Changeset 8ba08b56 for postlfs

Timestamp:

02/19/2014 08:16:20 PM (10 years ago)

Author:

Fernando de Oliveira <fernando@…>

Branches:

10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 7.10, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal

Children:

6392ac9

Parents:

57cd9b8b

Message:

Chapter 4 patch attachment. Thanks to Armin K.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@12739 af4574ff-66df-0310-9fd7-8a98e5e911e0

Location:

postlfs/security

Files:

• cyrus-sasl.xml (modified) (3 diffs)
• mitkrb.xml (modified) (1 diff)
• openssh.xml (modified) (5 diffs)
• stunnel.xml (modified) (6 diffs)

postlfs/security/cyrus-sasl.xml

@@ -40 +40 @@
     </para>
 
-    &lfs74_checked;
+    &lfs75_checked;
 
     <bridgehead renderas="sect3">Package Information</bridgehead>
@@ -119 +119 @@
     <title>Installation of Cyrus SASL</title>
 
+    <note>
+      <para>
+        This package does not support parallel build.
+      </para>
+    </note>
+
     <para>
       Install <application>Cyrus SASL</application> by
@@ -133 +139 @@
             --enable-auth-sasldb \
             --with-dbpath=/var/lib/sasl/sasldb2 \
-            --with-saslauthd=/var/run/saslauthd \
-            CFLAGS=-fPIC
+            --with-saslauthd=/var/run/saslauthd &amp;&amp;
 make</userinput></screen>
 

postlfs/security/mitkrb.xml

@@ -39 +39 @@
     </para>
 
-    &lfs74_checked;
+    &lfs75_checked;
 
     <bridgehead renderas="sect3">Package Information</bridgehead>

postlfs/security/openssh.xml

@@ -6 +6 @@
 
   <!ENTITY openssh-download-http
-    "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-&openssh-version;.tar.gz">
+           "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-&openssh-version;.tar.gz">
   <!ENTITY openssh-download-ftp
-    "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-&openssh-version;.tar.gz">
+           "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-&openssh-version;.tar.gz">
   <!ENTITY openssh-md5sum        "a084e7272b8cbd25afe0f5dce4802fef">
   <!ENTITY openssh-size          "1.3 MB">
@@ -33 +33 @@
     <title>Introduction to OpenSSH</title>
 
-  <para>
-    The <application>OpenSSH</application> package contains
-    <command>ssh</command> clients and the <command>sshd</command> daemon. This
-    is useful for encrypting authentication and subsequent traffic over a
-    network. The <command>ssh</command> and <command>scp</command> commands are
-    secure implementions of <command>telnet</command> and <command>rcp</command>
-    respectively.
-  </para>
-
-  &lfs75_checked;
+    <para>
+      The <application>OpenSSH</application> package contains
+      <command>ssh</command> clients and the <command>sshd</command> daemon. This
+      is useful for encrypting authentication and subsequent traffic over a
+      network. The <command>ssh</command> and <command>scp</command> commands are
+      secure implementions of <command>telnet</command> and <command>rcp</command>
+      respectively.
+    </para>
+
+    &lfs75_checked;
 
     <bridgehead renderas="sect3">Package Information</bridgehead>
@@ -101 +101 @@
 
     <para condition="html" role="usernotes">
-        User Notes: <ulink url='&blfs-wiki;/OpenSSH'/>
+        User Notes: <ulink url="&blfs-wiki;/OpenSSH"/>
     </para>
   </sect2>
@@ -130 +130 @@
 <screen><userinput>./configure --prefix=/usr                     \
             --sysconfdir=/etc/ssh             \
-            --datadir=/usr/share/sshd         \
             --with-md5-passwords              \
             --with-privsep-path=/var/lib/sshd &amp;&amp;
@@ -183 +182 @@
       configuration files from being installed in
       <filename class="directory">/usr/etc</filename>.
-    </para>
-
-    <para>
-      <parameter>--datadir=/usr/share/sshd</parameter>: This switch puts the
-      Ssh.bin file (used for SmartCard authentication) in
-      <filename class="directory">/usr/share/sshd</filename>.
     </para>
 

postlfs/security/stunnel.xml

@@ -39 +39 @@
     to the server package source code.</para>
 
-    &lfs74_checked;
+    &lfs75_checked;
 
     <bridgehead renderas="sect3">Package Information</bridgehead>
@@ -98 +98 @@
       created a signed SSL Certificate you wish to use, copy it to
       <filename>/etc/stunnel/stunnel.pem</filename> before starting the build
-      (ensure only <systemitem class='username'>root</systemitem> has read and
+      (ensure only <systemitem class="username">root</systemitem> has read and
       write access), otherwise you will be
       prompted to create one during the installation process. The
-      <filename class='extension'>.pem</filename> file must be formatted as
+      <filename class="extension">.pem</filename> file must be formatted as
       shown below:</para>
 
@@ -121 +121 @@
             --sysconfdir=/etc \
             --localstatedir=/var \
-            --disable-libwrap &amp;&amp;
+            --disable-fips &amp;&amp;
 make</userinput></screen>
 
@@ -135 +135 @@
     <title>Command Explanations</title>
 
-    <para><parameter>--sysconfdir=/etc</parameter>: This parameter forces
-    the configuration directory to <filename class='directory'>/etc</filename>
-    instead of <filename class='directory'>/usr/etc</filename>.</para>
-
-    <para><parameter>--localstatedir=/var</parameter>: This parameter
-    sets the installation to use
-    <filename class='directory'>/var/lib/stunnel</filename> instead of
-    creating and using
-    <filename class='directory'>/usr/var/stunnel</filename>.</para>
-
-    <para><parameter>--disable-libwrap</parameter>: This parameter is required
-    if you don't have <application>tcpwrappers</application> installed. Remove
-    the parameter if <application>tcpwrappers</application> is installed.</para>
+    <para><parameter>--disable-fips</parameter>: This switch disables FIPS support
+    which will cause <application>Stunnel</application> to fail to start if
+    it is enabled.</para>
 
     <para><command>make docdir=... install</command>: This command installs the
@@ -153 +143 @@
     naming conventions and, if you did not copy an
     <filename>stunnel.pem</filename> file to the
-    <filename class='directory'>/etc/stunnel</filename> directory, prompts you
+    <filename class="directory">/etc/stunnel</filename> directory, prompts you
     for the necessary information to create one. Ensure you reply to the</para>
 
@@ -182 +172 @@
       <para>As the <systemitem class="username">root</systemitem> user,
       create the directory used for the
-      <filename class='extension'>.pid</filename> file that is created
+      <filename class="extension">.pid</filename> file that is created
       when the <application>stunnel</application> daemon starts:</para>
 
-<screen role="root"><userinput>install -v -m750 -o stunnel -g stunnel -d /var/lib/stunnel/run</userinput></screen>
+<screen role="root"><userinput>install -v -m750 -o stunnel -g stunnel -d /var/lib/stunnel/run &amp;&amp;
+chown stunnel:stunnel /var/lib/stunnel</userinput></screen>
 
       <para>Next, create a basic <filename>/etc/stunnel/stunnel.conf</filename>