Added cables identity information applet.

Added I2P as a source host support in cables FastCGI service.
Added cable-ping utility for checking destination liveness.
Claws-Mail wrapper now accepts both Tor and I2P account addresses.

Fixed "Query no Synaptics: 6003C8" due to touchpad driver being loaded twice in Xorg.
Added tcp/443 port for OpenVPN connections in the firewall.

Removed QuickTime demuxer in GStreamer, since MP4 video is not working in HTML5,
  yet it's typically the first choice in the <video> tag
Got rid of gst-plugins-bad (except libgstbasevideo.so for gst-plugins-vp8).
Pruned GStreamer plugins that are unnecessary for HTML5 and provisional encoding.

Changed file ordering to <mimetype,package,dir>, saving several MiB in the image.
Improved build reliability w.r.t. updating I2P hosts.txt.

Added explicit VirtualBox and VMWare support, added back VMWare (legacy) video support.
Enabled Gallium3D for Radeon r300/r600 (for which it will soon be the default).
Added vboxsf support to automounting (ps-mount) for synthetic events from init.d/vmconfig.
Replaced buggy vmmouse_detect with a virt-what-based version.

Replaced ssh wrapper with a config directory symlink, enabling scp, sftp, etc. to work.
GnuPG now uses an .onion keyserver, which also solves an SSL bug with current stable curl.

Now EHCI kernel module is loaded unconditionally in initramfs, before UHCI/OHCI.
Disabled system lockout on kernel OOPS.

Fixed Murrine themes for the new engine.

conf/rootfs.excludes

@@ -85,6 +85,10 @@
 /usr/bin/*-config
 /usr/bin/*-config-[0-9]*
 /usr/games/bin/*-config
+/usr/lib/mesa/r[36]00_dri.*
+/usr/lib/mesa/*g_dri.*
+/usr/lib/dri/*g_dri.*
+/usr/lib/egl/pipe_*.*
 /usr/share/consolefonts/**
 /usr/share/consoletrans/
 /usr/share/unimaps/
@@ -241,3 +245,4 @@
 /usr/bin/vpxenc
 /usr/bin/orcc
 /usr/bin/orc-bugreport
+/usr/sbin/vboxguest-service

conf/rootfs.includes

@@ -21,6 +21,9 @@
 
 # Pruned directories exceptions
 /usr/bin/rc-config
+/usr/lib/mesa/r[36]00g_dri.*
+/usr/lib/dri/r[36]00g_dri.*
+/usr/lib/egl/pipe_r[36]00.*
 /usr/share/consolefonts/*16*.psfu
 /usr/share/consolefonts/cp1250.psfu
 /usr/share/keymaps/include/***

conf/rootfs.nosuid

@@ -15,6 +15,7 @@
 /bin/mount
 /bin/umount
 /usr/bin/fusermount
+/sbin/mount.vboxsf
 
 # No real mail processing
 /usr/bin/procmail

dist/qemulate.sh

@@ -8,8 +8,8 @@ bootdir=`dirname $0`/boot
 
 cdrom="if=virtio,format=raw,media=cdrom,aio=native,cache=none"
 
-params="cdroot_type=squashfs video=uvesafb:800x600-32
-        quiet splash=silent,theme:liberty console=tty1"
+params="cdroot_type=squashfs video=uvesafb:800x600-32 quiet
+        splash=silent,theme:liberty console=tty1 loglevel=4"
 
 export QEMU_AUDIO_DRV=alsa
 

doc/changelog.txt

@@ -1,28 +1,31 @@
 2011-XX-XX
   + 2011.2 release
 
-  + ISO image generation, useful for VMs and independent installs
-  + Support for installing to ext2/3/4 filesystems
-  + Directories are hidden on FAT (during install) and ISO (in Joliet layer)
-  + Added silent splash theme, which also disables logo in X server
-
-  + Kernel 2.6.39 with SquashFS XZ compression and NX support
-  + Requirements bumped to PentiumIII+ (implies MMX, SSE) with PAE
-  + All RAM is wiped on shutdown/reboot, regardless of 3GiB address space limit
-  + Xorg server 1.10, better touchpad support
-
-  + Added I2P, also supported as cables communication endpoint
-  + Cables communication daemon runs under a designated user
-  + OTFE partition now supports file permissions, sanitized during boot
-  + OTFE partition now uses NTFS compression for all data
-
-  + Added small and fast Java runtime environment (JamVM)
-  + Added HTML5 video/audio support to Midori
-  + Added SASL (plain) authentication support to XChat
-  + Added PPTP/OpenVPN/Cisco VPN support to NetworkManager
-  + Added emelFM2 2-pane file manager
-
-  + Audio mixer channels are heuristically set up on boot
+  * ISO image generation, useful for VMs and independent installs
+  * Support for installing to ext2/3/4 filesystems
+  * Directories are hidden on FAT (during install) and ISO (in Joliet layer)
+  * Added silent splash theme, which also disables logo in X server
+
+  * Kernel 2.6.39 with SquashFS XZ compression and NX support
+  * Requirements bumped to PentiumIII+ (implies MMX, SSE) with PAE
+  * All RAM is wiped on shutdown/reboot, regardless of 3GiB address space limit
+  * Xorg server 1.10, better touchpad support
+  * Better integration as VirtualBox (including clipboard), VMWare, QEMU guest
+  * VirtualBox shares are now supported as automount directories
+
+  * Added I2P, also supported as cables communication transport
+  * Cables communication daemon runs under a designated user
+  * Added cables communication identity information applet
+  * OTFE partition now supports file permissions, sanitized during boot
+  * OTFE partition now uses NTFS compression for all data
+
+  * Added small and fast Java runtime environment (JamVM)
+  * Added HTML5 video/audio support to Midori
+  * Added SASL (plain) authentication support to XChat
+  * Added PPTP/OpenVPN/Cisco VPN support to NetworkManager
+  * Added emelFM2 2-pane file manager
+
+  * Audio mixer channels are heuristically set up on boot
 
