[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] r17268: {incognito} This is a massive (and well tested) commit for the hardened (in incognito/branches/hardened: . arch/x86 arch/x86/overlay/isolinux portage.config root_overlay/etc/init.d root_overlay/usr/kde/3.5/share/config/kdm root_overlay/usr/sbin root_overlay/var/lib/firefox-config/firefox/o2e6y2eh.default root_overlay/var/lib/thunderbird-config/rhy4kriw.default root_overlay/var/patches)



Author: anonym
Date: 2008-11-13 20:33:05 -0500 (Thu, 13 Nov 2008)
New Revision: 17268

Added:
   incognito/branches/hardened/root_overlay/etc/init.d/vbox-guest
Modified:
   incognito/branches/hardened/ChangeLog
   incognito/branches/hardened/TODO
   incognito/branches/hardened/arch/x86/kernel-2.6.25.config
   incognito/branches/hardened/arch/x86/livecd-stage1.spec
   incognito/branches/hardened/arch/x86/livecd-stage2.spec
   incognito/branches/hardened/arch/x86/overlay/isolinux/isolinux.cfg
   incognito/branches/hardened/arch/x86/stage1.spec
   incognito/branches/hardened/arch/x86/stage2.spec
   incognito/branches/hardened/arch/x86/stage3.spec
   incognito/branches/hardened/fsscript.sh
   incognito/branches/hardened/hacking.html
   incognito/branches/hardened/portage.config/package.keywords
   incognito/branches/hardened/portage.config/package.mask
   incognito/branches/hardened/portage.config/package.unmask
   incognito/branches/hardened/portage.config/package.use
   incognito/branches/hardened/root_overlay/etc/init.d/external-locale
   incognito/branches/hardened/root_overlay/usr/kde/3.5/share/config/kdm/kdmrc
   incognito/branches/hardened/root_overlay/usr/sbin/create-homevol
   incognito/branches/hardened/root_overlay/var/lib/firefox-config/firefox/o2e6y2eh.default/bookmarks.html
   incognito/branches/hardened/root_overlay/var/lib/firefox-config/firefox/o2e6y2eh.default/prefs.js
   incognito/branches/hardened/root_overlay/var/lib/thunderbird-config/rhy4kriw.default/prefs.js
   incognito/branches/hardened/root_overlay/var/patches/xorg.conf.in.patch
Log:
This is a massive (and well tested) commit for the hardened branch, soon to be merged into trunk:
- a new portage snapshot
- merge with trunk (compatibility testing)
- support for VirtualBox, incl. additions
- various new software, e.g. koffice, twinkle
- various smaller, innocent tweaks


Modified: incognito/branches/hardened/ChangeLog
===================================================================
--- incognito/branches/hardened/ChangeLog	2008-11-14 01:21:20 UTC (rev 17267)
+++ incognito/branches/hardened/ChangeLog	2008-11-14 01:33:05 UTC (rev 17268)
@@ -1,3 +1,11 @@
+changes since 2008.1
+	- Incognito is now based on Hardened Gentoo, which should increase
+	  resistence towards certain exploits.
+	- Added support for VirtualBox.
+	- Tor 0.2.0.31	
+	- Firefox 2.0.0.17
+	- Vidalia 0.1.7
+
 2008.1 changes since 2008.0 (i.e. 20080109.1)
 	- Added an Incognito Walkthrough which will launch upon start up.
 	- Added language support for Arabic, Greek, Hebrew, Russian and

Modified: incognito/branches/hardened/TODO
===================================================================
--- incognito/branches/hardened/TODO	2008-11-14 01:21:20 UTC (rev 17267)
+++ incognito/branches/hardened/TODO	2008-11-14 01:33:05 UTC (rev 17268)
@@ -82,6 +82,9 @@
 A configuration program for Incognito specific things like creating USB, clearing persistent home, removing the lock file preventing persistent home to be used etc.
 Or maybe the new category in K menu is enough?
 
+- DSL support ?
+http://kdslbroadband.sourceforge.net/ could be something, but it seems it's not maintained any longer.
+
 - Handle ISP login requirement, possibly allow Tor to be bypassed ?
 Public networks may require a login before allowing access to the outside. Generally this is done by a transparent proxy that redirects to the login screen whenever an http request is made. A solution to this may be to add the class C network to the iptables exclusion list so the redirect won't run through Tor. The user will need to access something on the local net first though since the redirect won't happen when running through Tor. Other suggestions are welcome.
 Sometimes a direct Internet connection (i.e. bypass Tor completely) is needed, though. If we setup a new http(s) proxy that is excluded from the netfiler Tor forwarding, Torbutton could be used to have Firefox somehow access the network directly, which can be necessary when ISP require logins. For example, we could make an un-toggled Torbutton give Firefox direct Internet connection, although we really want a clear, annoying indicator that we are not anonymous any longer.

Modified: incognito/branches/hardened/arch/x86/kernel-2.6.25.config
===================================================================
--- incognito/branches/hardened/arch/x86/kernel-2.6.25.config	2008-11-14 01:21:20 UTC (rev 17267)
+++ incognito/branches/hardened/arch/x86/kernel-2.6.25.config	2008-11-14 01:33:05 UTC (rev 17268)
@@ -1,7 +1,7 @@
 #
 # Automatically generated make config: don't edit
-# Linux kernel version: 2.6.25-hardened-r3
-# Thu Aug  7 04:08:45 2008
+# Linux kernel version: 2.6.25-hardened-r9
+# Wed Nov 12 14:21:18 2008
 #
 # CONFIG_64BIT is not set
 CONFIG_X86_32=y

