From 8e63ec3203b5575cd88940fea9ee242d7725b531 Mon Sep 17 00:00:00 2001 From: Dinko Korunic Date: Wed, 23 Oct 2013 18:07:27 +0200 Subject: [PATCH] * izmjena imena iz kernel-2.6-cn u genericki kernel-cn * izmjene za Wheezy --- 50-carnet.conf | 5 +--- NEWS.CARNet | 50 ++++------------------------------ README.CARNet | 4 +-- debian/changelog | 7 +++++ debian/compat | 2 +- debian/config | 4 ++- debian/control | 14 +++++----- debian/copyright | 2 +- debian/dirs | 2 +- debian/install | 2 +- debian/postinst | 78 +++++------------------------------------------------- debian/postrm | 6 ++--- debian/preinst | 4 +-- debian/templates | 2 +- 14 files changed, 41 insertions(+), 141 deletions(-) diff --git a/50-carnet.conf b/50-carnet.conf index a794d4b..2e12ab6 100644 --- a/50-carnet.conf +++ b/50-carnet.conf @@ -16,11 +16,8 @@ net.ipv4.conf.eth0.send_redirects=0 net.ipv4.icmp_echo_ignore_broadcasts=1 net.ipv4.icmp_ignore_bogus_error_responses=1 net.ipv4.tcp_ecn=0 -net.ipv4.tcp_max_syn_backlog=2048 -net.ipv4.tcp_mtu_probing=1 -net.ipv4.tcp_retries1=2 +net.ipv4.tcp_max_syn_backlog=4096 net.ipv4.tcp_rfc1337=1 -net.ipv4.tcp_synack_retries=2 net.ipv4.tcp_syncookies=1 vm.min_free_kbytes=10240 vm.mmap_min_addr=65536 diff --git a/NEWS.CARNet b/NEWS.CARNet index e4069c7..1273f6b 100644 --- a/NEWS.CARNet +++ b/NEWS.CARNet @@ -1,47 +1,7 @@ -kernel-2.6-cn -~~~~~~~~~~~~~ +kernel-cn +~~~~~~~~~ -Kao sto znate, kernel-2.6-cn je modificirani kernel koji sadrzava, -najcesce sigurnosne, dodatke koje smo odabirali, implementirali i -testirali za vas. Nazalost, ovakav pristup je znacio odredjeno kasnjenje -nasih kernela u odnosu na sluzbene Debianovi zbog dodatnog kompleksnog -testiranja i provjera. +Pocevsi od Debian Squeezea, kernel-2.6-cn i kernel-cn su zapravo samo +skupine tweakova povrh standardnog Debian kernela. -Dodatno, s vremenom su Debianovi kerneli postajali sve bolji, a neke -nastite su postale standardno implementirane u hardveru (poput zastite od -buffer overflow napada uporabom NX - No eXecute, tehnologije). Vise -informacija mozete naci na http://en.wikipedia.org/wiki/NX_bit. - -Svi posluzitelji isporuceni ustanovama clanicama u zadnjih 5 godina su -ovog tipa (AMD64), a zasticeni su cak i u 32-bitnom modu (pod uvjetom da -rabite BIGMEM kernel). - -Odvagnuvsi s jedne strane sve prednosti i mane modificiranog, a s druge -sluzbenog Debianovog kernela, odlucili smo napustiti izradu vlastitog -kernela u korist uporabe Debianovog. - -Za veliku vecinu korisnika vidljivih promjena ne bi trebalo biti. -Kernel-cn ce i dalje postojati kao paket, jer on radi odredjene -modifikacije sustava i trebao bi ostati na sustavu. - -Od razlika izmedju CARNetovog i Debianovog kernela, spomenut cemo -najbitnije: - -- ExecShield - zamjenjuje ga hardverska zastita (NX-bit) unutar procesora - (Athlon 64 i noviji, Pentium 4 i noviji). - -- Layer 7 filtering - nije ugradjen u Debianove kernele. Novi paket - kernel-2.6-cn ce detektirati ukoliko rabite L7 filtering i odbit ce se - instalirati. Svega nekolicina kolega rabi ovu tehnologiju, pa smatramo - da ovo nece biti problem. Ukoliko ipak trebate imati ovakav kernel, a - ne znate sami komplirati kernel, pomoci cemo vam da sami napravite