etc/init.d/mysql\[[0-9]+\]: [0-9]+ processes alive and '/usr/bin/mysqladmin --defaults-(extra-)?file=/etc/mysql/debian.cnf ping' resulted in$
+/etc/init.d/mysql\[[0-9]+\]: Check that mysqld is running and that the socket: '/var/run/mysqld/mysqld.sock' exists\!$
+/etc/init.d/mysql\[[0-9]+\]: '/usr/bin/mysqladmin --defaults-(extra-)?file=/etc/mysql/debian.cnf ping' resulted in$
+/etc/mysql/debian-start\[[0-9]+\]: Checking for crashed MySQL tables\.$
+mysqld\[[0-9]+\]: ?$
+mysqld\[[0-9]+\]: .*InnoDB: Shutdown completed
+mysqld\[[0-9]+\]: .*InnoDB: Started;
+mysqld\[[0-9]+\]: .*InnoDB: Starting shutdown\.\.\.$
+mysqld\[[0-9]+\]: .*\[Note\] /usr/sbin/mysqld: Normal shutdown$
+mysqld\[[0-9]+\]: .*\[Note\] /usr/sbin/mysqld: ready for connections\.$
+mysqld\[[0-9]+\]: .*\[Note\] /usr/sbin/mysqld: Shutdown complete$
+mysqld\[[0-9]+\]: /usr/sbin/mysqld: ready for connections\.$
+mysqld\[[0-9]+\]: .*/usr/sbin/mysqld: Shutdown Complete$
+mysqld\[[0-9]+\]: Version: .* socket
+mysqld\[[0-9]+\]: Warning: Ignoring user change to 'mysql' because the user was set to 'mysql' earlier on the command line$
+mysqld_safe\[[0-9]+\]: ?$
+mysqld_safe\[[0-9]+\]: able to use the new GRANT command!$
+mysqld_safe\[[0-9]+\]: ended$
+mysqld_safe\[[0-9]+\]: http://www.mysql.com$
+mysqld_safe\[[0-9]+\]: NOTE: If you are upgrading from a MySQL <= 3.22.10 you should run$
+mysqld_safe\[[0-9]+\]: PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !$
+mysqld_safe\[[0-9]+\]: Please report any problems at http://mariadb.org/jira$
+mysqld_safe\[[0-9]+\]: See the manual for more instructions.$
+mysqld_safe\[[0-9]+\]: started$
+mysqld_safe\[[0-9]+\]: Support MySQL by buying support/licenses at https://order.mysql.com$
+mysqld_safe\[[0-9]+\]: The latest information about MySQL is available on the web at$
+mysqld_safe\[[0-9]+\]: the /usr/bin/mysql_fix_privilege_tables. Otherwise you will not be$
+mysqld_safe\[[0-9]+\]: To do so, start the server, then issue the following commands:$
+mysqld_safe\[[0-9]+\]: /usr/bin/mysqladmin -u root -h app109 password 'new-password'$
+mysqld_safe\[[0-9]+\]: /usr/bin/mysqladmin -u root password 'new-password'$
+usermod\[[0-9]+\]: change user `mysql' GID from `([0-9]+)' to `\1'$
+usermod\[[0-9]+\]: change user `mysql' shell from `/bin/false' to `/bin/false'$
--- /dev/null
+# no packages own btmp -- we'll rotate it here
+/var/log/btmp {
+ missingok
+ monthly
+ create 0660 root utmp
+ rotate 1
+}
--- /dev/null
+# no packages own wtmp -- we'll rotate it here
+/var/log/wtmp {
+ missingok
+ monthly
+ create 0664 root utmp
+ minsize 1M
+ rotate 1
+}
-# Generated by LVM2 version 2.02.176(2) (2017-11-03): Wed Apr 27 00:21:51 2022
+# Generated by LVM2 version 2.02.176(2) (2017-11-03): Thu Apr 28 11:09:37 2022
contents = "Text Format Volume Group"
version = 1
-description = "Created *after* executing '/sbin/lvremove -y /dev/system/var_backup'"
+description = "Created *after* executing 'pvscan --cache --activate ay 253:0'"
-creation_host = "homeserver" # Linux homeserver 4.15.0-20-generic #21-Ubuntu SMP Tue Apr 24 06:16:15 UTC 2018 x86_64
-creation_time = 1651011711 # Wed Apr 27 00:21:51 2022
+creation_host = "homeserver" # Linux homeserver 5.0.0-32-generic #34~18.04.2-Ubuntu SMP Thu Oct 10 10:36:02 UTC 2019 x86_64
+creation_time = 1651136977 # Thu Apr 28 11:09:37 2022
system {
id = "5WJluU-PUGx-m4Am-4B5T-wooB-NUG3-dZj5zv"
- seqno = 1295
+ seqno = 1307
format = "lvm2" # informational
status = ["RESIZEABLE", "READ", "WRITE"]
flags = []
--- /dev/null
+# Automatically generated for Debian scripts. DO NOT TOUCH!
+[client]
+host = localhost
+user = debian-sys-maint
+password = xBvOytMOj0Yx5Y29
+socket = /var/run/mysqld/mysqld.sock
+[mysql_upgrade]
+user = debian-sys-maint
+password = xBvOytMOj0Yx5Y29
+socket = /var/run/mysqld/mysqld.sock
--- /dev/null
+#
+# This group is read by the client library
+# Use it for options that affect all clients, but not the server
+#
+
+[client]
+# Default is Latin1, if you need UTF-8 set this (also in server section)
+default-character-set = utf8mb4
+
+# socket location
+socket = /var/run/mysqld/mysqld.sock
+
+# Example of client certificate usage
+# ssl-cert=/etc/mysql/client-cert.pem
+# ssl-key=/etc/mysql/client-key.pem
+#
+# Allow only TLS encrypted connections
+# ssl-verify-server-cert=on
+
+# This group is *never* read by mysql client library, though this
+# /etc/mysql/mariadb.cnf.d/client.cnf file is not read by Oracle MySQL
+# client anyway.
