Changeset 2df08064 for server/other

Timestamp:

01/31/2016 06:49:17 AM (9 years ago)

Author:

DJ Lucas <dj@…>

Branches:

systemd-13485

Children:

d19fb65

Parents:

957e8a3d

Message:

Merge Section V. from trunk.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/branches/systemd@16885 af4574ff-66df-0310-9fd7-8a98e5e911e0

Location:

server/other

Files:

• openldap.xml (modified) (11 diffs)
• unbound.xml (modified) (7 diffs)
• xinetd.xml (modified) (2 diffs)

server/other/openldap.xml

@@ -7 +7 @@
   <!ENTITY openldap-download-http " ">
   <!ENTITY openldap-download-ftp  "ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-&openldap-version;.tgz">
-  <!ENTITY openldap-md5sum        "47c8e2f283647a6105b8b0325257e922">
+  <!ENTITY openldap-md5sum        "49ca65e27891fcf977d78c10f073c705">
   <!ENTITY openldap-size          "5.4 MB">
-  <!ENTITY openldap-buildsize     "53 MB (client), 103 MB (server, additional 5 MB for the tests)">
-  <!ENTITY openldap-time          "0.6 SBU (client), 1.1 SBU (server, additional 3.4 SBU for the tests)">
+  <!ENTITY openldap-buildsize     "53 MB (client), 103 MB (server)">
+  <!ENTITY openldap-time          "0.7 SBU (client), 1.3 SBU (server)">
 ]>
 
@@ -35 +35 @@
     </para>
 
-    &lfs77_checked;
+    &lfs78_checked;
 
     <bridgehead renderas="sect3">Package Information</bridgehead>
@@ -91 +91 @@
     <bridgehead renderas="sect4">Optional</bridgehead>
     <para role="optional">
-      <xref linkend="db"/> (not recommended by the
-      developers due to license incompatiblities),
       <xref linkend="icu"/>,
-      <xref linkend="mariadb"/> or
-      <xref linkend="postgresql"/>,
       <xref linkend="pth"/>,
-      <xref linkend="unixodbc"/> and
-      <ulink url="http://www.openslp.org/">OpenSLP</ulink>
+      <xref linkend="unixodbc"/>,
+        <xref linkend="mariadb"/> or
+        <xref linkend="postgresql"/> or
+        <ulink url="http://www.mysql.com/">MySQL</ulink>,
+      <ulink url="http://www.openslp.org/">OpenSLP</ulink>, and
+      <xref linkend="db"/> (not recommended by the developers)
     </para>
 
@@ -138 +138 @@
 
     <warning>
-      <para>
-        If upgrading from a previos installation that used Berkeley DB as
-        the backend, you will need to dump the database(s) using the
-        <command>slapcat</command> utility, relocate all files in
-        <filename class="directory">/var/lib/openldap</filename>, change all
-        instances of <option>bdb</option> to <option>mdb</option> in
-        <filename>/etc/openldap/slapd.conf</filename> and any files in
-        <filename class="directory">/etc/openldap/slapd.d</filename>, and import
-        using the <command>slapadd</command> utility after the installation is
-        completed.
+      <para>If upgrading from a previos installation that used Berkeley DB as
+      the backend, you will need to dump the database(s) using the
+      <command>slapcat</command> utility, relocate all files in
+      <filename class="directory">/var/lib/openldap</filename>, change all
+      instances of <option>bdb</option> to <option>mdb</option> in
+      <filename>/etc/openldap/slapd.conf</filename> and any files in
+      <filename class="directory">/etc/openldap/slapd.d</filename>, and import
+      using the <command>slapadd</command> utility after the installation is
+      completed.
       </para>
     </warning>
@@ -159 +158 @@
 
 <screen role="root"><userinput>groupadd -g 83 ldap &amp;&amp;
-useradd -c "OpenLDAP Daemon Owner" -d /var/lib/openldap -u 83 \
-        -g ldap -s /bin/false ldap</userinput></screen>
+useradd  -c "OpenLDAP Daemon Owner" \
+         -d /var/lib/openldap -u 83 \
+         -g ldap -s /bin/false ldap</userinput></screen>
 
