r1574 - in profiles/BLFS/trunk: . chapter03 chapter04 chapter23 config_standard config_standard/etc config_standard/etc/pam.d config_standard/etc/rc.d config_standard/etc/rc.d/init.d config_standard/packages misc wget

thomasp at linuxfromscratch.org thomasp at linuxfromscratch.org
Mon Nov 1 19:10:44 PST 2004


Author: thomasp
Date: 2004-11-01 20:10:42 -0700 (Mon, 01 Nov 2004)
New Revision: 1574

Added:
   profiles/BLFS/trunk/chapter04/cyrus-sasl.xml
   profiles/BLFS/trunk/chapter04/stunnel.xml
   profiles/BLFS/trunk/config_standard/etc/pam.d/
   profiles/BLFS/trunk/config_standard/etc/pam.d/chage
   profiles/BLFS/trunk/config_standard/etc/pam.d/login
   profiles/BLFS/trunk/config_standard/etc/pam.d/other
   profiles/BLFS/trunk/config_standard/etc/pam.d/passwd
   profiles/BLFS/trunk/config_standard/etc/pam.d/passwd-cracklib
   profiles/BLFS/trunk/config_standard/etc/pam.d/shadow
   profiles/BLFS/trunk/config_standard/etc/pam.d/su
   profiles/BLFS/trunk/config_standard/etc/pam.d/useradd
   profiles/BLFS/trunk/config_standard/etc/rc.d/
   profiles/BLFS/trunk/config_standard/etc/rc.d/init.d/
   profiles/BLFS/trunk/config_standard/etc/rc.d/init.d/firewall
   profiles/BLFS/trunk/config_standard/etc/rc.d/init.d/firewall.status
   profiles/BLFS/trunk/config_standard/etc/rc.d/init.d/firewall.stop
   profiles/BLFS/trunk/wget.blfs
Modified:
   profiles/BLFS/trunk/BLFS.xml
   profiles/BLFS/trunk/chapter03/inputrc.xml
   profiles/BLFS/trunk/chapter04/heimdal.xml
   profiles/BLFS/trunk/chapter04/iptables.xml
   profiles/BLFS/trunk/chapter04/linuxpam.xml
   profiles/BLFS/trunk/chapter04/mitkrb.xml
   profiles/BLFS/trunk/chapter04/shadow.xml
   profiles/BLFS/trunk/chapter23/db.xml
   profiles/BLFS/trunk/config_standard/config.ent
   profiles/BLFS/trunk/config_standard/general.ent
   profiles/BLFS/trunk/config_standard/packages/ch04.ent
   profiles/BLFS/trunk/misc/template.xml
   profiles/BLFS/trunk/wget/bootscripts.urls
   profiles/BLFS/trunk/wget/chapter04.urls
Log:
chapter 4 updates from svn-20041030, moved some config files into external files instead of textdump's for easier configuration

Modified: profiles/BLFS/trunk/BLFS.xml
===================================================================
--- profiles/BLFS/trunk/BLFS.xml	2004-10-30 03:12:31 UTC (rev 1573)
+++ profiles/BLFS/trunk/BLFS.xml	2004-11-02 03:10:42 UTC (rev 1574)
@@ -57,6 +57,8 @@
       <xi:include href="chapter04/tripwire.xml" />
       <xi:include href="chapter04/heimdal.xml" />
       <xi:include href="chapter04/mitkrb.xml" />
+      <xi:include href="chapter04/cyrus-sasl.xml"/>
+      <xi:include href="chapter04/stunnel.xml" />
     </stage>
     <stage name="Chapter 5 (Filesystems)">
       <xi:include href="chapter05/reiserfsprogs.xml" />

Modified: profiles/BLFS/trunk/chapter03/inputrc.xml
===================================================================
--- profiles/BLFS/trunk/chapter03/inputrc.xml	2004-10-30 03:12:31 UTC (rev 1573)
+++ profiles/BLFS/trunk/chapter03/inputrc.xml	2004-11-02 03:10:42 UTC (rev 1574)
@@ -3,9 +3,11 @@
 [
 <!ENTITY % general_entities SYSTEM "../config/general.ent">
 <!ENTITY % config_entities SYSTEM  "../config/config.ent">
+<!ENTITY % files SYSTEM "../config/files.ent">
 
 %general_entities;
 %config_entities;
+%files;
 
