################################################################################
+DIVERT_TO="grub grub-probe"
+
+echo -n "CN: Undiverting binaries:"
+for i in $DIVERT_TO; do
+ if [ -e /usr/sbin/$i.real ]; then
+ dpkg-divert --remove --rename --package 'kernel-2.6-cn' \
+ --divert /usr/sbin/$i.real /usr/sbin/$i >/dev/null
+ echo -n " $i"
+ fi
+done
+echo "."
+
+################################################################################
+
# intro msg
echo -n "CN: Configuring system (this will take a while):"
if [ -f "$device_map" ]; then
mv -f "$device_map" "$device_map.old"
fi
-grub --batch --no-floppy --device-map="$device_map" <<EOF >/dev/null 2>&1
+grub --batch --no-floppy --device-map="$device_map" <<'EOF' >/dev/null 2>&1
quit
EOF
if [ ! -s "$device_map" ]; then
# default kernel parameters
rm -f /etc/sysctl.conf.$$
-cat > /etc/sysctl.conf.$$ <<EOF
+cat > /etc/sysctl.conf.$$ <<'EOF'
kernel.maps_protect=1
+kernel.exec-shield=0
net.core.rmem_default=1048576
net.core.wmem_default=1048576
net.ipv4.conf.all.accept_redirects=0
vm.mmap_min_addr=65536
EOF
-# old kernel params
+# old kernel params (skipping some of the obsolete or overrided entries)
if [ -e /etc/sysctl.conf ]; then
- egrep -v 'net\.core\.(r|w)mem_max|net\.ipv4\.tcp_(r|w)mem|vm\.bdflush|net\.ipv4\.ip_local_port_range|kernel\.rtsig-max|net\.ipv4\.tcp_syncookies|kernel\.exec-shield|net\.ipv4\.tcp_max_syn_backlog|net\.ipv4\.tcp_congestion_control' \
+ egrep -v 'net\.core\.(r|w)mem_max|net\.ipv4\.tcp_(r|w)mem|vm\.bdflush|net\.ipv4\.ip_local_port_range|kernel\.rtsig-max|net\.ipv4\.tcp_syncookies|kernel\.exec-shield|net\.ipv4\.tcp_max_syn_backlog|net\.ipv4\.tcp_congestion_control|kernel\.exec-shield' \
/etc/sysctl.conf >> /etc/sysctl.conf.$$
fi
# add sysctl.conf Debian headers
rm -f /etc/sysctl.conf-head
-cat > /etc/sysctl.conf-head <<EOF
+cat > /etc/sysctl.conf-head <<'EOF'
#
# /etc/sysctl.conf - Configuration file for setting system variables
# See sysctl.conf (5) for information.
if [ -e /etc/security/limits.conf ]; then
rm -f /etc/security/limits.conf.$$
cp /etc/security/limits.conf /etc/security/limits.conf.$$
- cp-update kernel-2.6-cn /etc/security/limits.conf.$$ <<EOF
+ cp-update kernel-2.6-cn /etc/security/limits.conf.$$ <<'EOF'
* soft core 0
* hard nofile 4096
* soft nofile 4096
# fix old kernel-2.4-cn postrm
if [ -e /var/lib/dpkg/info/kernel-2.4-cn.postrm ]; then
echo "CN: Fixed old kernel-2.4-cn postrm."
- cat > /var/lib/dpkg/info/kernel-2.4-cn.postrm.$$ <<EOF
+ cat > /var/lib/dpkg/info/kernel-2.4-cn.postrm.$$ <<'EOF'
#!/bin/sh
set -e
# fix old kernel-cn postrm
if [ -e /var/lib/dpkg/info/kernel-cn.postrm ]; then
echo "CN: Fixed old kernel-cn postrm."
- cat > /var/lib/dpkg/info/kernel-cn.postrm.$$ <<EOF
+ cat > /var/lib/dpkg/info/kernel-cn.postrm.$$ <<'EOF'
#!/bin/sh
set -e