Modified: incognito/branches/hardened/arch/x86/livecd-stage1.spec
===================================================================
--- incognito/branches/hardened/arch/x86/livecd-stage1.spec	2008-11-14 01:21:20 UTC (rev 17267)
+++ incognito/branches/hardened/arch/x86/livecd-stage1.spec	2008-11-14 01:33:05 UTC (rev 17268)
@@ -1,12 +1,12 @@
-subarch: x86
-version_stamp: 20080807
+subarch: i686
+version_stamp: 20081109-hardened
 target: livecd-stage1
 rel_type: incognito
 profile: hardened/linux/x86/2008.0
 portage_overlay: /usr/src/incognito/portage.overlay
 portage_confdir: /usr/src/incognito/portage.config
-snapshot: 20080807
-source_subpath: incognito/stage3-x86-20080807
+snapshot: 20081109
+source_subpath: incognito/stage3-i686-20081109-hardened
 livecd/use:
 	-apm
 	-eds
@@ -81,11 +81,17 @@
 	app-crypt/gnupg
 	app-crypt/gpa
 	app-editors/vim
+	app-emulation/virtualbox-ose-additions
+	app-i18n/koffice-i18n
 	app-misc/livecd-tools
 	app-misc/pax-utils
 	app-misc/screen
 	app-misc/secure-delete
 	app-misc/vlock
+	app-office/kpresenter
+	app-office/krita
+	app-office/kspread
+	app-office/kword
 	app-portage/gentoolkit
 	dev-libs/libevent
 	kde-base/akregator
@@ -140,6 +146,7 @@
 	kde-base/kmilo
 	kde-base/kmix
 	kde-base/kmrml
+	kde-base/knetworkconf
 	kde-base/kode
 	kde-base/kolourpaint
 	kde-base/kommander
@@ -178,7 +185,9 @@
 	kde-misc/tork
 	mail-client/mozilla-thunderbird-bin
 	mail-mta/mixminion
+	media-gfx/exiv2
 	media-gfx/fbgrab
+	media-gfx/jhead
 	media-fonts/arphicfonts
 	media-fonts/font-misc-misc
 	media-fonts/kochi-substitute
@@ -199,6 +208,7 @@
 	net-dns/bind-tools
 	net-dns/pdnsd
 	net-im/pidgin
+	net-im/twinkle
 	net-irc/xchat
 	net-misc/dhcp
 	net-misc/iputils
@@ -232,7 +242,6 @@
 	net-wireless/zd1211-firmware
 	net-www/mplayerplug-in-bin
 	net-www/netscape-flash
-	sys-apps/chpax
 	sys-apps/eject
 	sys-apps/ethtool
 	sys-apps/fxload

Modified: incognito/branches/hardened/arch/x86/livecd-stage2.spec
===================================================================
--- incognito/branches/hardened/arch/x86/livecd-stage2.spec	2008-11-14 01:21:20 UTC (rev 17267)
+++ incognito/branches/hardened/arch/x86/livecd-stage2.spec	2008-11-14 01:33:05 UTC (rev 17268)
@@ -1,10 +1,10 @@
-subarch: x86
+subarch: i686
 version_stamp: __INCOGNITO_TYPE__
 target: livecd-stage2
 rel_type: incognito
 profile: hardened/linux/x86/2008.0
-snapshot: 20080807
-source_subpath: incognito/livecd-stage1-x86-20080807
+snapshot: 20081109
+source_subpath: incognito/livecd-stage1-i686-20081109-hardened
 portage_overlay: /usr/src/incognito/portage.overlay
 portage_confdir: /usr/src/incognito/portage.config
 
@@ -25,7 +25,6 @@
 
 livecd/rcadd:
 	acpid|boot
-	chpax|default
 	consolefont|boot
 	cupsd|default
 	external-config-setup|boot
@@ -41,6 +40,7 @@
 	pdnsd|default
 	polipo|default
 	tor|default
+	vbox-guest|default
 	vmware-tools|default
 	xdm|default
 
@@ -177,6 +177,7 @@
 	app-admin/eselect-compiler
 	app-admin/pwgen
 	app-doc/xorg-docs
+	app-emulation/virtualbox-ose-additions
 	app-portage/gentoolkit
 	dev-lang/nasm
 	dev-libs/elfutils
@@ -237,7 +238,7 @@
 	/usr/lib/awk
 	/usr/lib/ccache
 	/usr/lib/gcc-config
-	/usr/lib/gconv
+#	/usr/lib/gconv
 	/usr/lib/nfs
 #	/usr/lib/perl5
 	/usr/lib/portage

Modified: incognito/branches/hardened/arch/x86/overlay/isolinux/isolinux.cfg
===================================================================
--- incognito/branches/hardened/arch/x86/overlay/isolinux/isolinux.cfg	2008-11-14 01:21:20 UTC (rev 17267)
+++ incognito/branches/hardened/arch/x86/overlay/isolinux/isolinux.cfg	2008-11-14 01:33:05 UTC (rev 17268)
@@ -27,7 +27,7 @@
 label gentoo-zh
   menu label Chinese
   kernel gentoo
-  append root=/dev/ram0 init=/linuxrc looptype=squashfs loop=/image.squashfs cdroot initrd=gentoo.igz vga=791 splash=silent,theme:incognito-2008.1 console=tty1 acpi=on dopcmcia quiet lang=zh dokeymap
+  append root=/dev/ram0 init=/linuxrc looptype=squashfs loop=/image.squashfs cdroot initrd=gentoo.igz vga=791 splash=silent,theme:incognito-2008.1 console=tty1 acpi=on dopcmcia quiet lang=zh keymap=us dokeymap
 
 label gentoo-en
   menu label English

Modified: incognito/branches/hardened/arch/x86/stage1.spec
===================================================================
--- incognito/branches/hardened/arch/x86/stage1.spec	2008-11-14 01:21:20 UTC (rev 17267)
+++ incognito/branches/hardened/arch/x86/stage1.spec	2008-11-14 01:33:05 UTC (rev 17268)
@@ -1,10 +1,10 @@
-subarch: x86
+subarch: i686
 target: stage1
-version_stamp: 20080807
+version_stamp: 20081109-hardened
 rel_type: incognito
 profile: hardened/linux/x86/2008.0
 portage_confdir: /usr/src/incognito/portage.config
-snapshot: 20080807
-source_subpath: default/stage3-x86-2008.0
-chost: i486-pc-linux-gnu
-cflags: -mtune=i486 -Os -pipe -fomit-frame-pointer -fforce-addr
+snapshot: 20081109
+source_subpath: default/stage3-i686-2008.0
+chost: i686-pc-linux-gnu
+cflags: -march=i686 -Os -pipe -fomit-frame-pointer -fforce-addr

Modified: incognito/branches/hardened/arch/x86/stage2.spec
===================================================================
--- incognito/branches/hardened/arch/x86/stage2.spec	2008-11-14 01:21:20 UTC (rev 17267)
+++ incognito/branches/hardened/arch/x86/stage2.spec	2008-11-14 01:33:05 UTC (rev 17268)
@@ -1,10 +1,10 @@
-subarch: x86
+subarch: i686
 target: stage2
-version_stamp: 20080807
+version_stamp: 20081109-hardened
 rel_type: incognito
 profile: hardened/linux/x86/2008.0
 portage_confdir: /usr/src/incognito/portage.config
-snapshot: 20080807
-source_subpath: incognito/stage1-x86-20080807
-chost: i486-pc-linux-gnu
-cflags: -mtune=i486 -Os -pipe -fomit-frame-pointer -fforce-addr
+snapshot: 20081109
+source_subpath: incognito/stage1-i686-20081109-hardened
+chost: i686-pc-linux-gnu
+cflags: -march=i686 -Os -pipe -fomit-frame-pointer -fforce-addr