 ]>
 <alfs>

Added: profiles/BLFS/trunk/chapter04/cyrus-sasl.xml
===================================================================
--- profiles/BLFS/trunk/chapter04/cyrus-sasl.xml	2004-10-30 03:12:31 UTC (rev 1573)
+++ profiles/BLFS/trunk/chapter04/cyrus-sasl.xml	2004-11-02 03:10:42 UTC (rev 1574)
@@ -0,0 +1,111 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE alfs SYSTEM "../DTD/ALFS.dtd"
+[
+<!ENTITY % general_entities SYSTEM "../config/general.ent">
+<!ENTITY % package_entities SYSTEM "../config/packages/ch04.ent">
+<!ENTITY % config_entities SYSTEM  "../config/config.ent">
+
+%general_entities;
+%package_entities;
+%config_entities;
+
+<!ENTITY bootscripts-get SYSTEM "../config/bootscripts_get.ent">
+<!ENTITY bootscripts-clean SYSTEM "../config/bootscripts_clean.ent">
+
+]>
+<package name="cyrus-sasl" version="&cyrus-sasl-version;">
+  <packageinfo>
+    <utilizes>
+      <name>linuxpam</name>
+    </utilizes>
+    <utilizes>
+      <name>openssl</name>
+    </utilizes>
+    <utilizes>
+      <name>openldap</name>
+    </utilizes>
+    <utilizes>
+      <name>heimdal</name>
+    </utilizes>
+    <utilizes>
+      <name>j2sdk</name>
+    </utilizes>
+    <utilizes>
+      <name>mysql</name>
+    </utilizes>
+    <utilizes>
+      <name>postgresql</name>
+    </utilizes>
+    <utilizes>
+      <name>db</name>
+    </utilizes>
+    <utilizes>
+      <name>gdbm</name>
+    </utilizes>
+    <utilizes>
+      <name>courier</name>
+    </utilizes>
+  </packageinfo>
+  <stage name="Unpacking.">
+    <unpack>
+      <archive>&packages_dir;/&cyrus-sasl-package;</archive>
+      <destination>&build_dir;</destination>
+    </unpack>
+  </stage>
+  &bootscripts-get;
+  <stage name="Installing.">
+    <stageinfo>
+      <base>&build_dir;/&cyrus-sasl-directory;</base>
+    </stageinfo>
+    <configure>
+      <param>--prefix=/usr</param>
+      <param>--sysconfdir=/etc</param>
+      <param>--with-dbpath=/var/lib/sasl/sasldb2</param>
+      <param>--with-saslauthd=/var/run</param>
+    </configure>
+    <make />
+    <make>
+      <param>install</param>
+    </make>
+    <copy>
+      <source>saslauthd/saslauthd.mdoc</source>
+      <destination>/usr/share/man/man8/saslauthd.8</destination>
+    </copy>
+    <mkdir>
+      <option>parents</option>
+      <name>/usr/share/doc/sasl</name>
+    </mkdir>
+    <copy>
+      <source>doc/*.html</source>
+      <source>doc/*.txt</source>
+      <source>doc/*.fig</source>
+      <source>doc/ONEWS</source>
+      <source>doc/TODO</source>
+      <source>saslauthd/LDAP_SASLAUTHD</source>
+      <destination>/usr/share/doc/sasl</destination>
+    </copy>
+    <permissions mode="644">
+      <name>/usr/share/man/man8/saslauthd.8</name>
+      <name>/usr/share/doc/sasl/*</name>
+    </permissions>
+    <mkdir>
+      <option>parents</option>
+      <name>/var/lib/sasl</name>
+    </mkdir>
+    <permissions mode="700">
+      <name>/var/lib/sasl</name>
+    </permissions>
+  </stage>
+  <stage name="Installing bootscript">
+    <stageinfo>
+      <base>&build_dir;/&blfs-bootscripts-directory;</base>
+    </stageinfo>
+    <make>
+      <param>install-cyrus-sasl</param>
+    </make>
+  </stage>
+  &bootscripts-clean;
+  <stage name="Cleanup.">
+    <remove>&build_dir;/&cyrus-sasl-directory;</remove>
+  </stage>
+</package>

Modified: profiles/BLFS/trunk/chapter04/heimdal.xml
===================================================================
--- profiles/BLFS/trunk/chapter04/heimdal.xml	2004-10-30 03:12:31 UTC (rev 1573)
+++ profiles/BLFS/trunk/chapter04/heimdal.xml	2004-11-02 03:10:42 UTC (rev 1574)
@@ -23,9 +23,6 @@
       <name>db</name>
     </requires>
     <utilizes>
-      <name>readline</name>
-    </utilizes>
-    <utilizes>
       <name>linuxpam</name>
     </utilizes>
     <utilizes>
@@ -112,8 +109,6 @@
       <source>libroken.so.16</source>
       <source>libroken.so.16.0.3</source>
       <source>libcrypto.so.0.9.7</source>
-      <source>libcom_err.so.2</source>
-      <source>libcom_err.so.2.1</source>
       <source>libdb-4.2.so</source>
       <destination>/lib</destination>
     </move>
@@ -130,8 +125,6 @@
       <target>../../lib/libroken.so.16</target>
       <target>../../lib/libroken.so.16.0.3</target>
       <target>../../lib/libcrypto.so.0.9.7</target>
-      <target>../../lib/libcom_err.so.2</target>
-      <target>../../lib/libcom_err.so.2.1</target>
       <target>../../lib/libdb-4.2.so</target>
       <name>/usr/lib</name>
     </link>

Modified: profiles/BLFS/trunk/chapter04/iptables.xml
===================================================================
--- profiles/BLFS/trunk/chapter04/iptables.xml	2004-10-30 03:12:31 UTC (rev 1573)
+++ profiles/BLFS/trunk/chapter04/iptables.xml	2004-11-02 03:10:42 UTC (rev 1574)
@@ -4,10 +4,12 @@
 <!ENTITY % general_entities SYSTEM "../config/general.ent">
 <!ENTITY % package_entities SYSTEM "../config/packages/ch04.ent">
 <!ENTITY % config_entities SYSTEM  "../config/config.ent">
+<!ENTITY % files SYSTEM "../config/files.ent">
 
 %general_entities;
 %package_entities;
 %config_entities;
+%files;
 