     <para>
@@ -176 +176 @@
             --disable-static      \
             --disable-debug       \
+            --with-tls=openssl    \
+            --with-cyrus-sasl     \
             --enable-dynamic      \
             --enable-crypt        \
             --enable-spasswd      \
+            --enable-slapd        \
             --enable-modules      \
-            --enable-rlookups     \
             --enable-backends=mod \
-            --enable-overlays=mod \
+            --disable-ndb         \
+            --disable-sql         \
+            --disable-shell       \
             --disable-bdb         \
             --disable-hdb         \
-            --disable-ndb         \
-            --disable-sql &amp;&amp;
+            --enable-overlays=mod &amp;&amp;
+
 make depend &amp;&amp;
 make</userinput></screen>
 
     <para>
-      To test the results, issue: <command>make -k test</command>.
+      The tests appear to be fragile.  Errors may cause the tests to abort
+      prior to finishing, apparently due to timing issues.  The tests
+      take about 65 minutes and are processor independent.
+      To test the results, issue: <command>make test</command>.
     </para>
 
@@ -202 +209 @@
 install -v -dm700 -o ldap -g ldap /var/lib/openldap     &amp;&amp;
 install -v -dm700 -o ldap -g ldap /etc/openldap/slapd.d &amp;&amp;
-chmod -v 640       /etc/openldap/slapd.{conf,ldif}      &amp;&amp;
-chown -v root:ldap /etc/openldap/slapd.{conf,ldif}      &amp;&amp;
-
-install -v -dm755              /usr/share/doc/openldap-&openldap-version; &amp;&amp;
-cp -vfr doc/{drafts,rfc,guide} /usr/share/doc/openldap-&openldap-version;</userinput></screen>
-
-    <para>
-      Having slapd configuration files and ldap databases in /var/lib/openldap
-      readable by anyone is a SECURITY ISSUE, especially since a file stores
-      admin password in PLAIN TEXT. That's why mode 640 and root:ldap ownership
-      were used. Owner is root, so only root can modify the file, and group is
-      ldap, so that the group which owns slapd daemon could read but not modify
-      the file in case of a security breach. 
-    </para>
+chmod   -v    640     /etc/openldap/slapd.{conf,ldif}   &amp;&amp;
+chown   -v  root:ldap /etc/openldap/slapd.{conf,ldif}   &amp;&amp;
+
+install -v -dm755 /usr/share/doc/openldap-&openldap-version; &amp;&amp;
+cp      -vfr      doc/{drafts,rfc,guide} \
+                  /usr/share/doc/openldap-&openldap-version;</userinput></screen>
 
   </sect2>
@@ -264 +263 @@
       <parameter>--enable-overlays</parameter>: This switch enables
       all available overlays.
-    </para>
-
-    <para>
-      <parameter>--disable-bdb --disable-hdb</parameter>: These
-      switches disable
-      <application>Berkeley DB</application> backend due to
-      license incompatiblities with latest version of
-      <application>Berkeley DB</application>.
     </para>
 
@@ -308 +299 @@
       </para>
     </note>
+
+    <para>
+      <command>install ...</command>, <command>chown ...</command>,
+      and <command>chmod ...</command>:
+      Having slapd configuration files and ldap databases in /var/lib/openldap
+      readable by anyone is a SECURITY ISSUE, especially since a file stores the
+      admin password in PLAIN TEXT. That's why mode 640 and root:ldap ownership
+      were used. The owner is root, so only root can modify the file, and group is
+      ldap, so that the group which owns slapd daemon could read but not modify
+      the file in case of a security breach.
+    </para>
 
