On 02/19/2014 07:01 PM, Armin K. wrote:
> FYI, I'll be building anything that has an init script in blfs in order
> to provide the same for systemd, and doing so I can correct something
> and/or mark them as checked.
>
Chapter 4 patch in attachment
--
Note: My last name is not Krejzi.
Index: postlfs/security/cyrus-sasl.xml
===================================================================
--- postlfs/security/cyrus-sasl.xml (revision 12738)
+++ postlfs/security/cyrus-sasl.xml (working copy)
@@ -39,7 +39,7 @@
protocol and the connection.
</para>
- &lfs74_checked;
+ &lfs75_checked;
<bridgehead renderas="sect3">Package Information</bridgehead>
<itemizedlist spacing="compact">
@@ -118,6 +118,12 @@
<sect2 role="installation">
<title>Installation of Cyrus SASL</title>
+ <note>
+ <para>
+ This package does not support parallel build.
+ </para>
+ </note>
+
<para>
Install <application>Cyrus SASL</application> by
running the following commands:
@@ -132,8 +138,7 @@
--sysconfdir=/etc \
--enable-auth-sasldb \
--with-dbpath=/var/lib/sasl/sasldb2 \
- --with-saslauthd=/var/run/saslauthd \
- CFLAGS=-fPIC
+ --with-saslauthd=/var/run/saslauthd &&
make</userinput></screen>
<para>
Index: postlfs/security/mitkrb.xml
===================================================================
--- postlfs/security/mitkrb.xml (revision 12738)
+++ postlfs/security/mitkrb.xml (working copy)
@@ -38,7 +38,7 @@
networks or the Internet.
</para>
- &lfs74_checked;
+ &lfs75_checked;
<bridgehead renderas="sect3">Package Information</bridgehead>
<itemizedlist spacing="compact">
Index: postlfs/security/openssh.xml
===================================================================
--- postlfs/security/openssh.xml (revision 12738)
+++ postlfs/security/openssh.xml (working copy)
@@ -5,9 +5,9 @@
%general-entities;
<!ENTITY openssh-download-http
- "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-&openssh-version;.tar.gz";>
+ "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-&openssh-version;.tar.gz";>
<!ENTITY openssh-download-ftp
- "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-&openssh-version;.tar.gz";>
+ "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-&openssh-version;.tar.gz";>
<!ENTITY openssh-md5sum "a084e7272b8cbd25afe0f5dce4802fef">
<!ENTITY openssh-size "1.3 MB">
<!ENTITY openssh-buildsize "32 MB (additional 2 MB if running the tests)">
@@ -32,16 +32,16 @@
<sect2 role="package">
<title>Introduction to OpenSSH</title>
- <para>
- The <application>OpenSSH</application> package contains
- <command>ssh</command> clients and the <command>sshd</command> daemon. This
- is useful for encrypting authentication and subsequent traffic over a
- network. The <command>ssh</command> and <command>scp</command> commands are
- secure implementions of <command>telnet</command> and <command>rcp</command>
- respectively.
- </para>
+ <para>
+ The <application>OpenSSH</application> package contains
+ <command>ssh</command> clients and the <command>sshd</command> daemon. This
+ is useful for encrypting authentication and subsequent traffic over a
+ network. The <command>ssh</command> and <command>scp</command> commands are
+ secure implementions of <command>telnet</command> and <command>rcp</command>
+ respectively.
+ </para>
- &lfs75_checked;
+ &lfs75_checked;
<bridgehead renderas="sect3">Package Information</bridgehead>
<itemizedlist spacing="compact">
@@ -100,7 +100,7 @@
</para>
<para condition="html" role="usernotes">
- User Notes: <ulink url='&blfs-wiki;/OpenSSH'/>
+ User Notes: <ulink url="&blfs-wiki;/OpenSSH"/>
</para>
</sect2>
@@ -129,7 +129,6 @@
<screen><userinput>./configure --prefix=/usr \
--sysconfdir=/etc/ssh \
- --datadir=/usr/share/sshd \
--with-md5-passwords \
--with-privsep-path=/var/lib/sshd &&
make</userinput></screen>
@@ -185,12 +184,6 @@
</para>
<para>
- <parameter>--datadir=/usr/share/sshd</parameter>: This switch puts the
- Ssh.bin file (used for SmartCard authentication) in
- <filename class="directory">/usr/share/sshd</filename>.
