From e9927767f41657c2a6dfe5b728c3ee7a81c657f2 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 2 Nov 2018 09:19:20 +0100 Subject: [PATCH] committing changes in /etc after apt run Package changes: +libgpgme11 1.10.0-1ubuntu2 amd64 +libtokyocabinet9 1.4.48-11 amd64 +mutt 1.9.4-3ubuntu0.1 amd64 --- .etckeeper | 7 ++ Muttrc | 141 +++++++++++++++++++++++++++++++++ Muttrc.d/charset.rc | 9 +++ Muttrc.d/colors.rc | 19 +++++ Muttrc.d/compressed-folders.rc | 10 +++ Muttrc.d/gpg.rc | 94 ++++++++++++++++++++++ Muttrc.d/smime.rc | 103 ++++++++++++++++++++++++ mailcap | 1 + 8 files changed, 384 insertions(+) create mode 100644 Muttrc create mode 100644 Muttrc.d/charset.rc create mode 100644 Muttrc.d/colors.rc create mode 100644 Muttrc.d/compressed-folders.rc create mode 100644 Muttrc.d/gpg.rc create mode 100644 Muttrc.d/smime.rc diff --git a/.etckeeper b/.etckeeper index 1793f633d..0b4624f53 100755 --- a/.etckeeper +++ b/.etckeeper @@ -43,6 +43,13 @@ mkdir -p './webmin/authentic-theme' maybe chmod 0755 '.' maybe chmod 0700 '.etckeeper' maybe chmod 0600 '.gitignore' +maybe chmod 0644 'Muttrc' +maybe chmod 0755 'Muttrc.d' +maybe chmod 0644 'Muttrc.d/charset.rc' +maybe chmod 0644 'Muttrc.d/colors.rc' +maybe chmod 0644 'Muttrc.d/compressed-folders.rc' +maybe chmod 0644 'Muttrc.d/gpg.rc' +maybe chmod 0644 'Muttrc.d/smime.rc' maybe chmod 0755 'X11' maybe chmod 0755 'X11/Xreset' maybe chmod 0755 'X11/Xreset.d' diff --git a/Muttrc b/Muttrc new file mode 100644 index 000000000..b0ce970e3 --- /dev/null +++ b/Muttrc @@ -0,0 +1,141 @@ +# +# System configuration file for Mutt +# + +# Default list of header fields to weed when displaying. +# Ignore all lines by default... +ignore * + +# ... then allow these through. +unignore from: subject to cc date x-mailer x-url user-agent + +# Display the fields in this order +hdr_order date from to cc subject + +# emacs-like bindings +bind editor "\e" kill-word +bind editor "\e" kill-word + +# map delete-char to a sane value +bind editor delete-char + +# some people actually like these settings +#set pager_stop +#bind pager previous-line +#bind pager next-line + +# Specifies how to sort messages in the index menu. +set sort=threads + +# The behavior of this option on the Debian mutt package is +# not the original one because exim4, the default SMTP on Debian +# does not strip bcc headers so this can cause privacy problems; +# see man muttrc for more info +#unset write_bcc +# Postfix and qmail use Delivered-To for detecting loops +unset bounce_delivered + +set mixmaster="mixmaster-filter" + +# System-wide CA file managed by the ca-certificates package +set ssl_ca_certificates_file="/etc/ssl/certs/ca-certificates.crt" + +# imitate the old search-body function +macro index \eb "~b " "search in message bodies" + +# simulate the old url menu +macro index,pager,attach,compose \cb "\ + set my_pipe_decode=\$pipe_decode pipe_decode\ + urlview\ + set pipe_decode=\$my_pipe_decode; unset my_pipe_decode" \ +"call urlview to extract URLs out of a message" + +# Show documentation when pressing F1 +macro generic,pager " zcat /usr/share/doc/mutt/manual.txt.gz | sensible-pager" "show Mutt documentation" + +# show the incoming mailboxes list (just like "mutt -y") and back when pressing "y" +macro index,pager y "?" "show incoming mailboxes list" +bind browser y exit + +# Handler for gzip compressed mailboxes +# open-hook '\.gz$' "gzip -cd '%f' > '%t'" +# close-hook '\.gz$' "gzip -c '%t' > '%f'" +# append-hook '\.gz$' "gzip -c '%t' >> '%f'" + +# If Mutt is unable to determine your site's domain name correctly, you can +# set the default here. (better: fix /etc/mailname) +# +# set hostname=cs.hmc.edu + +# If your sendmail supports the -B8BITMIME flag, enable the following +# +# set use_8bitmime + +# Use mime.types to look up handlers for application/octet-stream. Can +# be undone with unmime_lookup. +mime_lookup application/octet-stream + +# Upgrade the progress counter every 250ms, good for mutt over SSH +# see http://bugs.debian.org/537746 +set time_inc=250 + +# Allow mutt to understand References, Cc and In-Reply-To as headers in mailto: +mailto_allow = cc in-reply-to references + +## +## *** DEFAULT SETTINGS FOR THE ATTACHMENTS PATCH *** +## + +## +## Please see the manual (section "attachments") for detailed +## documentation of the "attachments" command. +## +## Removing a pattern from a list removes that pattern literally. It +## does not remove any type matching the pattern. +## +## attachments +A */.