 ]>
 <alfs>
@@ -37,86 +39,12 @@
     <stage name="Configuring">
       <!-- setup for personal firewall -->
       <!-- other setups are available in the book -->
-      <textdump base="/etc/rc.d/init.d">
-        <file>firewall</file>
-        <content>
-	  =#!/bin/sh
-	  =
-	  =# Begin $rc_base/init.d/firewall
-	  =
-	  =# Insert connection-tracking modules (not needed if built into the kernel).
-	  =modprobe ip_tables
-	  =modprobe iptable_filter
-	  =modprobe ip_conntrack
-	  =modprobe ip_conntrack_ftp
-	  =modprobe ipt_state
-	  =modprobe ipt_LOG
-	  =
-	  =# allow local-only connections
-	  =iptables -A INPUT -i lo -j ACCEPT
-	  =# free output on any interface to any ip for any service (equal to -P ACCEPT)
-	  =iptables -A OUTPUT -j ACCEPT
-	  =
-	  =# permit answers on already established connections
-	  =# and permit new connections related to established ones (eg active-ftp)
-	  =iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-	  =
-	  =# Log everything else: What's Windows' latest exploitable vulnerability?
-	  =iptables -A INPUT -j LOG --log-prefix "FIREWALL:INPUT "
-	  =
-	  =# set a sane policy: everything not accepted > /dev/null
-	  =iptables -P INPUT DROP =iptables -P FORWARD DROP =iptables -P OUTPUT DROP
-	  =
-	  =# be verbose on dynamic ip-addresses (not needed in case of static IP
-	  =echo 2 > /proc/sys/net/ipv4/ip_dynaddr
-	  =
-	  =# disable ExplicitCongestionNotification - too many routers are still ignorant
-	  =echo 0 > /proc/sys/net/ipv4/tcp_ecn
-	  =
-	  =# End $rc_base/init.d/firewall
-	</content>
-      </textdump>
-      <textdump base="/etc/rc.d/init.d">
-        <file>firewall.status</file>
-        <content>
-	  =#!/bin/sh
-	  =
-	  =# Begin $rc_base/init.d/firewall.status
-	  =
-	  =echo "iptables.mangling:"
-	  =iptables -t mangle -v -L -n --line-numbers
-	  =
-	  =echo
-	  =echo "iptables.nat:"
-	  =iptables -t nat -v -L -n --line-numbers
-	  =
-	  =echo
-	  =echo "iptables.filter:"
-	  =iptables -v -L -n --line-numbers
-	</content>
-      </textdump>
-      <textdump base="/etc/rc.d/init.d">
-        <file>firewall.stop</file>
-        <content>
-	  =#!/bin/sh
-	  =
-	  =# Being $rc_base/init.d/firewall.stop
-	  =
-	  =# deactivate IP-Forwarding
-	  =echo 0 > /proc/sys/net/ipv4/ip_forward
-	  =
-	  =iptables -Z =iptables -F
-	  =iptables -t nat -F PREROUTING
-	  =iptables -t nat -F OUTPUT
-	  =iptables -t nat -F POSTROUTING
-	  =iptables -t mangle -F PREROUTING
-	  =iptables -t mangle -F OUTPUT
-	  =iptables -X
-	  =iptables -P INPUT ACCEPT
-	  =iptables -P FORWARD ACCEPT
-	  =iptables -P OUTPUT ACCEPT
-	</content>
-      </textdump>
+      <copy base="&blfs-config;/etc/rc.d/init.d">
+	<source>firewall</source>
+	<source>firewall.status</source>
+	<source>firewall.stop</source>
+	<destination>/etc/rc.d/init.d</destination>
+      </copy> 
     </stage>
     <stage name="Cleanup">
       <remove>&build_dir;/&iptables-directory;</remove>

Modified: profiles/BLFS/trunk/chapter04/linuxpam.xml
===================================================================
--- profiles/BLFS/trunk/chapter04/linuxpam.xml	2004-10-30 03:12:31 UTC (rev 1573)
+++ profiles/BLFS/trunk/chapter04/linuxpam.xml	2004-11-02 03:10:42 UTC (rev 1574)
@@ -48,10 +48,10 @@
       <make>
         <param>install</param>
       </make>
-      <move>
-        <source>/lib/libpam.a</source>
-        <source>/lib/libpam_misc.a</source>
-        <source>/lib/libpamc.a</source>
+      <move base="/lib">
+        <source>libpam.a</source>
+        <source>libpam_misc.a</source>
+        <source>libpamc.a</source>
         <destination>/usr/lib</destination>
       </move>
       <link>

Modified: profiles/BLFS/trunk/chapter04/mitkrb.xml
===================================================================
--- profiles/BLFS/trunk/chapter04/mitkrb.xml	2004-10-30 03:12:31 UTC (rev 1573)
+++ profiles/BLFS/trunk/chapter04/mitkrb.xml	2004-11-02 03:10:42 UTC (rev 1574)
@@ -39,16 +39,15 @@
   &bootscripts-get;
   <stage name="Installing.">
     <stageinfo>
-      <base>&build_dir;/&mitkrb-directory;</base>
+      <base>&build_dir;/&mitkrb-directory;/src</base>
     </stageinfo>
     <configure>
       <param>--prefix=/usr</param>
       <param>--sysconfdir=/etc</param>
-      <param>--datadir=/var/lib</param>
-      <param>--libexecdir=/usr/sbin</param>
-      <param>--enable-dns</param>   
+      <param>--localstatedir=/var/lib</param>
+      <param>--enable-dns</param>
       <param>--enable-shared</param>
-      <param>--mandir=/usr/share/man</param>
+      <param>--mandir=/usr/share/man</param>  
     </configure>
     <make />
     <make>

Modified: profiles/BLFS/trunk/chapter04/shadow.xml
===================================================================
--- profiles/BLFS/trunk/chapter04/shadow.xml	2004-10-30 03:12:31 UTC (rev 1573)
+++ profiles/BLFS/trunk/chapter04/shadow.xml	2004-11-02 03:10:42 UTC (rev 1574)
@@ -4,10 +4,12 @@
 <!ENTITY % general_entities SYSTEM "../config/general.ent">
 <!ENTITY % package_entities SYSTEM "../config/packages/ch04.ent">
 <!ENTITY % config_entities SYSTEM  "../config/config.ent">
+<!ENTITY % files SYSTEM "../config/files.ent">
 
 %general_entities;
 %package_entities;
 %config_entities;
+%files;
 