- </para>
-
- <para>
<parameter>--with-md5-passwords</parameter>: This enables the use of MD5
passwords.
</para>
Index: postlfs/security/stunnel.xml
===================================================================
--- postlfs/security/stunnel.xml (revision 12738)
+++ postlfs/security/stunnel.xml (working copy)
@@ -38,7 +38,7 @@
SMTP and HTTP, and in tunneling PPP over network sockets without changes
to the server package source code.</para>
- &lfs74_checked;
+ &lfs75_checked;
<bridgehead renderas="sect3">Package Information</bridgehead>
<itemizedlist spacing="compact">
@@ -97,10 +97,10 @@
the <command>stunnel</command> daemon. If you own, or have already
created a signed SSL Certificate you wish to use, copy it to
<filename>/etc/stunnel/stunnel.pem</filename> before starting the build
- (ensure only <systemitem class='username'>root</systemitem> has read and
+ (ensure only <systemitem class="username">root</systemitem> has read and
write access), otherwise you will be
prompted to create one during the installation process. The
- <filename class='extension'>.pem</filename> file must be formatted as
+ <filename class="extension">.pem</filename> file must be formatted as
shown below:</para>
<screen><literal>-----BEGIN PRIVATE KEY-----
@@ -120,7 +120,7 @@
<screen><userinput>./configure --prefix=/usr \
--sysconfdir=/etc \
--localstatedir=/var \
- --disable-libwrap &&
+ --disable-fips &&
make</userinput></screen>
<para>This package does not come with a test suite.</para>
@@ -134,25 +134,15 @@
<sect2 role="commands">
<title>Command Explanations</title>
- <para><parameter>--sysconfdir=/etc</parameter>: This parameter forces
- the configuration directory to <filename class='directory'>/etc</filename>
- instead of <filename class='directory'>/usr/etc</filename>.</para>
+ <para><parameter>--disable-fips</parameter>: This switch disables FIPS support
+ which will cause <application>Stunnel</application> to fail to start if
+ it is enabled.</para>
- <para><parameter>--localstatedir=/var</parameter>: This parameter
- sets the installation to use
- <filename class='directory'>/var/lib/stunnel</filename> instead of
- creating and using
- <filename class='directory'>/usr/var/stunnel</filename>.</para>
-
- <para><parameter>--disable-libwrap</parameter>: This parameter is required
- if you don't have <application>tcpwrappers</application> installed. Remove
- the parameter if <application>tcpwrappers</application> is installed.</para>
-
<para><command>make docdir=... install</command>: This command installs the
package, changes the documentation installation directory to standard
naming conventions and, if you did not copy an
<filename>stunnel.pem</filename> file to the
- <filename class='directory'>/etc/stunnel</filename> directory, prompts you
+ <filename class="directory">/etc/stunnel</filename> directory, prompts you
for the necessary information to create one. Ensure you reply to the</para>
<screen><prompt>Common Name (FQDN of your server) [localhost]:</prompt></screen>
@@ -181,10 +171,11 @@
<para>As the <systemitem class="username">root</systemitem> user,
create the directory used for the
- <filename class='extension'>.pid</filename> file that is created
+ <filename class="extension">.pid</filename> file that is created
when the <application>stunnel</application> daemon starts:</para>
-<screen role="root"><userinput>install -v -m750 -o stunnel -g stunnel -d /var/lib/stunnel/run</userinput></screen>
+<screen role="root"><userinput>install -v -m750 -o stunnel -g stunnel -d /var/lib/stunnel/run &&
+chown stunnel:stunnel /var/lib/stunnel</userinput></screen>
<para>Next, create a basic <filename>/etc/stunnel/stunnel.conf</filename>
configuration file using the following commands as the
--
http://linuxfromscratch.org/mailman/listinfo/blfs-dev
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