Modified: incognito/branches/hardened/arch/x86/stage3.spec
===================================================================
--- incognito/branches/hardened/arch/x86/stage3.spec	2008-11-14 01:21:20 UTC (rev 17267)
+++ incognito/branches/hardened/arch/x86/stage3.spec	2008-11-14 01:33:05 UTC (rev 17268)
@@ -1,11 +1,10 @@
-subarch: x86
+subarch: i686
 target: stage3
-version_stamp: 20080807
+version_stamp: 20081109-hardened
 rel_type: incognito
 profile: hardened/linux/x86/2008.0
 portage_overlay: /usr/src/incognito/portage.overlay
 portage_confdir: /usr/src/incognito/portage.config
-snapshot: 20080807
-source_subpath: incognito/stage2-x86-20080807
-chost: i486-pc-linux-gnu
-cflags: -mtune=i486 -Os -pipe -fomit-frame-pointer -fforce-addr
+snapshot: 20081109
+source_subpath: incognito/stage2-i686-20081109-hardened
+cflags: -march=i686 -Os -pipe -fomit-frame-pointer -fforce-addr

Modified: incognito/branches/hardened/fsscript.sh
===================================================================
--- incognito/branches/hardened/fsscript.sh	2008-11-14 01:21:20 UTC (rev 17267)
+++ incognito/branches/hardened/fsscript.sh	2008-11-14 01:33:05 UTC (rev 17268)
@@ -201,6 +201,30 @@
 	passwd -d "${USERNAME}"
 done
 
+# Install VirtualBox guest additions (depends on virtualbox-ose-additions)
+# FIXME: would it be sane to do this in an ebuild instead?
+VBOX_DIST="$(mktemp -t -d incognitoXXXXXXXX)"
+VBOX_SRC="$(mktemp -t -d incognitoXXXXXXXX)"
+mount -o loop /usr/share/virtualbox-ose/VBoxGuestAdditions.iso ${VBOX_DIST}
+# just unpack sources, don't run the script
+linux32 ${VBOX_DIST}/VBoxLinuxAdditions-x86.run --noexec --target ${VBOX_SRC}
+# don't add the init scripts to a run level -- we use our own script
+sed -i 's/addrunlevel() {/addrunlevel() {\nreturn 0/' ${VBOX_SRC}/routines.sh
+# since it is the build system's kernel that is running, there are a number of
+# things related to modprobe, depmod and uname -r that needs to be fixed
+sed -i 's/build_test_module() {/build_test_module() {\nreturn 0/' ${VBOX_SRC}/install.sh
+KERNEL_REL="$(ls -l /tmp/kerncache/gentoo/usr/src/linux | sed "s/\(.*\) -> linux-\(.*\)/\2/")"
+for X in $(find ${VBOX_SRC} -type f); do
+	sed -i "s/\(\$(shell uname -r)\)\|\(\`uname -r\`\)/${KERNEL_REL}/" $X
+	sed -i "s/depmod\( -ae\)\?/& ${KERNEL_REL}/" $X
+done
+# run the modified script manually to compile and install the modules
+cd ${VBOX_SRC}
+linux32 ./install.sh all
+# cleanup
+umount ${VBOX_DIST}
+rm -Rf ${VBOX_SRC} ${VBOX_DIST}
+
 # Remove root password and ensure home dir permissions
 echo "Setting up super user"
 passwd -d "root"

Modified: incognito/branches/hardened/hacking.html
===================================================================
--- incognito/branches/hardened/hacking.html	2008-11-14 01:21:20 UTC (rev 17267)
+++ incognito/branches/hardened/hacking.html	2008-11-14 01:33:05 UTC (rev 17268)
@@ -11,7 +11,7 @@
 
 <h2>Pre-reqs</h2>
 
-<p>You must know something about the following technologies:</p>
+<p>First of all you'll need a Linux installation with Catalyst present which probably amounts to a Gentoo installation. If you run another Linux distribution, see below for instructions for setting up a Gentoo Linux chroot. Additionally, you probably should know something about the following technologies to be able to work with Incognito effectively:</p>
 <ul>
 <li>Linux - the base operating system</li>
 <li>Portage - the Gentoo Linux package management system</li>
@@ -19,60 +19,76 @@
 <li>Subversion - the source code management tool</li>
 </ul>
 
-<p>
-Before submitting patches make sure you can build and test the CD. See building.html for build instructions. You can use an emulator/virtualizer such as Qemu, VMWare or Virtual PC to test it.
-</p>
+<p>Before submitting patches, please make sure you can build and run the resulting distribution. See building.html for build instructions. You can use an emulator/virtualizer such as Qemu, VMWare or Virtual PC to test it.</p>
 
 <h2>TODO list</h2>
 If you want to help out, check if there's anything interesting in the <a href="https://tor-svn.freehaven.net/svn/incognito/trunk/TODO";>TODO list</a> to design or implement. It might be a good idea to send the developers an email first, checking if there already has been some unannounced progress made etc.
 
-<h2>Updating Packages</h2>
+<h2>Important files and directories</h2>
 
-<p>Updating packages happens in portage.overlay. The following steps with bump the version number. Anything more indepth you'll need to learn how ebuilds work.</p>
-<ol>
-<li>cd to portage.overlay/category/package</li>
-<li>svn mv package-version.ebuild package-newversion.ebuild</li>
-<li>svn rm files/digest-package-version</li>
-<li>ebuild package-newversion.ebuild manifest</li>
-</ol>
+<h3>arch/x86/stage{1,2,3}.spec</h3>
+<p>Specification for the stage 1-3 tarballs. Don't change these unless you really know what you are doing.</p>
 
-<p>
-<strong>NOTICE</strong>: No alpha or beta packages unless absolutely necessary! First, people are recording this to a CD or USB, they cannot easily update to the next alpha if something goes wrong. Second, people are counting on anonymity, the packages should be well tested.
-</p>
+<h3>arch/x86/livecd-stage1{,-tiny}.spec</h3>
+<p>Specification for the main CD build. This gives the packages and use flags that are desired. Do not add packages that depend on the kernel sources being installed, that goes in <code>livecd-stage2.spec</code>.</p>
 
-<h2>Important Files</h2>
+<h3>arch/x86/livecd-stage2{,-tiny}.spec</h3>
+<p>Specification for the final stage which produces the final ISO image. livecd-stage2 basically takes on from livecd-stage1, adds a boot loader, compiles the kernel and packages depending on the kernel, runs <code>fsscript.sh</code> (see below), removes unnecessary packages and files, etc. Most changes will have to do with livecd-stage2 and mostly you can rebuild this stage to test your changes.</p>
 
-<dl>
+<h3>arch/x86/isolinux-*-cdtar.tar.bz2</h3>
+<p>Files for the isolinux boorloader, includung the theme (<code>isolinux/splash.png</code>).</p>
 
-<dt>arch/x86/stage{1,2,3}.spec</dt>
-<dd>
-Specification for the stage 1-3 tarballs. Don't change these unless you really know what you are doing.
-</dd>
+<h3>arch/x86/overlay</h3>
+<p>As per standard Catalyst behaviour, this is the CD overlay. Everything in here will be copied to the root of the ISO image. Of particular interest here is the configuration file for the bootloader (<code>arch/x86/overlay/isolinux/isolinux.cfg</code>).</p>
 
