Release 2025.08.03

Makefile

@@ -1,5 +1,5 @@
 # Makefile for desktop-base-openmamba package
-# Copyright (C) 2004-2022 by Silvan Calarco <silvan.calarco@mambasoft.it>
+# Copyright (C) 2004-2024 by Silvan Calarco <silvan.calarco@mambasoft.it>
 # Copyright (C) 2005-2007 by Davide Madrisan <davide.madrisan@gmail.com>
 
 include VERSION
@@ -21,7 +21,6 @@ DESTDIR =
 prefix = /usr
 exec_prefix = ${prefix}
 sysconfdir = /etc
-sbindir = ${exec_prefix}/sbin
 bindir = ${exec_prefix}/bin
 datadir = ${prefix}/share
 ifeq ($(ARCH), x86_64)
@@ -33,7 +32,6 @@ initrddir = ${sysconfdir}/rc.d/init.d
 mandir = ${prefix}/usr/share/man
 sysconfigdir= ${sysconfdir}/sysconfig
 profiledir = ${sysconfdir}/profile.d
-mambaimagesdir = ${datadir}/openmamba/images
 iconsdir = ${datadir}/icons/hicolor
 localesdir = ${datadir}/locale
 pck_desktop = $(wildcard desktop/*.bz2)
@@ -103,22 +101,23 @@ install-locales: locales
 	   $(INSTALL_DATA) $${f/.po/.mo} $$dir/openmamba-update.mo;\
 	done
 
-install-kde-distro-addons: dist-update
+install-system-files: dist-update
 	@$(INSTALL_DIR) $(DESTDIR)$(sysconfdir)
 	@$(INSTALL_DIR) $(DESTDIR)$(bindir)
 	@$(INSTALL_DIR) $(DESTDIR)$(datadir)
-	@$(INSTALL_DIR) $(DESTDIR)$(sbindir)
 	@$(INSTALL_DIR) $(DESTDIR)$(distrobindir)
-	@$(INSTALL_DIR) $(DESTDIR)$(mambaimagesdir)
 	cp -r etc/polkit-1 $(DESTDIR)$(sysconfdir)/
-	cp -r etc/prelink.conf.d $(DESTDIR)$(sysconfdir)/
 	cp -r etc/profile.d $(DESTDIR)$(sysconfdir)/
 	cp -r etc/sudoers.d $(DESTDIR)$(sysconfdir)/
 	cp -r etc/sysconfig $(DESTDIR)$(sysconfdir)/
+	cp -r usr $(DESTDIR)/
 
 install-os-makereport:
 	$(INSTALL_SCRIPT) os-makereport/os-makereport $(DESTDIR)$(bindir)
 
+install-sb-setup:
+	$(INSTALL_SCRIPT) sb-setup/sb-setup $(DESTDIR)$(bindir)
+
 install-desktop:
 	@$(INSTALL_DIR) $(DESTDIR)$(distrodesktopdir)
 	$(INSTALL_DATA) $(pck_desktop) $(DESTDIR)$(distrodesktopdir)
@@ -129,10 +128,11 @@ install-openmamba-update:
 	$(INSTALL_SCRIPT) openmamba-update/openmamba-update $(DESTDIR)$(bindir)
 
 install: $(pck_infiles:.in=) \
-	install-kde-distro-addons \
+	install-system-files \
 	install-desktop \
 	install-openmamba-update \
 	install-os-makereport \
+	install-sb-setup \
 	install-locales
 
 dist: clean

VERSION

@@ -1 +1 @@
-VERSION = 2022.07.28
+VERSION = 2025.08.03

etc/prelink.conf.d/skype.conf

@@ -1 +0,0 @@
--b /usr/bin/skype

etc/sudoers.d/dnf

@@ -0,0 +1,5 @@
+# DNF install/update without password for sysadmin or packager groups
+Cmnd_Alias DNF_CMD = /usr/bin/dnf update, /usr/bin/dnf install *
+
+%packager ALL = NOPASSWD: DNF_CMD
+%sysadmin ALL = NOPASSWD: DNF_CMD

