diff --git a/Makefile b/Makefile index b59d825..e39605f 100644 --- a/Makefile +++ b/Makefile @@ -1,12 +1,16 @@ - -MODULES = $(shell find */manifests/init.pp | sed -e 's/^\([^\/]*\).*/\1/') -MANIFESTS = $(shell find . -name \*.pp) +MODULES := $(shell find * -type d -prune) +MANIFESTS := $(shell find . -name \*.pp) +MODULESDIR := /etc/puppet/modules-$(shell date +%Y-%m-%d) +TARFLAGS = --owner=root --group=root --mode g-w,o=g --exclude=.git --exclude=rdoc all: puppet-modules.tar.gz puppet-modules.tar.gz: $(MODULES) LICENSE CREDITS Makefile.inc - umask 022 ; tar zcvf $@ --owner=root --group=root \ - --mode g-w,o=g --exclude=.git --exclude=rdoc $^ + umask 022 ; tar zcvf $@ $(TARFLAGS) $^ + +install: $(MODULES) LICENSE CREDITS Makefile.inc + @umask 022 ; mkdir -p $(MODULESDIR) && \ + tar cf - $(TARFLAGS) $^ | tar xvf - -C $(MODULESDIR) check: @which puppet > /dev/null 2>&1 || ( \ diff --git a/abusehelper/files/botnet.init b/abusehelper/files/botnet.init new file mode 100644 index 0000000..c22784c --- /dev/null +++ b/abusehelper/files/botnet.init @@ -0,0 +1,81 @@ +#!/bin/sh + +# chkconfig: 2345 85 60 +# description: AbuseHelper botnets +# processname: botnet + +### BEGIN INIT INFO +# Provides: botnet +# Required-Start: $local_fs $network $syslog +# Should-Start: +# Required-Stop: +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: AbuseHelper botnets +# Description: AbuseHelper botnets +### END INIT INFO + +if [ $(id -u) != "0" ]; then + echo "This script must be run with root privileges." && exit 1 +fi + +if [ -s /etc/default/botnet ]; then + . /etc/default/botnet +elif [ -s /etc/sysconfig/botnet ]; then + . /etc/sysconfig/botnet +fi + +if [ -z "${BOTUSER}" ]; then + echo "$0: no BOTUSER defined" + exit 1 +fi + +if [ -z "${BOTNETS}" ]; then + echo "$0: no BOTNETS defined" + exit 1 +fi + +start_botnets() { + for botnet in ${BOTNETS}; do + echo -n "${botnet}: " + test -d ${botnet} || { echo "No such directory."; continue; } + su -s /bin/sh - ${BOTUSER} \ + -c "umask 007 ; cd ${botnet} && botnet start ." + done +} + +stop_botnets() { + for botnet in ${BOTNETS}; do + echo -n "${botnet}: " + test -d ${botnet} || { echo "No such directory."; continue; } + su -s /bin/sh - ${BOTUSER} \ + -c "umask 007 ; cd ${botnet} && botnet stop ." + done +} + +restart_botnets() { + for botnet in ${BOTNETS}; do + echo -n "${botnet}: " + test -d ${botnet} || { echo "No such directory."; continue; } + su -s /bin/sh - ${BOTUSER} \ + -c "umask 007 ; cd ${botnet} && botnet restart ." + done +} + +case "$1" in + start) + start_botnets + ;; + stop) + stop_botnets + ;; + restart) + restart_botnets + ;; + *) + echo "Usage: $0 {start|stop|restart}" + exit 1 + ;; +esac + +exit 0 diff --git a/abusehelper/manifests/init.pp b/abusehelper/manifests/init.pp index f9bb072..2db1f5d 100644 --- a/abusehelper/manifests/init.pp +++ b/abusehelper/manifests/init.pp @@ -1,4 +1,12 @@ -# Install abusehelper from svn. +# Install abusehelper. +# +# === Global variables +# +# $abusehelper_botnets +# Array of botnet paths to start at boot. +# +# $abusehelper_user +# User botnets run as. Defaults to 'abusehel'. # class abusehelper { @@ -105,4 +113,47 @@ class abusehelper { } } + if !$abusehelper_user { + $abusehelper_user = "abusehel" + } + + if $abusehelper_botnets { + file { "/etc/sysconfig/botnet": + ensure => present, + name => $::operatingsystem ? { + "debian" => "/etc/default/botnet", + "ubuntu" => "/etc/default/botnet", + default => "/etc/sysconfig/botnet", + }, + mode => "0644", + owner => "root", + group => "root", + content => template("abusehelper/botnet.sysconfig.erb"), + before => Service["botnet"], + } + + file { "/etc/init.d/botnet": + ensure => present, + mode => "0755", + owner => "root", + group => "root", + source => "puppet:///modules/abusehelper/botnet.init", + notify => Exec["add-service-botnet"], + } + exec { "add-service-botnet": + path => "/bin:/usr/bin:/sbin:/usr/sbin", + command => $::operatingsystem ? { + "debian" => "update-rc.d botnet defaults", + "ubuntu" => "update-rc.d botnet defaults", + default => "chkconfig --add botnet", + }, + refreshonly => true, + before => Service["botnet"], + } + + service { "botnet": + enable => true, + } + } + } diff --git a/abusehelper/templates/botnet.sysconfig.erb b/abusehelper/templates/botnet.sysconfig.erb new file mode 100644 index 0000000..e1dc5d6 --- /dev/null +++ b/abusehelper/templates/botnet.sysconfig.erb @@ -0,0 +1,2 @@ +BOTUSER="<%= abusehelper_user %>" +BOTNETS="<%= abusehelper_botnets.join(" ") %>" diff --git a/apache/files/mod_wsgi.conf b/apache/files/mod_wsgi.conf new file mode 100644 index 0000000..c74e96a --- /dev/null +++ b/apache/files/mod_wsgi.conf @@ -0,0 +1,2 @@ +LoadModule wsgi_module modules/mod_wsgi.so +WSGISocketPrefix /var/run/mod_wsgi/wsgi diff --git a/apache/manifests/debian.pp b/apache/manifests/debian.pp index 41e6181..c05721e 100644 --- a/apache/manifests/debian.pp +++ b/apache/manifests/debian.pp @@ -180,7 +180,8 @@ class apache::debian::sslserver inherits apache::debian::common { } -define apache::debian::sslsite($ipaddr, $root, $ssl_cert, $ssl_key, $ssl_chain) { +define apache::debian::sslsite($first, $ipaddr, $root, + $ssl_cert, $ssl_key, $ssl_chain) { if $name == "default" { $site_fqdn = $homename @@ -253,8 +254,13 @@ define apache::debian::sslsite($ipaddr, $root, $ssl_cert, $ssl_key, $ssl_chain) } } - $site_conf = "/etc/apache2/sites-enabled/${site_fqdn}-ssl.conf" - $site_confdir = "/etc/apache2/sites-enabled/${site_fqdn}-ssl.d" + if $first == true { + $site_conf = "/etc/apache2/sites-enabled/00-${site_fqdn}-ssl.conf" + $site_confdir = "/etc/apache2/sites-enabled/00-${site_fqdn}-ssl.d" + } else { + $site_conf = "/etc/apache2/sites-enabled/${site_fqdn}-ssl.conf" + $site_confdir = "/etc/apache2/sites-enabled/${site_fqdn}-ssl.d" + } file { $site_conf: ensure => present, diff --git a/apache/manifests/init.pp b/apache/manifests/init.pp index 07fcbb6..f9ab638 100644 --- a/apache/manifests/init.pp +++ b/apache/manifests/init.pp @@ -81,9 +81,16 @@ class apache::common { group => "root", seltype => "httpd_rotatelogs_exec_t", } - selinux::manage_fcontext { "/usr/local/sbin/www-logrotate.sh": - type => "httpd_rotatelogs_exec_t", - before => File["/usr/local/sbin/www-logrotate.sh"], + if $::operatingsystem == "Fedora" and $::operatingsystemrelease > 17 { + selinux::manage_fcontext { "/usr/sbin/www-logrotate.sh": + type => "httpd_rotatelogs_exec_t", + before => File["/usr/local/sbin/www-logrotate.sh"], + } + } else { + selinux::manage_fcontext { "/usr/local/sbin/www-logrotate.sh": + type => "httpd_rotatelogs_exec_t", + before => File["/usr/local/sbin/www-logrotate.sh"], + } } cron { "www-logrotate": @@ -248,6 +255,9 @@ class apache::sslserver::listen { # # $name: # FQDN of virtual host. +# $first: +# Bool for whether this is the first (default) vhost +# when using NameVirtualHost. Defaults to false. # $ipaddr: # IP address of virtual host. Defaults to _default_. # $root: @@ -267,7 +277,7 @@ class apache::sslserver::listen { # ssl_key => "puppet:///path/to/www.example.com.key", # } # -define apache::sslsite($ipaddr="_default_", $root="", $ssl_cert="", $ssl_key="", $ssl_chain="") { +define apache::sslsite($first=false, $ipaddr="_default_", $root="", $ssl_cert="", $ssl_key="", $ssl_chain="") { include apache::sslserver::listen @@ -275,6 +285,7 @@ define apache::sslsite($ipaddr="_default_", $root="", $ssl_cert="", $ssl_key="", "debian","ubuntu": { $apache_ssldir = "/etc/ssl" apache::debian::sslsite { $name: + first => $first, ipaddr => $ipaddr, root => $root, ssl_cert => $ssl_cert, @@ -286,6 +297,7 @@ define apache::sslsite($ipaddr="_default_", $root="", $ssl_cert="", $ssl_key="", "centos","redhat","fedora": { $apache_ssldir = "/etc/pki/tls" apache::redhat::sslsite { $name: + first => $first, ipaddr => $ipaddr, root => $root, ssl_cert => $ssl_cert, @@ -674,8 +686,15 @@ class apache::mod::wsgi { } "centos","redhat","fedora": { apache::configfile { "wsgi.conf": + source => "puppet:///modules/apache/mod_wsgi.conf", require => Package["mod_wsgi"], } + file { "/var/run/mod_wsgi": + ensure => directory, + mode => "0755", + owner => "root", + group => "root", + } } default: { fail("Apache module not supported in ${::operatingsystem}.") diff --git a/apache/manifests/redhat.pp b/apache/manifests/redhat.pp index 178ef45..023efe5 100644 --- a/apache/manifests/redhat.pp +++ b/apache/manifests/redhat.pp @@ -74,11 +74,12 @@ define apache::redhat::site($aliases, $root, $redirect) { } file { "/srv/www/log/http/${site_fqdn}": - ensure => directory, - mode => "0755", - owner => root, - group => root, - before => File[$site_conf], + ensure => directory, + mode => "0755", + owner => "root", + group => "root", + seltype => "httpd_log_t", + before => File[$site_conf], } } } @@ -176,7 +177,13 @@ class apache::redhat::sslserver { mode => "0755", owner => "root", group => "root", - before => Service["httpsd"], + notify => Exec["chkconfig --add httpsd"], + } + exec { "chkconfig --add httpsd": + user => "root", + path => "/bin:/usr/bin:/sbin:/usr/sbin", + refreshonly => true, + before => Service["httpsd"], } } } @@ -212,7 +219,8 @@ class apache::redhat::sslserver { } -define apache::redhat::sslsite($ipaddr, $root, $ssl_cert, $ssl_key, $ssl_chain) { +define apache::redhat::sslsite($first, $ipaddr, $root, + $ssl_cert, $ssl_key, $ssl_chain) { if $name == "default" { $site_fqdn = $homename @@ -286,8 +294,13 @@ define apache::redhat::sslsite($ipaddr, $root, $ssl_cert, $ssl_key, $ssl_chain) } } - $site_conf = "/etc/httpd/site.https.d/${site_fqdn}.conf" - $site_confdir = "/etc/httpd/site.https.d/${site_fqdn}.d" + if $first == true { + $site_conf = "/etc/httpd/site.https.d/00-${site_fqdn}.conf" + $site_confdir = "/etc/httpd/site.https.d/00-${site_fqdn}.d" + } else { + $site_conf = "/etc/httpd/site.https.d/${site_fqdn}.conf" + $site_confdir = "/etc/httpd/site.https.d/${site_fqdn}.d" + } file { $site_conf: ensure => present, diff --git a/apache/templates/httpsd.conf.erb b/apache/templates/httpsd.conf.erb index 1b9c659..5b90945 100644 --- a/apache/templates/httpsd.conf.erb +++ b/apache/templates/httpsd.conf.erb @@ -145,6 +145,9 @@ MaxRequestsPerChild 0 # Example: # LoadModule foo_module modules/mod_foo.so # +<% if operatingsystem == 'Fedora' and operatingsystemrelease.to_i > 17 -%> +Include conf.modules.d/*.conf +<% else -%> LoadModule auth_basic_module modules/mod_auth_basic.so LoadModule auth_digest_module modules/mod_auth_digest.so LoadModule authn_file_module modules/mod_authn_file.so @@ -199,6 +202,7 @@ LoadModule mem_cache_module modules/mod_mem_cache.so <% end -%> LoadModule cgi_module modules/mod_cgi.so LoadModule version_module modules/mod_version.so +<% end -%> # # The following modules are not loaded by default: diff --git a/apache/templates/ssl.conf.erb b/apache/templates/ssl.conf.erb index 5e644f4..54d7f21 100644 --- a/apache/templates/ssl.conf.erb +++ b/apache/templates/ssl.conf.erb @@ -3,7 +3,7 @@ LoadModule ssl_module modules/mod_ssl.so Listen 443 -<% if ['CentOS','RedHat'].index(operatingsystem) or operatingsystem == 'Fedora' -%> +<% if ['Fedora','CentOS','RedHat'].index(operatingsystem) -%> ## ## SSL Global Context ## @@ -30,11 +30,13 @@ SSLPassPhraseDialog builtin SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) SSLSessionCacheTimeout 300 +<% unless operatingsystem == 'Fedora' and operatingsystemrelease.to_i > 17 -%> # Semaphore: # Configure the path to the mutual exclusion semaphore the # SSL engine uses internally for inter-process synchronization. SSLMutex default +<% end -%> # Pseudo Random Number Generator (PRNG): # Configure one or more sources to seed the PRNG of the # SSL library. The seed data should be of good random quality. diff --git a/dns/files/named.conf.options b/dns/files/named.conf.options index b683553..8708dc0 100644 --- a/dns/files/named.conf.options +++ b/dns/files/named.conf.options @@ -1,7 +1,7 @@ options { listen-on { any; }; - listen-on-v6 { none; }; + listen-on-v6 { any; }; allow-query { any; }; allow-recursion { trusted; }; diff --git a/dns/manifests/init.pp b/dns/manifests/init.pp index 0555f1b..3ec2b94 100644 --- a/dns/manifests/init.pp +++ b/dns/manifests/init.pp @@ -360,17 +360,21 @@ define dns::zone($role = "master", $master = "", $slaves = [], $forwarders = [], if $zonedir != "" { if !defined(File["${dns::server::chroot}${zonedir}"]) { file { "${dns::server::chroot}${zonedir}": - ensure => directory, - mode => $role ? { + ensure => directory, + mode => $role ? { "master" => "0750", default => "0770", }, - owner => "root", - group => $dns::server::group, - before => $role ? { + owner => "root", + group => $dns::server::group, + before => $role ? { "master" => File["${dns::server::chroot}${zonedir}/db.${zonefile}"], default => undef, }, + require => $::operatingsystem ? { + "openbsd" => undef, + default => Package["bind"], + }, } } } diff --git a/etherpadlite/README.CentOS b/etherpadlite/README.CentOS new file mode 100644 index 0000000..5f94827 --- /dev/null +++ b/etherpadlite/README.CentOS @@ -0,0 +1,6 @@ +yum install v8-devel openssl-devel zlib-devel +mkdir /usr/local/src/nodejs && cd /usr/local/src/nodejs +wget http://nodejs.org/dist/node-latest.tar.gz +tar xzvf node-latest.tar.gz && cd node-v* +./configure --shared-v8 --shared-openssl --shared-zlib +make install diff --git a/firewall/manifests/init.pp b/firewall/manifests/init.pp index 0f0ed9d..bccfb4f 100644 --- a/firewall/manifests/init.pp +++ b/firewall/manifests/init.pp @@ -111,6 +111,17 @@ class firewall::common::iptables { } $ip6states = versioncmp($::kernelversion, "2.6.20") + if $::operatingsystem == "Fedora" and $::operatingsystemrelease > 17 { + package { "firewall-config": + ensure => absent, + before => Package["firewalld"], + } + package { "firewalld": + ensure => absent, + before => Package["iptables"], + } + } + package { "iptables": ensure => installed, name => $::operatingsystem ? { @@ -119,7 +130,8 @@ class firewall::common::iptables { "debian" => [ "iptables", "iptables-persistent" ], "fedora" => $::operatingsystemrelease ? { /^1[0-5]/ => [ "iptables", "iptables-ipv6" ], - default => "iptables", + /^1[6-7]/ => "iptables", + default => [ "iptables", "iptables-services" ], }, "ubuntu" => [ "iptables", "iptables-persistent" ], }, diff --git a/git/manifests/init.pp b/git/manifests/init.pp index fc16834..42009c1 100644 --- a/git/manifests/init.pp +++ b/git/manifests/init.pp @@ -33,10 +33,11 @@ class git::server { if $git_datadir { file { $git_datadir: - ensure => directory, - mode => "0755", - owner => "root", - group => "root", + ensure => directory, + mode => "0755", + owner => "root", + seltype => "git_system_content_t", + group => "root", } file { "/srv/git": ensure => link, @@ -49,20 +50,13 @@ class git::server { mode => "0755", owner => "root", group => "root", - seltype => "httpd_sys_content_t", } } - if "${selinux}" == "true" { - selinux::manage_fcontext { "/srv/git(/.*)?": - type => "httpd_sys_content_t", - before => File["/srv/git"], - } - if $git_datadir { - selinux::manage_fcontext { "${git_datadir}(/.*)?": - type => "httpd_sys_content_t", - before => File[$git_datadir], - } + if $git_datadir { + selinux::manage_fcontext { "${git_datadir}(/.*)?": + type => "git_system_content_t", + before => File[$git_datadir], } } diff --git a/kerberos/manifests/init.pp b/kerberos/manifests/init.pp index 25c41f0..650f4ab 100644 --- a/kerberos/manifests/init.pp +++ b/kerberos/manifests/init.pp @@ -74,6 +74,8 @@ class kerberos::client { # class kerberos::auth { + include pam::common + include kerberos::client $kdclist = inline_template('<%= kerberos_kdc.join(" ") -%>') @@ -86,7 +88,7 @@ class kerberos::auth { path => "/bin:/usr/bin:/sbin:/usr/sbin", unless => "egrep '^USEKERBEROS=yes\$' /etc/sysconfig/authconfig", before => Class["kerberos::client"], - require => Package["pam_krb5"], + require => Package["authconfig", "pam_krb5"], } } default: { diff --git a/ldap/manifests/init.pp b/ldap/manifests/init.pp index e14c9fc..902caa8 100644 --- a/ldap/manifests/init.pp +++ b/ldap/manifests/init.pp @@ -14,6 +14,8 @@ # class ldap::auth inherits ldap::client { + include pam::common + tag("bootstrap") $ldap_uri = inline_template('<%= ldap_server.join(" ") -%>') @@ -31,7 +33,7 @@ class ldap::auth inherits ldap::client { before => [ Augeas["nslcd-conf"], Augeas["pam-ldap-conf"], File["/etc/openldap/ldap.conf"], ], - require => Package["nss-pam-ldapd"], + require => Package["authconfig", "nss-pam-ldapd"], } augeas { "nslcd-conf": changes => [ "set pagesize 500", @@ -69,7 +71,7 @@ class ldap::auth inherits ldap::client { unless => 'cat /etc/sysconfig/authconfig | egrep "^USELDAPAUTH=yes$|^USELDAP=yes$" | wc -l | egrep "^2$"', before => [ Augeas["pam-ldap-conf"], File["/etc/openldap/ldap.conf"], ], - require => Package["nss_ldap"], + require => Package["authconfig", "nss_ldap"], } augeas { "pam-ldap-conf": context => "/files/etc/ldap.conf", @@ -100,7 +102,7 @@ class ldap::auth inherits ldap::client { path => "/bin:/usr/bin:/sbin:/usr/sbin", unless => 'cat /etc/sysconfig/authconfig | egrep "^USELDAPAUTH=yes$|^USELDAP=yes$" | wc -l | egrep "^2$"', before => Augeas["sssd-conf"], - require => [ Package["sssd"], Package["pam_ldap"], ], + require => Package["authconfig", "sssd", "pam_ldap"], } augeas { "sssd-conf": changes => [ @@ -363,7 +365,7 @@ class ldap::server { command => "usermod -a -G ssl-cert openldap", unless => "id -n -G openldap | grep '\\bssl-cert\\b'", require => Package["openldap-server"], - before => Service["slapd"], + before => Exec["slaptest"], } } "fedora": { @@ -422,7 +424,7 @@ class ldap::server { default => "root", }, require => Package["openldap-server"], - notify => Service["slapd"], + notify => Exec["slaptest"], } file { "${ssl::private}/slapd.key": ensure => present, @@ -431,7 +433,7 @@ class ldap::server { owner => "root", group => $group, require => Package["openldap-server"], - notify => Service["slapd"], + notify => Exec["slaptest"], } file { "slapd.conf": @@ -441,7 +443,7 @@ class ldap::server { mode => "0640", owner => "root", group => $group, - notify => Service["slapd"], + notify => Exec["slaptest"], require => Package["openldap-server"], } file { "${config}/slapd.conf.d": @@ -466,7 +468,7 @@ class ldap::server { mode => "0644", owner => "root", group => "root", - notify => Service["slapd"], + notify => Exec["slaptest"], require => Package["openldap-server"], } } @@ -477,12 +479,20 @@ class ldap::server { mode => "0644", owner => "root", group => "root", - notify => Service["slapd"], + notify => Exec["slaptest"], require => Package["openldap-server"], } } } + exec { "slaptest": + command => "slaptest", + path => "/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin", + refreshonly => true, + require => File["${config}/slapd.conf.d"], + notify => Service["slapd"], + } + service { "slapd": name => $service_name, start => $::operatingsystem ? { @@ -491,7 +501,7 @@ class ldap::server { }, ensure => running, enable => true, - require => Package ["openldap-server"] + require => Package["openldap-server"] } if $ldap_datadir { @@ -560,7 +570,7 @@ class ldap::server { path => "/bin:/usr/bin:/sbin:/usr/sbin", refreshonly => true, require => File["${config}/slapd.conf.d"], - notify => Service["slapd"], + notify => Exec["slaptest"], } ldap::server::schema { [ "core", "cosine", "ppolicy", ]: idx => 10, @@ -572,13 +582,13 @@ class ldap::server { owner => "root", group => $group, require => Exec["generate-slapd-database-config"], - notify => Service["slapd"], + notify => Exec["slaptest"], } exec { "generate-slapd-database-config": command => "find ${config}/slapd.conf.d/db.*.conf -exec echo 'include {}' \\; > ${config}/slapd.conf.d/database.conf", path => "/bin:/usr/bin:/sbin:/usr/sbin", refreshonly => true, - notify => Service["slapd"], + notify => Exec["slaptest"], } } @@ -601,6 +611,9 @@ class ldap::server { # Password for uid=replicator,cn=config,${name} user on master. # Only needed for slave databases. # +# $rid: +# Replica ID. Must be unique per replica per database. +# # $moduleoptions: # Options for overlay modules. # @@ -610,10 +623,16 @@ class ldap::server { # moduleoptions => [ "smbkrb5pwd-enable=samba", ] # } # -define ldap::server::database($aclsource = "", $master = "", $syncpw = "", $moduleoptions = []) { +define ldap::server::database($aclsource = "", $master = "", $syncpw = "", $rid = "", $moduleoptions = []) { include ldap::server + if $rid == "" { + $rid_real = fqdn_rand(999) + } else { + $rid_real = $rid + } + file { "${ldap::server::config}/slapd.conf.d/db.${name}.conf": ensure => present, content => template("ldap/slapd-database.conf.erb"), @@ -636,7 +655,7 @@ define ldap::server::database($aclsource = "", $master = "", $syncpw = "", $modu mode => "0640", owner => "root", group => $ldap::server::group, - notify => Service["slapd"], + notify => Exec["slaptest"], } file { "${ldap::server::config}/slapd.conf.d/index.${name}.conf": @@ -647,7 +666,7 @@ define ldap::server::database($aclsource = "", $master = "", $syncpw = "", $modu mode => "0640", owner => "root", group => $ldap::server::group, - notify => Service["slapd"], + notify => Exec["slaptest"], } file { "/srv/ldap/${name}": @@ -672,7 +691,7 @@ define ldap::server::database($aclsource = "", $master = "", $syncpw = "", $modu }, seltype => "slapd_db_t", require => File["/srv/ldap/${name}"], - before => Service["slapd"], + before => Exec["slaptest"], } } diff --git a/ldap/templates/slapd-database.conf.erb b/ldap/templates/slapd-database.conf.erb index 8711540..bea1fb8 100644 --- a/ldap/templates/slapd-database.conf.erb +++ b/ldap/templates/slapd-database.conf.erb @@ -29,18 +29,18 @@ overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 -# The database directory MUST exist prior to running slapd AND +# The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /srv/ldap/<%= name %> <% if master != "" -%> # replication -syncrepl rid=2 +syncrepl rid=<%= rid_real %> provider=<%= master %> type=refreshAndPersist retry="10 10 