From 4feb9a2760387e0ea42c3f3e54e557401d5ec370 Mon Sep 17 00:00:00 2001 From: Darren 'Tadgy' Austin Date: Fri, 19 Sep 2025 15:56:16 +0000 Subject: [PATCH 01/26] Configure PHP. --- .gitattributesdb | 41 +- .gitignore | 1 - etc/periodic/weekly/9-clean-php | 4 + etc/php84/conf.d/.gitignore | 1 + etc/php84/conf.d/99_bcmath.ini | 4 + etc/php84/conf.d/99_curl.ini | 4 + etc/php84/conf.d/99_dba.ini | 2 + etc/php84/conf.d/99_exif.ini | 23 + etc/php84/conf.d/99_gd.ini | 6 + etc/php84/conf.d/99_iconv.ini | 17 + etc/php84/conf.d/99_imap.ini | 6 + etc/php84/conf.d/99_intl.ini | 7 + etc/php84/conf.d/99_ldap.ini | 3 + etc/php84/conf.d/99_mbstring | 78 +++ etc/php84/conf.d/99_mysqli.ini | 48 ++ etc/php84/conf.d/99_mysqlnd.ini | 33 ++ etc/php84/conf.d/99_odbc.ini | 40 ++ etc/php84/conf.d/99_opcache.ini | 148 +++++ etc/php84/conf.d/99_openssl.ini | 17 + etc/php84/conf.d/99_pdo.ini | 6 + etc/php84/conf.d/99_pdo_mysql.ini | 4 + etc/php84/conf.d/99_pgsql.ini | 27 + etc/php84/conf.d/99_phar.ini | 8 + etc/php84/conf.d/99_session.ini | 245 ++++++++ etc/php84/conf.d/99_soap.ini | 16 + etc/php84/conf.d/99_sqlite3.ini | 13 + etc/php84/conf.d/99_sysvshm.ini | 3 + etc/php84/conf.d/99_tidy.ini | 10 + etc/php84/php-fpm.conf | 143 +++++ etc/php84/php-fpm.d/www.conf | 424 ++++++++++++++ etc/php84/php.ini | 909 ++++++++++++++++++++++++++++++ var/.gitignore | 12 + var/lib/.gitignore | 9 + var/lib/php/sessions/.gitkeepdir | 0 var/lib/php/uploads/.gitkeepdir | 0 35 files changed, 2307 insertions(+), 5 deletions(-) create mode 100755 etc/periodic/weekly/9-clean-php create mode 100644 etc/php84/conf.d/.gitignore create mode 100644 etc/php84/conf.d/99_bcmath.ini create mode 100644 etc/php84/conf.d/99_curl.ini create mode 100644 etc/php84/conf.d/99_dba.ini create mode 100644 etc/php84/conf.d/99_exif.ini create mode 100644 etc/php84/conf.d/99_gd.ini create mode 100644 etc/php84/conf.d/99_iconv.ini create mode 100644 etc/php84/conf.d/99_imap.ini create mode 100644 etc/php84/conf.d/99_intl.ini create mode 100644 etc/php84/conf.d/99_ldap.ini create mode 100644 etc/php84/conf.d/99_mbstring create mode 100644 etc/php84/conf.d/99_mysqli.ini create mode 100644 etc/php84/conf.d/99_mysqlnd.ini create mode 100644 etc/php84/conf.d/99_odbc.ini create mode 100644 etc/php84/conf.d/99_opcache.ini create mode 100644 etc/php84/conf.d/99_openssl.ini create mode 100644 etc/php84/conf.d/99_pdo.ini create mode 100644 etc/php84/conf.d/99_pdo_mysql.ini create mode 100644 etc/php84/conf.d/99_pgsql.ini create mode 100644 etc/php84/conf.d/99_phar.ini create mode 100644 etc/php84/conf.d/99_session.ini create mode 100644 etc/php84/conf.d/99_soap.ini create mode 100644 etc/php84/conf.d/99_sqlite3.ini create mode 100644 etc/php84/conf.d/99_sysvshm.ini create mode 100644 etc/php84/conf.d/99_tidy.ini create mode 100644 etc/php84/php-fpm.conf create mode 100644 etc/php84/php-fpm.d/www.conf create mode 100644 etc/php84/php.ini create mode 100644 var/.gitignore create mode 100644 var/lib/.gitignore create mode 100644 var/lib/php/sessions/.gitkeepdir create mode 100644 var/lib/php/uploads/.gitkeepdir diff --git a/.gitattributesdb b/.gitattributesdb index 36c3582..39c8b82 100644 --- a/.gitattributesdb +++ b/.gitattributesdb @@ -5,12 +5,12 @@ LmdpdGhvb2tzL2dpdGF0dHJpYnV0ZXNkYg== 1757608819 1757608819 root:root 0755 - - LmdpdGhvb2tzL3Bvc3QtY2hlY2tvdXQ= 1757519106 1757519106 root:root 0755 - - LmdpdGhvb2tzL3Bvc3QtbWVyZ2U= 1757519106 1757519106 root:root 0755 - - LmdpdGhvb2tzL3ByZS1jb21taXQ= 1757519106 1757519106 root:root 0755 - - -LmdpdGlnbm9yZQ== 1758124916 1757593248 root:root 0644 - - +LmdpdGlnbm9yZQ== 1758288513 1757593248 root:root 0644 - - LmdpdG1vZHVsZXM= 1757607701 1757607701 root:root 0644 - - ZXRjLy5naXRpZ25vcmU= 1758218823 1757611781 root:root 0644 - - ZXRjL2FwYWNoZTIvLmdpdGlnbm9yZQ== 1757775950 1757775932 root:root 0644 - - -ZXRjL2FwYWNoZTIvaHR0cGQuY29uZg== 1758045891 1757785514 root:root 0644 - - -ZXRjL2FwYWNoZTIvc2l0ZXMuZC9jb3JlLnNsYWNrd2FyZS51ay5uZXQuY29uZg== 1758045929 1757785113 root:root 0644 - - +ZXRjL2FwYWNoZTIvaHR0cGQuY29uZg== 1758296678 1757785514 root:root 0644 - - +ZXRjL2FwYWNoZTIvc2l0ZXMuZC9jb3JlLnNsYWNrd2FyZS51ay5uZXQuY29uZg== 1758296215 1757785113 root:root 0644 - - ZXRjL2NvbmYuZC8uZ2l0aWdub3Jl 1758050750 1757609410 root:root 0644 - - ZXRjL2NvbmYuZC9ib290bWlzYw== 1757591865 1757591865 root:root 0644 - - ZXRjL2NvbmYuZC9ub2RlLWV4cG9ydGVy 1757592526 1757592526 root:root 0644 - - @@ -47,7 +47,36 @@ ZXRjL3BlcmlvZGljL2RhaWx5LzAtcm90YXRlLWxvZ3Mtc3ltbGlua3M= 1758222266 1758222266 r ZXRjL3BlcmlvZGljL2RhaWx5LzEwLWRlaHlkcmF0ZWQ= 1757708520 1757708520 root:root 0777 - - ZXRjL3BlcmlvZGljL2RhaWx5LzUtdXBkYXRlLXBhY2thZ2VzLWxpc3Q= 1757708520 1757708520 root:root 0777 - - ZXRjL3BlcmlvZGljL2RhaWx5Lzctd2Fybi1naXQtc3RhdHVz 1757708520 1757708520 root:root 0777 - - -ZXRjL3BrZ2xpc3Q= 1758211839 1757609913 root:root 0644 - - +ZXRjL3BlcmlvZGljL3dlZWtseS85LWNsZWFuLXBocA== 1758294154 1758289390 root:root 0755 - - +ZXRjL3BocDg0L2NvbmYuZC8uZ2l0aWdub3Jl 1758297315 1758297315 root:root 0644 - - +ZXRjL3BocDg0L2NvbmYuZC85OV9iY21hdGguaW5p 1758297191 1758297191 root:root 0644 - - +ZXRjL3BocDg0L2NvbmYuZC85OV9jdXJsLmluaQ== 1758297191 1758297191 root:root 0644 - - +ZXRjL3BocDg0L2NvbmYuZC85OV9kYmEuaW5p 1758297191 1758297191 root:root 0644 - - +ZXRjL3BocDg0L2NvbmYuZC85OV9leGlmLmluaQ== 1758297191 1758297191 root:root 0644 - - +ZXRjL3BocDg0L2NvbmYuZC85OV9nZC5pbmk= 1758297192 1758297191 root:root 0644 - - +ZXRjL3BocDg0L2NvbmYuZC85OV9pY29udi5pbmk= 1758297192 1758297192 root:root 0644 - - +ZXRjL3BocDg0L2NvbmYuZC85OV9pbWFwLmluaQ== 1758297192 1758297192 root:root 0644 - - +ZXRjL3BocDg0L2NvbmYuZC85OV9pbnRsLmluaQ== 1758297192 1758297192 root:root 0644 - - +ZXRjL3BocDg0L2NvbmYuZC85OV9sZGFwLmluaQ== 1758297192 1758297192 root:root 0644 - - +ZXRjL3BocDg0L2NvbmYuZC85OV9tYnN0cmluZw== 1758297192 1758297192 root:root 0644 - - +ZXRjL3BocDg0L2NvbmYuZC85OV9teXNxbGkuaW5p 1758297192 1758297192 root:root 0644 - - +ZXRjL3BocDg0L2NvbmYuZC85OV9teXNxbG5kLmluaQ== 1758297192 1758297192 root:root 0644 - - +ZXRjL3BocDg0L2NvbmYuZC85OV9vZGJjLmluaQ== 1758297192 1758297192 root:root 0644 - - +ZXRjL3BocDg0L2NvbmYuZC85OV9vcGNhY2hlLmluaQ== 1758297192 1758297192 root:root 0644 - - +ZXRjL3BocDg0L2NvbmYuZC85OV9vcGVuc3NsLmluaQ== 1758297192 1758297192 root:root 0644 - - +ZXRjL3BocDg0L2NvbmYuZC85OV9wZG8uaW5p 1758297192 1758297192 root:root 0644 - - +ZXRjL3BocDg0L2NvbmYuZC85OV9wZG9fbXlzcWwuaW5p 1758297192 1758297192 root:root 0644 - - +ZXRjL3BocDg0L2NvbmYuZC85OV9wZ3NxbC5pbmk= 1758297192 1758297192 root:root 0644 - - +ZXRjL3BocDg0L2NvbmYuZC85OV9waGFyLmluaQ== 1758297192 1758297192 root:root 0644 - - +ZXRjL3BocDg0L2NvbmYuZC85OV9zZXNzaW9uLmluaQ== 1758297192 1758297192 root:root 0644 - - +ZXRjL3BocDg0L2NvbmYuZC85OV9zb2FwLmluaQ== 1758297192 1758297192 root:root 0644 - - +ZXRjL3BocDg0L2NvbmYuZC85OV9zcWxpdGUzLmluaQ== 1758297192 1758297192 root:root 0644 - - +ZXRjL3BocDg0L2NvbmYuZC85OV9zeXN2c2htLmluaQ== 1758297192 1758297192 root:root 0644 - - +ZXRjL3BocDg0L2NvbmYuZC85OV90aWR5LmluaQ== 1758297192 1758297192 root:root 0644 - - +ZXRjL3BocDg0L3BocC1mcG0uY29uZg== 1758297200 1754432634 root:root 0644 - - +ZXRjL3BocDg0L3BocC1mcG0uZC93d3cuY29uZg== 1758297200 1754432634 root:root 0644 - - +ZXRjL3BocDg0L3BocC5pbmk= 1758297200 1754432634 root:root 0644 - - +ZXRjL3BrZ2xpc3Q= 1758240000 1757609913 root:root 0644 - - ZXRjL3B1c2hvdmVyLWNsaWVudC9kZWZhdWx0 1758224985 1758224590 root:root 0600 - - ZXRjL3Jlc29sdi5jb25m 1757611605 1757611605 root:root 0644 - - ZXRjL3J1bmxldmVscy9ib290Ly5naXRpZ25vcmU= 1757769666 1757598667 root:root 0644 - - @@ -101,6 +130,10 @@ cm9vdC8ubmFub3Jj 1757585756 1757585756 root:root 0644 - - cm9vdC8uc3NoLy5naXRpZ25vcmU= 1757593349 1757593349 root:root 0644 - - cm9vdC8uc3NoL2F1dGhvcml6ZWRfa2V5cw== 1757587611 1757587611 root:root 0644 - - c3J2L2RlaHlkcmF0ZWQvLmdpdGtlZXBkaXI= 1757776960 1757776960 root:root 0644 - - +dmFyLy5naXRpZ25vcmU= 1758288612 1758288560 root:root 0644 - - +dmFyL2xpYi8uZ2l0aWdub3Jl 1758288797 1758288764 root:root 0644 - - +dmFyL2xpYi9waHAvc2Vzc2lvbnMvLmdpdGtlZXBkaXI= 1758288483 1758288483 root:root 0644 - - +dmFyL2xpYi9waHAvdXBsb2Fkcy8uZ2l0a2VlcGRpcg== 1758293961 1758293961 root:root 0644 - - ZXRjL2RvYXMuY29uZg== 1728635393 1728635393 root:root 0640 - - ZXRjL2RvYXMuZA== 1757595612 1757595612 root:root 0750 - - ZXRjL3NoYWRvdw== 1757873748 1757869538 root:shadow 0640 - - diff --git a/.gitignore b/.gitignore index e4b9028..0324337 100644 --- a/.gitignore +++ b/.gitignore @@ -15,4 +15,3 @@ /sys/ /tmp/ /usr/ -/var/ diff --git a/etc/periodic/weekly/9-clean-php b/etc/periodic/weekly/9-clean-php new file mode 100755 index 0000000..dd0cd5d --- /dev/null +++ b/etc/periodic/weekly/9-clean-php @@ -0,0 +1,4 @@ +#!/bin/bash + +find /var/lib/php/sessions -mmin +1440 -type f -print0 | xargs -0 rm -f +find /var/lib/php/uploads -mmin +1440 -type f -print0 | xargs -0 rm -f diff --git a/etc/php84/conf.d/.gitignore b/etc/php84/conf.d/.gitignore new file mode 100644 index 0000000..af94d76 --- /dev/null +++ b/etc/php84/conf.d/.gitignore @@ -0,0 +1 @@ +/00_* diff --git a/etc/php84/conf.d/99_bcmath.ini b/etc/php84/conf.d/99_bcmath.ini new file mode 100644 index 0000000..0e9b8b5 --- /dev/null +++ b/etc/php84/conf.d/99_bcmath.ini @@ -0,0 +1,4 @@ +[bcmath] +; Number of decimal digits for all bcmath functions. +; http://php.net/bcmath.scale +bcmath.scale = 0 diff --git a/etc/php84/conf.d/99_curl.ini b/etc/php84/conf.d/99_curl.ini new file mode 100644 index 0000000..16b978e --- /dev/null +++ b/etc/php84/conf.d/99_curl.ini @@ -0,0 +1,4 @@ +[curl] +; A default value for the CURLOPT_CAINFO option. This is required to be an +; absolute path. +;curl.cainfo = diff --git a/etc/php84/conf.d/99_dba.ini b/etc/php84/conf.d/99_dba.ini new file mode 100644 index 0000000..e5bc8bf --- /dev/null +++ b/etc/php84/conf.d/99_dba.ini @@ -0,0 +1,2 @@ +[dba] +;dba.default_handler= diff --git a/etc/php84/conf.d/99_exif.ini b/etc/php84/conf.d/99_exif.ini new file mode 100644 index 0000000..b31c0ce --- /dev/null +++ b/etc/php84/conf.d/99_exif.ini @@ -0,0 +1,23 @@ +[exif] +; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS. +; With mbstring support this will automatically be converted into the encoding +; given by corresponding encode setting. When empty mbstring.internal_encoding +; is used. For the decode settings you can distinguish between motorola and +; intel byte order. A decode setting cannot be empty. +; http://php.net/exif.encode-unicode +;exif.encode_unicode = ISO-8859-15 + +; http://php.net/exif.decode-unicode-motorola +;exif.decode_unicode_motorola = UCS-2BE + +; http://php.net/exif.decode-unicode-intel +;exif.decode_unicode_intel = UCS-2LE + +; http://php.net/exif.encode-jis +;exif.encode_jis = + +; http://php.net/exif.decode-jis-motorola +;exif.decode_jis_motorola = JIS + +; http://php.net/exif.decode-jis-intel +;exif.decode_jis_intel = JIS diff --git a/etc/php84/conf.d/99_gd.ini b/etc/php84/conf.d/99_gd.ini new file mode 100644 index 0000000..9da3c78 --- /dev/null +++ b/etc/php84/conf.d/99_gd.ini @@ -0,0 +1,6 @@ +[gd] +; Tell the jpeg decode to ignore warnings and try to create +; a gd image. The warning will then be displayed as notices +; disabled by default +; http://php.net/gd.jpeg-ignore-warning +;gd.jpeg_ignore_warning = 1 diff --git a/etc/php84/conf.d/99_iconv.ini b/etc/php84/conf.d/99_iconv.ini new file mode 100644 index 0000000..14bcfd5 --- /dev/null +++ b/etc/php84/conf.d/99_iconv.ini @@ -0,0 +1,17 @@ +[iconv] +; Use of this INI entry is deprecated, use global input_encoding instead. +; If empty, default_charset or input_encoding or iconv.input_encoding is used. +; The precedence is: default_charset < input_encoding < iconv.input_encoding +;iconv.input_encoding = + +; Use of this INI entry is deprecated, use global internal_encoding instead. +; If empty, default_charset or internal_encoding or iconv.internal_encoding is used. +; The precedence is: default_charset < internal_encoding < iconv.internal_encoding +;iconv.internal_encoding = + +; Use of this INI entry is deprecated, use global output_encoding instead. +; If empty, default_charset or output_encoding or iconv.output_encoding is used. +; The precedence is: default_charset < output_encoding < iconv.output_encoding +; To use an output encoding conversion, iconv's output handler must be set +; otherwise output encoding conversion cannot be performed. +;iconv.output_encoding = diff --git a/etc/php84/conf.d/99_imap.ini b/etc/php84/conf.d/99_imap.ini new file mode 100644 index 0000000..060b23c --- /dev/null +++ b/etc/php84/conf.d/99_imap.ini @@ -0,0 +1,6 @@ +[imap] +; rsh/ssh logins are disabled by default. Use this INI entry if you want to +; enable them. Note that the IMAP library does not filter mailbox names before +; passing them to rsh/ssh command, thus passing untrusted data to this function +; with rsh/ssh enabled is insecure. +;imap.enable_insecure_rsh=0 diff --git a/etc/php84/conf.d/99_intl.ini b/etc/php84/conf.d/99_intl.ini new file mode 100644 index 0000000..c36c85c --- /dev/null +++ b/etc/php84/conf.d/99_intl.ini @@ -0,0 +1,7 @@ +[intl] +;intl.default_locale = +; This directive allows you to produce PHP errors when some error +; happens within intl functions. The value is the level of the error produced. +; Default is 0, which does not produce any errors. +;intl.error_level = E_WARNING +;intl.use_exceptions = 0 diff --git a/etc/php84/conf.d/99_ldap.ini b/etc/php84/conf.d/99_ldap.ini new file mode 100644 index 0000000..941d8b2 --- /dev/null +++ b/etc/php84/conf.d/99_ldap.ini @@ -0,0 +1,3 @@ +[ldap] +; Sets the maximum number of open links or -1 for unlimited. +ldap.max_links = -1 diff --git a/etc/php84/conf.d/99_mbstring b/etc/php84/conf.d/99_mbstring new file mode 100644 index 0000000..a5dbc73 --- /dev/null +++ b/etc/php84/conf.d/99_mbstring @@ -0,0 +1,78 @@ +[mbstring] +; language for internal character representation. +; This affects mb_send_mail() and mbstring.detect_order. +; http://php.net/mbstring.language +;mbstring.language = Japanese + +; Use of this INI entry is deprecated, use global internal_encoding instead. +; internal/script encoding. +; Some encoding cannot work as internal encoding. (e.g. SJIS, BIG5, ISO-2022-*) +; If empty, default_charset or internal_encoding or iconv.internal_encoding is used. +; The precedence is: default_charset < internal_encoding < iconv.internal_encoding +;mbstring.internal_encoding = + +; Use of this INI entry is deprecated, use global input_encoding instead. +; http input encoding. +; mbstring.encoding_translation = On is needed to use this setting. +; If empty, default_charset or input_encoding or mbstring.input is used. +; The precedence is: default_charset < input_encoding < mbstring.http_input +; http://php.net/mbstring.http-input +;mbstring.http_input = + +; Use of this INI entry is deprecated, use global output_encoding instead. +; http output encoding. +; mb_output_handler must be registered as output buffer to function. +; If empty, default_charset or output_encoding or mbstring.http_output is used. +; The precedence is: default_charset < output_encoding < mbstring.http_output +; To use an output encoding conversion, mbstring's output handler must be set +; otherwise output encoding conversion cannot be performed. +; http://php.net/mbstring.http-output +;mbstring.http_output = + +; enable automatic encoding translation according to +; mbstring.internal_encoding setting. Input chars are +; converted to internal encoding by setting this to On. +; Note: Do _not_ use automatic encoding translation for +; portable libs/applications. +; http://php.net/mbstring.encoding-translation +;mbstring.encoding_translation = Off + +; automatic encoding detection order. +; "auto" detect order is changed according to mbstring.language +; http://php.net/mbstring.detect-order +;mbstring.detect_order = auto + +; substitute_character used when character cannot be converted +; one from another +; http://php.net/mbstring.substitute-character +;mbstring.substitute_character = none + +; overload(replace) single byte functions by mbstring functions. +; mail(), ereg(), etc are overloaded by mb_send_mail(), mb_ereg(), +; etc. Possible values are 0,1,2,4 or combination of them. +; For example, 7 for overload everything. +; 0: No overload +; 1: Overload mail() function +; 2: Overload str*() functions +; 4: Overload ereg*() functions +; http://php.net/mbstring.func-overload +mbstring.func_overload = 0 + +; enable strict encoding detection. +; Default: Off +;mbstring.strict_detection = On + +; This directive specifies the regex pattern of content types for which mb_output_handler() +; is activated. +; Default: mbstring.http_output_conv_mimetype=^(text/|application/xhtml\+xml) +;mbstring.http_output_conv_mimetype= + +; This directive specifies maximum stack depth for mbstring regular expressions. It is similar +; to the pcre.recursion_limit for PCRE. +; Default: 100000 +;mbstring.regex_stack_limit=100000 + +; This directive specifies maximum retry count for mbstring regular expressions. It is similar +; to the pcre.backtrack_limit for PCRE. +; Default: 1000000 +;mbstring.regex_retry_limit=1000000 diff --git a/etc/php84/conf.d/99_mysqli.ini b/etc/php84/conf.d/99_mysqli.ini new file mode 100644 index 0000000..a6c2571 --- /dev/null +++ b/etc/php84/conf.d/99_mysqli.ini @@ -0,0 +1,48 @@ +[MySQLi] + +; Maximum number of persistent links. -1 means no limit. +; http://php.net/mysqli.max-persistent +mysqli.max_persistent = -1 + +; Allow accessing, from PHP's perspective, local files with LOAD DATA statements +; http://php.net/mysqli.allow_local_infile +;mysqli.allow_local_infile = On + +; Allow or prevent persistent links. +; http://php.net/mysqli.allow-persistent +mysqli.allow_persistent = On + +; Maximum number of links. -1 means no limit. +; http://php.net/mysqli.max-links +mysqli.max_links = -1 + +; Default port number for mysqli_connect(). If unset, mysqli_connect() will use +; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the +; compile-time value defined MYSQL_PORT (in that order). Win32 will only look +; at MYSQL_PORT. +; http://php.net/mysqli.default-port +mysqli.default_port = 3306 + +; Default socket name for local MySQL connects. If empty, uses the built-in +; MySQL defaults. +; http://php.net/mysqli.default-socket +mysqli.default_socket = + +; Default host for mysqli_connect() (doesn't apply in safe mode). +; http://php.net/mysqli.default-host +mysqli.default_host = + +; Default user for mysqli_connect() (doesn't apply in safe mode). +; http://php.net/mysqli.default-user +mysqli.default_user = + +; Default password for mysqli_connect() (doesn't apply in safe mode). +; Note that this is generally a *bad* idea to store passwords in this file. +; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw") +; and reveal this password! And of course, any users with read access to this +; file will be able to reveal the password as well. +; http://php.net/mysqli.default-pw +mysqli.default_pw = + +; Allow or prevent reconnect +mysqli.reconnect = Off diff --git a/etc/php84/conf.d/99_mysqlnd.ini b/etc/php84/conf.d/99_mysqlnd.ini new file mode 100644 index 0000000..8d8978d --- /dev/null +++ b/etc/php84/conf.d/99_mysqlnd.ini @@ -0,0 +1,33 @@ +[mysqlnd] +; Enable / Disable collection of general statistics by mysqlnd which can be +; used to tune and monitor MySQL operations. +mysqlnd.collect_statistics = On + +; Enable / Disable collection of memory usage statistics by mysqlnd which can be +; used to tune and monitor MySQL operations. +mysqlnd.collect_memory_statistics = Off + +; Records communication from all extensions using mysqlnd to the specified log +; file. +; http://php.net/mysqlnd.debug +;mysqlnd.debug = + +; Defines which queries will be logged. +;mysqlnd.log_mask = 0 + +; Default size of the mysqlnd memory pool, which is used by result sets. +;mysqlnd.mempool_default_size = 16000 + +; Size of a pre-allocated buffer used when sending commands to MySQL in bytes. +;mysqlnd.net_cmd_buffer_size = 2048 + +; Size of a pre-allocated buffer used for reading data sent by the server in +; bytes. +;mysqlnd.net_read_buffer_size = 32768 + +; Timeout for network requests in seconds. +;mysqlnd.net_read_timeout = 31536000 + +; SHA-256 Authentication Plugin related. File with the MySQL server public RSA +; key. +;mysqlnd.sha256_server_public_key = diff --git a/etc/php84/conf.d/99_odbc.ini b/etc/php84/conf.d/99_odbc.ini new file mode 100644 index 0000000..13d3635 --- /dev/null +++ b/etc/php84/conf.d/99_odbc.ini @@ -0,0 +1,40 @@ +[ODBC] +; http://php.net/odbc.default-db +;odbc.default_db = Not yet implemented + +; http://php.net/odbc.default-user +;odbc.default_user = Not yet implemented + +; http://php.net/odbc.default-pw +;odbc.default_pw = Not yet implemented + +; Controls the ODBC cursor model. +; Default: SQL_CURSOR_STATIC (default). +;odbc.default_cursortype + +; Allow or prevent persistent links. +; http://php.net/odbc.allow-persistent +odbc.allow_persistent = On + +; Check that a connection is still valid before reuse. +; http://php.net/odbc.check-persistent +odbc.check_persistent = On + +; Maximum number of persistent links. -1 means no limit. +; http://php.net/odbc.max-persistent +odbc.max_persistent = -1 + +; Maximum number of links (persistent + non-persistent). -1 means no limit. +; http://php.net/odbc.max-links +odbc.max_links = -1 + +; Handling of LONG fields. Returns number of bytes to variables. 0 means +; passthru. +; http://php.net/odbc.defaultlrl +odbc.defaultlrl = 4096 + +; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char. +; See the documentation on odbc_binmode and odbc_longreadlen for an explanation +; of odbc.defaultlrl and odbc.defaultbinmode +; http://php.net/odbc.defaultbinmode +odbc.defaultbinmode = 1 diff --git a/etc/php84/conf.d/99_opcache.ini b/etc/php84/conf.d/99_opcache.ini new file mode 100644 index 0000000..3beda00 --- /dev/null +++ b/etc/php84/conf.d/99_opcache.ini @@ -0,0 +1,148 @@ +[opcache] +; Determines if Zend OPCache is enabled +opcache.enable=1 + +; Determines if Zend OPCache is enabled for the CLI version of PHP +opcache.enable_cli=0 + +; The OPcache shared memory storage size. +opcache.memory_consumption=64 + +; The amount of memory for interned strings in Mbytes. +;opcache.interned_strings_buffer=8 + +; The maximum number of keys (scripts) in the OPcache hash table. +; Only numbers between 200 and 1000000 are allowed. +opcache.max_accelerated_files=1000 + +; The maximum percentage of "wasted" memory until a restart is scheduled. +;opcache.max_wasted_percentage=5 + +; When this directive is enabled, the OPcache appends the current working +; directory to the script key, thus eliminating possible collisions between +; files with the same name (basename). Disabling the directive improves +; performance, but may break existing applications. +opcache.use_cwd=1 + +; When disabled, you must reset the OPcache manually or restart the +; webserver for changes to the filesystem to take effect. +;opcache.validate_timestamps=1 + +; How often (in seconds) to check file timestamps for changes to the shared +; memory storage allocation. ("1" means validate once per second, but only +; once per request. "0" means always validate) +;opcache.revalidate_freq=2 + +; Enables or disables file search in include_path optimization +;opcache.revalidate_path=0 + +; If disabled, all PHPDoc comments are dropped from the code to reduce the +; size of the optimized code. +opcache.save_comments=0 + +; Allow file existence override (file_exists, etc.) performance feature. +;opcache.enable_file_override=0 + +; A bitmask, where each bit enables or disables the appropriate OPcache +; passes +;opcache.optimization_level=0x7FFFBFFF + +;opcache.dups_fix=0 + +; The location of the OPcache blacklist file (wildcards allowed). +; Each OPcache blacklist file is a text file that holds the names of files +; that should not be accelerated. The file format is to add each filename +; to a new line. The filename may be a full path or just a file prefix +; (i.e., /var/www/x blacklists all the files and directories in /var/www +; that start with 'x'). Line starting with a ; are ignored (comments). +;opcache.blacklist_filename= + +; Allows exclusion of large files from being cached. By default all files +; are cached. +;opcache.max_file_size=0 + +; Check the cache checksum each N requests. +; The default value of "0" means that the checks are disabled. +;opcache.consistency_checks=0 + +; How long to wait (in seconds) for a scheduled restart to begin if the cache +; is not being accessed. +;opcache.force_restart_timeout=180 + +; OPcache error_log file name. Empty string assumes "stderr". +;opcache.error_log= + +; All OPcache errors go to the Web server log. +; By default, only fatal errors (level 0) or errors (level 1) are logged. +; You can also enable warnings (level 2), info messages (level 3) or +; debug messages (level 4). +;opcache.log_verbosity_level=1 + +; Preferred Shared Memory back-end. Leave empty and let the system decide. +;opcache.preferred_memory_model= + +; Protect the shared memory from unexpected writing during script execution. +; Useful for internal debugging only. +;opcache.protect_memory=0 + +; Allows calling OPcache API functions only from PHP scripts which path is +; started from specified string. The default "" means no restriction +;opcache.restrict_api= + +; Mapping base of shared memory segments (for Windows only). All the PHP +; processes have to map shared memory into the same address space. This +; directive allows to manually fix the "Unable to reattach to base address" +; errors. +;opcache.mmap_base= + +; Facilitates multiple OPcache instances per user (for Windows only). All PHP +; processes with the same cache ID and user share an OPcache instance. +;opcache.cache_id= + +; Enables and sets the second level cache directory. +; It should improve performance when SHM memory is full, at server restart or +; SHM reset. The default "" disables file based caching. +;opcache.file_cache= + +; Enables or disables opcode caching in shared memory. +;opcache.file_cache_only=0 + +; Enables or disables checksum validation when script loaded from file cache. +;opcache.file_cache_consistency_checks=1 + +; Implies opcache.file_cache_only=1 for a certain process that failed to +; reattach to the shared memory (for Windows only). Explicitly enabled file +; cache is required. +;opcache.file_cache_fallback=1 + +; Enables or disables copying of PHP code (text segment) into HUGE PAGES. +; This should improve performance, but requires appropriate OS configuration. +;opcache.huge_code_pages=1 + +; Validate cached file permissions. +;opcache.validate_permission=0 + +; Prevent name collisions in chroot'ed environment. +;opcache.validate_root=0 + +; If specified, it produces opcode dumps for debugging different stages of +; optimizations. +;opcache.opt_debug_level=0 + +; Specifies a PHP script that is going to be compiled and executed at server +; start-up. +; http://php.net/opcache.preload +;opcache.preload= + +; Preloading code as root is not allowed for security reasons. This directive +; facilitates to let the preloading to be run as another user. +; http://php.net/opcache.preload_user +;opcache.preload_user= + +; Prevents caching files that are less than this number of seconds old. It +; protects from caching of incompletely updated files. In case all file updates +; on your site are atomic, you may increase performance by setting it to "0". +;opcache.file_update_protection=2 + +; Absolute path used to store shared lockfiles (for *nix only). +;opcache.lockfile_path=/tmp diff --git a/etc/php84/conf.d/99_openssl.ini b/etc/php84/conf.d/99_openssl.ini new file mode 100644 index 0000000..ba95cd7 --- /dev/null +++ b/etc/php84/conf.d/99_openssl.ini @@ -0,0 +1,17 @@ +[openssl] +; The location of a Certificate Authority (CA) file on the local filesystem +; to use when verifying the identity of SSL/TLS peers. Most users should +; not specify a value for this directive as PHP will attempt to use the +; OS-managed cert stores in its absence. If specified, this value may still +; be overridden on a per-stream basis via the "cafile" SSL stream context +; option. +;openssl.cafile= + +; If openssl.cafile is not specified or if the CA file is not found, the +; directory pointed to by openssl.capath is searched for a suitable +; certificate. This value must be a correctly hashed certificate directory. +; Most users should not specify a value for this directive as PHP will +; attempt to use the OS-managed cert stores in its absence. If specified, +; this value may still be overridden on a per-stream basis via the "capath" +; SSL stream context option. +;openssl.capath= diff --git a/etc/php84/conf.d/99_pdo.ini b/etc/php84/conf.d/99_pdo.ini new file mode 100644 index 0000000..1e03675 --- /dev/null +++ b/etc/php84/conf.d/99_pdo.ini @@ -0,0 +1,6 @@ +[Pdo] +; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off" +; http://php.net/pdo-odbc.connection-pooling +;pdo_odbc.connection_pooling=strict + +;pdo_odbc.db2_instance_name diff --git a/etc/php84/conf.d/99_pdo_mysql.ini b/etc/php84/conf.d/99_pdo_mysql.ini new file mode 100644 index 0000000..1598241 --- /dev/null +++ b/etc/php84/conf.d/99_pdo_mysql.ini @@ -0,0 +1,4 @@ +[Pdo_mysql] +; Default socket name for local MySQL connects. If empty, uses the built-in +; MySQL defaults. +;pdo_mysql.default_socket= diff --git a/etc/php84/conf.d/99_pgsql.ini b/etc/php84/conf.d/99_pgsql.ini new file mode 100644 index 0000000..0b17fb5 --- /dev/null +++ b/etc/php84/conf.d/99_pgsql.ini @@ -0,0 +1,27 @@ +[PostgreSQL] +; Allow or prevent persistent links. +; http://php.net/pgsql.allow-persistent +pgsql.allow_persistent = On + +; Detect broken persistent links always with pg_pconnect(). +; Auto reset feature requires a little overheads. +; http://php.net/pgsql.auto-reset-persistent +pgsql.auto_reset_persistent = Off + +; Maximum number of persistent links. -1 means no limit. +; http://php.net/pgsql.max-persistent +pgsql.max_persistent = -1 + +; Maximum number of links (persistent+non persistent). -1 means no limit. +; http://php.net/pgsql.max-links +pgsql.max_links = -1 + +; Ignore PostgreSQL backends Notice message or not. +; Notice message logging require a little overheads. +; http://php.net/pgsql.ignore-notice +pgsql.ignore_notice = 0 + +; Log PostgreSQL backends Notice message or not. +; Unless pgsql.ignore_notice=0, module cannot log notice message. +; http://php.net/pgsql.log-notice +pgsql.log_notice = 0 diff --git a/etc/php84/conf.d/99_phar.ini b/etc/php84/conf.d/99_phar.ini new file mode 100644 index 0000000..e3fc161 --- /dev/null +++ b/etc/php84/conf.d/99_phar.ini @@ -0,0 +1,8 @@ +[Phar] +; http://php.net/phar.readonly +;phar.readonly = On + +; http://php.net/phar.require-hash +;phar.require_hash = On + +;phar.cache_list = diff --git a/etc/php84/conf.d/99_session.ini b/etc/php84/conf.d/99_session.ini new file mode 100644 index 0000000..df75c1c --- /dev/null +++ b/etc/php84/conf.d/99_session.ini @@ -0,0 +1,245 @@ +[Session] +; Handler used to store/retrieve data. +; http://php.net/session.save-handler +session.save_handler = files + +; Argument passed to save_handler. In the case of files, this is the path +; where data files are stored. Note: Windows users have to change this +; variable in order to use PHP's session functions. +; +; The path can be defined as: +; +; session.save_path = "N;/path" +; +; where N is an integer. Instead of storing all the session files in +; /path, what this will do is use subdirectories N-levels deep, and +; store the session data in those directories. This is useful if +; your OS has problems with many files in one directory, and is +; a more efficient layout for servers that handle many sessions. +; +; NOTE 1: PHP will not create this directory structure automatically. +; You can use the script in the ext/session dir for that purpose. +; NOTE 2: See the section on garbage collection below if you choose to +; use subdirectories for session storage +; +; The file storage module creates files using mode 600 by default. +; You can change that by using +; +; session.save_path = "N;MODE;/path" +; +; where MODE is the octal representation of the mode. Note that this +; does not overwrite the process's umask. +; http://php.net/session.save-path +session.save_path = "/var/lib/php/sessions" + +; Whether to use strict session mode. +; Strict session mode does not accept an uninitialized session ID, and +; regenerates the session ID if the browser sends an uninitialized session ID. +; Strict mode protects applications from session fixation via a session adoption +; vulnerability. It is disabled by default for maximum compatibility, but +; enabling it is encouraged. +; https://wiki.php.net/rfc/strict_sessions +session.use_strict_mode = 1 + +; Whether to use cookies. +; http://php.net/session.use-cookies +session.use_cookies = 1 + +; http://php.net/session.cookie-secure +;session.cookie_secure = + +; This option forces PHP to fetch and use a cookie for storing and maintaining +; the session id. We encourage this operation as it's very helpful in combating +; session hijacking when not specifying and managing your own session id. It is +; not the be-all and end-all of session hijacking defense, but it's a good start. +; http://php.net/session.use-only-cookies +session.use_only_cookies = 1 + +; Name of the session (used as cookie name). +; http://php.net/session.name +session.name = PHPSESSID + +; Initialize session on request startup. +; http://php.net/session.auto-start +session.auto_start = 0 + +; Lifetime in seconds of cookie or, if 0, until browser is restarted. +; http://php.net/session.cookie-lifetime +session.cookie_lifetime = 0 + +; The path for which the cookie is valid. +; http://php.net/session.cookie-path +session.cookie_path = / + +; The domain for which the cookie is valid. +; http://php.net/session.cookie-domain +session.cookie_domain = + +; Whether or not to add the httpOnly flag to the cookie, which makes it +; inaccessible to browser scripting languages such as JavaScript. +; http://php.net/session.cookie-httponly +session.cookie_httponly = + +; Add SameSite attribute to cookie to help mitigate Cross-Site Request Forgery (CSRF/XSRF) +; Current valid values are "Strict", "Lax" or "None". When using "None", +; make sure to include the quotes, as `none` is interpreted like `false` in ini files. +; https://tools.ietf.org/html/draft-west-first-party-cookies-07 +session.cookie_samesite = "Lax" + +; Handler used to serialize data. php is the standard serializer of PHP. +; http://php.net/session.serialize-handler +session.serialize_handler = php + +; Defines the probability that the 'garbage collection' process is started on every +; session initialization. The probability is calculated by using gc_probability/gc_divisor, +; e.g. 1/100 means there is a 1% chance that the GC process starts on each request. +; Default Value: 1 +; Development Value: 1 +; Production Value: 1 +; http://php.net/session.gc-probability +session.gc_probability = 1 + +; Defines the probability that the 'garbage collection' process is started on every +; session initialization. The probability is calculated by using gc_probability/gc_divisor, +; e.g. 1/100 means there is a 1% chance that the GC process starts on each request. +; For high volume production servers, using a value of 1000 is a more efficient approach. +; Default Value: 100 +; Development Value: 1000 +; Production Value: 1000 +; http://php.net/session.gc-divisor +session.gc_divisor = 1000 + +; After this number of seconds, stored data will be seen as 'garbage' and +; cleaned up by the garbage collection process. +; http://php.net/session.gc-maxlifetime +session.gc_maxlifetime = 86400 + +; NOTE: If you are using the subdirectory option for storing session files +; (see session.save_path above), then garbage collection does *not* +; happen automatically. You will need to do your own garbage +; collection through a shell script, cron entry, or some other method. +; For example, the following script is the equivalent of setting +; session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): +; find /path/to/sessions -cmin +24 -type f | xargs rm + +; Check HTTP Referer to invalidate externally stored URLs containing ids. +; HTTP_REFERER has to contain this substring for the session to be +; considered as valid. +; http://php.net/session.referer-check +session.referer_check = + +; Set to {nocache,private,public,} to determine HTTP caching aspects +; or leave this empty to avoid sending anti-caching headers. +; http://php.net/session.cache-limiter +session.cache_limiter = nocache + +; Document expires after n minutes. +; http://php.net/session.cache-expire +session.cache_expire = 180 + +; trans sid support is disabled by default. +; Use of trans sid may risk your users' security. +; Use this option with caution. +; - User may send URL contains active session ID +; to other person via. email/irc/etc. +; - URL that contains active session ID may be stored +; in publicly accessible computer. +; - User may access your site with the same session ID +; always using URL stored in browser's history or bookmarks. +; http://php.net/session.use-trans-sid +session.use_trans_sid = 0 + +; Set session ID character length. This value could be between 22 to 256. +; Shorter length than default is supported only for compatibility reason. +; Users should use 32 or more chars. +; http://php.net/session.sid-length +; Default Value: 32 +; Development Value: 26 +; Production Value: 26 +session.sid_length = 32 + +; The URL rewriter will look for URLs in a defined set of HTML tags. +;
is special; if you include them here, the rewriter will +; add a hidden field with the info which is otherwise appended +; to URLs. tag's action attribute URL will not be modified +; unless it is specified. +; Note that all valid entries require a "=", even if no value follows. +; Default Value: "a=href,area=href,frame=src,form=" +; Development Value: "a=href,area=href,frame=src,form=" +; Production Value: "a=href,area=href,frame=src,form=" +; http://php.net/url-rewriter.tags +session.trans_sid_tags = "a=href,area=href,frame=src,form=" + +; URL rewriter does not rewrite absolute URLs by default. +; To enable rewrites for absolute paths, target hosts must be specified +; at RUNTIME. i.e. use ini_set() +; tags is special. PHP will check action attribute's URL regardless +; of session.trans_sid_tags setting. +; If no host is defined, HTTP_HOST will be used for allowed host. +; Example value: php.net,www.php.net,wiki.php.net +; Use "," for multiple hosts. No spaces are allowed. +; Default Value: "" +; Development Value: "" +; Production Value: "" +;session.trans_sid_hosts="" + +; Define how many bits are stored in each character when converting +; the binary hash data to something readable. +; Possible values: +; 4 (4 bits: 0-9, a-f) +; 5 (5 bits: 0-9, a-v) +; 6 (6 bits: 0-9, a-z, A-Z, "-", ",") +; Default Value: 4 +; Development Value: 5 +; Production Value: 5 +; http://php.net/session.hash-bits-per-character +session.sid_bits_per_character = 5 + +; Enable upload progress tracking in $_SESSION +; Default Value: On +; Development Value: On +; Production Value: On +; http://php.net/session.upload-progress.enabled +;session.upload_progress.enabled = On + +; Cleanup the progress information as soon as all POST data has been read +; (i.e. upload completed). +; Default Value: On +; Development Value: On +; Production Value: On +; http://php.net/session.upload-progress.cleanup +;session.upload_progress.cleanup = On + +; A prefix used for the upload progress key in $_SESSION +; Default Value: "upload_progress_" +; Development Value: "upload_progress_" +; Production Value: "upload_progress_" +; http://php.net/session.upload-progress.prefix +;session.upload_progress.prefix = "upload_progress_" + +; The index name (concatenated with the prefix) in $_SESSION +; containing the upload progress information +; Default Value: "PHP_SESSION_UPLOAD_PROGRESS" +; Development Value: "PHP_SESSION_UPLOAD_PROGRESS" +; Production Value: "PHP_SESSION_UPLOAD_PROGRESS" +; http://php.net/session.upload-progress.name +;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS" + +; How frequently the upload progress should be updated. +; Given either in percentages (per-file), or in bytes +; Default Value: "1%" +; Development Value: "1%" +; Production Value: "1%" +; http://php.net/session.upload-progress.freq +;session.upload_progress.freq = "1%" + +; The minimum delay between updates, in seconds +; Default Value: 1 +; Development Value: 1 +; Production Value: 1 +; http://php.net/session.upload-progress.min-freq +;session.upload_progress.min_freq = "1" + +; Only write session data when session data is changed. Enabled by default. +; http://php.net/session.lazy-write +;session.lazy_write = On diff --git a/etc/php84/conf.d/99_soap.ini b/etc/php84/conf.d/99_soap.ini new file mode 100644 index 0000000..c048b3f --- /dev/null +++ b/etc/php84/conf.d/99_soap.ini @@ -0,0 +1,16 @@ +[soap] +; Enables or disables WSDL caching feature. +; http://php.net/soap.wsdl-cache-enabled +soap.wsdl_cache_enabled=1 + +; Sets the directory name where SOAP extension will put cache files. +; http://php.net/soap.wsdl-cache-dir +soap.wsdl_cache_dir="/tmp" + +; (time to live) Sets the number of second while cached file will be used +; instead of original one. +; http://php.net/soap.wsdl-cache-ttl +soap.wsdl_cache_ttl=86400 + +; Sets the size of the cache limit. (Max. number of WSDL files to cache) +soap.wsdl_cache_limit = 5 diff --git a/etc/php84/conf.d/99_sqlite3.ini b/etc/php84/conf.d/99_sqlite3.ini new file mode 100644 index 0000000..1965589 --- /dev/null +++ b/etc/php84/conf.d/99_sqlite3.ini @@ -0,0 +1,13 @@ +[sqlite3] +; Directory pointing to SQLite3 extensions +; http://php.net/sqlite3.extension-dir +;sqlite3.extension_dir = + +; SQLite defensive mode flag (only available from SQLite 3.26+) +; When the defensive flag is enabled, language features that allow ordinary +; SQL to deliberately corrupt the database file are disabled. This forbids +; writing directly to the schema, shadow tables (eg. FTS data tables), or +; the sqlite_dbpage virtual table. +; https://www.sqlite.org/c3ref/c_dbconfig_defensive.html +; (for older SQLite versions, this flag has no use) +;sqlite3.defensive = 1 diff --git a/etc/php84/conf.d/99_sysvshm.ini b/etc/php84/conf.d/99_sysvshm.ini new file mode 100644 index 0000000..03da3ab --- /dev/null +++ b/etc/php84/conf.d/99_sysvshm.ini @@ -0,0 +1,3 @@ +[sysvshm] +; A default size of the shared memory segment +;sysvshm.init_mem = 10000 diff --git a/etc/php84/conf.d/99_tidy.ini b/etc/php84/conf.d/99_tidy.ini new file mode 100644 index 0000000..90c5f13 --- /dev/null +++ b/etc/php84/conf.d/99_tidy.ini @@ -0,0 +1,10 @@ +[Tidy] +; The path to a default tidy configuration file to use when using tidy +; http://php.net/tidy.default-config +;tidy.default_config = /usr/local/lib/php/default.tcfg + +; Should tidy clean and repair output automatically? +; WARNING: Do not use this option if you are generating non-html content +; such as dynamic images +; http://php.net/tidy.clean-output +tidy.clean_output = Off diff --git a/etc/php84/php-fpm.conf b/etc/php84/php-fpm.conf new file mode 100644 index 0000000..45c625b --- /dev/null +++ b/etc/php84/php-fpm.conf @@ -0,0 +1,143 @@ +;;;;;;;;;;;;;;;;;;;;; +; FPM Configuration ; +;;;;;;;;;;;;;;;;;;;;; + +; All relative paths in this configuration file are relative to PHP's install +; prefix (/usr). This prefix can be dynamically changed by using the +; '-p' argument from the command line. + +;;;;;;;;;;;;;;;;;; +; Global Options ; +;;;;;;;;;;;;;;;;;; + +[global] +; Pid file +; Note: the default prefix is /var +; Default Value: none +pid = run/php-fpm.pid + +; Error log file +; If it's set to "syslog", log is sent to syslogd instead of being written +; into a local file. +; Note: the default prefix is /var +; Default Value: log/php-fpm.log +error_log = syslog + +; syslog_facility is used to specify what type of program is logging the +; message. This lets syslogd specify that messages from different facilities +; will be handled differently. +; See syslog(3) for possible values (ex daemon equiv LOG_DAEMON) +; Default Value: daemon +syslog.facility = local2 + +; syslog_ident is prepended to every message. If you have multiple FPM +; instances running on the same server, you can change the default value +; which must suit common needs. +; Default Value: php-fpm +syslog.ident = php-fpm + +; Log level +; Possible Values: alert, error, warning, notice, debug +; Default Value: notice +log_level = notice + +; Log limit on number of characters in the single line (log entry). If the +; line is over the limit, it is wrapped on multiple lines. The limit is for +; all logged characters including message prefix and suffix if present. However +; the new line character does not count into it as it is present only when +; logging to a file descriptor. It means the new line character is not present +; when logging to syslog. +; Default Value: 1024 +;log_limit = 4096 + +; Log buffering specifies if the log line is buffered which means that the +; line is written in a single write operation. If the value is false, then the +; data is written directly into the file descriptor. It is an experimental +; option that can potentionaly improve logging performance and memory usage +; for some heavy logging scenarios. This option is ignored if logging to syslog +; as it has to be always buffered. +; Default value: yes +;log_buffering = no + +; If this number of child processes exit with SIGSEGV or SIGBUS within the time +; interval set by emergency_restart_interval then FPM will restart. A value +; of '0' means 'Off'. +; Default Value: 0 +emergency_restart_threshold = 5 + +; Interval of time used by emergency_restart_interval to determine when +; a graceful restart will be initiated. This can be useful to work around +; accidental corruptions in an accelerator's shared memory. +; Available Units: s(econds), m(inutes), h(ours), or d(ays) +; Default Unit: seconds +; Default Value: 0 +emergency_restart_interval = 10 + +; Time limit for child processes to wait for a reaction on signals from master. +; Available units: s(econds), m(inutes), h(ours), or d(ays) +; Default Unit: seconds +; Default Value: 0 +;process_control_timeout = 0 + +; The maximum number of processes FPM will fork. This has been designed to control +; the global number of processes when using dynamic PM within a lot of pools. +; Use it with caution. +; Note: A value of 0 indicates no limit +; Default Value: 0 +process.max = 16 + +; Specify the nice(2) priority to apply to the master process (only if set) +; The value can vary from -19 (highest priority) to 20 (lowest priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool process will inherit the master process priority +; unless specified otherwise +; Default Value: no set +process.priority = 0 + +; Send FPM to background. Set to 'no' to keep FPM in foreground for debugging. +; Default Value: yes +;daemonize = yes + +; Set open file descriptor rlimit for the master process. +; Default Value: system defined value +;rlimit_files = 1024 + +; Set max core size rlimit for the master process. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Specify the event mechanism FPM will use. The following is available: +; - select (any POSIX os) +; - poll (any POSIX os) +; - epoll (linux >= 2.5.44) +; - kqueue (FreeBSD >= 4.1, OpenBSD >= 2.9, NetBSD >= 2.0) +; - /dev/poll (Solaris >= 7) +; - port (Solaris >= 10) +; Default Value: not set (auto detection) +;events.mechanism = epoll + +; When FPM is built with systemd integration, specify the interval, +; in seconds, between health report notification to systemd. +; Set to 0 to disable. +; Available Units: s(econds), m(inutes), h(ours) +; Default Unit: seconds +; Default value: 10 +;systemd_interval = 10 + +;;;;;;;;;;;;;;;;;;;; +; Pool Definitions ; +;;;;;;;;;;;;;;;;;;;; + +; Multiple pools of child processes may be started with different listening +; ports and different management options. The name of the pool will be +; used in logs and stats. There is no limitation on the number of pools which +; FPM can handle. Your system will tell you anyway :) + +; Include one or more files. If glob(3) exists, it is used to include a bunch of +; files from a glob(3) pattern. This directive can be used everywhere in the +; file. +; Relative path can also be used. They will be prefixed by: +; - the global prefix if it's been set (-p argument) +; - /usr otherwise +include=/etc/php84/php-fpm.d/*.conf diff --git a/etc/php84/php-fpm.d/www.conf b/etc/php84/php-fpm.d/www.conf new file mode 100644 index 0000000..913dd17 --- /dev/null +++ b/etc/php84/php-fpm.d/www.conf @@ -0,0 +1,424 @@ +; Start a new pool named 'www'. +; the variable $pool can be used in any directive and will be replaced by the +; pool name ('www' here) +[www] + +; Per pool prefix +; It only applies on the following directives: +; - 'access.log' +; - 'slowlog' +; - 'listen' (unixsocket) +; - 'chroot' +; - 'chdir' +; - 'php_values' +; - 'php_admin_values' +; When not set, the global prefix (or /usr) applies instead. +; Note: This directive can also be relative to the global prefix. +; Default Value: none +;prefix = /path/to/pools/$pool + +; Unix user/group of processes +; Note: The user is mandatory. If the group is not set, the default user's group +; will be used. +user = nobody +group = nobody + +; The address on which to accept FastCGI requests. +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on +; a specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Note: This value is mandatory. +;listen = 127.0.0.1:9000 +listen = /run/php-fpm84/php-fpm.sock + +; Set listen(2) backlog. +; Default Value: 511 (-1 on FreeBSD and OpenBSD) +;listen.backlog = 511 + +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. Many +; BSD-derived systems allow connections regardless of permissions. +; Default Values: user and group are set as the running user +; mode is set to 0660 +listen.owner = nobody +listen.group = apache +listen.mode = 0660 +; When POSIX Access Control Lists are supported you can set them using +; these options, value is a comma separated list of user/group names. +; When set, listen.owner and listen.group are ignored +;listen.acl_users = +;listen.acl_groups = + +; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. +; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original +; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address +; must be separated by a comma. If this value is left blank, connections will be +; accepted from any ip address. +; Default Value: any +; listen.allowed_clients = 127.0.0.1 + +; Specify the nice(2) priority to apply to the pool processes (only if set) +; The value can vary from -19 (highest priority) to 20 (lower priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool processes will inherit the master process priority +; unless it specified otherwise +; Default Value: no set +process.priority = 0 + +; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user +; or group is differrent than the master process user. It allows to create process +; core dump and ptrace the process for the pool user. +; Default Value: no +; process.dumpable = yes + +; Choose how the process manager will control the number of child processes. +; Possible Values: +; static - a fixed number (pm.max_children) of child processes; +; dynamic - the number of child processes are set dynamically based on the +; following directives. With this process management, there will be +; always at least 1 children. +; pm.max_children - the maximum number of children that can +; be alive at the same time. +; pm.start_servers - the number of children created on startup. +; pm.min_spare_servers - the minimum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is less than this +; number then some children will be created. +; pm.max_spare_servers - the maximum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is greater than this +; number then some children will be killed. +; ondemand - no children are created at startup. Children will be forked when +; new requests will connect. The following parameter are used: +; pm.max_children - the maximum number of children that +; can be alive at the same time. +; pm.process_idle_timeout - The number of seconds after which +; an idle process will be killed. +; Note: This value is mandatory. +pm = dynamic + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. The below defaults are based on a server without much resources. Don't +; forget to tweak pm.