etc/sudoers.d/yum

@@ -1,5 +0,0 @@
-# Yum install/update without password for sysadmin or packager groups
-Cmnd_Alias YUM_CMD = /usr/bin/yum update, /usr/bin/yum install *
-
-%packager ALL = NOPASSWD: YUM_CMD
-%sysadmin ALL = NOPASSWD: YUM_CMD

openmamba-update/po/it.po

@@ -1,3 +1,21 @@
+# openmamba update translations.
+# Copyright (C) 2011-2023 openmamba
+# Silvan Calarco <silvan.calarco@mambasoft.it>, 2011-2023
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: 1.90\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2022-06-19 12:53+0200\n"
+"PO-Revision-Date: 2011-04-26 18:37+CEST\n"
+"Last-Translator: Silvan Calarco <silvan.calarco@mambasoft.it>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Generated-By: pygettext.py 1.5\n"
+
 #: openmamba-netsrpms:21
 msgid "Error: invalid option $1; aborting."
 msgstr "Errore: opzione $1 non valida; uscita."

os-makereport/os-makereport

@@ -2,15 +2,20 @@
 #
 # GNU/Linux O.S. report generation tool
 #
-# Copyright (c) 2008-2022 by Silvan Calarco <silvan.calarco@mambasoft.it>
+# Copyright (c) 2008-2025 by Silvan Calarco <silvan.calarco@mambasoft.it>
 #
 
-MAKEREPORT_VERSION=20220728
+MAKEREPORT_VERSION=20250803
 TEMPFILE=`mktemp`
 
 . ${ROOT}/etc/sysconfig/machine
 . ${ROOT}/etc/os-release
 
+if [ "${SUDO_USER}" == "" ]; then
+   # mambareport uses pkexec instead of sudo
+   SUDO_USER="\#${PKEXEC_UID}"
+fi
+
 [ ! "$SYSTEM_MANUFACTURER" -o "$SYSTEM_MANUFACTURER" = "System manufacturer" ]  && {
    SYSTEM_MANUFACTURER=unknown
 }
@@ -120,7 +125,8 @@ _EOF
 }
 
 echo "${NAME} report generation tool ${MAKEREPORT_VERSION}"
-echo "Copyright (c) 2008-2022 by Silvan Calarco <silvan.calarco@mambasoft.it>"
+echo "Copyright (c) 2008-2024 by Silvan Calarco <silvan@openmamba.org>"
+echo "Released under the terms of the GNU GPL v3 license"
 echo
 
 [ $UID = 0 ] || {
@@ -130,7 +136,6 @@ echo
 
 
 echo "Gathering information..."
-
 cat > $TEMPFILE << _EOF
 ****************************************************************************
 * ${NAME} diagnostic information ${MAKEREPORT_VERSION} for host $HOSTNAME (`date`)
@@ -141,7 +146,7 @@ if [ "$NOTE" ]; then
 echo "
 REPORTED PROBLEM:
 =================" >> $TEMPFILE
-cat "$NOTE" >> $TEMPFILE
+echo "$NOTE" >> $TEMPFILE
 echo >> $TEMPFILE
 fi
 
@@ -210,6 +215,9 @@ catfile /var/log/Xorg.5.log "Xorg installation test log"
 # Other details
 catcommand "/usr/bin/lspci -vv" "PCI hardware information (verbose)"
 
+# Systemd coredumps
+catcommand "/usr/bin/coredumpctl info -q -r" "Systemd coredumps (more recent first)"
+
 cp $TEMPFILE $REPORTNAME || exit 1
 chmod +r $REPORTNAME
 rm -f $TEMPFILE