 ]>
 <alfs>
@@ -48,6 +50,11 @@
         <file>config.h</file>
         <content>=#define HAVE_SETLOCALE 1</content>
       </textdump>
+      <search_replace>
+	<file>libmisc/xmalloc.c</file>
+	<find>extern char *malloc ();</find>
+	<replace>/* extern char *malloc (); */</replace>
+      </search_replace>
       <make />
       <make>
         <param>install</param>
@@ -61,6 +68,11 @@
         <destination>/usr/sbin</destination>
       </move>
       <move>
+	<source>/usr/bin/passwd</source>
+	<destination>/bin</destination>
+      </move>
+      <remove>/bin/groups</remove>
+      <move>
         <source>/usr/lib/lib{misc,shadow}.so.0*</source>
         <destination>/lib</destination>
       </move>
@@ -79,108 +91,22 @@
       <stageinfo>
         <base>/etc</base>
       </stageinfo>
-      <textdump>
-        <file>pam.d/login</file>
-        <content>
-	  =# Begin /etc/pam.d/login
-	  =
-	  =auth		requisite 	pam_securetty.so
-	  =auth 	requisite 	pam_nologin.so
-	  =auth 	required 	pam_env.so
-	  =auth 	required 	pam_unix.so
-	  =account 	required 	pam_access.so
-	  =account 	required 	pam_unix.so
-	  =session 	required 	pam_motd.so
-	  =session 	required 	pam_limits.so
-	  =session 	optional 	pam_mail.so	dir=/var/mail standard
-	  =session 	optional 	pam_lastlog.so
-	  =session 	required 	pam_unix.so
-	  =
-	  =# End /etc/pam.d/login
-	</content>
-      </textdump>
-      <textdump>
-        <file>pam.d/passwd</file>
-        <content>
-	  =# Begin /etc/pam.d/passwd
-	  =
-	  =password 	required 	pam_unix.so 	md5 shadow
-	  =
-	  =# End /etc/pam.d/passwd
-	</content>
-      </textdump>
-      <textdump>
-        <file>pam.d/shadow</file>
-        <content>
-	  =# Begin /etc/pam.d/shadow
-	  =
-	  =auth 	sufficient 	pam_rootok.so
-	  =auth 	required 	pam_unix.so
-	  =account 	required 	pam_unix.so
-	  =session 	required 	pam_unix.so
-	  =password 	required 	pam_permit.so
-	  =
-	  =# End /etc/pam.d/shadow
-	</content>
-      </textdump>
-      <textdump>
-        <file>pam.d/su</file>
-        <content>
-	  =# Begin /etc/pam.d/su
-	  =
-	  =auth 	sufficient 	pam_rootok.so
-	  =auth 	required 	pam_unix.so
-	  =account 	required 	pam_unix.so
-	  =session 	required 	pam_unix.so
-	  =
-	  =# End /etc/pam.d/su</content>
-      </textdump>
-      <textdump>
-        <file>pam.d/useradd</file>
-        <content>
-	  =# Begin /etc/pam.d/useradd
-	  =
-	  =auth 	sufficient 	pam_rootok.so
-	  =auth 	required 	pam_unix.so
-	  =account 	required 	pam_unix.so
-	  =session 	required 	pam_unix.so
-	  =password	required 	pam_permit.so
-	  =
-	  =# End /etc/pam.d/useradd
-	</content>
-      </textdump>
-      <textdump>
-        <file>pam.d/chage</file>
-        <content>
-	  =# Begin /etc/pam.d/chage
-	  =
-	  =auth 	sufficient 	pam_rootok.so
-	  =auth 	required 	pam_unix.so
-	  =account 	required 	pam_unix.so
-	  =session 	required 	pam_unix.so
-	  =password 	required 	pam_permit.so
-	  =
-	  =# End /etc/pam.d/chage
-	</content>
-      </textdump>
+      <copy base="&blfs-config;/etc/pam.d">
+	<source>login</source>
+	<source>passwd</source>
+	<source>shadow</source>
+	<source>su</source>
+	<source>useradd</source>
+	<source>chage</source>
+	<destination>/etc/pam.d</destination>
+      </copy>
+      <!-- if you have cracklib installed uncomment the following -->
       <!--
-  uncomment after checking PAM for proper configuration
-      <textdump>
-	<file>pam.d/other</file>
-	<content>
-	  =# Begin /etc/pam.d/other
-	  =
-	  =auth        	required        pam_deny.so
-	  =auth        	required        pam_warn.so
-	  =account     	required        pam_deny.so
-	  =session     	required        pam_deny.so
-	  =password    	required        pam_deny.so
-	  =password    	required        pam_warn.so
-	  =
-	  =# End /etc/pam.d/other
-	</content>
-      </textdump>
--->
+      <copy base="&blfs-config;/etc/pam.d">
+	<source>passwd-cracklib</source>
+	<destination>/etc/pam.d/passwd</destination>
+      </copy>
+      -->
       <search_replace>
         <file>login.defs</file>
         <find>LASTLOG_ENAB</find>
@@ -236,6 +162,29 @@
         <find>ENVIRON_FILE</find>
         <replace>#ENVIRON_FILE</replace>
       </search_replace>
+      <!-- if you have cracklib installed uncomment the following -->
+      <!--
+      <search_replace>
+        <file>login.defs</file>
+        <find>OBSCURE_CHECKS_ENAB</find>
+        <replace>#OBSCURE_CHECKS_ENAB</replace>
+      </search_replace>
+      <search_replace>
+        <file>login.defs</file>
+        <find>CRACKLIB_DICTPATH</find>
+        <replace>#CRACKLIB_DICPATH</replace>
+      </search_replace>
+      <search_replace>
+        <file>login.defs</file>
+        <find>PASS_CHANGE_TRIES</find>
+        <replace>#PASS_CHANGE_TRIES</replace>
+      </search_replace>
+      <search_replace>
+        <file>login.defs</file>
+        <find>PASS_ALWAYS_WARN</find>
+        <replace>#PASS_ALWAYS_WARN</replace>
+      </search_replace>
+      -->
     </stage>
     <stage name="Cleanup">
       <remove>&build_dir;/&shadow-directory;</remove>