* to fit your needs. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' +; Note: This value is mandatory. +pm.max_children = 8 + +; The number of child processes created on startup. +; Note: Used only when pm is set to 'dynamic' +; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 +pm.start_servers = 2 + +; The desired minimum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.min_spare_servers = 2 + +; The desired maximum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.max_spare_servers = 4 + +; The number of seconds after which an idle process will be killed. +; Note: Used only when pm is set to 'ondemand' +; Default Value: 10s +;pm.process_idle_timeout = 10s; + +; The number of requests each child process should execute before respawning. +; This can be useful to work around memory leaks in 3rd party libraries. For +; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. +; Default Value: 0 +pm.max_requests = 5000 + +; The URI to view the FPM status page. If this value is not set, no URI will be +; recognized as a status page. It shows the following informations: +; pool - the name of the pool; +; process manager - static, dynamic or ondemand; +; start time - the date and time FPM has started; +; start since - number of seconds since FPM has started; +; accepted conn - the number of request accepted by the pool; +; listen queue - the number of request in the queue of pending +; connections (see backlog in listen(2)); +; max listen queue - the maximum number of requests in the queue +; of pending connections since FPM has started; +; listen queue len - the size of the socket queue of pending connections; +; idle processes - the number of idle processes; +; active processes - the number of active processes; +; total processes - the number of idle + active processes; +; max active processes - the maximum number of active processes since FPM +; has started; +; max children reached - number of times, the process limit has been reached, +; when pm tries to start more children (works only for +; pm 'dynamic' and 'ondemand'); +; Value are updated in real time. +; Example output: +; pool: www +; process manager: static +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 62636 +; accepted conn: 190460 +; listen queue: 0 +; max listen queue: 1 +; listen queue len: 42 +; idle processes: 4 +; active processes: 11 +; total processes: 15 +; max active processes: 12 +; max children reached: 0 +; +; By default the status page output is formatted as text/plain. Passing either +; 'html', 'xml' or 'json' in the query string will return the corresponding +; output syntax. Example: +; http://www.foo.bar/status +; http://www.foo.bar/status?json +; http://www.foo.bar/status?html +; http://www.foo.bar/status?xml +; +; By default the status page only outputs short status. Passing 'full' in the +; query string will also return status for each pool process. +; Example: +; http://www.foo.bar/status?full +; http://www.foo.bar/status?json&full +; http://www.foo.bar/status?html&full +; http://www.foo.bar/status?xml&full +; The Full status returns for each process: +; pid - the PID of the process; +; state - the state of the process (Idle, Running, ...); +; start time - the date and time the process has started; +; start since - the number of seconds since the process has started; +; requests - the number of requests the process has served; +; request duration - the duration in µs of the requests; +; request method - the request method (GET, POST, ...); +; request URI - the request URI with the query string; +; content length - the content length of the request (only with POST); +; user - the user (PHP_AUTH_USER) (or '-' if not set); +; script - the main script called (or '-' if not set); +; last request cpu - the %cpu the last request consumed +; it's always 0 if the process is not in Idle state +; because CPU calculation is done when the request +; processing has terminated; +; last request memory - the max amount of memory the last request consumed +; it's always 0 if the process is not in Idle state +; because memory calculation is done when the request +; processing has terminated; +; If the process is in Idle state, then informations are related to the +; last request the process has served. Otherwise informations are related to +; the current request being served. +; Example output: +; ************************ +; pid: 31330 +; state: Running +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 63087 +; requests: 12808 +; request duration: 1250261 +; request method: GET +; request URI: /test_mem.php?N=10000 +; content length: 0 +; user: - +; script: /home/fat/web/docs/php/test_mem.php +; last request cpu: 0.00 +; last request memory: 0 +; +; Note: There is a real-time FPM status monitoring sample web page available +; It's available in: /usr/share/fpm/status.html +; +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;pm.status_path = /status + +; The ping URI to call the monitoring page of FPM. If this value is not set, no +; URI will be recognized as a ping page. This could be used to test from outside +; that FPM is alive and responding, or to +; - create a graph of FPM availability (rrd or such); +; - remove a server from a group if it is not responding (load balancing); +; - trigger alerts for the operating team (24/7). +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;ping.path = /ping + +; This directive may be used to customize the response of a ping request. The +; response is formatted as text/plain with a 200 response code. +; Default Value: pong +;ping.response = pong + +; The access log file +; Default: not set +;access.log = log/$pool.access.log + +; The access log format. +; The following syntax is allowed +; %%: the '%' character +; %C: %CPU used by the request +; it can accept the following format: +; - %{user}C for user CPU only +; - %{system}C for system CPU only +; - %{total}C for user + system CPU (default) +; %d: time taken to serve the request +; it can accept the following format: +; - %{seconds}d (default) +; - %{miliseconds}d +; - %{mili}d +; - %{microseconds}d +; - %{micro}d +; %e: an environment variable (same as $_ENV or $_SERVER) +; it must be associated with embraces to specify the name of the env +; variable. Some exemples: +; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e +; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e +; %f: script filename +; %l: content-length of the request (for POST request only) +; %m: request method +; %M: peak of memory allocated by PHP +; it can accept the following format: +; - %{bytes}M (default) +; - %{kilobytes}M +; - %{kilo}M +; - %{megabytes}M +; - %{mega}M +; %n: pool name +; %o: output header +; it must be associated with embraces to specify the name of the header: +; - %{Content-Type}o +; - %{X-Powered-By}o +; - %{Transfert-Encoding}o +; - .... +; %p: PID of the child that serviced the request +; %P: PID of the parent of the child that serviced the request +; %q: the query string +; %Q: the '?' character if query string exists +; %r: the request URI (without the query string, see %q and %Q) +; %R: remote IP address +; %s: status (response code) +; %t: server time the request was received +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %T: time the log has been written (the request has finished) +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %u: remote user +; +; Default: "%R - %u %t \"%m %r\" %s" +;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" + +; The log file for slow requests +; Default Value: not set +; Note: slowlog is mandatory if request_slowlog_timeout is set +;slowlog = log/$pool.log.slow + +; The timeout for serving a single request after which a PHP backtrace will be +; dumped to the 'slowlog' file. A value of '0s' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_slowlog_timeout = 0 + +; Depth of slow log stack trace. +; Default Value: 20 +;request_slowlog_trace_depth = 20 + +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +request_terminate_timeout = 60 + +; Set open file descriptor rlimit. +; Default Value: system defined value +;rlimit_files = 1024 + +; Set max core size rlimit. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Chroot to this directory at the start. This value must be defined as an +; absolute path. When this value is not set, chroot is not used. +; Note: you can prefix with '$prefix' to chroot to the pool prefix or one +; of its subdirectories. If the pool prefix is not set, the global prefix +; will be used instead. +; Note: chrooting is a great security feature and should be used whenever +; possible. However, all PHP paths will be relative to the chroot +; (error_log, sessions.save_path, ...). +; Default Value: not set +;chroot = + +; Chdir to this directory at the start. +; Note: relative path can be used. +; Default Value: current directory or / when chroot +;chdir = /var/www + +; Redirect worker stdout and stderr into main error log. If not set, stdout and +; stderr will be redirected to /dev/null according to FastCGI specs. +; Note: on highloaded environement, this can cause some delay in the page +; process time (several ms). +; Default Value: no +;catch_workers_output = yes + +; Clear environment in FPM workers +; Prevents arbitrary environment variables from reaching FPM worker processes +; by clearing the environment in workers before env vars specified in this +; pool configuration are added. +; Setting to "no" will make all environment variables available to PHP code +; via getenv(), $_ENV and $_SERVER. +; Default Value: yes +;clear_env = no + +; Limits the extensions of the main script FPM will allow to parse. This can +; prevent configuration mistakes on the web server side. You should only limit +; FPM to .php extensions to prevent malicious users to use other extensions to +; execute php code. +; Note: set an empty value to allow all extensions. +; Default Value: .php +security.limit_extensions = .php .phar .phtml + +; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from +; the current environment. +; Default Value: clean env +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /tmp +;env[TMPDIR] = /tmp +;env[TEMP] = /tmp + +; Additional php.ini defines, specific to this pool of workers. These settings +; overwrite the values previously defined in the php.ini. The directives are the +; same as the PHP SAPI: +; php_value/php_flag - you can set classic ini defines which can +; be overwritten from PHP call 'ini_set'. +; php_admin_value/php_admin_flag - these directives won't be overwritten by +; PHP call 'ini_set' +; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. + +; Defining 'extension' will load the corresponding shared extension from +; extension_dir. Defining 'disable_functions' or 'disable_classes' will not +; overwrite previously defined php.ini values, but will append the new value +; instead. + +; Note: path INI options can be relative and will be expanded with the prefix +; (pool, global or /usr) + +; Default Value: nothing is defined by default except the values in php.ini and +; specified at startup with the -d argument +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +;php_flag[display_errors] = off +;php_admin_value[error_log] = /var/log/fpm-php.www.log +;php_admin_flag[log_errors] = on +;php_admin_value[memory_limit] = 32M diff --git a/etc/php84/php.ini b/etc/php84/php.ini new file mode 100644 index 0000000..fecf83e --- /dev/null +++ b/etc/php84/php.ini @@ -0,0 +1,909 @@ +[PHP] +;;;;;;;;;;;;;;;;;;;; +; php.ini Options ; +;;;;;;;;;;;;;;;;;;;; +; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini" +; To disable this feature set this option to an empty value +;user_ini.filename = ".user.ini" + +; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes) +;user_ini.cache_ttl = 300 + +;;;;;;;;;;;;;;;;;;;; +; Language Options ; +;;;;;;;;;;;;;;;;;;;; +; Enable the PHP scripting language engine under Apache. +; http://php.net/engine +engine = On + +; This directive determines whether or not PHP will recognize code between +; tags as PHP source which should be processed as such. It is +; generally recommended that should be used and that this feature +; should be disabled, as enabling it may result in issues when generating XML +; documents, however this remains supported for backward compatibility reasons. +; Note that this directive does not control the would work. +; http://php.net/syntax-highlighting +;highlight.string = #DD0000 +;highlight.comment = #FF9900 +;highlight.keyword = #007700 +;highlight.default = #0000BB +;highlight.html = #000000 + +; If enabled, the request will be allowed to complete even if the user aborts +; the request. Consider enabling it if executing long requests, which may end up +; being interrupted by the user or a browser timing out. PHP's default behavior +; is to disable this feature. +; http://php.net/ignore-user-abort +;ignore_user_abort = On + +; Determines the size of the realpath cache to be used by PHP. This value should +; be increased on systems where PHP opens many files to reflect the quantity of +; the file operations performed. +; Note: if open_basedir is set, the cache is disabled +; http://php.net/realpath-cache-size +;realpath_cache_size = 4096k + +; Duration of time, in seconds for which to cache realpath information for a given +; file or directory. For systems with rarely changing files, consider increasing this +; value. +; http://php.net/realpath-cache-ttl +;realpath_cache_ttl = 120 + +; Enables or disables the circular reference collector. +; http://php.net/zend.enable-gc +zend.enable_gc = On + +; If enabled, scripts may be written in encodings that are incompatible with +; the scanner. CP936, Big5, CP949 and Shift_JIS are the examples of such +; encodings. To use this feature, mbstring extension must be enabled. +; Default: Off +;zend.multibyte = Off + +; Allows to set the default encoding for the scripts. This value will be used +; unless "declare(encoding=...)" directive appears at the top of the script. +; Only affects if zend.multibyte is set. +; Default: "" +;zend.script_encoding = + +; Allows to include or exclude arguments from stack traces generated for exceptions. +; In production, it is recommended to turn this setting on to prohibit the output +; of sensitive information in stack traces +; Default: Off +zend.exception_ignore_args = On + +;;;;;;;;;;;;;;;;; +; Miscellaneous ; +;;;;;;;;;;;;;;;;; +; Decides whether PHP may expose the fact that it is installed on the server +; (e.g. by adding its signature to the Web server header). It is no security +; threat in any way, but it makes it possible to determine whether you use PHP +; on your server or not. +; http://php.net/expose-php +expose_php = On + +;;;;;;;;;;;;;;;;;;; +; Resource Limits ; +;;;;;;;;;;;;;;;;;;; +; Maximum execution time of each script, in seconds +; http://php.net/max-execution-time +; Note: This directive is hardcoded to 0 for the CLI SAPI +max_execution_time = 45 + +; Maximum amount of time each script may spend parsing request data. It's a good +; idea to limit this time on productions servers in order to eliminate unexpectedly +; long running scripts. +; Note: This directive is hardcoded to -1 for the CLI SAPI +; Default Value: -1 (Unlimited) +; Development Value: 60 (60 seconds) +; Production Value: 60 (60 seconds) +; http://php.net/max-input-time +max_input_time = 30 + +; Maximum input variable nesting level +; http://php.net/max-input-nesting-level +;max_input_nesting_level = 64 + +; How many GET/POST/COOKIE input variables may be accepted +;max_input_vars = 1000 + +; Maximum amount of memory a script may consume +; http://php.net/memory-limit +memory_limit = 64M + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; Error handling and logging ; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; This directive informs PHP of which errors, warnings and notices you would like +; it to take action for. The recommended way of setting values for this +; directive is through the use of the error level constants and bitwise +; operators. The error level constants are below here for convenience as well as +; some common settings and their meanings. +; By default, PHP is set to take action on all errors, notices and warnings EXCEPT +; those related to E_NOTICE and E_STRICT, which together cover best practices and +; recommended coding standards in PHP. For performance reasons, this is the +; recommend error reporting setting. Your production server shouldn't be wasting +; resources complaining about best practices and coding standards. That's what +; development servers and development settings are for. +; Note: The php.ini-development file has this setting as E_ALL. This +; means it pretty much reports everything which is exactly what you want during +; development and early testing. +; +; Error Level Constants: +; E_ALL - All errors and warnings (includes E_STRICT as of PHP 5.4.0) +; E_ERROR - fatal run-time errors +; E_RECOVERABLE_ERROR - almost fatal run-time errors +; E_WARNING - run-time warnings (non-fatal errors) +; E_PARSE - compile-time parse errors +; E_NOTICE - run-time notices (these are warnings which often result +; from a bug in your code, but it's possible that it was +; intentional (e.g., using an uninitialized variable and +; relying on the fact it is automatically initialized to an +; empty string) +; E_STRICT - run-time notices, enable to have PHP suggest changes +; to your code which will ensure the best interoperability +; and forward compatibility of your code +; E_CORE_ERROR - fatal errors that occur during PHP's initial startup +; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's +; initial startup +; E_COMPILE_ERROR - fatal compile-time errors +; E_COMPILE_WARNING - compile-time warnings (non-fatal errors) +; E_USER_ERROR - user-generated error message +; E_USER_WARNING - user-generated warning message +; E_USER_NOTICE - user-generated notice message +; E_DEPRECATED - warn about code that will not work in future versions +; of PHP +; E_USER_DEPRECATED - user-generated deprecation warnings +; +; Common Values: +; E_ALL (Show all errors, warnings and notices including coding standards.) +; E_ALL & ~E_NOTICE (Show all errors, except for notices) +; E_ALL & ~E_NOTICE & ~E_STRICT (Show all errors, except for notices and coding standards warnings.) +; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors) +; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED +; Development Value: E_ALL +; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT +; http://php.net/error-reporting +error_reporting = E_ALL & ~E_NOTICE & ~E_DEPRECATED & ~E_STRICT + +; This directive controls whether or not and where PHP will output errors, +; notices and warnings too. Error output is very useful during development, but +; it could be very dangerous in production environments. Depending on the code +; which is triggering the error, sensitive information could potentially leak +; out of your application such as database usernames and passwords or worse. +; For production environments, we recommend logging errors rather than +; sending them to STDOUT. +; Possible Values: +; Off = Do not display any errors +; stderr = Display errors to STDERR (affects only CGI/CLI binaries!) +; On or stdout = Display errors to STDOUT +; Default Value: On +; Development Value: On +; Production Value: Off +; http://php.net/display-errors +display_errors = Off + +; The display of errors which occur during PHP's startup sequence are handled +; separately from display_errors. PHP's default behavior is to suppress those +; errors from clients. Turning the display of startup errors on can be useful in +; debugging configuration problems. We strongly recommend you +; set this to 'off' for production servers. +; Default Value: Off +; Development Value: On +; Production Value: Off +; http://php.net/display-startup-errors +display_startup_errors = Off + +; Besides displaying errors, PHP can also log errors to locations such as a +; server-specific log, STDERR, or a location specified by the error_log +; directive found below. While errors should not be displayed on productions +; servers they should still be monitored and logging is a great way to do that. +; Default Value: Off +; Development Value: On +; Production Value: On +; http://php.net/log-errors +log_errors = On + +; Set maximum length of log_errors. In error_log information about the source is +; added. The default is 1024 and 0 allows to not apply any maximum length at all. +; http://php.net/log-errors-max-len +log_errors_max_len = 1024 + +; Do not log repeated messages. Repeated errors must occur in same file on same +; line unless ignore_repeated_source is set true. +; http://php.net/ignore-repeated-errors +ignore_repeated_errors = Off + +; Ignore source of message when ignoring repeated messages. When this setting +; is On you will not log errors with repeated messages from different files or +; source lines. +; http://php.net/ignore-repeated-source +ignore_repeated_source = Off + +; If this parameter is set to Off, then memory leaks will not be shown (on +; stdout or in the log). This is only effective in a debug compile, and if +; error reporting includes E_WARNING in the allowed list +; http://php.net/report-memleaks +report_memleaks = On + +; This setting is on by default. +;report_zend_debug = 0 + +; Store the last error/warning message in $php_errormsg (boolean). Setting this value +; to On can assist in debugging and is appropriate for development servers. It should +; however be disabled on production servers. +; This directive is DEPRECATED. +; Default Value: Off +; Development Value: Off +; Production Value: Off +; http://php.net/track-errors +;track_errors = Off + +; Turn off normal error reporting and emit XML-RPC error XML +; http://php.net/xmlrpc-errors +;xmlrpc_errors = 0 + +; An XML-RPC faultCode +;xmlrpc_error_number = 0 + +; When PHP displays or logs an error, it has the capability of formatting the +; error message as HTML for easier reading. This directive controls whether +; the error message is formatted as HTML or not. +; Note: This directive is hardcoded to Off for the CLI SAPI +; http://php.net/html-errors +;html_errors = On + +; If html_errors is set to On *and* docref_root is not empty, then PHP +; produces clickable error messages that direct to a page describing the error +; or function causing the error in detail. +; You can download a copy of the PHP manual from http://php.net/docs +; and change docref_root to the base URL of your local copy including the +; leading '/'. You must also specify the file extension being used including +; the dot. PHP's default behavior is to leave these settings empty, in which +; case no links to documentation are generated. +; Note: Never use this feature for production boxes. +; http://php.net/docref-root +; Examples +;docref_root = "/phpmanual/" + +; http://php.net/docref-ext +;docref_ext = .html + +; String to output before an error message. PHP's default behavior is to leave +; this setting blank. +; http://php.net/error-prepend-string +; Example: +;error_prepend_string = "" + +; String to output after an error message. PHP's default behavior is to leave +; this setting blank. +; http://php.net/error-append-string +; Example: +;error_append_string = "" + +; Log errors to specified file. PHP's default behavior is to leave this value +; empty. +; http://php.net/error-log +; Example: +;error_log = php_errors.log +; Log errors to syslog (Event Log on Windows). +error_log = syslog + +; The syslog ident is a string which is prepended to every message logged +; to syslog. Only used when error_log is set to syslog. +syslog.ident = php + +; The syslog facility is used to specify what type of program is logging +; the message. Only used when error_log is set to syslog. +syslog.facility = local2 + +; Set this to disable filtering control characters (the default). +; Some loggers only accept NVT-ASCII, others accept anything that's not +; control characters. If your logger accepts everything, then no filtering +; is needed at all. +; Allowed values are: +; ascii (all printable ASCII characters and NL) +; no-ctrl (all characters except control characters) +; all (all characters) +; raw (like "all", but messages are not split at newlines) +; http://php.net/syslog.filter +syslog.filter = ascii + +;windows.show_crt_warning +; Default value: 0 +; Development value: 0 +; Production value: 0 + +;;;;;;;;;;;;;;;;; +; Data Handling ; +;;;;;;;;;;;;;;;;; +; The separator used in PHP generated URLs to separate arguments. +; PHP's default setting is "&". +; http://php.net/arg-separator.output +; Example: +;arg_separator.output = "&" + +; List of separator(s) used by PHP to parse input URLs into variables. +; PHP's default setting is "&". +; NOTE: Every character in this directive is considered as separator! +; http://php.net/arg-separator.input +; Example: +;arg_separator.input = ";&" + +; This directive determines which super global arrays are registered when PHP +; starts up. G,P,C,E & S are abbreviations for the following respective super +; globals: GET, POST, COOKIE, ENV and SERVER. There is a performance penalty +; paid for the registration of these arrays and because ENV is not as commonly +; used as the others, ENV is not recommended on productions servers. You +; can still get access to the environment variables through getenv() should you +; need to. +; Default Value: "EGPCS" +; Development Value: "GPCS" +; Production Value: "GPCS"; +; http://php.net/variables-order +variables_order = "GPCS" + +; This directive determines which super global data (G,P & C) should be +; registered into the super global array REQUEST. If so, it also determines +; the order in which that data is registered. The values for this directive +; are specified in the same manner as the variables_order directive, +; EXCEPT one. Leaving this value empty will cause PHP to use the value set +; in the variables_order directive. It does not mean it will leave the super +; globals array REQUEST empty. +; Default Value: None +; Development Value: "GP" +; Production Value: "GP" +; http://php.net/request-order +request_order = "GP" + +; This directive determines whether PHP registers $argv & $argc each time it +; runs. $argv contains an array of all the arguments passed to PHP when a script +; is invoked. $argc contains an integer representing the number of arguments +; that were passed when the script was invoked. These arrays are extremely +; useful when running scripts from the command line. When this directive is +; enabled, registering these variables consumes CPU cycles and memory each time +; a script is executed. For performance reasons, this feature should be disabled +; on production servers. +; Note: This directive is hardcoded to On for the CLI SAPI +; Default Value: On +; Development Value: Off +; Production Value: Off +; http://php.net/register-argc-argv +register_argc_argv = Off + +; When enabled, the ENV, REQUEST and SERVER variables are created when they're +; first used (Just In Time) instead of when the script starts. If these +; variables are not used within a script, having this directive on will result +; in a performance gain. The PHP directive register_argc_argv must be disabled +; for this directive to have any effect. +; http://php.net/auto-globals-jit +auto_globals_jit = On + +; Whether PHP will read the POST data. +; This option is enabled by default. +; Most likely, you won't want to disable this option globally. It causes $_POST +; and $_FILES to always be empty; the only way you will be able to read the +; POST data will be through the php://input stream wrapper. This can be useful +; to proxy requests or to process the POST data in a memory efficient fashion. +; http://php.net/enable-post-data-reading +;enable_post_data_reading = Off + +; Maximum size of POST data that PHP will accept. +; Its value may be 0 to disable the limit. It is ignored if POST data reading +; is disabled through enable_post_data_reading. +; http://php.net/post-max-size +post_max_size = 8M + +; Automatically add files before PHP document. +; http://php.net/auto-prepend-file +auto_prepend_file = + +; Automatically add files after PHP document. +; http://php.net/auto-append-file +auto_append_file = + +; By default, PHP will output a media type using the Content-Type header. To +; disable this, simply set it to be empty. +; PHP's built-in default media type is set to text/html. +; http://php.net/default-mimetype +default_mimetype = "text/html" + +; PHP's default character set is set to UTF-8. +; http://php.net/default-charset +default_charset = "UTF-8" + +; PHP internal character encoding is set to empty. +; If empty, default_charset is used. +; http://php.net/internal-encoding +;internal_encoding = + +; PHP input character encoding is set to empty. +; If empty, default_charset is used. +; http://php.net/input-encoding +;input_encoding = + +; PHP output character encoding is set to empty. +; If empty, default_charset is used. +; See also output_buffer. +; http://php.net/output-encoding +;output_encoding = + +;;;;;;;;;;;;;;;;;;;;;;;;; +; Paths and Directories ; +;;;;;;;;;;;;;;;;;;;;;;;;; +; PHP's default setting for include_path is ".;/path/to/php/pear" +; http://php.net/include-path +;include_path = ".:/php/includes" + +; The root of the PHP pages, used only if nonempty. +; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root +; if you are running php as a CGI under any web server (other than IIS) +; see documentation for security issues. The alternate is to use the +; cgi.force_redirect configuration below +; http://php.net/doc-root +;doc_root = + +; The directory under which PHP opens the script using /~username used only +; if nonempty. +; http://php.net/user-dir +;user_dir = + +; Directory in which the loadable extensions (modules) reside. +; http://php.net/extension-dir +;extension_dir = "./" + +; Directory where the temporary files should be placed. +; Defaults to the system default (see sys_get_temp_dir) +;sys_temp_dir = "/tmp" + +; Whether or not to enable the dl() function. The dl() function does NOT work +; properly in multithreaded servers, such as IIS or Zeus, and is automatically +; disabled on them. +; http://php.net/enable-dl +enable_dl = Off + +; cgi.force_redirect is necessary to provide security running PHP as a CGI under +; most web servers. Left undefined, PHP turns this on by default. You can +; turn it off here AT YOUR OWN RISK +; **You CAN safely turn this off for IIS, in fact, you MUST.** +; http://php.net/cgi.force-redirect +;cgi.force_redirect = 1 + +; if cgi.nph is enabled it will force cgi to always sent Status: 200 with +; every request. PHP's default behavior is to disable this feature. +;cgi.nph = 1 + +; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape +; (iPlanet) web servers, you MAY need to set an environment variable name that PHP +; will look for to know it is OK to continue execution. Setting this variable MAY +; cause security issues, KNOW WHAT YOU ARE DOING FIRST. +; http://php.net/cgi.redirect-status-env +;cgi.redirect_status_env = + +; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's +; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok +; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting +; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting +; of zero causes PHP to behave as before. Default is 1. You should fix your scripts +; to use SCRIPT_FILENAME rather than PATH_TRANSLATED. +; http://php.net/cgi.fix-pathinfo +;cgi.fix_pathinfo=1 + +; if cgi.discard_path is enabled, the PHP CGI binary can safely be placed outside +; of the web tree and people will not be able to circumvent .htaccess security. +;cgi.discard_path=1 + +; FastCGI under IIS supports the ability to impersonate +; security tokens of the calling client. This allows IIS to define the +; security context that the request runs under. mod_fastcgi under Apache +; does not currently support this feature (03/17/2002) +; Set to 1 if running under IIS. Default is zero. +; http://php.net/fastcgi.impersonate +;fastcgi.impersonate = 1 + +; Disable logging through FastCGI connection. PHP's default behavior is to enable +; this feature. +;fastcgi.logging = 0 + +; cgi.rfc2616_headers configuration option tells PHP what type of headers to +; use when sending HTTP response code. If set to 0, PHP sends Status: header that +; is supported by Apache. When this option is set to 1, PHP will send +; RFC2616 compliant header. +; Default is zero. +; http://php.net/cgi.rfc2616-headers +;cgi.rfc2616_headers = 0 + +; cgi.check_shebang_line controls whether CGI PHP checks for line starting with #! +; (shebang) at the top of the running script. This line might be needed if the +; script support running both as stand-alone script and via PHP CGI<. PHP in CGI +; mode skips this line and ignores its content if this directive is turned on. +; http://php.net/cgi.check-shebang-line +;cgi.check_shebang_line=1 + +;;;;;;;;;;;;;;;; +; File Uploads ; +;;;;;;;;;;;;;;;; +; Whether to allow HTTP file uploads. +; http://php.net/file-uploads +file_uploads = On + +; Temporary directory for HTTP uploaded files (will use system default if not +; specified). +; http://php.net/upload-tmp-dir +upload_tmp_dir = /var/lib/php/uploads + +; Maximum allowed size for uploaded files. +; http://php.net/upload-max-filesize +upload_max_filesize = 20M + +; Maximum number of files that can be uploaded via a single request +max_file_uploads = 20 + +;;;;;;;;;;;;;;;;;; +; Fopen wrappers ; +;;;;;;;;;;;;;;;;;; +; Whether to allow the treatment of URLs (like http:// or ftp://) as files. +; http://php.net/allow-url-fopen +allow_url_fopen = On + +; Whether to allow include/require to open URLs (like http:// or ftp://) as files. +; http://php.net/allow-url-include +allow_url_include = Off + +; Define the anonymous ftp password (your email address). PHP's default setting +; for this is empty. +; http://php.net/from +;from="john@doe.com" + +; Define the User-Agent string. PHP's default setting for this is empty. +; http://php.net/user-agent +;user_agent="PHP" + +; Default timeout for socket based streams (seconds) +; http://php.net/default-socket-timeout +default_socket_timeout = 60 + +; If your scripts have to deal with files from Macintosh systems, +; or you are running on a Mac and need to deal with files from +; unix or win32 systems, setting this flag will cause PHP to +; automatically detect the EOL character in those files so that +; fgets() and file() will work regardless of the source of the file. +; http://php.net/auto-detect-line-endings +;auto_detect_line_endings = Off + + + + + +;;;;;;;;;;;;;;;;;;; +; Module Settings ; +;;;;;;;;;;;;;;;;;;; + +[Assertion] +; Switch whether to compile assertions at all (to have no overhead at run-time) +; -1: Do not compile at all +; 0: Jump over assertion at run-time +; 1: Execute assertions +; Changing from or to a negative value is only possible in php.ini! (For turning assertions on and off at run-time, see assert.active, when zend.assertions = 1) +; Default Value: 1 +; Development Value: 1 +; Production Value: -1 +; http://php.net/zend.assertions +zend.assertions = -1 + +; Assert(expr); active by default. +; http://php.net/assert.active +;assert.active = On + +; Throw an AssertionError on failed assertions +; http://php.net/assert.exception +;assert.exception = On + +; Issue a PHP warning for each failed assertion. (Overridden by assert.exception if active) +; http://php.net/assert.warning +;assert.warning = On + +; Don't bail out by default. +; http://php.net/assert.bail +;assert.bail = Off + +; User-function to be called if an assertion fails. +; http://php.net/assert.callback +;assert.callback = 0 + +; Eval the expression with current error_reporting(). Set to true if you want +; error_reporting(0) around the eval(). +; http://php.net/assert.quiet-eval +;assert.quiet_eval = 0 + +[browscap] +; http://php.net/browscap +;browscap = extra/browscap.ini + +[CLI Server] +; Whether the CLI web server uses ANSI color coding in its terminal output. +cli_server.color = On + +[COM] +; path to a file containing GUIDs, IIDs or filenames of files with TypeLibs +; http://php.net/com.typelib-file +;com.typelib_file = + +; allow Distributed-COM calls +; http://php.net/com.allow-dcom +;com.allow_dcom = true + +; autoregister constants of a component's typlib on com_load() +; http://php.net/com.autoregister-typelib +;com.autoregister_typelib = true + +; register constants casesensitive +; http://php.net/com.autoregister-casesensitive +;com.autoregister_casesensitive = false + +; show warnings on duplicate constant registrations +; http://php.net/com.autoregister-verbose +;com.autoregister_verbose = true + +; The default character set code-page to use when passing strings to and from COM objects. +; Default: system ANSI code page +;com.code_page= + +[Date] +; Defines the default timezone used by the date functions +; http://php.net/date.timezone +date.timezone = UTC + +; http://php.net/date.default-latitude +;date.default_latitude = 31.7667 + +; http://php.net/date.default-longitude +;date.default_longitude = 35.2333 + +; http://php.net/date.sunrise-zenith +;date.sunrise_zenith = 90.583333 + +; http://php.net/date.sunset-zenith +;date.sunset_zenith = 90.583333 + +[ffi] +; FFI API restriction. Possible values: +; "preload" - enabled in CLI scripts and preloaded files (default) +; "false" - always disabled +; "true" - always enabled +;ffi.enable=preload + +; List of headers files to preload, wildcard patterns allowed. +;ffi.preload= + +[filter] +; http://php.net/filter.default +;filter.default = unsafe_raw + +; http://php.net/filter.default-flags +;filter.default_flags = + +[mail function] +; You may supply arguments as well (default: "sendmail -t -i"). +; http://php.net/sendmail-path +;sendmail_path = "/usr/sbin/sendmail -f 'noreply@slackware.uk' -t" + +; Force the addition of the specified parameters to be passed as extra parameters +; to the sendmail binary. These parameters will always replace the value of +; the 5th parameter to mail(). +;mail.force_extra_parameters = + +; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename +mail.add_x_header = Off + +; The path to a log file that will log all mail() calls. Log entries include +; the full path of the script, line number, To address and headers. +;mail.log = +; Log mail to syslog (Event Log on Windows). +;mail.log = syslog + +[OCI8] +; Connection: Enables privileged connections using external +; credentials (OCI_SYSOPER, OCI_SYSDBA) +; http://php.net/oci8.privileged-connect +;oci8.privileged_connect = Off + +; Connection: The maximum number of persistent OCI8 connections per +; process. Using -1 means no limit. +; http://php.net/oci8.max-persistent +;oci8.max_persistent = -1 + +; Connection: The maximum number of seconds a process is allowed to +; maintain an idle persistent connection. Using -1 means idle +; persistent connections will be maintained forever. +; http://php.net/oci8.persistent-timeout +;oci8.persistent_timeout = -1 + +; Connection: The number of seconds that must pass before issuing a +; ping during oci_pconnect() to check the connection validity. When +; set to 0, each oci_pconnect() will cause a ping. Using -1 disables +; pings completely. +; http://php.net/oci8.ping-interval +;oci8.ping_interval = 60 + +; Connection: Set this to a user chosen connection class to be used +; for all pooled server requests with Oracle 11g Database Resident +; Connection Pooling (DRCP). To use DRCP, this value should be set to +; the same string for all web servers running the same application, +; the database pool must be configured, and the connection string must +; specify to use a pooled server. +;oci8.connection_class = + +; High Availability: Using On lets PHP receive Fast Application +; Notification (FAN) events generated when a database node fails. The +; database must also be configured to post FAN events. +;oci8.events = Off + +; Tuning: This option enables statement caching, and specifies how +; many statements to cache. Using 0 disables statement caching. +; http://php.net/oci8.statement-cache-size +;oci8.statement_cache_size = 20 + +; Tuning: Enables statement prefetching and sets the default number of +; rows that will be fetched automatically after statement execution. +; http://php.net/oci8.default-prefetch +;oci8.default_prefetch = 100 + +; Compatibility. Using On means oci_close() will not close +; oci_connect() and oci_new_connect() connections. +; http://php.net/oci8.old-oci-close-semantics +;oci8.old_oci_close_semantics = Off + +[Pcre] +; PCRE library backtracking limit. +; http://php.net/pcre.backtrack-limit +;pcre.backtrack_limit=100000 + +; PCRE library recursion limit. +; Please note that if you set this value to a high number you may consume all +; the available process stack and eventually crash PHP (due to reaching the +; stack size limit imposed by the Operating System). +; http://php.net/pcre.recursion-limit +;pcre.recursion_limit=100000 + +; Enables or disables JIT compilation of patterns. This requires the PCRE +; library to be compiled with JIT support. +;pcre.jit=1 diff --git a/var/.gitignore b/var/.gitignore new file mode 100644 index 0000000..1a26644 --- /dev/null +++ b/var/.gitignore @@ -0,0 +1,12 @@ +/cache/ +/db/ +/empty/ +/local/ +/lock +/log/ +/mail/ +/opt/ +/run +/spool/ +/tmp/ +/www/ diff --git a/var/lib/.gitignore b/var/lib/.gitignore new file mode 100644 index 0000000..64d0447 --- /dev/null +++ b/var/lib/.gitignore @@ -0,0 +1,9 @@ +/ip6tables/ +/iptables/ +/misc/ +/prometheus/ +/rsyslog/ +/samba/ +/samba.pre-provision/ +/sudo/ +/terraform-http-backend/ diff --git a/var/lib/php/sessions/.gitkeepdir b/var/lib/php/sessions/.gitkeepdir new file mode 100644 index 0000000..e69de29 diff --git a/var/lib/php/uploads/.gitkeepdir b/var/lib/php/uploads/.gitkeepdir new file mode 100644 index 0000000..e69de29 From de2273d84ab49310030d3b3b0284697e8d33a55d Mon Sep 17 00:00:00 2001 From: Darren 'Tadgy' Austin Date: Fri, 19 Sep 2025 15:56:38 +0000 Subject: [PATCH 02/26] Update http configs to correct bugs. --- etc/apache2/httpd.conf | 4 ++-- etc/apache2/sites.d/core.slackware.uk.net.conf | 3 ++- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/etc/apache2/httpd.conf b/etc/apache2/httpd.conf index 86d9c6f..2fc537d 100644 --- a/etc/apache2/httpd.conf +++ b/etc/apache2/httpd.conf @@ -177,7 +177,7 @@ Alias /.well-known/acme-challenge/ /srv/dehydrated/ Require all granted - + Options Includes MultiViews SymLinksIfOwnerMatch AllowOverride AuthConfig FileInfo Indexes Limit @@ -206,7 +206,7 @@ Alias /.well-known/acme-challenge/ /srv/dehydrated/ - + Options ExecCGI Includes MultiViews SymLinksIfOwnerMatch AllowOverride AuthConfig FileInfo Limit diff --git a/etc/apache2/sites.d/core.slackware.uk.net.conf b/etc/apache2/sites.d/core.slackware.uk.net.conf index 7c46493..9712618 100644 --- a/etc/apache2/sites.d/core.slackware.uk.net.conf +++ b/etc/apache2/sites.d/core.slackware.uk.net.conf @@ -9,9 +9,10 @@ - + ServerName core.slackware.uk.net + SSLEngine On SSLCertificateFile /etc/certificates/core.slackware.uk.net_cert.pem SSLCertificateKeyFile /etc/certificates/core.slackware.uk.net_key.pem SSLCertificateChainFile /etc/certificates/core.slackware.uk.net_chain.pem From 2358839ef6acbad629b23fa249647ab52db326be Mon Sep 17 00:00:00 2001 From: Darren 'Tadgy' Austin Date: Fri, 19 Sep 2025 15:59:16 +0000 Subject: [PATCH 03/26] Correct php-fpm socket location. --- .gitattributesdb | 2 +- etc/apache2/httpd.conf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitattributesdb b/.gitattributesdb index 39c8b82..31efe69 100644 --- a/.gitattributesdb +++ b/.gitattributesdb @@ -9,7 +9,7 @@ LmdpdGlnbm9yZQ== 1758288513 1757593248 root:root 0644 - - LmdpdG1vZHVsZXM= 1757607701 1757607701 root:root 0644 - - ZXRjLy5naXRpZ25vcmU= 1758218823 1757611781 root:root 0644 - - ZXRjL2FwYWNoZTIvLmdpdGlnbm9yZQ== 1757775950 1757775932 root:root 0644 - - -ZXRjL2FwYWNoZTIvaHR0cGQuY29uZg== 1758296678 1757785514 root:root 0644 - - +ZXRjL2FwYWNoZTIvaHR0cGQuY29uZg== 1758297527 1757785514 root:root 0644 - - ZXRjL2FwYWNoZTIvc2l0ZXMuZC9jb3JlLnNsYWNrd2FyZS51ay5uZXQuY29uZg== 1758296215 1757785113 root:root 0644 - - ZXRjL2NvbmYuZC8uZ2l0aWdub3Jl 1758050750 1757609410 root:root 0644 - - ZXRjL2NvbmYuZC9ib290bWlzYw== 1757591865 1757591865 root:root 0644 - - diff --git a/etc/apache2/httpd.conf b/etc/apache2/httpd.conf index 2fc537d..4d7c941 100644 --- a/etc/apache2/httpd.conf +++ b/etc/apache2/httpd.conf @@ -200,7 +200,7 @@ Alias /.well-known/acme-challenge/ /srv/dehydrated/ DirectoryIndex index.php index.phtml - SetHandler proxy:unix:/run/php-fpm83/php-fpm.sock|fcgi://localhost/ + SetHandler proxy:unix:/run/php-fpm84/php-fpm.sock|fcgi://localhost/ From 62ebcafcc1f0e03998fc8e6a2f33c8c323891333 Mon Sep 17 00:00:00 2001 From: Darren 'Tadgy' Austin Date: Fri, 19 Sep 2025 16:10:43 +0000 Subject: [PATCH 04/26] Clean up php.ini. --- .gitattributesdb | 2 +- etc/php84/php.ini | 99 +++++++++++------------------------------------ 2 files changed, 23 insertions(+), 78 deletions(-) diff --git a/.gitattributesdb b/.gitattributesdb index 31efe69..7208e81 100644 --- a/.gitattributesdb +++ b/.gitattributesdb @@ -75,7 +75,7 @@ ZXRjL3BocDg0L2NvbmYuZC85OV9zeXN2c2htLmluaQ== 1758297192 1758297192 root:root 064 ZXRjL3BocDg0L2NvbmYuZC85OV90aWR5LmluaQ== 1758297192 1758297192 root:root 0644 - - ZXRjL3BocDg0L3BocC1mcG0uY29uZg== 1758297200 1754432634 root:root 0644 - - ZXRjL3BocDg0L3BocC1mcG0uZC93d3cuY29uZg== 1758297200 1754432634 root:root 0644 - - -ZXRjL3BocDg0L3BocC5pbmk= 1758297200 1754432634 root:root 0644 - - +ZXRjL3BocDg0L3BocC5pbmk= 1758298187 1754432634 root:root 0644 - - ZXRjL3BrZ2xpc3Q= 1758240000 1757609913 root:root 0644 - - ZXRjL3B1c2hvdmVyLWNsaWVudC9kZWZhdWx0 1758224985 1758224590 root:root 0600 - - ZXRjL3Jlc29sdi5jb25m 1757611605 1757611605 root:root 0644 - - diff --git a/etc/php84/php.ini b/etc/php84/php.ini index fecf83e..ed8bfd1 100644 --- a/etc/php84/php.ini +++ b/etc/php84/php.ini @@ -709,14 +709,6 @@ default_socket_timeout = 60 ; http://php.net/auto-detect-line-endings ;auto_detect_line_endings = Off - - - - -;;;;;;;;;;;;;;;;;;; -; Module Settings ; -;;;;;;;;;;;;;;;;;;; - [Assertion] ; Switch whether to compile assertions at all (to have no overhead at run-time) ; -1: Do not compile at all @@ -762,6 +754,28 @@ zend.assertions = -1 ; Whether the CLI web server uses ANSI color coding in its terminal output. cli_server.color = On +[Date] +; Defines the default timezone used by the date functions +; http://php.net/date.timezone +date.timezone = UTC + +; http://php.net/date.default-latitude +;date.default_latitude = 31.7667 + +; http://php.net/date.default-longitude +;date.default_longitude = 35.2333 + +; http://php.net/date.sunrise-zenith +;date.sunrise_zenith = 90.583333 + +; http://php.net/date.sunset-zenith +;date.sunset_zenith = 90.583333 + + +;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; Built-In Module Settings ; +;;;;;;;;;;;;;;;;;;;;;;;;;;;; + [COM] ; path to a file containing GUIDs, IIDs or filenames of files with TypeLibs ; http://php.net/com.typelib-file @@ -787,23 +801,6 @@ cli_server.color = On ; Default: system ANSI code page ;com.code_page= -[Date] -; Defines the default timezone used by the date functions -; http://php.net/date.timezone -date.timezone = UTC - -; http://php.net/date.default-latitude -;date.default_latitude = 31.7667 - -; http://php.net/date.default-longitude -;date.default_longitude = 35.2333 - -; http://php.net/date.sunrise-zenith -;date.sunrise_zenith = 90.583333 - -; http://php.net/date.sunset-zenith -;date.sunset_zenith = 90.583333 - [ffi] ; FFI API restriction. Possible values: ; "preload" - enabled in CLI scripts and preloaded files (default) @@ -840,58 +837,6 @@ mail.add_x_header = Off ; Log mail to syslog (Event Log on Windows). ;mail.log = syslog -[OCI8] -; Connection: Enables privileged connections using external -; credentials (OCI_SYSOPER, OCI_SYSDBA) -; http://php.net/oci8.privileged-connect -;oci8.privileged_connect = Off - -; Connection: The maximum number of persistent OCI8 connections per -; process. Using -1 means no limit. -; http://php.net/oci8.max-persistent -;oci8.max_persistent = -1 - -; Connection: The maximum number of seconds a process is allowed to -; maintain an idle persistent connection. Using -1 means idle -; persistent connections will be maintained forever. -; http://php.net/oci8.persistent-timeout -;oci8.persistent_timeout = -1 - -; Connection: The number of seconds that must pass before issuing a -; ping during oci_pconnect() to check the connection validity. When -; set to 0, each oci_pconnect() will cause a ping. Using -1 disables -; pings completely. -; http://php.net/oci8.ping-interval -;oci8.ping_interval = 60 - -; Connection: Set this to a user chosen connection class to be used -; for all pooled server requests with Oracle 11g Database Resident -; Connection Pooling (DRCP). To use DRCP, this value should be set to -; the same string for all web servers running the same application, -; the database pool must be configured, and the connection string must -; specify to use a pooled server. -;oci8.connection_class = - -; High Availability: Using On lets PHP receive Fast Application -; Notification (FAN) events generated when a database node fails. The -; database must also be configured to post FAN events. -;oci8.events = Off - -; Tuning: This option enables statement caching, and specifies how -; many statements to cache. Using 0 disables statement caching. -; http://php.net/oci8.statement-cache-size -;oci8.statement_cache_size = 20 - -; Tuning: Enables statement prefetching and sets the default number of -; rows that will be fetched automatically after statement execution. -; http://php.net/oci8.default-prefetch -;oci8.default_prefetch = 100 - -; Compatibility. Using On means oci_close() will not close -; oci_connect() and oci_new_connect() connections. -; http://php.net/oci8.old-oci-close-semantics -;oci8.old_oci_close_semantics = Off - [Pcre] ; PCRE library backtracking limit. ; http://php.net/pcre.backtrack-limit From 9fba300e45b1658abbe8fbc71459e4d2dfa4fbec Mon Sep 17 00:00:00 2001 From: Darren 'Tadgy' Austin Date: Sat, 20 Sep 2025 13:21:16 +0000 Subject: [PATCH 05/26] Update pkglist. --- .gitattributesdb | 6 +++--- etc/pkglist | 18 +++++++++++++++--- 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/.gitattributesdb