+# If you use the same .cnf file for MySQL and MariaDB,
+# use it for MariaDB-only client options
+[client-mariadb]
--- /dev/null
+#
+# These groups are read by MariaDB command-line tools
+# Use it for options that affect only one utility
+#
+
+[mysql]
+# Default is Latin1, if you need UTF-8 set this (also in server section)
+default-character-set = utf8mb4
+
+[mysql_upgrade]
+
+[mysqladmin]
+
+[mysqlbinlog]
+
+[mysqlcheck]
+
+[mysqldump]
+
+[mysqlimport]
+
+[mysqlshow]
+
+[mysqlslap]
--- /dev/null
+# NOTE: This file is read only by the traditional SysV init script, not systemd.
+# MariaDB systemd does _not_ utilize mysqld_safe nor read this file.
+#
+# For similar behaviour, systemd users should create the following file:
+# /etc/systemd/system/mariadb.service.d/migrated-from-my.cnf-settings.conf
+#
+# To achieve the same result as the default 50-mysqld_safe.cnf, please create
+# /etc/systemd/system/mariadb.service.d/migrated-from-my.cnf-settings.conf
+# with the following contents:
+#
+# [Service]
+# User=mysql
+# StandardOutput=syslog
+# StandardError=syslog
+# SyslogFacility=daemon
+# SyslogLevel=err
+# SyslogIdentifier=mysqld
+#
+# For more information, please read https://mariadb.com/kb/en/mariadb/systemd/
+#
+
+[mysqld_safe]
+# This will be passed to all mysql clients
+# It has been reported that passwords should be enclosed with ticks/quotes
+# especially if they contain "#" chars...
+# Remember to edit /etc/mysql/debian.cnf when changing the socket location.
+socket = /var/run/mysqld/mysqld.sock
+nice = 0
+skip_log_error
+syslog
--- /dev/null
+#
+# These groups are read by MariaDB server.
+# Use it for options that only the server (but not clients) should see
+#
+# See the examples of server my.cnf files in /usr/share/mysql/
+#
+
+# this is read by the standalone daemon and embedded servers
+[server]
+
+# this is only for the mysqld standalone daemon
+[mysqld]
+
+#
+# * Basic Settings
+#
+user = mysql
+pid-file = /var/run/mysqld/mysqld.pid
+socket = /var/run/mysqld/mysqld.sock
+port = 3306
+basedir = /usr
+datadir = /var/lib/mysql
+tmpdir = /tmp
+lc-messages-dir = /usr/share/mysql
+skip-external-locking
+
+# Instead of skip-networking the default is now to listen only on
+# localhost which is more compatible and is not less secure.
+bind-address = 127.0.0.1
+
+#
+# * Fine Tuning
+#
+key_buffer_size = 16M
+max_allowed_packet = 16M
+thread_stack = 192K
+thread_cache_size = 8
+# This replaces the startup script and checks MyISAM tables if needed
+# the first time they are touched
+myisam_recover_options = BACKUP
+#max_connections = 100
+#table_cache = 64
+#thread_concurrency = 10
+
+#
+# * Query Cache Configuration
+#
+query_cache_limit = 1M
+query_cache_size = 16M
+
+#
+# * Logging and Replication
+#
+# Both location gets rotated by the cronjob.
+# Be aware that this log type is a performance killer.
+# As of 5.1 you can enable the log at runtime!
+#general_log_file = /var/log/mysql/mysql.log
+#general_log = 1
+#
+# Error log - should be very few entries.
+#
+log_error = /var/log/mysql/error.log
+#
+# Enable the slow query log to see queries with especially long duration
+#slow_query_log_file = /var/log/mysql/mariadb-slow.log
+#long_query_time = 10
+#log_slow_rate_limit = 1000
+#log_slow_verbosity = query_plan
+#log-queries-not-using-indexes
+#
+# The following can be used as easy to replay backup logs or for replication.
+# note: if you are setting up a replication slave, see README.Debian about
+# other settings you may need to change.
+#server-id = 1
+#log_bin = /var/log/mysql/mysql-bin.log
+expire_logs_days = 10
+max_binlog_size = 100M
+#binlog_do_db = include_database_name
+#binlog_ignore_db = exclude_database_name
+
+#
+# * InnoDB
+#
+# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
+# Read the manual for more InnoDB related options. There are many!
+
+#
+# * Security Features
+#
+# Read the manual, too, if you want chroot!
+# chroot = /var/lib/mysql/
+#
+# For generating SSL certificates you can use for example the GUI tool "tinyca".
+#
+# ssl-ca=/etc/mysql/cacert.pem
+# ssl-cert=/etc/mysql/server-cert.pem
+# ssl-key=/etc/mysql/server-key.pem
+#
+# Accept only connections using the latest and most secure TLS protocol version.
+# ..when MariaDB is compiled with OpenSSL:
+# ssl-cipher=TLSv1.2
+# ..when MariaDB is compiled with YaSSL (default in Debian):
+# ssl=on
+
+#
+# * Character sets
+#
+# MySQL/MariaDB default is Latin1, but in Debian we rather default to the full
+# utf8 4-byte character set. See also client.cnf
+#
+character-set-server = utf8mb4
+collation-server = utf8mb4_general_ci
+
+#
+# * Unix socket authentication plugin is built-in since 10.0.22-6
+#
+# Needed so the root database user can authenticate without a password but
+# only when running as the unix root user.
+#
+# Also available for other users if required.
+# See https://mariadb.com/kb/en/unix_socket-authentication-plugin/
+
+# this is only for embedded server
+[embedded]
+
+# This group is only read by MariaDB servers, not by MySQL.
+# If you use the same .cnf file for MySQL and MariaDB,
+# you can put MariaDB-only options here
+[mariadb]
+
+# This group is only read by MariaDB-10.1 servers.
+# If you use the same .cnf file for MariaDB of different versions,
+# use this group for options that older servers don't understand
+[mariadb-10.1]
--- /dev/null
+# /etc/profile.d/im-config_wayland.sh
+#
+# This sets the IM variables on Wayland.