Added: profiles/BLFS/trunk/chapter04/stunnel.xml
===================================================================
--- profiles/BLFS/trunk/chapter04/stunnel.xml	2004-10-30 03:12:31 UTC (rev 1573)
+++ profiles/BLFS/trunk/chapter04/stunnel.xml	2004-11-02 03:10:42 UTC (rev 1574)
@@ -0,0 +1,104 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE alfs SYSTEM "../DTD/ALFS.dtd"
+[
+<!ENTITY % general_entities SYSTEM "../config/general.ent">
+<!ENTITY % package_entities SYSTEM "../config/packages/ch04.ent">
+<!ENTITY % config_entities SYSTEM  "../config/config.ent">
+
+%general_entities;
+%package_entities;
+%config_entities;
+
+<!ENTITY bootscripts-get SYSTEM "../config/bootscripts_get.ent">
+<!ENTITY bootscripts-clean SYSTEM "../config/bootscripts_clean.ent">
+
+]>
+<package name="stunnel" version="&stunnel-version;">
+  <packageinfo>
+    <requires>
+      <name>openssl</name>
+    </requires>
+    <utilizes>
+      <name>tcpwrappers</name>
+    </utilizes>
+  </packageinfo>
+  <stage name="Unpacking.">
+    <unpack>
+      <archive>&packages_dir;/&stunnel-package;</archive>
+      <destination>&build_dir;</destination>
+    </unpack>
+  </stage>
+  &bootscripts-get;
+  <stage name="Creating user and group">
+      <execute command="getent group stunnel > /dev/null || groupadd">
+        <param>stunnel</param>
+      </execute>
+      <execute command="getent passwd stunnel > /dev/null || useradd">
+        <param>-c "Stunnel Daemon"</param>
+        <param>-d /var/lib/stunnel</param>
+	<param>-g stunnel</param>
+	<param>-s /bin/false</param>
+	<param>stunnel</param>
+      </execute>
+    </stage>
+  <stage name="Installing.">
+    <stageinfo>
+      <base>&build_dir;/&stunnel-directory;</base>
+    </stageinfo>
+    <mkdir>
+      <option>parents</option>
+      <name>/var/lib/stunnel/run</name>
+    </mkdir>
+    <permissions mode="700">
+      <name>/var/lib/stunnel/run</name>
+    </permissions>
+    <ownership user="stunnel" group="stunnel">
+      <name>/var/lib/stunnel/run</name>
+    </ownership>
+    <textdump>
+      <file>stunnel_answers</file>
+      <content>
+      =&stunnel-country;
+      =&stunnel-state;
+      =&stunnel-city;
+      =&stunnel-org;
+      =&stunnel-orgunit;
+      =&stunnel-host;
+      </content>
+    </textdump>
+    <configure>
+      <param>--prefix=/usr</param>
+      <param>--sysconfdir=/etc</param>
+    </configure>
+    <make>
+      <param>< stunnel_answers</param>
+    </make>
+    <make>
+      <param>install</param>
+    </make>
+  </stage>
+  <stage name="Installing bootscript and configuration">
+    <stageinfo>
+      <base>&build_dir;/&blfs-bootscripts-directory;</base>
+    </stageinfo>
+    <make>
+      <param>install-stunnel</param>
+    </make>
+    <textdump base="/etc/stunnel">
+      <file>stunnel.conf</file>
+      <content>
+      =# File: /etc/stunnel/stunnel.conf
+      =
+      =pid = /run/stunnel.pid
+      =chroot = /var/lib/stunnel
+      =client = no
+      =setuid = stunnel
+      =setgid = stunnel
+      </content>
+    </textdump>
+  </stage>
+  &bootscripts-clean;
+  <stage name="Cleanup.">
+    <remove>&build_dir;/&stunnel-directory;</remove>
+  </stage>
+</package>

Modified: profiles/BLFS/trunk/chapter23/db.xml
===================================================================
--- profiles/BLFS/trunk/chapter23/db.xml	2004-10-30 03:12:31 UTC (rev 1573)
+++ profiles/BLFS/trunk/chapter23/db.xml	2004-11-02 03:10:42 UTC (rev 1574)
@@ -42,8 +42,11 @@
         <param>--enable-compat185</param>
         <param>--enable-cxx</param>
       </configure>
-      <make />
       <make>
+	<param>LIBSO_LIBS="-lpthread"</param>
+	<param>LIBXSO_LIBS="-lpthread"</param>
+      </make>
+      <make>
         <param>docdir=/usr/share/doc/db-&db-version;</param>
         <param>install</param>
       </make>

Modified: profiles/BLFS/trunk/config_standard/config.ent
===================================================================
--- profiles/BLFS/trunk/config_standard/config.ent	2004-10-30 03:12:31 UTC (rev 1573)
+++ profiles/BLFS/trunk/config_standard/config.ent	2004-11-02 03:10:42 UTC (rev 1574)
@@ -17,6 +17,14 @@
 <!ENTITY mitkrb-all-caps-domain "LFS.ORG">
 <!ENTITY mitkrb-hostname "belgarath.lfs.org">
 
+<!-- configuration for stunnel -->
+<!ENTITY stunnel-country "CA">
+<!ENTITY stunnel-state "Alberta">
+<!ENTITY stunnel-city "Calgary">
+<!ENTITY stunnel-org "Linux From Scratch">
+<!ENTITY stunnel-orgunit "ALFS">
+<!ENTITY stunnel-host "localhost">
+
 <!-- configuration for dhclient -->
 <!-- These two entities should be set to appropriate values to start and stop dhclient -->
 <!ENTITY dhclient-start-params "">

Added: profiles/BLFS/trunk/config_standard/etc/pam.d/chage
===================================================================
--- profiles/BLFS/trunk/config_standard/etc/pam.d/chage	2004-10-30 03:12:31 UTC (rev 1573)
+++ profiles/BLFS/trunk/config_standard/etc/pam.d/chage	2004-11-02 03:10:42 UTC (rev 1574)
@@ -0,0 +1,9 @@
+# Begin /etc/pam.d/chage
+
+auth        sufficient      pam_rootok.so
+auth        required        pam_unix.so
+account     required        pam_unix.so
+session     required        pam_unix.so
+password    required        pam_permit.so
+
+# End /etc/pam.d/chage

Added: profiles/BLFS/trunk/config_standard/etc/pam.d/login
===================================================================
--- profiles/BLFS/trunk/config_standard/etc/pam.d/login	2004-10-30 03:12:31 UTC (rev 1573)
+++ profiles/BLFS/trunk/config_standard/etc/pam.d/login	2004-11-02 03:10:42 UTC (rev 1574)
@@ -0,0 +1,15 @@
+# Begin /etc/pam.d/login
+
+auth        requisite      pam_securetty.so
+auth        requisite      pam_nologin.so
+auth        required       pam_env.so
+auth        required       pam_unix.so
+account     required       pam_access.so
+account     required       pam_unix.so
+session     required       pam_motd.so
+session     required       pam_limits.so
+session     optional       pam_mail.so     dir=/var/mail standard
+session     optional       pam_lastlog.so
+session     required       pam_unix.so
+
+# End /etc/pam.d/login