-<dt>arch/x86/livecd-stage1{,-tiny}.spec</dt>
-<dd>
-Specification for the main CD build. This gives the packages and use flags that are desired. Do not add packages that depend on the kernel sources being installed, that goes in livecd-stage2.spec.
-</dd>
+<h3>fsscript.sh</h3>
+<p>This script is run in the chroot environment of livecd-stage2. Look at it to see some things you might need to do.</p>
 
-<dt>arch/x86/livecd-stage2{,-tiny}.spec</dt>
-<dd>
-Specification for the final stage of the CD build. livecd-stage2 basically takes livecd-stage1 and modifies it for use on a live CD. The kernel is built, packages depending on the kernel are installed, package configuration is done, unnecessary packages and files removed, etc. Most changes will have to do with livecd-stage2 and mostly you can rebuild this stage to get your changes.
-</dd>
+<h3>build-stage.sh</h3>
+<p>This scripts is used to build stage{1,2,3}.spec and livecd-stage1.spec, making them directory independent (the spec files use absolute paths to determine the overlays etc.).</p>
 
-<dt>fsscript.sh</dt>
-<dd>
-This script is run in the chroot environment of livecd-stage2. Look at it to see some things you might need to do.
-</dd>
+<h3>livecd-stage2.sh</h3>
+<p>This script does pre-processing for livecd-stage2{,-tiny}.spec. If you need to generate files for the overlay programatically, this is the place to do it.</p>
 
-<dt>livecd-stage2.sh</dt>
-<dd>
-This script does pre-processing for livecd-stage2{,-tiny}.spec. If you need to generate files for the overlay programatically, this is the place to do it.
-</dd>
+<h3>portage.overlay</h3>
+<p>This will act like a normal Portage overlay.</p>
 
-</dl>
+<h3>portage.config</h3>
+<p>This will be copied into <code>/etc/portage</code>, so set package specifig keywords, {un}maskings and USE-flags here.</p>
 
+<h3>root_overlay</h3>
+<p>As per standard Catalyst behaviour, this is the root overlay. This directory structure will be copied into the filesystem root in livecd-stage2, which is very practical for putting custom configs in their right place. Below are described some special files and directories in the root overlay which are put there simply to be accessible for <code>fsscript.sh</code></p>
+
+<h4>root_overlay/etc/init.d/</h4>
+<p>There are some special init scripts here for setting up locale as chosen in the boot menu, creating/mounting a persistent home directory etc.</p>
+
+<h4>root_overlay/usr/{,s}bin</h4>
+<p>All incognito specific scripts are stored here.</p>
+
+<h4>root_overlay/var/patches</h4>
+<p>All patches (<code>*.patch</code>) in this directory are applied to the filesystem root. It is preferrable to use this approach to smaller changes or additions to scripts or configs compared to overlay them with a complete file using the root overlay since that will need constant attention when the responsible packages are updated.</p>
+
+<h4>root_overlay/var/lib/*-config and root_overlay/var/lib/kdesession</h4>
+<p>These are the users' application configs, e.g. <code>firefox-config</code> will be copied to<code>~/.mozilla</code>. The contents of <code>kdesession</code> will be copied into <code>~/kde/share/config</code>.</p>
+
+<h4>root_overlay/var/lib/incognito-menu</h4>
+<p>Used for the Incognito KDE menu.</p>
+
+<h2>Updating packages</h2>
+
+<p>Updating packages happens in <code>portage.overlay</code> (or by updating the portage snapshot, but that's restricted and coordinated by the main developers). The following steps with bump the version number. Anything more indepth you'll need to learn how ebuilds work.</p>
+<ol>
+<li>cd portage.overlay/category/package</li>
+<li>svn mv package-version.ebuild package-newversion.ebuild</li>
+<li>svn rm files/digest-package-version</li>
+<li>ebuild package-newversion.ebuild manifest</li>
+</ol>
+
+<p><strong>NOTICE</strong>: No alpha or beta packages unless absolutely necessary! First, people are recording this to a CD or USB, they cannot easily update to the next alpha if something goes wrong. Second, people are counting on anonymity, the packages should be well tested.</p>
+
+
 <h2>Gentoo Linux chroot environment</h2>
-<p>If you run another Linux distribution than Gentoo Linux (or if you run Gentoo Linux on another arch than x86 or amd64) but want to build Incognito with catalyst, simply fetch a x86 stage-3 tarball from a <a href="http://www.gentoo.org/main/en/mirrors.xml";>Gentoo Mirror</a> (preferably the latest release), extract and chroot into it. When inside the chroot, sync portage, update and install relevant applications:</p>
+<p>If you run another Linux distribution than Gentoo Linux but want to build Incognito with Catalyst, simply fetch a x86 stage-3 tarball from a <a href="http://www.gentoo.org/main/en/mirrors.xml";>Gentoo Mirror</a> (preferably the latest release), extract and chroot into it. When inside the chroot, sync portage, update and install relevant applications:</p>
 <p><code># get a stage3 tarball<br>
 wget http://files1.cjb.net/incognito/stage3-i686-*.tar.bz2
 <br>
@@ -88,11 +104,7 @@
 emerge -auvDN world<br>
 emerge -av catalyst # some more might be needed</code></p>
 <p>Then use this chroot enivonment as you would use a regular Gentoo Linux installation for building Incognito.</p>
-<p>When using menuconfig for kernel configurations on a different arch than x86, use <code>linux32 make menuconfig</code> (linux32 can be found in the sys-apps/util-linux portage package) to make sure to get a sane kernel config.
+<p>When using menuconfig for kernel configurations on a different arch than x86, use <code>linux32 make menuconfig</code> (linux32 can be found in the sys-apps/util-linux portage package) to make sure to get a sane kernel config.</p>
 
-<h2>Misc</h2>
-
-<p>The arch/*.pyo files are generated by catalyst, I don't know why. Ignore them.</p>
-
 </body>
 </html>

Modified: incognito/branches/hardened/portage.config/package.keywords
===================================================================
--- incognito/branches/hardened/portage.config/package.keywords	2008-11-14 01:21:20 UTC (rev 17267)
+++ incognito/branches/hardened/portage.config/package.keywords	2008-11-14 01:33:05 UTC (rev 17268)
@@ -34,7 +34,7 @@
 =app-misc/hal-info-20071011 ~*
 
 # Hardware
-=app-emulation/open-vm-tools-0.0.20080701.102166 ~*
+app-emulation/open-vm-tools ~*
 net-dialup/isdn-firmware ~*
 net-dialup/globespan-adsl ~*
 net-wireless/at76c503a ~*
@@ -63,15 +63,18 @@
 net-dialup/intel-536ep ~*
 net-dialup/ltmodem ~*
 net-dialup/slmodem ~*
-=x11-drivers/xf86-input-virtualbox-1.5.6 ~*
-=x11-drivers/xf86-video-virtualbox-1.5.6 ~*
+=x11-drivers/xf86-input-virtualbox-2.0.4 ~*
+=x11-drivers/xf86-input-vmmouse-12.4.3 ~*
+=x11-drivers/xf86-video-virtualbox-2.0.4 ~*
 