+
+test "$XDG_SESSION_TYPE" = 'wayland' || return
+
+# don't do anything if im-config was removed but not purged
+test -r /usr/share/im-config/xinputrc.common || return
+
+if [ -r /etc/X11/Xsession.d/70im-config_launch ]; then
+ . /etc/X11/Xsession.d/70im-config_launch
+fi
--- /dev/null
+../init.d/quotarpc
\ No newline at end of file
--- /dev/null
+../init.d/quota
\ No newline at end of file
--- /dev/null
+../init.d/quotarpc
\ No newline at end of file
--- /dev/null
+../init.d/speech-dispatcher
\ No newline at end of file
--- /dev/null
+../init.d/quotarpc
\ No newline at end of file
--- /dev/null
+../init.d/speech-dispatcher
\ No newline at end of file
--- /dev/null
+../init.d/quotarpc
\ No newline at end of file
--- /dev/null
+../init.d/speech-dispatcher
\ No newline at end of file
--- /dev/null
+../init.d/quotarpc
\ No newline at end of file
--- /dev/null
+../init.d/speech-dispatcher
\ No newline at end of file
--- /dev/null
+../init.d/quotarpc
\ No newline at end of file
--- /dev/null
+../init.d/quotarpc
\ No newline at end of file
--- /dev/null
+../init.d/quota
\ No newline at end of file
--- /dev/null
+../init.d/quota
\ No newline at end of file
--- /dev/null
+# This is the right place to customize your installation of SpamAssassin.
+#
+# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
+# tweaked.
+#
+# This file was installed during the installation of SpamAssassin 4.0.0,
+# and contains plugin loading commands for the new plugins added in that
+# release. It will not be overwritten during future SpamAssassin installs,
+# so you can modify it to enable some disabled-by-default plugins below,
+# if you so wish.
+#
+# There are now multiple files read to enable plugins in the
+# /etc/mail/spamassassin directory; previously only one, "init.pre" was
+# read. Now both "init.pre", "v310.pre", and any other files ending in
+# ".pre" will be read. As future releases are made, new plugins will be
+# added to new files, named according to the release they're added in.
+###########################################################################
+
+# OLEVBMacro - Detects both OLE macros and VB code inside Office documents
+#
+# It tries to discern between safe and malicious code but due to the threat
+# macros present to security, many places block these type of documents outright.
+#
+# For this plugin to work, Archive::Zip and IO::String modules are required.
+# loadplugin Mail::SpamAssassin::Plugin::OLEVBMacro
--- /dev/null
+
+# Path to the Baratinoo configuration file. Defaults to $BARATINOO_CONFIG_PATH
+# or XDG_CONFIG_HOME/baratinoo.cfg
+BaratinooConfigPath "/etc/voxygen/baratinoo.cfg"
+
+# Characters to be spoken when punctuation setting is "some"
+# Encoding is UTF-8.
+BaratinooPunctuationList "@+_"
+# Characters that should still influence intonation when punctuation is not "none"
+# Encoding is UTF-8.
+BaratinooIntonationList "?!;:,.…"
+# Characters that should not be spoken when punctuation is "none"
+# (i.e. Baratinoo would not use them for intonation so we have to explicitly
+# drop them before giving text to it)
+# Encoding is UTF-8.
+BaratinooNoIntonationList ""
+
+# Sample rate, in Hz (in the 6000Hz-48000Hz range). Default to 16000Hz which
+# is the actual voices rate, not requiring resampling.
+#BaratinooSampleRate 16000
+
+# Minimum rate (-100 in speech-dispatcher)
+BaratinooMinRate -50
+# Normal rate (0 in speech-dispatcher)
+BaratinooNormalRate 0
+# Maximum rate (100 in speech-dispatcher)
+BaratinooMaxRate 150
+
+# Debug turns debugging on or off
+# See speechd.conf for information where debugging information is stored
+
+# Debug 0
+
+# DebugFile specifies the file where the debugging information
+# should be stored (note that the log is overwritten each time
+# the module starts)
+# DebugFile "/tmp/debug-baratinoo"
+
+
+# Copyright (C) 2017 Colomban Wendling <cwendling@hypra.fr>
+# Copyright (C) 2018 Samuel Thibault <samuel.thibault@ens-lyon.org>
+#
+# This program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; either version 2 of the License, or (at your option) any later
+# version.
+#
+# This program is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE. See the GNU General Public License for more details (file
+# COPYING in the root directory).
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
--- /dev/null
+# Espeak mbrola output module is based on the generic plugin for Speech
+# Dispatcher. It means there is no code written explicitly for
+# this plugin, all the specifics are handled in this configuration
+# and we call a simple command line client to perform the actual
+# synthesis. Use this config file with the sd_generic output module.
+#
+# IMPORTANT: The audio output method relies on an audio playback
+# utility (play, aplay, paplay for OSS, ALSA or Pulse)
+# being installed. If this is not the case, consider installing it
+# or replace the $PLAY_COMMAND string in the GenericExecuteString below
+# with play, paplay or similar.
+#
+# GenericExecuteSynth is the shell command that should be
+# executed in order to say some message. This command must
+# stop saying the message on SIGKILL, otherwise it's useless.
+# You can use the variables $LANGUAGE, $VOICE, $PITCH and $RATE
+# which will be substituted for the appropriate value (you
+# can modify this value, see other parameters).
+# The command can be split into more lines, if necessary, using '\'.
+GenericExecuteSynth \
+"echo \'$DATA\' | espeak-ng -v mb-$VOICE -s $RATE -p $PITCH $PUNCT -q --stdin --pho | mbrola -v $VOLUME -e /usr/share/mbrola/$VOICE/$VOICE - -.au | $PLAY_COMMAND"
+
+# Alternatively you can shorten the command like below, which makes it
+# work directly with any audio playback utility, but then you won't
+# be able to change the volume from the client application:
+# GenericExecuteSynth \
+# "echo \'$DATA\' | espeak-ng -v mb-$VOICE -s $RATE -p $PITCH $PUNCT -stdin"
+
+GenericCmdDependency "espeak-ng"
+GenericCmdDependency "mbrola"
+
+# The following three items control punctuation levels None, Some, and All.
