r4743 - in trunk/BOOK: . introduction/welcome postlfs/security

randy at linuxfromscratch.org randy at linuxfromscratch.org
Wed Jul 20 11:28:38 PDT 2005


Author: randy
Date: 2005-07-20 12:28:37 -0600 (Wed, 20 Jul 2005)
New Revision: 4743

Modified:
   trunk/BOOK/general.ent
   trunk/BOOK/introduction/welcome/changelog.xml
   trunk/BOOK/postlfs/security/stunnel.xml
Log:
Updated to Stunnel-4.11

Modified: trunk/BOOK/general.ent
===================================================================
--- trunk/BOOK/general.ent	2005-07-20 15:56:10 UTC (rev 4742)
+++ trunk/BOOK/general.ent	2005-07-20 18:28:37 UTC (rev 4743)
@@ -39,7 +39,7 @@
 <!ENTITY heimdal-version              "0.6.3">
 <!ENTITY mitkrb-version               "1.4">
 <!ENTITY cyrus-sasl-version           "2.1.21">
-<!ENTITY stunnel-version              "4.09">
+<!ENTITY stunnel-version              "4.11">
 
 <!-- Chapter 5 -->
 <!ENTITY reiser-version               "3.6.19">

Modified: trunk/BOOK/introduction/welcome/changelog.xml
===================================================================
--- trunk/BOOK/introduction/welcome/changelog.xml	2005-07-20 15:56:10 UTC (rev 4742)
+++ trunk/BOOK/introduction/welcome/changelog.xml	2005-07-20 18:28:37 UTC (rev 4743)
@@ -25,6 +25,10 @@
   <itemizedlist>
     
     <listitem>
+      <para>July 20th 2005 [randy]: Updated to Stunnel-4.11.</para>
+    </listitem>
+
+    <listitem>
       <para>July 19th 2005 [randy]: Updated to Doxygen-1.4.3.</para>
     </listitem>
 

Modified: trunk/BOOK/postlfs/security/stunnel.xml
===================================================================
--- trunk/BOOK/postlfs/security/stunnel.xml	2005-07-20 15:56:10 UTC (rev 4742)
+++ trunk/BOOK/postlfs/security/stunnel.xml	2005-07-20 18:28:37 UTC (rev 4743)
@@ -7,10 +7,10 @@
   <!-- <!ENTITY stunnel-download-http "http://www.stunnel.org/download/stunnel/src/stunnel-&stunnel-version;.tar.gz"> -->
   <!ENTITY stunnel-download-http "http://www.stunnel.org/download/stunnel/src/stunnel-&stunnel-version;.tar.gz">
   <!ENTITY stunnel-download-ftp  "ftp://stunnel.mirt.net/stunnel/stunnel-&stunnel-version;.tar.gz">
-  <!ENTITY stunnel-md5sum        "2077669b04c36e4c0baa68348e8860a7">
+  <!ENTITY stunnel-md5sum        "253c50435d4d81cba6f19ca34266e6dc">
   <!ENTITY stunnel-size          "484 KB">
-  <!ENTITY stunnel-buildsize     "3.9 MB">
-  <!ENTITY stunnel-time          "0.10 SBU">
+  <!ENTITY stunnel-buildsize     "4.0 MB">
+  <!ENTITY stunnel-time          "0.1 SBU">
 ]>
 
 <sect1 id="stunnel" xreflabel="Stunnel-&stunnel-version;">
@@ -61,13 +61,13 @@
       </listitem>
     </itemizedlist>
 
-    <bridgehead renderas="sect3">Additional Downloads</bridgehead>
+    <!-- <bridgehead renderas="sect3">Additional Downloads</bridgehead>
     <itemizedlist spacing="compact">
       <listitem>
         <para>Required patch: <ulink
         url="ftp://stunnel.mirt.net/stunnel/stunnel-&stunnel-version;-1_minute_sleep_fix.patch"/></para>
       </listitem>
-    </itemizedlist>
+    </itemizedlist> -->
 
     <bridgehead renderas="sect3">Stunnel Dependencies</bridgehead>
 
@@ -85,40 +85,43 @@
     <para>The <command>stunnel</command> daemon will be run in a
     <command>chroot</command> jail by an unprivileged user. Create the
     new user, group and <command>chroot</command> home directory structure
-    using the following commands as the <systemitem
-    class="username">root</systemitem> user:</para>
+    using the following commands as the
+    <systemitem class="username">root</systemitem> user:</para>
 
 <screen role="root"><userinput>groupadd -g 51 stunnel &&
 useradd -c "Stunnel Daemon" -d /var/lib/stunnel \
         -g stunnel -s /bin/false -u 51 stunnel &&
-install -d -m 700 -o stunnel -g stunnel /var/lib/stunnel/run</userinput></screen>
+install -v -m700 -o stunnel -g stunnel -d /var/lib/stunnel/run</userinput></screen>
 
     <note>
       <para>A signed SSL Certificate and a Private Key is necessary to run
       the <command>stunnel</command> daemon. If you own, or have already
       created a signed SSL Certificate you wish to use, copy it to
-      <filename>/etc/stunnel/stunnel.pem</filename> before starting the build,
-      otherwise you will be prompted to create one during the installation
-      process. The <filename>.pem</filename> file must be formatted as shown
-      below:</para>
+      <filename>/etc/stunnel/stunnel.pem</filename> before starting the build
+      (ensure only root has read and write access), otherwise you will be
+      prompted to create one during the installation process. The
+      <filename>.pem</filename> file must be formatted as shown below:</para>
 
 <screen><literal>-----BEGIN RSA PRIVATE KEY-----
 <replaceable>[many encrypted lines of unencrypted key]</replaceable>
 -----END RSA PRIVATE KEY-----
 -----BEGIN CERTIFICATE-----
 <replaceable>[many encrypted lines of certificate]</replaceable>
------END CERTIFICATE-----</literal></screen>
-
+-----END CERTIFICATE-----
+-----BEGIN DH PARAMETERS-----
+<replaceable>[multiple encrypted lines of DH parameters]</replaceable>
+-----END DH PARAMETERS-----</literal></screen>
     </note>
 
     <para>Install <application>Stunnel</application> by running the following
     commands:</para>
 
-<screen><userinput>patch -Np1 -i ../stunnel-&stunnel-version;-1_minute_sleep_fix.patch &&
-./configure --prefix=/usr --sysconfdir=/etc \
+<screen><userinput>./configure --prefix=/usr --sysconfdir=/etc \
     --localstatedir=/var/lib &&
 make</userinput></screen>
 
+    <para>This package does not come with a test suite.</para>
+
     <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
 
 <screen role="root"><userinput>make install</userinput></screen>
@@ -145,7 +148,7 @@
 <screen><prompt>Common Name (FQDN of your server) [localhost]:</prompt></screen>
 
     <para>prompt with the name or IP address you will be using
-    to access the service.</para>
+    to access the service(s).</para>
 
   </sect2>
 
@@ -180,7 +183,7 @@
 
 EOF</userinput></screen>
 
-    <para>Next, you need to add the service you wish to encrypt to the
+    <para>Next, you need to add the service(s) you wish to encrypt to the
     configuration file. The format is as follows:</para>
 
 <screen><literal>[<replaceable>[service]</replaceable>]




More information about the blfs-book mailing list