   </sect2>
@@ -371 +373 @@
             The <ulink url="http://www.openldap.org/doc/admin24/"> OpenLDAP 2.4
             Administrator's Guide</ulink> (also installed locally in
-            <filename class="directory">
+            <filename class='directory'>
             /usr/share/doc/openldap-&openldap-version;/guide/admin</filename>).
           </para>
@@ -488 +490 @@
         <seg>
           /etc/openldap,
-          /usr/lib/openldap,
-          /usr/share/doc/openldap-&openldap-version;, and
-          /var/lib/openldap
+          /{usr,var}/lib/openldap, and
+          /usr/share/doc/openldap-&openldap-version;
         </seg>
       </seglistitem>

server/other/unbound.xml

@@ -7 +7 @@
   <!ENTITY unbound-download-http "http://www.unbound.net/downloads/unbound-&unbound-version;.tar.gz">
   <!ENTITY unbound-download-ftp  " ">
-  <!ENTITY unbound-md5sum        "f85853baad15adc7ce8acefe6cda4cf8">
-  <!ENTITY unbound-size          "4.6 MB">
-  <!ENTITY unbound-buildsize     "90 MB (with HTML documentation)">
-  <!ENTITY unbound-time          "0.5 SBU (Add 0.2 SBU for tests)">
+  <!ENTITY unbound-md5sum        "a1253cbbb339dbca03404dcc58365d71">
+  <!ENTITY unbound-size          "4.7 MB">
+  <!ENTITY unbound-buildsize     "47 MB (with tests)">
+  <!ENTITY unbound-time          "0.7 SBU (with tests)">
 ]>
 
@@ -38 +38 @@
     </para>
 
-    &lfs77_checked;
+    &lfs78_checked;
 
     <bridgehead renderas="sect3">Package Information</bridgehead>
@@ -87 +87 @@
     <para role="optional">
       <xref linkend="libevent"/>,
+      <xref linkend="nettle"/>,
       <xref linkend="python2"/>,
       <xref linkend="swig"/> (for Python bindings),
-      <xref linkend="doxygen"/> (for html documentation), and
-      <ulink url="http://dnstap.info/">dnstap</ulink>
+      <xref linkend="doxygen"/> (for html documentation),
+      <!--<ulink url="http://sourceforge.net/projects/expat/">expat</ulink>, installed by LFS. -->
+      <ulink url="http://dnstap.info/">dnstap</ulink>, and
+      <ulink url="https://pypi.python.org/pypi/Sphinx">Sphinx</ulink> (for
+      Python bindings documentation)
     </para>
 
@@ -123 +127 @@
 
     <para>
-      If you have <xref linkend="doxygen"/> package installed and want to build 
+      If you have <xref linkend="doxygen"/> package installed and want to build
       html documentation, run the following command:
     </para>
@@ -155 +159 @@
 
     <para>
-      <option>--with-libevent</option>: This switch enables libevent support
+      <option>--with-libevent</option>: This option enables libevent support
       allowing use of large outgoing port ranges.
     </para>
 
     <para>
-      <option>--with-pyunbound</option>: This switch enables building of the Python
+      <option>--with-pyunbound</option>: This option enables building of the Python
       bindings.
     </para>
@@ -211 +215 @@
 
       <para>
-        When <application>Unbound</application> is installed, some packages
-        may fail to build if <filename>/etc/unbound/root.key</filename> is
-        not present. It can be created by running the following command as
-        the <systemitem class="username">root</systemitem> user:
+        When <application>Unbound</application> is installed, some package
+        builds fail if the file <filename>/etc/unbound/root.key</filename> is
+        not found. This file is created by running the boot script (install
+        instructions below).  Alternatively, it can be created by running the
+        following command as the <systemitem class="username">root</systemitem>
+        user:
       </para>
 
@@ -255 +261 @@
         </seg>
         <seg>
-          libunbound.so and
+          libunbound.so and (optional)
           /usr/lib/python&python2-majorver;/site-packages/_unbound.so
         </seg>

server/other/xinetd.xml

@@ -35 +35 @@
     daemon, a secure replacement for <command>inetd</command>.</para>
 
-    &lfs77_checked;
+    &lfs78_checked;
 
     <bridgehead renderas="sect3">Package Information</bridgehead>
@@ -388 +388 @@
       <para>The format of the <filename>/etc/xinetd.conf</filename> is
       documented in the <filename>xinetd.conf.5</filename> man page.
-      <!-- 13-12-12 the http://www.xinetd.org is broken 
+      <!-- 13-12-12 the http://www.xinetd.org is broken
       Further
       information can be found at <ulink url="http://www.xinetd.org"/>.