svoj - kernel koji ukljucuje ovaj dodatak. - -- druge promjene su male, i u vecini slucajeva se jednak rezultat moze - dobiti podesavanjem sustava putem /etc/sysctl.conf konfiguracijske - datoteke (sto ce raditi paket kernel-2.6-cn). - -Vjerujemo da ce navedena promjena, zbog brzog odziva Debianovog sigurnosnog -tima, znaciti i povecanu sigurnost nasih i vasih posluzitelja. - - -- Dinko Korunic Thu, 28 Apr 2011 09:40:26 +0200 + -- Dinko Korunic Wed, 23 Oct 2013 15:16:20 +0200 diff --git a/README.CARNet b/README.CARNet index 79e1a77..4e9e952 100644 --- a/README.CARNet +++ b/README.CARNet @@ -1,4 +1,4 @@ -kernel-2.6-cn +kernel-cn ~~~~~~~~~~~~~ Ovo je virtualni paket koji modificira tipicni Debian posluzitelj sa @@ -30,4 +30,4 @@ Datoteke koje se mijenjaju uvjetno ili bezuvjetno: /vmlinuz /vmlinuz.old /boot/vmlinuz.plain -> eliminacija starih i zaostalih symlinkova - -- Dinko Korunic Thu, 28 Apr 2011 09:40:36 +0200 + -- Dinko Korunic Wed, 23 Oct 2013 15:16:43 +0200 diff --git a/debian/changelog b/debian/changelog index d4e6692..166ba1c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +kernel-cn (3:3.2.0) stable; urgency=low + + * izmjena imena iz kernel-2.6-cn u genericki kernel-cn + * izmjene za Wheezy + + -- Dinko Korunic Wed, 23 Oct 2013 15:18:11 +0200 + kernel-2.6-cn (3:2.6.32.1) stable; urgency=low * #14002: kernel-2.6-cn/lenny: koristiti /etc/sysctl.d/ diff --git a/debian/compat b/debian/compat index 7f8f011..ec63514 100644 --- a/debian/compat +++ b/debian/compat @@ -1 +1 @@ -7 +9 diff --git a/debian/config b/debian/config index b0a9aee..9845cb7 100644 --- a/debian/config +++ b/debian/config @@ -19,7 +19,9 @@ for i in $DIVERT_TO; do dpkg-divert --remove --rename --package 'kernel-2.6-cn' \ --divert /usr/sbin/$i.real /usr/sbin/$i - sed -i "/^\/usr\/sbin\/$i/d" /var/lib/dpkg/info/kernel-2.6-cn.list + if [ -e /var/lib/dpkg/info/kernel-2.6-cn.list ]; then + sed -i "/^\/usr\/sbin\/$i/d" /var/lib/dpkg/info/kernel-2.6-cn.list + fi fi done diff --git a/debian/control b/debian/control index 6315c48..6350490 100644 --- a/debian/control +++ b/debian/control @@ -1,16 +1,16 @@ -Source: kernel-2.6-cn +Source: kernel-cn Section: base Priority: required Maintainer: Dinko Korunic -Build-Depends: debhelper (>= 7), po-debconf -Standards-Version: 3.9.1 +Build-Depends: debhelper (>= 9.20120909), po-debconf +Standards-Version: 3.9.4 -Package: kernel-2.6-cn +Package: kernel-cn Architecture: all Section: admin -Depends: grub-legacy (>= 0.97-64) | grub-pc (>= 1.98+20100804-14), procps (>= 1:3.2.8-9), udev (>= 164-3), carnet-tools-cn (>= 2.8.2), module-init-tools (>= 3.12-1), mount (>= 2.17.2-9), e2fsprogs (>= 1.41.12-2), microcode.ctl (>= 1.17-13), irqbalance (>= 0.56-1), mdadm (>= 3.1.4-1+8efb9d1), firmware-bnx2 (>= 0.28), linux-image-686-bigmem | linux-image-amd64, debconf, ${misc:Depends} -Conflicts: iplogger, kernel-cn, kernel-2.4-cn (<< 2.4.33-2), linux-image-2.6.26-2+cn1-486, linux-image-2.6.26-2+cn1-686, linux-image-2.6.26-2+cn1-686-bigmem, linux-image-2.6.26-2+cn1-amd64 -Replaces: kernel-cn, kernel-2.4-cn +Depends: grub-legacy (>= 0.97-67) | grub-pc (>= 1.99-27+deb7u1), procps (>= 1:3.3.3-3), udev (>= 175-7.2), carnet-tools-cn (>= 3.0.4), kmod (>= 