Added: profiles/BLFS/trunk/config_standard/etc/pam.d/other
===================================================================
--- profiles/BLFS/trunk/config_standard/etc/pam.d/other	2004-10-30 03:12:31 UTC (rev 1573)
+++ profiles/BLFS/trunk/config_standard/etc/pam.d/other	2004-11-02 03:10:42 UTC (rev 1574)
@@ -0,0 +1,10 @@
+# Begin /etc/pam.d/other
+
+auth        required        pam_deny.so
+auth        required        pam_warn.so
+account     required        pam_deny.so
+session     required        pam_deny.so
+password    required        pam_deny.so
+password    required        pam_warn.so
+
+# End /etc/pam.d/other

Added: profiles/BLFS/trunk/config_standard/etc/pam.d/passwd
===================================================================
--- profiles/BLFS/trunk/config_standard/etc/pam.d/passwd	2004-10-30 03:12:31 UTC (rev 1573)
+++ profiles/BLFS/trunk/config_standard/etc/pam.d/passwd	2004-11-02 03:10:42 UTC (rev 1574)
@@ -0,0 +1,5 @@
+# Begin /etc/pam.d/passwd
+
+password    required       pam_unix.so     md5 shadow 
+
+# End /etc/pam.d/passwd

Added: profiles/BLFS/trunk/config_standard/etc/pam.d/passwd-cracklib
===================================================================
--- profiles/BLFS/trunk/config_standard/etc/pam.d/passwd-cracklib	2004-10-30 03:12:31 UTC (rev 1573)
+++ profiles/BLFS/trunk/config_standard/etc/pam.d/passwd-cracklib	2004-11-02 03:10:42 UTC (rev 1574)
@@ -0,0 +1,7 @@
+# Begin /etc/pam.d/passwd
+
+password    required    pam_cracklib.so     \
+    retry=3  difok=8  minlen=5  dcredit=3  ocredit=3  ucredit=2  lcredit=2
+password    required    pam_unix.so     md5 shadow use_authtok
+
+# End /etc/pam.d/passwd

Added: profiles/BLFS/trunk/config_standard/etc/pam.d/shadow
===================================================================
--- profiles/BLFS/trunk/config_standard/etc/pam.d/shadow	2004-10-30 03:12:31 UTC (rev 1573)
+++ profiles/BLFS/trunk/config_standard/etc/pam.d/shadow	2004-11-02 03:10:42 UTC (rev 1574)
@@ -0,0 +1,9 @@
+# Begin /etc/pam.d/shadow
+
+auth        sufficient      pam_rootok.so
+auth        required        pam_unix.so
+account     required        pam_unix.so
+session     required        pam_unix.so
+password    required        pam_permit.so
+
+# End /etc/pam.d/shadow

Added: profiles/BLFS/trunk/config_standard/etc/pam.d/su
===================================================================
--- profiles/BLFS/trunk/config_standard/etc/pam.d/su	2004-10-30 03:12:31 UTC (rev 1573)
+++ profiles/BLFS/trunk/config_standard/etc/pam.d/su	2004-11-02 03:10:42 UTC (rev 1574)
@@ -0,0 +1,8 @@
+# Begin /etc/pam.d/su
+
+auth        sufficient      pam_rootok.so
+auth        required        pam_unix.so
+account     required        pam_unix.so
+session     required        pam_unix.so
+
+# End /etc/pam.d/su

Added: profiles/BLFS/trunk/config_standard/etc/pam.d/useradd
===================================================================
--- profiles/BLFS/trunk/config_standard/etc/pam.d/useradd	2004-10-30 03:12:31 UTC (rev 1573)
+++ profiles/BLFS/trunk/config_standard/etc/pam.d/useradd	2004-11-02 03:10:42 UTC (rev 1574)
@@ -0,0 +1,9 @@
+# Begin /etc/pam.d/useradd
+
+auth        sufficient      pam_rootok.so
+auth        required        pam_unix.so
+account     required        pam_unix.so
+session     required        pam_unix.so
+password    required        pam_permit.so
+
+# End /etc/pam.d/useradd

Added: profiles/BLFS/trunk/config_standard/etc/rc.d/init.d/firewall
===================================================================
--- profiles/BLFS/trunk/config_standard/etc/rc.d/init.d/firewall	2004-10-30 03:12:31 UTC (rev 1573)
+++ profiles/BLFS/trunk/config_standard/etc/rc.d/init.d/firewall	2004-11-02 03:10:42 UTC (rev 1574)
@@ -0,0 +1,36 @@
+#!/bin/sh
+
+# Begin $rc_base/init.d/firewall
+
+# Insert connection-tracking modules (not needed if built into the kernel).
+modprobe ip_tables
+modprobe iptable_filter
+modprobe ip_conntrack
+modprobe ip_conntrack_ftp
+modprobe ipt_state
+modprobe ipt_LOG
+
+# allow local-only connections
+iptables -A INPUT  -i lo -j ACCEPT
+# free output on any interface to any ip for any service (equal to -P ACCEPT)
+iptables -A OUTPUT -j ACCEPT
+
+# permit answers on already established connections
+# and permit new connections related to established ones (eg active-ftp)
+iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+
+# Log everything else:  What's Windows' latest exploitable vulnerability?
+iptables -A INPUT -j LOG --log-prefix "FIREWALL:INPUT "
+
+# set a sane policy:    everything not accepted > /dev/null
+iptables -P INPUT    DROP
+iptables -P FORWARD  DROP
+iptables -P OUTPUT   DROP
+
+# be verbose on dynamic ip-addresses     (not needed in case of static IP)
+echo 2 > /proc/sys/net/ipv4/ip_dynaddr
+
+# disable ExplicitCongestionNotification - too many routers are still ignorant
+echo 0 > /proc/sys/net/ipv4/tcp_ecn
+
+# End $rc_base/init.d/firewall

