core install revision

18 files changed, 367 insertions, 21 deletions

diff --git a/core/conf/pkgmk.conf b/core/conf/pkgmk.conf
index 047ebc0..94bc9df 100644
--- a/core/conf/pkgmk.conf
+++ b/core/conf/pkgmk.conf
@@ -1,21 +1,11 @@
 #
 # /etc/pkgmk.conf: pkgmk(8) configuration
 #
-# ONLY FOR x86 64 PROCESSORS
-
-export CFLAGS="-Wall -Wextra -Wno-inline -Wundef -Wformat=2 -Wformat-security -Wformat-nonliteral -Wlogical-op -Wsign-compare -Wmissing-include-dirs -Wold-style-definition -Wpointer-arith -Winit-self -Wdeclaration-after-statement -Wfloat-equal -Wsuggest-attribute=noreturn -Wmissing-prototypes -Wstrict-prototypes -Wredundant-decls -Wmissing-declarations -Wmissing-noreturn -Wshadow -Wendif-labels -Wstrict-aliasing=2 -Wwrite-strings -Wno-long-long -Wno-overlength-strings -Wno-unused-parameter -Wno-missing-field-initializers -Wno-unused-result -Werror=overflow -Wdate-time -Wnested-externs"
-
-#-ffast-math -fno-common -fdiagnostics-show-option -fno-strict-aliasing -fvisibility=hidden -ffunction-sections -fdata-sections -ffat-lto-objects"
-
-CFLAGS="${CFLAGS} -fPIC -fPIE -fstack-protector -fstack-protector-strong --param=ssp-buffer-size=4 -fno-plt -fstack-check -g -O2 -march=x86-64 -pipe"
 
+export CFLAGS="-O2 -g -march=x86-64 -pipe"
 export CXXFLAGS="${CFLAGS}"
-export CPPFLAGS="-Wp,-D_FORTIFY_SOURCE=2"
-
-#export LDFLAGS="-fPIE -pie -Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now"
-export LDFLAGS="-Wl,--as-needed -Wl,--no-undefined -Wl,--gc-sections -Wl,-z,relro -Wl,-z,now -pie"
 
-export MAKEFLAGS="-j$(nproc)"
+# export MAKEFLAGS="-j2"
 
 case ${PKGMK_ARCH} in
 	"64"|"")
@@ -32,11 +22,12 @@ case ${PKGMK_ARCH} in
 		;;
 esac
 