* +## attachments +A image/jpeg +## unattachments +A */.* +## +## This leaves "attached" image/jpeg files on the allowed attachments +## list. It does not remove all items, as you might expect, because the +## second */.* is not a matching expression at this time. +## +## Remember: "unattachments" only undoes what "attachments" has done! +## It does not trigger any matching on actual messages. + +## Qualify any MIME part with an "attachment" disposition, EXCEPT for +## text/x-vcard and application/pgp parts. (PGP parts are already known +## to mutt, and can be searched for with ~g, ~G, and ~k.) +## +## I've added x-pkcs7 to this, since it functions (for S/MIME) +## analogously to PGP signature attachments. S/MIME isn't supported +## in a stock mutt build, but we can still treat it specially here. +## +attachments +A */.* +attachments -A text/x-vcard application/pgp.* +attachments -A application/x-pkcs7-.* + +## Discount all MIME parts with an "inline" disposition, unless they're +## text/plain. (Why inline a text/plain part unless it's external to the +## message flow?) +## +attachments +I text/plain + +## These two lines make Mutt qualify MIME containers. (So, for example, +## a message/rfc822 forward will count as an attachment.) The first +## line is unnecessary if you already have "attach-allow */.*", of +## course. These are off by default! The MIME elements contained +## within a message/* or multipart/* are still examined, even if the +## containers themselves don't qualify. +## +#attachments +A message/.* multipart/.* +#attachments +I message/.* multipart/.* + +## You probably don't really care to know about deleted attachments. +attachments -A message/external-body +attachments -I message/external-body + +## +# See /usr/share/doc/mutt/README.Debian for details. +source /usr/lib/mutt/source-muttrc.d| diff --git a/Muttrc.d/charset.rc b/Muttrc.d/charset.rc new file mode 100644 index 000000000..ebbeb3e7b --- /dev/null +++ b/Muttrc.d/charset.rc @@ -0,0 +1,9 @@ +# Some GB18030 traditional Chinese mails are wrongly labelled GB2312. +# The first charset is a superset of the second. Let's alias it, so +# that Mutt displays such mails as if they were correctly labelled. +charset-hook ^gb2312$ gb18030 + +# Some mailers send EUC-JP-MS Japanese mails wrongly labelled EUC-JP. +# The first charset is a superset of the second. Let's also alias it. +charset-hook ^euc-jp$ euc-jp-ms + diff --git a/Muttrc.d/colors.rc b/Muttrc.d/colors.rc new file mode 100644 index 000000000..5eae80aee --- /dev/null +++ b/Muttrc.d/colors.rc @@ -0,0 +1,19 @@ +# colors +color normal white black +color attachment brightyellow black +color hdrdefault cyan black +color indicator black cyan +color markers brightred black +color quoted green black +color signature cyan black +color status brightgreen blue +color tilde blue black +color tree red black +#color header brightgreen black ^From: +#color header brightcyan black ^To: +#color header brightcyan black ^Reply-To: +#color header brightcyan black ^Cc: +#color header brightblue black ^Subject: +#color body brightred black [\-\.+_a-zA-Z0-9]+@[\-\.a-zA-Z0-9]+ +#color body brightblue black (https?|ftp)://[\-\.,/%~_:?&=\#a-zA-Z0-9]+ + diff --git a/Muttrc.d/compressed-folders.rc b/Muttrc.d/compressed-folders.rc new file mode 100644 index 000000000..09dd4c674 --- /dev/null +++ b/Muttrc.d/compressed-folders.rc @@ -0,0 +1,10 @@ +# Use folders which match on \\.gz$ or \\.bz2$ as [gb]zipped folders: +open-hook \\.gz$ "gzip -cd '%f' > '%t'" +close-hook \\.gz$ "gzip -c '%t' > '%f'" +append-hook \\.gz$ "gzip -c '%t' >> '%f'" +open-hook \\.bz2$ "bzip2 -cd '%f' > '%t'" +close-hook \\.bz2$ "bzip2 -c '%t' > '%f'" +append-hook \\.bz2$ "bzip2 -c '%t' >> '%f'" +open-hook \\.xz$ "xz -cd %f > %t" +close-hook \\.xz$ "xz -c %t > %f" +append-hook \\.xz$ "xz -c %t >> %f" diff --git a/Muttrc.d/gpg.rc b/Muttrc.d/gpg.rc new file mode 100644 index 000000000..614e7f5dd --- /dev/null +++ b/Muttrc.d/gpg.rc @@ -0,0 +1,94 @@ +# -*-muttrc-*- +# +# Command formats for gpg. +# +# This version uses gpg-2comp