Added: profiles/BLFS/trunk/config_standard/etc/rc.d/init.d/firewall.status
===================================================================
--- profiles/BLFS/trunk/config_standard/etc/rc.d/init.d/firewall.status	2004-10-30 03:12:31 UTC (rev 1573)
+++ profiles/BLFS/trunk/config_standard/etc/rc.d/init.d/firewall.status	2004-11-02 03:10:42 UTC (rev 1574)
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+# Begin $rc_base/init.d/firewall.status
+
+echo "iptables.mangling:"
+iptables -t mangle  -v -L -n --line-numbers
+
+echo
+echo "iptables.nat:"
+iptables -t nat     -v -L -n --line-numbers
+
+echo
+echo "iptables.filter:"
+iptables            -v -L -n --line-numbers

Added: profiles/BLFS/trunk/config_standard/etc/rc.d/init.d/firewall.stop
===================================================================
--- profiles/BLFS/trunk/config_standard/etc/rc.d/init.d/firewall.stop	2004-10-30 03:12:31 UTC (rev 1573)
+++ profiles/BLFS/trunk/config_standard/etc/rc.d/init.d/firewall.stop	2004-11-02 03:10:42 UTC (rev 1574)
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+# Being $rc_base/init.d/firewall.stop
+
+# deactivate IP-Forwarding 
+echo 0 > /proc/sys/net/ipv4/ip_forward
+
+iptables -Z
+iptables -F
+iptables -t nat         -F PREROUTING
+iptables -t nat         -F OUTPUT
+iptables -t nat         -F POSTROUTING
+iptables -t mangle      -F PREROUTING
+iptables -t mangle      -F OUTPUT
+iptables -X
+iptables -P INPUT       ACCEPT
+iptables -P FORWARD     ACCEPT
+iptables -P OUTPUT      ACCEPT

Modified: profiles/BLFS/trunk/config_standard/general.ent
===================================================================
--- profiles/BLFS/trunk/config_standard/general.ent	2004-10-30 03:12:31 UTC (rev 1573)
+++ profiles/BLFS/trunk/config_standard/general.ent	2004-11-02 03:10:42 UTC (rev 1574)
@@ -1,6 +1,6 @@
 <!ENTITY real-amp "&#38;">
 <!-- book version -->
-<!ENTITY blfs-version "svn-20040901">
+<!ENTITY blfs-version "svn-20041030">
 
 <!-- directory containing the compressed packages -->
 <!ENTITY packages_dir  "/mnt/src">
@@ -54,6 +54,6 @@
 
 <!ENTITY ldconfig "<execute command='/sbin/ldconfig' />">
 
-<!ENTITY blfs-bootscripts-version "5.1">
+<!ENTITY blfs-bootscripts-version "20041027">
 <!ENTITY blfs-bootscripts-package "blfs-bootscripts-&blfs-bootscripts-version;.tar.bz2">
-<!ENTITY blfs-bootscripts-directory "blfs-bootscripts-2004-05-22">
+<!ENTITY blfs-bootscripts-directory "blfs-bootscripts-&blfs-bootscripts-version;">

Modified: profiles/BLFS/trunk/config_standard/packages/ch04.ent
===================================================================
--- profiles/BLFS/trunk/config_standard/packages/ch04.ent	2004-10-30 03:12:31 UTC (rev 1573)
+++ profiles/BLFS/trunk/config_standard/packages/ch04.ent	2004-11-02 03:10:42 UTC (rev 1574)
@@ -10,35 +10,41 @@
 <!ENTITY linuxpam-version   "0.77">
 <!ENTITY linuxpam-package   "Linux-PAM-&linuxpam-version;.tar.bz2">
 <!ENTITY linuxpam-directory "Linux-PAM-&linuxpam-version;">
-
 <!ENTITY linuxpam-linkage-patch "Linux-PAM-&linuxpam-version;-linkage-3.patch">
 
 <!ENTITY shadow-version   "4.0.4.1">
 <!ENTITY shadow-package   "shadow-&shadow-version;.tar.bz2">
 <!ENTITY shadow-directory "shadow-&shadow-version;">
+<!ENTITY shadow-pam-patch "shadow-&shadow-version;-pam-1.patch">
 
-<!ENTITY shadow-pam-patch     "shadow-&shadow-version;-pam-1.patch">
-
-<!ENTITY iptables-version   "1.2.9">
+<!ENTITY iptables-version   "1.2.11">
 <!ENTITY iptables-package   "iptables-&iptables-version;.tar.bz2">
 <!ENTITY iptables-directory "iptables-&iptables-version;">
 
-<!ENTITY gnupg-version      "1.2.4">
+<!ENTITY gnupg-version      "1.2.6">
 <!ENTITY gnupg-package      "gnupg-&gnupg-version;.tar.bz2">
 <!ENTITY gnupg-directory    "gnupg-&gnupg-version;">
 
 <!ENTITY tripwire-version "2.3.1-2">
 <!ENTITY tripwire-package "tripwire-&tripwire-version;.tar.gz">
 <!ENTITY tripwire-directory "tripwire-&tripwire-version;">
-<!ENTITY tripwire-gcc-patch "tripwire-&tripwire-version;-gcc3-build-fixes.patch">
+<!ENTITY tripwire-gcc-patch "tripwire-&tripwire-version;-gcc3_build_fixes-1.patch">
 
 <!ENTITY heimdal-version "0.6.2">
 <!ENTITY heimdal-package "heimdal-&heimdal-version;.tar.gz">
 <!ENTITY heimdal-directory "heimdal-&heimdal-version;">
-<!ENTITY heimdal-fhs-patch "heimdal-&heimdal-version;-fhs-compliance-1.patch">
+<!ENTITY heimdal-fhs-patch "heimdal-&heimdal-version;-fhs_compliance-1.patch">
 <!ENTITY heimdal-cracklib-patch "heimdal-&heimdal-version;-cracklib-1.patch">
 