 
 2011-05-29

mkimage

@@ -85,11 +85,11 @@ sed -i "s/SYSVER/${sysver}/" ${cdroot}/liberte/setup.sh
 
 
 # Unreferenced files have default priority 0 (which is the top priority)
-sinfo "Preparing <mimetype,dir,package> SquashFS ordering"
+sinfo "Preparing <mimetype,package,dir> SquashFS ordering"
 count=0 last= sqsort=`mktemp`
 for p in ${livecd}/tmp/transient/pkg/unlisted-files ${livecd}/tmp/transient/pkg/*=*; do
     sed "s:^:${livecd}:" ${p} | file -zhN --mime-type -F '' -f - \
-        | sed -n "s:^${livecd}/\(.*\)/\([^/]*\) \(.*\)$:\3 \1 ${p##*/} \1/\2:p"
+        | sed -n "s:^${livecd}/\(.*\)/\([^/]*\) \(.*\)$:\3 ${p##*/} \1 \1/\2:p"
 done | sort | while read id1 id2 id3 file; do
     if [ "${id1},${id2},${id3}" != "${last}" ]; then
         count=$((count-1))

src/etc/X11/xorg.conf.d/99-tapping.conf

@@ -1,9 +0,0 @@
-# Handle touchpad one/two/three finger taps and scrolling
-Section "InputClass"
-    Identifier      "touchpad taps"
-    MatchIsTouchpad "on"
-    Option          "TapButton1"     "1"
-    Option          "TapButton2"     "2"
-    Option          "TapButton3"     "3"
-    Option          "VertEdgeScroll" "on"
-EndSection

src/etc/X11/xorg.conf.d/99-touchpad.conf

@@ -0,0 +1,24 @@
+# Handle touchpad one/two/three finger taps and scrolling
+Section "InputClass"
+    Identifier      "touchpad taps"
+    MatchIsTouchpad "on"
+
+    Option          "TapButton1"           "1"
+    Option          "TapButton2"           "2"
+    Option          "TapButton3"           "3"
+
+    Option          "VertEdgeScroll"       "on"
+    Option          "VertTwoFingerScroll"  "on"
+    Option          "HorizTwoFingerScroll" "on"
+EndSection
+
+
+# Filter touchpads that appear as mouse* in addition to evdev*.
+# Fixes "Query no Synaptics: 6003C8"; must come last in config.
+Section "InputClass"
+    Identifier      "touchpad ignore non-evdev"
+    MatchIsTouchpad "on"
+
+    MatchDevicePath "/dev/input/mouse*"
+    Option          "Ignore"               "true"
+EndSection

src/etc/init.d/vmconfig

@@ -0,0 +1,41 @@
+#!/sbin/runscript
+
+description="Configures the system as a guest in virtual machine."
+
+vmflag=/etc/vmtype
+
+depend() {
+    # don't bother autofs with SIGHUPs from ps-mount
+    before autofs
+
+    # user's X wallpaper depends on vmflag availability
+    before xdm
+}
+
+start() {
+    # VM flag is used for X wallpaper
+    if [ ! -e ${vmflag} ]; then
+        ebegin Detecting virtualization state
+        virt-what > ${vmflag}
+        eend $?
+    fi
+
+
+    if VBoxControl -nologo guestproperty get /VirtualBox/HostInfo/VBoxVer 1>/dev/null 2>&1; then
+        ebegin Adding VirtualBox shares to media automounts
+        eindent
+
+        # It seems that automount ignores lines with incorrect DEVNAMEs, so it's pointless
+        # to sanitize ID_FS_LABEL (although manual mount could work). Since VirtualBox
+        # disallows spaces in share names, problems are unlikely. Shares are dynamic, but
+        # VirtualBox doesn't provide events (otherwise ps-mount would suffice), so shares
+        # initialization happens only here.
+        for vbshare in $(VBoxControl -nologo sharedfolder list | sed -n 's/^[[:digit:]]\+ - //p'); do
+            einfo /mnt/media/"${vbshare}"
+            ACTION=add ID_FS_TYPE=vboxsf DEVNAME="${vbshare}" ID_FS_LABEL=VBox-"${vbshare}" ps-mount
+        done
+
+        eoutdent
+        eend $?
+    fi
+}

src/etc/init.d/xconfig

@@ -5,7 +5,6 @@ description="Sets up cgroups, configures X server and sound."
 cgroupmnt=/sys/fs/cgroup
 cgrouprel=/usr/local/sbin/cgroup-release
 
-vmflag=/etc/vmtype
 silentflag=/etc/splash/silent/active
 
 xorgrc=/etc/X11/xorg.conf
@@ -14,7 +13,10 @@ amixerrst=/usr/local/bin/reset-mixer
 asoundrc=/etc/asound.conf
 
 depend() {
+    # need cgroup mount
     need   localmount
+
+    # X server is configured here
     before xdm
 }
 
@@ -29,13 +31,6 @@ start() {
         eend $?
     fi
 
-    # VM flag is used for X wallpaper
-    if [ ! -e ${vmflag} ]; then
-        ebegin Detecting virtualization state
-        virt-what > ${vmflag}
-        eend $?
-    fi
-
     if egrep -q '\<splash=([^ ]*,)?theme:silent\>' /proc/cmdline; then
         ebegin Detected silent theme
         touch ${silentflag}

src/etc/make.conf

@@ -29,23 +29,24 @@ MAKEOPTS="-j3"
 # USE flags (aggregative)
 
 USE="aac acpi alsa aspell bidi bluetooth bs2b cairo caps cdda cjk consolekit
-     cue dbus dhcp djvu dynamic eap-tls exif expat fbcondecor flac
-     fontconfig gmp grammar gconf groupwise gtk hires-icons hybrid-auth
-     id3tag idn iproute2 irda jbig jpeg jpeg2k lcms libnotify lzma mad
-     madwifi mktemp mmx mp3 multicall networkmanager ogg opengl ots pcmcia
-     pcsc-lite pkcs11 png policykit pth scsi silc smartcard smime sndfile
-     speex spell sse startup-notification staticsocket svg symlink thesaurus
-     thin-splines threads tiff tordns truetype unicode usb v4l2 vorbis
-     wavpack wimax wmf X X509 x86emu xattr xinerama xmp xv"
+     cue dbus dhcp djvu drm dynamic eap-tls exif expat fbcondecor flac
+     fontconfig gallium gmp grammar gconf groupwise gtk hires-icons
+     hybrid-auth id3tag idn iproute2 irda jbig jpeg jpeg2k lcms libnotify
+     lzma mad madwifi mktemp mmx mp3 multicall networkmanager ogg opengl
+     openvg ots pcmcia pcsc-lite pkcs11 png policykit pth scsi silc
+     smartcard smime sndfile speex spell sse startup-notification
+     staticsocket svg symlink thesaurus thin-splines threads tiff tordns
+     truetype unicode usb v4l2 vorbis wavpack wimax wmf X X509 x86emu xattr
+     xinerama xmp xv xvmc"
 