b/.gitattributesdb index 7208e81..a76a551 100644 --- a/.gitattributesdb +++ b/.gitattributesdb @@ -76,7 +76,7 @@ ZXRjL3BocDg0L2NvbmYuZC85OV90aWR5LmluaQ== 1758297192 1758297192 root:root 0644 - ZXRjL3BocDg0L3BocC1mcG0uY29uZg== 1758297200 1754432634 root:root 0644 - - ZXRjL3BocDg0L3BocC1mcG0uZC93d3cuY29uZg== 1758297200 1754432634 root:root 0644 - - ZXRjL3BocDg0L3BocC5pbmk= 1758298187 1754432634 root:root 0644 - - -ZXRjL3BrZ2xpc3Q= 1758240000 1757609913 root:root 0644 - - +ZXRjL3BrZ2xpc3Q= 1758374426 1757609913 root:root 0644 - - ZXRjL3B1c2hvdmVyLWNsaWVudC9kZWZhdWx0 1758224985 1758224590 root:root 0600 - - ZXRjL3Jlc29sdi5jb25m 1757611605 1757611605 root:root 0644 - - ZXRjL3J1bmxldmVscy9ib290Ly5naXRpZ25vcmU= 1757769666 1757598667 root:root 0644 - - @@ -93,7 +93,7 @@ ZXRjL3J1bmxldmVscy9kZWZhdWx0L3RlcnJhZm9ybS1odHRwLWJhY2tlbmQ= 1757772274 17577722 ZXRjL3J1bmxldmVscy9zaHV0ZG93bi9pcDZ0YWJsZXM= 1757770292 1757770292 root:root 0777 - - ZXRjL3J1bmxldmVscy9zaHV0ZG93bi9pcHRhYmxlcw== 1757770284 1757770284 root:root 0777 - - ZXRjL3J1bmxldmVscy9zaHV0ZG93bi9zYW1iYQ== 1757708520 1757708520 root:root 0777 - - -ZXRjL3NhbWJhL3NtYi5jb25m 1758215678 1758208516 root:root 0644 - - +ZXRjL3NhbWJhL3NtYi5jb25m 1758361504 1758208516 root:root 0644 - - ZXRjL3NhbWJhL3NtYnVzZXJz 1758121825 1758121586 root:root 0644 - - ZXRjL3NoYWRvdy5ncGc= 1757599010 1757599010 root:root 0644 - - ZXRjL3NzaC8uZ2l0aWdub3Jl 1757606957 1757606957 root:root 0644 - - @@ -141,4 +141,4 @@ ZXRjL3NoYWRvdy0= 1757761290 1757702629 root:shadow 0640 - - ZXRjL3N1ZG9lcnM= 1753553353 1753553353 root:root 0440 - - ZXRjL3N1ZG9lcnMuZC9kZWZhdWx0cw== 1757599359 1757599359 root:root 0640 - - ZXRjL3N1ZG9lcnMuZC9yb290LWFjY2Vzcw== 1757600157 1757600157 root:root 0640 - - -aG9tZS9zeXNhZG1pbg== 1757861322 1757761412 sysadmin:users 0711 - - +aG9tZS9zeXNhZG1pbg== 1758373559 1757761412 sysadmin:users 0711 - - diff --git a/etc/pkglist b/etc/pkglist index 3a35591..9b29fca 100644 --- a/etc/pkglist +++ b/etc/pkglist @@ -114,6 +114,7 @@ ncurses-terminfo-base nettle nghttp2-libs npth +openldap-clients openrc openrc-user openssh @@ -127,9 +128,20 @@ openssh-sftp-server openssl p11-kit pcre2 -php83 -php83-common -php83-fpm +php84 +php84-bcmath +php84-common +php84-curl +php84-fpm +php84-gettext +php84-gmp +php84-intl +php84-ldap +php84-opcache +php84-openssl +php84-session +php84-sqlite3 +php84-xml pinentry popt procps-ng From dea8fed8cc08d8d4f3fead5f7863e682fbe831d8 Mon Sep 17 00:00:00 2001 From: Darren 'Tadgy' Austin Date: Sat, 20 Sep 2025 13:22:45 +0000 Subject: [PATCH 06/26] Added an ldap.conf. --- .gitattributesdb | 1 + etc/openldap/ldap.conf | 10 ++++++++++ 2 files changed, 11 insertions(+) create mode 100644 etc/openldap/ldap.conf diff --git a/.gitattributesdb b/.gitattributesdb index a76a551..11a07bd 100644 --- a/.gitattributesdb +++ b/.gitattributesdb @@ -42,6 +42,7 @@ ZXRjL21zbXRwLmFsaWFzZXM= 1758035451 1758035451 root:root 0644 - - ZXRjL21zbXRwcmMuZ3Bn 1758049424 1758049424 root:root 0644 - - ZXRjL25ldHdvcmsvLmdpdGlnbm9yZQ== 1757596572 1757596572 root:root 0644 - - ZXRjL25ldHdvcmsvaW50ZXJmYWNlcw== 1757759982 1757596330 root:root 0644 - - +ZXRjL29wZW5sZGFwL2xkYXAuY29uZg== 1758374529 1730112559 root:root 0644 - - ZXRjL3Bhc3N3ZA== 1757873724 1757869538 root:root 0644 - - ZXRjL3BlcmlvZGljL2RhaWx5LzAtcm90YXRlLWxvZ3Mtc3ltbGlua3M= 1758222266 1758222266 root:root 0777 - - ZXRjL3BlcmlvZGljL2RhaWx5LzEwLWRlaHlkcmF0ZWQ= 1757708520 1757708520 root:root 0777 - - diff --git a/etc/openldap/ldap.conf b/etc/openldap/ldap.conf new file mode 100644 index 0000000..b46f0f5 --- /dev/null +++ b/etc/openldap/ldap.conf @@ -0,0 +1,10 @@ +# LDAP Defaults + +URI ldap://core.slackware.uk.net +BASE dc=slackware,dc=uk,dc=net +VERSION 3 + +TLS_CACERT /etc/certificates/LetsEncrypt-CompleteCertificateStore.pem +TLS_CERT /etc/certificates/core.slackware.uk.net_cert.pem +TLS_KEY /etc/certificates/core.slackware.uk.net_key.pem +TLS_PROTOCOL_MIN 3.3 From ad930e33a6c4b199697052746a33575bd72c3402 Mon Sep 17 00:00:00 2001 From: Darren 'Tadgy' Austin Date: Sat, 20 Sep 2025 13:57:56 +0000 Subject: [PATCH 07/26] Increase memory usable for PHP. --- .gitattributesdb | 2 +- etc/php84/php.ini | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitattributesdb b/.gitattributesdb index 11a07bd..490bb95 100644 --- a/.gitattributesdb +++ b/.gitattributesdb @@ -76,7 +76,7 @@ ZXRjL3BocDg0L2NvbmYuZC85OV9zeXN2c2htLmluaQ== 1758297192 1758297192 root:root 064 ZXRjL3BocDg0L2NvbmYuZC85OV90aWR5LmluaQ== 1758297192 1758297192 root:root 0644 - - ZXRjL3BocDg0L3BocC1mcG0uY29uZg== 1758297200 1754432634 root:root 0644 - - ZXRjL3BocDg0L3BocC1mcG0uZC93d3cuY29uZg== 1758297200 1754432634 root:root 0644 - - -ZXRjL3BocDg0L3BocC5pbmk= 1758298187 1754432634 root:root 0644 - - +ZXRjL3BocDg0L3BocC5pbmk= 1758374648 1754432634 root:root 0644 - - ZXRjL3BrZ2xpc3Q= 1758374426 1757609913 root:root 0644 - - ZXRjL3B1c2hvdmVyLWNsaWVudC9kZWZhdWx0 1758224985 1758224590 root:root 0600 - - ZXRjL3Jlc29sdi5jb25m 1757611605 1757611605 root:root 0644 - - diff --git a/etc/php84/php.ini b/etc/php84/php.ini index ed8bfd1..567efca 100644 --- a/etc/php84/php.ini +++ b/etc/php84/php.ini @@ -247,7 +247,7 @@ max_input_time = 30 ; Maximum amount of memory a script may consume ; http://php.net/memory-limit -memory_limit = 64M +memory_limit = 1024M ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ; Error handling and logging ; From e792992cfb26f7d7cafcddc82c35fea3a35de3fc Mon Sep 17 00:00:00 2001 From: Darren 'Tadgy' Austin Date: Sat, 20 Sep 2025 14:26:08 +0000 Subject: [PATCH 08/26] Finalise logging in smb.conf. --- .gitattributesdb | 2 +- etc/samba/smb.conf | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.gitattributesdb b/.gitattributesdb index 490bb95..5e72d8b 100644 --- a/.gitattributesdb +++ b/.gitattributesdb @@ -94,7 +94,7 @@ ZXRjL3J1bmxldmVscy9kZWZhdWx0L3RlcnJhZm9ybS1odHRwLWJhY2tlbmQ= 1757772274 17577722 ZXRjL3J1bmxldmVscy9zaHV0ZG93bi9pcDZ0YWJsZXM= 1757770292 1757770292 root:root 0777 - - ZXRjL3J1bmxldmVscy9zaHV0ZG93bi9pcHRhYmxlcw== 1757770284 1757770284 root:root 0777 - - ZXRjL3J1bmxldmVscy9zaHV0ZG93bi9zYW1iYQ== 1757708520 1757708520 root:root 0777 - - -ZXRjL3NhbWJhL3NtYi5jb25m 1758361504 1758208516 root:root 0644 - - +ZXRjL3NhbWJhL3NtYi5jb25m 1758378340 1758208516 root:root 0644 - - ZXRjL3NhbWJhL3NtYnVzZXJz 1758121825 1758121586 root:root 0644 - - ZXRjL3NoYWRvdy5ncGc= 1757599010 1757599010 root:root 0644 - - ZXRjL3NzaC8uZ2l0aWdub3Jl 1757606957 1757606957 root:root 0644 - - diff --git a/etc/samba/smb.conf b/etc/samba/smb.conf index 4060f8a..eb3c9cb 100644 --- a/etc/samba/smb.conf +++ b/etc/samba/smb.conf @@ -5,13 +5,14 @@ workgroup = SLACKWAREUKNET server string = "slackware.uk.net Domain Controller" # dns forwarder = 5.101.171.216 5.101.171.217 185.176.90.169 dns forwarder = 216.119.155.58 185.176.90.169 -allow dns updates = disabled -tls cafile = /etc/certificates/core.slackware.uk.net_fullchain.pem +allow dns updates = no +tls cafile = /etc/ssl/certs/ca-certificates.crt tls certfile = /etc/certificates/core.slackware.uk.net_cert.pem tls keyfile = /etc/certificates/core.slackware.uk.net_key.pem tls verify peer = ca_and_name_if_available log level = 1 logging = syslog:local5 +enable core files = no idmap config * : backend = tdb # There are only 568 IDs mapped into the container by TrueNAS, so limit the number that can be used. idmap config * : range = 10000-10500 From 03d8ec939c7e76c86739b93c3dab9444ec92e3a7 Mon Sep 17 00:00:00 2001 From: Darren 'Tadgy' Austin Date: Mon, 22 Sep 2025 15:46:15 +0000 Subject: [PATCH 09/26] Fix samba logging, hopefully finally! --- .gitattributesdb | 19 ++++--- etc/.gitignore | 1 - etc/init.d/.gitignore | 4 ++ etc/init.d/samba | 90 +++++++++++++++++++++++++++++++ etc/init.d/terraform-http-backend | 19 +++++++ etc/samba/smb.conf | 5 +- 6 files changed, 128 insertions(+), 10 deletions(-) create mode 100644 etc/init.d/.gitignore create mode 100755 etc/init.d/samba create mode 100755 etc/init.d/terraform-http-backend diff --git a/.gitattributesdb b/.gitattributesdb index 5e72d8b..2563d8b 100644 --- a/.gitattributesdb +++ b/.gitattributesdb @@ -7,10 +7,10 @@ LmdpdGhvb2tzL3Bvc3QtbWVyZ2U= 1757519106 1757519106 root:root 0755 - - LmdpdGhvb2tzL3ByZS1jb21taXQ= 1757519106 1757519106 root:root 0755 - - LmdpdGlnbm9yZQ== 1758288513 1757593248 root:root 0644 - - LmdpdG1vZHVsZXM= 1757607701 1757607701 root:root 0644 - - -ZXRjLy5naXRpZ25vcmU= 1758218823 1757611781 root:root 0644 - - +ZXRjLy5naXRpZ25vcmU= 1758555751 1757611781 root:root 0644 - - ZXRjL2FwYWNoZTIvLmdpdGlnbm9yZQ== 1757775950 1757775932 root:root 0644 - - -ZXRjL2FwYWNoZTIvaHR0cGQuY29uZg== 1758297527 1757785514 root:root 0644 - - -ZXRjL2FwYWNoZTIvc2l0ZXMuZC9jb3JlLnNsYWNrd2FyZS51ay5uZXQuY29uZg== 1758296215 1757785113 root:root 0644 - - +ZXRjL2FwYWNoZTIvaHR0cGQuY29uZg== 1758539420 1757785514 root:root 0644 - - +ZXRjL2FwYWNoZTIvc2l0ZXMuZC9jb3JlLnNsYWNrd2FyZS51ay5uZXQuY29uZg== 1758538630 1757785113 root:root 0644 - - ZXRjL2NvbmYuZC8uZ2l0aWdub3Jl 1758050750 1757609410 root:root 0644 - - ZXRjL2NvbmYuZC9ib290bWlzYw== 1757591865 1757591865 root:root 0644 - - ZXRjL2NvbmYuZC9ub2RlLWV4cG9ydGVy 1757592526 1757592526 root:root 0644 - - @@ -31,6 +31,9 @@ ZXRjL2RlaHlkcmF0ZWQvaG9va3MvZGVmYXVsdA== 1758045829 1757862077 root:root 0755 - ZXRjL2dyb3Vw 1757873802 1757869538 root:root 0644 - - ZXRjL2hvc3RuYW1l 1757594311 1757594311 root:root 0644 - - ZXRjL2hvc3Rz 1757594362 1757594362 root:root 0644 - - +ZXRjL2luaXQuZC8uZ2l0aWdub3Jl 1758555849 1758555812 root:root 0644 - - +ZXRjL2luaXQuZC9zYW1iYQ== 1758555093 1748355660 root:root 0755 - - +ZXRjL2luaXQuZC90ZXJyYWZvcm0taHR0cC1iYWNrZW5k 1757772166 1757770736 root:root 0755 - - ZXRjL2lwdGFibGVzL3J1bGVzLXNhdmU= 1757789154 1757789154 root:root 0600 - - ZXRjL2lwdGFibGVzL3J1bGVzNi1zYXZl 1757789154 1757789154 root:root 0600 - - ZXRjL2tyYjUuY29uZg== 1758214709 1583171707 root:root 0644 - - @@ -76,8 +79,8 @@ ZXRjL3BocDg0L2NvbmYuZC85OV9zeXN2c2htLmluaQ== 1758297192 1758297192 root:root 064 ZXRjL3BocDg0L2NvbmYuZC85OV90aWR5LmluaQ== 1758297192 1758297192 root:root 0644 - - ZXRjL3BocDg0L3BocC1mcG0uY29uZg== 1758297200 1754432634 root:root 0644 - - ZXRjL3BocDg0L3BocC1mcG0uZC93d3cuY29uZg== 1758297200 1754432634 root:root 0644 - - -ZXRjL3BocDg0L3BocC5pbmk= 1758374648 1754432634 root:root 0644 - - -ZXRjL3BrZ2xpc3Q= 1758374426 1757609913 root:root 0644 - - +ZXRjL3BocDg0L3BocC5pbmk= 1758544870 1754432634 root:root 0644 - - +ZXRjL3BrZ2xpc3Q= 1758499200 1757609913 root:root 0644 - - ZXRjL3B1c2hvdmVyLWNsaWVudC9kZWZhdWx0 1758224985 1758224590 root:root 0600 - - ZXRjL3Jlc29sdi5jb25m 1757611605 1757611605 root:root 0644 - - ZXRjL3J1bmxldmVscy9ib290Ly5naXRpZ25vcmU= 1757769666 1757598667 root:root 0644 - - @@ -94,7 +97,7 @@ ZXRjL3J1bmxldmVscy9kZWZhdWx0L3RlcnJhZm9ybS1odHRwLWJhY2tlbmQ= 1757772274 17577722 ZXRjL3J1bmxldmVscy9zaHV0ZG93bi9pcDZ0YWJsZXM= 1757770292 1757770292 root:root 0777 - - ZXRjL3J1bmxldmVscy9zaHV0ZG93bi9pcHRhYmxlcw== 1757770284 1757770284 root:root 0777 - - ZXRjL3J1bmxldmVscy9zaHV0ZG93bi9zYW1iYQ== 1757708520 1757708520 root:root 0777 - - -ZXRjL3NhbWJhL3NtYi5jb25m 1758378340 1758208516 root:root 0644 - - +ZXRjL3NhbWJhL3NtYi5jb25m 1758555660 1758208516 root:root 0644 - - ZXRjL3NhbWJhL3NtYnVzZXJz 1758121825 1758121586 root:root 0644 - - ZXRjL3NoYWRvdy5ncGc= 1757599010 1757599010 root:root 0644 - - ZXRjL3NzaC8uZ2l0aWdub3Jl 1757606957 1757606957 root:root 0644 - - @@ -115,7 +118,7 @@ aG9tZS9zeXNhZG1pbi8ubmFub3Jj 1757585756 1757585756 sysadmin:users 0644 - - aG9tZS9zeXNhZG1pbi8uc3NoLy5naXRpZ25vcmU= 1757593349 1757593349 sysadmin:users 0644 - - aG9tZS9zeXNhZG1pbi8uc3NoL2F1dGhvcml6ZWRfa2V5cw== 1757763178 1757587611 sysadmin:users 0644 - - b3B0L3NiaW4vY3JvbmpvYi1kZWh5ZHJhdGVk 1758033093 1757531685 root:root 0755 - - -b3B0L3NiaW4vY3JvbmpvYi1yb3RhdGUtbG9ncy1zeW1saW5rcw== 1758224324 1758224324 root:root 0755 - - +b3B0L3NiaW4vY3JvbmpvYi1yb3RhdGUtbG9ncy1zeW1saW5rcw== 1758555302 1758224324 root:root 0755 - - b3B0L3NiaW4vY3JvbmpvYi11cGRhdGUtcGFja2FnZXMtbGlzdA== 1757531121 1757531121 root:root 0755 - - b3B0L3NiaW4vY3JvbmpvYi13YXJuLWdpdC1zdGF0dXM= 1758221607 1757591137 root:root 0755 - - b3B0L3NiaW4vZGVoeWRyYXRlZA== 1757531557 1757531557 root:root 0755 - - @@ -125,7 +128,7 @@ cm9vdC8uYmFzaF9sb2dvdXQ= 1757582867 1757582867 root:root 0644 - - cm9vdC8uYmFzaF9wcm9maWxl 1757584711 1757584711 root:root 0644 - - cm9vdC8uYmFzaHJj 1757861289 1757586493 root:root 0644 - - cm9vdC8uZ2l0Y29uZmln 1757582738 1757582738 root:root 0644 - - -cm9vdC8uZ2l0aWdub3Jl 1757600312 1757600312 root:root 0644 - - +cm9vdC8uZ2l0aWdub3Jl 1758539776 1757600312 root:root 0644 - - cm9vdC8ubG9jYWwvc2hhcmUvbmFuby8uZ2l0aWdub3Jl 1757586210 1757586210 root:root 0644 - - cm9vdC8ubmFub3Jj 1757585756 1757585756 root:root 0644 - - cm9vdC8uc3NoLy5naXRpZ25vcmU= 1757593349 1757593349 root:root 0644 - - diff --git a/etc/.gitignore b/etc/.gitignore index 9927d65..c3faf22 100644 --- a/etc/.gitignore +++ b/etc/.gitignore @@ -10,7 +10,6 @@ /ethertypes /fstab /group- -/init.d/ /inittab /inputrc /issue diff --git a/etc/init.d/.gitignore b/etc/init.d/.gitignore new file mode 100644 index 0000000..f3bc12c --- /dev/null +++ b/etc/init.d/.gitignore @@ -0,0 +1,4 @@ +/* +!/.gitignore +!/samba +!/terraform-http-backend diff --git a/etc/init.d/samba b/etc/init.d/samba new file mode 100755 index 0000000..8027985 --- /dev/null +++ b/etc/init.d/samba @@ -0,0 +1,90 @@ +#!/sbin/openrc-run + +extra_started_commands="reload" +piddir=${piddir:-"/run/samba"} + +DAEMON=${RC_SVCNAME#samba.} +if [ "$DAEMON" != "$RC_SVCNAME" ]; then + daemon_list=$DAEMON +fi + +depend() { + need net + after firewall +} + +start_pre() { + checkpath --directory "$piddir" +} + +start_samba() { + start-stop-daemon --start --quiet --exec /usr/sbin/samba -- \ + ${samba_options:-"-D" "-l" "/var/log/core.slackware.uk.net/today/samba"} +} + +stop_samba() { + start-stop-daemon --stop --quiet --pidfile "$piddir"/samba.pid +} + +start_smbd() { + start-stop-daemon --start --quiet --exec /usr/sbin/smbd -- \ + ${smbd_options:-"-D"} +} + +stop_smbd() { + start-stop-daemon --stop --quiet --pidfile "$piddir"/smbd.pid +} + +start_nmbd() { + start-stop-daemon --start --quiet --exec /usr/sbin/nmbd -- \ + ${nmbd_options:-"-D"} +} + +stop_nmbd() { + start-stop-daemon --stop --quiet --pidfile "$piddir"/nmbd.pid +} + +start_winbindd() { + start-stop-daemon --start --quiet --exec /usr/sbin/winbindd -- \ + ${winbindd_options:-"-D"} +} + +stop_winbindd() { + start-stop-daemon --stop --quiet --pidfile "$piddir"/winbindd.pid +} + + +start_bgqd() { + start-stop-daemon --start --quiet --exec /usr/lib/samba/samba-bgqd -- \ + ${bgqd_options:-"-D"} +} + +stop_bgqd() { + start-stop-daemon --stop --quiet --pidfile "$piddir"/samba-bgqd.pid +} + +start() { + for i in $daemon_list; do + ebegin "Starting $i" + start_$i + eend $? + done +} + +stop() { + for i in $daemon_list; do + ebegin "Stopping $i" + stop_$i + eend $? + done +} + +reload() { + for i in $daemon_list; do + ebegin "Reloading $i" + # bgqd binary is called samba-bgqd + busybox killall -HUP ${i/bgqd/samba-bgqd} + eend $? + done +} + diff --git a/etc/init.d/terraform-http-backend b/etc/init.d/terraform-http-backend new file mode 100755 index 0000000..c43d8a2 --- /dev/null +++ b/etc/init.d/terraform-http-backend @@ -0,0 +1,19 @@ +#!/sbin/openrc-run + +depend() { + need net + after firewall +} + +start() { + ebegin "Starting terraform-http-backend" + source /etc/conf.d/terraform-http-backend || eend 1 + su "$TF_USER" -c "/opt/sbin/terraform-http-backend &" || eend 1 + eend $? +} + +stop() { + ebegin "Stopping terraform-http-backend" + busybox killall -TERM terraform-http-backend + eend $? +} diff --git a/etc/samba/smb.conf b/etc/samba/smb.conf index eb3c9cb..429ccfe 100644 --- a/etc/samba/smb.conf +++ b/etc/samba/smb.conf @@ -10,8 +10,11 @@ tls cafile = /etc/ssl/certs/ca-certificates.crt tls certfile = /etc/certificates/core.slackware.uk.net_cert.pem tls keyfile = /etc/certificates/core.slackware.uk.net_key.pem tls verify peer = ca_and_name_if_available -log level = 1 +log level = 2 logging = syslog:local5 +log file = /var/log/core.slackware.uk.net/today/samba/samba +debug syslog format = always +debug hires timestamp = yes enable core files = no idmap config * : backend = tdb # There are only 568 IDs mapped into the container by TrueNAS, so limit the number that can be used. From b40a01832bfa476b921f0c8a6723df2c472cdb1d Mon Sep 17 00:00:00 2001 From: Darren 'Tadgy' Austin Date: Tue, 21 Oct 2025 13:19:57 +0000 Subject: [PATCH 10/26] Update gpg passphrases. --- .gitattributesdb | 91 +++++++++--------- ...GV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo.tar.gpg | Bin 3538 -> 3538 bytes etc/msmtprc.gpg | Bin 322 -> 321 bytes etc/pla/config.php.gpg | Bin 0 -> 8746 bytes etc/shadow.gpg | Bin 420 -> 421 bytes 5 files changed, 46 insertions(+), 45 deletions(-) create mode 100644 etc/pla/config.php.gpg diff --git a/.gitattributesdb b/.gitattributesdb index 2563d8b..5664795 100644 --- a/.gitattributesdb +++ b/.gitattributesdb @@ -7,10 +7,10 @@ LmdpdGhvb2tzL3Bvc3QtbWVyZ2U= 1757519106 1757519106 root:root 0755 - - LmdpdGhvb2tzL3ByZS1jb21taXQ= 1757519106 1757519106 root:root 0755 - - LmdpdGlnbm9yZQ== 1758288513 1757593248 root:root 0644 - - LmdpdG1vZHVsZXM= 1757607701 1757607701 root:root 0644 - - -ZXRjLy5naXRpZ25vcmU= 1758555751 1757611781 root:root 0644 - - +ZXRjLy5naXRpZ25vcmU= 1758642133 1757611781 root:root 0644 - - ZXRjL2FwYWNoZTIvLmdpdGlnbm9yZQ== 1757775950 1757775932 root:root 0644 - - -ZXRjL2FwYWNoZTIvaHR0cGQuY29uZg== 1758539420 1757785514 root:root 0644 - - -ZXRjL2FwYWNoZTIvc2l0ZXMuZC9jb3JlLnNsYWNrd2FyZS51ay5uZXQuY29uZg== 1758538630 1757785113 root:root 0644 - - +ZXRjL2FwYWNoZTIvaHR0cGQuY29uZg== 1758837649 1757785514 root:root 0644 - - +ZXRjL2FwYWNoZTIvc2l0ZXMuZC9jb3JlLnNsYWNrd2FyZS51ay5uZXQuY29uZg== 1758817141 1757785113 root:root 0644 - - ZXRjL2NvbmYuZC8uZ2l0aWdub3Jl 1758050750 1757609410 root:root 0644 - - ZXRjL2NvbmYuZC9ib290bWlzYw== 1757591865 1757591865 root:root 0644 - - ZXRjL2NvbmYuZC9ub2RlLWV4cG9ydGVy 1757592526 1757592526 root:root 0644 - - @@ -20,7 +20,7 @@ ZXRjL2NvbmYuZC90ZXJyYWZvcm0taHR0cC1iYWNrZW5k 1757771663 1757595391 root:root 064 ZXRjL2Nyb250YWJzL3Jvb3Q= 1757593504 1757593504 root:root 0600 - - ZXRjL2RlaHlkcmF0ZWQvLmdpdGlnbm9yZQ== 1758038054 1758038054 root:root 0644 - - ZXRjL2RlaHlkcmF0ZWQvYWNjb3VudHMvLmdpdGlnbm9yZQ== 1757873230 1757873230 root:root 0644 - - -ZXRjL2RlaHlkcmF0ZWQvYWNjb3VudHMvYUhSMGNITTZMeTloWTIxbExYWXdNaTVoY0drdWJHVjBjMlZ1WTNKNWNIUXViM0puTDJScGNtVmpkRzl5ZVFvLnRhci5ncGc= 1757873275 1757873275 root:root 0644 - - +ZXRjL2RlaHlkcmF0ZWQvYWNjb3VudHMvYUhSMGNITTZMeTloWTIxbExYWXdNaTVoY0drdWJHVjBjMlZ1WTNKNWNIUXViM0puTDJScGNtVmpkRzl5ZVFvLnRhci5ncGc= 1761052714 1757873275 root:root 0644 - - ZXRjL2RlaHlkcmF0ZWQvYXJjaGl2ZS8uZ2l0aWdub3Jl 1757874259 1757873451 root:root 0644 - - ZXRjL2RlaHlkcmF0ZWQvY2VydHMvLmdpdGlnbm9yZQ== 1757874303 1757873537 root:root 0644 - - ZXRjL2RlaHlkcmF0ZWQvY29uZmln 1758044465 1757862077 root:root 0644 - - @@ -32,7 +32,7 @@ ZXRjL2dyb3Vw 1757873802 1757869538 root:root 0644 - - ZXRjL2hvc3RuYW1l 1757594311 1757594311 root:root 0644 - - ZXRjL2hvc3Rz 1757594362 1757594362 root:root 0644 - - ZXRjL2luaXQuZC8uZ2l0aWdub3Jl 1758555849 1758555812 root:root 0644 - - -ZXRjL2luaXQuZC9zYW1iYQ== 1758555093 1748355660 root:root 0755 - - +ZXRjL2luaXQuZC9zYW1iYQ== 1758645132 1748355660 root:root 0755 - - ZXRjL2luaXQuZC90ZXJyYWZvcm0taHR0cC1iYWNrZW5k 1757772166 1757770736 root:root 0755 - - ZXRjL2lwdGFibGVzL3J1bGVzLXNhdmU= 1757789154 1757789154 root:root 0600 - - ZXRjL2lwdGFibGVzL3J1bGVzNi1zYXZl 1757789154 1757789154 root:root 0600 - - @@ -42,9 +42,9 @@ ZXRjL2xvY2FsLmQvcHVzaG92ZXItYWxlcnQuc3RhcnQ= 1758225142 1758225089 root:root 075 ZXRjL2xvY2FsLmQvcHVzaG92ZXItYWxlcnQuc3RvcA== 1758225254 1758225155 root:root 0755 - - ZXRjL2xvY2FsLmQvdGVycmFmb3JtLWh0dHAtYmFja2VuZC5zdGFydA== 1757595926 1757595926 root:root 0755 - - ZXRjL21zbXRwLmFsaWFzZXM= 1758035451 1758035451 root:root 0644 - - -ZXRjL21zbXRwcmMuZ3Bn 1758049424 1758049424 root:root 0644 - - +ZXRjL21zbXRwcmMuZ3Bn 1761052674 1758049424 root:root 0644 - - ZXRjL25ldHdvcmsvLmdpdGlnbm9yZQ== 1757596572 1757596572 root:root 0644 - - -ZXRjL25ldHdvcmsvaW50ZXJmYWNlcw== 1757759982 1757596330 root:root 0644 - - +ZXRjL25ldHdvcmsvaW50ZXJmYWNlcw== 1758915694 1757596330 root:root 0644 - - ZXRjL29wZW5sZGFwL2xkYXAuY29uZg== 1758374529 1730112559 root:root 0644 - - ZXRjL3Bhc3N3ZA== 1757873724 1757869538 root:root 0644 - - ZXRjL3BlcmlvZGljL2RhaWx5LzAtcm90YXRlLWxvZ3Mtc3ltbGlua3M= 1758222266 1758222266 root:root 0777 - - @@ -52,35 +52,36 @@ ZXRjL3BlcmlvZGljL2RhaWx5LzEwLWRlaHlkcmF0ZWQ= 1757708520 1757708520 root:root 077 ZXRjL3BlcmlvZGljL2RhaWx5LzUtdXBkYXRlLXBhY2thZ2VzLWxpc3Q= 1757708520 1757708520 root:root 0777 - - ZXRjL3BlcmlvZGljL2RhaWx5Lzctd2Fybi1naXQtc3RhdHVz 1757708520 1757708520 root:root 0777 - - ZXRjL3BlcmlvZGljL3dlZWtseS85LWNsZWFuLXBocA== 1758294154 1758289390 root:root 0755 - - -ZXRjL3BocDg0L2NvbmYuZC8uZ2l0aWdub3Jl 1758297315 1758297315 root:root 0644 - - -ZXRjL3BocDg0L2NvbmYuZC85OV9iY21hdGguaW5p 1758297191 1758297191 root:root 0644 - - -ZXRjL3BocDg0L2NvbmYuZC85OV9jdXJsLmluaQ== 1758297191 1758297191 root:root 0644 - - -ZXRjL3BocDg0L2NvbmYuZC85OV9kYmEuaW5p 1758297191 1758297191 root:root 0644 - - -ZXRjL3BocDg0L2NvbmYuZC85OV9leGlmLmluaQ== 1758297191 1758297191 root:root 0644 - - -ZXRjL3BocDg0L2NvbmYuZC85OV9nZC5pbmk= 1758297192 1758297191 root:root 0644 - - -ZXRjL3BocDg0L2NvbmYuZC85OV9pY29udi5pbmk= 1758297192 1758297192 root:root 0644 - - -ZXRjL3BocDg0L2NvbmYuZC85OV9pbWFwLmluaQ== 1758297192 1758297192 root:root 0644 - - -ZXRjL3BocDg0L2NvbmYuZC85OV9pbnRsLmluaQ== 1758297192 1758297192 root:root 0644 - - -ZXRjL3BocDg0L2NvbmYuZC85OV9sZGFwLmluaQ== 1758297192 1758297192 root:root 0644 - - -ZXRjL3BocDg0L2NvbmYuZC85OV9tYnN0cmluZw== 1758297192 1758297192 root:root 0644 - - -ZXRjL3BocDg0L2NvbmYuZC85OV9teXNxbGkuaW5p 1758297192 1758297192 root:root 0644 - - -ZXRjL3BocDg0L2NvbmYuZC85OV9teXNxbG5kLmluaQ== 1758297192 1758297192 root:root 0644 - - -ZXRjL3BocDg0L2NvbmYuZC85OV9vZGJjLmluaQ== 1758297192 1758297192 root:root 0644 - - -ZXRjL3BocDg0L2NvbmYuZC85OV9vcGNhY2hlLmluaQ== 1758297192 1758297192 root:root 0644 - - -ZXRjL3BocDg0L2NvbmYuZC85OV9vcGVuc3NsLmluaQ== 1758297192 1758297192 root:root 0644 - - -ZXRjL3BocDg0L2NvbmYuZC85OV9wZG8uaW5p 1758297192 1758297192 root:root 0644 - - -ZXRjL3BocDg0L2NvbmYuZC85OV9wZG9fbXlzcWwuaW5p 1758297192 1758297192 root:root 0644 - - -ZXRjL3BocDg0L2NvbmYuZC85OV9wZ3NxbC5pbmk= 1758297192 1758297192 root:root 0644 - - -ZXRjL3BocDg0L2NvbmYuZC85OV9waGFyLmluaQ== 1758297192 1758297192 root:root 0644 - - -ZXRjL3BocDg0L2NvbmYuZC85OV9zZXNzaW9uLmluaQ== 1758297192 1758297192 root:root 0644 - - -ZXRjL3BocDg0L2NvbmYuZC85OV9zb2FwLmluaQ== 1758297192 1758297192 root:root 0644 - - -ZXRjL3BocDg0L2NvbmYuZC85OV9zcWxpdGUzLmluaQ== 1758297192 1758297192 root:root 0644 - - -ZXRjL3BocDg0L2NvbmYuZC85OV9zeXN2c2htLmluaQ== 1758297192 1758297192 root:root 0644 - - -ZXRjL3BocDg0L2NvbmYuZC85OV90aWR5LmluaQ== 1758297192 1758297192 root:root 0644 - - -ZXRjL3BocDg0L3BocC1mcG0uY29uZg== 1758297200 1754432634 root:root 0644 - - -ZXRjL3BocDg0L3BocC1mcG0uZC93d3cuY29uZg== 1758297200 1754432634 root:root 0644 - - -ZXRjL3BocDg0L3BocC5pbmk= 1758544870 1754432634 root:root 0644 - - -ZXRjL3BrZ2xpc3Q= 1758499200 1757609913 root:root 0644 - - +ZXRjL3BocDg0L2NvbmYuZC8uZ2l0aWdub3Jl - - +ZXRjL3BocDg0L2NvbmYuZC85OV9iY21hdGguaW5p - - +ZXRjL3BocDg0L2NvbmYuZC85OV9jdXJsLmluaQ== - - +ZXRjL3BocDg0L2NvbmYuZC85OV9kYmEuaW5p - - +ZXRjL3BocDg0L2NvbmYuZC85OV9leGlmLmluaQ== - - +ZXRjL3BocDg0L2NvbmYuZC85OV9nZC5pbmk= - - +ZXRjL3BocDg0L2NvbmYuZC85OV9pY29udi5pbmk= - - +ZXRjL3BocDg0L2NvbmYuZC85OV9pbWFwLmluaQ== - - +ZXRjL3BocDg0L2NvbmYuZC85OV9pbnRsLmluaQ== - - +ZXRjL3BocDg0L2NvbmYuZC85OV9sZGFwLmluaQ== - - +ZXRjL3BocDg0L2NvbmYuZC85OV9tYnN0cmluZw== - - +ZXRjL3BocDg0L2NvbmYuZC85OV9teXNxbGkuaW5p - - +ZXRjL3BocDg0L2NvbmYuZC85OV9teXNxbG5kLmluaQ== - - +ZXRjL3BocDg0L2NvbmYuZC85OV9vZGJjLmluaQ== - - +ZXRjL3BocDg0L2NvbmYuZC85OV9vcGNhY2hlLmluaQ== - - +ZXRjL3BocDg0L2NvbmYuZC85OV9vcGVuc3NsLmluaQ== - - +ZXRjL3BocDg0L2NvbmYuZC85OV9wZG8uaW5p - - +ZXRjL3BocDg0L2NvbmYuZC85OV9wZG9fbXlzcWwuaW5p - - +ZXRjL3BocDg0L2NvbmYuZC85OV9wZ3NxbC5pbmk= - - +ZXRjL3BocDg0L2NvbmYuZC85OV9waGFyLmluaQ== - - +ZXRjL3BocDg0L2NvbmYuZC85OV9zZXNzaW9uLmluaQ== - - +ZXRjL3BocDg0L2NvbmYuZC85OV9zb2FwLmluaQ== - - +ZXRjL3BocDg0L2NvbmYuZC85OV9zcWxpdGUzLmluaQ== - - +ZXRjL3BocDg0L2NvbmYuZC85OV9zeXN2c2htLmluaQ== - - +ZXRjL3BocDg0L2NvbmYuZC85OV90aWR5LmluaQ== - - +ZXRjL3BocDg0L3BocC1mcG0uY29uZg== - - +ZXRjL3BocDg0L3BocC1mcG0uZC93d3cuY29uZg== - - +ZXRjL3BocDg0L3BocC5pbmk= - - +ZXRjL3BrZ2xpc3Q= 1761004800 1757609913 root:root 0644 - - +ZXRjL3BsYS9jb25maWcucGhwLmdwZw== 1761052640 1758539944 root:root 0644 - - ZXRjL3B1c2hvdmVyLWNsaWVudC9kZWZhdWx0 1758224985 1758224590 root:root 0600 - - ZXRjL3Jlc29sdi5jb25m 1757611605 1757611605 root:root 0644 - - ZXRjL3J1bmxldmVscy9ib290Ly5naXRpZ25vcmU= 1757769666 1757598667 root:root 0644 - - @@ -91,15 +92,15 @@ ZXRjL3J1bmxldmVscy9kZWZhdWx0L2lwNnRhYmxlcw== 1757770233 1757770233 root:root 077 ZXRjL3J1bmxldmVscy9kZWZhdWx0L2lwdGFibGVz 1757770222 1757770222 root:root 0777 - - ZXRjL3J1bmxldmVscy9kZWZhdWx0L25vZGUtZXhwb3J0ZXI= 1757708520 1757708520 root:root 0777 - - ZXRjL3J1bmxldmVscy9kZWZhdWx0L3BocC1mcG04Mw== 1757708520 1757708520 root:root 0777 - - -ZXRjL3J1bmxldmVscy9kZWZhdWx0L3NhbWJh 1757708520 1757708520 root:root 0777 - - +ZXRjL3J1bmxldmVscy9kZWZhdWx0L3NhbWJh 1758837930 1758837930 root:root 0777 - - ZXRjL3J1bmxldmVscy9kZWZhdWx0L3NzaGQ= 1757708520 1757708520 root:root 0777 - - ZXRjL3J1bmxldmVscy9kZWZhdWx0L3RlcnJhZm9ybS1odHRwLWJhY2tlbmQ= 1757772274 1757772274 root:root 0777 - - ZXRjL3J1bmxldmVscy9zaHV0ZG93bi9pcDZ0YWJsZXM= 1757770292 1757770292 root:root 0777 - - ZXRjL3J1bmxldmVscy9zaHV0ZG93bi9pcHRhYmxlcw== 1757770284 1757770284 root:root 0777 - - ZXRjL3J1bmxldmVscy9zaHV0ZG93bi9zYW1iYQ== 1757708520 1757708520 root:root 0777 - - -ZXRjL3NhbWJhL3NtYi5jb25m 1758555660 1758208516 root:root 0644 - - +ZXRjL3NhbWJhL3NtYi5jb25m 1758656295 1758208516 root:root 0644 - - ZXRjL3NhbWJhL3NtYnVzZXJz 1758121825 1758121586 root:root 0644 - - -ZXRjL3NoYWRvdy5ncGc= 1757599010 1757599010 root:root 0644 - - +ZXRjL3NoYWRvdy5ncGc= 1761052608 1757599010 root:root 0644 - - ZXRjL3NzaC8uZ2l0aWdub3Jl 1757606957 1757606957 root:root 0644 - - ZXRjL3NzaC9zc2hfY29uZmln 1757606630 1757606630 root:root 0644 - - ZXRjL3NzaC9zc2hkX2NvbmZpZw== 1758202229 1757606896 root:root 0644 - - @@ -110,7 +111,7 @@ ZXRjL3N1ZG9lcnMuZC9yb290LWFjY2Vzcw== 1757600157 1757600157 root:root 0640 - - aG9tZS8uZ2l0aWdub3Jl 1757762052 1757762052 root:root 0644 - - aG9tZS9zeXNhZG1pbi8uYmFzaF9sb2dvdXQ= 1757582867 1757582867 sysadmin:users 0644 - - aG9tZS9zeXNhZG1pbi8uYmFzaF9wcm9maWxl 1757861225 1757584711 sysadmin:users 0644 - - -aG9tZS9zeXNhZG1pbi8uYmFzaHJj 1757861322 1757586493 sysadmin:users 0644 - - +aG9tZS9zeXNhZG1pbi8uYmFzaHJj 1758887092 1757586493 sysadmin:users 0644 - - aG9tZS9zeXNhZG1pbi8uZ2l0Y29uZmln 1757582738 1757582738 sysadmin:users 0644 - - aG9tZS9zeXNhZG1pbi8uZ2l0aWdub3Jl 1757600312 1757600312 sysadmin:users 0644 - - aG9tZS9zeXNhZG1pbi8ubG9jYWwvc2hhcmUvbmFuby8uZ2l0aWdub3Jl 1757586210 1757586210 sysadmin:users 0644 - - @@ -126,18 +127,18 @@ b3B0L3NiaW4vcHVzaG92ZXItY2xpZW50 1758224526 1758224526 root:root 0755 - - b3B0L3NiaW4vdGVycmFmb3JtLWh0dHAtYmFja2VuZA== 1757590543 1757590543 root:root 0755 - - cm9vdC8uYmFzaF9sb2dvdXQ= 1757582867 1757582867 root:root 0644 - - cm9vdC8uYmFzaF9wcm9maWxl 1757584711 1757584711 root:root 0644 - - -cm9vdC8uYmFzaHJj 1757861289 1757586493 root:root 0644 - - +cm9vdC8uYmFzaHJj 1758887027 1757586493 root:root 0644 - - cm9vdC8uZ2l0Y29uZmln 1757582738 1757582738 root:root 0644 - - cm9vdC8uZ2l0aWdub3Jl 1758539776 1757600312 root:root 0644 - - cm9vdC8ubG9jYWwvc2hhcmUvbmFuby8uZ2l0aWdub3Jl 1757586210 1757586210 root:root 0644 - - cm9vdC8ubmFub3Jj 1757585756 1757585756 root:root 0644 - - cm9vdC8uc3NoLy5naXRpZ25vcmU= 1757593349 1757593349 root:root 0644 - - cm9vdC8uc3NoL2F1dGhvcml6ZWRfa2V5cw== 1757587611 1757587611 root:root 0644 - - -c3J2L2RlaHlkcmF0ZWQvLmdpdGtlZXBkaXI= 1757776960 1757776960 root:root 0644 - - +c3J2L2RlaHlkcmF0ZWQvLmdpdGtlZXBkaXI= - - dmFyLy5naXRpZ25vcmU= 1758288612 1758288560 root:root 0644 - - dmFyL2xpYi8uZ2l0aWdub3Jl 1758288797 1758288764 root:root 0644 - - -dmFyL2xpYi9waHAvc2Vzc2lvbnMvLmdpdGtlZXBkaXI= 1758288483 1758288483 root:root 0644 - - -dmFyL2xpYi9waHAvdXBsb2Fkcy8uZ2l0a2VlcGRpcg== 1758293961 1758293961 root:root 0644 - - +dmFyL2xpYi9waHAvc2Vzc2lvbnMvLmdpdGtlZXBkaXI= - - +dmFyL2xpYi9waHAvdXBsb2Fkcy8uZ2l0a2VlcGRpcg== - - ZXRjL2RvYXMuY29uZg== 1728635393 1728635393 root:root 0640 - - ZXRjL2RvYXMuZA== 1757595612 1757595612 root:root 0750 - - ZXRjL3NoYWRvdw== 1757873748 1757869538 root:shadow 0640 - - @@ -145,4 +146,4 @@ ZXRjL3NoYWRvdy0= 1757761290 1757702629 root:shadow 0640 - - ZXRjL3N1ZG9lcnM= 1753553353 1753553353 root:root 0440 - - ZXRjL3N1ZG9lcnMuZC9kZWZhdWx0cw== 1757599359 1757599359 root:root 0640 - - ZXRjL3N1ZG9lcnMuZC9yb290LWFjY2Vzcw== 1757600157 1757600157 root:root 0640 - - -aG9tZS9zeXNhZG1pbg== 1758373559 1757761412 sysadmin:users 0711 - - +aG9tZS9zeXNhZG1pbg== 1758887092 1757761412 sysadmin:users 0711 - - diff --git a/etc/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo.tar.gpg b/etc/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo.tar.gpg index 5baf3d9f31a005806b4cfeb8afb9f27d407e1043..983eedd03733ca940e4bc8a81ef2a1fb73bd721d 100644 GIT binary patch literal 3538 zcmV;@4K4DF4Fm}T3bd+VaftGl;PKMx0e>KIn^=_7wOJ5{*NqI;ho2w2zzjS~&@6aE zuGgr9JN}IV~8R%6Ht2p_2>>6gtQvE+nJ=U9la(m;+?Y<&ees+gEFt0e0 zQ2EWb)UFtp1-_Tw8OFJ>F6LIbJj}bUniuE~gN$j{NC&9MNsjYPNTa#Ej3VWE#Gd@X zTw>ijA*Y286J(hlOuLQ(v7AHLx3RY5Aha^tmVR|5o2etMo5j~RnYT$7YPy5EeybP& z5QX(;^Yh$(LqqMXgu~)&QxV3JVz6mzTJmy^yaY8p%1qA=QG{6z@E98kopVn+ou9cn z7Y&U0J$%LGZ=gm`3RKU7WxQdctA%&Lbcff)MtwB6pcvPK(Vr|e{kN75;1Q;!BVN|skyP+0nScGgEH=971 zyc<4Ke@n|bI!D-JkNDW&9rC11>z#5k0x46UjWAdx4bUm?xPLeLFLjCz+tXFS(X-PM z$X}|{J?{+ye(Q=FQEDJLF+0EbV17${)v;y|! z;<)wjM87YUjIe#xv5t~?swj)9MEsZ`rvYv7dSAW0Y)lnjJ{NfWCZFeeg@M4T**nKD z4&;+YV)bDbE%zhXu2nI(3&T2Nt{1x_=%}Cy;vgV<6BqN~A1;HG|DOvPan0;#hxQu> zKA81WXIJeLoTcvcoi$C>mXGi^*1~`Z&$^GHT@7U9ooppTHvJYUZ=2Ah_8gG9fE&mn?gaf1GSa4=Vq#dLeYUyz*^l6!g|!r0Q&wr>G>-XgrySI>K2d3&RBVI?Y*Zmz`G-7%!_%_p$EQTdM@Qt{fl2GTg8 z=($cWd8m=Zzqc2DmB8-}f|$AOlqZho$C*qd=~;WJi3>mlz7QClSrA|)bJd!lj{|)K z0Tc9%c3zrxiwQ0jfE-C+tNzJzM2ygB)HazD^Q@sxovtwaVKv3JZD`6b-jkz>SXJ&A z!OM%NX-^?+Xldfz^yG)yS@v~p-=o_R9y%DUdpL02PT3}=hTc7M=R*6?+tdqd(vfWI z6J5efMIl_7>Z0}sxpR;`H$;dVh-a+cl=yD}4vXM~ie$(fBEyy)NKzN6b;N(d&V)+p zLC(dNUWP`#VJHzS7@|h|>p2`7{rbYWJ_3|E4zbZ~o;+g!vn;}A39NYn4eSVa(nrVJ z)=5)C$1L6zfw4aUaVfC#sRg31t$N0#D+DC{&tpoS$2wo)0$QC7Q!p=pXq?SaG8(&sc=G=~TFuJu<393aNQiM))qJEd>PvCqQ|ATFu~T((a{0M(L>3$@!%-meuJ65G0`<6I9AA+SOZG1*MH}#7 z=g6Nok9!^9v*x6Yv7NWud7bj}2+kcWHCrga(SHD<@QR1j7{cRp5~A> zMyNs10n}UNd^-9R)XzykW7+D^NDnr!b@S)eS69!icf_M68`0Dw>BO}rLoZ77p`va3 z>2IaUz#TLF3`v7|tAwM;=5Ox&S{I$kE%cWcS&gjHNH<3P9uJFp3QH}zJ0g$%_Wh4f zot6`n;tj!5FxhH~RkRzrJL6Lj8Mt!$lPEZ(nvOv1J?_*R@g^mta9v}%Y8Pw+(J3Lw zOEO<;?S)EOK#|DLK(^27V9e?`E+{A&sMaHQ7v1%Y5C{8ufZz(#y%qWAl4Rgb(Tuoa z`*drg7^L_o_YTW>L)b@qnhP}FnwjAQaS`rE*l#xP?zndo**QmR@SUp>g0c~plyM}$(1-QYd@6~B&kZw^LFB5+qR@17Wzv1Kn` zUN+B!v6$y8&eqNKx&NtasrOb~NmgTPco^4qtB_RINx9wgYD5`kfAWILIS3ozD%UTA z9q6R$f_LBjtTo+$6jE)1{l~SwVzqcy0RV{h!kBCpZ!QU9I3sxglXKg-y3H9Wt{~S@ z!ng(kMIOQKXD#%1{#n~?C8BBaglw+7KD6UG;9X7~KEgwggcZHzjRn$pt}(`emv=l1 z2qg{%>6FFtm4_}_u)9t)khn!q)9s^lpLal0YZ)6gz}5&ZKx-m+Dc0g0j?ORM%N<2p zaH@9EZeMi6iuMy!Vk5$Gu%^kz)*t$wY#s>6~Hb9Y36Nk$mat2xl$j5WhB zx85(m5~LQl0V1lZM_IpQJeMEe01<_Ps+^fA!jZAMd*tj>$RD?+ctluv!VNRS`-t&vTkXA+q$o(-w3f zxizZSt?D~r3b>c8f*JNK0Hs6UQ=K21F6*lYS0oHnh7jKF1>zm?mFsL;!=bCR{>M%5 zRhc%D(=S@w7hbXve^al&G}EHfdU#Cn#OvF?5*8y_Qaz3a`RKRM+b2=5@yqK9AruqB z;hrNA<47Vvi##qIA+}?gGbuszA=1EUTktUkjjj`l3%*!BM_NI?2%TESgdSzX1IRJh z@O3R_vuDo6qAxs=!dvyDKq7T!v&Gastrbfoh8tfWr-EbOE^DDeB*!C^Jz}KkZf|HM z*!#NDbNxf!kfK(cHk{gaVMbL*_kx%VK-K`^Rr)TiK zeA{@W!NqfG);2S~&^EPvAWis!#K>$ogl8tF?X*%Kzv@I73~|!84tg*rAY!dYHDNno zy)LhdI$WdmQ_nHY6r%(%BZ+82DEXz>`ktX+;Flh)hRFHna16%sJB=UIS=okH5Uxol zp0{`wbO9g8cg}FIT&3WAdwUxqK^6B`5Qdhl?TH!;bcRyAlWKJn?*qc+^y3+%C4qSf zq~C|$t!FNPtm5Fz(2byxrzLGDxuhM42}YV^(=oPChjiyWnlx-KW2=krkYZf}@)^0i z0VJepcS^}ZP(z7=;kIBMi>P7K;cui9Z%+A+GqM74zfEGU2D?}3ML;wJ!T-sYr)#0# zjtPe-nE`BNMD8VahG+^B%L+)7_yc z1|#DHW0vNJn9mXH>=ul?V$P}=5bcCH%#sh}bny{S>#mCooBJlC7Wo@@_A+F$6 z5Srr(P6`*2xk;*Y7sh^W{=3V~3%cDDZaz1Ne4)VoqTfp%L+bsF8K2&DsDnLbNhe}z zQ19Gs2;QNUCUHyNClgjK6<{;?{8_#COwrUG70*n?D7nr$F|^g0-Nk)Oc=7}-rc^EK zUu>o@Th?023Ea!~o{?n}6x<-Z5w2EO{G1B(AY0Li?&<3!P-mqDtO0r@1{5mrF`Ur1 zjlGB@uBA<-}x?(g#E_r%k1%=IErU6T5*0z+N zrM`bXDOuCq7y04%oisH$p`;@qCsLC333~Yb?fc0~ePP6&Uj7=2VIB{Cq#cH_Se;n7 zO8rYggI$u9bxCB5LaJXgr4LH*$bW!{6tB?A#c7-&PrYao-NMC(a5UFZ152HNx@K7e zP-InLa-L`$;;!~M&v4cP9hNckBy_o(M1tg}NcpXk$EME|mtZ5Pz1c!_bV7n2I6NC= zQ93=qDl=*?V+3;~6>A|PP?@UpvYb*6dyBM2pJ?awEW-+ zHlqxIx@3A&Xz2I8Q_dV?y8!NYcXU|dfI(P_UgQD+Ym)L>LlC%4o5VO1vN5%P6W#M< M$CABtAK6wQg%DZTod5s; literal 3538 zcmV;@4K4DF4Fm}T3UD;Ig;riiYw^#`{v6kWbuBKkq>hLe7gSPLiF801QV`gdaI<2)r7pl8O2 zd0j*MH$@pA*5R|=wfB7_f5%<{MrY+4rPuNhi4{;R-%x=rAQJOkk&Jcz0HgkOaBHZb zM2=Qr9A^Ewq}0$t)OObDM96D#c}7N`f(Bz@?6C3=Qg-`&MkP5Q*I=Fd#wz@ZCPyw< zUOu78dRh#MZy`QIIgeVr&#c#%hi!#kMlIT$%>t6g`^`nqiwXM}@8I3n55LX0tZwwC zfP}_j0I{prj%}+ZyYn_n1aY456B!W9$GYcN_r1 zG=rkvfL`lMPqwQ9)C4@Vuqn#P1vL^Q^hh}g<*Qe&>k#V2fdA04$2MQ7T^a*Fw8+?n zew|M?5s3bq!uGS9RQ(mst_gXE_2!85SL@2KtFT<&3G}c8m2}0w1XvU#kw|)bdSdEF zK}t*GlV>A>*?+<<{5Jy3APBoFD5VP7tS$RFs{a?b->eZik6wjXp>chlTyKTCp&QAw z20bIXetCe49v=gQXuHg`ix}t)DXO~R`YwO8)t|m)Y5w|Mf1P}~O1}G+LPXh=_#hOJ z0^WH%zJMoj-8& za?FPU(3Mo)=IHS?&-iCXlLDL)>lV3Rr+TR^yr9H;FuG==7{w2QR9=z)i%)ZJ$IVcT z?wUrs${)b42UB-Id5Pm$oD(QD=04+ zJdlb91I>okIy$09HVeb2)@GV7?lEN-Dq2sN=F7-oS%dG<_%}}l#z2pshpk1mN1Pxi z4wU~AsD+>#sW!k~%dqweMDm#fI#iC?=OFtg)wHk5eu7$5lT!krFjkVWX*PZ4hKDMB z?7`*79=@G9XgiSPSIURwQJML75j+Mg1~-RiBGp$|iR%zOg+lKIe8W9Z|45R-eA67r zrG&$kF>=|^>em+rhU1{1SUe;h7%#RtYGnE&6;}bx6Fo6Q2{dTJ+rxrqJ~fVsZPUn+ zo%U#U5kfd&!{usH7QS;c3Lu2=8W-?@oxR7L0im#LAMkEA)&M$dd)R$smL8d19zOL> zBB>3vbYsJE$fMX9RI!>QO?|MLH!qUNe9v*rCiVkO31?KR zPS4TOSFRRq5SEQxZlAiv7KV}N)BgAL+K@8udrPUD(FmDCD{lq&dikG`(R%f;c;e#G zWf6yBU8Eqa;oa@@pcS9Q%9j}O`0T!;8nWg84#WQRnAyi9+Xc5s?)!k z6fv2z{7gjis07mQnwv$vQ&*vp&Kc^ZegVvC#e&Rl?E7X95j3@fsnC0IiA)X2l$cC; z@poMD2wFQ$+3rS7M)wZ~iZ{Lw4B_~*Ta5}PBWvnkTU{2E$P35!4<&_Oo;GwQa9~^D z+(Sn<6uFnJ@KDtZR1q#h8n~MjkC< zokA)NmDYkW$5C_NG%e*BGO^DN_w;8nOG@+^z2W#e1e@0Vy^E9KAL!9ZXb5gD>#KM^8E1HcYic~Y!MTBMhteD7a@mtH%n&oa+ow= z2-(xhXaAcFYna1S|E@-m_Cs}k1MHt7=Cp|T5Dis4e|w^<~f=ZY4m8vpxlKZdyZ0{NGUsVrNuo~~t^3g|GRTdAf zj0{h%&c$nhr4CgLex|up^Sg1j;aD5(bIjl*=xsMb9u_3*_B^=sDnYU*J%$4=+j4n# zk%P`4V_;0y1z&{o+|dqkzu;2=GTEB?UH&R6W%fBkTmMWw{ucZnWo*H>>?MUXGq7Fq^H}L3E>r zndE_Uhv07YGbRmgyVkSy9y~@MoFM~@#QXy-7T+-#TWes!QZm*A^*+|etRniOcu_!L{;rmqpH%PZb0#Fc_8dnA zW1mL4=;vGMd~oVkRaNNIhf`Q!xAx4LSb5Wiu_q>j87;5u-@FbBBNUM zpPU?8X**L(VR)n{BA};|s!KHCXgW`NRZ=YUq=S}Gj~9$dg#pjSakydANuk6nk5vqpAGj(!HkpIlT5UbcbI6u0A z6Ir}SfkI^hFi#L%qiEH16zaMN$v{~)&|xUI!=?E;GNzoe?T(cs2+Q7`|7GOXD^L^* z3zX{Sedb1{r7;aIB3DD_bEAFhRV{C~G7BE9=D}b047n4&RP-T;Jcc5DRR@!5zxYBr zMTjP64b6t{gh+7yg0udhXo2XV(;h>%Xd*~@*kWS=4Sq)v&Pq}$SE{*%-}XMU(2Q&5 z2%+OCt&SsWuO%R;h>C=baS$Rs9&zo_i~*59JacX)b2PwElYm!+2241)Z*h+m%mzt6 zmkVRxvz15DL`g1R2}()Z8t1f)j0#YfSE3o04}*1aHiH(_an@0>eAJ0stL&Oi2GaA0 z60o^@4B5z`=M6mEjOjdD%L_11l4u@yu2=Vo&u z*8(5W$hm>kl_tgYJPdc)Zu@MB?o+~E9uK>2k;FCnNQ(Xf<;{_uU+t8E3%<&N5_`h7eDqAsaZgpea+HP%JU@!?^7k7Fa3^@@aOyF@-T)?t` zK3An1w^*#)Nj&=A=Yg;W0n{^at(s}=GO9!x-{B%D{-xI%26Nc5eqWRko3)VOybPk zV(6}`%a7lAJpE}Bp*>I7kS~cEcX9P0AiSZJYXk5gL1g<7vPe@#XCoTIYqp`Pw4yRZ zqKDrV&1$)#vLfS+rX4D5uaEQQdb{DHTk5cJ0L(3;eQB6<& z9o`KhU)+!XD@=7_0UVOXz$CcLHwexEzEoypAFLtR%UA!-j zyG;a}H`j!#n+bcCn~!cFPD0UiQD8 z8S;8wL|(0+8UHH&EJxEHloEf0R5SIBAmYf_xmo)w92+BB()45oYXZr2mWLXyl@g-X zwXtNqUIfP`UQSe415Gbis9bn5lQPreY1l40i%=zl6Ev!QI_vN^$BwOiCxgUQKaqbS z9deDbsjbWPazF>n9(!yTfbQYK)OHhmd^-UeAf?>#Dga*xiq_Z|Rnd z0wk%4XYi#R9+(^60cgYQE2|y*>^tzA@+zdk_!dN& zhxMPv_fXI(5oqmfX@-^Lcbh*;GJLCQr^jO7W7$g`a?<J848`4Fm}T3d>XIi10`Zb@9@`Zvh4DgPg-MOlda8Fe>|jFRYKU6lQa?SWCHH9cZWr&PwjGCMx-b#H)nw9Uhrz6TpkF>x?Z#44;H-A=6K(lU0U8sZ`2TQ$K3SA z4BpO7LN9R5Yr5a5+kvTr!O|B7}91s(8;XUoi_ TY8TgsJK@ywp literal 322 zcmV-I0lof=4Fm}T3ZysP%S%2c{qfSkZ~>n~9r2K5#umD|X0Q2qY%l9mLj8V2DfbQ6 z<37-Sw6Ok*m41g_VYTLf8NLG#&my$Q?^|;Wo>^6o7~TlI3NQkPUzY?Z$XDk!5iG6e z#x2kue!d@#iMrT*IGmx{klO>nt`eD@BVss7c#gmLm~|3H=ed+9DEV>C*TZAwR>h zw7(=e=8%I5gc0U^(;;EoZGLlBnfPkTIO}c4hwMlSJakjH{vU_qGd)ts?8+drLBHw_q; z=@%k6U)ph6WCp(QNu=~TNI0TYghMeffq-UhgDa;PPrHBe!6G3C76J);jlDW+5PkJ( z6y**agd;xJ6iI}?^@{gHbd+1+^O-{LTgu(F8npZbiYl za1Tq~B~4pWu&Tof6x?Z~8gBPd8a8XZ8CBDlD665e=H1L$4RF16&mes|5%;vcS+2R3-QR%Zn(cEV(}j;{Kh zC9KL>9EBUAvumH!AR5ZO`#0iTa39c@?*dDV(dAX(32+jU?>P_tV29!b;WL_>clct! zN=N`UUO)EUC`p*Yu9YmQp;MGfWskB2F9uEW#$0p>EH}UhIqEYgrcl*!hja!zdAmcD z!s5V^dB$Sv2ySHBm!u1ZDJkx>WG;a>_pG04#1B}U=7xt|l8c{38jmjl3^AnDdl;a& z{sMCa50p}oy`NLEdwF1>!&+o;oA?= z`lncSOZ3>7k+;t=j`-Yu23fGO)clAMeWqx2H+$&hr>ix*w~VmafTyR!$YXa|CnK;H z10T`=;nzJ_ku#%$Jg_{T1_e@mW*efNr3!t7Q$g0Y_G0_KQqfBAPr`w4F7n(_LYR?- z;KJIT2QCPF zNk)LS(0DeW;tDHNsm&n9IN4Nea=$Ob!7X2M6QI;ZJbyw5ii@f?ZZB#FQtC$jfw_e2 z;E8vj4~(Ye{Z4OXq{OGD&bYmh<>!!>0S6#p=xsad%Z8QK?=Ts-nCAmwuVf1`qifyT z+%6fFUcx}~(T)LuFGdE-Ic@4)MWI*^>2$hZc;S|$|AR7=8$Gny+WsZHFL4lW2S&j@?lIhgt_epU&pYWE5 zB)ZVZJ_L_pDF}#^>!=MK7W^y7Y}u4y9FJ5`CNzUAx}j$vIfn;hx^?3@w%xs<=x1ls zt)8%k*ZJrU{olHQ4$$^huD&eXDHAdid-D8>`E4h>Pfq(QhV(mP+Np&(XqQLO=m!9v z)u|V_z{{!j>NR1_sI^XUeFNKdVxeL(Qwz=(VLoJ)V;4u%+9gHG!Dcd_JA@u5%nonz zkL_^q4@pWx**&8#2z{RH+%+Sqb|8L`Gc>0{JC;RzN8C(@ zylp+>;Rzi27~furAFYc)bVLh;tY}wOD`;91EF1iOfL(!rA%uNTIuWI7PIEX7e?l?y zv&lgJPVtH7u!f5C^*Us2&Hdtaj|Kk-`=vI8y8*-9(MsEpZq=wIl}y(R`fMiu0dFTa zcQB}^^pTCqLP2dKb&cu@XqePHym|$NFbgsqz*4`IBBhPqfYH?_xcx~X|(#2%7jtP;xe_U}`Rdk>l80()wLjI*#^Z~}Y=`jTTH;gdR;si!-2SG92&&kQZ5DR z@bYl@A5n9a|Mq!&w`Tp&a*x(|WwS6sJUo^Olq3Z5eLoi-@mLJq{2^JZk4p^Rxt)~N zsVtMD6ivvj9n`&Ap7gK>nVILF%FAW`6&a;tnFFwoUBsZ}nXo2VaLFt*K^=5p60}&7 z1tDC;?;5nqtS%TK`I{jnq`s)?#_c24X=G^6J><>VV zG4jTsOd2M^G%_Kx{ymx3G~6w&&YSS7Z$k+MDGxs>p#>84Ztlze>Gpay_G1sfspp$7%4)4Oz)3b`nOq@9RUSpgh-CpMK8ozjmq(fG{Z^mM zyuqhd7=`#y$Z6@Z;-syGd!4c?v&JVYTo`hF?a9%%Em4sK761*EOs0O^F+HEV>WRA6 zqtug7FmaDrF6if+({N7_}?l}EMP-wIYU zRsiR!XbZs3A;+s&{ek(fdse|#Dg6Q1N<67p zud`%W!Fr<)0^|^~m{7uUR}s4vsD?cmg-C-{yz%?l4ee1k?Ou%%62uHAc78U^C93J zU+Rrwrnt2ZtAC8p)(^+9OwP#kc8Pn8VUf_@i4Q44lw1INwK`LcXVlyM?%}5X>_;*SMPp7FO)7=R?Fm$ z#%&OwT#W}sfWtVaV1m=0F$(Z@b!q`r{A$uu^u|}Csb`N?*s4(FJiv8?LDqnIQjoGU zK1*blI_Rng$4qBjLy8Ca8f`)p1u%0KJY(k}s*Fk-JhA%YKyD1xl@8qn=sAOpSYoWW z2JX?EHd}x}{m2Wn8Q%zAB)|4{ zp&Tn!c+|&5uXBroDCymUYd2apwx4L{Ca~Pc-xUy-XO5$C$uXvcWZpnjIki{M(w1k_ z-OGSZvIC1hoNbpJx=UpYdJG|`XM+xwEX)jA`i$>Q^Qmif^3J-6a-JvjA9c(%l=5yI zzOuHXN8qNiHj-n>-+ZL}eUAwNe=UtWCtfXno5UspIcksuHw<^Lx}?_lx`ea`m=}YW zU}!5KeK2&eCH|q8UNwY;n{$L9Qfe?&npM}`pcYE?zZ}*nW+oIBE!FD=UQfZaM^rWM zw|`HW;#iH$4l1`~$_;HMji@s{jW|uf%`QLi3|VTU8t83>(mDUvMD_X5=3K45xxHyd zI#V1CH~LF;37=#@f88py!5hG3T7#fm&7}d(KDYgXIoKmGD}4~>LKgxF9m^51 zVx+-H(KqzS-pSjq+WKmyJp?2kA_fYze%&uHX7y$R1$5L0S%3WVOSaqqZjYzW-J<@~ z#LjI22)BdG`H3O(hsMegMfu)bUt4bJoNl$@pfz*T?#^zowefP+O)zbpj}b7iR}e{U z3p8Wi5sg~ftyN~qFw zvjpVs>$kG7EGww|bE$OJ)I`Ih@;?vrCK+^fPZWsqT1Qz zgHwOOR#Cbjrb2T++Rwy2)luH@T14aJlL=_QXiCXWLEJ*LJf`e30jMj{*NM{u{2dm- zQ?C7SKMn^5uAekK&|=Q80n|)O&*MA<4(8u4K3Bz&!(T1Kb07@C3ySQZ4HHCsM_1Ty zO&X)O4aX*IAS}cAsni9LNnUh^+kT3;YT$5!Ct-zKyiq&Yp^1tN$@`a#ltB(^Mw61I z0{$ClZ04;jd99clicb||isL|Y01Jb{#E~iq&6bS&{8}YLXtvl*^6S+2%FwNrFZk&! z8lKx^g@<+7_mbEHY_sTYXYHeUInHMifaQz4Di%Y{in!Ah<8#mZF7-=$f_ZYpZFeq8 z!X;gZ3m1t~-zKc5emXN&Crq>Y*x&5yzU6^<5tGWh{fOSmh@Qp}ONGQxGTQ4Mu&qZP zP_)QG*)_=^UT7Ocrqbj4TUw}2qd%RMcIjX4o#H*l|Gr~l!P;1DyjS~$&k*)Q9{{d1xr2-9~6;3gLnP$Dh zphxZ!>w=g^D#cWUJuRHTk_--64XX@u=i;TL1L5|xoH5A6xXoNCikUGEz!MD6uKh5r zj1heO{%)zW^C!W9=k9e4a9UA(;&6^r@BMZ?D0C`Nv*K~t~ZcHi-qo07tm#l&fbO_-i>pFKzx7`6IL@vb3V4TG90&@cRX zIe+cyyZ*ahru>W4_WWCmcefzfGJO@J_lGk=a7Jt_?jaihwtpASH&@fBSpn_>eRBeO ziq(n3*Ba8`qnedmcEOf)kt?2#e6|o`%=zYtopw1ZDMc(#Ah(PZb!fTX9g}}4^n2(D z&g*AJ%6Gd-G^d_yWgeaUhkLPUd|=UN`hkW3%|&h|_*7QO=o@s6&(Kz)UO+Vo?Obnq z%lFj|%zR@(X~Pbw2T6$fb!{cJh2YLpF#(R+h_vX-&H ztsgrPZ*grZuyhJTB|^2I>|!z}I@!a^lY1pCl=FBpaO!`Wc`YnCb|`J6Hi*%z4aCpn zj1kqa8dGP`H2{$ET(t%WJlsr>1*j&3fM$Vg{6&@wvyuSLld$!JOn?9HX9mwL(-5_@ zvJ6I=pzyE{$sMj15L%9x$J{7HJt)OfhNFG^Mix>p|1M2DEa;GPR(B%$5bU!Ys*>bu zM8%q@!@$f&4N1sjuTQtMs1IUou>P7%$+GkOcC=OskK4A)BW9&Vop1EoJP8E_kp6qk zID1QP=B2uW3m|;#>xK^%Id)k*tqP=YZ;jQO*})JEC2zD`T|YT_Lq}R=))eTP{I`hQ zP>l*J0z}4r+J_X!zd28~LRZcf*BDr7>S>IJL}zrQKY_q(1 zsB(D7ppe#OAQefBp*wKR+uK>WV~@aJ}YvOx0dB@e~M0e zcK)P}FZ&TIo11&UCyhE4c-0{7Ij5kJFmgv-{U;SyOlI)CO$%4LKH<}VY)(Mc`>m@R930v>k(hM|Zni5p{ ziwfd4111J~y>(aH*RmCIql|z5#$ABQFR%b_&-aB7GC&iVcwXKbi%DE-4>PDI&WmuaDX*#?fTc#?Ji@p5tjCKdJQ zS<5(4c)v2&%*{; z@PxmxK8y%R&s_tF_1iQCRv&29v41AoTfsk?z)+rGQJaZ5J-i&N8x1u=C2EfMs4c*T z;F3QQE8?rUStFLV)R2Ba8}(ceS9Ev2{04*h^PB%i@gU~0c3MR~x&u|`? ztJ}W;yq+D4UbliTaA(Z<`C>1C_U>g{2gkV6##jE4NQHtN zafNL5k{EZFZAL$#QWcX;X#zt!mvi{EF`C@@{X~G^)r8g5uO)s>K)?~*6Y7r~hf_kR z$H4$f$y!EWS(omN<&_h@9-(5#pRIm%a>f_=bOU?<;hRorHp>vFNy)rJW-wNcPK{fw zLgvZw=1aOHUwtHNE=bhD{znfMAF~=_PL<4l`2_TcHp&ZzN-a6oga1+-Z1E}1g<7k> zjeWBwMwutk+ur2UlM+Kij!(Z$Zm6_*IPDk7Nz`*7yfeEAh>MKg3}-|ApJj}7sg5|} zc{&0`xS`?AZaYzAn|7J}G^CpiR}fgpa)}j|8tdJP3l;Y(0q4|fz3ye*aw%agxJD>n zo(Nu+Vo2+vCRtz`Ldzc>XA6*hTDFur9vseG%h@ClAWnp3|5%g0v7B_QU?;gVgE(s? z#8{qDiq`pmgZc+Zox&FdB6l*4+np&{;UN4Oyagu~x9b=e+v|~P`1oz*2lI4GJxZ>q zmqVwW%gzJ-1rJ$z>*pfwFu_y(0>yzG^X{ZWh5P8*QMhe~3nV~dtI;H}VN*;-e@T5-nByDS6_a(A%{3Z5KcY1# zlt{r9==D1)ZRo7k1+38Oyx6)r8DOzdY2aqR>LeoN=Cf{;qJ9+odxsUH71mW?zXZlkKdcw!S8%91r?=G%e) z8?1AVcKaLt3n*`}m50|VmyKsiF(r%e;KaEj^qOvn^rCdtW1XWiAPn;d6942CfA}qjp=bmIP z9PVuYHR^g#1xCBcAy%YD?zBF<`ZVaXiMS{+rKxRl+`kph_oPW=3JhDjHj=#TEPGUw zy;?@8UMMzFeRjh=T(G$O~;nf#}Lb!CQKBK`9<+bl!MYQmPt4 zPGwfL)R#&8M77m;yn&_l*|ccHbryRU=ETa*m6PaSIqjIei67;IC8{+aEoI#J;a80b z?&fIXb0x7ArZY*t1ni)8l3uEkjJaM zVc%nl92ip+{PoW=`uq>IU{7>ujULbP^^ZwRp4tM~6}`SSjFcM!DGg5G-Lo04lAS0A zml8#U{!*)EF70i{dQD9*a{K8ajhgAlOIg2N{CUY6n(HMB;dY%z%Thg%=1$p(Q) z7JR^bUoP;kcycOc{tNOZXo0mtCs+}-6Li&c)ffj?@dzz-SAcJkKJUcc*HDQ! z0~Apr``g$|!{c5xU`0KR!+6=JI5hDaiQsOSomWA1n(nVD5HS-f9_m15{revZpNGSm+pfuALC=~ zoh1mrgkj@TyrhevoDL8gCC)2qNx|xSetQ)(95qnp?Qy7~(7aNiaFt|FJ>%wcuY|rX zYo$Y&)S#{k{90Wg(Y#ofTF!go%xZMmYv7f+Ph@9FMD?-))LnRU;0at|lqbI0`0eMw zQ!FmLkE1KvHI{yRMpG5qp*=tmXCotiLqy|ACcK)#7^-!k1`~;)*85Iv$?OtVd&qtD zeNlPu+r|FlfC&B_BTP}OC<6vBNy?|6{sW^cKcssWb2OPm4c(ayOx_KqNgfkv_$X;L zGKWcxubOeLtBGUV*mVzA9iQml`J5jrpXVQm0o3zJo%HyWOt86WCu!9|^Pn-@0bx)* z#E5Sj|H-sMRXz| z=PP2lQ_KYZlPJh}GqWzO{J~=T#3w_cOk2djK)M0|1&aLDbq2-m%f4Q|Pk=X#B3b4^ zJ~rLhKmMgpdn}!H-D(D70^md*NhVB7ndAub3>?R!3o_UTveoFdqjPdOud@&FROJ%Y zjIon-J@)oJjT|KXqbcIb@!O_+V?&&HyDph;isG4lDtSm{fupoa?Z5BYgG>>fIvwpp zr{513SZqk9?j=vLVm~a}!G9iiDtu@C$kfoyltWrn{mMQ9BJ4Y~(4UPH0`WdQY8c1~ zNF8G7<$JCF$&dVW2pq)pJnp9<(0?$qxxORvg@Bd4*k{xNezCQ@P?v!MH}HCY*#_Ba zmF=g_qK01)97=BD(+(zjW{ib>1k<}WfPTpm`bv_l9#~mQ8336=grS6#f0c(3HnF*r zZnPr$`eX#b=(xeudwpd9LLM)Mfk4eCC45f!soPVbPsD@)}vm5(lc0>7%m$R`mTQCtz2Y<#8nOqY4xl}l68R?D1Z?&&{{TS&k4^7_T7>Gv-( zl(i@paZtbd@!gCQ3NJl$l5c&wKRk~HgVvk+tzSF#qyfReK5GEPY>$D~naL55a3Ac0 zxVt{3j){?loc_>f4A0KlghF=~(8Iwyx#R<4y!74&8$Gop62*bKMUv!~o&BKtN*GXd1`y^u_m>Fa1Rp0AwArXBa*y3m7Kk*r-y-l5a0N!P3)FYa73VJW);C2s6U3 PuWA1e>?z2cdEze5k0!{z literal 420 zcmV;V0bBlz4Fm}T3RySz!cIgD0`bzo(gBUOvFy8+eu2k((uvw1;WQ{2d`Wj4oNp=<&ua0 zq7CRMywj@M@Ds}hRUWuPQCDY*n%wRkGl#G0yLlHF)x6VOT-MK`eK(#SzU%?|jAub; z$_G~iq51txQ+fLG^wxp14t}iIkyL7Yl%Lg#cO7nvl$S;nHy}9Y&R<3@21hmwTOZAbHoGTubbT~ybGTQs4MD%1 zv`CWyj$jWzzrOR1#Tf-+xVecjQ-88vQ#Kn2w96=tUYfm`kv(lF?R5}7Q(>8i%16uM Oo9v3}Va=a$00SSplg Date: Wed, 29 Oct 2025 16:57:27 +0000 Subject: [PATCH 11/26] Remove old php84 files. --- .gitattributesdb | 36 +- etc/php84/conf.d/.gitignore | 1 - etc/php84/conf.d/99_bcmath.ini | 4 - etc/php84/conf.d/99_curl.ini | 4 - etc/php84/conf.d/99_dba.ini | 2 - etc/php84/conf.d/99_exif.ini | 23 - etc/php84/conf.d/99_gd.ini | 6 - etc/php84/conf.d/99_iconv.ini | 17 - etc/php84/conf.d/99_imap.ini | 6 - etc/php84/conf.d/99_intl.ini | 7 - etc/php84/conf.d/99_ldap.ini | 3 - etc/php84/conf.d/99_mbstring | 78 --- etc/php84/conf.d/99_mysqli.ini | 48 -- etc/php84/conf.d/99_mysqlnd.ini | 33 -- etc/php84/conf.d/99_odbc.ini | 40 -- etc/php84/conf.d/99_opcache.ini | 148 ------ etc/php84/conf.d/99_openssl.ini | 17 - etc/php84/conf.d/99_pdo.ini | 6 - etc/php84/conf.d/99_pdo_mysql.ini | 4 - etc/php84/conf.d/99_pgsql.ini | 27 - etc/php84/conf.d/99_phar.ini | 8 - etc/php84/conf.d/99_session.ini | 245 --------- etc/php84/conf.d/99_soap.ini | 16 - etc/php84/conf.d/99_sqlite3.ini | 13 - etc/php84/conf.d/99_sysvshm.ini | 3 - etc/php84/conf.d/99_tidy.ini | 10 - etc/php84/php-fpm.conf | 143 ----- etc/php84/php-fpm.d/www.conf | 424 --------------- etc/php84/php.ini | 854 ------------------------------ 29 files changed, 4 insertions(+), 2222 deletions(-) delete mode 100644 etc/php84/conf.d/.gitignore delete mode 100644 etc/php84/conf.d/99_bcmath.ini delete mode 100644 etc/php84/conf.d/99_curl.ini delete mode 100644 etc/php84/conf.d/99_dba.ini delete mode 100644 etc/php84/conf.d/99_exif.ini delete mode 100644 etc/php84/conf.d/99_gd.ini delete mode 100644 etc/php84/conf.d/99_iconv.ini delete mode 100644 etc/php84/conf.d/99_imap.ini delete mode 100644 etc/php84/conf.d/99_intl.ini delete mode 100644 etc/php84/conf.d/99_ldap.ini delete mode 100644 etc/php84/conf.d/99_mbstring delete mode 100644 etc/php84/conf.d/99_mysqli.ini delete mode 100644 etc/php84/conf.d/99_mysqlnd.ini delete mode 100644 etc/php84/conf.d/99_odbc.ini delete mode 100644 etc/php84/conf.d/99_opcache.ini delete mode 100644 etc/php84/conf.d/99_openssl.ini delete mode 100644 etc/php84/conf.d/99_pdo.ini delete mode 100644 etc/php84/conf.d/99_pdo_mysql.ini delete mode 100644 etc/php84/conf.d/99_pgsql.ini delete mode 100644 etc/php84/conf.d/99_phar.ini delete mode 100644 etc/php84/conf.d/99_session.ini delete mode 100644 etc/php84/conf.d/99_soap.ini delete mode 100644 etc/php84/conf.d/99_sqlite3.ini delete mode 100644 etc/php84/conf.d/99_sysvshm.ini delete mode 100644 etc/php84/conf.d/99_tidy.ini delete mode 100644 etc/php84/php-fpm.conf delete mode 100644 etc/php84/php-fpm.d/www.conf delete mode 100644 etc/php84/php.ini diff --git a/.gitattributesdb b/.gitattributesdb index 5664795..26cf4c8 100644 --- a/.gitattributesdb +++ b/.gitattributesdb @@ -46,41 +46,13 @@ ZXRjL21zbXRwcmMuZ3Bn 1761052674 1758049424 root:root 0644 - - ZXRjL25ldHdvcmsvLmdpdGlnbm9yZQ== 1757596572 1757596572 root:root 0644 - - ZXRjL25ldHdvcmsvaW50ZXJmYWNlcw== 1758915694 1757596330 root:root 0644 - - ZXRjL29wZW5sZGFwL2xkYXAuY29uZg== 1758374529 1730112559 root:root 0644 - - -ZXRjL3Bhc3N3ZA== 1757873724 1757869538 root:root 0644 - - +ZXRjL3Bhc3N3ZA== 1761056398 1761056398 root:root 0644 - - ZXRjL3BlcmlvZGljL2RhaWx5LzAtcm90YXRlLWxvZ3Mtc3ltbGlua3M= 1758222266 1758222266 root:root 0777 - - ZXRjL3BlcmlvZGljL2RhaWx5LzEwLWRlaHlkcmF0ZWQ= 1757708520 1757708520 root:root 0777 - - ZXRjL3BlcmlvZGljL2RhaWx5LzUtdXBkYXRlLXBhY2thZ2VzLWxpc3Q= 1757708520 1757708520 root:root 0777 - - ZXRjL3BlcmlvZGljL2RhaWx5Lzctd2Fybi1naXQtc3RhdHVz 1757708520 1757708520 root:root 0777 - - ZXRjL3BlcmlvZGljL3dlZWtseS85LWNsZWFuLXBocA== 1758294154 1758289390 root:root 0755 - - -ZXRjL3BocDg0L2NvbmYuZC8uZ2l0aWdub3Jl - - -ZXRjL3BocDg0L2NvbmYuZC85OV9iY21hdGguaW5p - - -ZXRjL3BocDg0L2NvbmYuZC85OV9jdXJsLmluaQ== - - -ZXRjL3BocDg0L2NvbmYuZC85OV9kYmEuaW5p - - -ZXRjL3BocDg0L2NvbmYuZC85OV9leGlmLmluaQ== - - -ZXRjL3BocDg0L2NvbmYuZC85OV9nZC5pbmk= - - -ZXRjL3BocDg0L2NvbmYuZC85OV9pY29udi5pbmk= - - -ZXRjL3BocDg0L2NvbmYuZC85OV9pbWFwLmluaQ== - - -ZXRjL3BocDg0L2NvbmYuZC85OV9pbnRsLmluaQ== - - -ZXRjL3BocDg0L2NvbmYuZC85OV9sZGFwLmluaQ== - - -ZXRjL3BocDg0L2NvbmYuZC85OV9tYnN0cmluZw== - - -ZXRjL3BocDg0L2NvbmYuZC85OV9teXNxbGkuaW5p - - -ZXRjL3BocDg0L2NvbmYuZC85OV9teXNxbG5kLmluaQ== - - -ZXRjL3BocDg0L2NvbmYuZC85OV9vZGJjLmluaQ== - - -ZXRjL3BocDg0L2NvbmYuZC85OV9vcGNhY2hlLmluaQ== - - -ZXRjL3BocDg0L2NvbmYuZC85OV9vcGVuc3NsLmluaQ== - - -ZXRjL3BocDg0L2NvbmYuZC85OV9wZG8uaW5p - - -ZXRjL3BocDg0L2NvbmYuZC85OV9wZG9fbXlzcWwuaW5p - - -ZXRjL3BocDg0L2NvbmYuZC85OV9wZ3NxbC5pbmk= - - -ZXRjL3BocDg0L2NvbmYuZC85OV9waGFyLmluaQ== - - -ZXRjL3BocDg0L2NvbmYuZC85OV9zZXNzaW9uLmluaQ== - - -ZXRjL3BocDg0L2NvbmYuZC85OV9zb2FwLmluaQ== - - -ZXRjL3BocDg0L2NvbmYuZC85OV9zcWxpdGUzLmluaQ== - - -ZXRjL3BocDg0L2NvbmYuZC85OV9zeXN2c2htLmluaQ== - - -ZXRjL3BocDg0L2NvbmYuZC85OV90aWR5LmluaQ== - - -ZXRjL3BocDg0L3BocC1mcG0uY29uZg== - - -ZXRjL3BocDg0L3BocC1mcG0uZC93d3cuY29uZg== - - -ZXRjL3BocDg0L3BocC5pbmk= - - -ZXRjL3BrZ2xpc3Q= 1761004800 1757609913 root:root 0644 - - +ZXRjL3BrZ2xpc3Q= 1761696000 1757609913 root:root 0644 - - ZXRjL3BsYS9jb25maWcucGhwLmdwZw== 1761052640 1758539944 root:root 0644 - - ZXRjL3B1c2hvdmVyLWNsaWVudC9kZWZhdWx0 1758224985 1758224590 root:root 0600 - - ZXRjL3Jlc29sdi5jb25m 1757611605 1757611605 root:root 0644 - - @@ -141,8 +113,8 @@ dmFyL2xpYi9waHAvc2Vzc2lvbnMvLmdpdGtlZXBkaXI= - - dmFyL2xpYi9waHAvdXBsb2Fkcy8uZ2l0a2VlcGRpcg== - - ZXRjL2RvYXMuY29uZg== 1728635393 1728635393 root:root 0640 - - ZXRjL2RvYXMuZA== 1757595612 1757595612 root:root 0750 - - -ZXRjL3NoYWRvdw== 1757873748 1757869538 root:shadow 0640 - - -ZXRjL3NoYWRvdy0= 1757761290 1757702629 root:shadow 0640 - - +ZXRjL3NoYWRvdw== 1761056398 1761056398 root:shadow 0640 - - +ZXRjL3NoYWRvdy0= 1761056356 1761056356 root:shadow 0640 - - ZXRjL3N1ZG9lcnM= 1753553353 1753553353 root:root 0440 - - ZXRjL3N1ZG9lcnMuZC9kZWZhdWx0cw== 1757599359 1757599359 root:root 0640 - - ZXRjL3N1ZG9lcnMuZC9yb290LWFjY2Vzcw== 1757600157 1757600157 root:root 0640 - - diff --git a/etc/php84/conf.d/.gitignore b/etc/php84/conf.d/.gitignore deleted file mode 100644 index af94d76..0000000 --- a/etc/php84/conf.d/.gitignore +++ /dev/null @@ -1 +0,0 @@ -/00_* diff --git a/etc/php84/conf.d/99_bcmath.ini b/etc/php84/conf.d/99_bcmath.ini deleted file mode 100644 index 0e9b8b5..0000000 --- a/etc/php84/conf.d/99_bcmath.ini +++ /dev/null @@ -1,4 +0,0 @@ -[bcmath] -; Number of decimal digits for all bcmath functions. -; http://php.net/bcmath.scale -bcmath.scale = 0 diff --git a/etc/php84/conf.d/99_curl.ini b/etc/php84/conf.d/99_curl.ini deleted file mode 100644 index 16b978e..0000000 --- a/etc/php84/conf.d/99_curl.ini +++ /dev/null @@ -1,4 +0,0 @@ -[curl] -; A default value for the CURLOPT_CAINFO option. This is required to be an -; absolute path. -;curl.cainfo = diff --git a/etc/php84/conf.d/99_dba.ini b/etc/php84/conf.d/99_dba.ini deleted file mode 100644 index e5bc8bf..0000000 --- a/etc/php84/conf.d/99_dba.ini +++ /dev/null @@ -1,2 +0,0 @@ -[dba] -;dba.default_handler= diff --git a/etc/php84/conf.d/99_exif.ini b/etc/php84/conf.d/99_exif.ini deleted file mode 100644 index b31c0ce..0000000 --- a/etc/php84/conf.d/99_exif.ini +++ /dev/null @@ -1,23 +0,0 @@ -[exif] -; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS. -; With mbstring support this will automatically be converted into the encoding -; given by corresponding encode setting. When empty mbstring.internal_encoding -; is used. For the decode settings you can distinguish between motorola and -; intel byte order. A decode setting cannot be empty. -; http://php.net/exif.encode-unicode -;exif.encode_unicode = ISO-8859-15 - -; http://php.net/exif.decode-unicode-motorola -;exif.decode_unicode_motorola = UCS-2BE - -; http://php.net/exif.decode-unicode-intel -;exif.decode_unicode_intel = UCS-2LE - -; http://php.net/exif.encode-jis -;exif.encode_jis = - -; http://php.net/exif.decode-jis-motorola -;exif.decode_jis_motorola = JIS - -; http://php.net/exif.decode-jis-intel -;exif.decode_jis_intel = JIS diff --git a/etc/php84/conf.d/99_gd.ini b/etc/php84/conf.d/99_gd.ini deleted file mode 100644 index 9da3c78..0000000 --- a/etc/php84/conf.d/99_gd.ini +++ /dev/null @@ -1,6 +0,0 @@ -[gd] -; Tell the jpeg decode to ignore warnings and try to create -; a gd image. The warning will then be displayed as notices -; disabled by default -; http://php.net/gd.jpeg-ignore-warning -;gd.jpeg_ignore_warning = 1 diff --git a/etc/php84/conf.d/99_iconv.ini b/etc/php84/conf.d/99_iconv.ini deleted file mode 100644 index 14bcfd5..0000000 --- a/etc/php84/conf.d/99_iconv.ini +++ /dev/null @@ -1,17 +0,0 @@ -[iconv] -; Use of this INI