sb-setup/sb-setup

@@ -0,0 +1,86 @@
+#!/bin/bash
+#
+# openmamba secure boot setup script
+#
+# Copyright (c) 2024 by Silvan Calarco <silvan.calarco@mambasoft.it>
+# Released under the terms of the GNU GPL License v3
+
+# Requires: sbsigntools shim-signed efibootmgr
+
+# Sample chroot mount:
+# sudo mount -o bind /dev /mnt/sda2/dev
+# sudo mount -o bind /sys /mnt/sda2/sys
+# sudo mount -o bind /proc /mnt/sda2/proc
+# sudo mount -o bind /run /mnt/sda2/run
+# sudo mount -o bind /mnt/sda1 /mnt/sda2/boot/efi
+# sudo mount -o bind /sys/firmware/efi/efivars /mnt/sda2/sys/firmware/efi/efivars/
+
+SECUREBOOT_ENABLED=`xxd -p -l4 -s1 /sys/firmware/efi/efivars/SecureBoot-* 2>/dev/null`
+
+QUIET=
+
+[ "$1" = "-q" ] && QUIET=1
+
+[ "$QUIET" ] || echo "Secure boot setup script for openmamba"
+
+[ $UID -eq 0 ] || {
+   echo "This script must be run as root; exiting."
+   exit 1
+}
+
+[ "$SECUREBOOT_ENABLED" == "00000001" ] || {
+   [ "$QUIET" ] || echo "Secure Boot is not enabled; exiting."
+   exit 0
+}
+
+EFIDIR=/boot/efi/
+EFILABEL="openmamba"
+CERTDIR="/var/lib/sb-setup/mok"
+BOOTDEV=`findmnt -fno SOURCE /boot/efi`
+
+# Setup MAchine Owner Key folder
+[ -e ${CERTDIR} ] || mkdir -p ${CERTDIR}
+
+# Sign EFI image for secure boot
+[ -e ${CERTDIR}/MOK.cer ] || {
+   [ "$QUIET" ] || echo "Creating Machine Owner Key and certificates"
+   openssl req -newkey rsa:2048 -nodes -keyout ${CERTDIR}/MOK.key -new -x509 -sha256 \
+      -days 3650 -subj "/CN=${EFILABEL} Machine Owner Key/" -out ${CERTDIR}/MOK.crt
+   openssl x509 -outform DER -in ${CERTDIR}/MOK.crt -out ${CERTDIR}/MOK.cer
+}
+
+#grub-mkimage -o ${EFIDIR}/grubx64.efi -O x86_64-efi -p /boot/grub \
+
+[ "$QUIET" ] || echo "Create EFI grub image"
+grub-install --target=x86_64-efi --efi-directory=${EFIDIR} --bootloader-id="${EFILABEL}" \
+   --sbat /usr/share/grub/sbat.csv --recheck \
+   --modules="all_video bli boot chain configfile cpuid echo efifwsetup efi_gop efi_uga efinet ext2 \
+   fat font gettext gfxmenu gfxterm gfxterm gfxterm_background gzio halt help hfsplus \
+   iso9660 jpeg keystatus linux loadenv loopback ls lsefi lsefimmap lsefisystab lssal \
+   memdisk minicmd normal ntfs ntfscomp part_apple part_gpt part_msdos password_pbkdf2 \
+   play png probe reboot regexp search search_fs_file search_fs_uuid search_label sleep \
+   smbios squash4 test tpm true video video_bochs video_cirrus xfs zfs zfscrypt zfsinfo"
+
+[ "$QUIET" ] || echo "Signing EFI grub image for Secure Boot"
+sbsign --key ${CERTDIR}/MOK.key --cert ${CERTDIR}/MOK.crt --output ${EFIDIR}/EFI/${EFILABEL}/grubx64.efi ${EFIDIR}//EFI/${EFILABEL}/grubx64.efi
+
+for k in /boot/vmlinuz-*; do
+    echo "Signing $k for Secure Boot"
+    # Remove a previous signature if present
+    sbattach --remove ${k} 2>/dev/null
+    sbsign --key ${CERTDIR}/MOK.key --cert ${CERTDIR}/MOK.crt --output ${k} ${k}
+done
+
+[ "$QUIET" ] || echo "Copying MOK.cer into ${EFIDIR}/EFI/${EFILABEL}/"
+cp ${CERTDIR}/MOK.cer ${EFIDIR}/EFI/${EFILABEL}/
+
+# Install shim-signed
+[ "$QUIET" ] || echo "Installing shim images on ${EFIDIR}/EFI/${EFILABEL}"
+cp /usr/share/shim-signed/shimx64.efi ${EFIDIR}/EFI/${EFILABEL}/
+cp /usr/share/shim-signed/mmx64.efi ${EFIDIR}/EFI/${EFILABEL}/
+
+# Create EFI bootmanager entry for shimx64
+[ "$QUIET" ] || echo "Configuring /EFI/${EFILABEL}/shimx64.efi for boot"
+efibootmgr -q -c -d ${BOOTDEV} -L "${EFILABEL}" -l "/EFI/${EFILABEL}/shimx64.efi"
+
+[ "$QUIET" ] || echo "Done."