 USE="${USE} -ant -berkdb -cddb -cracklib -cramfs -cups -cxx -dirac -encode
      -fts3 -gdbm -git -http-cache -hunspell -live -lvm1 -mng -mudflap -perl
      -python -qt4 -recode -schroedinger -session -sqlite -ssl -static -tcpd
      -tremor -xscreensaver -zeroconf"
 
-# X11
-INPUT_DEVICES="evdev synaptics"
-VIDEO_CARDS="${VIDEO_CARDS}"
+# X11 (virtualbox video can't be loaded by Xorg)
+INPUT_DEVICES="evdev synaptics virtualbox vmmouse"
+VIDEO_CARDS="${VIDEO_CARDS} qxl"
 
 # Audio (alsa-firmware)
 ALSA_CARDS="sb16"

src/etc/portage/package.use

@@ -16,10 +16,9 @@ media-video/mplayer             -opengl
 media-libs/jasper               -opengl
 
 # Drivers
-# (vmware segfaults "Xorg -configure", fbdev conflicts with vesa)
-x11-base/xorg-drivers           -video_cards_vmware -video_cards_fbdev
-x11-libs/libdrm                 -video_cards_vmware
-media-libs/mesa                 -gallium -video_cards_vmware
+# (fbdev conflicts with vesa, mesa's vmware is gallium-only)
+x11-base/xorg-drivers           -video_cards_fbdev
+media-libs/mesa                 -video_cards_vmware
 media-video/mplayer             -video_cards_*
 sys-fs/udev                     extras
 sys-fs/ntfsprogs                minimal -crypt
@@ -49,7 +48,7 @@ media-video/mplayer             -x264 -faac -xvid -twolame -toolame
 media-sound/sox                 encode
 media-plugins/audacious-plugins lame libsamplerate mms
 media-video/gpac                -* aac mad vorbis
-media-plugins/gst-plugins-meta  a52 dv dvd lame mpeg theora
+media-plugins/gst-plugins-meta  dv lame theora -flac -wavpack
 media-libs/libtheora            encode
 net-im/pidgin                   -gstreamer
 

src/home/anon/.ssh

@@ -0,0 +1 @@
+config/ssh

src/home/anon/bin/cable-info

@@ -0,0 +1,39 @@
+#!/bin/sh -e
+
+cableid=/usr/local/libexec/cable/cable-id
+title="Cables Communication Identity"
+
+if username=`${cableid} user 2>/dev/null`; then
+    torhost=`${cableid} tor | sed 's/\.onion$//'`
+    i2phost=`${cableid} i2p | sed 's/\.b32\.i2p$//'`
+else
+    message="<big><b>${title}</b></big>
+
+Cables communication addresses have not been configured.
+
+This is typically a result of disabled persistence: booting from an ISO image in a virtual machine, booting from an actual CD, or write-protecting the boot media.
+
+In order to enable persistence, install Liberté Linux to a writable media, such as a USB stick or an SD card."
+
+    exec zenity --error --title="${title}" --text="${message}"
+fi
+
+splitre='s@\([[:alnum:]]\{4\}\)\([[:alnum:]]\{4\}\)\?@<span foreground="red">\1</span><span foreground="blue">\2</span>@g'
+username=`echo "${username}" | sed "${splitre}"`
+torhost=`echo "${torhost}" | sed "${splitre}"`.onion
+i2phost=`echo "${i2phost}" | sed "${splitre}"`.b32.i2p
+
+message="<big><b>${title}</b></big>
+
+You can use the following addresses for cables communication via Claws-Mail:
+
+<b>Username</b>: <big><tt>${username}</tt></big>
+
+<b>Tor hostname</b>: <big><tt>@${torhost}</tt></big>
+<b>I2P hostname</b>: <big><tt>@${i2phost}</tt></big>
+
+Your address is the username concatenated with one of the hostnames (including ‘<tt>@</tt>’). Always check the username of incoming messages — its authenticity is guaranteed by the cables communication protocol. When manually reading addresses, keep in mind that only digits <tt>2</tt>–<tt>7</tt> are used, the rest are letters.
+
+You can set either address in Claws-Mail account settings. Upon startup, Claws-Mail will reset the account to Tor-based address if the configured address is not one of the above."
+
+exec zenity --info --title="${title}" --text="${message}"

src/home/anon/bin/claws-mail

@@ -5,11 +5,13 @@ cablesend=${HOME}/bin/wrappers/cable-send
 confdir=${XDG_CONFIG_HOME}/claws-mail
 
 # If neither Tor nor I2P address is selected, configure the Tor one
-if toraddress=`${cableid} tor 2>/dev/null`; then
-    i2paddress=`${cableid} i2p`
+if username=`${cableid} user 2>/dev/null`; then
+    torhost=`${cableid} tor`
+    i2phost=`${cableid} i2p`
 