+# Each of these values will be substituted into the $PUNCT variable depending
+# on the value passed to speech dispatcher from applications.
+# Note that if an empty string is specified, then $PUNCT will be blank
+# which is a default situation for espeak.
+
+GenericPunctNone ""
+GenericPunctSome "--punct=\"()[]{};:\""
+GenericPunctAll "--punct"
+
+# GenericStripPunctChars is a list (enclosed in doublequotes) of
+# all the characters that should be replaced by whitespaces in
+# order not to be badly handled by the output module or misinterpreted
+# by shell.
+# GenericStripPunctChars ""
+
+# If the language you need to pass in $LANG is different
+# from the standard ISO language code, you can specify
+# which string to use instead. If you wish to use
+# other than ISO charset for the specified language,
+# you can add it's name (as accepted by iconv) as a
+# third parameter in doublequotes.
+
+# To be completed
+GenericLanguage "af" "af" "utf-8"
+GenericLanguage "cs" "cs" "utf-8"
+GenericLanguage "de" "de" "utf-8"
+GenericLanguage "el" "el" "utf-8"
+GenericLanguage "en" "en" "utf-8"
+GenericLanguage "es" "es" "utf-8"
+GenericLanguage "et" "et" "utf-8"
+GenericLanguage "fa" "fa" "utf-8"
+GenericLanguage "fr" "fr" "utf-8"
+GenericLanguage "hu" "hu" "utf-8"
+GenericLanguage "hr" "hr" "utf-8"
+GenericLanguage "id" "id" "utf-8"
+GenericLanguage "is" "is" "utf-8"
+GenericLanguage "it" "it" "utf-8"
+GenericLanguage "la" "la" "utf-8"
+GenericLanguage "lt" "lt" "utf-8"
+GenericLanguage "nl" "nl" "utf-8"
+GenericLanguage "pl" "pl" "utf-8"
+GenericLanguage "pt" "pt" "utf-8"
+GenericLanguage "ro" "ro" "utf-8"
+GenericLanguage "sv" "sv" "utf-8"
+GenericLanguage "tr" "tr" "utf-8"
+
+# Each voice is available if and only if the following files exist.
+# These files must be listed *before* the voices.
+
+VoiceFileDependency "/usr/share/mbrola/$VOICE/$VOICE"
+VoiceFileDependency "/usr/lib/x86_64-linux-gnu/espeak-ng-data/voices/mb/mb-$VOICE"
+
+# AddVoice specifies which $VOICE string should be assigned to
+# each language and symbolic voice name. All the voices you want
+# to use must be specified here. This list will likely not be
+# up-to-date, please check eSpeak NG documentation and add the voices
+# you want to use.
+# All MBROLA voices for which a phoneme translation from espeak-ng to
+# MBROLA as of 12 October 2018 are listed, some commented with the
+# rationale to not include them by default. You still can ship or use
+# the commented voices if you uncomment the corresponding line.
+
+# As of Friday 12 October 2018 theses mbrola voices not yet supported
+# by espeak-ng's phonemes translation to mbrola in git are:
+# bz1: Breton Female (25.0Mb) Jean Pierre Messager
+# hb1: Hebrew Male (3.4Mb) Yoram Meron
+# hb2: Hebrew Female (5.6Mb) Esther Raizen
+# hn1: Korean Male (9.9Mb) Kyongsok Gim
+# thus they are not listed below.
+# The language code in this list is the ISO 639-1 code.
+
+AddVoice "af" "MALE1" "af1"
+
+AddVoice "ar" "MALE1" "ar1"
+AddVoice "ar" "MALE2" "ar2"
+
+AddVoice "zh" "FEMALE1" "cn1"
+
+AddVoice "cs" "FEMALE1" "cz1"
+AddVoice "cs" "MALE1" "cz2"
+
+AddVoice "de" "FEMALE1" "de1"
+AddVoice "de" "MALE1" "de2"
+AddVoice "de" "FEMALE2" "de3"
+AddVoice "de" "MALE2" "de4"
+AddVoice "de" "FEMALE3" "de5"
+AddVoice "de" "MALE1" "de6"
+AddVoice "de" "FEMALE3" "de7"
+AddVoice "de" "MALE3" "de8"
+
+AddVoice "el" "MALE1" "gr1"
+AddVoice "el" "MALE2" "gr2"
+
+AddVoice "en" "MALE1" "en1"
+AddVoice "en" "FEMALE1" "us1"
+AddVoice "en" "MALE2" "us2"
+AddVoice "en" "MALE3" "us3"
+
+AddVoice "es" "MALE1" "es1"
+AddVoice "es" "MALE2" "es2"
+AddVoice "es" "FEMALE1" "es3"
+AddVoice "es" "MALE3" "es4"
+AddVoice "es" "MALE1" "mx1"
+AddVoice "es" "MALE2" "mx2"
+AddVoice "es" "MALE1" "vz1"
+
+AddVoice "et" "MALE1" "ee1"
+
+AddVoice "fa" "MALE1" "ir1"
+AddVoice "fa" "FEMALE1" "ir2"
+
+AddVoice "fr" "MALE1" "ca1"
+AddVoice "fr" "MALE2" "ca2"
+AddVoice "fr" "MALE1" "fr1"
+AddVoice "fr" "FEMALE1" "fr2"
+AddVoice "fr" "MALE3" "fr3"
+AddVoice "fr" "FEMALE2" "fr4"
+AddVoice "fr" "MALE3" "fr5"
+AddVoice "fr" "MALE3" "fr6"
+AddVoice "fr" "MALE3" "fr7"
+
+AddVoice "hi" "MALE1" "in1"
+AddVoice "hi" "MALE2" "in2"
+
+AddVoice "hu" "MALE1" "hu1"
+
+AddVoice "hr" "MALE1" "cr1"
+
+AddVoice "id" "MALE1" "id1"
+
+AddVoice "is" "MALE1" "ic1"
+
+AddVoice "it" "MALE1" "it1"
+AddVoice "it" "FEMALE1" "it2"
+AddVoice "it" "MALE2" "it3"
+AddVoice "it" "FEMALE2" "it4"
+
+AddVoice "jp" "MALE1" "jp1"
+AddVoice "jp" "FEMALE1" "jp2"
+AddVoice "jp" "FEMALE2" "jp3"
+
+AddVoice "la" "MALE1" "la1"
+
+AddVoice "lt" "MALE1" "lt1"
+AddVoice "lt" "MALE2" "lt2"
+
+Addvoice "ms" "FEMALE1" "ma1"
+
+# nl1 has a very limited set of diphones and is usable only for reading
+# numbers. Uncomment the next line if you want it.