9-3), mount (>= 2.20.1-5.3), e2fsprogs (>= 1.42.5-1.1), irqbalance (>= 1.0.3-3), mdadm (>= 3.2.5-5), firmware-bnx2 (>= 0.36+wheezy.1), firmware-linux-free (>= 3.2), firmware-linux-nonfree (>= 0.36+wheezy.1), linux-image-686-bigmem | linux-image-amd64, debconf, ${misc:Depends} +Conflicts: iplogger, kernel-2.6-cn, kernel-2.4-cn, linux-image-2.6.26-2+cn1-486, linux-image-2.6.26-2+cn1-686, linux-image-2.6.26-2+cn1-686-bigmem, linux-image-2.6.26-2+cn1-amd64 +Replaces: kernel-2.4-cn, kernel-2.6-cn Provides: kernel-cn Recommends: memtest86+ Description: Linux kernel virtual package for CARNet Linux servers diff --git a/debian/copyright b/debian/copyright index 20a44fd..b959369 100644 --- a/debian/copyright +++ b/debian/copyright @@ -1,6 +1,6 @@ Copyright: - Copyright (C) 2009 Dinko Korunic, CARNet, Grupa za izradu paketa + Copyright (C) 2013 Dinko Korunic, CARNet, Grupa za izradu paketa This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/debian/dirs b/debian/dirs index ba5e80a..a583be7 100644 --- a/debian/dirs +++ b/debian/dirs @@ -1 +1 @@ -usr/share/kernel-2.6-cn +usr/share/kernel-cn diff --git a/debian/install b/debian/install index b39c106..de6844b 100644 --- a/debian/install +++ b/debian/install @@ -1,2 +1,2 @@ -grub-functions.sh usr/share/kernel-2.6-cn +grub-functions.sh usr/share/kernel-cn 50-carnet.conf /etc/sysctl.d diff --git a/debian/postinst b/debian/postinst index 1ff9d57..29e424e 100755 --- a/debian/postinst +++ b/debian/postinst @@ -1,5 +1,5 @@ #!/bin/sh -# postinst script for kernel-2.6-cn +# postinst script for kernel-cn # # see: dh_installdeb(1) @@ -34,7 +34,7 @@ esac . /usr/share/carnet-tools/functions.sh # import GRUB helper functions -. /usr/share/kernel-2.6-cn/grub-functions.sh +. /usr/share/kernel-cn/grub-functions.sh ################################################################################ @@ -89,7 +89,7 @@ echo "." # detect existing Grub2 installation GRUB2="no" -if [ \( -e /boot/grub/grub.cfg \) -o \( -e /boot/grub/core.img \) ]; then +if [ \( -e /boot/grub/grub.cfg \) -o \( -e /boot/grub/core.img \) -o \( -e /usr/lib/grub/i386-pc/ext2.mod \) ]; then echo "CN: Detected GRUB2 installation, will try to use it." GRUB2="yes" if [ -e /boot/grub/menu.lst ]; then @@ -246,7 +246,7 @@ fi echo -n " grub3" # import GRUB helper functions (again, updated device map) -. /usr/share/kernel-2.6-cn/grub-functions.sh +. /usr/share/kernel-cn/grub-functions.sh if [ "x$GRUB2" = "xno" ]; then # Grub1 part @@ -420,7 +420,7 @@ else /etc/init.d/procps restart >/dev/null 2>&1 || true fi -# finished with basic kernel-2.6-cn stuff +# finished with basic kernel-cn stuff echo "." ################################################################################ @@ -432,7 +432,7 @@ echo -n "CN: Setting up PAM configurations:" if [ -e /etc/security/limits.conf ]; then rm -f /etc/security/limits.conf.$$ cp /etc/security/limits.conf /etc/security/limits.conf.$$ - cp-update kernel-2.6-cn /etc/security/limits.conf.$$ <<'EOF' + cp-update kernel-cn /etc/security/limits.conf.$$ <<'EOF' * soft core 0 * hard nofile 16384 * soft nofile 16384 @@ -464,72 +464,6 @@ echo "." ################################################################################ -# fix old kernel-2.4-cn postrm -if [ -e /var/lib/dpkg/info/kernel-2.4-cn.postrm ]; then - echo "CN: Fixed old kernel-2.4-cn postrm." - cat > /var/lib/dpkg/info/kernel-2.4-cn.postrm.