-    if ! grep -q "^address=\(${toraddress}\|${i2paddress}\)\$" ${confdir}/accountrc; then
-        sed -i "s/^\(address=\).*/\1${toraddress}/" ${confdir}/accountrc
+    if ! grep -q "^address=${username}@\(${torhost}\|${i2phost}\)\$" ${confdir}/accountrc; then
+        echo "Resetting account address to ${username}@${torhost}"
+        sed -i "s/^\(address=\).*/\1${username}@${torhost}/" ${confdir}/accountrc
     fi
 fi
 

src/home/anon/bin/wrappers/ssh

@@ -1,3 +0,0 @@
-#!/bin/sh
-
-exec /usr/bin/ssh -F ${XDG_CONFIG_HOME}/ssh/config "$@"

src/home/anon/config/local/applications/cable-info.desktop

@@ -0,0 +1,8 @@
+[Desktop Entry]
+Name=Cables Identity
+Comment=Show user identity for secure cables communication
+Exec=cable-info
+Terminal=false
+Type=Application
+Categories=GTK;Network;Email;
+Icon=emblem-mail

src/home/anon/config/pgp/gpg.conf

@@ -3,12 +3,14 @@ keyring liberte.gpg
 
 cipher-algo AES256
 
+# Indymedia's Onion keyserver
+keyserver         hkp://2eghzlv2wwcq7u7y.onion
+
 # NOTE: SSL timeout bug in curl, fixed in 7.21.7
-keyserver         hkps://zimmermann.mayfirst.org
-keyserver-options ca-cert-file=~/persist/security/pgp/mfpl.crt
+# keyserver         hkps://zimmermann.mayfirst.org
+# keyserver-options ca-cert-file=~/persist/security/pgp/mfpl.crt
 
 # keyserver         hkps://keys.indymedia.org
-# keyserver (alt)   hkp://2eghzlv2wwcq7u7y.onion
 # keyserver-options ca-cert-file=/etc/ssl/certs/cacert.org.pem
 
 # keyserver x-hkp://pool.sks-keyservers.net

src/home/anon/config/x11/xsession

@@ -50,6 +50,11 @@ parcellite &
 scim -d &
 nm-applet &
 
+# Launch shared clipboard service on VirtualBox [--clipboard/display/seamless]
+if VBoxControl -nologo guestproperty get /VirtualBox/HostInfo/VBoxVer 1>/dev/null 2>&1; then
+    VBoxClient --clipboard &
+fi
+
 # Wait for WM exit
 wait ${WM_PID}
 

src/opt/i2p/wrapper.config

@@ -71,8 +71,8 @@ wrapper.logfile.maxsize=8k
 wrapper.logfile.maxfiles=1
 
 # File and syslog log levels
-wrapper.logfile.loglevel=FATAL
-wrapper.syslog.loglevel=INFO
+wrapper.logfile.loglevel=INFO
+wrapper.syslog.loglevel=ERROR
 
 # choose what to do if the JVM kills itself based on the exit code
 wrapper.on_exit.default=SHUTDOWN

src/root/config/linux-2.6.39-hardened.config

@@ -1,7 +1,7 @@
 #
 # Automatically generated make config: don't edit
 # Linux/i386 2.6.39-hardened-r8 Kernel Configuration
-# Wed Aug 17 13:51:27 2011
+# Tue Aug 30 04:06:18 2011
 #
 # CONFIG_64BIT is not set
 CONFIG_X86_32=y
@@ -1017,7 +1017,7 @@ CONFIG_TIFM_7XX1=m
 # CONFIG_SENSORS_APDS990X is not set
 # CONFIG_HMC6352 is not set
 # CONFIG_DS1682 is not set
-# CONFIG_VMWARE_BALLOON is not set
+CONFIG_VMWARE_BALLOON=m
 # CONFIG_BMP085 is not set
 CONFIG_PCH_PHUB=m
 # CONFIG_C2PORT is not set
@@ -1077,10 +1077,87 @@ CONFIG_SCSI_WAIT_SCAN=m
 CONFIG_SCSI_SPI_ATTRS=m
 # CONFIG_SCSI_FC_ATTRS is not set
 # CONFIG_SCSI_ISCSI_ATTRS is not set
-# CONFIG_SCSI_SAS_ATTRS is not set
+CONFIG_SCSI_SAS_ATTRS=m
 # CONFIG_SCSI_SAS_LIBSAS is not set
 # CONFIG_SCSI_SRP_ATTRS is not set
-# CONFIG_SCSI_LOWLEVEL is not set
+CONFIG_SCSI_LOWLEVEL=y
+# CONFIG_ISCSI_TCP is not set
+# CONFIG_ISCSI_BOOT_SYSFS is not set
+# CONFIG_SCSI_CXGB3_ISCSI is not set
+# CONFIG_SCSI_CXGB4_ISCSI is not set
+# CONFIG_SCSI_BNX2_ISCSI is not set
+# CONFIG_SCSI_BNX2X_FCOE is not set
+# CONFIG_BE2ISCSI is not set
+# CONFIG_BLK_DEV_3W_XXXX_RAID is not set
+# CONFIG_SCSI_HPSA is not set
+# CONFIG_SCSI_3W_9XXX is not set
+# CONFIG_SCSI_3W_SAS is not set
+# CONFIG_SCSI_7000FASST is not set
+# CONFIG_SCSI_ACARD is not set
+# CONFIG_SCSI_AHA152X is not set
+# CONFIG_SCSI_AHA1542 is not set
+# CONFIG_SCSI_AHA1740 is not set
+# CONFIG_SCSI_AACRAID is not set
+# CONFIG_SCSI_AIC7XXX is not set
+# CONFIG_SCSI_AIC7XXX_OLD is not set
+# CONFIG_SCSI_AIC79XX is not set
+# CONFIG_SCSI_AIC94XX is not set
+# CONFIG_SCSI_MVSAS is not set
+# CONFIG_SCSI_DPT_I2O is not set
+# CONFIG_SCSI_ADVANSYS is not set
+# CONFIG_SCSI_IN2000 is not set
+# CONFIG_SCSI_ARCMSR is not set
+# CONFIG_MEGARAID_NEWGEN is not set
+# CONFIG_MEGARAID_LEGACY is not set
+# CONFIG_MEGARAID_SAS is not set
+# CONFIG_SCSI_MPT2SAS is not set
+# CONFIG_SCSI_HPTIOP is not set
+CONFIG_SCSI_BUSLOGIC=m
+CONFIG_SCSI_FLASHPOINT=y
+CONFIG_VMWARE_PVSCSI=m
+# CONFIG_LIBFC is not set
+# CONFIG_LIBFCOE is not set
+# CONFIG_FCOE is not set
+# CONFIG_FCOE_FNIC is not set
+# CONFIG_SCSI_DMX3191D is not set
+# CONFIG_SCSI_DTC3280 is not set
+# CONFIG_SCSI_EATA is not set
+# CONFIG_SCSI_FUTURE_DOMAIN is not set
+# CONFIG_SCSI_GDTH is not set
+# CONFIG_SCSI_GENERIC_NCR5380 is not set
+# CONFIG_SCSI_GENERIC_NCR5380_MMIO is not set
+# CONFIG_SCSI_IPS is not set
+# CONFIG_SCSI_INITIO is not set
+# CONFIG_SCSI_INIA100 is not set
+# CONFIG_SCSI_PPA is not set
+# CONFIG_SCSI_IMM is not set
+# CONFIG_SCSI_NCR53C406A is not set
+# CONFIG_SCSI_STEX is not set
+CONFIG_SCSI_SYM53C8XX_2=m
+CONFIG_SCSI_SYM53C8XX_DMA_ADDRESSING_MODE=1
+CONFIG_SCSI_SYM53C8XX_DEFAULT_TAGS=16
+CONFIG_SCSI_SYM53C8XX_MAX_TAGS=64
+CONFIG_SCSI_SYM53C8XX_MMIO=y
+# CONFIG_SCSI_IPR is not set
+# CONFIG_SCSI_PAS16 is not set
+# CONFIG_SCSI_QLOGIC_FAS is not set
+# CONFIG_SCSI_QLOGIC_1280 is not set
+# CONFIG_SCSI_QLA_FC is not set
+# CONFIG_SCSI_QLA_ISCSI is not set
+# CONFIG_SCSI_LPFC is not set
+# CONFIG_SCSI_SIM710 is not set
+# CONFIG_SCSI_SYM53C416 is not set
+# CONFIG_SCSI_DC395x is not set
+# CONFIG_SCSI_DC390T is not set
+# CONFIG_SCSI_T128 is not set
+# CONFIG_SCSI_U14_34F is not set
+# CONFIG_SCSI_ULTRASTOR is not set
+# CONFIG_SCSI_NSP32 is not set
+# CONFIG_SCSI_DEBUG is not set
+# CONFIG_SCSI_PMCRAID is not set
+# CONFIG_SCSI_PM8001 is not set
+# CONFIG_SCSI_SRP is not set
+# CONFIG_SCSI_BFA_FC is not set
 # CONFIG_SCSI_LOWLEVEL_PCMCIA is not set
 # CONFIG_SCSI_DH is not set
 # CONFIG_SCSI_OSD_INITIATOR is not set
@@ -1199,7 +1276,13 @@ CONFIG_DM_CRYPT=m
 CONFIG_DM_UEVENT=y
 # CONFIG_DM_FLAKEY is not set
 # CONFIG_TARGET_CORE is not set
-# CONFIG_FUSION is not set
+CONFIG_FUSION=y
+CONFIG_FUSION_SPI=m
+# CONFIG_FUSION_FC is not set
+CONFIG_FUSION_SAS=m
+CONFIG_FUSION_MAX_SGE=128
+# CONFIG_FUSION_CTL is not set
+# CONFIG_FUSION_LOGGING is not set
 