60 +" - searchbase="<%= ldap_basedn %>" + searchbase="<%= name %>" filter="(objectClass=*)" scope="sub" sizelimit=500000 @@ -48,7 +48,7 @@ syncrepl rid=2 schemachecking="off" bindmethod="simple" tls_reqcert="never" - binddn="uid=replicator,cn=config,<%= ldap_basedn %>" + binddn="uid=replicator,cn=config,<%= name %>" credentials="<%= syncpw %>" updateref <%= master %> <% end -%> diff --git a/ldap/templates/slapd.conf.erb b/ldap/templates/slapd.conf.erb index ac54d77..4db5924 100644 --- a/ldap/templates/slapd.conf.erb +++ b/ldap/templates/slapd.conf.erb @@ -42,7 +42,7 @@ moduleload <%= name %>.la TLSCertificateFile <%= scope.lookupvar('ssl::certs') %>/slapd.crt TLSCertificateKeyFile <%= scope.lookupvar('ssl::private') %>/slapd.key TLSCACertificatePath <%= scope.lookupvar('ldap::server::config') %>/cacerts -TLSVerifyClient never +TLSVerifyClient try # include database configs include <%= scope.lookupvar('ldap::server::config') %>/slapd.conf.d/database.conf diff --git a/logwatch/manifests/init.pp b/logwatch/manifests/init.pp new file mode 100644 index 0000000..0dbca0b --- /dev/null +++ b/logwatch/manifests/init.pp @@ -0,0 +1,16 @@ +# Install logwatch. +# +class logwatch { + + case $::kernel { + "linux": { + package { "logwatch": + ensure => installed, + } + } + default: { + fail("logwatch not supported on ${::kernel}") + } + } + +} diff --git a/motd/files/empty b/motd/files/empty new file mode 100644 index 0000000..e69de29 diff --git a/motd/manifests/init.pp b/motd/manifests/init.pp new file mode 100644 index 0000000..3df5908 --- /dev/null +++ b/motd/manifests/init.pp @@ -0,0 +1,29 @@ + +# Deploy motd file to server +# +class motd { + + case $::operatingsystem { + "ubuntu": { + package { "update-motd": + ensure => absent, + } + } + } + + file { "/etc/motd": + ensure => present, + source => [ + "puppet:///files/motd/motd.${::homename}", + "puppet:///files/motd/motd", + "puppet:///modules/motd/empty", + ], + mode => "0644", + owner => "root", + group => $::operatingsystem ? { + "openbsd" => "wheel", + default => "root", + }, + } + +} diff --git a/munin/files/munin-node.logrotate b/munin/files/munin-node.logrotate new file mode 100644 index 0000000..2a12c07 --- /dev/null +++ b/munin/files/munin-node.logrotate @@ -0,0 +1,9 @@ +/var/log/munin-node/munin-node.log { + daily + missingok + rotate 7 + compress + copytruncate + notifempty + create 644 root root +} diff --git a/munin/manifests/init.pp b/munin/manifests/init.pp index b760e1f..431ae5b 100644 --- a/munin/manifests/init.pp +++ b/munin/manifests/init.pp @@ -61,6 +61,19 @@ class munin::node { notify => Service["munin-node"], } + # Temporary fix for broken config + case $::operatingsystem { + "centos","fedora","redhat": { + file { "/etc/logrotate.d/munin-node": + ensure => present, + mode => "0644", + owner => "root", + group => "root", + source => "puppet:///modules/munin/munin-node.logrotate", + } + } + } + } @@ -231,11 +244,11 @@ class munin::server { mode => "0775", owner => "munin", group => $apache::sslserver::group, - seltype => "httpd_munin_rw_content_t", + seltype => "httpd_sys_rw_content_t", require => Package["munin"], } selinux::manage_fcontext { "/var/cache/munin(/.*)?": - type => "httpd_munin_rw_content_t", + type => "httpd_sys_rw_content_t", before => File["/var/cache/munin"], } mount { "/var/cache/munin": @@ -249,12 +262,11 @@ class munin::server { require => File["/var/cache/munin"], } - file { [ "/var/log/munin/munin-cgi-graph.log", - "/var/log/munin/munin-cgi-html.log", ]: - ensure => present, - mode => "0664", - owner => "munin", - group => $apache::sslserver::group, + file { "/var/log/munin": + ensure => directory, + mode => "0775", + owner => $apache::sslserver::user, + group => "munin", require => Package["munin"], } file { "/etc/logrotate.d/munin-cgi": diff --git a/munin/templates/munin-cgi.logrotate.erb b/munin/templates/munin-cgi.logrotate.erb index 63df851..94384c4 100644 --- a/munin/templates/munin-cgi.logrotate.erb +++ b/munin/templates/munin-cgi.logrotate.erb @@ -4,7 +4,7 @@ rotate 7 compress notifempty - create 0664 munin <%= scope.lookupvar('apache::sslserver::group') %> + create 0640 <%= scope.lookupvar('apache::sslserver::user') %> munin } /var/log/munin/munin-cgi-html.log { @@ -13,5 +13,5 @@ rotate 7 compress notifempty - create 0664 munin <%= scope.lookupvar('apache::sslserver::group') %> + create 0640 <%= scope.lookupvar('apache::sslserver::user') %> munin } diff --git a/munin/templates/munin-node.conf.erb b/munin/templates/munin-node.conf.erb index d743c6a..e8ccad9 100644 --- a/munin/templates/munin-node.conf.erb +++ b/munin/templates/munin-node.conf.erb @@ -3,11 +3,15 @@ # log_level 4 +<% if ['CentOS','Fedora','RedHat'].index(operatingsystem) -%> +log_file /var/log/munin-node/munin-node.log +<% else -%> log_file /var/log/munin/munin-node.log +<% end -%> pid_file /var/run/munin/munin-node.pid background 1 -setseid 1 +setsid 1 user root <% if operatingsystem == "OpenBSD" -%> @@ -15,10 +19,8 @@ group wheel <% else -%> group root <% end -%> -setsid yes # Regexps for files to ignore - ignore_file ~$ ignore_file \.bak$ ignore_file %$ @@ -29,7 +31,6 @@ ignore_file \.pod$ # Set this if the client doesn't report the correct hostname when # telnetting to localhost, port 4949 # -#host_name ppc3.fedora.redhat.com host_name <%= homename %> # A list of addresses that are allowed to connect. This must be a @@ -41,8 +42,6 @@ allow <%= munin_allow %> # Which address to bind to; host <%= ipaddress %> -# host 127.0.0.1 # And which port port 4949 - diff --git a/netcat/manifests/init.pp b/netcat/manifests/init.pp index a490272..b0661ec 100644 --- a/netcat/manifests/init.pp +++ b/netcat/manifests/init.pp @@ -7,6 +7,10 @@ class netcat { package { "netcat": name => $::operatingsystem ? { "ubuntu" => "netcat", + "fedora" => $::operatingsystemrelease ? { + /^1[0-7]/ => "nc", + default => "nmap-ncat", + }, default => "nc", }, ensure => present, diff --git a/network/manifests/init.pp b/network/manifests/init.pp index f112715..d4af18f 100644 --- a/network/manifests/init.pp +++ b/network/manifests/init.pp @@ -73,7 +73,23 @@ class network::hostname { group => "root", } } - "centos","redhat","fedora": { + "fedora": { + if $::operatingsystemrelease > 17 { + file { "/etc/hostname": + ensure => present, + content => "${homename}\n", + mode => "0644", + owner => "root", + group => "root", + } + } else { + augeas { "set-hostname": + context => "/files/etc/sysconfig/network", + changes => "set HOSTNAME ${homename}", + } + } + } + "centos","redhat": { augeas { "set-hostname": context => "/files/etc/sysconfig/network", changes => "set HOSTNAME ${homename}", diff --git a/pam/manifests/init.pp b/pam/manifests/init.pp index 6fd7ee7..7006104 100644 --- a/pam/manifests/init.pp +++ b/pam/manifests/init.pp @@ -4,6 +4,11 @@ class pam::common { case $::operatingsystem { + "centos","redhat","fedora": { + package { "authconfig": + ensure => installed, + } + } "ubuntu": { package { "libpam-runtime": ensure => installed, @@ -28,8 +33,9 @@ class pam::mkhomedir { case $::operatingsystem { "centos","redhat","fedora": { exec { "authconfig --enablemkhomedir --update": - path => "/bin:/usr/bin:/sbin:/usr/sbin", - unless => "egrep '^USEMKHOMEDIR=yes\$' /etc/sysconfig/authconfig", + path => "/bin:/usr/bin:/sbin:/usr/sbin", + unless => "egrep '^USEMKHOMEDIR=yes\$' /etc/sysconfig/authconfig", + require => Package["authconfig"], } } "ubuntu": { diff --git a/ruby/manifests/init.pp b/ruby/manifests/init.pp index 18d25d0..4803523 100644 --- a/ruby/manifests/init.pp +++ b/ruby/manifests/init.pp @@ -52,7 +52,7 @@ class ruby::rails { } else { require ruby::rubygems package { "rubygem-rails": - ensure => "2.3.15", + ensure => "2.3.17", name => "rails", provider => "gem", } diff --git a/sasl/manifests/init.pp b/sasl/manifests/init.pp index e0da7a3..20df9ca 100644 --- a/sasl/manifests/init.pp +++ b/sasl/manifests/init.pp @@ -8,10 +8,14 @@ class sasl::client { "ubuntu" => "sasl2-bin", default => "cyrus-sasl", }, + flavor => $::operatingsystem ? { + "openbsd" => "ldap", + default => undef, + }, ensure => installed, } - if $kerberos_realm { + if $kerberos_realm and $::operatingsystem != "OpenBSD" { package { "cyrus-sasl-gssapi": name => $::operatingsystem ? { "ubuntu" => "libsasl2-modules-gssapi-mit", @@ -32,7 +36,7 @@ class sasl::client { # default. Supported mechanisms include pam, ldap and kerberos5. # # For ldap authentication, see ldap::client for required global variables. -# +# class sasl::saslauthd { require sasl::client @@ -41,27 +45,48 @@ class sasl::saslauthd { "","pam": { } "ldap": { include ldap::client - - augeas { "set-saslauthd-mech": - context => "/files/etc/sysconfig/saslauthd", - changes => "set MECH ldap", - notify => Service["saslauthd"], + + case $::operatingsystem { + "centos","fedora","redhat": { + augeas { "set-saslauthd-mech": + context => "/files/etc/sysconfig/saslauthd", + changes => "set MECH ldap", + notify => Service["saslauthd"], + } + } + "openbsd": { + Service["saslauthd"] { + start => "/usr/local/sbin/saslauthd -a ldap", + } + } } - + file { "/etc/saslauthd.conf": ensure => present, - mode => 0644, - owner => "root", - group => "root", + mode => "0644", + owner => "root", + group => $::operatingsystem ? { + "openbsd" => "wheel", + default => "root", + }, content => template("sasl/saslauthd.conf.ldap.erb"), - notify => Service["saslauthd"], + notify => Service["saslauthd"], } } "kerberos5": { - augeas { "set-saslauthd-mech": - context => "/files/etc/sysconfig/saslauthd", - changes => "set MECH kerberos5", - notify => Service["saslauthd"], + case $::operatingsystem { + "centos","fedora","redhat": { + augeas { "set-saslauthd-mech": + context => "/files/etc/sysconfig/saslauthd", + changes => "set MECH kerberos5", + notify => Service["saslauthd"], + } + } + "openbsd": { + Service["saslauthd"] { + start => "/usr/local/sbin/saslauthd -a kerberos5", + } + } } } default: { @@ -78,13 +103,16 @@ class sasl::saslauthd { ensure => present, mode => "0644", owner => "root", - group => "root", + group => $::operatingsystem ? { + "openbsd" => "wheel", + default => "root", + }, require => Exec["generate-sasldb2"], before => Service["saslauthd"], } exec { "generate-sasldb2": command => "saslpasswd2 -d foobar ; true", - path => "/bin:/usr/bin:/sbin:/usr/sbin", + path => "/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin", creates => "/etc/sasldb2", } @@ -104,10 +132,20 @@ class sasl::saslauthd { # define sasl::saslauthd::service() { - case $architecture { - "i386": { $libdir = "/usr/lib/sasl2" } - "x86_64": { $libdir = "/usr/lib64/sasl2" } - default: { fail("Unknown architecture ${architecture}") } + case $::operatingsystem { + "centos","fedora","redhat": { + case $::architecture { + "i386": { $libdir = "/usr/lib/sasl2" } + "x86_64": { $libdir = "/usr/lib64/sasl2" } + default: { fail("Unknown architecture ${::architecture}") } + } + } + "openbsd": { + $libdir = "/usr/local/lib/sasl2" + } + default: { + fail("sasl not supported