$$ <<'EOF' -#!/bin/sh - -set -e - -# be sure, be safe -if [ "$1" != "remove" ]; then - exit 0 -fi - -# import CN-functions -. /usr/share/carnet-tools/functions.sh - -# remove us from limits.conf -cp-update -r kernel-2.4-cn /etc/security/limits.conf - -# remove us from modules -cp-update -r kernel-2.4-cn /etc/modules -EOF - if ! cmp -s /var/lib/dpkg/info/kernel-2.4-cn.postrm \ - /var/lib/dpkg/info/kernel-2.4-cn.postrm.$$; then - mv /var/lib/dpkg/info/kernel-2.4-cn.postrm.$$ \ - /var/lib/dpkg/info/kernel-2.4-cn.postrm - chmod +x /var/lib/dpkg/info/kernel-2.4-cn.postrm - fi - rm -f /var/lib/dpkg/info/kernel-2.4-cn.postrm.$$ -fi - -################################################################################ - -# fix old kernel-cn postrm -if [ -e /var/lib/dpkg/info/kernel-cn.postrm ]; then - echo "CN: Fixed old kernel-cn postrm." - cat > /var/lib/dpkg/info/kernel-cn.postrm.$$ <<'EOF' -#!/bin/sh - -set -e - -# be sure, be safe -if [ "$1" != "remove" ]; then - exit 0 -fi - -# import CN-functions -. /usr/share/carnet-tools/functions.sh - -# remove us from limits.conf -cp-update -r kernel-cn /etc/security/limits.conf - -# remove us from modules -cp-update -r kernel-cn /etc/modules -EOF - if ! cmp -s /var/lib/dpkg/info/kernel-cn.postrm \ - /var/lib/dpkg/info/kernel-cn.postrm.$$; then - mv /var/lib/dpkg/info/kernel-cn.postrm.$$ \ - /var/lib/dpkg/info/kernel-cn.postrm - chmod +x /var/lib/dpkg/info/kernel-cn.postrm - fi - rm -f /var/lib/dpkg/info/kernel-cn.postrm.$$ -fi - -################################################################################ - # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. diff --git a/debian/postrm b/debian/postrm index 5c733a3..28f52e5 100755 --- a/debian/postrm +++ b/debian/postrm @@ -1,5 +1,5 @@ #!/bin/sh -# postrm script for kernel-2.6-cn +# postrm script for kernel-cn # # see: dh_installdeb(1) @@ -38,11 +38,11 @@ esac echo -n "CN: Cleaning up..." # remove us from limits.conf -cp-update -r kernel-2.6-cn /etc/security/limits.conf +cp-update -r kernel-cn /etc/security/limits.conf echo -n " limits" # remove us from modules -cp-update -r kernel-2.6-cn /etc/modules +cp-update -r kernel-cn /etc/modules echo -n " modules" echo "." diff --git a/debian/preinst b/debian/preinst index d13bffc..6c5b763 100755 --- a/debian/preinst +++ b/debian/preinst @@ -1,5 +1,5 @@ #!/bin/sh -# preinst script for kernel-2.6-cn +# preinst script for kernel-cn # # see: dh_installdeb(1) @@ -34,7 +34,7 @@ esac # check if the config script fixed the grub diverts if [ -e /usr/sbin/grub.real -o -e /usr/sbin/grub-probe.real ]; then - echo "CN: Please install this package using apt-get." + echo "CN: Please install Grub2 package using: apt-get install grub-pc" exit 1 fi diff --git a/debian/templates b/debian/templates index fdf6a3e..c4b23f0 100644 --- a/debian/templates +++ b/debian/templates @@ -1,4 +1,4 @@ -Template: kernel-2.6-cn/dummy +Template: kernel-cn/dummy Type: note _Description: Dummy template to satisfy lintian Lintian warns if templates file is empty. -- 1.7.10.4