-# Misc (mainly to get stuff to build and work properly)
+# Misc (e.g. fixes for portage breakages)
 app-admin/keepassx ~*
+=app-emulation/virtualbox-ose-additions-2.0.4 ~*
 app-misc/livecd-tools ~*
 dev-java/java-config ~*
 dev-java/java-config-wrapper ~*
 dev-java/sun-jre-bin ~*
+=dev-util/kbuild-0.1.4 ~*
 =dev-util/livecd-kconfigs-2006.1 ~*
 =dev-util/livecd-specs-2006.1 ~*
 kde-misc/kdmtheme ~*
@@ -81,6 +84,6 @@
 =sys-boot/syslinux-3.70 ~*
 sys-devel/prelink ~*
 <sys-kernel/genkernel-9999 ~*
+=x11-drivers/xf86-video-sis-0.9.4 ~*
 x11-libs/libsynaptics ~*
 x11-misc/xdialog ~*
-=x11-drivers/xf86-video-sis-0.9.4 ~*

Modified: incognito/branches/hardened/portage.config/package.mask
===================================================================
--- incognito/branches/hardened/portage.config/package.mask	2008-11-14 01:21:20 UTC (rev 17267)
+++ incognito/branches/hardened/portage.config/package.mask	2008-11-14 01:33:05 UTC (rev 17268)
@@ -2,8 +2,8 @@
 kde-base/kdebase
 
 # We don't want other kernels sneaking in, the config may not be compatible
->sys-kernel/hardened-sources-2.6.25-r3
-<sys-kernel/hardened-sources-2.6.25-r3
+>sys-kernel/hardened-sources-2.6.25-r9
+<sys-kernel/hardened-sources-2.6.25-r9
 
 # we want to make sure to have the same version as
 # arch/x86/isolinux-*-cdtar.tar.bz2 so when changing this, update it. also, a

Modified: incognito/branches/hardened/portage.config/package.unmask
===================================================================
--- incognito/branches/hardened/portage.config/package.unmask	2008-11-14 01:21:20 UTC (rev 17267)
+++ incognito/branches/hardened/portage.config/package.unmask	2008-11-14 01:33:05 UTC (rev 17268)
@@ -1,3 +1,4 @@
+app-crypt/truecrypt
 app-misc/livecd-tools
+sys-apps/hwsetup
 x11-misc/mkxf86config
-sys-apps/hwsetup

Modified: incognito/branches/hardened/portage.config/package.use
===================================================================
--- incognito/branches/hardened/portage.config/package.use	2008-11-14 01:21:20 UTC (rev 17267)
+++ incognito/branches/hardened/portage.config/package.use	2008-11-14 01:33:05 UTC (rev 17268)
@@ -9,6 +9,7 @@
 app-crypt/truecrypt X
 x11-libs/wxGTK X
 net-irc/xchat tcl
+net-im/twinkle zrtp speex ilbc
 net-analyzer/nmap -gtk
 
 # When pidgin uses gadu, libgadu must be compiled with -ssl unfortunately

Modified: incognito/branches/hardened/root_overlay/etc/init.d/external-locale
===================================================================
--- incognito/branches/hardened/root_overlay/etc/init.d/external-locale	2008-11-14 01:21:20 UTC (rev 17267)
+++ incognito/branches/hardened/root_overlay/etc/init.d/external-locale	2008-11-14 01:33:05 UTC (rev 17268)
@@ -32,6 +32,7 @@
 		echo "user_pref(\"general.useragent.locale\", \"${LANGUAGE}\");" >> "${PREFS}"
 		echo "user_pref(\"spellchecker.dictionary\", \"${LANGUAGE}\");" >> "${PREFS}"
 	    done
+	    sed -i "s@\(https://check.torproject.org/?lang=\)\(.*\)\(&small=1\)@\1${LANGUAGE}\3@" /home/__INCOGNITO_USER__/.mozilla/firefox/*/bookmarks.html
 
 	    # Set keyboard layout in KDE
 	    case "${LANGUAGE}" in
@@ -68,8 +69,11 @@
 	    local CFONT=""
 	    local CTRANS=""
 	    case "${LANGUAGE}" in
-                "us")
+		"zh")
 		    KEYMAP="us"
+		    ;;
+		"us")
+		    KEYMAP="us"
 		    CFONT="default8x16"
 		    ;;
 		"fr")
@@ -115,7 +119,7 @@
 		    CFONT="lat0-16"
 		    ;;
 		*)  
-		    # For the others (like Chinese) it seems we can do nothing.
+		    # For the others we can do nothing.
 		    ;;
 	    esac
 

Added: incognito/branches/hardened/root_overlay/etc/init.d/vbox-guest
===================================================================
--- incognito/branches/hardened/root_overlay/etc/init.d/vbox-guest	                        (rev 0)
+++ incognito/branches/hardened/root_overlay/etc/init.d/vbox-guest	2008-11-14 01:33:05 UTC (rev 17268)
@@ -0,0 +1,55 @@
+#!/sbin/runscript
+
+depend() {
+	after autoconfig
+	before xdm
+}
+
+# This is a hack to determine whether we run inside VirtualBox or not
+vm_check() {
+	return $(lspci | grep -q "InnoTek")
+}
+
+# autoconfig doesn't detect the drivers so we set them manually
+# FIXME: this is temporary, should be fixed in hwsetup instead
+xorg_hack() {
+	sed -i "s/^\([ \t]*Driver[ \t]\+\)\"fbdev\"/\1\"vboxvideo\"/" /etc/X11/xorg.conf
+	sed -i "s/^\([ \t]*Driver[ \t]\+\)\"mouse\"/\1\"vboxmouse\"/" /etc/X11/xorg.conf
+}
+
+start() {
+	if ! vm_check; then
+		ewarn "VirtualBox Additions does nothing when running outside of VirtualBox"
+		return 0
+	fi
+
+	xorg_hack
+
+	/etc/init.d/vboxadd start
+	/etc/init.d/vboxadd-timesync start
+
+	# Some init files are modified during init before the time is set, so
+	# we touch them to assure that they are not modified in the future,
+	# otherwise we'll get loads of (admittedly harmless) warnings
+	touch /etc/{conf.d,init.d}/* &> /dev/null
+	# touch doesn't work for symlinks, so we re-link them
+	for X in $(find /etc/{conf.d,init.d} -type l); do
+		FROM=$(ls -l $X | sed 's/.* \([^ ]*\) -> \([^ ]*\)/\1/')
+		TO=$(ls -l $X | sed 's/.* \([^ ]*\) -> \([^ ]*\)/\2/')
+		ln -sf ${TO} ${FROM}
+	done
+
+	/etc/init.d/vboxvfs start
+}
+
+restart() {
+	/etc/init.d/vboxadd restart
+	/etc/init.d/vboxadd-timesync restart
+	/etc/init.d/vboxvfs restart
+}
+
+stop() {
+	/etc/init.d/vboxadd stop
+	/etc/init.d/vboxadd-timesync stop
+	/etc/init.d/vboxvfs stop
+}