-<!ENTITY mitkrb-version "1.3.3">
+<!ENTITY mitkrb-version "1.3.5">
 <!ENTITY mitkrb-package "krb5-&mitkrb-version;.tar">
 <!ENTITY mitkrb-krb5-package "krb5-&mitkrb-version;.tar.gz">
 <!ENTITY mitkrb-directory "krb5-&mitkrb-version;">
+
+<!ENTITY cyrus-sasl-version "2.1.20">
+<!ENTITY cyrus-sasl-package "cyrus-sasl-&cyrus-sasl-version;.tar.gz">
+<!ENTITY cyrus-sasl-directory "cyrus-sasl-&cyrus-sasl-version;">
+
+<!ENTITY stunnel-version "4.05">
+<!ENTITY stunnel-package "stunnel-&stunnel-version;.tar.gz">
+<!ENTITY stunnel-directory "stunnel-&stunnel-version;">

Modified: profiles/BLFS/trunk/misc/template.xml
===================================================================
--- profiles/BLFS/trunk/misc/template.xml	2004-10-30 03:12:31 UTC (rev 1573)
+++ profiles/BLFS/trunk/misc/template.xml	2004-11-02 03:10:42 UTC (rev 1574)
@@ -1,4 +1,15 @@
 <?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE alfs SYSTEM "../DTD/ALFS.dtd"
+[
+<!ENTITY % general_entities SYSTEM "../config/general.ent">
+<!ENTITY % package_entities SYSTEM "../config/packages/chxx.ent">
+<!ENTITY % config_entities SYSTEM  "../config/config.ent">
+
+%general_entities;
+%package_entities;
+%config_entities;
+
+]>
 <package name="" version="">
   <stage name="Unpacking.">
     <unpack>

Modified: profiles/BLFS/trunk/wget/bootscripts.urls
===================================================================
--- profiles/BLFS/trunk/wget/bootscripts.urls	2004-10-30 03:12:31 UTC (rev 1573)
+++ profiles/BLFS/trunk/wget/bootscripts.urls	2004-11-02 03:10:42 UTC (rev 1574)
@@ -1 +1 @@
-http://downloads.linuxfromscratch.org/blfs-bootscripts-5.1.tar.bz2
+http://www.linuxfromscratch.org/blfs/downloads/svn/blfs-bootscripts-20041027.tar.bz2

Modified: profiles/BLFS/trunk/wget/chapter04.urls
===================================================================
--- profiles/BLFS/trunk/wget/chapter04.urls	2004-10-30 03:12:31 UTC (rev 1573)
+++ profiles/BLFS/trunk/wget/chapter04.urls	2004-11-02 03:10:42 UTC (rev 1574)
@@ -1,23 +1,27 @@
 http://www.crypticide.com/users/alecm/security/cracklib,2.7.tar.gz
-http://www.linuxfromscratch.org/patches/blfs/5.1/cracklib,2.7-blfs-1.patch
-http://www.linuxfromscratch.org/patches/blfs/5.1/cracklib,2.7-heimdal-1.patch
+http://www.linuxfromscratch.org/blfs/downloads/svn/cracklib,2.7-blfs-1.patch
+http://www.linuxfromscratch.org/blfs/downloads/svn/cracklib,2.7-heimdal-1.patch
 http://www.cotse.com/wordlists/allwords
 
 ftp://ftp.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-0.77.tar.bz2
-http://www.linuxfromscratch.org/patches/blfs/5.1/Linux-PAM-0.77-linkage-3.patch
+http://www.linuxfromscratch.org/blfs/downloads/svn/Linux-PAM-0.77-linkage-3.patch
 
-ftp://ftp.pld.org.pl/software/shadow/shadow-4.0.4.1.tar.bz2
-http://www.linuxfromscratch.org/patches/blfs/5.1/shadow-4.0.4.1-pam-1.patch
+ftp://ftp.pld.org.pl/software/shadow/old/shadow-4.0.4.1.tar.bz2
+http://www.linuxfromscratch.org/blfs/downloads/svn/shadow-4.0.4.1-pam-1.patch
 
-ftp://ftp.netfilter.org/pub/iptables/iptables-1.2.9.tar.bz2
+ftp://ftp.netfilter.org/pub/iptables/iptables-1.2.11.tar.bz2
 
-ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.2.4.tar.bz2
+ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.2.6.tar.bz2
 
 ftp://ftp.fu-berlin.de/unix/security/tripwire/tripwire-2.3.1-2.tar.gz
-http://www.linuxfromscratch.org/patches/blfs/5.1/tripwire-2.3.1-2-gcc3-build-fixes.patch
+http://www.linuxfromscratch.org/blfs/downloads/svn/tripwire-2.3.1-2-gcc3_build_fixes-1.patch
 
 ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.6.2.tar.gz
-http://www.linuxfromscratch.org/patches/blfs/5.1/heimdal-0.6.2-fhs-compliance-1.patch
-http://www.linuxfromscratch.org/patches/blfs/5.1/heimdal-0.6.2-cracklib-1.patch
+http://www.linuxfromscratch.org/blfs/downloads/svn/heimdal-0.6.2-fhs_compliance-1.patch
+http://www.linuxfromscratch.org/blfs/downloads/svn/heimdal-0.6.2-cracklib-1.patch
 
-http://web.mit.edu/kerberos/www/dist/krb5/1.3/krb5-1.3.3.tar
+http://web.mit.edu/kerberos/www/dist/krb5/1.3/krb5-1.3.5.tar
+
+ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.20.tar.gz
+
+ftp://ftp.fu-berlin.de/unix/linux/mirrors/gentoo/distfiles/stunnel-4.05.tar.gz

Added: profiles/BLFS/trunk/wget.blfs
===================================================================
--- profiles/BLFS/trunk/wget.blfs	2004-10-30 03:12:31 UTC (rev 1573)
+++ profiles/BLFS/trunk/wget.blfs	2004-11-02 03:10:42 UTC (rev 1574)
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+if [ -z "$2" ]; then
+	echo "Usage: $0 <destination_dir> <wget_list>"
+	exit 1
+fi
+
+wget -nc -P $1 -i $2




More information about the alfs-log mailing list