from +# http://70t.de/download/gpg-2comp.tar.gz +# +# $Id$ +# +# %p The empty string when no passphrase is needed, +# the string "PGPPASSFD=0" if one is needed. +# +# This is mostly used in conditional % sequences. +# +# %f Most PGP commands operate on a single file or a file +# containing a message. %f expands to this file's name. +# +# %s When verifying signatures, there is another temporary file +# containing the detached signature. %s expands to this +# file's name. +# +# %a In "signing" contexts, this expands to the value of the +# configuration variable $pgp_sign_as. You probably need to +# use this within a conditional % sequence. +# +# %r In many contexts, mutt passes key IDs to pgp. %r expands to +# a list of key IDs. + +# Note that we explicitly set the comment armor header since GnuPG, when used +# in some localiaztion environments, generates 8bit data in that header, thereby +# breaking PGP/MIME. + +# Note from the Debian mutt maintainers: starting from 1.7.0-2 GPGME is enabled +# by default. More info in NEWS.Debian. +# THe pgp_* commands are left here for people who disable gpgme in their +# ~/.muttrc +set crypt_use_gpgme=yes + +# Note from the Debian mutt maintainers: the addition of +# "--pinentry-mode loopback" breaks gpgv1 compatiblity, if you need to use gpgv1 +# remove that statement. + +# decode application/pgp +set pgp_decode_command="gpg --status-fd=2 %?p?--passphrase-fd 0 --pinentry-mode=loopback? --no-verbose --quiet --batch --output - %f" + +# verify a pgp/mime signature +set pgp_verify_command="gpg --status-fd=2 --no-verbose --quiet --batch --output - --verify %s %f" + +# decrypt a pgp/mime attachment +set pgp_decrypt_command="gpg --status-fd=2 %?p?--passphrase-fd 0 --pinentry-mode=loopback? --no-verbose --quiet --batch --output - %f" + +# create a pgp/mime signed attachment +set pgp_sign_command="gpg --no-verbose --batch --quiet --output - %?p?--passphrase-fd 0 --pinentry-mode=loopback? --armor --detach-sign --textmode %?a?-u %a? %f" + +# create a application/pgp signed (old-style) message +set pgp_clearsign_command="gpg --no-verbose --batch --quiet --output - %?p?--passphrase-fd 0 --pinentry-mode=loopback? --armor --textmode --clearsign %?a?-u %a? %f" + +# create a pgp/mime encrypted attachment +set pgp_encrypt_only_command="/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust -- -r %r -- %f" + +# create a pgp/mime encrypted and signed attachment +set pgp_encrypt_sign_command="/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0 --pinentry-mode=loopback? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust -- -r %r -- %f" + +# import a key into the public key ring +set pgp_import_command="gpg --no-verbose --import %f" + +# export a key from the public key ring +set pgp_export_command="gpg --no-verbose --export --armor %r" + +# verify a key +set pgp_verify_key_command="gpg --verbose --batch --fingerprint --check-sigs %r" + +# read in the public key ring +set pgp_list_pubring_command="gpg --no-verbose --batch --quiet --with-colons --with-fingerprint --with-fingerprint --list-keys %r" + +# read in the secret key ring +set pgp_list_secring_command="gpg --no-verbose --batch --quiet --with-colons --with-fingerprint --with-fingerprint --list-secret-keys %r" + +# fetch keys +# set pgp_getkeys_command="pkspxycwrap %r" + +# pattern for good signature - may need to be adapted to locale! + +# set pgp_good_sign="^gpgv?: Good signature from " + +# OK, here's a version which uses gnupg's message catalog: +# set pgp_good_sign="`gettext -d gnupg -s 'Good signature from "' | tr -d '"'`" + +# This version uses --status-fd messages +set pgp_good_sign="^\\[GNUPG:\\] GOODSIG" + +# pattern to verify a decryption occurred +set pgp_decryption_okay="^\\[GNUPG:\\] DECRYPTION_OKAY" + diff --git a/Muttrc.d/smime.rc b/Muttrc.d/smime.rc new file mode 100644 index 000000000..238c8c419 --- /dev/null +++ b/Muttrc.d/smime.rc @@ -0,0 +1,103 @@ +# -*-muttrc-*- +## The following options are only available if you have +## compiled in S/MIME support + +# If you compiled mutt with support for both PGP and S/MIME, PGP +# will be the default method unless the following option is set +#set smime_is_default + +# Uncomment this if you don't want to set labels for certificates you add. +# unset smime_ask_cert_label + +# Passphrase expiration +#set smime_timeout=300 + +# Global crypto options -- these affect PGP operations as well. +#set crypt_autosign = yes +#set crypt_replyencrypt = yes +#set crypt_replysign = yes +#set crypt_replysignencrypted = yes +#set crypt_verify_sig = yes + +# Section A: Key Management. + +# The (default) keyfile for signing/decrypting. Uncomment the following +# line and replace the keyid with your own. +#set smime_default_key="12345678.0" + +# Uncomment to make mutt ask what key to use when trying to decrypt a message. +# It will use the default key above (if that was set) else. +# unset smime_decrypt_use_default_key + +# Path to a file or directory with trusted certificates +#set smime_ca_location="~/.smime/ca-bundle.crt" +set smime_ca_location=`for f in $HOME/.smime/ca-certificates.crt $HOME/.smime/ca-bundle.crt /etc/ssl/certs/ca-certificates.crt ; do if [ -e $f ] ; then echo $f ; exit ; fi ; done` + +# Path to where all known certificates go. (must exist!) +set smime_certificates="~/.smime/certificates" + +# Path to where all private keys go. (must exist!) +set smime_keys="~/.smime/keys" + +# These are used to extract a certificate from a message. +# First generate a PKCS#7 structure from the message. +set smime_pk7out_command="openssl smime -verify -in %f -noverify -pk7out" + +# Extract the included certificate(s) from a PKCS#7 structure. +set smime_get_cert_command="openssl pkcs7 -print_certs -in %f" + +# Extract the signer's certificate only from a S/MIME signature (sender verification) +set smime_get_signer_cert_command="openssl smime -verify -in %f -noverify -signer %c -out /dev/null" + +# This is used to get the email address the certificate was issued to. +set smime_get_cert_email_command="openssl x509 -in %f -noout -email" + +# Add a certificate to the database using smime_keys. +set smime_import_cert_command="smime_keys add_cert %f" + + + +# Sction B: Outgoing messages + +# Algorithm to use for encryption. +# valid choices are aes128, aes192, aes256, rc2-40, rc2-64, rc2-128, des, des3 +set smime_encrypt_with="aes256" + +# Encrypt a message. Input file is a MIME entity. +set smime_encrypt_command="openssl smime -encrypt -%a -outform DER -in %f %c" + +# Algorithm for the signature message digest. +# Valid choices are md5, sha1, sha224, sha256, sha384, sha512. +set smime_sign_digest_alg="sha256" + +# Sign. +set smime_sign_command="openssl smime -sign -md %d -signer %c -inkey %k -passin stdin -in %f -certfile %i -outform DER" + + + +#Section C: Incoming messages + +# Decrypt a message. Output is a MIME entity. +set smime_decrypt_command="openssl cms -decrypt -passin stdin -inform DER -in %f -inkey %k -recip %c" + +# Verify a signature of type multipart/signed +set smime_verify_command="openssl smime -verify -inform DER -in %s %C -content %f" + +# Verify a signature of type application/x-pkcs7-mime +set smime_verify_opaque_command="\ +openssl smime -verify -inform DER -in %s %C || \ +openssl smime -verify -inform DER -in %s -noverify 2>/dev/null" + + + +# Section D: Alternatives + +# Sign. If you wish to NOT include the certificate your CA used in signing +# your public key, use this command instead. +# set smime_sign_command="openssl smime -sign -md %d -signer %c -inkey %k -passin stdin -in %f -outform DER" +# +# In order to verify the signature only and skip checking the certificate chain: +# +# set smime_verify_command="openssl smime -verify -inform DER -in %s -content %f -noverify" +# set smime_verify_opaque_command="openssl smime -verify -inform DER -in %s -noverify" +# diff --git a/mailcap b/mailcap index b8f1b3111..03780a256 100644 --- a/mailcap +++ b/mailcap @@ -34,6 +34,7 @@ text/html; /usr/bin/sensible-browser %s; description=HTML Text; nametemplate=%s. application/x-troff-man; /usr/bin/nroff -mandoc -Tutf8; copiousoutput; print=/usr/bin/nroff -mandoc -Tutf8 | print text/plain:- text/troff; /usr/bin/nroff -mandoc -Tutf8; copiousoutput; print=/usr/bin/nroff -mandoc -Tutf8 | print text/plain:- application/x-info; /usr/bin/info -f '%s'; needsterminal; description=GNU Info document +message/rfc822; mutt -Rf '%s'; edit=mutt -f '%s'; needsterminal text/plain; more %s; needsterminal text/english; vim %s; needsterminal text/plain; vim %s; needsterminal -- 2.43.0