Changeset 7edfe43


Ignore:
Timestamp:
07/20/2014 12:00:10 AM (10 years ago)
Author:
Krejzi <krejzi@…>
Branches:
systemd-11177
Children:
bdbc765b
Parents:
f81638e
Message:

Begin merging Christophers work into systemd branch part 2.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/branches/systemd@13488 af4574ff-66df-0310-9fd7-8a98e5e911e0

Location:
postlfs/security
Files:
1 edited
5 moved

Legend:

Unmodified
Added
Removed

  • postlfs/security/cyrus-sasl-systemd.xml

    rf81638e r7edfe43  
    283283
    284284    <sect3 id="cyrus-sasl-init">
    285       <title>Init Script</title>
     285      <title>Systemd Unit</title>
    286286
    287287      <para>
    288288        If you need to run the <command>saslauthd</command> daemon at system
    289         startup, install the <filename>/etc/rc.d/init.d/saslauthd</filename>
    290         init script included in the <xref linkend="bootscripts"/>
    291         package using the following command:
     289        startup, install the systemd unit included in the
     290        <xref linkend="bootscripts"/> package using the following command:
    292291      </para>
    293292
     
    300299      <note>
    301300        <para>
    302           You'll need to modify /etc/sysconfig/saslauthd and replace the
    303           <option><replaceable>AUTHMECH</replaceable></option> parameter
    304           with your desired authentication mechanism.
     301          The default authentication method is "shadow". The
     302          <filename>/etc/default/saslauthd</filename>
     303          file needs to be modified for anything else.
    305304        </para>
    306305      </note>

  • postlfs/security/mitkrb-systemd.xml

    rf81638e r7edfe43  
    464464
    465465    <sect3 id="mitkrb-init">
    466       <title>Init Script</title>
     466      <title>Systemd Units</title>
    467467
    468468      <para>
    469469        If you want to start <application>Kerberos</application> services
    470         at boot, install the <filename>/etc/rc.d/init.d/krb5</filename> init
    471         script included in the <xref linkend="bootscripts"/> package using
    472         the following command:
     470        at boot, install the systemd units included in the
     471        <xref linkend="bootscripts"/> package using the following command:
    473472      </para>
    474473

  • postlfs/security/openssh-systemd.xml

    rf81638e r7edfe43  
    302302
    303303    <sect3  id="openssh-init">
    304       <title>Boot Script</title>
    305 
    306       <para>
    307         To start the SSH server at system boot, install the
    308       <filename>/etc/rc.d/init.d/sshd</filename> init script included
    309       in the <xref linkend="bootscripts"/> package.
    310         </para>
     304      <title>Systemd Units</title>
     305
     306      <para>
     307        To start the SSH server at system boot, install the systemd
     308        units included in the <xref linkend="bootscripts"/> package.
     309      </para>
    311310
    312311      <indexterm zone="openssh openssh-init">
     
    315314
    316315<screen role="root"><userinput>make install-sshd</userinput></screen>
     316
     317      <note>
     318        <para>
     319          Note that this package comes with two types of units: A service file and a socket file.
     320          The service file will start sshd daemon once at boot and it will keep running until the
     321          system shuts down. The socket file will make systemd listen to sshd port (Default 22, needs
     322          to be edited for anything else) and will start sshd daemon when something tries to connect
     323          to that port and stop the daemon when the connection is terminated. This is
     324          called socket activation.
     325
     326          By default, the first method is used - sshd daemon is started at boot and stopped at shutdown.
     327          If the socket method is desired, you need to run as the
     328          <systemitem class="username">root</systemitem> user:
     329
     330<screen role="root"><userinput>systemctl stop sshd &amp;&amp;
     331systemctl disable sshd &amp;&amp;
     332systemctl enable sshd.socket &amp;&amp;
     333systemctl start sshd.socket</userinput></screen>
     334        </para>
     335      </note>
     336
    317337    </sect3>
    318338  </sect2>

  • postlfs/security/polkit-systemd.xml

    rf81638e r7edfe43  
    8181    </para>
    8282
     83    <bridgehead renderas="sect4">Recommended</bridgehead
     84    <para role="recommended">
     85      <xref linkend="linux-pam"/>
     86    </para>
     87
     88    <note>
     89      <para>
     90        Since <command>systemd-logind</command> uses PAM to register user
     91        sessions, it is a good idea to build  <application>Polkit</application>
     92        with PAM support so <command>systemd-logind</command> can track
     93        <application>Polkit</application> sessions.
     94      </para>
     95    </note>
     96
    8397    <bridgehead renderas="sect4">Optional (Required if building GNOME)</bridgehead>
    8498    <para role="optional">
     