+# AddVoice "nl" "CHILD-MALE" "nl1"
+AddVoice "nl" "MALE1" "nl2"
+AddVoice "nl" "FEMALE1" "nl3"
+
+AddVoice "mi" "MALE1" "nz1"
+
+AddVoice "pl" "FEMALE1" "pl1"
+
+AddVoice "pt" "MALE1" "br1"
+AddVoice "pt" "MALE2" "br2"
+AddVoice "pt" "MALE3" "br3"
+AddVoice "pt" "FEMALE1" "br4"
+AddVoice "pt" "FEMALE2" "pt1"
+
+AddVoice "ro" "MALE1" "ro1"
+
+AddVoice "sw" "MALE1" "sw1"
+AddVoice "sw" "FEMALE1" "sw2"
+
+AddVoice "te" "FEMALE1" "tl1"
+
+AddVoice "tr" "MALE1" "tr1"
+AddVoice "tr" "FEMALE1" "tr2"
+
+# These parameters set _rate_, _pitch_, and _volume_ conversion. This is
+# part of the core of the definition of this generic output
+# module for this concrete synthesizer, it's not intended to
+# be modified by common users.
+# The resulting rate (or pitch) has the form:
+# (speechd_rate * GenericRateMultiply) + GenericRateAdd
+# while speechd_rate is a value between -100 (lowest) and +100 (highest)
+# You have to define some meaningful conversion for each synthesizer
+
+# Here's the mapping from SSIP (Speech Dispatcher) to ESpeak (v1.10):
+#
+# SSIP Range SSIP Default ESpeak/MBROLA Range ESpeak Default
+# ----------- ------------ ------------ --------------
+# Rate -100 to 100 0 80 to 320 160
+# Pitch -100 to 100 0 0 to 99 50
+# Volume -100 to 100 0 0 to 2 --
+#
+# The SSIP defaults are actually controlled via DefaultRate, DefaultPitch, and
+# DefaultVolume in the speechd.conf file.
+
+GenericRateAdd 160
+GenericPitchAdd 50
+GenericVolumeAdd 1
+
+# (These values are multiplied by 100, because DotConf currently
+# doesn't support floats. So you can write 0.85 as 85 and so on.)
+
+GenericRateMultiply 160
+GenericPitchMultiply 50
+GenericVolumeMultiply 1
+
+# If the client program can't handle floats, you will have to
+# use these two options to force integers as the parameters
+# 1 means force integers, 0 means do nothing (write floats).
+
+GenericRateForceInteger 1
+GenericPitchForceInteger 1
+GenericVolumeForceInteger 0
+
+# Note that SSIP rates < -50 are spoken at -50.
+
+# Debug turns debugging on or off
+# See speechd.conf for information where debugging information is stored
+Debug 0
+
+
+# Copyright (C) 2008-2010 Brailcom, o.p.s
+# Copyright (C) 2014 Luke Yelavich <themuso@ubuntu.com>
+# Copyright (C) 2018 Samuel Thibault <samuel.thibault@ens-lyon.org>
+# Copyright (C) 2018 Didier Spaier <didier@slint.fr>
+#
+# This program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; either version 2 of the License, or (at your option) any later
+# version.
+#
+# This program is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE. See the GNU General Public License for more details (file
+# COPYING in the root directory).
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
--- /dev/null
+# -- Kali parameters --
+
+KaliMaxChunkLength 4999
+KaliDelimiters ".?!;"
+
+# -- Voices --
+
+# 3 french voices, 2 english voices
+KaliVoiceParameters "Patrick" # French male 1
+#KaliVoiceParameters "Michel" # French male 2
+#KaliVoiceParameters "Guillemette" # French female 1
+#KaliVoiceParameters "Tom" # English male 1
+#KaliVoiceParameters "Rosalind" # English female 2
+
+# -- Rate control --
+# Normal rate (0 in speech-dispatcher)
+KaliNormalRate 5
+
+# -- Volume control --
+# Normal volume (0 in speech-dispatcher)
+KaliNormalVolume 10
+
+# -- Pitch control --
+# Normal pitch (0 in speech-dispatcher)
+KaliNormalPitch 6
+
+
+# Copyright (C) 2018 Raphaël POITEVIN <rpoitevin@hypra.fr>
+#
+# This program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; either version 2 of the License, or (at your option) any later
+# version.
+#
+# This program is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE. See the GNU General Public License for more details (file
+# COPYING in the root directory).
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
--- /dev/null
+# The mary-generic output module is based on the generic plugin for Speech
+# Dispatcher. It means there is no code written explicitly for
+# this plugin, all the specifics are handled in this configuration
+# and we call a simple command line client to perform the actual
+# synthesis. Use this config file with the sd_generic output module.
+#
+# IMPORTANT: The audio output method relies on an audio playback
+# utility (play, aplay, paplay for OSS, ALSA or Pulse)
+# being installed. If this is not the case, consider installing it
+# or replace the $PLAY_COMMAND string in the GenericExecuteString below
+# with play, paplay or similar.