-#PKGMK_SOURCE_MIRRORS=(https://crux.nu/distfiles/)
-#PKGMK_SOURCE_MIRRORS=(https://crux.ster.zone/distfiles/)
-PKGMK_SOURCE_MIRRORS=(https://c9.root.sx/ports/distfiles/)
+#PKGMK_SOURCE_MIRRORS=(http://c9.root.sx/ports/distfiles/)
+# PKGMK_SOURCE_DIR="$PWD"
 PKGMK_SOURCE_DIR="/usr/ports/distfiles"
+# PKGMK_PACKAGE_DIR="$PWD"
 PKGMK_PACKAGE_DIR="/usr/ports/packages"
+# PKGMK_WORK_DIR="$PWD/work"
 PKGMK_WORK_DIR="/usr/ports/work/$name"
 # PKGMK_DOWNLOAD="no"
 # PKGMK_IGNORE_FOOTPRINT="no"
diff --git a/core/conf/pkgmk.conf.harden b/core/conf/pkgmk.conf.harden
new file mode 100644
index 0000000..ad95d65
--- /dev/null
+++ b/core/conf/pkgmk.conf.harden
@@ -0,0 +1,94 @@
+#
+# /etc/pkgmk.conf: pkgmk(8) configuration
+#
+# ONLY FOR x86 64 PROCESSORS
+CUSTOMVERSION=8
+
+W_CFLAGS="-Wall -Wextra -Wno-inline -Wundef -Wformat=2 -Wformat-security -Wformat-nonliteral -Wlogical-op -Wsign-compare -Wmissing-include-dirs -Wold-style-definition -Wpointer-arith -Winit-self -Wdeclaration-after-statement -Wfloat-equal -Wsuggest-attribute=noreturn -Wmissing-prototypes -Wstrict-prototypes -Wredundant-decls -Wmissing-declarations -Wmissing-noreturn -Wshadow -Wendif-labels -Wstrict-aliasing=2 -Wwrite-strings -Wno-long-long -Wno-overlength-strings -Wno-unused-parameter -Wno-missing-field-initializers -Wno-unused-result -Werror=overflow -Wdate-time -Wnested-externs"
+
+#-ffast-math -fno-common -fdiagnostics-show-option -fno-strict-aliasing -fvisibility=hidden -ffunction-sections -fdata-sections -ffat-lto-objects
+H_CFLAGS="-g -O1 -march=x86-64 -pipe -fstack-protector-strong --param=ssp-buffer-size=4 -fno-plt -fstack-check"
+
+CFLAGS="${W_CFLAGS} ${H_CFLAGS} -fPIC -fPIE -pie"
+CXXFLAGS="${CFLAGS} -D_FORTIFY_SOURCE=2"
+CPPFLAGS="-O1 -Wp,-D_FORTIFY_SOURCE=2"
+#--as-needed -Wl,--no-undefined -Wl,--gc-sections -Wl
+LDFLAGS="-fPIC -fPIE -pie -Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now"
+
+
+PIC_CFLAGS="${W_FLAGS} ${H_CFLAGS} -fPIC"
+PIC_CXXFLAGS="${PIC_CFLAGS} -D_FORTIFY_SOURCE=2"
+PIC_LDFLAGS="-fPIC -Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now"
+
+export MAKEFLAGS="-j$(nproc)"
+
+case ${name} in
+
+	"keyutils")
+                export CFLAGS=" ${H_CFLAGS} -fPIC -fPIE -pie -g -O1 -march=x86-64 -pipe"
+                export CXXFLAGS="${CFLAGS} -D_FORTIFY_SOURCE=2"
+        ;;
+	"grub2")
+                export CFLAGS="${W_CFLAGS} -g -O1 -march=x86-64 -pipe"
+                export CXXFLAGS="${CFLAGS} -D_FORTIFY_SOURCE=2"
+                export LDFLAGS=""
+                ;;
+        "grub2-efi")
+                export CFLAGS="${W_CFLAGS} -g -O1 -march=x86-64 -pipe"
+                export CXXFLAGS="${CFLAGS} -D_FORTIFY_SOURCE=2"
+                export LDFLAGS=""
+                ;;
+	"gcc")
+    		export CFLAGS="-g -O2 -march=x86-64 -pipe -fPIC -fstack-protector-strong --param=ssp-buffer-size=4 -fno-plt -fstack-check"
+    		export CXXFLAGS="${CFLAGS}"
+    		export CPPFLAGS="${H_CPPFLAGS}"
+    		export LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now"
+		;;
+	"glibc")
+       		export CFLAGS="${CFLAGS} -fno-plt -fstack-check"
+		export CXXFLAGS="${CFLAGS}"
+		export CPPFLAGS="-O1"
+		export LDFLAGS=""
+		;;
+        "libcap")
+                export CFLAGS="${PIC_CFLAGS}"
+		export CXXFLAGS="${PIC_CXXFLAGS}"
+		export LDFLAGS="${PIC_LDFLAGS}"
+                ;;
+        "mdadm")
+                export CFLAGS="${PIC_CFLAGS}"
+		export CXXFLAGS="${PIC_CXXFLAGS}"
+		export LDFLAGS="${PIC_LDFLAGS}"
+                ;;
+	"openssl")
+         	export CFLAGS="${PIC_CFLAGS}"
+		export CXXFLAGS="${PIC_CXXFLAGS}"
+		export LDFLAGS="${PIC_LDFLAGS}"
+		;;
+esac
+
+case ${PKGMK_ARCH} in
+	"64"|"")
+		;;
+	*)
+		echo "Unknown architecture selected! Exiting."
+		exit 1
+		;;
+esac
+
+#PKGMK_SOURCE_MIRRORS=(https://crux.nu/distfiles/)
+#PKGMK_SOURCE_MIRRORS=(https://crux.ster.zone/distfiles/)
+PKGMK_SOURCE_MIRRORS=(https://c9.root.sx/ports/distfiles/)
+PKGMK_SOURCE_DIR="/srv/ports/distfiles"
+PKGMK_PACKAGE_DIR="/srv/ports/packages"
+PKGMK_WORK_DIR="/srv/ports/work/$name"
+# PKGMK_DOWNLOAD="no"
+# PKGMK_IGNORE_FOOTPRINT="no"
+# PKGMK_IGNORE_NEW="no"
+# PKGMK_NO_STRIP="no"
+# PKGMK_DOWNLOAD_PROG="wget"
+# PKGMK_WGET_OPTS=""
+# PKGMK_CURL_OPTS=""
+# PKGMK_COMPRESSION_MODE="gz"
+
+# End of file