entry is deprecated, use global input_encoding instead. -; If empty, default_charset or input_encoding or iconv.input_encoding is used. -; The precedence is: default_charset < input_encoding < iconv.input_encoding -;iconv.input_encoding = - -; Use of this INI entry is deprecated, use global internal_encoding instead. -; If empty, default_charset or internal_encoding or iconv.internal_encoding is used. -; The precedence is: default_charset < internal_encoding < iconv.internal_encoding -;iconv.internal_encoding = - -; Use of this INI entry is deprecated, use global output_encoding instead. -; If empty, default_charset or output_encoding or iconv.output_encoding is used. -; The precedence is: default_charset < output_encoding < iconv.output_encoding -; To use an output encoding conversion, iconv's output handler must be set -; otherwise output encoding conversion cannot be performed. -;iconv.output_encoding = diff --git a/etc/php84/conf.d/99_imap.ini b/etc/php84/conf.d/99_imap.ini deleted file mode 100644 index 060b23c..0000000 --- a/etc/php84/conf.d/99_imap.ini +++ /dev/null @@ -1,6 +0,0 @@ -[imap] -; rsh/ssh logins are disabled by default. Use this INI entry if you want to -; enable them. Note that the IMAP library does not filter mailbox names before -; passing them to rsh/ssh command, thus passing untrusted data to this function -; with rsh/ssh enabled is insecure. -;imap.enable_insecure_rsh=0 diff --git a/etc/php84/conf.d/99_intl.ini b/etc/php84/conf.d/99_intl.ini deleted file mode 100644 index c36c85c..0000000 --- a/etc/php84/conf.d/99_intl.ini +++ /dev/null @@ -1,7 +0,0 @@ -[intl] -;intl.default_locale = -; This directive allows you to produce PHP errors when some error -; happens within intl functions. The value is the level of the error produced. -; Default is 0, which does not produce any errors. -;intl.error_level = E_WARNING -;intl.use_exceptions = 0 diff --git a/etc/php84/conf.d/99_ldap.ini b/etc/php84/conf.d/99_ldap.ini deleted file mode 100644 index 941d8b2..0000000 --- a/etc/php84/conf.d/99_ldap.ini +++ /dev/null @@ -1,3 +0,0 @@ -[ldap] -; Sets the maximum number of open links or -1 for unlimited. -ldap.max_links = -1 diff --git a/etc/php84/conf.d/99_mbstring b/etc/php84/conf.d/99_mbstring deleted file mode 100644 index a5dbc73..0000000 --- a/etc/php84/conf.d/99_mbstring +++ /dev/null @@ -1,78 +0,0 @@ -[mbstring] -; language for internal character representation. -; This affects mb_send_mail() and mbstring.detect_order. -; http://php.net/mbstring.language -;mbstring.language = Japanese - -; Use of this INI entry is deprecated, use global internal_encoding instead. -; internal/script encoding. -; Some encoding cannot work as internal encoding. (e.g. SJIS, BIG5, ISO-2022-*) -; If empty, default_charset or internal_encoding or iconv.internal_encoding is used. -; The precedence is: default_charset < internal_encoding < iconv.internal_encoding -;mbstring.internal_encoding = - -; Use of this INI entry is deprecated, use global input_encoding instead. -; http input encoding. -; mbstring.encoding_translation = On is needed to use this setting. -; If empty, default_charset or input_encoding or mbstring.input is used. -; The precedence is: default_charset < input_encoding < mbstring.http_input -; http://php.net/mbstring.http-input -;mbstring.http_input = - -; Use of this INI entry is deprecated, use global output_encoding instead. -; http output encoding. -; mb_output_handler must be registered as output buffer to function. -; If empty, default_charset or output_encoding or mbstring.http_output is used. -; The precedence is: default_charset < output_encoding < mbstring.http_output -; To use an output encoding conversion, mbstring's output handler must be set -; otherwise output encoding conversion cannot be performed. -; http://php.net/mbstring.http-output -;mbstring.http_output = - -; enable automatic encoding translation according to -; mbstring.internal_encoding setting. Input chars are -; converted to internal encoding by setting this to On. -; Note: Do _not_ use automatic encoding translation for -; portable libs/applications. -; http://php.net/mbstring.encoding-translation -;mbstring.encoding_translation = Off - -; automatic encoding detection order. -; "auto" detect order is changed according to mbstring.language -; http://php.net/mbstring.detect-order -;mbstring.detect_order = auto - -; substitute_character used when character cannot be converted -; one from another -; http://php.net/mbstring.substitute-character -;mbstring.substitute_character = none - -; overload(replace) single byte functions by mbstring functions. -; mail(), ereg(), etc are overloaded by mb_send_mail(), mb_ereg(), -; etc. Possible values are 0,1,2,4 or combination of them. -; For example, 7 for overload everything. -; 0: No overload -; 1: Overload mail() function -; 2: Overload str*() functions -; 4: Overload ereg*() functions -; http://php.net/mbstring.func-overload -mbstring.func_overload = 0 - -; enable strict encoding detection. -; Default: Off -;mbstring.strict_detection = On - -; This directive specifies the regex pattern of content types for which mb_output_handler() -; is activated. -; Default: mbstring.http_output_conv_mimetype=^(text/|application/xhtml\+xml) -;mbstring.http_output_conv_mimetype= - -; This directive specifies maximum stack depth for mbstring regular expressions. It is similar -; to the pcre.recursion_limit for PCRE. -; Default: 100000 -;mbstring.regex_stack_limit=100000 - -; This directive specifies maximum retry count for mbstring regular expressions. It is similar -; to the pcre.backtrack_limit for PCRE. -; Default: 1000000 -;mbstring.regex_retry_limit=1000000 diff --git a/etc/php84/conf.d/99_mysqli.ini b/etc/php84/conf.d/99_mysqli.ini deleted file mode 100644 index a6c2571..0000000 --- a/etc/php84/conf.d/99_mysqli.ini +++ /dev/null @@ -1,48 +0,0 @@ -[MySQLi] - -; Maximum number of persistent links. -1 means no limit. -; http://php.net/mysqli.max-persistent -mysqli.max_persistent = -1 - -; Allow accessing, from PHP's perspective, local files with LOAD DATA statements -; http://php.net/mysqli.allow_local_infile -;mysqli.allow_local_infile = On - -; Allow or prevent persistent links. -; http://php.net/mysqli.allow-persistent -mysqli.allow_persistent = On - -; Maximum number of links. -1 means no limit. -; http://php.net/mysqli.max-links -mysqli.max_links = -1 - -; Default port number for mysqli_connect(). If unset, mysqli_connect() will use -; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the -; compile-time value defined MYSQL_PORT (in that order). Win32 will only look -; at MYSQL_PORT. -; http://php.net/mysqli.default-port -mysqli.default_port = 3306 - -; Default socket name for local MySQL connects. If empty, uses the built-in -; MySQL defaults. -; http://php.net/mysqli.default-socket -mysqli.default_socket = - -; Default host for mysqli_connect() (doesn't apply in safe mode). -; http://php.net/mysqli.default-host -mysqli.default_host = - -; Default user for mysqli_connect() (doesn't apply in safe mode). -; http://php.net/mysqli.default-user -mysqli.default_user = - -; Default password for mysqli_connect() (doesn't apply in safe mode). -; Note that this is generally a *bad* idea to store passwords in this file. -; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw") -; and reveal this password! And of course, any users with read access to this -; file will be able to reveal the password as well. -; http://php.net/mysqli.default-pw -mysqli.default_pw = - -; Allow or prevent reconnect -mysqli.reconnect = Off diff --git a/etc/php84/conf.d/99_mysqlnd.ini b/etc/php84/conf.d/99_mysqlnd.ini deleted file mode 100644 index 8d8978d..0000000 --- a/etc/php84/conf.d/99_mysqlnd.ini +++ /dev/null @@ -1,33 +0,0 @@ -[mysqlnd] -; Enable / Disable collection of general statistics by mysqlnd which can be -; used to tune and monitor MySQL operations. -mysqlnd.collect_statistics = On - -; Enable / Disable collection of memory usage statistics by mysqlnd which can be -; used to tune and monitor MySQL operations. -mysqlnd.collect_memory_statistics = Off - -; Records communication from all extensions using mysqlnd to the specified log -; file. -; http://php.net/mysqlnd.debug -;mysqlnd.debug = - -; Defines which queries will be logged. -;mysqlnd.log_mask = 0 - -; Default size of the mysqlnd memory pool, which is used by result sets. -;mysqlnd.mempool_default_size = 16000 - -; Size of a pre-allocated buffer used when sending commands to MySQL in bytes. -;mysqlnd.net_cmd_buffer_size = 2048 - -; Size of a pre-allocated buffer used for reading data sent by the server in -; bytes. -;mysqlnd.net_read_buffer_size = 32768 - -; Timeout for network requests in seconds. -;mysqlnd.net_read_timeout = 31536000 - -; SHA-256 Authentication Plugin related. File with the MySQL server public RSA -; key. -;mysqlnd.sha256_server_public_key = diff --git a/etc/php84/conf.d/99_odbc.ini b/etc/php84/conf.d/99_odbc.ini deleted file mode 100644 index 13d3635..0000000 --- a/etc/php84/conf.d/99_odbc.ini +++ /dev/null @@ -1,40 +0,0 @@ -[ODBC] -; http://php.net/odbc.default-db -;odbc.default_db = Not yet implemented - -; http://php.net/odbc.default-user -;odbc.default_user = Not yet implemented - -; http://php.net/odbc.default-pw -;odbc.default_pw = Not yet implemented - -; Controls the ODBC cursor model. -; Default: SQL_CURSOR_STATIC (default). -;odbc.default_cursortype - -; Allow or prevent persistent links. -; http://php.net/odbc.allow-persistent -odbc.allow_persistent = On - -; Check that a connection is still valid before reuse. -; http://php.net/odbc.check-persistent -odbc.check_persistent = On - -; Maximum number of persistent links. -1 means no limit. -; http://php.net/odbc.max-persistent -odbc.max_persistent = -1 - -; Maximum number of links (persistent + non-persistent). -1 means no limit. -; http://php.net/odbc.max-links -odbc.max_links = -1 - -; Handling of LONG fields. Returns number of bytes to variables. 0 means -; passthru. -; http://php.net/odbc.defaultlrl -odbc.defaultlrl = 4096 - -; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char. -; See the documentation on odbc_binmode and odbc_longreadlen for an explanation -; of odbc.defaultlrl and odbc.defaultbinmode -; http://php.net/odbc.defaultbinmode -odbc.defaultbinmode = 1 diff --git a/etc/php84/conf.d/99_opcache.ini b/etc/php84/conf.d/99_opcache.ini deleted file mode 100644 index 3beda00..0000000 --- a/etc/php84/conf.d/99_opcache.ini +++ /dev/null @@ -1,148 +0,0 @@ -[opcache] -; Determines if Zend OPCache is enabled -opcache.enable=1 - -; Determines if Zend OPCache is enabled for the CLI version of PHP -opcache.enable_cli=0 - -; The OPcache shared memory storage size. -opcache.memory_consumption=64 - -; The amount of memory for interned strings in Mbytes. -;opcache.interned_strings_buffer=8 - -; The maximum number of keys (scripts) in the OPcache hash table. -; Only numbers between 200 and 1000000 are allowed. -opcache.max_accelerated_files=1000 - -; The maximum percentage of "wasted" memory until a restart is scheduled. -;opcache.max_wasted_percentage=5 - -; When this directive is enabled, the OPcache appends the current working -; directory to the script key, thus eliminating possible collisions between -; files with the same name (basename). Disabling the directive improves -; performance, but may break existing applications. -opcache.use_cwd=1 - -; When disabled, you must reset the OPcache manually or restart the -; webserver for changes to the filesystem to take effect. -;opcache.validate_timestamps=1 - -; How often (in seconds) to check file timestamps for changes to the shared -; memory storage allocation. ("1" means validate once per second, but only -; once per request. "0" means always validate) -;opcache.revalidate_freq=2 - -; Enables or disables file search in include_path optimization -;opcache.revalidate_path=0 - -; If disabled, all PHPDoc comments are dropped from the code to reduce the -; size of the optimized code. -opcache.save_comments=0 - -; Allow file existence override (file_exists, etc.) performance feature. -;opcache.enable_file_override=0 - -; A bitmask, where each bit enables or disables the appropriate OPcache -; passes -;opcache.optimization_level=0x7FFFBFFF - -;opcache.dups_fix=0 - -; The location of the OPcache blacklist file (wildcards allowed). -; Each OPcache blacklist file is a text file that holds the names of files -; that should not be accelerated. The file format is to add each filename -; to a new line. The filename may be a full path or just a file prefix -; (i.e., /var/www/x blacklists all the files and directories in /var/www -; that start with 'x'). Line starting with a ; are ignored (comments). -;opcache.blacklist_filename= - -; Allows exclusion of large files from being cached. By default all files -; are cached. -;opcache.max_file_size=0 - -; Check the cache checksum each N requests. -; The default value of "0" means that the checks are disabled. -;opcache.consistency_checks=0 - -; How long to wait (in seconds) for a scheduled restart to begin if the cache -; is not being accessed. -;opcache.force_restart_timeout=180 - -; OPcache error_log file name. Empty string assumes "stderr". -;opcache.error_log= - -; All OPcache errors go to the Web server log. -; By default, only fatal errors (level 0) or errors (level 1) are logged. -; You can also enable warnings (level 2), info messages (level 3) or -; debug messages (level 4). -;opcache.log_verbosity_level=1 - -; Preferred Shared Memory back-end. Leave empty and let the system decide. -;opcache.preferred_memory_model= - -; Protect the shared memory from unexpected writing during script execution. -; Useful for internal debugging only. -;opcache.protect_memory=0 - -; Allows calling OPcache API functions only from PHP scripts which path is -; started from specified string. The default "" means no restriction -;opcache.restrict_api= - -; Mapping base of shared memory segments (for Windows only). All the PHP -; processes have to map shared memory into the same address space. This -; directive allows to manually fix the "Unable to reattach to base address" -; errors. -;opcache.mmap_base= - -; Facilitates multiple OPcache instances per user (for Windows only). All PHP -; processes with the same cache ID and user share an OPcache instance. -;opcache.cache_id= - -; Enables and sets the second level cache directory. -; It should improve performance when SHM memory is full, at server restart or -; SHM reset. The default "" disables file based caching. -;opcache.file_cache= - -; Enables or disables opcode caching in shared memory. -;opcache.file_cache_only=0 - -; Enables or disables checksum validation when script loaded from file cache. -;opcache.file_cache_consistency_checks=1 - -; Implies opcache.file_cache_only=1 for a certain process that failed to -; reattach to the shared memory (for Windows only). Explicitly enabled file -; cache is required. -;opcache.file_cache_fallback=1 - -; Enables or disables copying of PHP code (text segment) into HUGE PAGES. -; This should improve performance, but requires appropriate OS configuration. -;opcache.huge_code_pages=1 - -; Validate cached file permissions. -;opcache.validate_permission=0 - -; Prevent name collisions in chroot'ed environment. -;opcache.validate_root=0 - -; If specified, it produces opcode dumps for debugging different stages of -; optimizations. -;opcache.opt_debug_level=0 - -; Specifies a PHP script that is going to be compiled and executed at server -; start-up. -; http://php.net/opcache.preload -;opcache.preload= - -; Preloading code as root is not allowed for security reasons. This directive -; facilitates to let the preloading to be run as another user. -; http://php.net/opcache.preload_user -;opcache.preload_user= - -; Prevents caching files that are less than this number of seconds old. It -; protects from caching of incompletely updated files. In case all file updates -; on your site are atomic, you may increase performance by setting it to "0". -;opcache.file_update_protection=2 - -; Absolute path used to store shared lockfiles (for *nix only). -;opcache.lockfile_path=/tmp diff --git a/etc/php84/conf.d/99_openssl.ini b/etc/php84/conf.d/99_openssl.ini deleted file mode 100644 index ba95cd7..0000000 --- a/etc/php84/conf.d/99_openssl.ini +++ /dev/null @@ -1,17 +0,0 @@ -[openssl] -; The location of a Certificate Authority (CA) file on the local filesystem -; to use when verifying the identity of SSL/TLS peers. Most users should -; not specify a value for this directive as PHP will attempt to use the -; OS-managed cert stores in its absence. If specified, this value may still -; be overridden on a per-stream basis via the "cafile" SSL stream context -; option. -;openssl.cafile= - -; If openssl.cafile is not specified or if the CA file is not found, the -; directory pointed to by openssl.capath is searched for a suitable -; certificate. This value must be a correctly hashed certificate directory. -; Most users should not specify a value for this directive as PHP will -; attempt to use the OS-managed cert stores in its absence. If specified, -; this value may still be overridden on a per-stream basis via the "capath" -; SSL stream context option. -;openssl.capath= diff --git a/etc/php84/conf.d/99_pdo.ini b/etc/php84/conf.d/99_pdo.ini deleted file mode 100644 index 1e03675..0000000 --- a/etc/php84/conf.d/99_pdo.ini +++ /dev/null @@ -1,6 +0,0 @@ -[Pdo] -; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off" -; http://php.net/pdo-odbc.connection-pooling -;pdo_odbc.connection_pooling=strict - -;pdo_odbc.db2_instance_name diff --git a/etc/php84/conf.d/99_pdo_mysql.ini b/etc/php84/conf.d/99_pdo_mysql.ini deleted file mode 100644 index 1598241..0000000 --- a/etc/php84/conf.d/99_pdo_mysql.ini +++ /dev/null @@ -1,4 +0,0 @@ -[Pdo_mysql] -; Default socket name for local MySQL connects. If empty, uses the built-in -; MySQL defaults. -;pdo_mysql.default_socket= diff --git a/etc/php84/conf.d/99_pgsql.ini b/etc/php84/conf.d/99_pgsql.ini deleted file mode 100644 index 0b17fb5..0000000 --- a/etc/php84/conf.d/99_pgsql.ini +++ /dev/null @@ -1,27 +0,0 @@ -[PostgreSQL] -; Allow or prevent persistent links. -; http://php.net/pgsql.allow-persistent -pgsql.allow_persistent = On - -; Detect broken persistent links always with pg_pconnect(). -; Auto reset feature requires a little overheads. -; http://php.net/pgsql.auto-reset-persistent -pgsql.auto_reset_persistent = Off - -; Maximum number of persistent links. -1 means no limit. -; http://php.net/pgsql.max-persistent -pgsql.max_persistent = -1 - -; Maximum number of links (persistent+non persistent). -1 means no limit. -; http://php.net/pgsql.max-links -pgsql.max_links = -1 - -; Ignore PostgreSQL backends Notice message or not. -; Notice message logging require a little overheads. -; http://php.net/pgsql.ignore-notice -pgsql.ignore_notice = 0 - -; Log PostgreSQL backends Notice message or not. -; Unless pgsql.ignore_notice=0, module cannot log notice message. -; http://php.net/pgsql.log-notice -pgsql.log_notice = 0 diff --git a/etc/php84/conf.d/99_phar.ini b/etc/php84/conf.d/99_phar.ini deleted file mode 100644 index e3fc161..0000000 --- a/etc/php84/conf.d/99_phar.ini +++ /dev/null @@ -1,8 +0,0 @@ -[Phar] -; http://php.net/phar.readonly -;phar.readonly = On - -; http://php.net/phar.require-hash -;phar.require_hash = On - -;phar.cache_list = diff --git a/etc/php84/conf.d/99_session.ini b/etc/php84/conf.d/99_session.ini deleted file mode 100644 index df75c1c..0000000 --- a/etc/php84/conf.d/99_session.ini +++ /dev/null @@ -1,245 +0,0 @@ -[Session] -; Handler used to store/retrieve data. -; http://php.net/session.save-handler -session.save_handler = files - -; Argument passed to save_handler. In the case of files, this is the path -; where data files are stored. Note: Windows users have to change this -; variable in order to use PHP's session functions. -; -; The path can be defined as: -; -; session.save_path = "N;/path" -; -; where N is an integer. Instead of storing all the session files in -; /path, what this will do is use subdirectories N-levels deep, and -; store the session data in those directories. This is useful if -; your OS has problems with many files in one directory, and is -; a more efficient layout for servers that handle many sessions. -; -; NOTE 1: PHP will not create this directory structure automatically. -; You can use the script in the ext/session dir for that purpose. -; NOTE 2: See the section on garbage collection below if you choose to -; use subdirectories for session storage -; -; The file storage module creates files using mode 600 by default. -; You can change that by using -; -; session.save_path = "N;MODE;/path" -; -; where MODE is the octal representation of the mode. Note that this -; does not overwrite the process's umask. -; http://php.net/session.save-path -session.save_path = "/var/lib/php/sessions" - -; Whether to use strict session mode. -; Strict session mode does not accept an uninitialized session ID, and -; regenerates the session ID if the browser sends an uninitialized session ID. -; Strict mode protects applications from session fixation via a session adoption -; vulnerability. It is disabled by default for maximum compatibility, but -; enabling it is encouraged. -; https://wiki.php.net/rfc/strict_sessions -session.use_strict_mode = 1 - -; Whether to use cookies. -; http://php.net/session.use-cookies -session.use_cookies = 1 - -; http://php.net/session.cookie-secure -;session.cookie_secure = - -; This option forces PHP to fetch and use a cookie for storing and maintaining -; the session id. We encourage this operation as it's very helpful in combating -; session hijacking when not specifying and managing your own session id. It is -; not the be-all and end-all of session hijacking defense, but it's a good start. -; http://php.net/session.use-only-cookies -session.use_only_cookies = 1 - -; Name of the session (used as cookie name). -; http://php.net/session.name -session.name = PHPSESSID - -; Initialize session on request startup. -; http://php.net/session.auto-start -session.auto_start = 0 - -; Lifetime in seconds of cookie or, if 0, until browser is restarted. -; http://php.net/session.cookie-lifetime -session.cookie_lifetime = 0 - -; The path for which the cookie is valid. -; http://php.net/session.cookie-path -session.cookie_path = / - -; The domain for which the cookie is valid. -; http://php.net/session.cookie-domain -session.cookie_domain = - -; Whether or not to add the httpOnly flag to the cookie, which makes it -; inaccessible to browser scripting languages such as JavaScript. -; http://php.net/session.cookie-httponly -session.cookie_httponly = - -; Add SameSite attribute to cookie to help mitigate Cross-Site Request Forgery (CSRF/XSRF) -; Current valid values are "Strict", "Lax" or "None". When using "None", -; make sure to include the quotes, as `none` is interpreted like `false` in ini files. -; https://tools.ietf.org/html/draft-west-first-party-cookies-07 -session.cookie_samesite = "Lax" - -; Handler used to serialize data. php is the standard serializer of PHP. -; http://php.net/session.serialize-handler -session.serialize_handler = php - -; Defines the probability that the 'garbage collection' process is started on every -; session initialization. The probability is calculated by using gc_probability/gc_divisor, -; e.g. 1/100 means there is a 1% chance that the GC process starts on each request. -; Default Value: 1 -; Development Value: 1 -; Production Value: 1 -; http://php.net/session.gc-probability -session.gc_probability = 1 - -; Defines the probability that the 'garbage collection' process is started on every -; session initialization. The probability is calculated by using gc_probability/gc_divisor, -; e.g. 1/100 means there is a 1% chance that the GC process starts on each request. -; For high volume production servers, using a value of 1000 is a more efficient approach. -; Default Value: 100 -; Development Value: 1000 -; Production Value: 1000 -; http://php.net/session.gc-divisor -session.gc_divisor = 1000 - -; After this number of seconds, stored data will be seen as 'garbage' and -; cleaned up by the garbage collection process. -; http://php.net/session.gc-maxlifetime -session.gc_maxlifetime = 86400 - -; NOTE: If you are using the subdirectory option for storing session files -; (see session.save_path above), then garbage collection does *not* -; happen automatically. You will need to do your own garbage -; collection through a shell script, cron entry, or some other method. -; For example, the following script is the equivalent of setting -; session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): -; find /path/to/sessions -cmin +24 -type f | xargs rm - -; Check HTTP Referer to invalidate externally stored URLs containing ids. -; HTTP_REFERER has to contain this substring for the session to be -; considered as valid. -; http://php.net/session.referer-check -session.referer_check = - -; Set to {nocache,private,public,} to determine HTTP caching aspects -; or leave this empty to avoid sending anti-caching headers. -; http://php.net/session.cache-limiter -session.cache_limiter = nocache - -; Document expires after n minutes. -; http://php.net/session.cache-expire -session.cache_expire = 180 - -; trans sid support is disabled by default. -; Use of trans sid may risk your users' security. -; Use this option with caution. -; - User may send URL contains active session ID -; to other person via. email/irc/etc. -; - URL that contains active session ID may be stored -; in publicly accessible computer. -; - User may access your site with the same session ID -; always using URL stored in browser's history or bookmarks. -; http://php.net/session.use-trans-sid -session.use_trans_sid = 0 - -; Set session ID character length. This value could be between 22 to 256. -; Shorter length than default is supported only for compatibility reason. -; Users should use 32 or more chars. -; http://php.net/session.sid-length -; Default Value: 32 -; Development Value: 26 -; Production Value: 26 -session.sid_length = 32 - -; The URL rewriter will look for URLs in a defined set of HTML tags. -; is special; if you include them here, the rewriter will -; add a hidden field with the info which is otherwise appended -; to URLs. tag's action attribute URL will not be modified -; unless it is specified. -; Note that all valid entries require a "=", even if no value follows. -; Default Value: "a=href,area=href,frame=src,form=" -; Development Value: "a=href,area=href,frame=src,form=" -; Production Value: "a=href,area=href,frame=src,form=" -; http://php.net/url-rewriter.tags -session.trans_sid_tags = "a=href,area=href,frame=src,form=" - -; URL rewriter does not rewrite absolute URLs by default. -; To enable rewrites for absolute paths, target hosts must be specified -; at RUNTIME. i.e. use ini_set() -; tags is special. PHP will check action attribute's URL regardless -; of session.trans_sid_tags setting. -; If no host is defined, HTTP_HOST will be used for allowed host. -; Example value: php.net,www.php.net,wiki.php.net -; Use "," for multiple hosts. No spaces are allowed. -; Default Value: "" -; Development Value: "" -; Production Value: "" -;session.trans_sid_hosts="" - -; Define how many bits are stored in each character when converting -; the binary hash data to something readable. -; Possible values: -; 4 (4 bits: 0-9, a-f) -; 5 (5 bits: 0-9, a-v) -; 6 (6 bits: 0-9, a-z, A-Z, "-", ",") -; Default Value: 4 -; Development Value: 5 -; Production Value: 5 -; http://php.net/session.hash-bits-per-character -session.sid_bits_per_character = 5 - -; Enable upload progress tracking in $_SESSION -; Default Value: On -; Development Value: On -; Production Value: On -; http://php.net/session.upload-progress.enabled -;session.upload_progress.enabled = On - -; Cleanup the progress information as soon as all POST data has been read -; (i.e. upload completed). -; Default Value: On -; Development Value: On -; Production Value: On -; http://php.net/session.upload-progress.cleanup -;session.upload_progress.cleanup = On - -; A prefix used for the upload progress key in $_SESSION -; Default Value: "upload_progress_" -; Development Value: "upload_progress_" -; Production Value: "upload_progress_" -; http://php.net/session.upload-progress.prefix -;session.upload_progress.prefix = "upload_progress_" - -; The index name (concatenated with the prefix) in $_SESSION -; containing the upload progress information -; Default Value: "PHP_SESSION_UPLOAD_PROGRESS" -; Development Value: "PHP_SESSION_UPLOAD_PROGRESS" -; Production Value: "PHP_SESSION_UPLOAD_PROGRESS" -; http://php.net/session.upload-progress.name -;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS" - -; How frequently the upload progress should be updated. -; Given either in percentages (per-file), or in bytes -; Default Value: "1%" -; Development Value: "1%" -; Production Value: "1%" -; http://php.net/session.upload-progress.freq -;session.upload_progress.freq = "1%" - -; The minimum delay between updates, in seconds -; Default Value: 1 -; Development Value: 1 -; Production Value: 1 -; http://php.net/session.upload-progress.min-freq -;session.upload_progress.min_freq = "1" - -; Only write session data when session data is changed. Enabled by default. -; http://php.net/session.lazy-write -;session.lazy_write = On diff --git a/etc/php84/conf.d/99_soap.ini b/etc/php84/conf.d/99_soap.ini deleted file mode 100644 index c048b3f..0000000 --- a/etc/php84/conf.d/99_soap.ini +++ /dev/null @@ -1,16 +0,0 @@ -[soap] -; Enables or disables WSDL caching feature. -; http://php.net/soap.wsdl-cache-enabled -soap.wsdl_cache_enabled=1 - -; Sets the directory name where SOAP extension will put cache files. -; http://php.net/soap.wsdl-cache-dir -soap.wsdl_cache_dir="/tmp" - -; (time to live) Sets the number of second while cached file will be used -; instead of original one. -; http://php.net/soap.wsdl-cache-ttl -soap.wsdl_cache_ttl=86400 - -; Sets the size of the cache limit. (Max. number of WSDL files to cache) -soap.wsdl_cache_limit = 5 diff --git a/etc/php84/conf.d/99_sqlite3.ini b/etc/php84/conf.d/99_sqlite3.ini deleted file mode 100644 index 1965589..0000000 --- a/etc/php84/conf.d/99_sqlite3.ini +++ /dev/null @@ -1,13 +0,0 @@ -[sqlite3] -; Directory pointing to SQLite3 extensions -; http://php.net/sqlite3.extension-dir -;sqlite3.extension_dir = - -; SQLite defensive mode flag (only available from SQLite 3.26+) -; When the defensive flag is enabled, language features that allow ordinary -; SQL to deliberately corrupt the database file are disabled. This forbids -; writing directly to the schema, shadow tables (eg. FTS data tables), or -; the sqlite_dbpage virtual table. -; https://www.sqlite.org/c3ref/c_dbconfig_defensive.html -; (for older SQLite versions, this flag has no use) -;sqlite3.defensive = 1 diff --git a/etc/php84/conf.d/99_sysvshm.ini b/etc/php84/conf.d/99_sysvshm.ini deleted file mode 100644 index 03da3ab..0000000 --- a/etc/php84/conf.d/99_sysvshm.ini +++ /dev/null @@ -1,3 +0,0 @@ -[sysvshm] -; A default size of the shared memory segment -;sysvshm.init_mem = 10000 diff --git a/etc/php84/conf.d/99_tidy.ini b/etc/php84/conf.d/99_tidy.ini deleted file mode 100644 index 90c5f13..0000000 --- a/etc/php84/conf.d/99_tidy.ini +++ /dev/null @@ -1,10 +0,0 @@ -[Tidy] -; The path to a default tidy configuration file to use when using tidy -; http://php.net/tidy.default-config -;tidy.default_config = /usr/local/lib/php/default.tcfg - -; Should tidy clean and repair output automatically? -; WARNING: Do not use this option if you are generating non-html content -; such as dynamic images -; http://php.net/tidy.clean-output -tidy.clean_output = Off diff --git a/etc/php84/php-fpm.conf b/etc/php84/php-fpm.conf deleted file mode 100644 index 45c625b..0000000 --- a/etc/php84/php-fpm.conf +++ /dev/null @@ -1,143 +0,0 @@ -;;;;;;;;;;;;;;;;;;;;; -; FPM Configuration ; -;;;;;;;;;;;;;;;;;;;;; - -; All relative paths in this configuration file are relative to PHP's install -; prefix (/usr). This prefix can be dynamically changed by using the -; '-p' argument from the command line. - -;;;;;;;;;;;;;;;;;; -; Global Options ; -;;;;;;;;;;;;;;;;;; - -[global] -; Pid file -; Note: the default prefix is /var -; Default Value: none -pid = run/php-fpm.pid - -; Error log file -; If it's set to "syslog", log is sent to syslogd instead of being written -; into a local file. -; Note: the default prefix is /var -; Default Value: log/php-fpm.log -error_log = syslog - -; syslog_facility is used to specify what type of program is logging the -; message. This lets syslogd specify that messages from different facilities -; will be handled differently. -; See syslog(3) for possible values (ex daemon equiv LOG_DAEMON) -; Default Value: daemon -syslog.facility = local2 - -; syslog_ident is prepended to every message. If you have multiple FPM -; instances running on the same server, you can change the default value -; which must suit common needs. -; Default Value: php-fpm -syslog.ident = php-fpm - -; Log level -; Possible Values: alert, error, warning, notice, debug -; Default Value: notice -log_level = notice - -; Log limit on number of characters in the single line (log entry). If the -; line is over the limit, it is wrapped on multiple lines. The limit is for -; all logged characters including message prefix and suffix if present. However -; the new line character does not count into it as it is present only when -; logging to a file descriptor. It means the new line character is not present -; when logging to syslog. -; Default Value: 1024 -;log_limit = 4096 - -; Log buffering specifies if the log line is buffered which means that the -; line is written in a single write operation. If the value is false, then the -; data is written directly into the file descriptor. It is an experimental -; option that can potentionaly improve logging performance and memory usage -; for some heavy logging scenarios. This option is ignored if logging to syslog -; as it has to be always buffered. -; Default value: yes -;log_buffering = no - -; If this number of child processes exit with SIGSEGV or SIGBUS within the time -; interval set by emergency_restart_interval then FPM will restart. A value -; of '0' means 'Off'. -; Default Value: 0 -emergency_restart_threshold = 5 - -; Interval of time used by emergency_restart_interval to determine when -; a graceful restart will be initiated. This can be useful to work around -; accidental corruptions in an accelerator's shared memory. -; Available Units: s(econds), m(inutes), h(ours), or d(ays) -; Default Unit: seconds -; Default Value: 0 -emergency_restart_interval = 10 - -; Time limit for child processes to wait for a reaction on signals from master. -; Available units: s(econds), m(inutes), h(ours), or d(ays) -; Default Unit: seconds -; Default Value: 0 -;process_control_timeout = 0 - -; The maximum number of processes FPM will fork. This has been designed to control -; the global number of processes when using dynamic PM within a lot of pools. -; Use it with caution. -; Note: A value of 0 indicates no limit -; Default Value: 0 -process.max = 16 - -; Specify the nice(2) priority to apply to the master process (only if set) -; The value can vary from -19 (highest priority) to 20 (lowest priority) -; Note: - It will only work if the FPM master process is launched as root -; - The pool process will inherit the master process priority -; unless specified otherwise -; Default Value: no set -process.priority = 0 - -; Send FPM to background. Set to 'no' to keep FPM in foreground for debugging. -; Default Value: yes -;daemonize = yes - -; Set open file descriptor rlimit for the master process. -; Default Value: system defined value -;rlimit_files = 1024 - -; Set max core size rlimit for the master process. -; Possible Values: 'unlimited' or an integer greater or equal to 0 -; Default Value: system defined value -;rlimit_core = 0 - -; Specify the event mechanism FPM will use. The following is available: -; - select (any POSIX os) -; - poll (any POSIX os) -; - epoll (linux >= 2.5.44) -; - kqueue (FreeBSD >= 4.1, OpenBSD >= 2.9, NetBSD >= 2.0) -; - /dev/poll (Solaris >= 7) -; - port (Solaris >= 10) -; Default Value: not set (auto detection) -;events.mechanism = epoll - -; When FPM is built with systemd integration, specify the interval, -; in seconds, between health report notification to systemd. -; Set to 0 to disable. -; Available Units: s(econds), m(inutes), h(ours) -; Default Unit: seconds -; Default value: 10 -;systemd_interval = 10 - -;;;;;;;;;;;;;;;;;;;; -; Pool Definitions ; -;;;;;;;;;;;;;;;;;;;; - -; Multiple pools of child processes may be started with different listening -; ports and different management options. The name of the pool will be -; used in logs and stats. There is no limitation on the number of pools which -; FPM can handle. Your system will tell you anyway :) - -; Include one or more files. If glob(3) exists, it is used to include a bunch of -; files from a glob(3) pattern. This directive can be used everywhere in the -; file. -; Relative path can also be used. They will be prefixed by: -; - the global prefix if it's been set (-p argument) -; - /usr otherwise -include=/etc/php84/php-fpm.d/*.conf diff --git a/etc/php84/php-fpm.d/www.conf b/etc/php84/php-fpm.d/www.conf deleted file mode 100644 index 913dd17..0000000 --- a/etc/php84/php-fpm.d/www.conf +++ /dev/null @@ -1,424 +0,0 @@ -; Start a new pool named 'www'. -; the variable $pool can be used in any directive and will be replaced by the -; pool name ('www' here) -[www] - -; Per pool prefix -; It only applies on the following directives: -; - 'access.log' -; - 'slowlog' -; - 'listen' (unixsocket) -; - 'chroot' -; - 'chdir' -; - 'php_values' -; - 'php_admin_values' -; When not set, the global prefix (or /usr) applies instead. -; Note: This directive can also be relative to the global prefix. -; Default Value: none -;prefix = /path/to/pools/$pool - -; Unix user/group of processes -; Note: The user is mandatory. If the group is not set, the default user's group -; will be used. -user = nobody -group = nobody - -; The address on which to accept FastCGI requests. -; Valid syntaxes are: -; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on -; a specific port; -; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on -; a specific port; -; 'port' - to listen on a TCP socket to all addresses -; (IPv6 and IPv4-mapped) on a specific port; -; '/path/to/unix/socket' - to listen on a unix socket. -; Note: This value is mandatory. -;listen = 127.0.0.1:9000 -listen = /run/php-fpm84/php-fpm.sock - -; Set listen(2) backlog. -; Default Value: 511 (-1 on FreeBSD and OpenBSD) -;listen.backlog = 511 - -; Set permissions for unix socket, if one is used. In Linux, read/write -; permissions must be set in order to allow connections from a web server. Many -; BSD-derived systems allow connections regardless of permissions. -; Default Values: user and group are set as the running user -; mode is set to 0660 -listen.owner = nobody -listen.group = apache -listen.mode = 0660 -; When POSIX Access Control Lists are supported you can set them using -; these options, value is a comma separated list of user/group names. -; When set, listen.owner and listen.group are ignored -;listen.acl_users = -;listen.acl_groups = - -; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. -; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original -; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address -; must be separated by a comma. If this value is left blank, connections will be -; accepted from any ip address. -; Default Value: any -; listen.allowed_clients = 127.0.0.1 - -; Specify the nice(2) priority to apply to the pool processes (only if set) -; The value can vary from -19 (highest priority) to 20 (lower priority) -; Note: - It will only work if the FPM master process is launched as root -; - The pool processes will inherit the master process priority -; unless it specified otherwise -; Default Value: no set -process.priority = 0 - -; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user -; or group is differrent than the master process user. It allows to create process -; core dump and ptrace the process for the pool user. -; Default Value: no -; process.dumpable = yes - -; Choose how the process manager will control the number of child processes. -; Possible Values: -; static - a fixed number (pm.max_children) of child processes; -; dynamic - the number of child processes are set dynamically based on the -; following directives. With this process management, there will be -; always at least 1 children. -; pm.max_children - the maximum number of children that can -; be alive at the same time. -; pm.start_servers - the number of children created on startup. -; pm.min_spare_servers - the minimum number of children in 'idle' -; state (waiting to process). If the number -; of 'idle' processes is less than this -; number then some children will be created. -; pm.max_spare_servers - the maximum number of children in 'idle' -; state (waiting to process). If the number -; of 'idle' processes is greater than this -; number then some children will be killed. -; ondemand - no children are created at startup. Children will be forked when -; new requests will connect. The following parameter are used: -; pm.max_children - the maximum number of children that -; can be alive at the same time. -; pm.process_idle_timeout - The number of seconds after which -; an idle process will be killed. -; Note: This value is mandatory. -pm = dynamic - -; The number of child processes to be created when pm is set to 'static' and the -; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. -; This value sets the limit on the number of simultaneous requests that will be -; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. -; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP -; CGI. The below defaults are based on a server without much resources. Don't -; forget to tweak pm.* to fit your needs. -; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' -; Note: This value is mandatory. -pm.max_children = 8 - -; The number of child processes created on startup. -; Note: Used only when pm is set to 'dynamic' -; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 -pm.start_servers = 2 - -; The desired minimum number of idle server processes. -; Note: Used only when pm is set to 'dynamic' -; Note: Mandatory when pm is set to 'dynamic' -pm.min_spare_servers = 2 - -; The desired maximum number of idle server processes. -; Note: Used only when pm is set to 'dynamic' -; Note: Mandatory when pm is set to 'dynamic' -pm.max_spare_servers = 4 - -; The number of seconds after which an idle process will be killed. -; Note: Used only when pm is set to 'ondemand' -; Default Value: 10s -;pm.process_idle_timeout = 10s; - -; The number of requests each child process should execute before respawning. -; This can be useful to work around memory leaks in 3rd party libraries. For -; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. -; Default Value: 0 -pm.max_requests = 5000 - -; The URI to view the FPM status page. If this value is not set, no URI will be -; recognized as a status page. It shows the following informations: -; pool - the name of the pool; -; process manager - static, dynamic or ondemand; -; start time - the date and time FPM has started; -; start since - number of seconds since FPM has started; -; accepted conn - the number of request accepted by the pool; -; listen queue - the number of request in the queue of pending -; connections (see backlog in listen(2)); -; max listen queue - the maximum number of requests in the queue -; of pending connections since FPM has started; -; listen queue len - the size of the socket queue of pending connections; -; idle processes - the number of idle processes; -; active processes - the number of active processes; -; total processes - the number of idle + active processes; -; max active processes - the maximum number of active processes since FPM -; has started; -; max children reached - number of times, the process limit has been reached, -; when pm tries to start more children (works only for -; pm 'dynamic' and 'ondemand'); -; Value are updated in real time. -; Example output: -; pool: www -; process manager: static -; start time: 01/Jul/2011:17:53:49 +0200 -; start since: 62636 -; accepted conn: 190460 -; listen queue: 0 -; max listen queue: 1 -; listen queue len: 42 -; idle processes: 4 -; active processes: 11 -; total processes: 15 -; max active processes: 12 -; max children reached: 0 -; -; By default the status page output is formatted as text/plain. Passing either -; 'html', 'xml' or 'json' in the query string will return the corresponding -; output syntax. Example: -; http://www.foo.bar/status -; http://www.foo.bar/status?json -; http://www.foo.bar/status?html -; http://www.foo.bar/status?xml -; -; By default the status page only outputs short status. Passing 'full' in the -; query string will also return status for each pool process. -; Example: -; http://www.foo.bar/status?full -; http://www.foo.bar/status?json&full -; http://www.foo.bar/status?html&full -; http://www.foo.bar/status?xml&full -; The Full status returns for each process: -; pid - the PID of the process; -; state - the state of the process (Idle, Running, ...); -; start time - the date and time the process has started; -; start since - the number of seconds since the process has started; -; requests - the number of requests the process has served; -; request duration - the duration in µs of the requests; -; request method - the request method (GET, POST, ...); -; request URI - the request URI with the query string; -; content length - the content length of the request (only with POST); -; user - the user (PHP_AUTH_USER) (or '-' if not set); -; script - the main script called (or '-' if not set); -; last request cpu - the %cpu the last request consumed -; it's always 0 if the process is not in Idle state -; because CPU calculation is done when the request -; processing has terminated; -; last request memory - the max amount of memory the last request consumed -; it's always 0 if the process is not in Idle state -; because memory calculation is done when the request -; processing has terminated; -; If the process is in Idle state, then informations are related to the -; last request the process has served. Otherwise informations are related to -; the current request being served. -; Example output: -; ************************ -; pid: 31330 -; state: Running -; start time: 01/Jul/2011:17:53:49 +0200 -; start since: 63087 -; requests: 12808 -; request duration: 1250261 -; request method: GET -; request URI: /test_mem.php?N=10000 -; content length: 0 -; user: - -; script: /home/fat/web/docs/php/test_mem.php -; last request cpu: 0.00 -; last request memory: 0 -; -; Note: There is a real-time FPM status monitoring sample web page available -; It's available in: /usr/share/fpm/status.html -; -; Note: The value must start with a leading slash (/). The value can be -; anything, but it may not be a good idea to use the .php extension or it -; may conflict with a real PHP file. -; Default Value: not set -;pm.status_path = /status - -; The ping URI to call the monitoring page of FPM. If this value is not set, no -; URI will be recognized as a ping page. This could be used to test from outside -; that FPM is alive and responding, or to -; - create a graph of FPM availability (rrd or such); -; - remove a server from a group if it is not responding (load balancing); -; - trigger alerts for the operating team (24/7). -; Note: The value must start with a leading slash (/). The value can be -; anything, but it may not be a good idea to use the .php extension or it -; may conflict with a real PHP file. -; Default Value: not set -;ping.path = /ping - -; This directive may be used to customize the response of a ping request. The -; response is formatted as text/plain with a 200 response code. -; Default Value: pong -;ping.response = pong - -; The access log file -; Default: not set -;access.log = log/$pool.access.log - -; The access log format. -; The following syntax is allowed -; %%: the '%' character -; %C: %CPU used by the request -; it can accept the following format: -; - %{user}C for user CPU only -; - %{system}C for system CPU only -; - %{total}C for user + system CPU (default) -; %d: time taken to serve the request -; it can accept the following format: -; - %{seconds}d (default) -; - %{miliseconds}d -; - %{mili}d -; - %{microseconds}d -; - %{micro}d -; %e: an environment variable (same as $_ENV or $_SERVER) -; it must be associated with embraces to specify the name of the env -; variable. Some exemples: -; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e -; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e -; %f: script filename -; %l: content-length of the request (for POST request only) -; %m: request method -; %M: peak of memory allocated by PHP -; it can accept the following format: -; - %{bytes}M (default) -; - %{kilobytes}M -; - %{kilo}M -; - %{megabytes}M -; - %{mega}M -; %n: pool name -; %o: output header -; it must be associated with embraces to specify the name of the header: -; - %{Content-Type}o -; - %{X-Powered-By}o -; - %{Transfert-Encoding}o -; - .... -; %p: PID of the child that serviced the request -; %P: PID of the parent of the child that serviced the request -; %q: the query string -; %Q: the '?' character if query string exists -; %r: the request URI (without the query string, see %q and %Q) -; %R: remote IP address -; %s: status (response code) -; %t: server time the request was received -; it can accept a strftime(3) format: -; %d/%b/%Y:%H:%M:%S %z (default) -; The strftime(3) format must be encapsuled in a %{}t tag -; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t -; %T: time the log has been written (the request has finished) -; it can accept a strftime(3) format: -; %d/%b/%Y:%H:%M:%S %z (default) -; The strftime(3) format must be encapsuled in a %{}t tag -; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t -; %u: remote user -; -; Default: "%R - %u %t \"%m %r\" %s" -;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" - -; The log file for slow requests -; Default Value: not set -; Note: slowlog is mandatory if request_slowlog_timeout is set -;slowlog = log/$pool.log.slow - -; The timeout for serving a single request after which a PHP backtrace will be -; dumped to the 'slowlog' file. A value of '0s' means 'off'. -; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) -; Default Value: 0 -;request_slowlog_timeout = 0 - -; Depth of slow log stack trace. -; Default Value: 20 -;request_slowlog_trace_depth = 20 - -; The timeout for serving a single request after which the worker process will -; be killed. This option should be used when the 'max_execution_time' ini option -; does not stop script execution for some reason. A value of '0' means 'off'. -; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) -; Default Value: 0 -request_terminate_timeout = 60 - -; Set open file descriptor rlimit. -; Default Value: system defined value -;rlimit_files = 1024 - -; Set max core size rlimit. -; Possible Values: 'unlimited' or an integer greater or equal to 0 -; Default Value: system defined value -;rlimit_core = 0 - -; Chroot to