+#
+# GenericExecuteSynth is the shell command that should be
+# executed in order to say some message. This command must
+# stop saying the message on SIGKILL, otherwise it's useless.
+# You can use the variables $LANGUAGE, $VOICE, $PITCH and $RATE
+# which will be substituted for the appropriate value (you
+# can modify this value, see other parameters).
+# This line uses the command curl, so you might need to install
+# curl if it isn't already installed.
+# The command can be split into more lines, if necessary, using '\'.
+GenericExecuteSynth \
+"curl \"http://localhost:59125/process?INPUT_TEXT=`echo \'$DATA\'| xxd -plain | tr -d '\\n' | sed 's/\\\(..\\\)/%\\\1/g'`&INPUT_TYPE=TEXT&OUTPUT_TYPE=AUDIO&AUDIO=WAVE_FILE&LOCALE=$LANGUAGE&VOICE=$VOICE\" > $TMPDIR/mary-generic.wav && $PLAY_COMMAND $TMPDIR/mary-generic.wav"
+
+GenericCmdDependency "curl"
+
+# The following three items control punctuation levels None, Some, and All.
+# Each of these values will be substituted into the $PUNCT variable depending
+# on the value passed to speech dispatcher from applications.
+# Note that if an empty string is specified, then $PUNCT will be blank
+# which is a default situation for espeak.
+
+GenericPunctNone ""
+GenericPunctSome "--punct=\"()[]{};:\""
+GenericPunctAll "--punct"
+
+# GenericStripPunctChars is a list (enclosed in doublequotes) of
+# all the characters that should be replaced by whitespaces in
+# order not to be badly handled by the output module or misinterpreted
+# by shell.
+#GenericStripPunctChars ""
+
+# If the language you need to pass in $LANG is different
+# from the standard ISO language code, you can specify
+# which string to use instead. If you wish to use
+# other than ISO charset for the specified language,
+# you can add it's name (as accepted by iconv) as a
+# third parameter in doublequotes.
+
+GenericLanguage "en" "en_GB" "utf-8"
+GenericLanguage "de" "de" "utf-8"
+
+# AddVoice specifies which $VOICE string should be assigned to
+# each language and symbolic voice name. All the voices you want
+# to use must be specified here. This list will likely not be
+# up-to-date, please check your mary installation and add the voices
+# you want to use.
+
+AddVoice "en" "MALE1" "dfki-spike"
+AddVoice "en" "FEMALE1" "dfki-prudence"
+AddVoice "en" "CHILD_FEMALE" "dfki-poppy"
+AddVoice "de" "MALE1" "dfki-pavoque-styles"
+
+# Debug turns debugging on or off
+# See speechd.conf for information where debugging information is stored
+Debug 0
+
+
+# Copyright (C) 2018 Florian Steinhardt <no.known.email@example.com>
+#
+# This program is free software; you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation; either version 2 of the License, or (at your option) any later
+# version.
+#
+# This program is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE. See the GNU General Public License for more details (file
+# COPYING in the root directory).
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
--- /dev/null
+ssl-mail.pem
\ No newline at end of file
--- /dev/null
+# This file is part of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2.1 of the License, or
+# (at your option) any later version.
+#
+# Entries in this file show the compile time defaults.
+# You can change settings by editing this file.
+# Defaults can be restored by simply deleting this file.
+#
+# See networkd.conf(5) for details
+
+[Network]
+#SpeedMeter=no
+#SpeedMeterIntervalSec=10sec
+
+[DHCP]
+#DUIDType=vendor
+#DUIDRawData=
--- /dev/null
+# This file is part of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2.1 of the License, or
+# (at your option) any later version.
+#
+# Entries in this file show the compile time defaults.
+# You can change settings by editing this file.
+# Defaults can be restored by simply deleting this file.
+#
+# See pstore.conf(5) for details.
+
+[PStore]
+#Storage=external
+#Unlink=yes
--- /dev/null
+# This file is part of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2.1 of the License, or
+# (at your option) any later version.
+#
+# Entries in this file show the compile time defaults.
+# You can change settings by editing this file.
+# Defaults can be restored by simply deleting this file.
+#
+# See systemd-sleep.conf(5) for details
+
+[Sleep]
+#AllowSuspend=yes
+#AllowHibernation=yes
+#AllowSuspendThenHibernate=yes
+#AllowHybridSleep=yes
+#SuspendMode=
+#SuspendState=mem standby freeze
+#HibernateMode=platform shutdown
+#HibernateState=disk
+#HybridSleepMode=suspend platform shutdown
+#HybridSleepState=disk
+#HibernateDelaySec=180min
--- /dev/null
+/lib/systemd/system/dmesg.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/etckeeper.timer
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/quotarpc.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/quota.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/systemd-pstore.service
\ No newline at end of file
--- /dev/null
+/lib/systemd/system/logrotate.timer
\ No newline at end of file
--- /dev/null
+../X11/Xresources
\ No newline at end of file
--- /dev/null
+#!/bin/bash
+#
+# /etc/x2go/Xsession
+#
+# X2Go Xsession file -- used by x2goserver Xsession.d add-on.
+
+# This file has been derived from the global Xsession file in Debian squeeze
+
+set -e
+
+X2GO_LIBEXEC_PATH="$(x2gopath libexec)";
+
+PROGNAME=XSession-x2go
+
+message () {
+ # pretty-print messages of arbitrary length; use xmessage if it
+ # is available and $DISPLAY is set
+ MESSAGE="$PROGNAME: $*"
+ echo "$MESSAGE" | fold -s -w ${COLUMNS:-80} >&2
+ if [ -n "$DISPLAY" ] && which xmessage 1> /dev/null 2>&1; then
+ echo "$MESSAGE" | fold -s -w ${COLUMNS:-80} | xmessage -center -file -
+ fi
+}
+
+message_nonl () {
+ # pretty-print messages of arbitrary length (no trailing newline); use
+ # xmessage if it is available and $DISPLAY is set
+ MESSAGE="$PROGNAME: $*"
+ printf '%s' "$MESSAGE" | fold -s -w ${COLUMNS:-80} >&2;
+ if [ -n "$DISPLAY" ] && which xmessage 1> /dev/null 2>&1; then
+ printf '%s' "$MESSAGE" | fold -s -w ${COLUMNS:-80} | xmessage -center -file -
+ fi
+}
+
+errormsg () {
+ # exit script with error
+ message "$*"
+ exit 1
+}
+
+internal_errormsg () {
+ # exit script with error; essentially a "THIS SHOULD NEVER HAPPEN" message
+ # One big call to message() for the sake of xmessage; if we had two then
+ # the user would have dismissed the error we want reported before seeing the
+ # request to report it.