diff --git a/core/conf/ports.conf b/core/conf/ports.conf
new file mode 100644
index 0000000..4420813
--- /dev/null
+++ b/core/conf/ports.conf
@@ -0,0 +1 @@
+PORTS_DIR=/usr/ports
diff --git a/core/conf/ports/c9-ports.git b/core/conf/ports/c9-ports.git
new file mode 100644
index 0000000..392f77f
--- /dev/null
+++ b/core/conf/ports/c9-ports.git
@@ -0,0 +1,7 @@
+# Collection core
+#
+NAME=c9-ports
+URL=git://c9.root.sx/c9-ports.git
+BRANCH=develop
+destination=/usr/ports/c9-ports
+PORTS_DIR="/usr/ports"
diff --git a/core/conf/ports/compat-32.pub b/core/conf/ports/compat-32.pub
new file mode 100644
index 0000000..4ef53cc
--- /dev/null
+++ b/core/conf/ports/compat-32.pub
@@ -0,0 +1,2 @@
+untrusted comment: compat-32 public key
+RWSwxGo/zH7eXV9L7s9BhT4ZBQ6YLE+iWPkJ190GTTiP6IBBTC0XJOrM
diff --git a/core/conf/ports/contrib.git b/core/conf/ports/contrib.git
new file mode 100644
index 0000000..d9c0a7d
--- /dev/null
+++ b/core/conf/ports/contrib.git
@@ -0,0 +1,7 @@
+# Collection core
+#
+NAME=contrib
+URL=git://c9.root.sx/c9-contrib.git
+BRANCH=develop
+destination=/usr/ports/contrib
+PORTS_DIR="/usr/ports"
diff --git a/core/conf/ports/contrib.pub b/core/conf/ports/contrib.pub
new file mode 100644
index 0000000..81d31e5
--- /dev/null
+++ b/core/conf/ports/contrib.pub
@@ -0,0 +1,2 @@
+untrusted comment: contrib public key
+RWSagIOpLGJF3/J2edPyOdE4VWoyvvVvt3gdvOArUkvBrgSHjsBEdmrS
diff --git a/core/conf/ports/core.git b/core/conf/ports/core.git
new file mode 100644
index 0000000..3e23528
--- /dev/null
+++ b/core/conf/ports/core.git
@@ -0,0 +1,7 @@
+# Collection core
+#
+NAME=core
+URL=git://c9.root.sx/c9-core.git
+BRANCH=develop
+destination=/usr/ports/core
+PORTS_DIR="/usr/ports"
diff --git a/core/conf/ports/core.pub b/core/conf/ports/core.pub
new file mode 100644
index 0000000..a09d3ac
--- /dev/null
+++ b/core/conf/ports/core.pub
@@ -0,0 +1,2 @@
+untrusted comment: core public key
+RWRJc1FUaeVeqsGlEPc66dguintWWomCSORUNseged62IATuMVCK0zu6
diff --git a/core/conf/ports/drivers/git b/core/conf/ports/drivers/git
new file mode 100755
index 0000000..654a8c7
--- /dev/null
+++ b/core/conf/ports/drivers/git
@@ -0,0 +1,47 @@
+#!/bin/sh
+#
+# /etc/ports/drivers/git: git driver script for ports(8)
+#
+
+if [ $# -ne 1 ]; then
+	echo "usage: $0 <file>" >&2
+	exit 1
+fi
+
+. $1
+
+if [ -z "$URL" ]; then
+	echo "URL not set in '$1'" >&2
+	exit 2
+fi
+if [ -z "$NAME" ]; then
+	echo "NAME not set in '$1'" >&2
+	exit 2
+fi
+if [ -z "$BRANCH" ]; then
+	echo "BRANCH not set in '$1'" >&2
+	exit 2
+fi
+
+REPOSITORY="$PORTS_DIR/$NAME"
+if [ -n "$LOCAL_REPOSITORY" ]; then
+	REPOSITORY="$LOCAL_REPOSITORY"
+fi
+
+echo "Fetching updates from $URL"
+echo "Updating collection $NAME"
+
+cd "$REPOSITORY" 2> "/dev/null"
+
+if [ $? -lt 1 ]; then
+	git checkout -q "$BRANCH"
+	git fetch -q
+	git diff --pretty=format: --name-status "$BRANCH" origin/"$BRANCH" | sed "s/M\t/ Edit /g; s/A\t/ Checkout /g; s/D\t/ Delete /g" | sort
+	git clean -q -f
+	git reset -q --hard origin/"$BRANCH"
+else
+	git clone -q -b "$BRANCH" "$URL" "$REPOSITORY"
+	ls -1 $REPOSITORY | sed "s/^/ Checkout /"
+fi
+
+echo "Finished successfully"
diff --git a/core/conf/ports/drivers/httpup b/core/conf/ports/drivers/httpup
new file mode 100755
index 0000000..5c8db84
--- /dev/null
+++ b/core/conf/ports/drivers/httpup
@@ -0,0 +1,27 @@
+#!/bin/sh
+#
+# /etc/ports/drivers/httpup: httpup driver script for ports(8)
+# 
+
+if [ $# -ne 1 ]; then
+        echo "usage: $0 <file>" >&2
+        exit 1
+fi
+
+. $1
+
+if [ -z "$ROOT_DIR" ]; then
+	echo "ROOT_DIR not set in '$1'" >&2
+	exit 2
+fi
+if [ -z "$URL" ]; then
+	echo "URL not set in '$1'" >&2
+	exit 2
+fi
+
+for REPO in $URL; do
+    PORT=`echo $REPO | sed -n '/#.*$/s|^.*#||p'`
+    httpup sync $REPO $ROOT_DIR/$PORT
+done
+
+# End of file.
diff --git a/core/conf/ports/drivers/rsync b/core/conf/ports/drivers/rsync
new file mode 100755
index 0000000..14dd3e5
--- /dev/null
+++ b/core/conf/ports/drivers/rsync
@@ -0,0 +1,143 @@
+#!/usr/bin/perl
+#
+# /etc/ports/drivers/rsync: rsync(1) driver script for ports(8)
+#
+
+use warnings;
+use strict;
+use File::Basename;
+
+my $host = '';
+my $collection = '';
+my $destination = '';
+my %new_checkouts;
+my %old_checkouts;
+
+sub error
+{
+	my $message = shift;