    90104      <xref linkend="DocBook"/>,
    91105      <xref linkend="docbook-xsl"/>,
    92       <xref linkend="gtk-doc"/>,
    93       <xref linkend="libxslt"/> and
    94       <xref linkend="linux-pam"/>
     106      <xref linkend="gtk-doc"/>, and
     107      <xref linkend="libxslt"/>
     108    </para>
     109
     110    <bridgehead renderas="sect4">Required Runtime Dependencies</bridgehead>
     111    <para role="required">
     112      <xref linkend="systemd"/> (for Logind)
    95113    </para>
    96114
     
    132150            --sysconfdir=/etc            \
    133151            --localstatedir=/var         \
    134             --disable-static             \
    135             --enable-libsystemd-login=no \
    136             --with-authfw=shadow         &amp;&amp;
     152            --disable-static &amp;&amp;
    137153make</userinput></screen>
    138154
     
    156172    <title>Command Explanations</title>
    157173
    158     <para>
    159       <parameter>--enable-libsystemd-login=no</parameter>: This parameter fixes
    160       building without <application>systemd</application>, which is not part
    161       of LFS/BLFS. If you use <application>systemd</application>,
    162       replace "no" by "yes".
    163     </para>
    164 
    165     <para>
    166       <parameter>--with-authfw=shadow</parameter>: This parameter configures the
    167       package to use the <application>Shadow</application> rather than the
    168       <application>Linux PAM</application> Authentication framework. Remove it
    169       if you would like to use <application>Linux PAM</application>.
    170     </para>
    171 
    172174    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
    173175      href="../../xincludes/static-libraries.xml"/>
     176
     177    <para>
     178      <option>--with-authfw=shadow</option>: This switch enables the
     179      package to use the <application>Shadow</application> rather than the
     180      <application>Linux PAM</application> Authentication framework. Use it
     181      if you have not installed <application>Linux PAM</application>.
     182    </para>
    174183
    175184    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"

  • postlfs/security/security.xml

    rf81638e r7edfe43  
    4444  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="cacerts.xml"/>
    4545  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="cracklib.xml"/>
    46   <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="cyrus-sasl.xml"/>
     46  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="cyrus-sasl-systemd.xml"/>
    4747  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="gnupg2.xml"/>
    4848  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="gnutls.xml"/>
     
    5353  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="libcap.xml"/>
    5454  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="linux-pam.xml"/>
    55   <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="mitkrb.xml"/>
     55  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="mitkrb-systemd.xml"/>
    5656  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="nettle.xml"/>
    5757  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="nss.xml"/>
    58   <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="openssh.xml"/>
     58  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="openssh-systemd.xml"/>
    5959  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="openssl.xml"/>
    6060  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="p11-kit.xml"/>
    61   <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="polkit.xml"/>
     61  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="polkit-systemd.xml"/>
    6262  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="shadow.xml"/>
    6363  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="ssh-askpass.xml"/>
    64   <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="stunnel.xml"/>
     64  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="stunnel-systemd.xml"/>
    6565  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="sudo.xml"/>
    6666  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="tripwire.xml"/>

  • postlfs/security/stunnel-systemd.xml

    rf81638e r7edfe43  
    114114    </note>
    115115
     116    <para>
     117      Fix the bundled systemd unit so it does not use a deprecated dependency:
     118    </para>
     119
     120<screen><userinput>sed -i /syslog.target/d tools/stunnel.service</userinput></screen>
     121
    116122    <para>Install <application>stunnel</application> by running the following
    117123    commands:</para>
     
    127133
    128134<screen role="root"><userinput>make docdir=/usr/share/doc/stunnel-&stunnel-version; install</userinput></screen>
     135
     136    <para>
     137      Install the systemd unit by running the following command as the
     138      <systemitem class="username">root</systemitem> user:
     139    </para>
     140
     141<screen role="root"><userinput>install -v -m644 tools/stunnel.service /lib/systemd/system/stunnel.service</userinput></screen>
    129142
    130143    <para>To create the <filename>stunnel.pem</filename> in the
     
    229242
    230243    <sect3  id="stunnel-init">
    231       <title>Boot Script</title>
     244      <title>Systemd Unit</title>
    232245
    233246      <para>To automatically start the <command>stunnel</command> daemon
    234       when the system is rebooted, install the
    235       <filename>/etc/rc.d/init.d/stunnel</filename> bootscript from the
    236       <xref linkend="bootscripts"/> package.</para>
     247      when the system is rebooted, enable the previously installed
     248      systemd unit by running the following command as the
     249      <systemitem class="username">root</systemitem> user:</para>
    237250
    238251      <indexterm zone="stunnel stunnel-init">
     
    240253      </indexterm>
    241254
    242 <screen role="root"><userinput>make install-stunnel</userinput></screen>
     255<screen role="root"><userinput>systemctl enable stunnel</userinput></screen>
    243256
    244257    </sect3>
Note: See TracChangeset for help on using the changeset viewer.