+ errormsg "$*" \
+ "Please report the installed version of the \"X2Go Server\"" \
+ "package and the complete text of this error message to" \
+ "<x2go-dev@lists.x2go.org>."
+}
+
+# Load profile
+for file in "/etc/profile" "$HOME/.profile" "/etc/xprofile" "$HOME/.xprofile"; do
+ if [ -f "$file" ]; then
+ echo "Loading profile from $file";
+ set +e
+ . "$file"
+ set -e
+ fi
+done
+
+cur_hostname="$(hostname)"
+if [ -z "${cur_hostname}" ] || [ "${cur_hostname}" = "(none)" ] || [ "${cur_hostname}" = "localhost" ]; then
+ errormsg "Hostname not set correctly; aborting."
+fi
+
+# initialize variables for use by all session scripts
+
+OPTIONFILE=/etc/x2go/Xsession.options
+
+SYSRESOURCES=/etc/x2go/Xresources
+USRRESOURCES=$HOME/.Xresources-x2go
+
+SYSSESSIONDIR=/etc/x2go/Xsession.d
+USERXSESSION=$HOME/.xsession-x2go
+USERXSESSIONRC=$HOME/.xsessionrc-x2go
+ALTUSERXSESSION=$HOME/.Xsession-x2go
+ERRFILE="${HOME}/.xsession-x2go-${cur_hostname}-errors"
+
+# Move the old error log file away.
+if [ -f "${ERRFILE}" ]; then
+ if [ -L "${ERRFILE}" ]; then
+ resolved_errfile="$(perl -e 'use Cwd qw (abs_path); print abs_path ("' "${ERRFILE}" '") . "\n";')"
+ mv "${resolved_errfile}" "${resolved_errfile}.old" || errormsg "Unable to move symlinked old log/error file '${resolved_errfile}'; aborting."
+ else
+ mv "${ERRFILE}" "${ERRFILE}.old" || errormsg "Unable to move old log/error file '${ERRFILE}'; aborting."
+ fi
+fi
+
+# attempt to create an error file; abort if we cannot
+if (umask 177 && touch "$ERRFILE") 2> /dev/null && [ -w "$ERRFILE" ] && [ ! -L "$ERRFILE" ]; then
+ chmod 600 "$ERRFILE"
+elif ERRFILE=$(umask 077 && mktemp 2> /dev/null); then
+ if ! ln -sf "$ERRFILE" "${TMPDIR:=/tmp}/xsession-x2go-${cur_hostname}-$USER"; then
+ message "warning: unable to symlink \"$TMPDIR/xsession-x2go-${cur_hostname}-$USER\" to" \
+ "\"$ERRFILE\"; look for session log/errors in" \
+ "\"$TMPDIR/xsession-x2go-$USER\"."
+ fi
+else
+ errormsg "unable to create X session (X2Go) log/error file; aborting."
+fi
+
+exec >>"$ERRFILE" 2>&1
+
+echo "$PROGNAME: X session started for $LOGNAME at $(date)"
+
+
+# Attempt to create a file of non-zero length in /tmp; a full filesystem can
+# cause mysterious X session failures. We do not use touch, :, or test -w
+# because they won't actually create a file with contents. We also let standard
+# error from mktemp and echo go to the error file to aid the user in
+# determining what went wrong.
+WRITE_TEST=$(mktemp)
+if ! echo "*" >>"$WRITE_TEST"; then
+ message "warning: unable to write to ${WRITE_TEST%/*}; X session (X2Go) may" \
+ "exit with an error"
+fi
+rm -f "$WRITE_TEST"
+
+
+if [ -f /etc/debian_version ] || [ -f /etc/devuan_version ]; then
+
+ # sanity check; is our session script directory present?
+ if [ ! -d "$SYSSESSIONDIR" ]; then
+ errormsg "no \"$SYSSESSIONDIR\" directory found; aborting."
+ fi
+
+ # use run-parts to source every file in the session directory; we source
+ # instead of executing so that the variables and functions defined above
+ # are available to the scripts, and so that they can pass variables to each
+ # other
+
+ SESSIONFILES=$(run-parts --list $SYSSESSIONDIR)
+ SYSSESSIONDIR=/etc/x2go/Xsession.d
+
+ SESSIONFILES=$(run-parts --list $SYSSESSIONDIR)
+
+ ### source Xsession files
+ if [ -n "$SESSIONFILES" ]; then
+
+ set +e
+ for SESSIONFILE in $SESSIONFILES; do
+ "$X2GO_LIBEXEC_PATH/x2gosyslog" "$0" "info" "executing $SESSIONFILE"
+ . $SESSIONFILE
+ done
+ set -e
+ fi
+elif [ -f /etc/redhat-release ] || [ -f /etc/gentoo-release ] || [ -f /etc/SUSE-brand ] || [ -f /etc/SuSE-release ] || [ -f /etc/os-rt-release ]; then
+
+ # define a fallback... (should never be needed). The XSESSION_EXEC var gets set in
+ # X2Go's x2goruncommand script and can be used with obsolete switchdesk or with
+ # Xclients.d scripts (also rarely used, see below...).