+	print "Error: $message ($!)\nUpdating failed\n";
+	exit 1;
+}
+
+sub warning
+{
+	my $message = shift;
+	print "Warning: $message ($!)\n";
+}
+
+if ($#ARGV < 0)
+{
+	print "Usage: $0 <file>\n";
+	exit 1;
+}
+
+open(FILE, $ARGV[0]) or error("Couldn't open $ARGV[0]");
+while (<FILE>)
+{
+	chomp;
+	if    (/^host=(.*)/)        { $host = $1; }
+	elsif (/^collection=(.*)/)  { $collection = $1; }
+	elsif (/^destination=(.*)/) { $destination = $1; }
+}
+close(FILE);
+
+if ($host eq '')        { error("Host field not set in $ARGV[0]");        }
+if ($collection eq '')  { error("Collection field not set in $ARGV[0]");  }
+if ($destination eq '') { error("Destination field not set in $ARGV[0]"); }
+
+if (-e "$destination/.checkouts")
+{
+	# read the old .checkouts file into memory
+	open(FILE, "$destination/.checkouts") or error("Couldn't read checkouts from $destination/.checkouts");
+	while (<FILE>)
+	{
+		chomp;
+		$old_checkouts{$_} = 1;
+	}
+	close(FILE);
+}
+
+print "Updating file list from " . $host . "::$collection\n";
+
+# get the remote file list (new .checkouts)
+open(PIPE, 'rsync -crz --no-human-readable ' . $host . '::' . $collection . '|') or error("Couldn't open pipe to rsync");
+while (<PIPE>)
+{
+	chomp;
+
+	next if /^MOTD:/;	# ignore MOTD lines
+	s/^(.{43})//;		# ignore the first 43 characters (mode, date etc...)
+	next if /^.$/;		# ignore the . directory
+
+	$new_checkouts{$_} = 1;
+}
+close(PIPE);
+error("Running rsync failed") unless $? == 0;
+
+print "Updating collection " . basename($destination) . "\n";
+
+# now really run rsync
+open(PIPE, 'rsync -crz --no-human-readable --log-format "%o %n" ' . $host . "::$collection $destination|") or error("Couldn't open pipe to rsync");
+while (<PIPE>)
+{
+	chomp;
+
+	if (/^recv (.*)/)
+	{
+		if ($old_checkouts{$1})
+		{
+			s/^recv/ Edit/;
+		}
+		else
+		{
+			s/^recv/ Checkout/;
+		}
+	}
+
+	print $_ . "\n";
+}
+close(PIPE);
+error("Running rsync failed") unless $? == 0;
+
+# save new checkouts into .checkouts
+open(FILE, ">$destination/.checkouts") or error("Couldn't save checkouts to $destination/.checkouts");
+foreach my $checkout (sort keys %new_checkouts)
+{
+	print FILE "$checkout\n";
+}
+close(FILE);
+
+# use chroot as an additional safety measure when removing files
+chroot($destination) or error("Couldn't chroot into $destination");
+chdir('/');
+
+# iterate through old checkouts, remove obsolete files
+foreach my $checkout (sort keys %old_checkouts)
+{
+	if (!$new_checkouts{$checkout})
+	{
+		if (-f $checkout)
+		{
+			print " Delete $checkout\n";
+			unlink($checkout) or warning("Couldn't delete $checkout");
+		}
+	}
+}
+
+# iterate through old checkouts, remove obsolete directories
+foreach my $checkout (sort keys %old_checkouts)
+{
+	if (!$new_checkouts{$checkout})
+	{
+		if (-d $checkout)
+		{
+			print " Delete $checkout\n";
+			rmdir($checkout) or warning("Couldn't delete $checkout");
+		}
+	}
+}
+
+print "Finished successfully\n";
+
+# End of file
diff --git a/core/conf/ports/opt.git b/core/conf/ports/opt.git
new file mode 100644
index 0000000..bedc00c
--- /dev/null
+++ b/core/conf/ports/opt.git
@@ -0,0 +1,6 @@
+# Collection core
+#
+NAME=opt
+URL=git://c9.root.sx/c9-opt.git
+BRANCH=develop
+destination=/usr/ports/opt
diff --git a/core/conf/ports/opt.pub b/core/conf/ports/opt.pub
new file mode 100644
index 0000000..346b688
--- /dev/null
+++ b/core/conf/ports/opt.pub
@@ -0,0 +1,2 @@
+untrusted comment: opt public key
+RWSE3ohX2g5d/Zmwm/W4S8ZzNNTjXE7bI8XmnpawKOnQ+MiVa7TD0YC9
diff --git a/core/conf/ports/xorg.git b/core/conf/ports/xorg.git
new file mode 100644
index 0000000..5123db5
--- /dev/null
+++ b/core/conf/ports/xorg.git
@@ -0,0 +1,6 @@
+# Collection core
+#
+NAME=xorg
+URL=git://c9.root.sx/c9-xorg.git
+BRANCH=develop
+destination=/usr/ports/xorg
diff --git a/core/conf/ports/xorg.pub b/core/conf/ports/xorg.pub
new file mode 100644
index 0000000..983eb51
--- /dev/null
+++ b/core/conf/ports/xorg.pub
@@ -0,0 +1,2 @@
+untrusted comment: xorg public key
+RWTSGWF5Q7TndIlWcgmz/x/4xBWLbyPRmI3LyI8rsN/iahlpFpgNIwSR
diff --git a/core/conf/prt-get.conf b/core/conf/prt-get.conf
index e210ca8..9683cfe 100644
--- a/core/conf/prt-get.conf
+++ b/core/conf/prt-get.conf
@@ -16,8 +16,8 @@ prtdir /usr/ports/xorg
 #prtdir /usr/ports/compat-32
 