 #
 # IEEE 1394 (FireWire) support
@@ -1788,7 +1871,7 @@ CONFIG_I2C_EG20T=m
 CONFIG_ARCH_WANT_OPTIONAL_GPIOLIB=y
 # CONFIG_GPIOLIB is not set
 # CONFIG_W1 is not set
-CONFIG_POWER_SUPPLY=y
+CONFIG_POWER_SUPPLY=m
 # CONFIG_POWER_SUPPLY_DEBUG is not set
 # CONFIG_PDA_POWER is not set
 # CONFIG_TEST_POWER is not set
@@ -3234,7 +3317,7 @@ CONFIG_GRKERNSEC_PROC_MEMMAP=y
 CONFIG_GRKERNSEC_BRUTE=y
 CONFIG_GRKERNSEC_MODHARDEN=y
 # CONFIG_GRKERNSEC_HIDESYM is not set
-CONFIG_GRKERNSEC_KERN_LOCKOUT=y
+# CONFIG_GRKERNSEC_KERN_LOCKOUT is not set
 
 #
 # Role Based Access Control Options

src/root/initrd/init

@@ -34,7 +34,8 @@ done
 
 
 # Specify required filesystem modules (no autoloading on mount)
-eval force_load=\"loop squashfs unionfs \${force_load_"${param_cdroot_type}"}\"
+# Load EHCI unconditionally, otherwise USB 1.1 might be forced if OHCI/UHCI comes up first
+eval force_load=\"loop squashfs unionfs ehci-hcd \${force_load_"${param_cdroot_type}"}\"
 
 
 # Handle uvesafb

src/root/initrd/modules.extra

@@ -17,8 +17,8 @@ usbhid
 
 # USB storage devices
 usb-storage
-uhci-hcd
 ehci-hcd
+uhci-hcd
 ohci-hcd
 
 # Virtio storage (e.g., QEMU)

src/root/setup

@@ -80,6 +80,7 @@ if [ "$1" = fresh  -o  ! -e /usr/src/linux-${kversion}/incremental ]; then
     # Kernel sources should be present when sys-fs/udev is compiled
     # Maintainer note: after non-fresh kernel update+compile, do
     # emerge -q1 dev-libs/klibc media-gfx/splashutils sys-apps/v86d
+    #            x11-drivers/xf86-video-virtualbox app-emulation/virtualbox-guest-additions
     sinfo "Downloading kernel ${kversion}"
     rm -rf /usr/src/linux-${kversion} /lib/modules
     emerge -q1 =sys-kernel/hardened-sources-${hsversion}
@@ -319,10 +320,14 @@ if [ -e /usr/share/fonts/default ]; then
 fi
 
 
-sinfo "Configuring Mesa"
-for mfam in `eselect mesa list | sed -n 's/^\([^[:blank:]]\+\).*/\1/p'`; do
-    eselect mesa set ${mfam} classic
+# http://www.x.org/wiki/GalliumStatus
+sinfo "Configuring Mesa, OpenGL and XvMC"
+for mfam in r300 r600; do
+    eselect mesa set ${mfam} gallium
 done
+eselect mesa   set --auto
+eselect opengl set xorg-x11
+eselect xvmc   set xorg-x11
 