+ XSESSION_EXEC=${XSESSION_EXEC:-xterm}
+
+ # Set up i18n environment
+ if [ -r /etc/profile.d/lang.sh ]; then
+ set +e
+ . /etc/profile.d/lang.sh
+ set -e
+ fi
+
+ # merge in defaults
+ [ -r "$SYSRESOURCES" ] && xrdb -nocpp -merge "$SYSRESOURCES"
+ [ -r "$USRRESOURCES" ] && xrdb -merge "$USRRESOURCES"
+
+ # RHEL's Xsession file for X11 allows playing with setxkbmap / xmodmap
+ # We provide this for compat, but disrecommend using it. Make sure to
+ # disable any Keyboard setup in X2Go Client / PyHoca-GUI if you want to
+ # use server-side key mappings.
+ USRMODMAP=$HOME/.Xmodmap-x2go
+ USRXKBMAP=$HOME/.Xkbmap-x2go
+
+ SYSMODMAP=/etc/x2go/Xmodmap
+ SYSXKBMAP=/etc/x2go/Xkbmap
+
+ # merge in keymaps
+ if [ -r "$SYSXKBMAP" ]; then
+ setxkbmap $(cat "$SYSXKBMAP")
+ XKB_IN_USE=yes
+ fi
+
+ if [ -r "$USRXKBMAP" ]; then
+ setxkbmap $(cat "$USRXKBMAP")
+ XKB_IN_USE=yes
+ fi
+
+ # xkb and xmodmap don't play nice together
+ if [ -z "$XKB_IN_USE" ]; then
+ [ -r "$SYSMODMAP" ] && xmodmap "$SYSMODMAP"
+ [ -r "$USRMODMAP" ] && xmodmap "$USRMODMAP"
+ fi
+
+ unset XKB_IN_USE
+
+ # run all system xinitrc shell scripts.
+ for file in /etc/x2go/xinitrc.d/* ; do
+ set +e
+ [ -r "$file" ] && . $file
+ set -e
+ done
+
+ # Prefix launch of session with ssh-agent if available and not already running.
+ SSH_AGENT=
+ if [ -x /usr/bin/ssh-agent -a -z "$SSH_AGENT_PID" ]; then
+ if [ "x$TMPDIR" != "x" ]; then
+ SSH_AGENT="/usr/bin/ssh-agent /bin/env TMPDIR=$TMPDIR"
+ else
+ SSH_AGENT="/usr/bin/ssh-agent"
+ fi
+ fi
+
+ CK_XINIT_SESSION=
+ if [ -x /usr/bin/ck-xinit-session -a -z "$XDG_SESSION_COOKIE" ]; then
+ CK_XINIT_SESSION="/usr/bin/ck-xinit-session"
+ fi
+
+ # At the time of integrating X2Go Xsession support for RHEL6 / Fedora
+ # the Xsession stuff in Fedora/RHEL6 seems to be a little mess.
+ # The proposed strategy is to have Xclients.$WM.sh files in
+ # /etc/X11/xinit/Xclients.d. Currently, only wmx uses this mechanism.
+ # As it is a described but rather unused ,,standard'' we will not support it
+ # in X2Go for now, but leave it here as a reminder...
+
+ # XCLIENTS_D=/etc/x2go/Xclients.d
+ #if [ -d "$XCLIENTS_D" -a -x "$XCLIENTS_D/Xclients.${XSESSION_EXEC}.sh" ]; then
+ # exec /bin/bash -c "exec -l \"$SHELL\" -c \"$CK_XINIT_SESSION $SSH_AGENT $XCLIENTS_D/Xclients.$1.sh\""
+ #fi
+
+ # switchdesk support is also totally deprecated in RHEL, but we leave it here
+ # as a reminder, as well, in case we need it in the future for special setups...
+ #if [ -x "$SWITCHDESKPATH/Xclients.${XSESSION_EXEC}" ]; then
+ # exec /bin/bash -c "exec -l \"$SHELL\" -c \"$SWITCHDESKPATH/Xclients.${XSESSION_EXEC}\""
+ #fi
+
+ exec $CK_XINIT_SESSION $SSH_AGENT /bin/bash -c "exec -l \"$SHELL\" -c \"$STARTUP\""
+else
+ errormsg 'Unknown operating system, XSession startup not implemented!'
+fi
+
+exit 0
--- /dev/null
+../X11/Xsession.d
\ No newline at end of file
--- /dev/null
+# /etc/xattr.conf
+#
+# Format:
+# <pattern> <action>
+#
+# Actions:
+# permissions - copy when trying to preserve permissions.
+# skip - do not copy.
+
+system.nfs4_acl permissions
+system.nfs4acl permissions
+system.posix_acl_access permissions
+system.posix_acl_default permissions
+trusted.SGI_ACL_DEFAULT skip # xfs specific
+trusted.SGI_ACL_FILE skip # xfs specific
+trusted.SGI_CAP_FILE skip # xfs specific
+trusted.SGI_DMI_* skip # xfs specific
+trusted.SGI_MAC_FILE skip # xfs specific
+xfsroot.* skip # xfs specific; obsolete
+user.Beagle.* skip # ignore Beagle index data
+security.evm skip # may only be written by kernel
--- /dev/null
+[Desktop Entry]
+Name=Geoclue Demo agent
+GenericName=Demo geoclue agent
+Keywords=geolocation;
+Exec=/usr/libexec/geoclue-2.0/demos/agent
+Icon=mark-location-symbolic
+NotShowIn=GNOME;
+NoDisplay=true
+Terminal=false
+Type=Application
--- /dev/null
+[Desktop Entry]
+Name=im-launch
+Exec=sh -c 'if [ "x$XDG_SESSION_TYPE" = "xwayland" ] ; then exec env IM_CONFIG_CHECK_ENV=1 im-launch true; fi'
+TryExec=im-launch
+Type=Application
--- /dev/null
+[Desktop Entry]
+Type=Application
+Name=xapp-sn-watcher
+Comment=A service that provides the org.kde.StatusNotifierWatcher interface for XApps
+
+Exec=/usr/libexec/xapps/sn-watcher/xapp-sn-watcher
+
+X-GNOME-Autostart-Phase=Panel
projects / homeserver / commitdiff