 # the following line enables the user maintained contrib collection
-prtdir /usr/ports/6c37-dropin
-prtdir /usr/ports/6c37
+# prtdir /usr/ports/6c37-dropin
+# prtdir /usr/ports/6c37
 
 ### use mypackage form local directory
 # prtdir /home/packages/build:mypackage
@@ -50,7 +50,7 @@ runscripts yes            # (no|yes)
 ### EXPERT SECTION ###
 
 ### alternative commands
-makecommand      sudo -H -u pkgmk -g users fakeroot pkgmk
+makecommand      sudo -H -u pkgmk fakeroot pkgmk
 addcommand       sudo pkgadd
 removecommand    sudo pkgrm
 runscriptcommand sudo sh
diff --git a/core/conf/skel/.tmux.conf b/core/conf/skel/.tmux.conf
index a68ccb2..4feb9a4 100644
--- a/core/conf/skel/.tmux.conf
+++ b/core/conf/skel/.tmux.conf
@@ -1,6 +1,9 @@
 set -g default-terminal "screen-256color"
 
 set-window-option -g mode-keys vi
+bind-key -T copy-mode-vi 'v' send-keys -X begin-selection
+bind-key -T copy-mode-vi 'y' send-keys -X copy-selection-and-cancel
+
 
 # Vim style
 # copy tmux's selection buffer into the primary X selection with PREFIX+CTRL+Y
@@ -8,9 +11,6 @@ bind-key u run "tmux save-buffer - | xsel -ib"
 # copy primary X selection into tmux's selection buffer with PREFIX+CTRL+P
 bind-key e run "xsel -o | tmux load-buffer -"
 
-bind-key -t vi-copy 'v' begin-selection
-bind-key -t vi-copy 'y' copy-selection
-
 set-option -g set-titles on
 set-option -g set-titles-string '#S> #I.#P #W'