Property changes on: incognito/branches/hardened/root_overlay/etc/init.d/vbox-guest
___________________________________________________________________
Name: svn:executable
   + *

Modified: incognito/branches/hardened/root_overlay/usr/kde/3.5/share/config/kdm/kdmrc
===================================================================
--- incognito/branches/hardened/root_overlay/usr/kde/3.5/share/config/kdm/kdmrc	2008-11-14 01:21:20 UTC (rev 17267)
+++ incognito/branches/hardened/root_overlay/usr/kde/3.5/share/config/kdm/kdmrc	2008-11-14 01:33:05 UTC (rev 17268)
@@ -540,7 +540,7 @@
 AutoLoginAgain=true
 # The delay in seconds before automatic login kicks in.
 # Default is 0
-AutoLoginDelay=10
+AutoLoginDelay=0
 # The user to log in automatically. NEVER specify root!
 # Default is ""
 AutoLoginUser=__INCOGNITO_USER__

Modified: incognito/branches/hardened/root_overlay/usr/sbin/create-homevol
===================================================================
--- incognito/branches/hardened/root_overlay/usr/sbin/create-homevol	2008-11-14 01:21:20 UTC (rev 17267)
+++ incognito/branches/hardened/root_overlay/usr/sbin/create-homevol	2008-11-14 01:33:05 UTC (rev 17268)
@@ -105,7 +105,7 @@
 if [[ $? -eq 0 ]]; then
 
 	# Ask if a hidden volume should be used
-	dialog --ascii-lines --title "${TITLE}" --backtitle "${BACKTITLE}"  --yesno "${QUESTION_HIDDEN_VOLUME}" ${DIM}
+	dialog --ascii-lines --title "${TITLE}" --backtitle "${BACKTITLE}" --yesno --defaultno "${QUESTION_HIDDEN_VOLUME}" ${DIM}
 	if [[ $? -eq 0 ]]; then
 		USE_HIDDEN_VOLUME="yes"
 		PASSWORD_RECOMMENDATION="${PASSWORD_NORMAL_VS_HIDDEN}"