 
 # The piciids/usbids sites are notorious for various failures
@@ -341,7 +346,12 @@ if [ ! -e /usr/share/misc/pci.ids  -o  ! -e /usr/share/misc/usb.ids ]; then
     exit 1
 fi
 
-wget -nv -O /opt/i2p/hosts.txt ${i2phosts}
+if wget -nv -O /opt/i2p/hosts.txt.new ${i2phosts}; then
+    mv /opt/i2p/hosts.txt{.new,}
+else
+    echo "I2P hosts.txt update failed (ignoring)"
+    rm -f /opt/i2p/hosts.txt.new
+fi
 
 
 sinfo "Verifying PCI, USB, SMART and I2P hosts databases"
@@ -382,7 +392,7 @@ svcsysinit="udev"
 svcboot="consolefont microcode_ctl irqbalance haveged kexec
          metalog iptables consolekit alsasound fbcondecor
          lockdown"
-svcdefault="liberte identity cabled persist xconfig
+svcdefault="liberte identity cabled persist xconfig vmconfig
             acpid laptop_mode gpm smartd bluetooth
             nscd autofs NetworkManager privoxy
             nginx spawn-fcgi.cable udev-postmount"
@@ -420,14 +430,15 @@ chmod 664       /var/run/utmp
 
 # Root password good for maintenance before /etc/init.d/local.start is in charge
 # "grpck -r" fails during early emerge shadow because of user "games" in /etc/group
-# "wheel"   group: necessary for su/sudo PAM authentication + GRSEC TPE (= 10)
-# "users"   group: some apps require for DBUS communication
-# "plugdev" group: changing NetworkManager settings via DBUS
-# "audio"   group: ALSA/OSS devices access
-# "video"   group: V4L2 devices access (webcam - mplayer tv://)
-# "cdrom"   group: raw CD devices access (cd playing + cd/dvd writing)
-# "lp"      group: printing subsystem access (CUPS; DBUS comm. with bluetoothd)
-# "games"   group: prevent games complaining about not keeping scores
+# "wheel"     group: necessary for su/sudo PAM authentication + GRSEC TPE (= 10)
+# "users"     group: some apps require for DBUS communication
+# "plugdev"   group: changing NetworkManager settings via DBUS
+# "audio"     group: ALSA/OSS devices access
+# "video"     group: V4L2 devices access (webcam - mplayer tv://)
+# "cdrom"     group: raw CD devices access (cd playing + cd/dvd writing)
+# "lp"        group: printing subsystem access (CUPS; DBUS comm. with bluetoothd)
+# "games"     group: prevent games complaining about not keeping scores
+# "vboxguest" group: VirtualBox seamless mode, auto-resize and clipboard
 sinfo "Setting up users"
 sed -i 's/^#\?\(ENCRYPT_METHOD\) .*/\1 SHA256/' /etc/login.defs
 
@@ -450,7 +461,7 @@ useradd -u 2101 -g legion -c "Anonymous"            -d /home/anon
 useradd -u 2102 -g nofw   -c "Non-firewalled"       -d /home/nofw -s /sbin/nologin nofw  || [ $? = 9 ]
 useradd -u 2103 -g cable  -c "Cables Communication" -d /dev/null  -s /sbin/nologin -G legion cable || [ $? = 9 ]
 
-usermod -G wheel,users,plugdev,audio,video,cdrom,lp,games anon
+usermod -G wheel,users,plugdev,audio,video,cdrom,lp,games,vboxguest anon
 
 useradd -c nscd    -d /dev/null -s /sbin/nologin -r nscd || [ $? = 9 ]
 useradd -c htpdate -d /dev/null -s /sbin/nologin -r htp  || [ $? = 9 ]

src/root/setup-copy

@@ -41,9 +41,10 @@ sed -i /TEMP/d /var/lib/portage/world /etc/portage/package.use
 # python:  portage, xcb-proto, libglade, gtk+, gucharmap, glib, exiv2, pidgin, mesa, gobject-introspection
 # perl:    gentoolkit, lm_sensors, graphicsmagick, eboard, xdg-utils, pptpclient
 # cpio:    splashutils
-# debianutils: ca-certificates
-# java:    jamvm
-# xorg fonts: font-misc-meltho
+# debianutils:     ca-certificates
+# java:            jamvm
+# xorg fonts:      font-misc-meltho
+# gst-plugins-bad: gst-plugins-vp8
 sinfo "Patching copies of selected ebuilds"
 ebuilds="app-misc/ca-certificates
          app-portage/gentoolkit
@@ -58,6 +59,7 @@ ebuilds="app-misc/ca-certificates
          media-gfx/graphicsmagick
          media-gfx/splashutils
          media-libs/mesa
+         media-plugins/gst-plugins-vp8
          net-dialup/pptpclient
          net-im/pidgin
          sys-apps/lm_sensors
@@ -114,6 +116,10 @@ sed -i 's:^\(inherit\>.*\) java-vm-2\>:\1:; s:\<dev-java/gjdoc\>::; s:\<dev-java
 # xorg-2 brings dependency on encodings/mkfontdir/mkfontscale
 sed -i 's:^inherit xorg-2$:SLOT="0":; s:^IUSE=""$:IUSE="X":' ${ebuild_fontmiscmeltho}
 
+# only libgstbasevideo is needed from gst-plugins-bad
+sed -i 's:>=media-libs/gst-plugins-bad-[^[:blank:]"]*::' ${ebuild_gstpluginsvp8}
+sed -i '\:/usr/lib/libgstbasevideo\>:d' /var/db/pkg/media-libs/gst-plugins-bad-*/CONTENTS
+
 for ebuild in ${!ebuild_*}; do
     eval ebuild=\$${ebuild}
     ebuild ${ebuild} manifest
@@ -127,6 +133,11 @@ echo sys-devel/gettext-0.15 >> /etc/portage/profile/package.provided
 # java-config wrappers are superfluous for minimal VMs (and require Python)
 echo dev-java/java-config-2.1.11 >> /etc/portage/profile/package.provided
 
+# virtualbox-guest-additions unnecessarily depends on xf86-video-virtualbox
+equery which app-emulation/virtualbox-guest-additions \
+    | sed 's:^.*/virtualbox-guest-additions:x11-drivers/xf86-video-virtualbox:; s:\.ebuild$::' \
+    >> /etc/portage/profile/package.provided
+
 