usr/bin/service

@@ -0,0 +1,45 @@
+#!/bin/sh
+#
+# Simple service execution tool
+
+USAGE=$"Usage: ""$0 [service_name [start|stop|restart|..]]"
+VERSION="${0##*/} ver. 0.61"
+
+INITDDIR="/etc/init.d"
+SERVICE=
+OPTIONS=
+
+if [ $# -eq 0 ]; then
+   echo "${USAGE}" >&2
+   exit 1
+fi
+
+while [ $# -gt 0 ]; do
+   case "$1" in
+   --help | -h)
+      echo "${USAGE}" >&2
+      exit 0
+      ;;
+   --version | -V)
+      echo "${VERSION}" >&2
+      exit 0
+      ;;
+   *)
+      if [ -z "${SERVICE}" ]; then
+         SERVICE="${1}"
+      else
+         OPTIONS="${OPTIONS} ${1}"
+      fi
+      shift
+      ;;
+   esac
+done
+
+if [ -d /run/systemd ]; then
+   systemctl ${OPTIONS} ${SERVICE}.service
+elif [ -x "${INITDDIR}/${SERVICE}" ]; then
+   env -i PATH="$PATH" TERM="$TERM" "${INITDDIR}/${SERVICE}" ${OPTIONS}
+else
+   echo "${SERVICE}: "$"unrecognized service" >&2
+   exit 1
+fi

usr/lib/modprobe.d/blacklist-net.conf

@@ -0,0 +1,5 @@
+# Disable obscure network protocols
+blacklist ax25
+blacklist netrom
+blacklist x25
+blacklist rose

usr/lib/modprobe.d/lp.conf

@@ -0,0 +1 @@
+install parport_pc /sbin/modprobe -i parport_pc; /sbin/modprobe lp

usr/lib/modprobe.d/rtl8192ce.conf

@@ -0,0 +1 @@
+options rtl8192ce ips=0 fwlps=0

usr/lib/sysctl.d/40-openmamba.conf

@@ -0,0 +1,45 @@
+#
+# Kernel sysctl configuration file
+#
+# /etc/sysctl.conf - Configuration file for setting system variables
+# See sysctl(8) and sysctl.conf (5) for more details.
+
+# Enable IP packet forwarding between interfaces (act as a firewall, or router)
+#net.ipv4.ip_forward = 1
+
+# Disable ICMP redirect messages
+net.ipv4.conf.all.accept_redirects = 0
+
+# Do not accept source routing
+net.ipv4.conf.all.accept_source_route = 0
+
+# Log packages that have source addresses with no known route ("martians")
+net.ipv4.conf.all.log_martians = 1
+
+# Controls source route verification
+net.ipv4.conf.all.rp_filter = 1
+
+# Enable ECN (Explicit Congestion Notification) in TCP connections
+net.ipv4.tcp_ecn = 2
+
+# Enable syncookies to hosts when the kernels syn backlog queue is overflowed
+net.ipv4.tcp_syncookies = 1
+
+# Ignore ICMP messages sent to broadcast or multicast addresses
+net.ipv4.icmp_echo_ignore_broadcasts = 1
+
+# Do not log bogus responses to broadcast frames send by hosts that ignore RFC 1122
+#net.ipv4.icmp_ignore_bogus_error_responses = 1
+
+# Ensure TCP window scaling is enabled
+net.ipv4.tcp_window_scaling = 1
+
+# Controls the System Request debugging functionality of the kernel
+# kernel.sysrq = 0
+
+# Controls whether core dumps will append the PID to the core filename.
+# Useful for debugging multi-threaded applications.
+kernel.core_uses_pid = 1
+
+# Increment default user inotify watches limit
+fs.inotify.max_user_watches=524288