Modified: incognito/branches/hardened/root_overlay/var/lib/firefox-config/firefox/o2e6y2eh.default/bookmarks.html
===================================================================
--- incognito/branches/hardened/root_overlay/var/lib/firefox-config/firefox/o2e6y2eh.default/bookmarks.html	2008-11-14 01:21:20 UTC (rev 17267)
+++ incognito/branches/hardened/root_overlay/var/lib/firefox-config/firefox/o2e6y2eh.default/bookmarks.html	2008-11-14 01:33:05 UTC (rev 17268)
@@ -18,6 +18,7 @@
         <DT><A HREF="http://en-US.www.mozilla.com/en-US/firefox/community/"; ICON="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHWSURBVHjaYvz//z8DJQAggJiQOe/fv2fv7Oz8rays/N+VkfG/iYnJfyD/1+rVq7ffu3dPFpsBAAHEAHIBCJ85c8bN2Nj4vwsDw/8zQLwKiO8CcRoQu0DxqlWrdsHUwzBAAIGJmTNnPgYa9j8UqhFElwPxf2MIDeIrKSn9FwSJoRkAEEAM0DD4DzMAyPi/G+QKY4hh5WAXGf8PDQ0FGwJ22d27CjADAAIIrLmjo+MXA9R2kAHvGBA2wwx6B8W7od6CeQcggKCmCEL8bgwxYCbUIGTDVkHDBia+CuotgACCueD3TDQN75D4xmAvCoK9ARMHBzAw0AECiBHkAlC0Mdy7x9ABNA3obAZXIAa6iKEcGlMVQHwWyjYuL2d4v2cPg8vZswx7gHyAAAK7AOif7SAbOqCmn4Ha3AHFsIDtgPq/vLz8P4MSkJ2W9h8ggBjevXvHDo4FQUQg/kdypqCg4H8lUIACnQ/SOBMYI8bAsAJFPcj1AAEEjwVQqLpAbXmH5BJjqI0gi9DTAAgDBBCcAVLkgmQ7yKCZxpCQxqUZhAECCJ4XgMl493ug21ZD+aDAXH0WLM4A9MZPXJkJIIAwTAR5pQMalaCABQUULttBGCCAGCnNzgABBgAMJ5THwGvJLAAAAABJRU5ErkJggg==" ID="rdf:#$42iCK1">Get Involved</A>
         <DT><A HREF="http://en-US.www.mozilla.com/en-US/firefox/about/"; ICON="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHWSURBVHjaYvz//z8DJQAggJiQOe/fv2fv7Oz8rays/N+VkfG/iYnJfyD/1+rVq7ffu3dPFpsBAAHEAHIBCJ85c8bN2Nj4vwsDw/8zQLwKiO8CcRoQu0DxqlWrdsHUwzBAAIGJmTNnPgYa9j8UqhFElwPxf2MIDeIrKSn9FwSJoRkAEEAM0DD4DzMAyPi/G+QKY4hh5WAXGf8PDQ0FGwJ22d27CjADAAIIrLmjo+MXA9R2kAHvGBA2wwx6B8W7od6CeQcggKCmCEL8bgwxYCbUIGTDVkHDBia+CuotgACCueD3TDQN75D4xmAvCoK9ARMHBzAw0AECiBHkAlC0Mdy7x9ABNA3obAZXIAa6iKEcGlMVQHwWyjYuL2d4v2cPg8vZswx7gHyAAAK7AOif7SAbOqCmn4Ha3AHFsIDtgPq/vLz8P4MSkJ2W9h8ggBjevXvHDo4FQUQg/kdypqCg4H8lUIACnQ/SOBMYI8bAsAJFPcj1AAEEjwVQqLpAbXmH5BJjqI0gi9DTAAgDBBCcAVLkgmQ7yKCZxpCQxqUZhAECCJ4XgMl493ug21ZD+aDAXH0WLM4A9MZPXJkJIIAwTAR5pQMalaCABQUULttBGCCAGCnNzgABBgAMJ5THwGvJLAAAAABJRU5ErkJggg==" ID="rdf:#$52iCK1">About Us</A>
     </DL><p>
+    <DT><A HREF="https://check.torproject.org/?lang=en&small=1"; ADD_DATE="1221124393" LAST_MODIFIED="1221124393" ICON_URI="https://check.torproject.org/favicon.ico"; ICON="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAACHklEQVQ4jZWSTUjTAQDFH+g2/27/JHSWUdvcV1tqs/ze2Gpr7SM0x2xTyUnUyFAbZUXZHBmpFRQMIUIQiqhIO0R5raBDRmmXPpAOEesQQUEp3py8bl2cNd/993g8fkAWuUXkjX5E7cBL6AYnociG+ZuhN9hy+hEudD3ERO8TXI5PoTZrmERO5BoeNCWkC4fv4mb3Y+izho9iTHI26Ry2dsoZuIKJwWcbe9c0vQCO0vZgmG2xBsbuIxqahLCmAhFVRS2NHdy3O0wp6s1rgoGQNA8lI/49Htp2uuhztRIoVQNVkixgj1yG/LG+2El+S00z6PMzYI/Qaw3T6wwP/wduEATIbty7M87l5SW+ez3Fq/3HaLd4mQgladE4KEJjWm12Tj6Ut4cvxplOL3Hh1zyvnxji8VALq0w2djsv0WfupN3STAC5GQrqNgebWvjzR4qLvxd5vj3B0XMjbHV4WKarZKvlFCM74twkVlCAMZNMlZV+t48L89/5/tUcgzWHOPv8KZ0mJ8sN27lX1cUD+jNUCbUUYGxbgcugNZYZLEx9+cSvn1Ps3NXLty+m2VQXoKbEQHvhEbqVPVQpqllf3hzLdILgrG9kf98A0+k052Y/MOKIUFOsoVldwWr5QW5ADU0q62ofAAroiqMdPbRW2+l37+fWUjNNWj2VEhMLsI0VahelKPy3VEWwiSL0UQXWj+VCnJFg3Ywc2qQIYxRYqfMf1qfVncnmUUQAAAAASUVORK5CYII=" LAST_CHARSET="UTF-8">Are you using Tor?</A>
     <DT><A HREF="http://www.anonymityanywhere.com/"; ADD_DATE="1215537552" LAST_VISIT="1215537593" LAST_MODIFIED="1215537566" ICON="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAC90lEQVQ4jaWQTWhcVRSAz73vvbnTl2mnb5FAotmGbFxJXYxSQugQBg3RRUHE0LoRDYWQRcVt6DJ7V7a2LgpthUAFEdEaYvzpQmuiaYdMmkVimamZyXvzfu//cWOCaZceOHA48H3nhyAi/J+gzzZqtZqz1Wq91e9Hd5Ik+T1O4t+6B70bze2tc0tLS+Q5AyIe5buzFyrtdvuu1galksgFx7TIMMxS3O127R+trVvXP79e+S9zVExOTtJHza2bXEjMiwLTNMYwDrET9XC7G+Kf7b9xe28PN9YffPXehVn3kDs6ofH69MsjL7z4tpAahJQgJAcucsiLHKQSQNEAaAEnHNI4Pz09+9wPzpx55Q2lDRFSg5QakjTTvz54eO/h5uOb/adPN0uaA5EcjOAAxPlwamqKHhMgkGElJWhRgJESet3wiV+p/rD63beXKPVuy7zIBZcQJQVwiy+tra1VAQDcQ0GWxl0rOFjFAY0G3yEBnqycvvj+B1OOQ8tZb9+J+ylEUQpRVnha6/KxDVZXVu5pnqHlMVCTwMkT9lTgqXeolZfyOL4YxSkL4xSSrIAwjHqMseSY4Nq1T9eazUc/ESPAoRI8psFjZNACvqoQhpU2oKQCrRV0Ou2vFxcXs2OC/f19/snVz+Y6veiJtQSMpWCoC6ZUBvRKAJSA0grC8KDz5d3lKwsLC3gk2NjYgPn5eRqGB5sfX1l68/769s9JSrAQBBRXoHgBkgv4a2+3+cWdW+c/unz58eFg0mg0nFar5SRJ4gohXKVUSSkV1GqvnT07MTHhV04NR2GY3//lx/XVle+/cV13lzEWDw4OZnNzc4qMj4+X+v2+8y/saa2ZtZYhIrPWlgDAAwAHAAgAKEpp5jhO7Pt+Ojo6KtyRkRFjjAFCCFBKkVJqjDHSWpsjooOIFACAEIKEEO26rmKMySAIVL1e187Ozg4GQWC11sZ1XeN5nmaMqXK5LHzf577vFwMDA0W1Ws2HhoaKsbExPjMzI5eXl029Xod/ABcZ4sLboYZnAAAAAElFTkSuQmCC" LAST_CHARSET="ISO-8859-1" ID="rdf:#$Ya1Ar1">anonymityanywhere.com</A>
     <DT><A HREF="http://eqt5g4fuenphqinx.onion/"; ADD_DATE="1215537458" ICON="data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD///8A////AP///wD///8AOwAUDSQAD2QRAA2ZDQAFyw4ABssjAAuQKAAPZAAcAAn///8A////AP///wD///8A////AP///wD///8AIwAMFmtcZP89NDr/TkRJ/ykhJ/8kIij/KAUV/yoAD/9CHy3/EwAMKf///wD///8A////AP///wD///8AHAAACUw4Qf98cnn//Pz8/9TM1/9dPl3/IBYg/y0fKf9bCzT/NQAX/zoeKP8AAAAE////AP///wD///8A////ACgADSYvJSv/2d/h/+Hd4v9sP17/xsHN/1A3Tf8lGSD/YxM9/2sVRP80DB7/Ty44bv///wD///8A////AP///wAwAAUwSERJ/+jx8v/Xx9P/YDVS/7y+zP9BKEH/LiUs/2ceRf91JFT/Ngke/yYACVj///8A////AP///wD///8ANwAJHFNNUv/h6+z/9PD0/31Zev+GeJL/Rj5X/zAjK/9zL1f/ezFd/y0NGv8mAA42////AP///wD///8A////AFUAAAMVAAqge4GF//v8/P/x7/L/hHCN/1NVbf87KDP/g0Fq/14pSP9PLz3/AAAABP///wD///8A////AP///wD///8AOQAcCQcACpWcoqX/+/39/7PJ0v9oeYn/Ry89/5BVff8+IC//IAANKP///wD///8A////AP///wD///8A////AP///wBGABcLCgAHmXFucv/G4eb/SUhS/109UP9WOkf/WEJIhf///wD///8A////AP///wD///8A////AP///wD///8A////AFUAKgYZAAiGRkNJ/0IyO/9XQkj/KQAIHzMAAAX///8A////AP///wD///8A////AP///wD///8A////AP///wD///8AMwANFFxMU/9WQEr/PgAMKf///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AD4AFyFWUln/OW5Y/wCobmQAqnEJ////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wCZAGYFQpF3hQteOv8AiVGpGb2BbP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AAD//wMAjF2oB35N8gClYpcAuHEk////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8AANOEHQCvdn8ArGipALJshwC4ezb///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wAA/78IANmXNgDFgyMAv4AM////AP///wD///8A//8AAPAPAADgBwAA4AcAAOAHAADgBwAA8AcAAPgPAAD8HwAA/j8AAP5/AAD+fwAA/38AAP//AAD//wAA//8AAA==" LAST_CHARSET="UTF-8" ID="rdf:#$Wa1Ar1">core.onion</A>
     <DT><A HREF="http://www.browseanonymouslyanywhere.com/incognito/"; ADD_DATE="1196094716" LAST_CHARSET="UTF-8" ID="rdf:#$BIRUh">Incognito</A>