 # This recompiles packages with TEMP flags in package.use
 sinfo "Recompiling build-dependent packages"
@@ -143,7 +154,7 @@ rsync -aHS `find /usr/lib/gcc -name '*.so' -o -name '*.so.*'` /usr/lib/
 ldconfig
 
 echo sys-devel/libtool-2.2.10 >> /etc/portage/profile/package.provided
-mv /usr/lib/libltdl.* /tmp/
+sed -i '\:/usr/lib/libltdl\>:d' /var/db/pkg/sys-devel/libtool-*/CONTENTS
 
 
 # Unmerge some packages that are listed in the system profile
@@ -176,8 +187,6 @@ rm -f /usr/lib/{?,}crt?.o
 sinfo "Unmerging orphaned packages"
 emerge -qc --with-bdeps n
 
-# Take care of libtool libraries
-mv /tmp/libltdl.* /usr/lib/
 
 if [ -e /usr/bin/perl ]; then
     sinfo "Failed to discard Perl dependencies"
@@ -213,6 +222,11 @@ if [ -e /etc/gtk-2.0/gdk-pixbuf.loaders ]; then
 fi
 
 
+sinfo "Fixing Murrine themes for GTK-2"
+sed -i 's/_ratio\>/_shade/; /\<\(scrollbar_color\|gradients\)\>[[:blank:]]*=/d' \
+    /usr/share/themes/{Murr*,NOX}/gtk-2.0/gtkrc
+
+
 # Any problem will cause a fatal error
 sinfo "Checking linking consistency"
 revdep-rebuild -qi
@@ -312,8 +326,10 @@ sed -i 's/\<geeqie.desktop;gpicview.desktop;/gpicview.desktop;geeqie.desktop;/ ;
     /usr/share/applications/mimeinfo.cache
 
 
-sinfo "Generating GStreamer cache"
+# QuickTime (MP4) prevents HTML5 <video> from working
+sinfo "Generating GStreamer cache and filtering problematic plugins"
 rm -rf /var/cache/gstreamer
+rm /usr/lib/gstreamer-0.10/libgstqtdemux.*
 /usr/bin/gst-inspect* 1>/dev/null
 chmod -R go=u,go-w /var/cache/gstreamer
 

src/usr/bin/vmmouse_detect

@@ -0,0 +1,13 @@
+#!/bin/sh -e
+
+# Use virt-what instead of the segfaulting supplied binary
+# in xf86-input-vmmouse
+
+vm=`/usr/sbin/virt-what 2>/dev/null`
+
+case "${vm}" in
+    vmware)
+        ;;
+    *)
+        exit 1
+esac

src/usr/local/bin/reset-mixer

@@ -19,20 +19,21 @@ sset() {
     fi
 }
 
-sset Master         80% mute
-sset Capture        80% nocap
+sset Master               80% mute
+sset Capture              80% nocap
 
-sset PCM            80% unmute
-sset Speaker        80% unmute
-sset Headphone      80% unmute
+sset PCM                  80% unmute
+sset Speaker              80% unmute
+sset Headphone            80% unmute
 
-sset Front         100% unmute
-sset 'Mic Boost'   100% unmute
-sset 'Mic Boost',1 100% unmute
+sset Front               100% unmute
+sset 'Mic Boost'         100% unmute
+sset 'Mic Boost',1       100% unmute
+sset 'Mic Boost (+20dB)' 100% unmute
 
-sset Beep            0% mute
+sset Beep                  0% mute
 
-sset Digital        0dB
-sset Mic            cap mute
+sset Digital              0dB
+sset Mic                  cap mute
 
 echo "Adjusted ${count} mixer controls (muted Master, disabled Capture)"

src/usr/local/libexec/cable/cable-id

@@ -37,12 +37,16 @@ username=`cat ${username} | tr -cd a-z2-7`
 
 
 case "$1" in
+    user)
+        echo "${username}"
+        ;;
+
     tor)
-        echo "${username}"@"${torhost}"
+        echo "${torhost}"
         ;;
 
     i2p)
-        echo "${username}"@"${i2phost}"
+        echo "${i2phost}"
         ;;
 
     test)
@@ -51,6 +55,6 @@ case "$1" in
         ;;
 
     *)
-        error "param: tor|i2p|test"
+        error "param: user|tor|i2p|test"
         ;;
 esac

src/usr/local/libexec/cable/cable-ping

@@ -0,0 +1,44 @@
+#!/bin/sh -e
+
+# Setup environment with needed environment vars
+. "${0%"${0##*/}"}"suprofile
+
+
+# Command-line parameters
+if [ $# != 1 ]; then
+    echo "Format: $0 user@host"
+    exit 1
+fi
+
+
+error() {
+    echo "cable-ping: $@" 1>&2
+    exit 1
+}
+
+
+emailregex="${CABLE_REGEX}"
+cableregex="LIBERTE CABLE [[:alnum:]._-]+"
+maxresp=128
+addr="$1"
+
+if ! echo x "${addr}" | egrep -q "^x ${emailregex}$"; then
+    error "unsupported address"
+fi
+
+
+user=`echo "${addr}" | cut -d@ -f1`
+host=`echo "${addr}" | cut -d@ -f2`
+url=http://"${host}"/"${user}"/request/ver
+
+
+# Pipe eats curl's error status, if any
+resp=`curl -sSfg "${url}" 2>&1 | head -c ${maxresp} | tr -cd '[:alnum:][:blank:]:()._-'`
+
+if echo x "${resp}" | grep -q "^x curl:"; then
+    error "communication error: ${resp}"
+elif echo x "${resp}" | egrep -q "^x ${cableregex}$"; then
+    echo "${resp}"
+else
+    error "unexpected output: ${resp}"
+fi

src/usr/local/sbin/fw-reload

@@ -4,17 +4,17 @@ luser=anon
 nofw=nofw
 cable=cable
 
-# ReachableAddresses ports in /etc/tor/torrc
+# ReachableAddresses ports in /etc/tor/torrc [uid=tor]
 torports=80,443
 