this directory at the start. This value must be defined as an -; absolute path. When this value is not set, chroot is not used. -; Note: you can prefix with '$prefix' to chroot to the pool prefix or one -; of its subdirectories. If the pool prefix is not set, the global prefix -; will be used instead. -; Note: chrooting is a great security feature and should be used whenever -; possible. However, all PHP paths will be relative to the chroot -; (error_log, sessions.save_path, ...). -; Default Value: not set -;chroot = - -; Chdir to this directory at the start. -; Note: relative path can be used. -; Default Value: current directory or / when chroot -;chdir = /var/www - -; Redirect worker stdout and stderr into main error log. If not set, stdout and -; stderr will be redirected to /dev/null according to FastCGI specs. -; Note: on highloaded environement, this can cause some delay in the page -; process time (several ms). -; Default Value: no -;catch_workers_output = yes - -; Clear environment in FPM workers -; Prevents arbitrary environment variables from reaching FPM worker processes -; by clearing the environment in workers before env vars specified in this -; pool configuration are added. -; Setting to "no" will make all environment variables available to PHP code -; via getenv(), $_ENV and $_SERVER. -; Default Value: yes -;clear_env = no - -; Limits the extensions of the main script FPM will allow to parse. This can -; prevent configuration mistakes on the web server side. You should only limit -; FPM to .php extensions to prevent malicious users to use other extensions to -; execute php code. -; Note: set an empty value to allow all extensions. -; Default Value: .php -security.limit_extensions = .php .phar .phtml - -; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from -; the current environment. -; Default Value: clean env -;env[HOSTNAME] = $HOSTNAME -;env[PATH] = /usr/local/bin:/usr/bin:/bin -;env[TMP] = /tmp -;env[TMPDIR] = /tmp -;env[TEMP] = /tmp - -; Additional php.ini defines, specific to this pool of workers. These settings -; overwrite the values previously defined in the php.ini. The directives are the -; same as the PHP SAPI: -; php_value/php_flag - you can set classic ini defines which can -; be overwritten from PHP call 'ini_set'. -; php_admin_value/php_admin_flag - these directives won't be overwritten by -; PHP call 'ini_set' -; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. - -; Defining 'extension' will load the corresponding shared extension from -; extension_dir. Defining 'disable_functions' or 'disable_classes' will not -; overwrite previously defined php.ini values, but will append the new value -; instead. - -; Note: path INI options can be relative and will be expanded with the prefix -; (pool, global or /usr) - -; Default Value: nothing is defined by default except the values in php.ini and -; specified at startup with the -d argument -;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com -;php_flag[display_errors] = off -;php_admin_value[error_log] = /var/log/fpm-php.www.log -;php_admin_flag[log_errors] = on -;php_admin_value[memory_limit] = 32M diff --git a/etc/php84/php.ini b/etc/php84/php.ini deleted file mode 100644 index 567efca..0000000 --- a/etc/php84/php.ini +++ /dev/null @@ -1,854 +0,0 @@ -[PHP] -;;;;;;;;;;;;;;;;;;;; -; php.ini Options ; -;;;;;;;;;;;;;;;;;;;; -; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini" -; To disable this feature set this option to an empty value -;user_ini.filename = ".user.ini" - -; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes) -;user_ini.cache_ttl = 300 - -;;;;;;;;;;;;;;;;;;;; -; Language Options ; -;;;;;;;;;;;;;;;;;;;; -; Enable the PHP scripting language engine under Apache. -; http://php.net/engine -engine = On - -; This directive determines whether or not PHP will recognize code between -; tags as PHP source which should be processed as such. It is -; generally recommended that should be used and that this feature -; should be disabled, as enabling it may result in issues when generating XML -; documents, however this remains supported for backward compatibility reasons. -; Note that this directive does not control the would work. -; http://php.net/syntax-highlighting -;highlight.string = #DD0000 -;highlight.comment = #FF9900 -;highlight.keyword = #007700 -;highlight.default = #0000BB -;highlight.html = #000000 - -; If enabled, the request will be allowed to complete even if the user aborts -; the request. Consider enabling it if executing long requests, which may end up -; being interrupted by the user or a browser timing out. PHP's default behavior -; is to disable this feature. -; http://php.net/ignore-user-abort -;ignore_user_abort = On - -; Determines the size of the realpath cache to be used by PHP. This value should -; be increased on systems where PHP opens many files to reflect the quantity of -; the file operations performed. -; Note: if open_basedir is set, the cache is disabled -; http://php.net/realpath-cache-size -;realpath_cache_size = 4096k - -; Duration of time, in seconds for which to cache realpath information for a given -; file or directory. For systems with rarely changing files, consider increasing this -; value. -; http://php.net/realpath-cache-ttl -;realpath_cache_ttl = 120 - -; Enables or disables the circular reference collector. -; http://php.net/zend.enable-gc -zend.enable_gc = On - -; If enabled, scripts may be written in encodings that are incompatible with -; the scanner. CP936, Big5, CP949 and Shift_JIS are the examples of such -; encodings. To use this feature, mbstring extension must be enabled. -; Default: Off -;zend.multibyte = Off - -; Allows to set the default encoding for the scripts. This value will be used -; unless "declare(encoding=...)" directive appears at the top of the script. -; Only affects if zend.multibyte is set. -; Default: "" -;zend.script_encoding = - -; Allows to include or exclude arguments from stack traces generated for exceptions. -; In production, it is recommended to turn this setting on to prohibit the output -; of sensitive information in stack traces -; Default: Off -zend.exception_ignore_args = On - -;;;;;;;;;;;;;;;;; -; Miscellaneous ; -;;;;;;;;;;;;;;;;; -; Decides whether PHP may expose the fact that it is installed on the server -; (e.g. by adding its signature to the Web server header). It is no security -; threat in any way, but it makes it possible to determine whether you use PHP -; on your server or not. -; http://php.net/expose-php -expose_php = On - -;;;;;;;;;;;;;;;;;;; -; Resource Limits ; -;;;;;;;;;;;;;;;;;;; -; Maximum execution time of each script, in seconds -; http://php.net/max-execution-time -; Note: This directive is hardcoded to 0 for the CLI SAPI -max_execution_time = 45 - -; Maximum amount of time each script may spend parsing request data. It's a good -; idea to limit this time on productions servers in order to eliminate unexpectedly -; long running scripts. -; Note: This directive is hardcoded to -1 for the CLI SAPI -; Default Value: -1 (Unlimited) -; Development Value: 60 (60 seconds) -; Production Value: 60 (60 seconds) -; http://php.net/max-input-time -max_input_time = 30 - -; Maximum input variable nesting level -; http://php.net/max-input-nesting-level -;max_input_nesting_level = 64 - -; How many GET/POST/COOKIE input variables may be accepted -;max_input_vars = 1000 - -; Maximum amount of memory a script may consume -; http://php.net/memory-limit -memory_limit = 1024M - -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; Error handling and logging ; -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; This directive informs PHP of which errors, warnings and notices you would like -; it to take action for. The recommended way of setting values for this -; directive is through the use of the error level constants and bitwise -; operators. The error level constants are below here for convenience as well as -; some common settings and their meanings. -; By default, PHP is set to take action on all errors, notices and warnings EXCEPT -; those related to E_NOTICE and E_STRICT, which together cover best practices and -; recommended coding standards in PHP. For performance reasons, this is the -; recommend error reporting setting. Your production server shouldn't be wasting -; resources complaining about best practices and coding standards. That's what -; development servers and development settings are for. -; Note: The php.ini-development file has this setting as E_ALL. This -; means it pretty much reports everything which is exactly what you want during -; development and early testing. -; -; Error Level Constants: -; E_ALL - All errors and warnings (includes E_STRICT as of PHP 5.4.0) -; E_ERROR - fatal run-time errors -; E_RECOVERABLE_ERROR - almost fatal run-time errors -; E_WARNING - run-time warnings (non-fatal errors) -; E_PARSE - compile-time parse errors -; E_NOTICE - run-time notices (these are warnings which often result -; from a bug in your code, but it's possible that it was -; intentional (e.g., using an uninitialized variable and -; relying on the fact it is automatically initialized to an -; empty string) -; E_STRICT - run-time notices, enable to have PHP suggest changes -; to your code which will ensure the best interoperability -; and forward compatibility of your code -; E_CORE_ERROR - fatal errors that occur during PHP's initial startup -; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's -; initial startup -; E_COMPILE_ERROR - fatal compile-time errors -; E_COMPILE_WARNING - compile-time warnings (non-fatal errors) -; E_USER_ERROR - user-generated error message -; E_USER_WARNING - user-generated warning message -; E_USER_NOTICE - user-generated notice message -; E_DEPRECATED - warn about code that will not work in future versions -; of PHP -; E_USER_DEPRECATED - user-generated deprecation warnings -; -; Common Values: -; E_ALL (Show all errors, warnings and notices including coding standards.) -; E_ALL & ~E_NOTICE (Show all errors, except for notices) -; E_ALL & ~E_NOTICE & ~E_STRICT (Show all errors, except for notices and coding standards warnings.) -; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors) -; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED -; Development Value: E_ALL -; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT -; http://php.net/error-reporting -error_reporting = E_ALL & ~E_NOTICE & ~E_DEPRECATED & ~E_STRICT - -; This directive controls whether or not and where PHP will output errors, -; notices and warnings too. Error output is very useful during development, but -; it could be very dangerous in production environments. Depending on the code -; which is triggering the error, sensitive information could potentially leak -; out of your application such as database usernames and passwords or worse. -; For production environments, we recommend logging errors rather than -; sending them to STDOUT. -; Possible Values: -; Off = Do not display any errors -; stderr = Display errors to STDERR (affects only CGI/CLI binaries!) -; On or stdout = Display errors to STDOUT -; Default Value: On -; Development Value: On -; Production Value: Off -; http://php.net/display-errors -display_errors = Off - -; The display of errors which occur during PHP's startup sequence are handled -; separately from display_errors. PHP's default behavior is to suppress those -; errors from clients. Turning the display of startup errors on can be useful in -; debugging configuration problems. We strongly recommend you -; set this to 'off' for production servers. -; Default Value: Off -; Development Value: On -; Production Value: Off -; http://php.net/display-startup-errors -display_startup_errors = Off - -; Besides displaying errors, PHP can also log errors to locations such as a -; server-specific log, STDERR, or a location specified by the error_log -; directive found below. While errors should not be displayed on productions -; servers they should still be monitored and logging is a great way to do that. -; Default Value: Off -; Development Value: On -; Production Value: On -; http://php.net/log-errors -log_errors = On - -; Set maximum length of log_errors. In error_log information about the source is -; added. The default is 1024 and 0 allows to not apply any maximum length at all. -; http://php.net/log-errors-max-len -log_errors_max_len = 1024 - -; Do not log repeated messages. Repeated errors must occur in same file on same -; line unless ignore_repeated_source is set true. -; http://php.net/ignore-repeated-errors -ignore_repeated_errors = Off - -; Ignore source of message when ignoring repeated messages. When this setting -; is On you will not log errors with repeated messages from different files or -; source lines. -; http://php.net/ignore-repeated-source -ignore_repeated_source = Off - -; If this parameter is set to Off, then memory leaks will not be shown (on -; stdout or in the log). This is only effective in a debug compile, and if -; error reporting includes E_WARNING in the allowed list -; http://php.net/report-memleaks -report_memleaks = On - -; This setting is on by default. -;report_zend_debug = 0 - -; Store the last error/warning message in $php_errormsg (boolean). Setting this value -; to On can assist in debugging and is appropriate for development servers. It should -; however be disabled on production servers. -; This directive is DEPRECATED. -; Default Value: Off -; Development Value: Off -; Production Value: Off -; http://php.net/track-errors -;track_errors = Off - -; Turn off normal error reporting and emit XML-RPC error XML -; http://php.net/xmlrpc-errors -;xmlrpc_errors = 0 - -; An XML-RPC faultCode -;xmlrpc_error_number = 0 - -; When PHP displays or logs an error, it has the capability of formatting the -; error message as HTML for easier reading. This directive controls whether -; the error message is formatted as HTML or not. -; Note: This directive is hardcoded to Off for the CLI SAPI -; http://php.net/html-errors -;html_errors = On - -; If html_errors is set to On *and* docref_root is not empty, then PHP -; produces clickable error messages that direct to a page describing the error -; or function causing the error in detail. -; You can download a copy of the PHP manual from http://php.net/docs -; and change docref_root to the base URL of your local copy including the -; leading '/'. You must also specify the file extension being used including -; the dot. PHP's default behavior is to leave these settings empty, in which -; case no links to documentation are generated. -; Note: Never use this feature for production boxes. -; http://php.net/docref-root -; Examples -;docref_root = "/phpmanual/" - -; http://php.net/docref-ext -;docref_ext = .html - -; String to output before an error message. PHP's default behavior is to leave -; this setting blank. -; http://php.net/error-prepend-string -; Example: -;error_prepend_string = "" - -; String to output after an error message. PHP's default behavior is to leave -; this setting blank. -; http://php.net/error-append-string -; Example: -;error_append_string = "" - -; Log errors to specified file. PHP's default behavior is to leave this value -; empty. -; http://php.net/error-log -; Example: -;error_log = php_errors.log -; Log errors to syslog (Event Log on Windows). -error_log = syslog - -; The syslog ident is a string which is prepended to every message logged -; to syslog. Only used when error_log is set to syslog. -syslog.ident = php - -; The syslog facility is used to specify what type of program is logging -; the message. Only used when error_log is set to syslog. -syslog.facility = local2 - -; Set this to disable filtering control characters (the default). -; Some loggers only accept NVT-ASCII, others accept anything that's not -; control characters. If your logger accepts everything, then no filtering -; is needed at all. -; Allowed values are: -; ascii (all printable ASCII characters and NL) -; no-ctrl (all characters except control characters) -; all (all characters) -; raw (like "all", but messages are not split at newlines) -; http://php.net/syslog.filter -syslog.filter = ascii - -;windows.show_crt_warning -; Default value: 0 -; Development value: 0 -; Production value: 0 - -;;;;;;;;;;;;;;;;; -; Data Handling ; -;;;;;;;;;;;;;;;;; -; The separator used in PHP generated URLs to separate arguments. -; PHP's default setting is "&". -; http://php.net/arg-separator.output -; Example: -;arg_separator.output = "&" - -; List of separator(s) used by PHP to parse input URLs into variables. -; PHP's default setting is "&". -; NOTE: Every character in this directive is considered as separator! -; http://php.net/arg-separator.input -; Example: -;arg_separator.input = ";&" - -; This directive determines which super global arrays are registered when PHP -; starts up. G,P,C,E & S are abbreviations for the following respective super -; globals: GET, POST, COOKIE, ENV and SERVER. There is a performance penalty -; paid for the registration of these arrays and because ENV is not as commonly -; used as the others, ENV is not recommended on productions servers. You -; can still get access to the environment variables through getenv() should you -; need to. -; Default Value: "EGPCS" -; Development Value: "GPCS" -; Production Value: "GPCS"; -; http://php.net/variables-order -variables_order = "GPCS" - -; This directive determines which super global data (G,P & C) should be -; registered into the super global array REQUEST. If so, it also determines -; the order in which that data is registered. The values for this directive -; are specified in the same manner as the variables_order directive, -; EXCEPT one. Leaving this value empty will cause PHP to use the value set -; in the variables_order directive. It does not mean it will leave the super -; globals array REQUEST empty. -; Default Value: None -; Development Value: "GP" -; Production Value: "GP" -; http://php.net/request-order -request_order = "GP" - -; This directive determines whether PHP registers $argv & $argc each time it -; runs. $argv contains an array of all the arguments passed to PHP when a script -; is invoked. $argc contains an integer representing the number of arguments -; that were passed when the script was invoked. These arrays are extremely -; useful when running scripts from the command line. When this directive is -; enabled, registering these variables consumes CPU cycles and memory each time -; a script is executed. For performance reasons, this feature should be disabled -; on production servers. -; Note: This directive is hardcoded to On for the CLI SAPI -; Default Value: On -; Development Value: Off -; Production Value: Off -; http://php.net/register-argc-argv -register_argc_argv = Off - -; When enabled, the ENV, REQUEST and SERVER variables are created when they're -; first used (Just In Time) instead of when the script starts. If these -; variables are not used within a script, having this directive on will result -; in a performance gain. The PHP directive register_argc_argv must be disabled -; for this directive to have any effect. -; http://php.net/auto-globals-jit -auto_globals_jit = On - -; Whether PHP will read the POST data. -; This option is enabled by default. -; Most likely, you won't want to disable this option globally. It causes $_POST -; and $_FILES to always be empty; the only way you will be able to read the -; POST data will be through the php://input stream wrapper. This can be useful -; to proxy requests or to process the POST data in a memory efficient fashion. -; http://php.net/enable-post-data-reading -;enable_post_data_reading = Off - -; Maximum size of POST data that PHP will accept. -; Its value may be 0 to disable the limit. It is ignored if POST data reading -; is disabled through enable_post_data_reading. -; http://php.net/post-max-size -post_max_size = 8M - -; Automatically add files before PHP document. -; http://php.net/auto-prepend-file -auto_prepend_file = - -; Automatically add files after PHP document. -; http://php.net/auto-append-file -auto_append_file = - -; By default, PHP will output a media type using the Content-Type header. To -; disable this, simply set it to be empty. -; PHP's built-in default media type is set to text/html. -; http://php.net/default-mimetype -default_mimetype = "text/html" - -; PHP's default character set is set to UTF-8. -; http://php.net/default-charset -default_charset = "UTF-8" - -; PHP internal character encoding is set to empty. -; If empty, default_charset is used. -; http://php.net/internal-encoding -;internal_encoding = - -; PHP input character encoding is set to empty. -; If empty, default_charset is used. -; http://php.net/input-encoding -;input_encoding = - -; PHP output character encoding is set to empty. -; If empty, default_charset is used. -; See also output_buffer. -; http://php.net/output-encoding -;output_encoding = - -;;;;;;;;;;;;;;;;;;;;;;;;; -; Paths and Directories ; -;;;;;;;;;;;;;;;;;;;;;;;;; -; PHP's default setting for include_path is ".;/path/to/php/pear" -; http://php.net/include-path -;include_path = ".:/php/includes" - -; The root of the PHP pages, used only if nonempty. -; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root -; if you are running php as a CGI under any web server (other than IIS) -; see documentation for security issues. The alternate is to use the -; cgi.force_redirect configuration below -; http://php.net/doc-root -;doc_root = - -; The directory under which PHP opens the script using /~username used only -; if nonempty. -; http://php.net/user-dir -;user_dir = - -; Directory in which the loadable extensions (modules) reside. -; http://php.net/extension-dir -;extension_dir = "./" - -; Directory where the temporary files should be placed. -; Defaults to the system default (see sys_get_temp_dir) -;sys_temp_dir = "/tmp" - -; Whether or not to enable the dl() function. The dl() function does NOT work -; properly in multithreaded servers, such as IIS or Zeus, and is automatically -; disabled on them. -; http://php.net/enable-dl -enable_dl = Off - -; cgi.force_redirect is necessary to provide security running PHP as a CGI under -; most web servers. Left undefined, PHP turns this on by default. You can -; turn it off here AT YOUR OWN RISK -; **You CAN safely turn this off for IIS, in fact, you MUST.** -; http://php.net/cgi.force-redirect -;cgi.force_redirect = 1 - -; if cgi.nph is enabled it will force cgi to always sent Status: 200 with -; every request. PHP's default behavior is to disable this feature. -;cgi.nph = 1 - -; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape -; (iPlanet) web servers, you MAY need to set an environment variable name that PHP -; will look for to know it is OK to continue execution. Setting this variable MAY -; cause security issues, KNOW WHAT YOU ARE DOING FIRST. -; http://php.net/cgi.redirect-status-env -;cgi.redirect_status_env = - -; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's -; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok -; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting -; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting -; of zero causes PHP to behave as before. Default is 1. You should fix your scripts -; to use SCRIPT_FILENAME rather than PATH_TRANSLATED. -; http://php.net/cgi.fix-pathinfo -;cgi.fix_pathinfo=1 - -; if cgi.discard_path is enabled, the PHP CGI binary can safely be placed outside -; of the web tree and people will not be able to circumvent .htaccess security. -;cgi.discard_path=1 - -; FastCGI under IIS supports the ability to impersonate -; security tokens of the calling client. This allows IIS to define the -; security context that the request runs under. mod_fastcgi under Apache -; does not currently support this feature (03/17/2002) -; Set to 1 if running under IIS. Default is zero. -; http://php.net/fastcgi.impersonate -;fastcgi.impersonate = 1 - -; Disable logging through FastCGI connection. PHP's default behavior is to enable -; this feature. -;fastcgi.logging = 0 - -; cgi.rfc2616_headers configuration option tells PHP what type of headers to -; use when sending HTTP response code. If set to 0, PHP sends Status: header that -; is supported by Apache. When this option is set to 1, PHP will send -; RFC2616 compliant header. -; Default is zero. -; http://php.net/cgi.rfc2616-headers -;cgi.rfc2616_headers = 0 - -; cgi.check_shebang_line controls whether CGI PHP checks for line starting with #! -; (shebang) at the top of the running script. This line might be needed if the -; script support running both as stand-alone script and via PHP CGI<. PHP in CGI -; mode skips this line and ignores its content if this directive is turned on. -; http://php.net/cgi.check-shebang-line -;cgi.check_shebang_line=1 - -;;;;;;;;;;;;;;;; -; File Uploads ; -;;;;;;;;;;;;;;;; -; Whether to allow HTTP file uploads. -; http://php.net/file-uploads -file_uploads = On - -; Temporary directory for HTTP uploaded files (will use system default if not -; specified). -; http://php.net/upload-tmp-dir -upload_tmp_dir = /var/lib/php/uploads - -; Maximum allowed size for uploaded files. -; http://php.net/upload-max-filesize -upload_max_filesize = 20M - -; Maximum number of files that can be uploaded via a single request -max_file_uploads = 20 - -;;;;;;;;;;;;;;;;;; -; Fopen wrappers ; -;;;;;;;;;;;;;;;;;; -; Whether to allow the treatment of URLs (like http:// or ftp://) as files. -; http://php.net/allow-url-fopen -allow_url_fopen = On - -; Whether to allow include/require to open URLs (like http:// or ftp://) as files. -; http://php.net/allow-url-include -allow_url_include = Off - -; Define the anonymous ftp password (your email address). PHP's default setting -; for this is empty. -; http://php.net/from -;from="john@doe.com" - -; Define the User-Agent string. PHP's default setting for this is empty. -; http://php.net/user-agent -;user_agent="PHP" - -; Default timeout for socket based streams (seconds) -; http://php.net/default-socket-timeout -default_socket_timeout = 60 - -; If your scripts have to deal with files from Macintosh systems, -; or you are running on a Mac and need to deal with files from -; unix or win32 systems, setting this flag will cause PHP to -; automatically detect the EOL character in those files so that -; fgets() and file() will work regardless of the source of the file. -; http://php.net/auto-detect-line-endings -;auto_detect_line_endings = Off - -[Assertion] -; Switch whether to compile assertions at all (to have no overhead at run-time) -; -1: Do not compile at all -; 0: Jump over assertion at run-time -; 1: Execute assertions -; Changing from or to a negative value is only possible in php.ini! (For turning assertions on and off at run-time, see assert.active, when zend.assertions = 1) -; Default Value: 1 -; Development Value: 1 -; Production Value: -1 -; http://php.net/zend.assertions -zend.assertions = -1 - -; Assert(expr); active by default. -; http://php.net/assert.active -;assert.active = On - -; Throw an AssertionError on failed assertions -; http://php.net/assert.exception -;assert.exception = On - -; Issue a PHP warning for each failed assertion. (Overridden by assert.exception if active) -; http://php.net/assert.warning -;assert.warning = On - -; Don't bail out by default. -; http://php.net/assert.bail -;assert.bail = Off - -; User-function to be called if an assertion fails. -; http://php.net/assert.callback -;assert.callback = 0 - -; Eval the expression with current error_reporting(). Set to true if you want -; error_reporting(0) around the eval(). -; http://php.net/assert.quiet-eval -;assert.quiet_eval = 0 - -[browscap] -; http://php.net/browscap -;browscap = extra/browscap.ini - -[CLI Server] -; Whether the CLI web server uses ANSI color coding in its terminal output. -cli_server.color = On - -[Date] -; Defines the default timezone used by the date functions -; http://php.net/date.timezone -date.timezone = UTC - -; http://php.net/date.default-latitude -;date.default_latitude = 31.7667 - -; http://php.net/date.default-longitude -;date.default_longitude = 35.2333 - -; http://php.net/date.sunrise-zenith -;date.sunrise_zenith = 90.583333 - -; http://php.net/date.sunset-zenith -;date.sunset_zenith = 90.583333 - - -;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; Built-In Module Settings ; -;;;;;;;;;;;;;;;;;;;;;;;;;;;; - -[COM] -; path to a file containing GUIDs, IIDs or filenames of files with TypeLibs -; http://php.net/com.typelib-file -;com.typelib_file = - -; allow Distributed-COM calls -; http://php.net/com.allow-dcom -;com.allow_dcom = true - -; autoregister constants of a component's typlib on com_load() -; http://php.net/com.autoregister-typelib -;com.autoregister_typelib = true - -; register constants casesensitive -; http://php.net/com.autoregister-casesensitive -;com.autoregister_casesensitive = false - -; show warnings on duplicate constant registrations -; http://php.net/com.autoregister-verbose -;com.autoregister_verbose = true - -; The default character set code-page to use when passing strings to and from COM objects. -; Default: system ANSI code page -;com.code_page= - -[ffi] -; FFI API restriction. Possible values: -; "preload" - enabled in CLI scripts and preloaded files (default) -; "false" - always disabled -; "true" - always enabled -;ffi.enable=preload - -; List of headers files to preload, wildcard patterns allowed. -;ffi.preload= - -[filter] -; http://php.net/filter.default -;filter.default = unsafe_raw - -; http://php.net/filter.default-flags -;filter.default_flags = - -[mail function] -; You may supply arguments as well (default: "sendmail -t -i"). -; http://php.net/sendmail-path -;sendmail_path = "/usr/sbin/sendmail -f 'noreply@slackware.uk' -t" - -; Force the addition of the specified parameters to be passed as extra parameters -; to the sendmail binary. These parameters will always replace the value of -; the 5th parameter to mail(). -;mail.force_extra_parameters = - -; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename -mail.add_x_header = Off - -; The path to a log file that will log all mail() calls. Log entries include -; the full path of the script, line number, To address and headers. -;mail.log = -; Log mail to syslog (Event Log on Windows). -;mail.log = syslog - -[Pcre] -; PCRE library backtracking limit. -; http://php.net/pcre.backtrack-limit -;pcre.backtrack_limit=100000 - -; PCRE library recursion limit. -; Please note that if you set this value to a high number you may consume all -; the available process stack and eventually crash PHP (due to reaching the -; stack size limit imposed by the Operating System). -; http://php.net/pcre.recursion-limit -;pcre.recursion_limit=100000 - -; Enables or disables JIT compilation of patterns. This requires the PCRE -; library to be compiled with JIT support. -;pcre.jit=1 From 8556a9836ad1616074dfb61d019e4dd8e093ad06 Mon Sep 17 00:00:00 2001 From: Darren 'Tadgy' Austin Date: Wed, 29 Oct 2025 16:58:41 +0000 Subject: [PATCH 12/26] Add/update .git* files --- .gitattributesdb | 3 --- etc/.gitignore | 1 - root/.gitignore | 1 + srv/dehydrated/.gitkeepdir | 0 var/lib/php/sessions/.gitkeepdir | 0 var/lib/php/uploads/.gitkeepdir | 0 6 files changed, 1 insertion(+), 4 deletions(-) delete mode 100644 srv/dehydrated/.gitkeepdir delete mode 100644 var/lib/php/sessions/.gitkeepdir delete mode 100644 var/lib/php/uploads/.gitkeepdir diff --git a/.gitattributesdb b/.gitattributesdb index 26cf4c8..00db597 100644 --- a/.gitattributesdb +++ b/.gitattributesdb @@ -106,11 +106,8 @@ cm9vdC8ubG9jYWwvc2hhcmUvbmFuby8uZ2l0aWdub3Jl 1757586210 1757586210 root:root 064 cm9vdC8ubmFub3Jj 1757585756 1757585756 root:root 0644 - - cm9vdC8uc3NoLy5naXRpZ25vcmU= 1757593349 1757593349 root:root 0644 - - cm9vdC8uc3NoL2F1dGhvcml6ZWRfa2V5cw== 1757587611 1757587611 root:root 0644 - - -c3J2L2RlaHlkcmF0ZWQvLmdpdGtlZXBkaXI= - - dmFyLy5naXRpZ25vcmU= 1758288612 1758288560 root:root 0644 - - dmFyL2xpYi8uZ2l0aWdub3Jl 1758288797 1758288764 root:root 0644 - - -dmFyL2xpYi9waHAvc2Vzc2lvbnMvLmdpdGtlZXBkaXI= - - -dmFyL2xpYi9waHAvdXBsb2Fkcy8uZ2l0a2VlcGRpcg== - - ZXRjL2RvYXMuY29uZg== 1728635393 1728635393 root:root 0640 - - ZXRjL2RvYXMuZA== 1757595612 1757595612 root:root 0750 - - ZXRjL3NoYWRvdw== 1761056398 1761056398 root:shadow 0640 - - diff --git a/etc/.gitignore b/etc/.gitignore index c3faf22..6eaf268 100644 --- a/etc/.gitignore +++ b/etc/.gitignore @@ -42,7 +42,6 @@ /shadow /shadow- /shells -/ssl/ /ssl1.1/ /sudo.conf /sudo_logsrvd.conf diff --git a/root/.gitignore b/root/.gitignore index 589f81f..64fb34d 100644 --- a/root/.gitignore +++ b/root/.gitignore @@ -4,5 +4,6 @@ !/.*/** /.bash_history* +/.composer/ /.gnupg/ /.nano_history diff --git a/srv/dehydrated/.gitkeepdir b/srv/dehydrated/.gitkeepdir deleted file mode 100644 index e69de29..0000000 diff --git a/var/lib/php/sessions/.gitkeepdir b/var/lib/php/sessions/.gitkeepdir deleted file mode 100644 index e69de29..0000000 diff --git a/var/lib/php/uploads/.gitkeepdir b/var/lib/php/uploads/.gitkeepdir deleted file mode 100644 index e69de29..0000000 From 0904a68ff6a48411990516bc44ac15552e8029e5 Mon Sep 17 00:00:00 2001 From: Darren 'Tadgy' Austin Date: Wed, 29 Oct 2025 16:59:42 +0000 Subject: [PATCH 13/26] Update http configs. --- etc/apache2/httpd.conf | 23 +++++++++++-------- .../sites.d/core.slackware.uk.net.conf | 17 ++++++++++++++ 2 files changed, 31 insertions(+), 9 deletions(-) diff --git a/etc/apache2/httpd.conf b/etc/apache2/httpd.conf index 4d7c941..ed7bf31 100644 --- a/etc/apache2/httpd.conf +++ b/etc/apache2/httpd.conf @@ -38,6 +38,9 @@ LoadModule authn_file_module /usr/lib/apache2/mod_authn_file.so LoadModule authz_core_module /usr/lib/apache2/mod_authz_core.so LoadModule authz_user_module /usr/lib/apache2/mod_authz_user.so +# Custom headers. +LoadModule headers_module /usr/lib/apache2/mod_headers.so + # Proxying. # # LoadModule proxy_module /usr/lib/apache2/mod_proxy.so @@ -66,7 +69,7 @@ ServerSignature Email ServerTokens Major User apache Group apache -DefaultRuntimeDir /run/apache2 +DefaultRuntimeDir /run Mutex pthread ScriptSock cgid.sock @@ -119,6 +122,16 @@ BrowserMatch "MSIE [2-5]" nokeepalive downgrade-1.0 force-response-1.0 +# PHP. + + DirectoryIndex index.php index.phtml + + + SetHandler proxy:unix:/run/php-fpm83/php-fpm.sock|fcgi://localhost/ + + + + # Filters and Handlers. AddOutputFilter INCLUDES .shtml .html @@ -195,14 +208,6 @@ Alias /.well-known/acme-challenge/ /srv/dehydrated/ SSLOptions +StdEnvVars - - - DirectoryIndex index.php index.phtml - - - SetHandler proxy:unix:/run/php-fpm84/php-fpm.sock|fcgi://localhost/ - - diff --git a/etc/apache2/sites.d/core.slackware.uk.net.conf b/etc/apache2/sites.d/core.slackware.uk.net.conf index 9712618..2b9c4a0 100644 --- a/etc/apache2/sites.d/core.slackware.uk.net.conf +++ b/etc/apache2/sites.d/core.slackware.uk.net.conf @@ -1,3 +1,17 @@ + + Options FollowSymlinks + AllowOverride None + Require all granted + + + + # include /etc/fusiondirectory/fusiondirectory.secrets + + AllowOverride None + Require all granted + AddType application/wasm .wasm + + ServerName core.slackware.uk.net @@ -23,5 +37,8 @@ ScriptAlias /cgi-bin/ /data/sites/core.slackware.uk.net/cgi-bin/ DocumentRoot /data/sites/core.slackware.uk.net/html + + Alias /fd /srv/fusiondirectory/html + Alias /pla /srv/pla From 6460bfd7bce008cfc483fdff249c7a3113f10cd5 Mon Sep 17 00:00:00 2001 From: Darren 'Tadgy' Austin Date: Wed, 29 Oct 2025 17:00:48 +0000 Subject: [PATCH 14/26] network/interfaces config. --- etc/network/interfaces | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/etc/network/interfaces b/etc/network/interfaces index e6c1cfb..454ff20 100644 --- a/etc/network/interfaces +++ b/etc/network/interfaces @@ -2,13 +2,13 @@ auto eth0 iface eth0 inet static address 5.101.171.215/28 gateway 5.101.171.209 - mtu 9000 + mtu 1500 iface eth0 inet6 static address 2a01:a500:2981:1::d7/64 gateway 2a01:a500:2981:1:ff:ff:ff:ff - mtu 9000 + mtu 1500 auto eth1 iface eth1 inet static address 10.254.0.215/24 - mtu 9000 + mtu 1500 From 017e2406a8a0b15635918e3ff74ec4a0a3ad343b Mon Sep 17 00:00:00 2001 From: Darren 'Tadgy' Austin Date: Wed, 29 Oct 2025 17:01:12 +0000 Subject: [PATCH 15/26] Update pkglist. --- etc/pkglist | 73 +++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 59 insertions(+), 14 deletions(-) diff --git a/etc/pkglist b/etc/pkglist index 9b29fca..f13153d 100644 --- a/etc/pkglist +++ b/etc/pkglist @@ -1,3 +1,4 @@ +7zip acl acl-libs alpine-base @@ -6,6 +7,7 @@ alpine-baselayout-data alpine-conf alpine-keys alpine-release +aom-libs apache2 apache2-ctl apache2-http2 @@ -27,12 +29,20 @@ busybox-mdev-openrc busybox-openrc busybox-suid c-ares +c-client ca-certificates-bundle +composer cups-libs curl dbus-libs doas +fftw-double-libs +fontconfig +freetype gdbm +gettext +gettext-envsubst +gettext-libs git git-init-template gmp @@ -45,24 +55,29 @@ gpg-agent icu-data-en icu-libs ifupdown-ng +imagemagick +imagemagick-libs iptables iptables-openrc jansson keyutils-libs krb5-conf krb5-libs +lcms2 ldb libapk2 libarchive libassuan libattr libauth-samba +libavif libbsd libbz2 libcap2 libcom_err libcrypto3 libcurl +libdav1d libedit libestr libexpat @@ -71,23 +86,31 @@ libffi libformw libgcc libgcrypt +libgomp libgpg-error libgsasl +libice libidn libidn2 libintl +libjpeg-turbo libksba libldap liblockfile +libltdl libmd libmnl libncursesw libnftnl libpanelw +libpng libproc2 libpsl libsasl +libsharpyuv +libsm libsmbclient +libsodium libssl3 libstdc++ libtasn1 @@ -96,8 +119,18 @@ liburing libuuid libverto libwbclient +libwebp +libx11 +libxau +libxcb +libxdmcp +libxext libxml2 +libxpm +libxt libxtables +libyuv +libzip linux-pam lmdb lynx @@ -114,6 +147,7 @@ ncurses-terminfo-base nettle nghttp2-libs npth +oniguruma openldap-clients openrc openrc-user @@ -128,20 +162,31 @@ openssh-sftp-server openssl p11-kit pcre2 -php84 -php84-bcmath -php84-common -php84-curl -php84-fpm -php84-gettext -php84-gmp -php84-intl -php84-ldap -php84-opcache -php84-openssl -php84-session -php84-sqlite3 -php84-xml +php83 +php83-bcmath +php83-bz2 +php83-common +php83-curl +php83-fpm +php83-gd +php83-gettext +php83-gmp +php83-iconv +php83-imap +php83-intl +php83-ldap +php83-mbstring +php83-opcache +php83-openssl +php83-pecl-imagick +php83-phar +php83-posix +php83-session +php83-simplexml +php83-sodium +php83-sqlite3 +php83-xml +php83-zip pinentry popt procps-ng From 4db0bd143af71b25d9935d3811a5bb478f8c7a3f Mon Sep 17 00:00:00 2001 From: Darren 'Tadgy' Austin Date: Wed, 29 Oct 2025 17:04:09 +0000 Subject: [PATCH 16/26] New samba configs. --- etc/init.d/samba | 2 +- etc/samba/smb.conf | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/etc/init.d/samba b/etc/init.d/samba index 8027985..8c701f2 100755 --- a/etc/init.d/samba +++ b/etc/init.d/samba @@ -19,7 +19,7 @@ start_pre() { start_samba() { start-stop-daemon --start --quiet --exec /usr/sbin/samba -- \ - ${samba_options:-"-D" "-l" "/var/log/core.slackware.uk.net/today/samba"} + ${samba_options:-"-D"} } stop_samba() { diff --git a/etc/samba/smb.conf b/etc/samba/smb.conf index 429ccfe..5f73988 100644 --- a/etc/samba/smb.conf +++ b/etc/samba/smb.conf @@ -10,9 +10,9 @@ tls cafile = /etc/ssl/certs/ca-certificates.crt tls certfile = /etc/certificates/core.slackware.uk.net_cert.pem tls keyfile = /etc/certificates/core.slackware.uk.net_key.pem tls verify peer = ca_and_name_if_available -log level = 2 +log level = 1 logging = syslog:local5 -log file = /var/log/core.slackware.uk.net/today/samba/samba +log file = /var/log/core.slackware.uk.net/today/samba/samba-debug debug syslog format = always debug hires timestamp = yes enable core files = no From a312a4d12dbbc00cf76fe37218d20415657c29f4 Mon Sep 17 00:00:00 2001 From: Darren 'Tadgy' Austin Date: Wed, 29 Oct 2025 17:04:49 +0000 Subject: [PATCH 17/26] Update .bashrcs. --- home/sysadmin/.bashrc | 6 ++++-- root/.bashrc | 6 ++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/home/sysadmin/.bashrc b/home/sysadmin/.bashrc index c6e8906..7fcb2ed 100644 --- a/home/sysadmin/.bashrc +++ b/home/sysadmin/.bashrc @@ -43,8 +43,10 @@ hash ps grep >/dev/null 2>&1 && psgrep() { hash ls >/dev/null 2>&1 && alias ls='ls -Fv --color=always' hash nc >/dev/null 2>&1 && alias pastebin='nc termbin.com 9999' -echo -ne "\e[2q" -echo -e "\e]12;#00FF00" +[[ -z "$SSH_TTY" ]] && { + echo -ne "\e[2q" + echo -e "\e]12;#00FF00" +} for FILE in "$HOME"/.bashrc.d/*; do [[ -x "$FILE" ]] && source "$FILE" diff --git a/root/.bashrc b/root/.bashrc index c6e8906..7fcb2ed 100644 --- a/root/.bashrc +++ b/root/.bashrc @@ -43,8 +43,10 @@ hash ps grep >/dev/null 2>&1 && psgrep() { hash ls >/dev/null 2>&1 && alias ls='ls -Fv --color=always' hash nc >/dev/null 2>&1 && alias pastebin='nc termbin.com 9999' -echo -ne "\e[2q" -echo -e "\e]12;#00FF00" +[[ -z "$SSH_TTY" ]] && { + echo -ne "\e[2q" + echo -e "\e]12;#00FF00" +} for FILE in "$HOME"/.bashrc.d/*; do [[ -x "$FILE" ]] && source "$FILE" From 86c4e99795f11c5f4fa95deb6d0617b84a4ae71a Mon Sep 17 00:00:00 2001 From: Darren 'Tadgy' Austin Date: Wed, 29 Oct 2025 17:05:09 +0000 Subject: [PATCH 18/26] Update log rotation cronjob. --- opt/sbin/cronjob-rotate-logs-symlinks | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/opt/sbin/cronjob-rotate-logs-symlinks b/opt/sbin/cronjob-rotate-logs-symlinks index aae8e1a..49997ea 100755 --- a/opt/sbin/cronjob-rotate-logs-symlinks +++ b/opt/sbin/cronjob-rotate-logs-symlinks @@ -5,6 +5,9 @@ LOGS_DIR="/var/log" DIR_MODE="0750" UMASK="027" +# This array may be used in the defaults file. +declare -A CREATE_DIRS + # Allow /etc/default/rotate-logs-symlinks to override default configuration. [[ -e /etc/default/rotate-logs-symlinks ]] && { # shellcheck disable=SC1091 @@ -21,7 +24,7 @@ UMASK="027" umask "$UMASK" # Process all the directories in the logs directory. - for DIR in "$LOGS_DIR"/*; do + for DIR in "$LOGS_DIR"/*/; do cd "$DIR" 2>/dev/null || { printf "%s: %s\\n" "${0##*/}" "failed to change directory to '$DIR'" >&2 continue @@ -34,9 +37,17 @@ UMASK="027" continue } + # If configured to do so for this directory, create sub directories. + for CREATE_DIR in ${CREATE_DIRS[$(printf "$DIR" | awk -F / -e '{print $4}')]}; do + mkdir -p -m "$DIR_MODE" "$TODAY/$CREATE_DIR" 2>/dev/null || { + printf "%s: %s\\n" "${0##*/}" "failed to create directory '$DIR/$TODAY/$CREATE_DIR'" >&2 + continue + } + done + # Create a 'today' symlink to the new days' directory. - ( cd "$DIR" 2>/dev/null && ln -sf "$TODAY" "today" 2>/dev/null ) || { - printf "%s: %s\\n" "${0##*/}" "creating 'today' symlink failed" >&2 + ( cd "$DIR" 2>/dev/null && ln -sfn "$TODAY" "today" 2>/dev/null ) || { + printf "%s: %s\\n" "${0##*/}" "updating 'today' symlink failed" >&2 continue } done From 0c09c8754954df5caa2a2ca29e819af86f684837 Mon Sep 17 00:00:00 2001 From: Darren 'Tadgy' Austin Date: Wed, 29 Oct 2025 17:07:37 +0000 Subject: [PATCH 19/26] SSL certs for fusiondirectory. --- .gitattributesdb | 2 ++ etc/ssl/certs/ca.cert | 1 + etc/ssl/certs/fd.cert | 1 + 3 files changed, 4 insertions(+) create mode 120000 etc/ssl/certs/ca.cert create mode 120000 etc/ssl/certs/fd.cert diff --git a/.gitattributesdb b/.gitattributesdb index 00db597..b058a89 100644 --- a/.gitattributesdb +++ b/.gitattributesdb @@ -78,6 +78,8 @@ ZXRjL3NzaC9zc2hfY29uZmln 1757606630 1757606630 root:root 0644 - - ZXRjL3NzaC9zc2hkX2NvbmZpZw== 1758202229 1757606896 root:root 0644 - - ZXRjL3NzaGd1YXJkLmNvbmY= 1758050700 1758050700 root:root 0644 - - ZXRjL3NzaGd1YXJkLndoaXRlbGlzdA== 1758050235 1758050235 root:root 0644 - - +ZXRjL3NzbC9jZXJ0cy9jYS5jZXJ0 1758642260 1758642260 root:root 0777 - - +ZXRjL3NzbC9jZXJ0cy9mZC5jZXJ0 1758642260 1758642260 root:root 0777 - - ZXRjL3N1ZG9lcnMuZC9kZWZhdWx0cw== 1757599359 1757599359 root:root 0640 - - ZXRjL3N1ZG9lcnMuZC9yb290LWFjY2Vzcw== 1757600157 1757600157 root:root 0640 - - aG9tZS8uZ2l0aWdub3Jl 1757762052 1757762052 root:root 0644 - - diff --git a/etc/ssl/certs/ca.cert b/etc/ssl/certs/ca.cert new file mode 120000 index 0000000..1b1bbd8 --- /dev/null +++ b/etc/ssl/certs/ca.cert @@ -0,0 +1 @@ +/etc/certificates/core.slackware.uk.net_chain.pem \ No newline at end of file diff --git a/etc/ssl/certs/fd.cert b/etc/ssl/certs/fd.cert new file mode 120000 index 0000000..7991568 --- /dev/null +++ b/etc/ssl/certs/fd.cert @@ -0,0 +1 @@ +/etc/certificates/core.slackware.uk.net_cert.pem \ No newline at end of file From 300875d8a650f0e0892bc4293f2019428d8bb20b Mon Sep 17 00:00:00 2001 From: Darren 'Tadgy' Austin Date: Wed, 29 Oct 2025 17:08:14 +0000 Subject: [PATCH 20/26] Config for log rotation cronjob. --- .gitattributesdb | 1 + etc/default/rotate-logs-symlinks | 1 + 2 files changed, 2 insertions(+) create mode 100644 etc/default/rotate-logs-symlinks diff --git a/.gitattributesdb b/.gitattributesdb index b058a89..4b037b7 100644 --- a/.gitattributesdb +++ b/.gitattributesdb @@ -18,6 +18,7 @@ ZXRjL2NvbmYuZC9zYW1iYQ== 1757592912 1757592912 root:root 0644 - - ZXRjL2NvbmYuZC9zc2hk 1757593051 1757593051 root:root 0644 - - ZXRjL2NvbmYuZC90ZXJyYWZvcm0taHR0cC1iYWNrZW5k 1757771663 1757595391 root:root 0644 - - ZXRjL2Nyb250YWJzL3Jvb3Q= 1757593504 1757593504 root:root 0600 - - +ZXRjL2RlZmF1bHQvcm90YXRlLWxvZ3Mtc3ltbGlua3M= 1758555243 1758552192 root:root 0644 - - ZXRjL2RlaHlkcmF0ZWQvLmdpdGlnbm9yZQ== 1758038054 1758038054 root:root 0644 - - ZXRjL2RlaHlkcmF0ZWQvYWNjb3VudHMvLmdpdGlnbm9yZQ== 1757873230 1757873230 root:root 0644 - - ZXRjL2RlaHlkcmF0ZWQvYWNjb3VudHMvYUhSMGNITTZMeTloWTIxbExYWXdNaTVoY0drdWJHVjBjMlZ1WTNKNWNIUXViM0puTDJScGNtVmpkRzl5ZVFvLnRhci5ncGc= 1761052714 1757873275 root:root 0644 - - diff --git a/etc/default/rotate-logs-symlinks b/etc/default/rotate-logs-symlinks new file mode 100644 index 0000000..2312951 --- /dev/null +++ b/etc/default/rotate-logs-symlinks @@ -0,0 +1 @@ +CREATE_DIRS['core.slackware.uk.net']="fusiondirectory samba" From bcc9130fa811989309ab272c5857de61c6606629 Mon Sep 17 00:00:00 2001 From: Darren 'Tadgy' Austin Date: Wed, 29 Oct 2025 17:08:38 +0000 Subject: [PATCH 21/26] rsyslog.conf. --- .gitattributesdb | 1 + etc/rsyslog.conf | 96 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 97 insertions(+) create mode 100644 etc/rsyslog.conf diff --git a/.gitattributesdb b/.gitattributesdb index 4b037b7..a6b4adc 100644 --- a/.gitattributesdb +++ b/.gitattributesdb @@ -57,6 +57,7 @@ ZXRjL3BrZ2xpc3Q= 1761696000 1757609913 root:root 0644 - - ZXRjL3BsYS9jb25maWcucGhwLmdwZw== 1761052640 1758539944 root:root 0644 - - ZXRjL3B1c2hvdmVyLWNsaWVudC9kZWZhdWx0 1758224985 1758224590 root:root 0600 - - ZXRjL3Jlc29sdi5jb25m 1757611605 1757611605 root:root 0644 - - +ZXRjL3JzeXNsb2cuY29uZg== 1758295632 1747894670 root:root 0644 - - ZXRjL3J1bmxldmVscy9ib290Ly5naXRpZ25vcmU= 1757769666 1757598667 root:root 0644 - - ZXRjL3J1bmxldmVscy9ib290L3JzeXNsb2c= 1757708520 1757708520 root:root 0777 - - ZXRjL3J1bmxldmVscy9kZWZhdWx0Ly5naXRpZ25vcmU= 1757598703 1757598703 root:root 0644 - - diff --git a/etc/rsyslog.conf b/etc/rsyslog.conf new file mode 100644 index 0000000..2682e3c --- /dev/null +++ b/etc/rsyslog.conf @@ -0,0 +1,96 @@ +# rsyslog configuration file +# +# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html +# or latest version online at http://www.rsyslog.com/doc/rsyslog_conf.html +# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html + + +#### Global directives #### + +# Sets the directory that rsyslog uses for work files. +$WorkDirectory /var/lib/rsyslog + +# Sets default permissions for all log files. +$FileOwner root +$FileGroup adm +$FileCreateMode 0640 +$DirCreateMode 0755 +$Umask 0022 + +# Check config syntax on startup and abort if unclean (default off). +#$AbortOnUncleanConfig on + +# Reduce repeating messages (default off). +#$RepeatedMsgReduction on + + +#### Modules #### + +# Provides --MARK-- message capability. +module(load="immark") + +# Provides support for local system logging (e.g. via logger command). +module(load="imuxsock") + +# Reads kernel messages. +module(load="imklog") + +#### Config files #### + +# Include all config files in /etc/rsyslog.d/. +include(file="/etc/rsyslog.d/*.conf" mode="optional") + +#### Rules #### + +*.* /var/log/everything + +# Log all kernel messages to kern.log. +kern.* /var/log/kern.log + +# Log anything (except mail) of level info or higher. +# Don't log private authentication messages! +# NOTE: The minus sign in front of filename disables buffer flush. +*.info;authpriv.none;cron.none;kern.none;mail.none -/var/log/messages + +# The authpriv file has restricted access. +authpriv.* /var/log/auth.log + +# Log all the mail messages in one place. +mail.* -/var/log/mail.log + +# Log cron stuff. +cron.* -/var/log/cron.log + +# Everybody gets emergency messages. +*.emerg :omusrmsg:* + +# Log all kernel messages to the console. +# Logging much else clutters up the screen. +#kern.* /dev/console + + +### Examples #### + +# Send all logs to remote syslog via UDP. +# An on-disk queue is created for this action. If the remote host is +# down, messages are spooled to disk and sent when it is up again. +#*.* action( +# type="omfwd" +# target="192.168.0.1" +# port="514" +# protocol="udp" +# queue.filename="fwdRule1" # unique name prefix for spool files +# queue.type="LinkedList" +# queue.maxDiskSpace="256m" +# queue.saveOnShutdown="on" +# action.resumeRetryCount="-1" +# action.resumeInterval="30" +#) + +# Receive messages from remote host via UDP +# for parameters see http://www.rsyslog.com/doc/imudp.html +#module(load="imudp") # needs to be done just once +#input( +# type="imudp" +# port="514" +#) From 394f25572abce925a886ba990dea4c11708520d8 Mon Sep 17 00:00:00 2001 From: Darren 'Tadgy' Austin Date: Wed, 29 Oct 2025 17:09:56 +0000 Subject: [PATCH 22/26] fusiondirectory.conf. --- .gitattributesdb | 1 + etc/fusiondirectory/fusiondirectory.conf | 8 ++++++++ 2 files changed, 9 insertions(+) create mode 100644 etc/fusiondirectory/fusiondirectory.conf diff --git a/.gitattributesdb b/.gitattributesdb index a6b4adc..6a8696d 100644 --- a/.gitattributesdb +++ b/.gitattributesdb @@ -29,6 +29,7 @@ ZXRjL2RlaHlkcmF0ZWQvZG9tYWlucw== 1757862328 1757862077 root:root 0644 - - ZXRjL2RlaHlkcmF0ZWQvZG9tYWlucy5kL19leGFtcGxlXw== 1757863238 1757862077 root:root 0644 - - ZXRjL2RlaHlkcmF0ZWQvZG9tYWlucy5kL2NvcmUuc2xhY2t3YXJlLnVrLm5ldA== 1757863250 1757863250 root:root 0644 - - ZXRjL2RlaHlkcmF0ZWQvaG9va3MvZGVmYXVsdA== 1758045829 1757862077 root:root 0755 - - +ZXRjL2Z1c2lvbmRpcmVjdG9yeS9mdXNpb25kaXJlY3RvcnkuY29uZg== 1760207207 1760207207 root:root 0644 - - ZXRjL2dyb3Vw 1757873802 1757869538 root:root 0644 - - ZXRjL2hvc3RuYW1l 1757594311 1757594311 root:root 0644 - - ZXRjL2hvc3Rz 1757594362 1757594362 root:root 0644 - - diff --git a/etc/fusiondirectory/fusiondirectory.conf b/etc/fusiondirectory/fusiondirectory.conf new file mode 100644 index 0000000..ca86517 --- /dev/null +++ b/etc/fusiondirectory/fusiondirectory.conf @@ -0,0 +1,8 @@ + + +
+ + + +