on ${::operatingsystem}") + } } file { "${libdir}/${name}.conf": @@ -118,7 +156,10 @@ define sasl::saslauthd::service() { "puppet:///modules/sasl/service.conf", ], mode => "0644", owner => "root", - group => "root", + group => $::operatingsystem ? { + "openbsd" => "wheel", + default => "root", + }, require => Service["saslauthd"], } diff --git a/selinux/files/restorecond.conf b/selinux/files/restorecond.conf new file mode 100644 index 0000000..58b723a --- /dev/null +++ b/selinux/files/restorecond.conf @@ -0,0 +1,8 @@ +/etc/services +/etc/resolv.conf +/etc/samba/secrets.tdb +/etc/mtab +/var/run/utmp +/var/log/wtmp +/root/* +/root/.ssh/* diff --git a/selinux/manifests/init.pp b/selinux/manifests/init.pp index 76e57f2..13cd8e1 100644 --- a/selinux/manifests/init.pp +++ b/selinux/manifests/init.pp @@ -92,6 +92,34 @@ class selinux::tools { } +# Enable restorecond service. +# +class selinux::restorecond { + + if $::selinux == "true" { + file { "/etc/selinux/restorecond.conf": + ensure => present, + mode => "0644", + owner => "root", + group => "root", + seltype => "selinux_config_t", + source => [ + "puppet:///files/selinux/restorecond.conf.${homename}", + "puppet:///files/selinux/restorecond.conf", + "puppet:///modules/selinux/restorecond.conf", + ], + notify => Service["restorecond"], + } + + service { "restorecond": + ensure => running, + enable => true, + } + } + +} + + # Set SELinux boolean value # # === Parameters diff --git a/sendmail/manifests/init.pp b/sendmail/manifests/init.pp index 134981d..9cf5c98 100644 --- a/sendmail/manifests/init.pp +++ b/sendmail/manifests/init.pp @@ -263,6 +263,7 @@ class sendmail::server inherits sendmail::common { default => "/etc/aliases", }, source => [ + "puppet:///files/mail/aliases.${fqdn}", "puppet:///files/mail/aliases", "puppet:///modules/sendmail/aliases", ], @@ -279,6 +280,7 @@ class sendmail::server inherits sendmail::common { file { "/etc/mail/access": ensure => present, source => [ + "puppet:///files/mail/access.${fqdn}", "puppet:///files/mail/access", "puppet:///modules/sendmail/empty", ], @@ -297,6 +299,7 @@ class sendmail::server inherits sendmail::common { file { "/etc/mail/genericstable": ensure => present, source => [ + "puppet:///files/mail/genericstable.${fqdn}", "puppet:///files/mail/genericstable", "puppet:///modules/sendmail/empty", ], @@ -315,6 +318,7 @@ class sendmail::server inherits sendmail::common { file { "/etc/mail/mailertable": ensure => present, source => [ + "puppet:///files/mail/mailertable.${fqdn}", "puppet:///files/mail/mailertable", "puppet:///modules/sendmail/empty", ], @@ -333,6 +337,7 @@ class sendmail::server inherits sendmail::common { file { "/etc/mail/virtusertable": ensure => present, source => [ + "puppet:///files/mail/virtusertable.${fqdn}", "puppet:///files/mail/virtusertable", "puppet:///modules/sendmail/empty", ], @@ -351,8 +356,9 @@ class sendmail::server inherits sendmail::common { file { "/etc/mail/local-host-names": ensure => present, source => [ + "puppet:///files/mail/local-host-names.${fqdn}", "puppet:///files/mail/local-host-names", - "puppet:///modules/sendmail/local-host-names", + "puppet:///modules/sendmail/empty", ], mode => "0644", owner => "root", diff --git a/ssh/manifests/init.pp b/ssh/manifests/init.pp index 68cfab0..a8947b9 100644 --- a/ssh/manifests/init.pp +++ b/ssh/manifests/init.pp @@ -12,11 +12,16 @@ class ssh::known_hosts { }, } + $aliases = merge(inline_template("<%= homename.split('.')[0] %>"), + $::ipaddress, + $::ipaddress6, + $::ec2_public_ipv4) + @@sshkey { $homename: ensure => present, type => rsa, key => $sshrsakey, - host_aliases => inline_template("<%= homename.split('.')[0] %>"), + host_aliases => $aliases, require => File["/etc/ssh/ssh_known_hosts"], } diff --git a/syslog/manifests/init.pp b/syslog/manifests/init.pp index 635c989..61c457d 100644 --- a/syslog/manifests/init.pp +++ b/syslog/manifests/init.pp @@ -175,16 +175,20 @@ class syslog::client::rsyslog { } service { "rsyslog": - ensure => running, - enable => true, - start => $::operatingsystem ? { + ensure => running, + enable => true, + start => $::operatingsystem ? { "openbsd" => $::operatingsystemrelease ? { /4\.[1-8]/ => "pkill syslogd; /usr/local/sbin/rsyslogd -c 4 -x -i /var/run/syslog.pid", default => undef, }, default => undef, }, - require => File["/var/log/all.log"], + hasrestart => $::operatingsystem ? { + "fedora" => true, + default => false, + }, + require => File["/var/log/all.log"], } if $::operatingsystem == "OpenBSD" and $::operatingsystemrelease !~ /4\.[1-8]/ { diff --git a/tftp/manifests/init.pp b/tftp/manifests/init.pp index 42f770c..1ff8dc6 100644 --- a/tftp/manifests/init.pp +++ b/tftp/manifests/init.pp @@ -39,24 +39,31 @@ class tftp::server { } case $::operatingsystem { - debian,fedora,ubuntu: { - file { "/var/lib/tftpboot": - ensure => link, - target => "/srv/tftpboot", - force => true, - require => File["/srv/tftpboot"], + "debian","fedora","ubuntu": { + $tftpdir = "/var/lib/tftpboot" + } + "centos","redhat": { + case $::operatingsystemrelease { + /^[45]\./: { + $tftpdir = "/tftpboot" + } + default: { + $tftpdir = "/var/lib/tftpboot" + } } } default: { - file { "/tftpboot": - ensure => link, - target => "/srv/tftpboot", - force => true, - require => File["/srv/tftpboot"], - } + $tftpdir = "/tftpboot" } } + file { $tftpdir: + ensure => link, + target => "/srv/tftpboot", + force => true, + require => File["/srv/tftpboot"], + } + if "${selinux}" == "true" { selinux::manage_fcontext { "/srv/tftpboot(/.