-# VPN TCP/UDP server ports (PPTP, OpenVPN, Cisco)
-vpntports=1723,openvpn,10000
+# VPN TCP/UDP server ports (PPTP, OpenVPN, Cisco) [uid=root]
+vpntports=https,1723,openvpn,10000
 vpnuports=openvpn,isakmp,ipsec-nat-t,10000
 
-# Ports used by HotSpot registration pages
+# Ports used by HotSpot registration pages [uid=nofw]
 hotspot=http,https,webcache,tproxy,3128,3660,8088,11523,58080,1024:65535
 
-# Ports used by I2P outbound connections (don't assume the default random ports)
+# Ports used by I2P outbound connections (don't assume the default random ports) [uid=i2p]
 i2ptports=https,8887,9000:31000,1024:65535
 i2puports=8887,9000:31000,1024:65535
 

src/usr/local/sbin/ps-mount

@@ -18,7 +18,7 @@ if [ "$1" = fork ]; then
     daemon=/etc/init.d/autofs
 
     # Mount options (permissions: rw-r----- / rwx--x---)
-    supported=" ext2 ext3 ext4 vfat msdos ntfs iso9660 udf "
+    supported=" ext2 ext3 ext4 vfat msdos ntfs iso9660 udf vboxsf "
     luser=anon
     lgroup=legion
     opts_common=noatime,nosuid,nodev,noexec
@@ -30,6 +30,7 @@ if [ "$1" = fork ]; then
     opts_ext2=${opts_common},acl,user_xattr
     opts_ext3=${opts_ext2}
     opts_ext4=${opts_ext2}
+    opts_vboxsf=nosuid,nodev,noexec,uid=${luser},gid=${lgroup},umask=0177,dmask=077
     opts_auto=${opts_vfat}
 
     # Checking whether device is in fstab (except root fs), or is mounted
@@ -142,7 +143,7 @@ if [ "$1" = fork ]; then
     # (also update autokeys for reload_autofs)
     add_entry() {
         case "${ID_FS_TYPE}" in
-            auto|ext2|ext3|ext4|vfat|iso9660|udf)
+            auto|ext2|ext3|ext4|vfat|iso9660|udf|vboxsf)
                 eval type=${ID_FS_TYPE},\${opts_${ID_FS_TYPE}}
                 ;;
             msdos)

src/usr/local/src/cable-service.c

@@ -29,6 +29,7 @@
 
 #define MSGID_LENGTH         40
 #define TOR_HOSTNAME_LENGTH  16
+#define I2P_HOSTNAME_LENGTH  52
 #define USERNAME_LENGTH      32
 #define ACKHASH_LENGTH      128
 
@@ -47,7 +48,7 @@ static void retstatus(const char *status) {
 }
 
 
-/* lower-case hexadecimal */
+/* lowercase hexadecimal */
 static int vfyhex(int sz, const char *s) {
     if (strlen(s) != sz)
         return 0;
@@ -60,7 +61,7 @@ static int vfyhex(int sz, const char *s) {
 }
 
 
-/* lower-case Base-32 encoding (a-z, 2-7) */
+/* lowercase Base-32 encoding (a-z, 2-7) */
 static int vfybase32(int sz, const char *s) {
     if (strlen(s) != sz)
         return 0;
@@ -73,10 +74,10 @@ static int vfybase32(int sz, const char *s) {
 }
 
 
-/* lower case hostnames - currently, only .onion addresses are recognized */
+/* lowercase hostnames: recognizes .onion and .b32.i2p addresses */
 static int vfyhost(char *s) {
     int  result = 0;
-    char *dot   = strrchr(s, '.');
+    char *dot   = strchr(s, '.');
 
     if (dot) {
         *dot = '\0';
@@ -85,6 +86,10 @@ static int vfyhost(char *s) {
         if (!strcmp("onion", dot+1))
             result = vfybase32(TOR_HOSTNAME_LENGTH, s);
 
+        /* I2P .b32.i2p hostnames */
+        else if (!strcmp("b32.i2p", dot+1))
+            result = vfybase32(I2P_HOSTNAME_LENGTH, s);
+
         *dot = '.';
     }
 
@@ -299,10 +304,11 @@ int main() {
        rcp/<msgid>
        ack/<msgid>/<ackhash>
 
-       msgid:    MSGID_LENGTH        xdigits
-       ackhash:  ACKHASH_LENGTH      xdigits
-       hostname: TOR_HOSTNAME_LENGTH base-32 chars + ".onion"
-       username: USERNAME_LENGTH     base-32 chars
+       msgid:    MSGID_LENGTH        lowercase xdigits
+       ackhash:  ACKHASH_LENGTH      lowercase xdigits
+       hostname: TOR_HOSTNAME_LENGTH lowercase base-32 chars + ".onion"
+                 I2P_HOSTNAME_LENGTH lowercase base-32 chars + ".b32.i2p"
+       username: USERNAME_LENGTH     lowercase base-32 chars
     */
     if (!strcmp("ver", cmd)) {
         if (msgid)

src/var/lib/i2p/router/logger.config

@@ -5,6 +5,6 @@ logger.defaultLevel=ERROR
 logger.displayOnScreen=true
 logger.format=d p [t] c: m
 logger.logFileName=router-@.log
-logger.logFileSize=16k
-logger.logRotationLimit=1
+logger.logFileSize=8k
+logger.logRotationLimit=2
 logger.minimumOnScreenLevel=CRIT

src/var/lib/portage/world

@@ -125,6 +125,9 @@ media-sound/alsa-utils
 media-tv/v4l-utils
 net-print/ink
 
+# Virtualization
+app-emulation/virtualbox-guest-additions
+
 # Text utilities
 app-text/tree
 
@@ -166,14 +169,11 @@ net-irc/xchat
 # Plugins
 media-plugins/gst-plugins-gconf
 media-plugins/gst-plugins-meta
-media-plugins/gst-plugins-xvid
 media-plugins/gst-plugins-x264
 media-plugins/gst-plugins-vp8
 media-plugins/gst-plugins-speex
 media-plugins/gst-plugins-pango
 media-plugins/gst-plugins-soup
-media-plugins/gst-plugins-libmms
-media-plugins/gst-plugins-cdio
 x11-plugins/pidgin-otr
 x11-plugins/pidgin-libnotify