+ From bb97b312f1dcc801e5c80ef995e0799dd032332e Mon Sep 17 00:00:00 2001 From: Darren 'Tadgy' Austin Date: Wed, 29 Oct 2025 17:10:50 +0000 Subject: [PATCH 23/26] openldap schemas. --- .gitattributesdb | 5 + etc/openldap/schema/core-fd-conf.schema | 732 ++++++++++++++++++++++++ etc/openldap/schema/core-fd.schema | 580 +++++++++++++++++++ etc/openldap/schema/ldapns.schema | 23 + etc/openldap/schema/rfc2307bis.schema | 288 ++++++++++ etc/openldap/schema/template-fd.schema | 16 + 6 files changed, 1644 insertions(+) create mode 100644 etc/openldap/schema/core-fd-conf.schema create mode 100644 etc/openldap/schema/core-fd.schema create mode 100644 etc/openldap/schema/ldapns.schema create mode 100644 etc/openldap/schema/rfc2307bis.schema create mode 100644 etc/openldap/schema/template-fd.schema diff --git a/.gitattributesdb b/.gitattributesdb index 6a8696d..fd1d78b 100644 --- a/.gitattributesdb +++ b/.gitattributesdb @@ -48,6 +48,11 @@ ZXRjL21zbXRwcmMuZ3Bn 1761052674 1758049424 root:root 0644 - - ZXRjL25ldHdvcmsvLmdpdGlnbm9yZQ== 1757596572 1757596572 root:root 0644 - - ZXRjL25ldHdvcmsvaW50ZXJmYWNlcw== 1758915694 1757596330 root:root 0644 - - ZXRjL29wZW5sZGFwL2xkYXAuY29uZg== 1758374529 1730112559 root:root 0644 - - +ZXRjL29wZW5sZGFwL3NjaGVtYS9jb3JlLWZkLWNvbmYuc2NoZW1h 1759848180 1759848180 root:root 0644 - - +ZXRjL29wZW5sZGFwL3NjaGVtYS9jb3JlLWZkLnNjaGVtYQ== 1759848180 1759848180 root:root 0644 - - +ZXRjL29wZW5sZGFwL3NjaGVtYS9sZGFwbnMuc2NoZW1h 1759848180 1759848180 root:root 0644 - - +ZXRjL29wZW5sZGFwL3NjaGVtYS9yZmMyMzA3YmlzLnNjaGVtYQ== 1759835660 1759835660 root:root 0644 - - +ZXRjL29wZW5sZGFwL3NjaGVtYS90ZW1wbGF0ZS1mZC5zY2hlbWE= 1759848180 1759848180 root:root 0644 - - ZXRjL3Bhc3N3ZA== 1761056398 1761056398 root:root 0644 - - ZXRjL3BlcmlvZGljL2RhaWx5LzAtcm90YXRlLWxvZ3Mtc3ltbGlua3M= 1758222266 1758222266 root:root 0777 - - ZXRjL3BlcmlvZGljL2RhaWx5LzEwLWRlaHlkcmF0ZWQ= 1757708520 1757708520 root:root 0777 - - diff --git a/etc/openldap/schema/core-fd-conf.schema b/etc/openldap/schema/core-fd-conf.schema new file mode 100644 index 0000000..6ef5dbd --- /dev/null +++ b/etc/openldap/schema/core-fd-conf.schema @@ -0,0 +1,732 @@ +## +## fusiondirectory-conf.schema - Needed by FusionDirectory for its configuration +## + +#~ ldapTLS="true" + +# Attributes + +# Schema setup + +attributetype ( 1.3.6.1.4.1.38414.8.10.2 NAME 'fdSchemaCheck' + DESC 'FusionDirectory - Schema check' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +# Look n feel + +attributetype ( 1.3.6.1.4.1.38414.8.11.1 NAME 'fdLanguage' + DESC 'FusionDirectory - language' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.11.2 NAME 'fdTheme' + DESC 'FusionDirectory - theme' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.11.3 NAME 'fdTimezone' + DESC 'FusionDirectory - timezone' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +# People and group storage + +attributetype ( 1.3.6.1.4.1.38414.8.12.1 NAME 'fdAccountPrimaryAttribute' + DESC 'FusionDirectory - attribute that should be used in user dn' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.12.3 NAME 'fdNextIdHook' + DESC 'FusionDirectory - A script to be called for finding the next free id for users or groups' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.12.6 NAME 'fdStrictNamingRules' + DESC 'FusionDirectory - Strict naming rules' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.12.7 NAME 'fdMinId' + DESC 'FusionDirectory - minimum user id' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.12.8 NAME 'fdUidNumberBase' + DESC 'FusionDirectory - uid number base' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.12.9 NAME 'fdGidNumberBase' + DESC 'FusionDirectory - gid number base' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.12.10 NAME 'fdUserRDN' + DESC 'FusionDirectory - User RDN' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.12.11 NAME 'fdGroupRDN' + DESC 'FusionDirectory - Group RDN' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.12.12 NAME 'fdIdAllocationMethod' + DESC 'FusionDirectory - id allocation method traditional/pool' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.12.13 NAME 'fdGidNumberPoolMin' + DESC 'FusionDirectory - pool gid number min' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.12.14 NAME 'fdUidNumberPoolMin' + DESC 'FusionDirectory - pool uid number min' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.12.15 NAME 'fdGidNumberPoolMax' + DESC 'FusionDirectory - pool gid number max' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.12.16 NAME 'fdUidNumberPoolMax' + DESC 'FusionDirectory - pool uid number max' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.12.17 NAME 'fdAclRoleRDN' + DESC 'FusionDirectory - ACL role RDN' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.12.18 NAME 'fdCnPattern' + DESC 'FusionDirectory - Common Name pattern' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.12.19 NAME 'fdRestrictRoleMembers' + DESC 'FusionDirectory - Restrict role members to users from the same LDAP branch' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.12.20 NAME 'fdSplitPostalAddress' + DESC 'FusionDirectory - Expose street, postOfficeBox and postalCode fields instead of postalAddress' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.12.21 NAME 'fdPostalAddressPattern' + DESC 'FusionDirectory - When using separate address fields, you can use a pattern to fill postalAddress field' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.12.22 NAME 'fdMaxAvatarSize' + DESC 'FusionDirectory - Maximum user picture width and height in pixels' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.12.23 NAME 'fdGivenNameRequired' + DESC 'FusionDirectory - Whether givenName field is required on users' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +# Password + +attributetype ( 1.3.6.1.4.1.38414.8.13.1 NAME 'fdPasswordDefaultHash' + DESC 'FusionDirectory - Password default hash' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.13.2 NAME 'fdPasswordMinLength' + DESC 'FusionDirectory - Password min length' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.13.3 NAME 'fdPasswordMinDiffer' + DESC 'FusionDirectory - password min differ' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.13.5 NAME 'fdHandleExpiredAccounts' + DESC 'FusionDirectory - Handle expired accounts' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.13.6 NAME 'fdSaslRealm' + DESC 'FusionDirectory - SASL Realm' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.13.7 NAME 'fdSaslExop' + DESC 'FusionDirectory - SASL Exop' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.13.8 NAME 'fdForcePasswordDefaultHash' + DESC 'FusionDirectory - Force password default hash' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.13.9 NAME 'fdPasswordAllowedHashes' + DESC 'FusionDirectory - Allowed password hashes' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +# Core settings + +attributetype ( 1.3.6.1.4.1.38414.8.14.2 NAME 'fdListSummary' + DESC 'FusionDirectory - Show list summary' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.14.4 NAME 'fdModificationDetectionAttribute' + DESC 'FusionDirectory - Modification detection attribute' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.14.6 NAME 'fdLogging' + DESC 'FusionDirectory - Logging' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.14.7 NAME 'fdLdapSizeLimit' + DESC 'FusionDirectory - LDAP size limit' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.14.8 NAME 'fdWildcardForeignKeys' + DESC 'FusionDirectory - Weither or not to enable wildcard searches for foreign keys on dn' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +# Login and session + +attributetype ( 1.3.6.1.4.1.38414.8.15.1 NAME 'fdLoginAttribute' + DESC 'FusionDirectory attribute that will be used for login' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.15.2 NAME 'fdForceSSL' + DESC 'FusionDirectory - Force SSL' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.15.3 NAME 'fdWarnSSL' + DESC 'FusionDirectory - Warn user when SSL is not used' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.15.4 NAME 'fdStoreFilterSettings' + DESC 'FusionDirectory - Store filter settings' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.15.5 NAME 'fdSessionLifeTime' + DESC 'FusionDirectory - Session life time in seconds' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.15.6 NAME 'fdHttpAuthActivated' + DESC 'FusionDirectory - HTTP Basic Auth activation' + OBSOLETE + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.15.7 NAME 'fdHttpHeaderAuthActivated' + DESC 'FusionDirectory - HTTP Header Auth activation' + OBSOLETE + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.15.8 NAME 'fdHttpHeaderAuthHeaderName' + DESC 'FusionDirectory - HTTP Header Auth - Header name' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.15.9 NAME 'fdLoginMethod' + DESC 'FusionDirectory - Active login method' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) + +# Debugging + +attributetype ( 1.3.6.1.4.1.38414.8.16.1 NAME 'fdDisplayErrors' + DESC 'FusionDirectory - Weither or not to display errors' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.16.2 NAME 'fdLdapMaxQueryTime' + DESC 'FusionDirectory - Maximum LDAP query time' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.16.3 NAME 'fdLdapStats' + DESC 'FusionDirectory - Weither or not to activate ldap stats' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.16.4 NAME 'fdDebugLevel' + DESC 'FusionDirectory - Debug level' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.16.5 NAME 'fdDebugLogging' + DESC 'FusionDirectory - Debug logging' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +# Snapshots + +attributetype ( 1.3.6.1.4.1.38414.8.17.1 NAME 'fdEnableSnapshots' + DESC 'FusionDirectory - Weither or not to enable snapshots' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.17.2 NAME 'fdSnapshotBase' + DESC 'FusionDirectory - Snaphost base' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.17.3 NAME 'fdEnableAutomaticSnapshots' + DESC 'FusionDirectory - Weither or not to enable snapshots' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.17.4 NAME 'fdSnapshotMinRetention' + DESC 'Minimum number of snapshots to be kept in store' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.17.5 NAME 'fdSnapshotRetentionDays' + DESC 'Number of days a snapshot should be kept' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.17.6 NAME 'fdSnapshotSourceData' + DESC 'Possible Origin / Source of data received ' + EQUALITY octetStringMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40) + SINGLE-VALUE) + +# Miscellaneous + +attributetype ( 1.3.6.1.4.1.38414.8.18.2 NAME 'fdTabHook' + DESC 'FusionDirectory - tab hook' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.8.18.3 NAME 'fdShells' + DESC 'FusionDirectory - available shells' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.8.18.4 NAME 'fusionConfigMd5' + DESC 'FusionDirectory - md5sum of class.cache' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.8.18.5 NAME 'fdDisplayHookOutput' + DESC 'FusionDirectory - display hook execution output to the user' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.18.6 NAME 'fdAclTabOnObjects' + DESC 'FusionDirectory - Should acl tabs be shown on all objects' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.18.7 NAME 'fdDepartmentCategories' + DESC 'FusionDirectory - available categories for departments' + EQUALITY caseExactMatch + SUBSTR caseExactSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.8.18.8 NAME 'fdDefaultShell' + DESC 'FusionDirectory - default shell' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.18.9 NAME 'fdPluginsMenuBlacklist' + DESC 'FusionDirectory - Blacklist as groupdn|plugin or roledn|plugin' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) + +attributetype ( 1.3.6.1.4.1.38414.8.18.10 NAME 'fdManagementConfig' + DESC 'FusionDirectory - Configuration for management classes' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) + +attributetype ( 1.3.6.1.4.1.38414.8.18.11 NAME 'fdManagementUserConfig' + DESC 'FusionDirectory - Per user configuration for management classes' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) + +attributetype ( 1.3.6.1.4.1.38414.8.18.12 NAME 'fdAclTargetFilterLimit' + DESC 'Fusion Directory - Size limit for LDAP filter on ACL targets' + EQUALITY integerMatch + ORDERING integerOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.18.13 NAME 'fdIncrementalModifierStates' + DESC 'FusionDirectory - States of the incremental modifier intances, with keys value and date, encoded as JSON' + EQUALITY caseExactMatch + SUBSTR caseExactSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +# Plugins + +attributetype ( 1.3.6.1.4.1.38414.8.19.1 NAME 'fdOGroupRDN' + DESC 'FusionDirectory - OGroup RDN' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.19.2 NAME 'fdForceSaslPasswordAsk' + DESC 'FusionDirectory - Force password ask for SASL users' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.19.3 NAME 'fdOGroupDefaultUser' + DESC 'FusionDirectory - Create a default user in ou=restricted for object groups' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +# SSL + +attributetype ( 1.3.6.1.4.1.38414.8.20.1 NAME 'fdSslCaCertPath' + DESC 'FusionDirectory - CA certificate path' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.20.2 NAME 'fdSslKeyPath' + DESC 'FusionDirectory - SSL key path' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.20.3 NAME 'fdSslCertPath' + DESC 'FusionDirectory - SSL certificate path' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +# CAS + +attributetype ( 1.3.6.1.4.1.38414.8.21.1 NAME 'fdCasActivated' + DESC 'FusionDirectory - CAS activation' + OBSOLETE + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.21.2 NAME 'fdCasServerCaCertPath' + DESC 'FusionDirectory - CAS server CA certificate path' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.21.3 NAME 'fdCasHost' + DESC 'FusionDirectory - CAS host' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.21.4 NAME 'fdCasPort' + DESC 'FusionDirectory - CAS port' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.21.5 NAME 'fdCasContext' + DESC 'FusionDirectory - CAS context' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.21.6 NAME 'fdCasVerbose' + DESC 'FusionDirectory - CAS verbose flag' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.21.7 NAME 'fdCasLibraryBool' + DESC 'FusionDirectory - CAS boolean to activate CAS library >= 1.6' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.21.8 NAME 'fdCasClientServiceName' + DESC 'FusionDirectory - CAS client service name' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +# FusionDirectory Tokens + +attributetype ( 1.3.6.1.4.1.38414.8.22.1 NAME 'fdTokenRDN' + DESC 'FusionDirectory - Branch where FusionDirectory Tokens are stored' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.22.2 NAME 'fdOrchestratorTokenRDN' + DESC 'FusionDirectory - Branch where FusionDirectory Orchestrator Tokens are stored' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.22.3 NAME 'fdRecoveryTokenRDN' + DESC 'FusionDirectory - Branch where FusionDirectory Recovery Tokens are stored' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +# merged from dashboard-fd.schema - Needed by Fusion Directory for dashboard options + +attributetype ( 1.3.6.1.4.1.38414.27.1.1 NAME 'fdDashboardPrefix' + DESC 'FusionDirectory - Dashboard computer name prefix' + OBSOLETE + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26) + +attributetype ( 1.3.6.1.4.1.38414.27.1.2 NAME 'fdDashboardNumberOfDigit' + DESC 'FusionDirectory - Dashboard number of digits after prefixes in computer names' + OBSOLETE + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.27.1.3 NAME 'fdDashboardExpiredAccountsDays' + DESC 'FusionDirectory - Dashboard number of days before expiration to be shown in board user tab' + OBSOLETE + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +# merged from recovery-fd.schema - Needed by Fusion Directory for password recovery options + +attributetype ( 1.3.6.1.4.1.38414.8.110.1 NAME 'fdPasswordRecoveryActivated' + DESC 'Fusion Directory - Password recovery enabled/disabled' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.110.2 NAME 'fdPasswordRecoveryEmail' + DESC 'Fusion Directory - Password recovery sender email' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.110.3 NAME 'fdPasswordRecoveryMailSubject' + DESC 'Fusion Directory - Password recovery first email subject' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.110.4 NAME 'fdPasswordRecoveryMailBody' + DESC 'Fusion Directory - Password recovery first email body' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.110.5 NAME 'fdPasswordRecoveryMail2Subject' + DESC 'Fusion Directory - Password recovery second email subject' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.110.6 NAME 'fdPasswordRecoveryMail2Body' + DESC 'Fusion Directory - Password recovery second email body' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.110.7 NAME 'fdPasswordRecoveryValidity' + DESC 'Fusion Directory - Password recovery link validity in minutes' + EQUALITY integerMatch + ORDERING integerOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.110.8 NAME 'fdPasswordRecoverySalt' + DESC 'Fusion Directory - Password recovery token salt' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.110.9 NAME 'fdPasswordRecoveryUseAlternate' + DESC 'Fusion Directory - Allow/disallow the use of alternate addresses for password recovery' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.110.10 NAME 'fdPasswordRecoveryLoginAttribute' + DESC 'Fusion Directory - Password recovery login attribute (usually uid)' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) + + +# Object Class +objectclass ( 1.3.6.1.4.1.38414.8.2.1 NAME 'fusionDirectoryConf' + DESC 'FusionDirectory configuration' + SUP top STRUCTURAL + MUST ( cn ) + MAY ( + fusionConfigMd5 $ + fdSchemaCheck $ + fdLanguage $ fdTheme $ fdTimezone $ + fdAccountPrimaryAttribute $ fdNextIdHook $ + fdStrictNamingRules $ fdMinId $ fdUidNumberBase $ + fdGidNumberBase $ fdUserRDN $ fdGroupRDN $ fdIdAllocationMethod $ + fdGidNumberPoolMin $ fdUidNumberPoolMin $ fdGidNumberPoolMax $ fdUidNumberPoolMax $ + fdAclRoleRDN $ fdCnPattern $ fdRestrictRoleMembers $ + fdSplitPostalAddress $ fdPostalAddressPattern $ fdMaxAvatarSize $ fdGivenNameRequired $ + fdPasswordDefaultHash $ fdPasswordMinLength $ fdPasswordMinDiffer $ + fdHandleExpiredAccounts $ fdSaslRealm $ fdSaslExop $ + fdForcePasswordDefaultHash $ fdPasswordAllowedHashes $ + fdListSummary $ + fdModificationDetectionAttribute $ fdLogging $ fdLdapSizeLimit $ fdWildcardForeignKeys $ + fdLoginAttribute $ fdForceSSL $ fdWarnSSL $ fdStoreFilterSettings $ fdSessionLifeTime $ + fdHttpAuthActivated $ fdHttpHeaderAuthActivated $ fdHttpHeaderAuthHeaderName $ + fdDisplayErrors $ fdLdapMaxQueryTime $ fdLdapStats $ fdDebugLevel $ fdDebugLogging $ + fdEnableSnapshots $ fdSnapshotBase $ + fdTabHook $ fdShells $ fdDefaultShell $ fdDisplayHookOutput $ + fdPluginsMenuBlacklist $ fdManagementConfig $ fdManagementUserConfig $ + fdAclTabOnObjects $ fdDepartmentCategories $ fdAclTargetFilterLimit $ + fdIncrementalModifierStates $ + fdSslCaCertPath $ fdSslKeyPath $ fdSslCertPath $ fdSnapshotRetentionDays $ fdSnapshotSourceData $ + fdCasActivated $ fdCasServerCaCertPath $ fdCasHost $ fdCasPort $ fdCasContext $ fdCasVerbose $ + fdLoginMethod $ fdCasLibraryBool $ fdCasClientServiceName $ fdEnableAutomaticSnapshots $ fdSnapshotMinRetention $ + fdTokenRDN $ fdOrchestratorTokenRDN $ fdRecoveryTokenRDN + ) ) + +objectclass ( 1.3.6.1.4.1.38414.8.2.2 NAME 'fusionDirectoryPluginsConf' + DESC 'FusionDirectory plugins configuration' + SUP top AUXILIARY + MUST ( cn ) + MAY ( fdOGroupRDN $ fdForceSaslPasswordAsk $ fdOGroupDefaultUser ) ) + +objectclass ( 1.3.6.1.4.1.38414.8.2.3 NAME 'fdPasswordRecoveryConf' + DESC 'FusionDirectory password recovery configuration' + SUP top AUXILIARY + MUST ( cn ) + MAY ( + fdPasswordRecoveryActivated $ fdPasswordRecoveryEmail $ + fdPasswordRecoveryMailSubject $ fdPasswordRecoveryMailBody $ + fdPasswordRecoveryMail2Subject $ fdPasswordRecoveryMail2Body $ + fdPasswordRecoveryValidity $ fdPasswordRecoverySalt $ + fdPasswordRecoveryUseAlternate $ fdPasswordRecoveryLoginAttribute + ) ) + +# Dashboard Object Class +objectclass ( 1.3.6.1.4.1.38414.27.2.1 NAME 'fdDashboardPluginConf' + DESC 'FusionDirectory dashboard plugin configuration' + SUP top AUXILIARY + MUST ( cn ) + MAY ( fdDashboardPrefix $ fdDashboardNumberOfDigit $ fdDashboardExpiredAccountsDays) ) diff --git a/etc/openldap/schema/core-fd.schema b/etc/openldap/schema/core-fd.schema new file mode 100644 index 0000000..b73b535 --- /dev/null +++ b/etc/openldap/schema/core-fd.schema @@ -0,0 +1,580 @@ +## +## core-fd.schema - Needed by FusionDirectory for its basic functionalities +## + +# Last OID used for attributes : 1.3.6.1.4.1.38414.62.1.77 04/08/25 # +# Last OID used for objectClass : 1.3.6.1.4.1.38414.62.2.11 29/01/24 # + +##### Attributes from gosa ###### + +attributetype ( 1.3.6.1.4.1.10098.1.1.12.30 NAME 'gosaGroupObjects' + DESC 'GOsa - List of all object types that are in a gosaGroupOfNames' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.10098.1.1.12.34 NAME 'gosaAclTemplate' + DESC 'GOsa - ACL entries for ACL roles' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26) + +attributetype ( 1.3.6.1.4.1.10098.1.1.12.35 NAME 'gosaAclEntry' + DESC 'GOsa - ACL entries' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26) + +attributetype ( 1.3.6.1.4.1.10098.1.1.12.37 NAME 'gosaSnapshotTimestamp' + DESC 'GOsa - Unix timestamp of snapshot' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.10098.1.1.12.38 NAME 'gosaSnapshotDN' + DESC 'GOsa - Original DN of saved object in snapshot' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.10098.1.1.12.39 NAME 'gosaSnapshotData' + DESC 'GOsa - Original data of saved object in snapshot' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE) + +##### Attributes from FusionDirectory ##### + +attributetype ( 1.3.6.1.4.1.38414.62.1.1 NAME 'fdUserDn' + DESC 'FusionDirectory - DN of a user' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.2 NAME 'fdObjectDn' + DESC 'FusionDirectory - DN of an object' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.3 NAME 'fdLockTimestamp' + DESC 'FusionDirectory - Lock token timestamp' + EQUALITY generalizedTimeMatch + ORDERING generalizedTimeOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.4 NAME 'fdSnapshotObjectType' + DESC 'FusionDirectory - object type of the snapshotted object' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.51 NAME 'fdSnapshotDataSource' + DESC 'FusionDirectory - snapshot data origin / source' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.68 NAME 'fdSnapshotHash' + DESC 'FusionDirectory - hash of the current snapShot allowing diff verification with MD5' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +##### Subscriptions Attributes ###### + +attributetype ( 1.3.6.1.4.1.38414.62.11.1 NAME 'fdSubscriptionStartDate' + DESC 'FusionDirectory - Subscription Starting Date' + EQUALITY generalizedTimeMatch + ORDERING generalizedTimeOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.62.11.2 NAME 'fdSubscriptionEndDate' + DESC 'FusionDirectory - Subscription End Date' + EQUALITY generalizedTimeMatch + ORDERING generalizedTimeOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.62.11.3 NAME 'fdSubscriptionType' + DESC 'FusionDirectory - Subscription type' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.62.11.4 NAME 'fdSubscriptionContractId' + DESC 'FusionDirectory - Subscription contract ID' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.62.11.5 NAME 'fdSubscriptionName' + DESC 'FusionDirectory - Subscription client name' + SUP name ) + +### Mail Template Attributes ### + +attributetype ( 1.3.6.1.4.1.38414.62.1.5 NAME 'fdMailTemplateBody' + DESC 'FusionDirectory - template mail field' + EQUALITY octetStringMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40) + +attributetype ( 1.3.6.1.4.1.38414.62.1.6 NAME 'fdMailTemplateRDN' + DESC 'FusionDirectory - template Mail RDN' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.62.1.7 NAME 'fdMailTemplateSignature' + DESC 'FusionDirectory - template mail field' + EQUALITY octetStringMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40) + +attributetype ( 1.3.6.1.4.1.38414.62.1.8 NAME 'fdMailAttachmentsContent' + DESC 'FusionDirectory - attachment data in bin format' + EQUALITY octetStringMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40) + +attributetype ( 1.3.6.1.4.1.38414.62.1.9 NAME 'fdMailTemplateReadReceipt' + DESC 'FusionDirectory - template mail field' + EQUALITY octetStringMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40) + +attributetype ( 1.3.6.1.4.1.38414.62.1.10 NAME 'fdMailTemplateSubject' + DESC 'FusionDirectory - template mail field' + EQUALITY octetStringMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40) + +##### Tasks Attributes ##### + +attributetype ( 1.3.6.1.4.1.38414.62.1.11 NAME 'fdTasksMailObject' + DESC 'Fusion Directory - Tasks for mail template objects' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.12 NAME 'fdTasksScheduleDate' + DESC 'Scheduling of the Task - required processed date' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.13 NAME 'fdTasksMailUsers' + DESC 'Fusion Directory - Tasks Mail Users Recipient' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.14 NAME 'fdTasksStatus' + DESC 'Fusion Directory - Task Status' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.15 NAME 'fdTasksEndDate' + DESC 'Fusion Directory - Task End Date' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.57 NAME 'fdTasksLastExec' + DESC 'Fusion Directory - Time when tasks was last activated' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.77 NAME 'fdTasksNextExec' + DESC 'Fusion Directory - Time when tasks will be executed next' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.58 NAME 'fdTasksLastActivation' + DESC 'Fusion Directory - Time when tasks was last activated' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.16 NAME 'fdTasksCreationDate' + DESC 'Fusion Directory - Task Start Date' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.17 NAME 'fdTasksEmailsFromDN' + DESC 'Fusion Directory - Emails derived from DN' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.18 NAME 'fdTasksEmailSender' + DESC 'Fusion Directory - Emails derived from DN' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.55 NAME 'fdTasksEmailBCC' + DESC 'Fusion Directory - Emails derived from DN' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.19 NAME 'fdTasksMailType' + DESC 'Fusion Directory - Type of Mail attribute required' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +##### Tasks Granular ##### + +attributetype ( 1.3.6.1.4.1.38414.62.1.20 NAME 'fdTasksGranularStatus' + DESC 'Fusion Directory - Task Status' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.21 NAME 'fdTasksGranularSchedule' + DESC 'Scheduling of the Task - required processed date' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.22 NAME 'fdTasksGranularMaster' + DESC 'Fusion Directory - Tasks Master objects' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.23 NAME 'fdTasksGranularType' + DESC 'Fusion Directory - Tasks Type' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.24 NAME 'fdTasksGranularMail' + DESC 'Fusion Directory - Emails recipients if object mail' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.25 NAME 'fdTasksGranularMailFrom' + DESC 'Fusion Directory - Emails sender if object mail' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.56 NAME 'fdTasksGranularMailBCC' + DESC 'Fusion Directory - Emails sender if object mail' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.26 NAME 'fdTasksGranularRef' + DESC 'Fusion Directory - Reference towards a CN (E.g Mail Template)' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.69 NAME 'fdTasksGranularHelper' + DESC 'Fusion Directory - Reference towards a potential helper value from main task (case of reminder)' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.74 NAME 'fdTasksGranularCreationDate' + DESC 'Fusion Directory - Task Granular Creation Date' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.75 NAME 'fdTasksGranularLastExec' + DESC 'Fusion Directory - Time when granular tasks was last executed' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.76 NAME 'fdTasksGranularNextExec' + DESC 'Fusion Directory - Time when granular tasks will be executed next' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +## Any tasks requiring to store DN (Such as lifeCycle). ## + +attributetype ( 1.3.6.1.4.1.38414.62.1.67 NAME 'fdTasksGranularDN' + DESC 'Fusion Directory - DN of the targeted user' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +##### Tasks Conf ##### + +attributetype ( 1.3.6.1.4.1.38414.62.1.27 NAME 'fdTasksRDN' + DESC 'FusionDirectory - Tasks RDN' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.62.1.28 NAME 'fdTasksConfLastExecTime' + DESC 'Store time of last mail tasks success - secure spam interval' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.29 NAME 'fdTasksConfMaxEmails' + DESC 'FusionDirectory maximum emails to be processed by Orchestrator - secure spam' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.30 NAME 'fdTasksConfIntervalEmails' + DESC 'FusionDirectory maximum emails to be processed by Orchestrator - secure spam' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) + +##### Plugin Manager ##### + +attributetype ( 1.3.6.1.4.1.38414.62.1.31 NAME 'fdPluginManagerInfoAuthors' + DESC 'FusionDirectory - Plugin authors attribute' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.32 NAME 'fdPluginManagerInfoVersion' + DESC 'FusionDirectory - Plugin Version attribute' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.33 NAME 'fdPluginManagerSupportHomeUrl' + DESC 'FusionDirectory - Plugin Support page url attribute' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.34 NAME 'fdPluginManagerSupportTicketUrl' + DESC 'FusionDirectory - Plugin Suuport ticket url attribute' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.35 NAME 'fdPluginManagerSupportDiscussionUrl' + DESC 'FusionDirectory - Pluging discussion url attribute' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.36 NAME 'fdPluginManagerSupportSchemaUrl' + DESC 'FusionDirectory - Plugin schema url attribute needed if necessary' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.37 NAME 'fdPluginManagerReqFdVersion' + DESC 'FusionDirectory - Plugin Fusiondirectory Version requirement attribute' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.38 NAME 'fdPluginManagerReqPhpVersion' + DESC 'FusionDirectory - Plugin PHP Version requirement attribute' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.39 NAME 'fdPluginManagerContentPhpClass' + DESC 'FusionDirectory - Plugin Manager : list on php class provided' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.40 NAME 'fdPluginManagerContentLdapObject' + DESC 'FusionDirectory - Plugin Manager : list on Ldap Object needed' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.41 NAME 'fdPluginManagerContentLdapAttributes' + DESC 'FusionDirectory - Plugin Manager : list on Ldap attributes needed' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.42 NAME 'fdPluginManagerInfoStatus' + DESC 'FusionDirectory - Plugin Manager : status of plugin : Dev / stable / dontuse ' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.43 NAME 'fdPluginManagerSupportDownloadUrl' + DESC 'FusionDirectory - Plugin direct download url ' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.44 NAME 'fdPluginManagerInfoTags' + DESC 'FusionDirectory - Plugin Tag for identity plugins goals' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.45 NAME 'fdPluginManagerInfoLogoUrl' + DESC 'FusionDirectory - Plugin Logo url ' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.46 NAME 'fdPluginManagerInfoScreenshotUrl' + DESC 'FusionDirectory - Plugin Screenshot Url ' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.47 NAME 'fdPluginManagerInfoLicence' + DESC 'FusionDirectory - Plugin Licence' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.48 NAME 'fdPluginManagerInfoOrigin' + DESC 'FusionDirectory - Plugin Origin' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.49 NAME 'fdPluginManagerSupportProvider' + DESC 'FusionDirectory - Plugin Support Provider' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.50 NAME 'fdPluginManagerSupportContractUrl' + DESC 'FusionDirectory - Plugin Support Contract url' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +##### Tasks Granular Part 2 ##### + +attributetype ( 1.3.6.1.4.1.38414.62.1.52 NAME 'fdTasksRepeatable' + DESC 'Allow a given task to be repeatable' + EQUALITY booleanMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX '1.3.6.1.4.1.1466.115.121.1.7') + +attributetype ( 1.3.6.1.4.1.38414.62.1.53 NAME 'fdTasksUpdatable' + DESC 'Allow a given task to be updatable' + EQUALITY booleanMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX '1.3.6.1.4.1.1466.115.121.1.7') + +attributetype ( 1.3.6.1.4.1.38414.62.1.54 NAME 'fdTasksRepeatableSchedule' + DESC 'Set the repetition of the tasks via a set attribute' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX '1.3.6.1.4.1.1466.115.121.1.15') + +##### Token management attributes ##### + +attributetype ( 1.3.6.1.4.1.38414.62.1.70 NAME 'fdTokenUserDN' + DESC 'The DN user linked to the token' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) + +attributetype ( 1.3.6.1.4.1.38414.62.1.71 NAME 'fdTokenType' + DESC 'The token type eg reminder, recovery' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) + +attributetype ( 1.3.6.1.4.1.38414.62.1.72 NAME 'fdToken' + DESC 'The token' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) + +attributetype ( 1.3.6.1.4.1.38414.62.1.73 NAME 'fdTokenTimestamp' + DESC 'Timestamp for the validation of the token' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) + +##### Classes ##### + +### old gosa ObjectClass ### + +objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.4 NAME 'gosaDepartment' SUP top AUXILIARY + DESC 'GOsa - Class to mark Departments for GOsa' + MUST ( ou $ description ) + MAY ( manager $ co $ labeledURI ) ) + +objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.12 NAME 'gosaGroupOfNames' + DESC 'GOsa - Adds the gosaGroupObjects field to groupOfNames' + SUP top AUXILIARY + MUST ( cn $ gosaGroupObjects ) MAY ( member $ description ) ) + +objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.17 NAME 'gosaRole' + DESC 'GOsa - ACL container to define ACL roles' + SUP top STRUCTURAL + MUST ( gosaAclTemplate $ cn ) + MAY ( description ) ) + +objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.18 NAME 'gosaAcl' + DESC 'GOsa - ACL container to define single ACLs' + SUP top AUXILIARY + MUST ( gosaAclEntry )) + +objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.19 NAME 'gosaSnapshotObject' + DESC 'GOsa - Container object for undo and snapshot data' + SUP top STRUCTURAL + MUST ( gosaSnapshotTimestamp $ gosaSnapshotDN $ gosaSnapshotData $ fdSnapshotDataSource ) + MAY ( fdSnapshotObjectType $ description $ fdSnapshotHash) ) + +### New FusionDirectory Objectclass ### + +objectclass ( 1.3.6.1.4.1.38414.62.2.1 NAME 'fdLockEntry' SUP top STRUCTURAL + DESC 'FusionDirectory - Class for FD locking' + MUST ( fdUserDn $ fdObjectDn $ cn $ fdLockTimestamp )) + +### Subscription Related Object Class ### + +objectclass ( 1.3.6.1.4.1.38414.62.2.2 NAME 'fdSubscriptionInformation' SUP top STRUCTURAL + DESC 'FusionDirectory - Information about current subscription' + MUST ( cn ) + MAY ( uid $ fdSubscriptionStartDate $ fdSubscriptionEndDate $ fdSubscriptionType $ fdSubscriptionContractId $ fdSubscriptionName )) + +### Plugin manager Related Object Class ### + +objectclass (1.3.6.1.4.1.38414.62.2.3 NAME 'fdPluginManager' + DESC 'FusionDirectory - Plugins Manager ObjectClass' + MUST ( cn $ description $ fdPluginManagerInfoAuthors $ fdPluginManagerInfoVersion $ fdPluginManagerInfoStatus $ fdPluginManagerInfoLicence $ fdPluginManagerInfoOrigin $ fdPluginManagerSupportHomeUrl $ fdPluginManagerReqFdVersion $ fdPluginManagerReqPhpVersion $ fdPluginManagerSupportProvider ) + MAY ( fdPluginManagerInfoScreenshotUrl $ fdPluginManagerInfoLogoUrl $ fdPluginManagerInfoTags $ fdPluginManagerSupportTicketUrl $ fdPluginManagerSupportDiscussionUrl $ fdPluginManagerSupportSchemaUrl $ fdPluginManagerSupportDownloadUrl $ fdPluginManagerContentPhpClass $ fdPluginManagerContentLdapObject $ fdPluginManagerContentLdapAttributes $ fdPluginManagerSupportContractUrl )) + +### Mail Template Related Object Class ### + +objectclass (1.3.6.1.4.1.38414.62.2.4 NAME 'fdMailTemplate' + DESC 'FusionDirectory - template mail object' + SUP top STRUCTURAL + MUST ( cn $ fdMailTemplateBody $ fdMailTemplateSubject ) + MAY ( fdMailTemplateSignature $ fdMailTemplateReadReceipt)) + +objectclass (1.3.6.1.4.1.38414.62.2.10 NAME 'fdMailAttachments' + DESC 'FusionDirectory - mail template attachments' + MUST ( cn $ fdMailAttachmentsContent )) + +objectclass ( 1.3.6.1.4.1.38414.62.2.5 NAME 'fdMailTemplateConf' + DESC 'FusionDirectory Mail Template Configuration' + SUP top AUXILIARY + MUST ( cn ) + MAY ( fdMailTemplateRDN ) ) + +### Tasks Related Object Class ### + +objectclass (1.3.6.1.4.1.38414.62.2.6 NAME 'fdTasks' + DESC 'FusionDirectory - Tasks objects' + MUST ( cn $ fdTasksStatus $ fdTasksCreationDate ) + MAY ( fdTasksScheduleDate $ fdTasksEndDate $ fdTasksRepeatableSchedule $ fdTasksUpdatable $ fdTasksRepeatable + $ fdTasksLastActivation $ fdTasksLastExec $ fdTasksNextExec $ description)) + +objectclass (1.3.6.1.4.1.38414.62.2.7 NAME 'fdTasksMail' + DESC 'FusionDirectory - Tasks objects Mail' + SUP top AUXILIARY + MUST ( fdTasksMailObject $ fdTasksEmailSender ) + MAY ( fdTasksMailUsers $ fdTasksEmailsFromDN $ fdTasksMailType $ fdTasksEmailBCC ) ) + +objectclass (1.3.6.1.4.1.38414.62.2.8 NAME 'fdTasksGranular' + DESC 'FusionDirectory - Tasks granular objects' + MUST ( fdTasksGranularMaster $ cn $ fdTasksGranularType $ fdTasksGranularSchedule $ fdTasksGranularStatus $ fdTasksGranularCreationDate ) + MAY (fdTasksGranularMailBCC $ fdTasksGranularDN $ fdTasksGranularRef $ fdTasksGranularMail $ fdTasksGranularMailFrom $ fdTasksGranularHelper $ fdTasksGranularLastExec $ fdTasksGranularNextExec)) + +objectclass (1.3.6.1.4.1.38414.62.2.9 NAME 'fdTasksConf' + DESC 'FusionDirectory - Tasks objects Configuration' + SUP top AUXILIARY + MUST ( cn ) + MAY ( fdTasksRDN $ fdTasksConfLastExecTime $ fdTasksConfMaxEmails $ fdTasksConfIntervalEmails)) + +### token objectclass ### + +objectclass ( 1.3.6.1.4.1.38414.62.2.11 NAME 'fdTokenEntry' + SUP top STRUCTURAL + DESC 'FusionDirectory - Class for token storage' + MUST ( cn $ fdTokenUserDN $ fdTokenType $ fdToken $ fdTokenTimestamp )) diff --git a/etc/openldap/schema/ldapns.schema b/etc/openldap/schema/ldapns.schema new file mode 100644 index 0000000..21ae00c --- /dev/null +++ b/etc/openldap/schema/ldapns.schema @@ -0,0 +1,23 @@ +# $Id: ldapns.schema,v 1.3 2003/05/29 12:57:29 lukeh Exp $ + +# LDAP Name Service Additional Schema + +# http://www.iana.org/assignments/gssapi-service-names + +attributetype ( 1.3.6.1.4.1.5322.17.2.1 NAME 'authorizedService' + DESC 'IANA GSS-API authorized service name' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +objectclass ( 1.3.6.1.4.1.5322.17.1.1 NAME 'authorizedServiceObject' + DESC 'Auxiliary object class for adding authorizedService attribute' + SUP top + AUXILIARY + MAY authorizedService ) + +objectclass ( 1.3.6.1.4.1.5322.17.1.2 NAME 'hostObject' + DESC 'Auxiliary object class for adding host attribute' + SUP top + AUXILIARY + MAY host ) + diff --git a/etc/openldap/schema/rfc2307bis.schema b/etc/openldap/schema/rfc2307bis.schema new file mode 100644 index 0000000..db34365 --- /dev/null +++ b/etc/openldap/schema/rfc2307bis.schema @@ -0,0 +1,288 @@ +# builtin +# +#attributetype ( 1.3.6.1.1.1.1.0 NAME 'uidNumber' +# DESC 'An integer uniquely identifying a user in an administrative domain' +# EQUALITY integerMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 +# SINGLE-VALUE ) + +# builtin +# +#attributetype ( 1.3.6.1.1.1.1.1 NAME 'gidNumber' +# DESC 'An integer uniquely identifying a group in an +# administrative domain' +# EQUALITY integerMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 +# SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.2 NAME 'gecos' + DESC 'The GECOS field; the common name' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' + DESC 'The absolute path to the home directory' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.4 NAME 'loginShell' + DESC 'The path to the login shell' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.6 NAME 'shadowMin' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.7 NAME 'shadowMax' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.12 NAME 'memberUid' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' + DESC 'Netgroup triple' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' + DESC 'Service port number' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' + DESC 'Service protocol name' + SUP name ) + +attributetype ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' + DESC 'IP protocol number' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' + DESC 'ONC RPC number' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) +attributetype ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' + DESC 'IPv4 addresses as a dotted decimal omitting leading + zeros or IPv6 addresses as defined in RFC2373' + SUP name ) + +attributetype ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' + DESC 'IP network as a dotted decimal, eg. 192.168, + omitting leading zeros' + SUP name + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' + DESC 'IP netmask as a dotted decimal, eg. 255.255.255.0, + omitting leading zeros' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.22 NAME 'macAddress' + DESC 'MAC address in maximal, colon separated hex + notation, eg. 00:00:92:90:ee:e2' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.1.1.1.23 NAME 'bootParameter' + DESC 'rpc.bootparamd parameter' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.1.1.1.24 NAME 'bootFile' + DESC 'Boot image name' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.1.1.1.26 NAME 'nisMapName' + DESC 'Name of a A generic NIS map' + SUP name ) + +attributetype ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' + DESC 'A generic NIS entry' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.28 NAME 'nisPublicKey' + DESC 'NIS public key' + EQUALITY octetStringMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.29 NAME 'nisSecretKey' + DESC 'NIS secret key' + EQUALITY octetStringMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.30 NAME 'nisDomain' + DESC 'NIS domain' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26) + +attributetype ( 1.3.6.1.1.1.1.31 NAME 'automountMapName' + DESC 'automount Map Name' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.32 NAME 'automountKey' + DESC 'Automount Key value' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.33 NAME 'automountInformation' + DESC 'Automount information' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +objectclass ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' SUP top AUXILIARY + DESC 'Abstraction of an account with POSIX attributes' + MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory ) + MAY ( userPassword $ loginShell $ gecos $ + description ) ) + +objectclass ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' SUP top AUXILIARY + DESC 'Additional attributes for shadow passwords' + MUST uid + MAY ( userPassword $ description $ + shadowLastChange $ shadowMin $ shadowMax $ + shadowWarning $ shadowInactive $ + shadowExpire $ shadowFlag ) ) + +objectclass ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' SUP top AUXILIARY + DESC 'Abstraction of a group of accounts' + MUST gidNumber + MAY ( userPassword $ memberUid $ + description ) ) + +objectclass ( 1.3.6.1.1.1.2.3 NAME 'ipService' SUP top STRUCTURAL + DESC 'Abstraction an Internet Protocol service. + Maps an IP port and protocol (such as tcp or udp) + to one or more names; the distinguished value of + the cn attribute denotes the services canonical + name' + MUST ( cn $ ipServicePort $ ipServiceProtocol ) + MAY description ) + +objectclass ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' SUP top STRUCTURAL + DESC 'Abstraction of an IP protocol. Maps a protocol number + to one or more names. The distinguished value of the cn + attribute denotes the protocols canonical name' + MUST ( cn $ ipProtocolNumber ) + MAY description ) + +objectclass ( 1.3.6.1.1.1.2.5 NAME 'oncRpc' SUP top STRUCTURAL + DESC 'Abstraction of an Open Network Computing (ONC) + [RFC1057] Remote Procedure Call (RPC) binding. + This class maps an ONC RPC number to a name. + The distinguished value of the cn attribute denotes + the RPC services canonical name' + MUST ( cn $ oncRpcNumber ) + MAY description ) + +objectclass ( 1.3.6.1.1.1.2.6 NAME 'ipHost' SUP top AUXILIARY + DESC 'Abstraction of a host, an IP device. The distinguished + value of the cn attribute denotes the hosts canonical + name. Device SHOULD be used as a structural class' + MUST ( cn $ ipHostNumber ) + MAY ( userPassword $ l $ description $ manager ) ) + +objectclass ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' SUP top STRUCTURAL + DESC 'Abstraction of a network. The distinguished value of + the cn attribute denotes the networks canonical name' + MUST ipNetworkNumber + MAY ( cn $ ipNetmaskNumber $ l $ description $ manager ) ) + +objectclass ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' SUP top STRUCTURAL + DESC 'Abstraction of a netgroup. May refer to other netgroups' + MUST cn + MAY ( nisNetgroupTriple $ memberNisNetgroup $ description ) ) + +objectclass ( 1.3.6.1.1.1.2.9 NAME 'nisMap' SUP top STRUCTURAL + DESC 'A generic abstraction of a NIS map' + MUST nisMapName + MAY description ) + +objectclass ( 1.3.6.1.1.1.2.10 NAME 'nisObject' SUP top STRUCTURAL + DESC 'An entry in a NIS map' + MUST ( cn $ nisMapEntry $ nisMapName ) + MAY description ) + +objectclass ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' SUP top AUXILIARY + DESC 'A device with a MAC address; device SHOULD be + used as a structural class' + MAY macAddress ) + +objectclass ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' SUP top AUXILIARY + DESC 'A device with boot parameters; device SHOULD be + used as a structural class' + MAY ( bootFile $ bootParameter ) ) + +objectclass ( 1.3.6.1.1.1.2.14 NAME 'nisKeyObject' SUP top AUXILIARY + DESC 'An object with a public and secret key' + MUST ( cn $ nisPublicKey $ nisSecretKey ) + MAY ( uidNumber $ description ) ) + +objectclass ( 1.3.6.1.1.1.2.15 NAME 'nisDomainObject' SUP top AUXILIARY + DESC 'Associates a NIS domain with a naming context' + MUST nisDomain ) + +objectclass ( 1.3.6.1.1.1.2.16 NAME 'automountMap' SUP top STRUCTURAL + MUST ( automountMapName ) + MAY description ) + +objectclass ( 1.3.6.1.1.1.2.17 NAME 'automount' SUP top STRUCTURAL + DESC 'Automount information' + MUST ( automountKey $ automountInformation ) + MAY description ) +## namedObject is needed for groups without members +objectclass ( 1.3.6.1.4.1.5322.13.1.1 NAME 'namedObject' SUP top + STRUCTURAL MAY cn ) + diff --git a/etc/openldap/schema/template-fd.schema b/etc/openldap/schema/template-fd.schema new file mode 100644 index 0000000..a90ca87 --- /dev/null +++ b/etc/openldap/schema/template-fd.schema @@ -0,0 +1,16 @@ +## +## template-fd.schema - Needed by Fusion Directory for managing templates +## + +# Attributes +attributetype ( 1.3.6.1.4.1.38414.38.1.1 NAME 'fdTemplateField' + DESC 'FusionDirectory - template field' + EQUALITY octetStringMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40) + +# Objectclasses +objectclass (1.3.6.1.4.1.38414.38.2.1 NAME 'fdTemplate' + DESC 'FusionDirectory - template object' + MUST ( cn ) + MAY ( fdTemplateField ) ) From 53a5c90c91d120309f4d12bc7a8364df2b0cca1e Mon Sep 17 00:00:00 2001 From: Darren 'Tadgy' Austin Date: Wed, 29 Oct 2025 17:11:28 +0000 Subject: [PATCH 24/26] PHP configs. --- .gitattributesdb | 50 ++ etc/php83/conf.d/00_bcmath.ini | 1 + etc/php83/conf.d/00_bz2.ini | 1 + etc/php83/conf.d/00_curl.ini | 1 + etc/php83/conf.d/00_gd.ini | 1 + etc/php83/conf.d/00_gettext.ini | 1 + etc/php83/conf.d/00_gmp.ini | 1 + etc/php83/conf.d/00_iconv.ini | 1 + etc/php83/conf.d/00_imap.ini | 1 + etc/php83/conf.d/00_intl.ini | 1 + etc/php83/conf.d/00_ldap.ini | 1 + etc/php83/conf.d/00_mbstring.ini | 1 + etc/php83/conf.d/00_opcache.ini | 1 + etc/php83/conf.d/00_openssl.ini | 1 + etc/php83/conf.d/00_posix.ini | 1 + etc/php83/conf.d/00_session.ini | 1 + etc/php83/conf.d/00_simplexml.ini | 1 + etc/php83/conf.d/00_sodium.ini | 1 + etc/php83/conf.d/00_sqlite3.ini | 1 + etc/php83/conf.d/00_xml.ini | 1 + etc/php83/conf.d/00_zip.ini | 1 + etc/php83/conf.d/01_phar.ini | 1 + etc/php83/conf.d/99_bcmath.ini | 4 + etc/php83/conf.d/99_curl.ini | 4 + etc/php83/conf.d/99_dba.ini | 2 + etc/php83/conf.d/99_exif.ini | 23 + etc/php83/conf.d/99_ffi.ini | 9 + etc/php83/conf.d/99_gd.ini | 6 + etc/php83/conf.d/99_iconv.ini | 17 + etc/php83/conf.d/99_imap.ini | 6 + etc/php83/conf.d/99_intl.ini | 7 + etc/php83/conf.d/99_ldap.ini | 3 + etc/php83/conf.d/99_mbstring | 78 +++ etc/php83/conf.d/99_mysqli.ini | 48 ++ etc/php83/conf.d/99_mysqlnd.ini | 33 ++ etc/php83/conf.d/99_odbc.ini | 40 ++ etc/php83/conf.d/99_opcache.ini | 148 ++++++ etc/php83/conf.d/99_openssl.ini | 17 + etc/php83/conf.d/99_pdo.ini | 6 + etc/php83/conf.d/99_pdo_mysql.ini | 4 + etc/php83/conf.d/99_pgsql.ini | 27 + etc/php83/conf.d/99_phar.ini | 8 + etc/php83/conf.d/99_session.ini | 269 ++++++++++ etc/php83/conf.d/99_soap.ini | 16 + etc/php83/conf.d/99_sqlite3.ini | 13 + etc/php83/conf.d/99_sysvshm.ini | 3 + etc/php83/conf.d/99_tidy.ini | 10 + etc/php83/conf.d/imagick.ini | 1 + etc/php83/php-fpm.conf | 143 +++++ etc/php83/php-fpm.d/www.conf | 424 +++++++++++++++ etc/php83/php.ini | 844 ++++++++++++++++++++++++++++++ 51 files changed, 2284 insertions(+) create mode 100644 etc/php83/conf.d/00_bcmath.ini create mode 100644 etc/php83/conf.d/00_bz2.ini create mode 100644 etc/php83/conf.d/00_curl.ini create mode 100644 etc/php83/conf.d/00_gd.ini create mode 100644 etc/php83/conf.d/00_gettext.ini create mode 100644 etc/php83/conf.d/00_gmp.ini create mode 100644 etc/php83/conf.d/00_iconv.ini create mode 100644 etc/php83/conf.d/00_imap.ini create mode 100644 etc/php83/conf.d/00_intl.ini create mode 100644 etc/php83/conf.d/00_ldap.ini create mode 100644 etc/php83/conf.d/00_mbstring.ini create mode 100644 etc/php83/conf.d/00_opcache.ini create mode 100644 etc/php83/conf.d/00_openssl.ini create mode 100644 etc/php83/conf.d/00_posix.ini create mode 100644 etc/php83/conf.d/00_session.ini create mode 100644 etc/php83/conf.d/00_simplexml.ini create mode 100644 etc/php83/conf.d/00_sodium.ini create mode 100644 etc/php83/conf.d/00_sqlite3.ini create mode 100644 etc/php83/conf.d/00_xml.ini create mode 100644 etc/php83/conf.d/00_zip.ini create mode 100644 etc/php83/conf.d/01_phar.ini create mode 100644 etc/php83/conf.d/99_bcmath.ini create mode 100644 etc/php83/conf.d/99_curl.ini create mode 100644 etc/php83/conf.d/99_dba.ini create mode 100644 etc/php83/conf.d/99_exif.ini create mode 100644 etc/php83/conf.d/99_ffi.ini create mode 100644 etc/php83/conf.d/99_gd.ini create mode 100644 etc/php83/conf.d/99_iconv.ini create mode 100644 etc/php83/conf.d/99_imap.ini create mode 100644 etc/php83/conf.d/99_intl.ini create mode 100644 etc/php83/conf.d/99_ldap.ini create mode 100644 etc/php83/conf.d/99_mbstring create mode 100644 etc/php83/conf.d/99_mysqli.ini create mode 100644 etc/php83/conf.d/99_mysqlnd.ini create mode 100644 etc/php83/conf.d/99_odbc.ini create mode 100644 etc/php83/conf.d/99_opcache.ini create mode 100644 etc/php83/conf.d/99_openssl.ini create mode 100644 etc/php83/conf.d/99_pdo.ini create mode 100644 etc/php83/conf.d/99_pdo_mysql.ini create mode 100644 etc/php83/conf.d/99_pgsql.ini create