*)?": type => "tftpdir_t", diff --git a/util/lib/puppet/parser/functions/merge.rb b/util/lib/puppet/parser/functions/merge.rb new file mode 100644 index 0000000..ab5e841 --- /dev/null +++ b/util/lib/puppet/parser/functions/merge.rb @@ -0,0 +1,20 @@ +module Puppet::Parser::Functions + newfunction(:merge, :type => :rvalue) do |args| + + if args.length < 2 + raise Puppet::ParseError, ("merge(): wrong number of arguments (#{args.length}; must be at least 2)") + end + + ret = [] + args.each do |arg| + next if arg == "" + if arg.is_a?(Array) + ret.concat(arg) + else + ret.concat([arg]) + end + end + ret + + end +end diff --git a/vsroom/manifests/init.pp b/vsroom/manifests/init.pp index 8fec5c2..cc27a58 100644 --- a/vsroom/manifests/init.pp +++ b/vsroom/manifests/init.pp @@ -40,6 +40,7 @@ class vsroom::collab { mode => "0660", owner => "collab", group => "collab", + seltype => "httpd_sys_rw_content_t", source => "${vsroom::common::htdocs}/common/auth_credentials.php", require => [ File["/srv/wikis/collab/htdocs"], diff --git a/wiki/Makefile b/wiki/Makefile index 84864ae..8302049 100644 --- a/wiki/Makefile +++ b/wiki/Makefile @@ -4,7 +4,7 @@ GWIKIBRANCH = default GWIKISOURCE = https://bitbucket.org/clarifiednetworks/graphingwiki/get/$(GWIKIBRANCH).tar.gz GWIKITARGET = graphingwiki-$(GWIKIBRANCH)-$(TIMESTAMP).tar.gz -MOINVERSION = 1.9.4 +MOINVERSION = 1.9.6 MOINSOURCE = http://static.moinmo.in/files/moin-$(MOINVERSION).tar.gz MOINTARGET = moin-$(MOINVERSION).tar.gz diff --git a/yum/files/keys/rpmfusion-free-fedora-18.key b/yum/files/keys/rpmfusion-free-fedora-18.key new file mode 100644 index 0000000..2c97922 --- /dev/null +++ b/yum/files/keys/rpmfusion-free-fedora-18.key @@ -0,0 +1,30 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2.0.18 (GNU/Linux) + +mQINBE80KI8BEADWbPfx0Ql0Rip3+SZ3k+/Yw/gXBH7GdwLhnwwFjEDJfBHdUFkR +1GHQtKH7qtdyqASkPRfGQqBoDY49jssrgv4FIh9nrE8u1HpN5YhVNT0zbvGORKiS +01U75N7FjgKR+8/deUo1MBFdy7vsfvL2obW6FE5y1Lr9QRaLfVN+C9rPDB6ITcak +VIqvL2jKa//YzIZ0JYlYumbGyhuV0fDrSmkOTruXBgtATO1DtwlCsMshp9sMT+8L +W2BAURtR1yVEnXy1YEVhdkdDuX/DAbZhWdz5swAQaPEr6GVByXfwDB8Fe8D/0RUo +BQG2KBc8JqQF5HSDz5rdlKZ20U6VyR1Ihl9G3l26CWdF1iTljUHl8FIDRv+WefbJ +rvBO76mAilBnl0NCHM2AR4npvIlN8/Dd84q1Ti0OW/QugKMECelMO0ykYVYVUmwr +JUGKuSe3wxuW813N3VEaYOmhx6P+x5X3yKuKo8O1+duJZGPDV94veY6f3JijgA2j +s0pgxIjUzJ8C09z0P+vLKwtVo4VMPqhBhxk1bcrUT4t8QGtQHuS7IwXYQqd32xTM +kBrbFqegPO7dOzOLmw52o9fgHwRxL1owgYzn3uYXCzgnQYKdGgzX9QrlkuhgqLY8 +G7SR6FDdONGFE1s+looZpV/bHf2MKKLUQEUPkdIS46oRxKUNsxyAn5QZDwARAQAB +tFNSUE0gRnVzaW9uIGZyZWUgcmVwb3NpdG9yeSBmb3IgRmVkb3JhICgxOCkgPHJw +bWZ1c2lvbi1idWlsZHN5c0BsaXN0cy5ycG1mdXNpb24ub3JnPokCOAQTAQIAIgUC +TzQojwIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQNjOZFJguCnyGBxAA +x4hWU52Si0/bx9TzCCjsPmuMXb6b+0wUtqRfKtsCmRmOPUok2d1/XkyX7hJ7XHV7 +bkV+pab0ohL7DWj1Y9mRJeG6X9yRi45vP52DoWkOpoMOV9LDivsQ3BfYwxb7NriF +cI8Gq5Qec7M8JqLVk91Fve4h97rOSZlNIZfoybVOC0lpFeT6n3J/YYb1HMUtn/cu +YwOCpvWrn6/FS6bO7jCGEidogAZkGkEAKUBOD9PbiWe+Od439a7j/PzxU795nvPt +nfDab52zXxv4dCHBxcP3cyjC83+23QvMlkJkPF3J74atIP78jEcb45e8SuCTL/4W +gQBaW3RqDr5CvIuksb6dDeWGzq8+214lvrCI4kQH3RWgbS4xi+a9OdicPWtnFF68 +/ORsbFMIvMXFT5Zmhpx28OlALryiYTL9jkwqMP1S0q3JgfT4adrruc4/C/MrN1aQ +xh3wbfqT7xB0/GWKojjgRpsZ56fMUmaB2AwwlwBSpxqHTqCSkJOl1jQuvv+pNMAz +/qNooUzu9Z1kPDKtDYl0dK9kUHw5vkXn2MjOXFGLBMoXbDxxzbgJMR45/L/jCK3Q +8Cko+IaW14lSoiyQVoAikCfizAnAV+08dp/a4UK2haZd+/Xl7dKDpNSnQhOTQCoL +BpbgafmDVWWbv10cPHFCfq29RBpAaQwck2WFNF39nR8= +=53Ne +-----END PGP PUBLIC KEY BLOCK----- diff --git a/yum/files/keys/rpmfusion-nonfree-fedora-18.key b/yum/files/keys/rpmfusion-nonfree-fedora-18.key new file mode 100644 index 0000000..203ed26 --- /dev/null +++ b/yum/files/keys/rpmfusion-nonfree-fedora-18.key @@ -0,0 +1,30 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2.0.18 (GNU/Linux) + +mQINBE80KM8BEADL982y29MH1JB8tjaglrY1H08bHAZqkeg+fsrPnk5PokXuNiK8 +9i5iMRklyHTlLJRFen8OupJ+laXAnIhzH3CBaSU4vBw0PvvhdvtTEkVe5nEIiWON +ptkAYsXzFMT6ZD0tM1ef3DB2l00g+rf9ySEqBpRhP1ccLwtVFSRJk3vMWgs1SAi8 +M7gdrEm07d1rNK4umB4UkOvJMe87Hd63sMF6PCfSkXDPEF9Pe+tltNNvPdA/dWO3 +3QY1o4NU4m0Dwh2NWNj9YKxjSGkYzOmDslSccXkeJJKySWYmHPwiIvt5nMuSXlOi +F9eNSXqMQb0qLcKJWMBovTgJWMR9CTgEtU7lAXafzZ4ePJY5uNFJ4F86slFkjgpN +DZZGFJNhDUz6TpixwxrYPV8hiUqLUlatcFrpn5vjTZpsw8gELSGCjeojI7R0qkmq +T6atgrZbLn3aJAPtOV4aVJgO2s1ATSrZWGVUAzQ+98dZM9Ys/N9EFxip6jeabwri +3AivulncY6k6XhKroQp2DTtupXB+nN+aGxaz+o2InuTJ83YaB1Zz6uU924gsHiyj +/VU7hJ4RTJq1DEhTZJ9YYqPT3fkQgA5UIebpwQhMMkWq4/YO/d/QdUAhXNJr8eDP +1VsJe13Wu8Q9I4Nlr8kWZczDnUcDipu2hpuSPDtSuEuMdO6nRyXMw9XTWQARAQAB +tFZSUE0gRnVzaW9uIG5vbmZyZWUgcmVwb3NpdG9yeSBmb3IgRmVkb3JhICgxOCkg +PHJwbWZ1c2lvbi1idWlsZHN5c0BsaXN0cy5ycG1mdXNpb24ub3JnPokCOAQTAQIA +IgUCTzQozwIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQkM4JS+MbMMok +oA//TC+/0+qslxOVmGdWtZoDvndwRTnCATWiH4UoKLlyCG9DaWZMjle3Pt85bEzZ +/cWaIzy6zZHxuYKZ8rHElhloBx8WARVPl+DRNcV4AFXMuNNckKu82YKE3Ti/G/PL +42RpT/qgR7bgdAeru3KGMBd6Qq8iroUmqzshlEdYF4i+jXOQiD629XuzsqDw4IxZ +zN6/NPgFduy6z9t4NN4lu329H+JBQHfb7TR4lh3liqcKInF0y9XOKFxzgUXahr23 +WWeSKboebHsdRtmoySYk6zAV45LOck+frzqD9qEiVysGeuw1eSFHjRMT+0TVsAoH +Bot5RoyYkF/zw9bUikCJQJ+c+gOs6EXIQO1HVdgpNRjJj3901dvaBcDpI6OX6eQP +IBLqbN6Es/uZhB4yclpHyuHQcKDnawyh5fe+5BEm4jPB9AcbvawBLrMxZMAoQVjq +zqnCkAoo66/OYeBEZYtSXRxw8VV2p0yMkZcR1IpRNYBNcnLDqFZLLJeRCYMR2UDa +hoYgIX/6t9UD0HjjBRQUlHtq9NDR3LOspmbaX39yd3dPlLbrgV5ALGD11NYvB8YG +bDI/13D5K6Ti2VgArxZqv4HOWkHwkOlUl4KnkVXTdUZDefzo6ix5sObV54l9zbaJ +FNy46lt3bTn8oI9PEsxrxC7VUXgOH3kg2G07IytyWy0FJB8= +=+k17 +-----END PGP PUBLIC KEY BLOCK-----