Modified: incognito/branches/hardened/root_overlay/var/lib/firefox-config/firefox/o2e6y2eh.default/prefs.js
===================================================================
--- incognito/branches/hardened/root_overlay/var/lib/firefox-config/firefox/o2e6y2eh.default/prefs.js	2008-11-14 01:21:20 UTC (rev 17267)
+++ incognito/branches/hardened/root_overlay/var/lib/firefox-config/firefox/o2e6y2eh.default/prefs.js	2008-11-14 01:33:05 UTC (rev 17268)
@@ -41,6 +41,9 @@
 /* Don't use google's safe browsing. */
 user_pref("browser.safebrowsing.enabled", false);
 
+/* Disable the session manager */
+user_pref("browser.sessionstore.enabled", false);
+
 /* Fonts */
 user_pref("font.name.monospace.x-western", "Bitstream Vera Sans Mono");
 user_pref("font.name.sans-serif.x-western", "Bitstream Vera Sans");
@@ -53,8 +56,8 @@
 user_pref("browser.search.useDBForOrder", true);
 
 /* Update the following two versions when upgrading Firefox */
-user_pref("extensions.lastAppVersion", "2.0.0.16");
-user_pref("browser.startup.homepage_override.mstone", "rv:1.8.1.16");
+user_pref("extensions.lastAppVersion", "2.0.0.17");
+user_pref("browser.startup.homepage_override.mstone", "rv:1.8.1.17");
 
 /* Suppress Firefox update checking. */
 user_pref("app.update.enabled", false);

Modified: incognito/branches/hardened/root_overlay/var/lib/thunderbird-config/rhy4kriw.default/prefs.js
===================================================================
--- incognito/branches/hardened/root_overlay/var/lib/thunderbird-config/rhy4kriw.default/prefs.js	2008-11-14 01:21:20 UTC (rev 17267)
+++ incognito/branches/hardened/root_overlay/var/lib/thunderbird-config/rhy4kriw.default/prefs.js	2008-11-14 01:33:05 UTC (rev 17268)
@@ -35,6 +35,7 @@
 user_pref("extensions.enigmail.composeHtmlAlertCount", 5);
 user_pref("extensions.enigmail.confirmBeforeSend", true);
 user_pref("extensions.enigmail.wrapHtmlBeforeSend",true);
+user_pref("extensions.enigmail.useDefaultComment", true);
 
 # Torbutton settings (always enabled as it scrapes IP address/host from
 # the HELO/EHLO message -- is there any other way for doing this?)

Modified: incognito/branches/hardened/root_overlay/var/patches/xorg.conf.in.patch
===================================================================
--- incognito/branches/hardened/root_overlay/var/patches/xorg.conf.in.patch	2008-11-14 01:21:20 UTC (rev 17267)
+++ incognito/branches/hardened/root_overlay/var/patches/xorg.conf.in.patch	2008-11-14 01:33:05 UTC (rev 17268)
@@ -1,6 +1,6 @@
---- etc/X11/xorg.conf.in.orig	2008-07-31 14:42:24.000000000 +0200
-+++ etc/X11/xorg.conf.in	2008-07-31 14:42:53.000000000 +0200
-@@ -1,6 +1,7 @@
+--- etc/X11/xorg.conf.in.orig	2008-10-02 17:31:33.000000000 +0200
++++ etc/X11/xorg.conf.in	2008-10-02 17:39:54.000000000 +0200
+@@ -1,11 +1,13 @@
  Section "ServerLayout"
 -	Identifier	"X.Org Configured"
 +	Identifier	"Automatically Configured"
@@ -9,7 +9,59 @@
  	InputDevice	"Keyboard0" "CoreKeyboard"
  	InputDevice	"PS/2 Mouse" "AlwaysCore"
  #	InputDevice	"Serial Mouse" "AlwaysCore"
-@@ -164,6 +165,11 @@
+ 	InputDevice	"USB Mouse" "AlwaysCore"
+ 	InputDevice	"Synaptics" "AlwaysCore"
++	InputDevice	"VMWareClickFix"
+ EndSection
+ 
+ Section "ServerFlags"
+@@ -94,6 +96,7 @@
+ Section "InputDevice"
+ 	Identifier	"Serial Mouse"
+ 	Driver	"mouse"
++	Option	"CorePointer"
+ 	Option	"Protocol" "Microsoft"
+ 	Option	"Device" "/dev/ttyS0"
+ 	Option	"Emulate3Buttons" "true"
+@@ -104,6 +107,7 @@
+ Section "InputDevice"
+ 	Identifier	"PS/2 Mouse"
+ 	Driver	"mouse"
++	Option	"CorePointer"
+ 	Option	"Protocol" "IMPS/2"
+ 	Option	"Device" "/dev/misc/psaux"
+ 	Option	"Emulate3Buttons" "true"
+@@ -115,6 +119,7 @@
+ Section "InputDevice"
+ 	Identifier	"USB Mouse"
+ 	Driver	"mouse"
++	Option	"CorePointer"
+ 	Option	"Device" "/dev/input/mice"
+ 	Option	"SendCoreEvents" "true"
+ 	Option	"Protocol" "IMPS/2"
+@@ -125,6 +130,7 @@
+ Section "InputDevice"
+ 	Identifier	"Synaptics"
+ 	Driver	"synaptics"
++	Option	"CorePointer"
+ 	Option	"Protocol" "event"
+ 	Option	"Device" "@@SYNDEV@@"
+ 	Option	"LeftEdge" "1900"
+@@ -142,6 +148,13 @@
+ 	Option	"SHMConfig" "on"
+ EndSection
+ 
++# It seems this device is necessary (and that all other pointer devices have 
++# Option "CorePointer") for fixing the VMWare double-click issue.
++Section "InputDevice"
++	Identifier	"VMWareClickFix"
++	Driver "void"
++EndSection
++
+ # Auto-generated by mkxf86config
+ @@MONITOR@@
+ 
+@@ -164,6 +177,11 @@
  #	BusID       "PCI:1:0:0"
  EndSection
  
@@ -21,7 +73,7 @@
  Section "Screen"
  	Identifier	"Screen0"
  	Device	"Card0"
-@@ -199,6 +205,41 @@
+@@ -199,6 +217,41 @@
  	EndSubSection
  EndSection