mode 100644 etc/php83/conf.d/99_phar.ini create mode 100644 etc/php83/conf.d/99_session.ini create mode 100644 etc/php83/conf.d/99_soap.ini create mode 100644 etc/php83/conf.d/99_sqlite3.ini create mode 100644 etc/php83/conf.d/99_sysvshm.ini create mode 100644 etc/php83/conf.d/99_tidy.ini create mode 100644 etc/php83/conf.d/imagick.ini create mode 100644 etc/php83/php-fpm.conf create mode 100644 etc/php83/php-fpm.d/www.conf create mode 100644 etc/php83/php.ini diff --git a/.gitattributesdb b/.gitattributesdb index fd1d78b..60d0b26 100644 --- a/.gitattributesdb +++ b/.gitattributesdb @@ -59,6 +59,56 @@ ZXRjL3BlcmlvZGljL2RhaWx5LzEwLWRlaHlkcmF0ZWQ= 1757708520 1757708520 root:root 077 ZXRjL3BlcmlvZGljL2RhaWx5LzUtdXBkYXRlLXBhY2thZ2VzLWxpc3Q= 1757708520 1757708520 root:root 0777 - - ZXRjL3BlcmlvZGljL2RhaWx5Lzctd2Fybi1naXQtc3RhdHVz 1757708520 1757708520 root:root 0777 - - ZXRjL3BlcmlvZGljL3dlZWtseS85LWNsZWFuLXBocA== 1758294154 1758289390 root:root 0755 - - +ZXRjL3BocDgzL2NvbmYuZC8wMF9iY21hdGguaW5p 1754432591 1754432591 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC8wMF9iejIuaW5p 1754432591 1754432591 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC8wMF9jdXJsLmluaQ== 1754432591 1754432591 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC8wMF9nZC5pbmk= 1758756479 1758756479 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC8wMF9nZXR0ZXh0LmluaQ== 1754432591 1754432591 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC8wMF9nbXAuaW5p 1754432591 1754432591 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC8wMF9pY29udi5pbmk= 1754432591 1754432591 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC8wMF9pbWFwLmluaQ== 1758756479 1758756479 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC8wMF9pbnRsLmluaQ== 1754432591 1754432591 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC8wMF9sZGFwLmluaQ== 1754432591 1754432591 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC8wMF9tYnN0cmluZy5pbmk= 1754432591 1754432591 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC8wMF9vcGNhY2hlLmluaQ== 1754432591 1754432591 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC8wMF9vcGVuc3NsLmluaQ== 1754432591 1754432591 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC8wMF9wb3NpeC5pbmk= 1754432591 1754432591 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC8wMF9zZXNzaW9uLmluaQ== 1754432591 1754432591 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC8wMF9zaW1wbGV4bWwuaW5p 1754432591 1754432591 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC8wMF9zb2RpdW0uaW5p 1758756479 1758756479 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC8wMF9zcWxpdGUzLmluaQ== 1754432591 1754432591 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC8wMF94bWwuaW5p 1754432591 1754432591 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC8wMF96aXAuaW5p 1754432591 1754432591 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC8wMV9waGFyLmluaQ== 1754432591 1754432591 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC85OV9iY21hdGguaW5p 1758566165 1758566165 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC85OV9jdXJsLmluaQ== 1758566165 1758566165 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC85OV9kYmEuaW5p 1758566165 1758566165 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC85OV9leGlmLmluaQ== 1758566165 1758566165 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC85OV9mZmkuaW5p 1758566165 1758566165 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC85OV9nZC5pbmk= 1758566165 1758566165 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC85OV9pY29udi5pbmk= 1758566165 1758566165 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC85OV9pbWFwLmluaQ== 1758566165 1758566165 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC85OV9pbnRsLmluaQ== 1758566165 1758566165 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC85OV9sZGFwLmluaQ== 1758566165 1758566165 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC85OV9tYnN0cmluZw== 1758566165 1758566165 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC85OV9teXNxbGkuaW5p 1758566165 1758566165 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC85OV9teXNxbG5kLmluaQ== 1758566165 1758566165 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC85OV9vZGJjLmluaQ== 1758566165 1758566165 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC85OV9vcGNhY2hlLmluaQ== 1758566165 1758566165 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC85OV9vcGVuc3NsLmluaQ== 1758566165 1758566165 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC85OV9wZG8uaW5p 1758566165 1758566165 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC85OV9wZG9fbXlzcWwuaW5p 1758566165 1758566165 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC85OV9wZ3NxbC5pbmk= 1758566165 1758566165 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC85OV9waGFyLmluaQ== 1758566165 1758566165 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC85OV9zZXNzaW9uLmluaQ== 1760206689 1758566165 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC85OV9zb2FwLmluaQ== 1758566165 1758566165 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC85OV9zcWxpdGUzLmluaQ== 1758566165 1758566165 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC85OV9zeXN2c2htLmluaQ== 1758566165 1758566165 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC85OV90aWR5LmluaQ== 1758566165 1758566165 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC9pbWFnaWNrLmluaQ== 1755096904 1755096904 root:root 0644 - - +ZXRjL3BocDgzL3BocC1mcG0uY29uZg== 1758566251 1758566184 root:root 0644 - - +ZXRjL3BocDgzL3BocC1mcG0uZC93d3cuY29uZg== 1758566277 1758566199 root:root 0644 - - +ZXRjL3BocDgzL3BocC5pbmk= 1759845481 1758566175 root:root 0644 - - ZXRjL3BrZ2xpc3Q= 1761696000 1757609913 root:root 0644 - - ZXRjL3BsYS9jb25maWcucGhwLmdwZw== 1761052640 1758539944 root:root 0644 - - ZXRjL3B1c2hvdmVyLWNsaWVudC9kZWZhdWx0 1758224985 1758224590 root:root 0600 - - diff --git a/etc/php83/conf.d/00_bcmath.ini b/etc/php83/conf.d/00_bcmath.ini new file mode 100644 index 0000000..6813a0b --- /dev/null +++ b/etc/php83/conf.d/00_bcmath.ini @@ -0,0 +1 @@ +extension=bcmath diff --git a/etc/php83/conf.d/00_bz2.ini b/etc/php83/conf.d/00_bz2.ini new file mode 100644 index 0000000..d0b5b0f --- /dev/null +++ b/etc/php83/conf.d/00_bz2.ini @@ -0,0 +1 @@ +extension=bz2 diff --git a/etc/php83/conf.d/00_curl.ini b/etc/php83/conf.d/00_curl.ini new file mode 100644 index 0000000..89fa13d --- /dev/null +++ b/etc/php83/conf.d/00_curl.ini @@ -0,0 +1 @@ +extension=curl diff --git a/etc/php83/conf.d/00_gd.ini b/etc/php83/conf.d/00_gd.ini new file mode 100644 index 0000000..bb35ed0 --- /dev/null +++ b/etc/php83/conf.d/00_gd.ini @@ -0,0 +1 @@ +extension=gd diff --git a/etc/php83/conf.d/00_gettext.ini b/etc/php83/conf.d/00_gettext.ini new file mode 100644 index 0000000..549944c --- /dev/null +++ b/etc/php83/conf.d/00_gettext.ini @@ -0,0 +1 @@ +extension=gettext diff --git a/etc/php83/conf.d/00_gmp.ini b/etc/php83/conf.d/00_gmp.ini new file mode 100644 index 0000000..1b2be41 --- /dev/null +++ b/etc/php83/conf.d/00_gmp.ini @@ -0,0 +1 @@ +extension=gmp diff --git a/etc/php83/conf.d/00_iconv.ini b/etc/php83/conf.d/00_iconv.ini new file mode 100644 index 0000000..4711441 --- /dev/null +++ b/etc/php83/conf.d/00_iconv.ini @@ -0,0 +1 @@ +extension=iconv diff --git a/etc/php83/conf.d/00_imap.ini b/etc/php83/conf.d/00_imap.ini new file mode 100644 index 0000000..d026b09 --- /dev/null +++ b/etc/php83/conf.d/00_imap.ini @@ -0,0 +1 @@ +extension=imap diff --git a/etc/php83/conf.d/00_intl.ini b/etc/php83/conf.d/00_intl.ini new file mode 100644 index 0000000..63f20e8 --- /dev/null +++ b/etc/php83/conf.d/00_intl.ini @@ -0,0 +1 @@ +extension=intl diff --git a/etc/php83/conf.d/00_ldap.ini b/etc/php83/conf.d/00_ldap.ini new file mode 100644 index 0000000..5d67d7d --- /dev/null +++ b/etc/php83/conf.d/00_ldap.ini @@ -0,0 +1 @@ +extension=ldap diff --git a/etc/php83/conf.d/00_mbstring.ini b/etc/php83/conf.d/00_mbstring.ini new file mode 100644 index 0000000..0e3a392 --- /dev/null +++ b/etc/php83/conf.d/00_mbstring.ini @@ -0,0 +1 @@ +extension=mbstring diff --git a/etc/php83/conf.d/00_opcache.ini b/etc/php83/conf.d/00_opcache.ini new file mode 100644 index 0000000..592cb59 --- /dev/null +++ b/etc/php83/conf.d/00_opcache.ini @@ -0,0 +1 @@ +zend_extension=opcache diff --git a/etc/php83/conf.d/00_openssl.ini b/etc/php83/conf.d/00_openssl.ini new file mode 100644 index 0000000..355624b --- /dev/null +++ b/etc/php83/conf.d/00_openssl.ini @@ -0,0 +1 @@ +extension=openssl diff --git a/etc/php83/conf.d/00_posix.ini b/etc/php83/conf.d/00_posix.ini new file mode 100644 index 0000000..e58281c --- /dev/null +++ b/etc/php83/conf.d/00_posix.ini @@ -0,0 +1 @@ +extension=posix diff --git a/etc/php83/conf.d/00_session.ini b/etc/php83/conf.d/00_session.ini new file mode 100644 index 0000000..7482518 --- /dev/null +++ b/etc/php83/conf.d/00_session.ini @@ -0,0 +1 @@ +extension=session diff --git a/etc/php83/conf.d/00_simplexml.ini b/etc/php83/conf.d/00_simplexml.ini new file mode 100644 index 0000000..c88c0ae --- /dev/null +++ b/etc/php83/conf.d/00_simplexml.ini @@ -0,0 +1 @@ +extension=simplexml diff --git a/etc/php83/conf.d/00_sodium.ini b/etc/php83/conf.d/00_sodium.ini new file mode 100644 index 0000000..2932bf4 --- /dev/null +++ b/etc/php83/conf.d/00_sodium.ini @@ -0,0 +1 @@ +extension=sodium diff --git a/etc/php83/conf.d/00_sqlite3.ini b/etc/php83/conf.d/00_sqlite3.ini new file mode 100644 index 0000000..7ee602b --- /dev/null +++ b/etc/php83/conf.d/00_sqlite3.ini @@ -0,0 +1 @@ +extension=sqlite3 diff --git a/etc/php83/conf.d/00_xml.ini b/etc/php83/conf.d/00_xml.ini new file mode 100644 index 0000000..971783d --- /dev/null +++ b/etc/php83/conf.d/00_xml.ini @@ -0,0 +1 @@ +extension=xml diff --git a/etc/php83/conf.d/00_zip.ini b/etc/php83/conf.d/00_zip.ini new file mode 100644 index 0000000..08a7894 --- /dev/null +++ b/etc/php83/conf.d/00_zip.ini @@ -0,0 +1 @@ +extension=zip diff --git a/etc/php83/conf.d/01_phar.ini b/etc/php83/conf.d/01_phar.ini new file mode 100644 index 0000000..c535cef --- /dev/null +++ b/etc/php83/conf.d/01_phar.ini @@ -0,0 +1 @@ +extension=phar diff --git a/etc/php83/conf.d/99_bcmath.ini b/etc/php83/conf.d/99_bcmath.ini new file mode 100644 index 0000000..0e9b8b5 --- /dev/null +++ b/etc/php83/conf.d/99_bcmath.ini @@ -0,0 +1,4 @@ +[bcmath] +; Number of decimal digits for all bcmath functions. +; http://php.net/bcmath.scale +bcmath.scale = 0 diff --git a/etc/php83/conf.d/99_curl.ini b/etc/php83/conf.d/99_curl.ini new file mode 100644 index 0000000..16b978e --- /dev/null +++ b/etc/php83/conf.d/99_curl.ini @@ -0,0 +1,4 @@ +[curl] +; A default value for the CURLOPT_CAINFO option. This is required to be an +; absolute path. +;curl.cainfo = diff --git a/etc/php83/conf.d/99_dba.ini b/etc/php83/conf.d/99_dba.ini new file mode 100644 index 0000000..e5bc8bf --- /dev/null +++ b/etc/php83/conf.d/99_dba.ini @@ -0,0 +1,2 @@ +[dba] +;dba.default_handler= diff --git a/etc/php83/conf.d/99_exif.ini b/etc/php83/conf.d/99_exif.ini new file mode 100644 index 0000000..b31c0ce --- /dev/null +++ b/etc/php83/conf.d/99_exif.ini @@ -0,0 +1,23 @@ +[exif] +; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS. +; With mbstring support this will automatically be converted into the encoding +; given by corresponding encode setting. When empty mbstring.internal_encoding +; is used. For the decode settings you can distinguish between motorola and +; intel byte order. A decode setting cannot be empty. +; http://php.net/exif.encode-unicode +;exif.encode_unicode = ISO-8859-15 + +; http://php.net/exif.decode-unicode-motorola +;exif.decode_unicode_motorola = UCS-2BE + +; http://php.net/exif.decode-unicode-intel +;exif.decode_unicode_intel = UCS-2LE + +; http://php.net/exif.encode-jis +;exif.encode_jis = + +; http://php.net/exif.decode-jis-motorola +;exif.decode_jis_motorola = JIS + +; http://php.net/exif.decode-jis-intel +;exif.decode_jis_intel = JIS diff --git a/etc/php83/conf.d/99_ffi.ini b/etc/php83/conf.d/99_ffi.ini new file mode 100644 index 0000000..2066c5d --- /dev/null +++ b/etc/php83/conf.d/99_ffi.ini @@ -0,0 +1,9 @@ +[ffi] +; FFI API restriction. Possible values: +; "preload" - enabled in CLI scripts and preloaded files (default) +; "false" - always disabled +; "true" - always enabled +;ffi.enable=preload + +; List of headers files to preload, wildcard patterns allowed. +;ffi.preload= diff --git a/etc/php83/conf.d/99_gd.ini b/etc/php83/conf.d/99_gd.ini new file mode 100644 index 0000000..9da3c78 --- /dev/null +++ b/etc/php83/conf.d/99_gd.ini @@ -0,0 +1,6 @@ +[gd] +; Tell the jpeg decode to ignore warnings and try to create +; a gd image. The warning will then be displayed as notices +; disabled by default +; http://php.net/gd.jpeg-ignore-warning +;gd.jpeg_ignore_warning = 1 diff --git a/etc/php83/conf.d/99_iconv.ini b/etc/php83/conf.d/99_iconv.ini new file mode 100644 index 0000000..14bcfd5 --- /dev/null +++ b/etc/php83/conf.d/99_iconv.ini @@ -0,0 +1,17 @@ +[iconv] +; Use of this INI entry is deprecated, use global input_encoding instead. +; If empty, default_charset or input_encoding or iconv.input_encoding is used. +; The precedence is: default_charset < input_encoding < iconv.input_encoding +;iconv.input_encoding = + +; Use of this INI entry is deprecated, use global internal_encoding instead. +; If empty, default_charset or internal_encoding or iconv.internal_encoding is used. +; The precedence is: default_charset < internal_encoding < iconv.internal_encoding +;iconv.internal_encoding = + +; Use of this INI entry is deprecated, use global output_encoding instead. +; If empty, default_charset or output_encoding or iconv.output_encoding is used. +; The precedence is: default_charset < output_encoding < iconv.output_encoding +; To use an output encoding conversion, iconv's output handler must be set +; otherwise output encoding conversion cannot be performed. +;iconv.output_encoding = diff --git a/etc/php83/conf.d/99_imap.ini b/etc/php83/conf.d/99_imap.ini new file mode 100644 index 0000000..060b23c --- /dev/null +++ b/etc/php83/conf.d/99_imap.ini @@ -0,0 +1,6 @@ +[imap] +; rsh/ssh logins are disabled by default. Use this INI entry if you want to +; enable them. Note that the IMAP library does not filter mailbox names before +; passing them to rsh/ssh command, thus passing untrusted data to this function +; with rsh/ssh enabled is insecure. +;imap.enable_insecure_rsh=0 diff --git a/etc/php83/conf.d/99_intl.ini b/etc/php83/conf.d/99_intl.ini new file mode 100644 index 0000000..c36c85c --- /dev/null +++ b/etc/php83/conf.d/99_intl.ini @@ -0,0 +1,7 @@ +[intl] +;intl.default_locale = +; This directive allows you to produce PHP errors when some error +; happens within intl functions. The value is the level of the error produced. +; Default is 0, which does not produce any errors. +;intl.error_level = E_WARNING +;intl.use_exceptions = 0 diff --git a/etc/php83/conf.d/99_ldap.ini b/etc/php83/conf.d/99_ldap.ini new file mode 100644 index 0000000..941d8b2 --- /dev/null +++ b/etc/php83/conf.d/99_ldap.ini @@ -0,0 +1,3 @@ +[ldap] +; Sets the maximum number of open links or -1 for unlimited. +ldap.max_links = -1 diff --git a/etc/php83/conf.d/99_mbstring b/etc/php83/conf.d/99_mbstring new file mode 100644 index 0000000..a5dbc73 --- /dev/null +++ b/etc/php83/conf.d/99_mbstring @@ -0,0 +1,78 @@ +[mbstring] +; language for internal character representation. +; This affects mb_send_mail() and mbstring.detect_order. +; http://php.net/mbstring.language +;mbstring.language = Japanese + +; Use of this INI entry is deprecated, use global internal_encoding instead. +; internal/script encoding. +; Some encoding cannot work as internal encoding. (e.g. SJIS, BIG5, ISO-2022-*) +; If empty, default_charset or internal_encoding or iconv.internal_encoding is used. +; The precedence is: default_charset < internal_encoding < iconv.internal_encoding +;mbstring.internal_encoding = + +; Use of this INI entry is deprecated, use global input_encoding instead. +; http input encoding. +; mbstring.encoding_translation = On is needed to use this setting. +; If empty, default_charset or input_encoding or mbstring.input is used. +; The precedence is: default_charset < input_encoding < mbstring.http_input +; http://php.net/mbstring.http-input +;mbstring.http_input = + +; Use of this INI entry is deprecated, use global output_encoding instead. +; http output encoding. +; mb_output_handler must be registered as output buffer to function. +; If empty, default_charset or output_encoding or mbstring.http_output is used. +; The precedence is: default_charset < output_encoding < mbstring.http_output +; To use an output encoding conversion, mbstring's output handler must be set +; otherwise output encoding conversion cannot be performed. +; http://php.net/mbstring.http-output +;mbstring.http_output = + +; enable automatic encoding translation according to +; mbstring.internal_encoding setting. Input chars are +; converted to internal encoding by setting this to On. +; Note: Do _not_ use automatic encoding translation for +; portable libs/applications. +; http://php.net/mbstring.encoding-translation +;mbstring.encoding_translation = Off + +; automatic encoding detection order. +; "auto" detect order is changed according to mbstring.language +; http://php.net/mbstring.detect-order +;mbstring.detect_order = auto + +; substitute_character used when character cannot be converted +; one from another +; http://php.net/mbstring.substitute-character +;mbstring.substitute_character = none + +; overload(replace) single byte functions by mbstring functions. +; mail(), ereg(), etc are overloaded by mb_send_mail(), mb_ereg(), +; etc. Possible values are 0,1,2,4 or combination of them. +; For example, 7 for overload everything. +; 0: No overload +; 1: Overload mail() function +; 2: Overload str*() functions +; 4: Overload ereg*() functions +; http://php.net/mbstring.func-overload +mbstring.func_overload = 0 + +; enable strict encoding detection. +; Default: Off +;mbstring.strict_detection = On + +; This directive specifies the regex pattern of content types for which mb_output_handler() +; is activated. +; Default: mbstring.http_output_conv_mimetype=^(text/|application/xhtml\+xml) +;mbstring.http_output_conv_mimetype= + +; This directive specifies maximum stack depth for mbstring regular expressions. It is similar +; to the pcre.recursion_limit for PCRE. +; Default: 100000 +;mbstring.regex_stack_limit=100000 + +; This directive specifies maximum retry count for mbstring regular expressions. It is similar +; to the pcre.backtrack_limit for PCRE. +; Default: 1000000 +;mbstring.regex_retry_limit=1000000 diff --git a/etc/php83/conf.d/99_mysqli.ini b/etc/php83/conf.d/99_mysqli.ini new file mode 100644 index 0000000..a6c2571 --- /dev/null +++ b/etc/php83/conf.d/99_mysqli.ini @@ -0,0 +1,48 @@ +[MySQLi] + +; Maximum number of persistent links. -1 means no limit. +; http://php.net/mysqli.max-persistent +mysqli.max_persistent = -1 + +; Allow accessing, from PHP's perspective, local files with LOAD DATA statements +; http://php.net/mysqli.allow_local_infile +;mysqli.allow_local_infile = On + +; Allow or prevent persistent links. +; http://php.net/mysqli.allow-persistent +mysqli.allow_persistent = On + +; Maximum number of links. -1 means no limit. +; http://php.net/mysqli.max-links +mysqli.max_links = -1 + +; Default port number for mysqli_connect(). If unset, mysqli_connect() will use +; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the +; compile-time value defined MYSQL_PORT (in that order). Win32 will only look +; at MYSQL_PORT. +; http://php.net/mysqli.default-port +mysqli.default_port = 3306 + +; Default socket name for local MySQL connects. If empty, uses the built-in +; MySQL defaults. +; http://php.net/mysqli.default-socket +mysqli.default_socket = + +; Default host for mysqli_connect() (doesn't apply in safe mode). +; http://php.net/mysqli.default-host +mysqli.default_host = + +; Default user for mysqli_connect() (doesn't apply in safe mode). +; http://php.net/mysqli.default-user +mysqli.default_user = + +; Default password for mysqli_connect() (doesn't apply in safe mode). +; Note that this is generally a *bad* idea to store passwords in this file. +; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw") +; and reveal this password! And of course, any users with read access to this +; file will be able to reveal the password as well. +; http://php.net/mysqli.default-pw +mysqli.default_pw = + +; Allow or prevent reconnect +mysqli.reconnect = Off diff --git a/etc/php83/conf.d/99_mysqlnd.ini b/etc/php83/conf.d/99_mysqlnd.ini new file mode 100644 index 0000000..8d8978d --- /dev/null +++ b/etc/php83/conf.d/99_mysqlnd.ini @@ -0,0 +1,33 @@ +[mysqlnd] +; Enable / Disable collection of general statistics by mysqlnd which can be +; used to tune and monitor MySQL operations. +mysqlnd.collect_statistics = On + +; Enable / Disable collection of memory usage statistics by mysqlnd which can be +; used to tune and monitor MySQL operations. +mysqlnd.collect_memory_statistics = Off + +; Records communication from all extensions using mysqlnd to the specified log +; file. +; http://php.net/mysqlnd.debug +;mysqlnd.debug = + +; Defines which queries will be logged. +;mysqlnd.log_mask = 0 + +; Default size of the mysqlnd memory pool, which is used by result sets. +;mysqlnd.mempool_default_size = 16000 + +; Size of a pre-allocated buffer used when sending commands to MySQL in bytes. +;mysqlnd.net_cmd_buffer_size = 2048 + +; Size of a pre-allocated buffer used for reading data sent by the server in +; bytes. +;mysqlnd.net_read_buffer_size = 32768 + +; Timeout for network requests in seconds. +;mysqlnd.net_read_timeout = 31536000 + +; SHA-256 Authentication Plugin related. File with the MySQL server public RSA +; key. +;mysqlnd.sha256_server_public_key = diff --git a/etc/php83/conf.d/99_odbc.ini b/etc/php83/conf.d/99_odbc.ini new file mode 100644 index 0000000..13d3635 --- /dev/null +++ b/etc/php83/conf.d/99_odbc.ini @@ -0,0 +1,40 @@ +[ODBC] +; http://php.net/odbc.default-db +;odbc.default_db = Not yet implemented + +; http://php.net/odbc.default-user +;odbc.default_user = Not yet implemented + +; http://php.net/odbc.default-pw +;odbc.default_pw = Not yet implemented + +; Controls the ODBC cursor model. +; Default: SQL_CURSOR_STATIC (default). +;odbc.default_cursortype + +; Allow or prevent persistent links. +; http://php.net/odbc.allow-persistent +odbc.allow_persistent = On + +; Check that a connection is still valid before reuse. +; http://php.net/odbc.check-persistent +odbc.check_persistent = On + +; Maximum number of persistent links. -1 means no limit. +; http://php.net/odbc.max-persistent +odbc.max_persistent = -1 + +; Maximum number of links (persistent + non-persistent). -1 means no limit. +; http://php.net/odbc.max-links +odbc.max_links = -1 + +; Handling of LONG fields. Returns number of bytes to variables. 0 means +; passthru. +; http://php.net/odbc.defaultlrl +odbc.defaultlrl = 4096 + +; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char. +; See the documentation on odbc_binmode and odbc_longreadlen for an explanation +; of odbc.defaultlrl and odbc.defaultbinmode +; http://php.net/odbc.defaultbinmode +odbc.defaultbinmode = 1 diff --git a/etc/php83/conf.d/99_opcache.ini b/etc/php83/conf.d/99_opcache.ini new file mode 100644 index 0000000..3beda00 --- /dev/null +++ b/etc/php83/conf.d/99_opcache.ini @@ -0,0 +1,148 @@ +[opcache] +; Determines if Zend OPCache is enabled +opcache.enable=1 + +; Determines if Zend OPCache is enabled for the CLI version of PHP +opcache.enable_cli=0 + +; The OPcache shared memory storage size. +opcache.memory_consumption=64 + +; The amount of memory for interned strings in Mbytes. +;opcache.interned_strings_buffer=8 + +; The maximum number of keys (scripts) in the OPcache hash table. +; Only numbers between 200 and 1000000 are allowed. +opcache.max_accelerated_files=1000 + +; The maximum percentage of "wasted" memory until a restart is scheduled. +;opcache.max_wasted_percentage=5 + +; When this directive is enabled, the OPcache appends the current working +; directory to the script key, thus eliminating possible collisions between +; files with the same name (basename). Disabling the directive improves +; performance, but may break existing applications. +opcache.use_cwd=1 + +; When disabled, you must reset the OPcache manually or restart the +; webserver for changes to the filesystem to take effect. +;opcache.validate_timestamps=1 + +; How often (in seconds) to check file timestamps for changes to the shared +; memory storage allocation. ("1" means validate once per second, but only +; once per request. "0" means always validate) +;opcache.revalidate_freq=2 + +; Enables or disables file search in include_path optimization +;opcache.revalidate_path=0 + +; If disabled, all PHPDoc comments are dropped from the code to reduce the +; size of the optimized code. +opcache.save_comments=0 + +; Allow file existence override (file_exists, etc.) performance feature. +;opcache.enable_file_override=0 + +; A bitmask, where each bit enables or disables the appropriate OPcache +; passes +;opcache.optimization_level=0x7FFFBFFF + +;opcache.dups_fix=0 + +; The location of the OPcache blacklist file (wildcards allowed). +; Each OPcache blacklist file is a text file that holds the names of files +; that should not be accelerated. The file format is to add each filename +; to a new line. The filename may be a full path or just a file prefix +; (i.e., /var/www/x blacklists all the files and directories in /var/www +; that start with 'x'). Line starting with a ; are ignored (comments). +;opcache.blacklist_filename= + +; Allows exclusion of large files from being cached. By default all files +; are cached. +;opcache.max_file_size=0 + +; Check the cache checksum each N requests. +; The default value of "0" means that the checks are disabled. +;opcache.consistency_checks=0 + +; How long to wait (in seconds) for a scheduled restart to begin if the cache +; is not being accessed. +;opcache.force_restart_timeout=180 + +; OPcache error_log file name. Empty string assumes "stderr". +;opcache.error_log= + +; All OPcache errors go to the Web server log. +; By default, only fatal errors (level 0) or errors (level 1) are logged. +; You can also enable warnings (level 2), info messages (level 3) or +; debug messages (level 4). +;opcache.log_verbosity_level=1 + +; Preferred Shared Memory back-end. Leave empty and let the system decide. +;opcache.preferred_memory_model= + +; Protect the shared memory from unexpected writing during script execution. +; Useful for internal debugging only. +;opcache.protect_memory=0 + +; Allows calling OPcache API functions only from PHP scripts which path is +; started from specified string. The default "" means no restriction +;opcache.restrict_api= + +; Mapping base of shared memory segments (for Windows only). All the PHP +; processes have to map shared memory into the same address space. This +; directive allows to manually fix the "Unable to reattach to base address" +; errors. +;opcache.mmap_base= + +; Facilitates multiple OPcache instances per user (for Windows only). All PHP +; processes with the same cache ID and user share an OPcache instance. +;opcache.cache_id= + +; Enables and sets the second level cache directory. +; It should improve performance when SHM memory is full, at server restart or +; SHM reset. The default "" disables file based caching. +;opcache.file_cache= + +; Enables or disables opcode caching in shared memory. +;opcache.file_cache_only=0 + +; Enables or disables checksum validation when script loaded from file cache. +;opcache.file_cache_consistency_checks=1 + +; Implies opcache.file_cache_only=1 for a certain process that failed to +; reattach to the shared memory (for Windows only). Explicitly enabled file +; cache is required. +;opcache.file_cache_fallback=1 + +; Enables or disables copying of PHP code (text segment) into HUGE PAGES. +; This should improve performance, but requires appropriate OS configuration. +;opcache.huge_code_pages=1 + +; Validate cached file permissions. +;opcache.validate_permission=0 + +; Prevent name collisions in chroot'ed environment. +;opcache.validate_root=0 + +; If specified, it produces opcode dumps for debugging different stages of +; optimizations. +;opcache.opt_debug_level=0 + +; Specifies a PHP script that is going to be compiled and executed at server +; start-up. +; http://php.net/opcache.preload +;opcache.preload= + +; Preloading code as root is not allowed for security reasons. This directive +; facilitates to let the preloading to be run as another user. +; http://php.net/opcache.preload_user +;opcache.preload_user= + +; Prevents caching files that are less than this number of seconds old. It +; protects from caching of incompletely updated files. In case all file updates +; on your site are atomic, you may increase performance by setting it to "0". +;opcache.file_update_protection=2 + +; Absolute path used to store shared lockfiles (for *nix only). +;opcache.lockfile_path=/tmp diff --git a/etc/php83/conf.d/99_openssl.ini b/etc/php83/conf.d/99_openssl.ini new file mode 100644 index 0000000..ba95cd7 --- /dev/null +++ b/etc/php83/conf.d/99_openssl.ini @@ -0,0 +1,17 @@ +[openssl] +; The location of a Certificate Authority (CA) file on the local filesystem +; to use when verifying the identity of SSL/TLS peers. Most users should +; not specify a value for this directive as PHP will attempt to use the +; OS-managed cert stores in its absence. If specified, this value may still +; be overridden on a per-stream basis via the "cafile" SSL stream context +; option. +;openssl.cafile= + +; If openssl.cafile is not specified or if the CA file is not found, the +; directory pointed to by openssl.capath is searched for a suitable +; certificate. This value must be a correctly hashed certificate directory. +; Most users should not specify a value for this directive as PHP will +; attempt to use the OS-managed cert stores in its absence. If specified, +; this value may still be overridden on a per-stream basis via the "capath" +; SSL stream context option. +;openssl.capath= diff --git a/etc/php83/conf.d/99_pdo.ini b/etc/php83/conf.d/99_pdo.ini new file mode 100644 index 0000000..1e03675 --- /dev/null +++ b/etc/php83/conf.d/99_pdo.ini @@ -0,0 +1,6 @@ +[Pdo] +; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off" +; http://php.net/pdo-odbc.connection-pooling +;pdo_odbc.connection_pooling=strict + +;pdo_odbc.db2_instance_name diff --git a/etc/php83/conf.d/99_pdo_mysql.ini b/etc/php83/conf.d/99_pdo_mysql.ini new file mode 100644 index 0000000..1598241 --- /dev/null +++ b/etc/php83/conf.d/99_pdo_mysql.ini @@ -0,0 +1,4 @@ +[Pdo_mysql] +; Default socket name for local MySQL connects. If empty, uses the built-in +; MySQL defaults. +;pdo_mysql.default_socket= diff --git a/etc/php83/conf.d/99_pgsql.ini b/etc/php83/conf.d/99_pgsql.ini new file mode 100644 index 0000000..0b17fb5 --- /dev/null +++ b/etc/php83/conf.d/99_pgsql.ini @@ -0,0 +1,27 @@ +[PostgreSQL] +; Allow or prevent persistent links. +; http://php.net/pgsql.allow-persistent +pgsql.allow_persistent = On + +; Detect broken persistent links always with pg_pconnect(). +; Auto reset feature requires a little overheads. +; http://php.net/pgsql.auto-reset-persistent +pgsql.auto_reset_persistent = Off + +; Maximum number of persistent links. -1 means no limit. +; http://php.net/pgsql.max-persistent +pgsql.max_persistent = -1 + +; Maximum number of links (persistent+non persistent). -1 means no limit. +; http://php.net/pgsql.max-links +pgsql.max_links = -1 + +; Ignore PostgreSQL backends Notice message or not. +; Notice message logging require a little overheads. +; http://php.net/pgsql.ignore-notice +pgsql.ignore_notice = 0 + +; Log PostgreSQL backends Notice message or not. +; Unless pgsql.ignore_notice=0, module cannot log notice message. +; http://php.net/pgsql.log-notice +pgsql.log_notice = 0 diff --git a/etc/php83/conf.d/99_phar.ini b/etc/php83/conf.d/99_phar.ini new file mode 100644 index 0000000..e3fc161 --- /dev/null +++ b/etc/php83/conf.d/99_phar.ini @@ -0,0 +1,8 @@ +[Phar] +; http://php.net/phar.readonly +;phar.readonly = On + +; http://php.net/phar.require-hash +;phar.require_hash = On + +;phar.cache_list = diff --git a/etc/php83/conf.d/99_session.ini b/etc/php83/conf.d/99_session.ini new file mode 100644 index 0000000..214fac5 --- /dev/null +++ b/etc/php83/conf.d/99_session.ini @@ -0,0 +1,269 @@ +[Session] +; Handler used to store/retrieve data. +; http://php.net/session.save-handler +session.save_handler = files + +; Argument passed to save_handler. In the case of files, this is the path +; where data files are stored. Note: Windows users have to change this +; variable in order to use PHP's session functions. +; +; The path can be defined as: +; +; session.save_path = "N;/path" +; +; where N is an integer. Instead of storing all the session files in +; /path, what this will do is use subdirectories N-levels deep, and +; store the session data in those directories. This is useful if +; your OS has problems with many files in one directory, and is +; a more efficient layout for servers that handle many sessions. +; +; NOTE 1: PHP will not create this directory structure automatically. +; You can use the script in the ext/session dir for that purpose. +; NOTE 2: See the section on garbage collection below if you choose to +; use subdirectories for session storage +; +; The file storage module creates files using mode 600 by default. +; You can change that by using +; +; session.save_path = "N;MODE;/path" +; +; where MODE is the octal representation of the mode. Note that this +; does not overwrite the process's umask. +; http://php.net/session.save-path +session.save_path = "/var/lib/php/sessions" + +; Name of the session (used as cookie name). +; http://php.net/session.name +session.name = PHP_SESSION_ID + +; Initialize session on request startup. +; http://php.net/session.auto-start +;session.auto_start = 0 + +; Handler used to serialize data. php is the standard serializer of PHP. +; http://php.net/session.serialize-handler +session.serialize_handler = php_serialize + +; Defines the probability that the 'garbage collection' process is started on every +; session initialization. The probability is calculated by using gc_probability/gc_divisor, +; e.g. 1/100 means there is a 1% chance that the GC process starts on each request. +; Default Value: 1 +; Development Value: 1 +; Production Value: 1 +; http://php.net/session.gc-probability +;session.gc_probability = 1 + +; Defines the probability that the 'garbage collection' process is started on every +; session initialization. The probability is calculated by using gc_probability/gc_divisor, +; e.g. 1/100 means there is a 1% chance that the GC process starts on each request. +; For high volume production servers, using a value of 1000 is a more efficient approach. +; Default Value: 100 +; Development Value: 1000 +; Production Value: 1000 +; http://php.net/session.gc-divisor +;session.gc_divisor = 1000 + +; After this number of seconds, stored data will be seen as 'garbage' and +; cleaned up by the garbage collection process. +; http://php.net/session.gc-maxlifetime +session.gc_maxlifetime = 86400 + +; NOTE: If you are using the subdirectory option for storing session files +; (see session.save_path above), then garbage collection does *not* +; happen automatically. You will need to do your own garbage +; collection through a shell script, cron entry, or some other method. +; For example, the following script is the equivalent of setting +; session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): +; find /path/to/sessions -cmin +24 -type f | xargs rm + +; Check HTTP Referer to invalidate externally stored URLs containing ids. +; HTTP_REFERER has to contain this substring for the session to be +; considered as valid. +; http://php.net/session.referer-check +;session.referer_check = + +; Gives a path to an external resource (file) which will be used as an +; additional entropy source in the session id creation process. +;session.entropy_file string = /dev/urandom + +; Whether to use strict session mode. +; Strict session mode does not accept an uninitialized session ID, and +; regenerates the session ID if the browser sends an uninitialized session ID. +; Strict mode protects applications from session fixation via a session adoption +; vulnerability. It is disabled by default for maximum compatibility, but +; enabling it is encouraged. +; https://wiki.php.net/rfc/strict_sessions +;session.use_strict_mode = 0 + +; Whether to use cookies. +; http://php.net/session.use-cookies +; session.use_cookies = 1 + +; This option forces PHP to fetch and use a cookie for storing and maintaining +; the session id. We encourage this operation as it's very helpful in combating +; session hijacking when not specifying and managing your own session id. It is +; not the be-all and end-all of session hijacking defense, but it's a good start. +; http://php.net/session.use-only-cookies +;session.use_only_cookies = 1 + +; Lifetime in seconds of cookie or, if 0, until browser is restarted. +; http://php.net/session.cookie-lifetime +;session.cookie_lifetime = 0 + +; The path for which the cookie is valid. +; http://php.net/session.cookie-path +;session.cookie_path = / + +; The domain for which the cookie is valid. +; http://php.net/session.cookie-domain +;session.cookie_domain = + +; http://php.net/session.cookie-secure +; session.cookie_secure = On + +; Whether or not to add the httpOnly flag to the cookie, which makes it +; inaccessible to browser scripting languages such as JavaScript. +; http://php.net/session.cookie-httponly +session.cookie_httponly = Off + +; Add SameSite attribute to cookie to help mitigate Cross-Site Request Forgery (CSRF/XSRF) +; Current valid values are "Strict", "Lax" or "None". When using "None", +; make sure to include the quotes, as `none` is interpreted like `false` in ini files. +; https://tools.ietf.org/html/draft-west-first-party-cookies-07 +; session.cookie_samesite = + +; Set to {nocache,private,public,} to determine HTTP caching aspects +; or leave this empty to avoid sending anti-caching headers. +; http://php.net/session.cache-limiter +;session.cache_limiter = nocache + +; Document expires after n minutes. +; http://php.net/session.cache-expire +;session.cache_expire = 180 + +; trans sid support is disabled by default. +; Use of trans sid may risk your users' security. +; Use this option with caution. +; - User may send URL contains active session ID +; to other person via. email/irc/etc. +; - URL that contains active session ID may be stored +; in publicly accessible computer. +; - User may access your site with the same session ID +; always using URL stored in browser's history or bookmarks. +; http://php.net/session.use-trans-sid +;session.use_trans_sid = 0 + +; The URL rewriter will look for URLs in a defined set of HTML tags. +; is special; if you include them here, the rewriter will +; add a hidden field with the info which is otherwise appended +; to URLs. tag's action attribute URL will not be modified +; unless it is specified. +; Note that all valid entries require a "=", even if no value follows. +; Default Value: "a=href,area=href,frame=src,form=" +; Development Value: "a=href,area=href,frame=src,form=" +; Production Value: "a=href,area=href,frame=src,form=" +; http://php.net/url-rewriter.tags +;session.trans_sid_tags = "a=href,area=href,frame=src,form=" + +; URL rewriter does not rewrite absolute URLs by default. +; To enable rewrites for absolute paths, target hosts must be specified +; at RUNTIME. i.e. use ini_set() +; tags is special. PHP will check action attribute's URL regardless +; of session.trans_sid_tags setting. +; If no host is defined, HTTP_HOST will be used for allowed host. +; Example value: php.net,www.php.net,wiki.php.net +; Use "," for multiple hosts. No spaces are allowed. +; Default Value: "" +; Development Value: "" +; Production Value: "" +;session.trans_sid_hosts="" + +; Set session ID character length. This value could be between 22 to 256. +; Shorter length than default is supported only for compatibility reason. +; Users should use 32 or more chars. +; http://php.net/session.sid-length +; Default Value: 32 +; Development Value: 26 +; Production Value: 26 +session.sid_length = 64 + +; Define how many bits are stored in each character when converting +; the binary hash data to something readable. +; Possible values: +; 4 (4 bits: 0-9, a-f) +; 5 (5 bits: 0-9, a-v) +; 6 (6 bits: 0-9, a-z, A-Z, "-", ",") +; Default Value: 4 +; Development Value: 5 +; Production Value: 5 +; http://php.net/session.hash-bits-per-character +session.sid_bits_per_character = 6 + +; Define the hash algorithm used to generate the session IDs. +; Possible values: +; '0' MD5 (128 bits) +; '1' SHA-1 (160 bits) +; It is also possible to specify any of the algorithms provided by the hash +; extension (if it is available), like sha512 or whirlpool. +session.hash_function = 1 + +; Define how many bits are stored in each character when converting +; the binary hash data to something readable. +; Possible values: +; 4 (4 bits: 0-9, a-f) +; 5 (5 bits: 0-9, a-v) +; 6 (6 bits: 0-9, a-z, A-Z, "-", ",") +; Default Value: 4 +; Development Value: 5 +; Production Value: 5 +session.hash_bits_per_character = 6 + +; Enable upload progress tracking in $_SESSION +; Default Value: On +; Development Value: On +; Production Value: On +; http://php.net/session.upload-progress.enabled +;session.upload_progress.enabled = On + +; Cleanup the progress information as soon as all POST data has been read +; (i.e. upload completed). +; Default Value: On +; Development Value: On +; Production Value: On +; http://php.net/session.upload-progress.cleanup +;session.upload_progress.cleanup = 1 + +; A prefix used for the upload progress key in $_SESSION +; Default Value: "upload_progress_" +; Development Value: "upload_progress_" +; Production Value: "upload_progress_" +; http://php.net/session.upload-progress.prefix +;session.upload_progress.prefix = "upload_progress_" + +; The index name (concatenated with the prefix) in $_SESSION +; containing the upload progress information +; Default Value: "PHP_SESSION_UPLOAD_PROGRESS" +; Development Value: "PHP_SESSION_UPLOAD_PROGRESS" +; Production Value: "PHP_SESSION_UPLOAD_PROGRESS" +; http://php.net/session.upload-progress.name +;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS" + +; How frequently the upload progress should be updated. +; Given either in percentages (per-file), or in bytes +; Default Value: "1%" +; Development Value: "1%" +; Production Value: "1%" +; http://php.net/session.upload-progress.freq +;session.upload_progress.freq = "1%" + +; The minimum delay between updates, in seconds +; Default Value: 1 +; Development Value: 1 +; Production Value: 1 +; http://php.net/session.upload-progress.min-freq +;session.upload_progress.min_freq = "1" + +; Only write session data when session data is changed. Enabled by default. +; http://php.net/session.lazy-write +;session.lazy_write = On +session.lazy_write = Off diff --git a/etc/php83/conf.d/99_soap.ini b/etc/php83/conf.d/99_soap.ini new file mode 100644 index 0000000..c048b3f --- /dev/null +++ b/etc/php83/conf.d/99_soap.ini @@ -0,0 +1,16 @@ +[soap] +; Enables or disables WSDL caching feature. +; http://php.net/soap.wsdl-cache-enabled +soap.wsdl_cache_enabled=1 + +; Sets the directory name where SOAP extension will put cache files. +; http://php.net/soap.wsdl-cache-dir +soap.wsdl_cache_dir="/tmp" + +; (time to live) Sets the number of second while cached file will be used +; instead of original one. +; http://php.net/soap.wsdl-cache-ttl +soap.wsdl_cache_ttl=86400 + +; Sets the size of the cache limit. (Max. number of WSDL files to cache) +soap.wsdl_cache_limit = 5 diff --git a/etc/php83/conf.d/99_sqlite3.ini b/etc/php83/conf.d/99_sqlite3.ini new file mode 100644 index 0000000..1965589 --- /dev/null +++ b/etc/php83/conf.d/99_sqlite3.ini @@ -0,0 +1,13 @@ +[sqlite3] +; Directory pointing to SQLite3 extensions +; http://php.net/sqlite3.extension-dir +;sqlite3.extension_dir = + +; SQLite defensive mode flag (only available from SQLite 3.26+) +; When the defensive flag is enabled, language features that allow ordinary +; SQL to deliberately corrupt the database file are disabled. This forbids +; writing directly to the schema, shadow tables (eg. FTS data tables), or +; the sqlite_dbpage virtual table. +; https://www.sqlite.org/c3ref/c_dbconfig_defensive.html +; (for older SQLite versions, this flag has no use) +;sqlite3.defensive = 1 diff --git a/etc/php83/conf.d/99_sysvshm.ini b/etc/php83/conf.d/99_sysvshm.ini new file mode 100644 index 0000000..03da3ab --- /dev/null +++ b/etc/php83/conf.d/99_sysvshm.ini @@ -0,0 +1,3 @@ +[sysvshm] +; A default size of the shared memory segment +;sysvshm.init_mem = 10000 diff --git a/etc/php83/conf.d/99_tidy.ini b/etc/php83/conf.d/99_tidy.ini new file mode 100644 index 0000000..90c5f13 --- /dev/null +++ b/etc/php83/conf.d/99_tidy.ini @@ -0,0 +1,10 @@ +[Tidy] +; The path to a default tidy configuration file to use when using tidy +; http://php.net/tidy.default-config +;tidy.default_config = /usr/local/lib/php/default.tcfg + +; Should tidy clean and repair output automatically? +; WARNING: Do not use this option if you are generating non-html content +; such as dynamic images +; http://php.net/tidy.clean-output +tidy.clean_output = Off diff --git a/etc/php83/conf.d/imagick.ini b/etc/php83/conf.d/imagick.ini new file mode 100644 index 0000000..76225ec --- /dev/null +++ b/etc/php83/conf.d/imagick.ini @@ -0,0 +1 @@ +extension=imagick diff --git a/etc/php83/php-fpm.conf b/etc/php83/php-fpm.conf new file mode 100644 index 0000000..f0b273f --- /dev/null +++ b/etc/php83/php-fpm.conf @@ -0,0 +1,143 @@ +;;;;;;;;;;;;;;;;;;;;; +; FPM Configuration ; +;;;;;;;;;;;;;;;;;;;;; + +; All relative paths in this configuration file are relative to PHP's install +; prefix (/usr). This prefix can be dynamically changed by using the +; '-p' argument from the command line. + +;;;;;;;;;;;;;;;;;; +; Global Options ; +;;;;;;;;;;;;;;;;;; + +[global] +; Pid file +; Note: the default prefix is /var +; Default Value: none +pid = run/php-fpm.pid + +; Error log file +; If it's set to "syslog", log is sent to syslogd instead of being written +; into a local file. +; Note: the default prefix is /var +; Default Value: log/php-fpm.log +error_log = syslog + +; syslog_facility is used to specify what type of program is logging the +; message. This lets syslogd specify that messages from different facilities +; will be handled differently. +; See syslog(3) for possible values (ex daemon equiv LOG_DAEMON) +; Default Value: daemon +syslog.facility = local2 + +; syslog_ident is prepended to every message. If you have multiple FPM +; instances running on the same server, you can change the default value +; which must suit common needs. +; Default Value: php-fpm +syslog.ident = php-fpm + +; Log level +; Possible Values: alert, error, warning, notice, debug +; Default Value: notice +log_level = notice + +; Log limit on number of characters in the single line (log entry). If the +; line is over the limit, it is wrapped on multiple lines. The limit is for +; all logged characters including message prefix and suffix if present. However +; the new line character does not count into it as it is present only when +; logging to a file descriptor. It means the new line character is not present +; when logging to syslog. +; Default Value: 1024 +;log_limit = 4096 + +; Log buffering specifies if the log line is buffered which means that the +; line is written in a single write operation. If the value is false, then the +; data is written directly into the file descriptor. It is an experimental +; option that can potentionaly improve logging performance and memory usage +; for some heavy logging scenarios. This option is ignored if logging to syslog +; as it has to be always buffered. +; Default value: yes +;log_buffering = no + +; If this number of child processes exit with SIGSEGV or SIGBUS within the time +; interval set by emergency_restart_interval then FPM will restart. A value +; of '0' means 'Off'. +; Default Value: 0 +emergency_restart_threshold = 5 + +; Interval of time used by emergency_restart_interval to determine when +; a graceful restart will be initiated. This can be useful to work around +; accidental corruptions in an accelerator's shared memory. +; Available Units: s(econds), m(inutes), h(ours), or d(ays) +; Default Unit: seconds +; Default Value: 0 +emergency_restart_interval = 10 + +; Time limit for child processes to wait for a reaction on signals from master. +; Available units: s(econds), m(inutes), h(ours), or d(ays) +; Default Unit: seconds +; Default Value: 0 +;process_control_timeout = 0 + +; The maximum number of processes FPM will fork. This has been designed to control +; the global number of processes when using dynamic PM within a lot of pools. +; Use it with caution. +; Note: A value of 0 indicates no limit +; Default Value: 0 +process.max = 16 + +; Specify the nice(2) priority to apply to the master process (only if set) +; The value can vary from -19 (highest priority) to 20 (lowest priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool process will inherit the master process priority +; unless specified otherwise +; Default Value: no set +process.priority = 0 + +; Send FPM to background. Set to 'no' to keep FPM in foreground for debugging. +; Default Value: yes +;daemonize = yes + +; Set open file descriptor rlimit for the master process. +; Default Value: system defined value +;rlimit_files = 1024 + +; Set max core size rlimit for the master process. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Specify the event mechanism FPM will use. The following is available: +; - select (any POSIX os) +; - poll (any POSIX os) +; - epoll (linux >= 2.5.44) +; - kqueue (FreeBSD >= 4.1, OpenBSD >= 2.9, NetBSD >= 2.0) +; - /dev/poll (Solaris >= 7) +; - port (Solaris >= 10) +; Default Value: not set (auto detection) +;events.mechanism = epoll + +; When FPM is built with systemd integration, specify the interval, +; in seconds, between health report notification to systemd. +; Set to 0 to disable. +; Available Units: s(econds), m(inutes), h(ours) +; Default Unit: seconds +; Default value: 10 +;systemd_interval = 10 + +;;;;;;;;;;;;;;;;;;;; +; Pool Definitions ; +;;;;;;;;;;;;;;;;;;;; + +; Multiple pools of child processes may be started with different listening +; ports and different management options. The name of the pool will be +; used in logs and stats. There is no limitation on the number of pools which +; FPM can handle. Your system will tell you anyway :) + +; Include one or more files. If glob(3) exists, it is used to include a bunch of +; files from a glob(3) pattern. This directive can be used everywhere in the +; file. +; Relative path can also be used. They will be prefixed by: +; - the global prefix if it's been set (-p argument) +; - /usr otherwise +include=/etc/php83/php-fpm.d/*.conf diff --git a/etc/php83/php-fpm.d/www.conf b/etc/php83/php-fpm.d/www.conf new file mode 100644 index 0000000..dfc4cef --- /dev/null +++ b/etc/php83/php-fpm.d/www.conf @@ -0,0 +1,424 @@ +; Start a new pool named 'www'. +; the variable $pool can be used in any directive and will be replaced by the +; pool name ('www' here) +[www] + +; Per pool prefix +; It only applies on the following directives: +; - 'access.log' +; - 'slowlog' +; - 'listen' (unixsocket) +; - 'chroot' +; - 'chdir' +; - 'php_values' +; - 'php_admin_values' +; When not set, the global prefix (or /usr) applies instead. +; Note: This directive can also be relative to the global prefix. +; Default Value: none +;prefix = /path/to/pools/$pool + +; Unix user/group of processes +; Note: The user is mandatory. If the group is not set, the default user's group +; will be used. +user = nobody +group = nobody + +; The address on which to accept FastCGI requests. +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on +; a specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Note: This value is mandatory. +;listen = 127.0.0.1:9000 +listen = /run/php-fpm83/php-fpm.sock + +; Set listen(2) backlog. +; Default Value: 511 (-1 on FreeBSD and OpenBSD) +;listen.backlog = 511 + +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. Many +; BSD-derived systems allow connections regardless of permissions. +; Default Values: user and group are set as the running user +; mode is set to 0660 +listen.owner = nobody +listen.group = apache +listen.mode = 0660 +; When POSIX Access Control Lists are supported you can set them using +; these options, value is a comma separated list of user/group names. +; When set, listen.owner and listen.group are ignored +;listen.acl_users = +;listen.acl_groups = + +; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. +; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original +; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address +; must be separated by a comma. If this value is left blank, connections will be +; accepted from any ip address. +; Default Value: any +; listen.allowed_clients = 127.0.0.1 + +; Specify the nice(2) priority to apply to the pool processes (only if set) +; The value can vary from -19 (highest priority) to 20 (lower priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool processes will inherit the master process priority +; unless it specified otherwise +; Default Value: no set +process.priority = 0 + +; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user +; or group is differrent than the master process user. It allows to create process +; core dump and ptrace the process for the pool user. +; Default Value: no +; process.dumpable = yes + +; Choose how the process manager will control the number of child processes. +; Possible Values: +; static - a fixed number (pm.max_children) of child processes; +; dynamic - the number of child processes are set dynamically based on the +; following directives. With this process management, there will be +; always at least 1 children. +; pm.max_children - the maximum number of children that can +; be alive at the same time. +; pm.start_servers - the number of children created on startup. +; pm.min_spare_servers - the minimum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is less than this +; number then some children will be created. +; pm.max_spare_servers - the maximum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is greater than this +; number then some children will be killed. +; ondemand - no children are created at startup. Children will be forked when +; new requests will connect. The following parameter are used: +; pm.max_children - the maximum number of children that +; can be alive at the same time. +; pm.process_idle_timeout - The number of seconds after which +; an idle process will be killed. +; Note: This value is mandatory. +pm = dynamic + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. The below defaults are based on a server without much resources. Don't +; forget to tweak pm.* to fit your needs. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' +; Note: This value is mandatory. +pm.max_children = 8 + +; The number of child processes created on startup. +; Note: Used only when pm is set to 'dynamic' +; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 +pm.start_servers = 2 + +; The desired minimum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.min_spare_servers = 2 + +; The desired maximum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.max_spare_servers = 4 + +; The number of seconds after which an idle process will be killed. +; Note: Used only when pm is set to 'ondemand' +; Default Value: 10s +;pm.process_idle_timeout = 10s; + +; The number of requests each child process should execute before respawning. +; This can be useful to work around memory leaks in 3rd party libraries. For +; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. +; Default Value: 0 +pm.max_requests = 5000 + +; The URI to view the FPM status page. If this value is not set, no URI will be +; recognized as a status page. It shows the following informations: +; pool - the name of the pool; +; process manager - static, dynamic or ondemand; +; start time - the date and time FPM has started; +; start since - number of seconds since FPM has started; +; accepted conn - the number of request accepted by the pool; +; listen queue - the number of request in the queue of pending +; connections (see backlog in listen(2)); +; max listen queue - the maximum number of requests in the queue +; of pending connections since FPM has started; +; listen queue len - the size of the socket queue of pending connections; +; idle processes - the number of idle processes; +; active processes - the number of active processes; +; total processes - the number of idle + active processes; +; max active processes - the maximum number of active processes since FPM +; has started; +; max children reached - number of times, the process limit has been reached, +; when pm tries to start more children (works only for +; pm 'dynamic' and 'ondemand'); +; Value are updated in real time. +; Example output: +; pool: www +; process manager: static +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 62636 +; accepted conn: 190460 +; listen queue: 0 +; max listen queue: 1 +; listen queue len: 42 +; idle processes: 4 +; active processes: 11 +; total processes: 15 +; max active processes: 12 +; max children reached: 0 +; +; By default the status page output is formatted as text/plain. Passing either +; 'html', 'xml' or 'json' in the query string will return the corresponding +; output syntax. Example: +; http://www.foo.bar/status +; http://www.foo.bar/status?json +; http://www.foo.bar/status?html +; http://www.foo.bar/status?xml +; +; By default the status page only outputs short status. Passing 'full' in the +; query string will also return status for each pool process. +; Example: +; http://www.foo.bar/status?full +; http://www.foo.bar/status?json&full +; http://www.foo.bar/status?html&full +; http://www.foo.bar/status?xml&full +; The Full status returns for each process: +; pid - the PID of the process; +; state - the state of the process (Idle, Running, ...); +; start time - the date and time the process has started; +; start since - the number of seconds since the process has started; +; requests - the number of requests the process has served; +; request duration - the duration in µs of the requests; +; request method - the request method (GET, POST, ...); +; request URI - the request URI with the query string; +; content length - the content length of the request (only with POST); +; user - the user (PHP_AUTH_USER) (or '-' if not set); +; script - the main script called (or '-' if not set); +; last request cpu - the %cpu the last request consumed +; it's always 0 if the process is not in Idle state +; because CPU calculation is done when the request +; processing has terminated; +; last request memory - the max amount of memory the last request consumed +; it's always 0 if the process is not in Idle state +; because memory calculation is done when the request +; processing has terminated; +; If the process is in Idle state, then informations are related to the +; last request the process has served. Otherwise informations are related to +; the current request being served. +; Example output: +; ************************ +; pid: 31330 +; state: Running +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 63087 +; requests: 12808 +; request duration: 1250261 +; request method: GET +; request URI: /test_mem.php?N=10000 +; content length: 0 +; user: - +; script: /home/fat/web/docs/php/test_mem.php +; last request cpu: 0.00 +; last request memory: 0 +; +; Note: There is a real-time FPM status monitoring sample web page available +; It's available in: /usr/share/fpm/status.html +; +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;pm.status_path = /status + +; The ping URI to call the monitoring page of FPM. If this value is not set, no +; URI will be recognized as a ping page. This could be used to test from outside +; that FPM is alive and responding, or to +; - create a graph of FPM availability (rrd or such); +; - remove a server from a group if it is not responding (load balancing); +; - trigger alerts for the operating team (24/7). +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;ping.path = /ping + +; This directive may be used to customize the response of a ping request. The +; response is formatted as text/plain with a 200 response code. +; Default Value: pong +;ping.response = pong + +; The access log file +; Default: not set +;access.log = log/$pool.access.log + +; The access log format. +; The following syntax is allowed +; %%: the '%' character +; %C: %CPU used by the request +; it can accept the following format: +; - %{user}C for user CPU only +; - %{system}C for system CPU only +; - %{total}C for user + system CPU (default) +; %d: time taken to serve the request +; it can accept the following format: +; - %{seconds}d (default) +; - %{miliseconds}d +; - %{mili}d +; - %{microseconds}d +; - %{micro}d +; %e: an environment variable (same as $_ENV or $_SERVER) +; it must be associated with embraces to specify the name of the env +; variable. Some exemples: +; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e +; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e +; %f: script filename +; %l: content-length of the request (for POST request only) +; %m: request method +; %M: peak of memory allocated by PHP +; it can accept the following format: +; - %{bytes}M (default) +; - %{kilobytes}M +; - %{kilo}M +; - %{megabytes}M +; - %{mega}M +; %n: pool name +; %o: output header +; it must be associated with embraces to specify the name of the header: +; - %{Content-Type}o +; - %{X-Powered-By}o +; - %{Transfert-Encoding}o +; - .... +; %p: PID of the child that serviced the request +; %P: PID of the parent of the child that serviced the request +; %q: the query string +; %Q: the '?' character if query string exists +; %r: the request URI (without the query string, see %q and %Q) +; %R: remote IP address +; %s: status (response code) +; %t: server time the request was received +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %T: time the log has been written (the request has finished) +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %u: remote user +; +; Default: "%R - %u %t \"%m %r\" %s" +;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" + +; The log file for slow requests +; Default Value: not set +; Note: slowlog is mandatory if request_slowlog_timeout is set +;slowlog = log/$pool.log.slow + +; The timeout for serving a single request after which a PHP backtrace will be +; dumped to the 'slowlog' file. A value of '0s' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_slowlog_timeout = 0 + +; Depth of slow log stack trace. +; Default Value: 20 +;request_slowlog_trace_depth = 20 + +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +request_terminate_timeout = 60 + +; Set open file descriptor rlimit. +; Default Value: system defined value +;rlimit_files = 1024 + +; Set max core size rlimit. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Chroot to this directory at the start. This value must be defined as an +; absolute path. When this value is not set, chroot is not used. +; Note: you can prefix with '$prefix' to chroot to the pool prefix or one +; of its subdirectories. If the pool prefix is not set, the global prefix +; will be used instead. +; Note: chrooting is a great security feature and should be used whenever +; possible. However, all PHP paths will be relative to the chroot +; (error_log, sessions.save_path, ...). +; Default Value: not set +;chroot = + +; Chdir to this directory at the start. +; Note: relative path can be used. +; Default Value: current directory or / when chroot +;chdir = /var/www + +; Redirect worker stdout and stderr into main error log. If not set, stdout and +; stderr will be redirected to /dev/null according to FastCGI specs. +; Note: on highloaded environement, this can cause some delay in the page +; process time (several ms). +; Default Value: no +;catch_workers_output = yes + +; Clear environment in FPM workers +; Prevents arbitrary environment variables from reaching FPM worker processes +; by clearing the environment in workers before env vars specified in this +; pool configuration are added. +; Setting to "no" will make all environment variables available to PHP code +; via getenv(), $_ENV and $_SERVER. +; Default Value: yes +;clear_env = no + +; Limits the extensions of the main script FPM will allow to parse. This can +; prevent configuration mistakes on the web server side. You should only limit +; FPM to .php extensions to prevent malicious users to use other extensions to +; execute php code. +; Note: set an empty value to allow all extensions. +; Default Value: .php +security.limit_extensions = .php .phar .phtml + +; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from +; the current environment. +; Default Value: clean env +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /tmp +;env[TMPDIR] = /tmp +;env[TEMP] = /tmp + +; Additional php.ini defines, specific to this pool of workers. These settings +; overwrite the values previously defined in the php.ini. The directives are the +; same as the PHP SAPI: +; php_value/php_flag - you can set classic ini defines which can +; be overwritten from PHP call 'ini_set'. +; php_admin_value/php_admin_flag - these directives won't be overwritten by +; PHP call 'ini_set' +; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. + +; Defining 'extension' will load the corresponding shared extension from +; extension_dir. Defining 'disable_functions' or 'disable_classes' will not +; overwrite previously defined php.ini values, but will append the new value +; instead. + +; Note: path INI options can be relative and will be expanded with the prefix +; (pool, global or /usr) + +; Default Value: nothing is defined by default except the values in php.ini and +; specified at startup with the -d argument +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +;php_flag[display_errors] = off +;php_admin_value[error_log] = /var/log/fpm-php.www.log +;php_admin_flag[log_errors] = on +;php_admin_value[memory_limit] = 32M diff --git a/etc/php83/php.ini b/etc/php83/php.ini new file mode 100644 index 0000000..b81394b --- /dev/null +++ b/etc/php83/php.ini @@ -0,0 +1,844 @@ +[PHP] +;;;;;;;;;;;;;;;;;;;; +; php.ini Options ; +;;;;;;;;;;;;;;;;;;;; +; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini" +; To disable this feature set this option to an empty value +;user_ini.filename = ".user.ini" + +; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes) +;user_ini.cache_ttl = 300 + +;;;;;;;;;;;;;;;;;;;; +; Language Options ; +;;;;;;;;;;;;;;;;;;;; +; Enable the PHP scripting language engine under Apache. +; http://php.net/engine +engine = On + +; This directive determines whether or not PHP will recognize code between +; tags as PHP source which should be processed as such. It is +; generally recommended that should be used and that this feature +; should be disabled, as enabling it may result in issues when generating XML +; documents, however this remains supported for backward compatibility reasons. +; Note that this directive does not control the would work. +; http://php.net/syntax-highlighting +;highlight.string = #DD0000 +;highlight.comment = #FF9900 +;highlight.keyword = #007700 +;highlight.default = #0000BB +;highlight.html = #000000 + +; If enabled, the request will be allowed to complete even if the user aborts +; the request. Consider enabling it if executing long requests, which may end up +; being interrupted by the user or a browser timing out. PHP's default behavior +; is to disable this feature. +; http://php.net/ignore-user-abort +;ignore_user_abort = On + +; Determines the size of the realpath cache to be used by PHP. This value should +; be increased on systems where PHP opens many files to reflect the quantity of +; the file operations performed. +; Note: if open_basedir is set, the cache is disabled +; http://php.net/realpath-cache-size +;realpath_cache_size = 4096k + +; Duration of time, in seconds for which to cache realpath information for a given +; file or directory. For systems with rarely changing files, consider increasing this +; value. +; http://php.net/realpath-cache-ttl +;realpath_cache_ttl = 120 + +; Enables or disables the circular reference collector. +; http://php.net/zend.enable-gc +zend.enable_gc = On + +; If enabled, scripts may be written in encodings that are incompatible with +; the scanner. CP936, Big5, CP949 and Shift_JIS are the examples of such +; encodings. To use this feature, mbstring extension must be enabled. +; Default: Off +;zend.multibyte = Off + +; Allows to set the default encoding for the scripts. This value will be used +; unless "declare(encoding=...)" directive appears at the top of the script. +; Only affects if zend.multibyte is set. +; Default: "" +;zend.script_encoding = + +; Allows to include or exclude arguments from stack traces generated for exceptions. +; In production, it is recommended to turn this setting on to prohibit the output +; of sensitive information in stack traces +; Default: Off +zend.exception_ignore_args = On + +;;;;;;;;;;;;;;;;; +; Miscellaneous ; +;;;;;;;;;;;;;;;;; +; Decides whether PHP may expose the fact that it is installed on the server +; (e.g. by adding its signature to the Web server header). It is no security +; threat in any way, but it makes it possible to determine whether you use PHP +; on your server or not. +; http://php.net/expose-php +expose_php = Off + +;;;;;;;;;;;;;;;;;;; +; Resource Limits ; +;;;;;;;;;;;;;;;;;;; +; Maximum execution time of each script, in seconds +; http://php.net/max-execution-time +; Note: This directive is hardcoded to 0 for the CLI SAPI +max_execution_time = 45 + +; Maximum amount of time each script may spend parsing request data. It's a good +; idea to limit this time on productions servers in order to eliminate unexpectedly +; long running scripts. +; Note: This directive is hardcoded to -1 for the CLI SAPI +; Default Value: -1 (Unlimited) +; Development Value: 60 (60 seconds) +; Production Value: 60 (60 seconds) +; http://php.net/max-input-time +max_input_time = 30 + +; Maximum input variable nesting level +; http://php.net/max-input-nesting-level +;max_input_nesting_level = 64 + +; How many GET/POST/COOKIE input variables may be accepted +;max_input_vars = 1000 + +; Maximum amount of memory a script may consume +; http://php.net/memory-limit +memory_limit = 1073741824 + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; Error handling and logging ; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; This directive informs PHP of which errors, warnings and notices you would like +; it to take action for. The recommended way of setting values for this +; directive is through the use of the error level constants and bitwise +; operators. The error level constants are below here for convenience as well as +; some common settings and their meanings. +; By default, PHP is set to take action on all errors, notices and warnings EXCEPT +; those related to E_NOTICE and E_STRICT, which together cover best practices and +; recommended coding standards in PHP. For performance reasons, this is the +; recommend error reporting setting. Your production server shouldn't be wasting +; resources complaining about best practices and coding standards. That's what +; development servers and development settings are for. +; Note: The php.ini-development file has this setting as E_ALL. This +; means it pretty much reports everything which is exactly what you want during +; development and early testing. +; +; Error Level Constants: +; E_ALL - All errors and warnings (includes E_STRICT as of PHP 5.4.0) +; E_ERROR - fatal run-time errors +; E_RECOVERABLE_ERROR - almost fatal run-time errors +; E_WARNING - run-time warnings (non-fatal errors) +; E_PARSE - compile-time parse errors +; E_NOTICE - run-time notices (these are warnings which often result +; from a bug in your code, but it's possible that it was +; intentional (e.g., using an uninitialized variable and +; relying on the fact it is automatically initialized to an +; empty string) +; E_STRICT - run-time notices, enable to have PHP suggest changes +; to your code which will ensure the best interoperability +; and forward compatibility of your code +; E_CORE_ERROR - fatal errors that occur during PHP's initial startup +; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's +; initial startup +; E_COMPILE_ERROR - fatal compile-time errors +; E_COMPILE_WARNING - compile-time warnings (non-fatal errors) +; E_USER_ERROR - user-generated error message +; E_USER_WARNING - user-generated warning message +; E_USER_NOTICE - user-generated notice message +; E_DEPRECATED - warn about code that will not work in future versions +; of PHP +; E_USER_DEPRECATED - user-generated deprecation warnings +; +; Common Values: +; E_ALL (Show all errors, warnings and notices including coding standards.) +; E_ALL & ~E_NOTICE (Show all errors, except for notices) +; E_ALL & ~E_NOTICE & ~E_STRICT (Show all errors, except for notices and coding standards warnings.) +; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors) +; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED +; Development Value: E_ALL +; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT +; http://php.net/error-reporting +error_reporting = ~E_DEPRECATED | ~E_USER_DEPRECATED | E_ERROR | E_RECOVERABLE_ERROR | E_CORE_ERROR | E_COMPILE_ERROR | E_USER_ERROR + +; This directive controls whether or not and where PHP will output errors, +; notices and warnings too. Error output is very useful during development, but +; it could be very dangerous in production environments. Depending on the code +; which is triggering the error, sensitive information could potentially leak +; out of your application such as database usernames and passwords or worse. +; For production environments, we recommend logging errors rather than +; sending them to STDOUT. +; Possible Values: +; Off = Do not display any errors +; stderr = Display errors to STDERR (affects only CGI/CLI binaries!) +; On or stdout = Display errors to STDOUT +; Default Value: On +; Development Value: On +; Production Value: Off +; http://php.net/display-errors +display_errors = On + +; The display of errors which occur during PHP's startup sequence are handled +; separately from display_errors. PHP's default behavior is to suppress those +; errors from clients. Turning the display of startup errors on can be useful in +; debugging configuration problems. We strongly recommend you +; set this to 'off' for production servers. +; Default Value: Off +; Development Value: On +; Production Value: Off +; http://php.net/display-startup-errors +display_startup_errors = On + +; Besides displaying errors, PHP can also log errors to locations such as a +; server-specific log, STDERR, or a location specified by the error_log +; directive found below. While errors should not be displayed on productions +; servers they should still be monitored and logging is a great way to do that. +; Default Value: Off +; Development Value: On +; Production Value: On +; http://php.net/log-errors +log_errors = On + +; Set maximum length of log_errors. In error_log information about the source is +; added. The default is 1024 and 0 allows to not apply any maximum length at all. +; http://php.net/log-errors-max-len +log_errors_max_len = 1024 + +; Do not log repeated messages. Repeated errors must occur in same file on same +; line unless ignore_repeated_source is set true. +; http://php.net/ignore-repeated-errors +ignore_repeated_errors = Off + +; Ignore source of message when ignoring repeated messages. When this setting +; is On you will not log errors with repeated messages from different files or +; source lines. +; http://php.net/ignore-repeated-source +ignore_repeated_source = Off + +; If this parameter is set to Off, then memory leaks will not be shown (on +; stdout or in the log). This is only effective in a debug compile, and if +; error reporting includes E_WARNING in the allowed list +; http://php.net/report-memleaks +report_memleaks = On + +; This setting is on by default. +;report_zend_debug = 0 + +; Store the last error/warning message in $php_errormsg (boolean). Setting this value +; to On can assist in debugging and is appropriate for development servers. It should +; however be disabled on production servers. +; This directive is DEPRECATED. +; Default Value: Off +; Development Value: Off +; Production Value: Off +; http://php.net/track-errors +;track_errors = Off + +; Turn off normal error reporting and emit XML-RPC error XML +; http://php.net/xmlrpc-errors +;xmlrpc_errors = 0 + +; An XML-RPC faultCode +;xmlrpc_error_number = 0 + +; When PHP displays or logs an error, it has the capability of formatting the +; error message as HTML for easier reading. This directive controls whether +; the error message is formatted as HTML or not. +; Note: This directive is hardcoded to Off for the CLI SAPI +; http://php.net/html-errors +;html_errors = On + +; If html_errors is set to On *and* docref_root is not empty, then PHP +; produces clickable error messages that direct to a page describing the error +; or function causing the error in detail. +; You can download a copy of the PHP manual from http://php.net/docs +; and change docref_root to the base URL of your local copy including the +; leading '/'. You must also specify the file extension being used including +; the dot. PHP's default behavior is to leave these settings empty, in which +; case no links to documentation are generated. +; Note: Never use this feature for production boxes. +; http://php.net/docref-root +; Examples +;docref_root = "/phpmanual/" + +; http://php.net/docref-ext +;docref_ext = .html + +; String to output before an error message. PHP's default behavior is to leave +; this setting blank. +; http://php.net/error-prepend-string +; Example: +;error_prepend_string = "" + +; String to output after an error message. PHP's default behavior is to leave +; this setting blank. +; http://php.net/error-append-string +; Example: +;error_append_string = "" + +; Log errors to specified file. PHP's default behavior is to leave this value +; empty. +; http://php.net/error-log +; Example: +;error_log = php_errors.log +; Log errors to syslog (Event Log on Windows). +error_log = syslog + +; The syslog ident is a string which is prepended to every message logged +; to syslog. Only used when error_log is set to syslog. +syslog.ident = php + +; The syslog facility is used to specify what type of program is logging +; the message. Only used when error_log is set to syslog. +syslog.facility = local2 + +; Set this to disable filtering control characters (the default). +; Some loggers only accept NVT-ASCII, others accept anything that's not +; control characters. If your logger accepts everything, then no filtering +; is needed at all. +; Allowed values are: +; ascii (all printable ASCII characters and NL) +; no-ctrl (all characters except control characters) +; all (all characters) +; raw (like "all", but messages are not split at newlines) +; http://php.net/syslog.filter +syslog.filter = ascii + +;windows.show_crt_warning +; Default value: 0 +; Development value: 0 +; Production value: 0 + +;;;;;;;;;;;;;;;;; +; Data Handling ; +;;;;;;;;;;;;;;;;; +; The separator used in PHP generated URLs to separate arguments. +; PHP's default setting is "&". +; http://php.net/arg-separator.output +; Example: +;arg_separator.output = "&" + +; List of separator(s) used by PHP to parse input URLs into variables. +; PHP's default setting is "&". +; NOTE: Every character in this directive is considered as separator! +; http://php.net/arg-separator.input +; Example: +;arg_separator.input = ";&" + +; This directive determines which super global arrays are registered when PHP +; starts up. G,P,C,E & S are abbreviations for the following respective super +; globals: GET, POST, COOKIE, ENV and SERVER. There is a performance penalty +; paid for the registration of these arrays and because ENV is not as commonly +; used as the others, ENV is not recommended on productions servers. You +; can still get access to the environment variables through getenv() should you +; need to. +; Default Value: "EGPCS" +; Development Value: "GPCS" +; Production Value: "GPCS"; +; http://php.net/variables-order +variables_order = "GPCS" + +; This directive determines which super global data (G,P & C) should be +; registered into the super global array REQUEST. If so, it also determines +; the order in which that data is registered. The values for this directive +; are specified in the same manner as the variables_order directive, +; EXCEPT one. Leaving this value empty will cause PHP to use the value set +; in the variables_order directive. It does not mean it will leave the super +; globals array REQUEST empty. +; Default Value: None +; Development Value: "GP" +; Production Value: "GP" +; http://php.net/request-order +request_order = "GP" + +; This directive determines whether PHP registers $argv & $argc each time it +; runs. $argv contains an array of all the arguments passed to PHP when a script +; is invoked. $argc contains an integer representing the number of arguments +; that were passed when the script was invoked. These arrays are extremely +; useful when running scripts from the command line. When this directive is +; enabled, registering these variables consumes CPU cycles and memory each time +; a script is executed. For performance reasons, this feature should be disabled +; on production servers. +; Note: This directive is hardcoded to On for the CLI SAPI +; Default Value: On +; Development Value: Off +; Production Value: Off +; http://php.net/register-argc-argv +register_argc_argv = Off + +; When enabled, the ENV, REQUEST and SERVER variables are created when they're +; first used (Just In Time) instead of when the script starts. If these +; variables are not used within a script, having this directive on will result +; in a performance gain. The PHP directive register_argc_argv must be disabled +; for this directive to have any effect. +; http://php.net/auto-globals-jit +auto_globals_jit = On + +; Whether PHP will read the POST data. +; This option is enabled by default. +; Most likely, you won't want to disable this option globally. It causes $_POST +; and $_FILES to always be empty; the only way you will be able to read the +; POST data will be through the php://input stream wrapper. This can be useful +; to proxy requests or to process the POST data in a memory efficient fashion. +; http://php.net/enable-post-data-reading +;enable_post_data_reading = Off + +; Maximum size of POST data that PHP will accept. +; Its value may be 0 to disable the limit. It is ignored if POST data reading +; is disabled through enable_post_data_reading. +; http://php.net/post-max-size +post_max_size = 8M + +; Automatically add files before PHP document. +; http://php.net/auto-prepend-file +auto_prepend_file = + +; Automatically add files after PHP document. +; http://php.net/auto-append-file +auto_append_file = + +; By default, PHP will output a media type using the Content-Type header. To +; disable this, simply set it to be empty. +; PHP's built-in default media type is set to text/html. +; http://php.net/default-mimetype +default_mimetype = "text/html" + +; PHP's default character set is set to UTF-8. +; http://php.net/default-charset +default_charset = "UTF-8" + +; PHP internal character encoding is set to empty. +; If empty, default_charset is used. +; http://php.net/internal-encoding +;internal_encoding = + +; PHP input character encoding is set to empty. +; If empty, default_charset is used. +; http://php.net/input-encoding +;input_encoding = + +; PHP output character encoding is set to empty. +; If empty, default_charset is used. +; See also output_buffer. +; http://php.net/output-encoding +;output_encoding = + +;;;;;;;;;;;;;;;;;;;;;;;;; +; Paths and Directories ; +;;;;;;;;;;;;;;;;;;;;;;;;; +; PHP's default setting for include_path is ".;/path/to/php/pear" +; http://php.net/include-path +;include_path = ".:/php/includes" + +; The root of the PHP pages, used only if nonempty. +; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root +; if you are running php as a CGI under any web server (other than IIS) +; see documentation for security issues. The alternate is to use the +; cgi.force_redirect configuration below +; http://php.net/doc-root +;doc_root = + +; The directory under which PHP opens the script using /~username used only +; if nonempty. +; http://php.net/user-dir +;user_dir = + +; Directory in which the loadable extensions (modules) reside. +; http://php.net/extension-dir +;extension_dir = "./" + +; Directory where the temporary files should be placed. +; Defaults to the system default (see sys_get_temp_dir) +;sys_temp_dir = "/tmp" + +; Whether or not to enable the dl() function. The dl() function does NOT work +; properly in multithreaded servers, such as IIS or Zeus, and is automatically +; disabled on them. +; http://php.net/enable-dl +enable_dl = Off + +; cgi.force_redirect is necessary to provide security running PHP as a CGI under +; most web servers. Left undefined, PHP turns this on by default. You can +; turn it off here AT YOUR OWN RISK +; **You CAN safely turn this off for IIS, in fact, you MUST.** +; http://php.net/cgi.force-redirect +;cgi.force_redirect = 1 + +; if cgi.nph is enabled it will force cgi to always sent Status: 200 with +; every request. PHP's default behavior is to disable this feature. +;cgi.nph = 1 + +; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape +; (iPlanet) web servers, you MAY need to set an environment variable name that PHP +; will look for to know it is OK to continue execution. Setting this variable MAY +; cause security issues, KNOW WHAT YOU ARE DOING FIRST. +; http://php.net/cgi.redirect-status-env +;cgi.redirect_status_env = + +; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's +; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok +; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting +; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting +; of zero causes PHP to behave as before. Default is 1. You should fix your scripts +; to use SCRIPT_FILENAME rather than PATH_TRANSLATED. +; http://php.net/cgi.fix-pathinfo +;cgi.fix_pathinfo=1 + +; if cgi.discard_path is enabled, the PHP CGI binary can safely be placed outside +; of the web tree and people will not be able to circumvent .htaccess security. +;cgi.discard_path=1 + +; FastCGI under IIS supports the ability to impersonate +; security tokens of the calling client. This allows IIS to define the +; security context that the request runs under. mod_fastcgi under Apache +; does not currently support this feature (03/17/2002) +; Set to 1 if running under IIS. Default is zero. +; http://php.net/fastcgi.impersonate +;fastcgi.impersonate = 1 + +; Disable logging through FastCGI connection. PHP's default behavior is to enable +; this feature. +;fastcgi.logging = 0 + +; cgi.rfc2616_headers configuration option tells PHP what type of headers to +; use when sending HTTP response code. If set to 0, PHP sends Status: header that +; is supported by Apache. When this option is set to 1, PHP will send +; RFC2616 compliant header. +; Default is zero. +; http://php.net/cgi.rfc2616-headers +;cgi.rfc2616_headers = 0 + +; cgi.check_shebang_line controls whether CGI PHP checks for line starting with #! +; (shebang) at the top of the running script. This line might be needed if the +; script support running both as stand-alone script and via PHP CGI<. PHP in CGI +; mode skips this line and ignores its content if this directive is turned on. +; http://php.net/cgi.check-shebang-line +;cgi.check_shebang_line=1 + +;;;;;;;;;;;;;;;; +; File Uploads ; +;;;;;;;;;;;;;;;; +; Whether to allow HTTP file uploads. +; http://php.net/file-uploads +file_uploads = On + +; Temporary directory for HTTP uploaded files (will use system default if not +; specified). +; http://php.net/upload-tmp-dir +upload_tmp_dir = /var/lib/php/uploads + +; Maximum allowed size for uploaded files. +; http://php.net/upload-max-filesize +upload_max_filesize = 20M + +; Maximum number of files that can be uploaded via a single request +max_file_uploads = 20 + +;;;;;;;;;;;;;;;;;; +; Fopen wrappers ; +;;;;;;;;;;;;;;;;;; +; Whether to allow the treatment of URLs (like http:// or ftp://) as files. +; http://php.net/allow-url-fopen +allow_url_fopen = On + +; Whether to allow include/require to open URLs (like http:// or ftp://) as files. +; http://php.net/allow-url-include +allow_url_include = Off + +; Define the anonymous ftp password (your email address). PHP's default setting +; for this is empty. +; http://php.net/from +;from="john@doe.com" + +; Define the User-Agent string. PHP's default setting for this is empty. +; http://php.net/user-agent +;user_agent="PHP" + +; Default timeout for socket based streams (seconds) +; http://php.net/default-socket-timeout +default_socket_timeout = 60 + +; If your scripts have to deal with files from Macintosh systems, +; or you are running on a Mac and need to deal with files from +; unix or win32 systems, setting this flag will cause PHP to +; automatically detect the EOL character in those files so that +; fgets() and file() will work regardless of the source of the file. +; http://php.net/auto-detect-line-endings +;auto_detect_line_endings = Off + +[Assertion] +; Switch whether to compile assertions at all (to have no overhead at run-time) +; -1: Do not compile at all +; 0: Jump over assertion at run-time +; 1: Execute assertions +; Changing from or to a negative value is only possible in php.ini! (For turning assertions on and off at run-time, see assert.active, when zend.assertions = 1) +; Default Value: 1 +; Development Value: 1 +; Production Value: -1 +; http://php.net/zend.assertions +zend.assertions = -1 + +; Assert(expr); active by default. +; http://php.net/assert.active +;assert.active = On + +; Throw an AssertionError on failed assertions +; http://php.net/assert.exception +;assert.exception = On + +; Issue a PHP warning for each failed assertion. (Overridden by assert.exception if active) +; http://php.net/assert.warning +;assert.warning = On + +; Don't bail out by default. +; http://php.net/assert.bail +;assert.bail = Off + +; User-function to be called if an assertion fails. +; http://php.net/assert.callback +;assert.callback = 0 + +; Eval the expression with current error_reporting(). Set to true if you want +; error_reporting(0) around the eval(). +; http://php.net/assert.quiet-eval +;assert.quiet_eval = 0 + +[browscap] +; http://php.net/browscap +;browscap = extra/browscap.ini + +[CLI Server] +; Whether the CLI web server uses ANSI color coding in its terminal output. +cli_server.color = On + +[Date] +; Defines the default timezone used by the date functions +; http://php.net/date.timezone +date.timezone = UTC + +; http://php.net/date.default-latitude +;date.default_latitude = 31.7667 + +; http://php.net/date.default-longitude +;date.default_longitude = 35.2333 + +; http://php.net/date.sunrise-zenith +;date.sunrise_zenith = 90.583333 + +; http://php.net/date.sunset-zenith +;date.sunset_zenith = 90.583333 + + +;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; Built-In Module Settings ; +;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +[COM] +; path to a file containing GUIDs, IIDs or filenames of files with TypeLibs +; http://php.net/com.typelib-file +;com.typelib_file = + +; allow Distributed-COM calls +; http://php.net/com.allow-dcom +;com.allow_dcom = true + +; autoregister constants of a component's typlib on com_load() +; http://php.net/com.autoregister-typelib +;com.autoregister_typelib = true + +; register constants casesensitive +; http://php.net/com.autoregister-casesensitive +;com.autoregister_casesensitive = false + +; show warnings on duplicate constant registrations +; http://php.net/com.autoregister-verbose +;com.autoregister_verbose = true + +; The default character set code-page to use when passing strings to and from COM objects. +; Default: system ANSI code page +;com.code_page= + +[filter] +; http://php.net/filter.default +;filter.default = unsafe_raw + +; http://php.net/filter.default-flags +;filter.default_flags = + +[mail function] +; You may supply arguments as well (default: "sendmail -t -i"). +; http://php.net/sendmail-path +;sendmail_path = "/usr/sbin/sendmail -f 'noreply@slackware.uk' -t" + +; Force the addition of the specified parameters to be passed as extra parameters +; to the sendmail binary. These parameters will always replace the value of +; the 5th parameter to mail(). +;mail.force_extra_parameters = + +; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename +mail.add_x_header = Off + +; The path to a log file that will log all mail() calls. Log entries include +; the full path of the script, line number, To address and headers. +;mail.log = +; Log mail to syslog (Event Log on Windows). +;mail.log = syslog + +[Pcre] +; PCRE library backtracking limit. +; http://php.net/pcre.backtrack-limit +;pcre.backtrack_limit=100000 + +; PCRE library recursion limit. +; Please note that if you set this value to a high number you may consume all +; the available process stack and eventually crash PHP (due to reaching the +; stack size limit imposed by the Operating System). +; http://php.net/pcre.recursion-limit +;pcre.recursion_limit=100000 + +; Enables or disables JIT compilation of patterns. This requires the PCRE +; library to be compiled with JIT support. +;pcre.jit=1 From f5955ae05d6c100ebf24e146ea09bdd6fa764c28 Mon Sep 17 00:00:00 2001 From: Darren 'Tadgy' Austin Date: Wed, 29 Oct 2025 17:13:19 +0000 Subject: [PATCH 25/26] Correct rsyslog.conf. --- .gitattributesdb | 2 +- etc/rsyslog.conf | 177 ++++++++++++++++++++++++++++++----------------- 2 files changed, 113 insertions(+), 66 deletions(-) diff --git a/.gitattributesdb b/.gitattributesdb index 60d0b26..39e8172 100644 --- a/.gitattributesdb +++ b/.gitattributesdb @@ -113,7 +113,7 @@ ZXRjL3BrZ2xpc3Q= 1761696000 1757609913 root:root 0644 - - ZXRjL3BsYS9jb25maWcucGhwLmdwZw== 1761052640 1758539944 root:root 0644 - - ZXRjL3B1c2hvdmVyLWNsaWVudC9kZWZhdWx0 1758224985 1758224590 root:root 0600 - - ZXRjL3Jlc29sdi5jb25m 1757611605 1757611605 root:root 0644 - - -ZXRjL3JzeXNsb2cuY29uZg== 1758295632 1747894670 root:root 0644 - - +ZXRjL3JzeXNsb2cuY29uZg== 1757785113 1757785113 root:root 0644 - - ZXRjL3J1bmxldmVscy9ib290Ly5naXRpZ25vcmU= 1757769666 1757598667 root:root 0644 - - ZXRjL3J1bmxldmVscy9ib290L3JzeXNsb2c= 1757708520 1757708520 root:root 0777 - - ZXRjL3J1bmxldmVscy9kZWZhdWx0Ly5naXRpZ25vcmU= 1757598703 1757598703 root:root 0644 - - diff --git a/etc/rsyslog.conf b/etc/rsyslog.conf index 2682e3c..e3caae5 100644 --- a/etc/rsyslog.conf +++ b/etc/rsyslog.conf @@ -1,72 +1,127 @@ -# rsyslog configuration file -# -# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html -# or latest version online at http://www.rsyslog.com/doc/rsyslog_conf.html -# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html +# Load modules. +module(load="imudp") +module(load="imtcp") +module(load="builtin:omfile" dirCreateMode="0750" dirOwnerNum="0" dirGroupNum="0" fileCreateMode="0640" fileOwnerNum="0" fileGroupNum="0" compression.driver="zstd") -#### Global directives #### - -# Sets the directory that rsyslog uses for work files. -$WorkDirectory /var/lib/rsyslog - -# Sets default permissions for all log files. -$FileOwner root -$FileGroup adm -$FileCreateMode 0640 -$DirCreateMode 0755 -$Umask 0022 - -# Check config syntax on startup and abort if unclean (default off). -#$AbortOnUncleanConfig on - -# Reduce repeating messages (default off). -#$RepeatedMsgReduction on +# Global configuration. +global( + workDirectory="/var/lib/rsyslog" + #stdlog.channelspec="on" + maxMessageSize="16K" + senders.keepTrack="on" + senders.timeoutAfter="2419200" + senders.reportGoneAway="on" + senders.reportNew="on" +) -#### Modules #### +# Inputs. +input(type="imudp" port="25414" ruleset="syslog") +input(type="imudp" port="25415" ruleset="httplog") +input(type="imtcp" port="25414" ruleset="syslog") -# Provides --MARK-- message capability. -module(load="immark") -# Provides support for local system logging (e.g. via logger command). -module(load="imuxsock") +# Rulesets. +ruleset(name="syslog") { + set $.host = tolower(field($hostname, ".", 1)); + set $.domain = tolower(re_extract($hostname, '[^.]+\\.(.*)', 0, 1, "unknown_domain")); + if ($app-name != "") then { + set $.proc = $app-name; + if ($procid != "" and $procid != "-") then { + set $.proc = '[' & $procid & ']'; + } + } else { + set $.proc = '-'; + } + if ($msgid != "") then { + set $.id = $msgid; + } else { + set $.id = '-'; + } -# Reads kernel messages. -module(load="imklog") + template(name="LogLineSingleHost" type="string" string="%timereported:::date-utc,date-rfc3339% %$.host% %pri-text% %$.proc% %$.id% :%msg:::sp-if-no-1st-sp%%msg:::escape-cc,drop-last-lf%\n") + template(name="LogLineAllHosts" type="string" string="%timereported:::date-utc,date-rfc3339% %hostname% %pri-text% %$.proc% %$.id% :%msg:::sp-if-no-1st-sp%%msg:::escape-cc,drop-last-lf%\n") -#### Config files #### +# FIXME: Log each facility to the AllHosts logs. Compression? + if prifilt("auth.*,authpriv.*") then { + action(type="omfile" file="/tmp/log/AllHosts/auth" template="LogLineAllHosts" zipLevel="6" asyncWriting="on" flushInterval="5" ioBufferSize="64k" ) + } else if ... then { -# Include all config files in /etc/rsyslog.d/. + + + template(name="LogFileeSingleHost" type="string" string="/tmp/logs/%$.host%/ +%timereported:::date-utc,date-rfc3339% %$.host% %pri-text% %$.proc% %$.id% :%msg:::sp-if-no-1st-sp%%msg:::escape-cc,drop-last-lf%\n") + + + + if prifilt("*.info") then { + action(type="omfile" file="/var/log/info.log") + } +} + + + + +#template(name="SyslogLineFormat" type="list") { +# property(name="timereported" dateFormat="rfc3339" caseConversion="lower") # Timestamp yyyy-MM-dd'T'HH:mm:ss.SSS'Z' +# constant(value=" ") +# property(name="hostname") # Hostname +# constant(value=" ") +# property(name="syslogfacility") # Facility +# constant(value=".") +# property(name="syslogpriority") # Log priority +# constant(value=" ") +# property(name="syslogtag") # Syslog tag +# constant(value=": ") +# property(name="msg") # Message content +# constant(value="\n") +#} + + + + +#template(name="LogHostFile" type="string" string="/mnt/Data/logs/%HOSTNAME:::escape-cc,secpath-replace%/ +#%TIMESTAMP:::date-utc,date-year%/%TIMESTAMP:::date-utc,date-month%/%TIMESTAMP:::date-utc,date-day%/ +# %syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n") + +#template(name="LogAllHostsFile" type="string" string="/mnt/Data/logs/AllHosts/ +#%TIMESTAMP:::date-utc,date-year%/%TIMESTAMP:::date-utc,date-month%/%TIMESTAMP:::date-utc,date-day%/ +# %syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n") + + + + +#VMWare: RFC 5424 + + + +# Parser. +#parser( +# name="FIXME" +# type="pmnormalize" +# rule=[ +# "rule=:<%pri:number%> %fromhost-ip:ipv4% %hostname:word% %syslogtag:char-to:\\x3a%: %msg:rest%", +# "rule=:<%pri:number%> %hostname:word% %fromhost-ip:ipv4% %syslogtag:char-to:\\x3a%: %msg:rest%" +# ] +#) + + +# Rules +#ruleset(name="outp" parser="custom.pmnormalize") { +# action(type="omfile" File="/tmp/output") +#} + + +# Outputs. +action(type="omfile" file="/tmp/messages" template="LogLineSingleHost") + + + +# Include additional configurations. include(file="/etc/rsyslog.d/*.conf" mode="optional") -#### Rules #### -*.* /var/log/everything - -# Log all kernel messages to kern.log. -kern.* /var/log/kern.log - -# Log anything (except mail) of level info or higher. -# Don't log private authentication messages! -# NOTE: The minus sign in front of filename disables buffer flush. -*.info;authpriv.none;cron.none;kern.none;mail.none -/var/log/messages - -# The authpriv file has restricted access. -authpriv.* /var/log/auth.log - -# Log all the mail messages in one place. -mail.* -/var/log/mail.log - -# Log cron stuff. -cron.* -/var/log/cron.log - -# Everybody gets emergency messages. -*.emerg :omusrmsg:* - -# Log all kernel messages to the console. -# Logging much else clutters up the screen. -#kern.* /dev/console ### Examples #### @@ -86,11 +141,3 @@ cron.* -/var/log/cron.log # action.resumeRetryCount="-1" # action.resumeInterval="30" #) - -# Receive messages from remote host via UDP -# for parameters see http://www.rsyslog.com/doc/imudp.html -#module(load="imudp") # needs to be done just once -#input( -# type="imudp" -# port="514" -#) From 630fe332da2e32fa102932663dbe633be98134ed Mon Sep 17 00:00:00 2001 From: Darren 'Tadgy' Austin Date: Wed, 29 Oct 2025 17:15:16 +0000 Subject: [PATCH 26/26] clean-fd script. --- .gitattributesdb | 3 ++- root/.gitignore | 1 + root/clean-fd | 5 +++++ 3 files changed, 8 insertions(+), 1 deletion(-) create mode 100755 root/clean-fd diff --git a/.gitattributesdb b/.gitattributesdb index 39e8172..5d38a61 100644 --- a/.gitattributesdb +++ b/.gitattributesdb @@ -161,11 +161,12 @@ cm9vdC8uYmFzaF9sb2dvdXQ= 1757582867 1757582867 root:root 0644 - - cm9vdC8uYmFzaF9wcm9maWxl 1757584711 1757584711 root:root 0644 - - cm9vdC8uYmFzaHJj 1758887027 1757586493 root:root 0644 - - cm9vdC8uZ2l0Y29uZmln 1757582738 1757582738 root:root 0644 - - -cm9vdC8uZ2l0aWdub3Jl 1758539776 1757600312 root:root 0644 - - +cm9vdC8uZ2l0aWdub3Jl 1761758092 1757600312 root:root 0644 - - cm9vdC8ubG9jYWwvc2hhcmUvbmFuby8uZ2l0aWdub3Jl 1757586210 1757586210 root:root 0644 - - cm9vdC8ubmFub3Jj 1757585756 1757585756 root:root 0644 - - cm9vdC8uc3NoLy5naXRpZ25vcmU= 1757593349 1757593349 root:root 0644 - - cm9vdC8uc3NoL2F1dGhvcml6ZWRfa2V5cw== 1757587611 1757587611 root:root 0644 - - +cm9vdC9jbGVhbi1mZA== 1758994151 1758992264 root:root 0755 - - dmFyLy5naXRpZ25vcmU= 1758288612 1758288560 root:root 0644 - - dmFyL2xpYi8uZ2l0aWdub3Jl 1758288797 1758288764 root:root 0644 - - ZXRjL2RvYXMuY29uZg== 1728635393 1728635393 root:root 0640 - - diff --git a/root/.gitignore b/root/.gitignore index 64fb34d..5402730 100644 --- a/root/.gitignore +++ b/root/.gitignore @@ -2,6 +2,7 @@ !/.* !/.*/ !/.*/** +!/clean-fd /.bash_history* /.composer/ diff --git a/root/clean-fd b/root/clean-fd new file mode 100755 index 0000000..c0a69d9 --- /dev/null +++ b/root/clean-fd @@ -0,0 +1,5 @@ +#!/bin/bash + +rm -f /var/spool/fusiondirectory/* +rm -f /var/cache/fusiondirectory/{fai/*,fusiondirectory.auth,template/*,tmp/*} +rm -f /var/lib/php/sessions/*