[blfs-book] r12739 - trunk/BOOK/postlfs/security

fernando at higgs.linuxfromscratch.org fernando at higgs.linuxfromscratch.org
Wed Feb 19 12:16:20 PST 2014


Author: fernando
Date: Wed Feb 19 12:16:20 2014
New Revision: 12739

Log:
Chapter 4 patch attachment. Thanks to Armin K.

Modified:
   trunk/BOOK/postlfs/security/cyrus-sasl.xml
   trunk/BOOK/postlfs/security/mitkrb.xml
   trunk/BOOK/postlfs/security/openssh.xml
   trunk/BOOK/postlfs/security/stunnel.xml

Modified: trunk/BOOK/postlfs/security/cyrus-sasl.xml
==============================================================================
--- trunk/BOOK/postlfs/security/cyrus-sasl.xml	Wed Feb 19 03:31:07 2014	(r12738)
+++ trunk/BOOK/postlfs/security/cyrus-sasl.xml	Wed Feb 19 12:16:20 2014	(r12739)
@@ -39,7 +39,7 @@
       protocol and the connection.
     </para>
 
-    &lfs74_checked;
+    &lfs75_checked;
 
     <bridgehead renderas="sect3">Package Information</bridgehead>
     <itemizedlist spacing="compact">
@@ -118,6 +118,12 @@
   <sect2 role="installation">
     <title>Installation of Cyrus SASL</title>
 
+    <note>
+      <para>
+        This package does not support parallel build.
+      </para>
+    </note>
+
     <para>
       Install <application>Cyrus SASL</application> by
       running the following commands:
@@ -132,8 +138,7 @@
             --sysconfdir=/etc    \
             --enable-auth-sasldb \
             --with-dbpath=/var/lib/sasl/sasldb2 \
-            --with-saslauthd=/var/run/saslauthd \
-            CFLAGS=-fPIC
+            --with-saslauthd=/var/run/saslauthd &&
 make</userinput></screen>
 
     <para>

Modified: trunk/BOOK/postlfs/security/mitkrb.xml
==============================================================================
--- trunk/BOOK/postlfs/security/mitkrb.xml	Wed Feb 19 03:31:07 2014	(r12738)
+++ trunk/BOOK/postlfs/security/mitkrb.xml	Wed Feb 19 12:16:20 2014	(r12739)
@@ -38,7 +38,7 @@
       networks or the Internet.
     </para>
 
-    &lfs74_checked;
+    &lfs75_checked;
 
     <bridgehead renderas="sect3">Package Information</bridgehead>
     <itemizedlist spacing="compact">

Modified: trunk/BOOK/postlfs/security/openssh.xml
==============================================================================
--- trunk/BOOK/postlfs/security/openssh.xml	Wed Feb 19 03:31:07 2014	(r12738)
+++ trunk/BOOK/postlfs/security/openssh.xml	Wed Feb 19 12:16:20 2014	(r12739)
@@ -5,9 +5,9 @@
   %general-entities;
 
   <!ENTITY openssh-download-http
-    "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-&openssh-version;.tar.gz">
+           "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-&openssh-version;.tar.gz">
   <!ENTITY openssh-download-ftp
-    "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-&openssh-version;.tar.gz">
+           "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-&openssh-version;.tar.gz">
   <!ENTITY openssh-md5sum        "a084e7272b8cbd25afe0f5dce4802fef">
   <!ENTITY openssh-size          "1.3 MB">
   <!ENTITY openssh-buildsize     "32 MB (additional 2 MB if running the tests)">
@@ -32,16 +32,16 @@
   <sect2 role="package">
     <title>Introduction to OpenSSH</title>
 
-  <para>
-    The <application>OpenSSH</application> package contains
-    <command>ssh</command> clients and the <command>sshd</command> daemon. This
-    is useful for encrypting authentication and subsequent traffic over a
-    network. The <command>ssh</command> and <command>scp</command> commands are
-    secure implementions of <command>telnet</command> and <command>rcp</command>
-    respectively.
-  </para>
+    <para>
+      The <application>OpenSSH</application> package contains
+      <command>ssh</command> clients and the <command>sshd</command> daemon. This
+      is useful for encrypting authentication and subsequent traffic over a
+      network. The <command>ssh</command> and <command>scp</command> commands are
+      secure implementions of <command>telnet</command> and <command>rcp</command>
+      respectively.
+    </para>
 
-  &lfs75_checked;
+    &lfs75_checked;
 
     <bridgehead renderas="sect3">Package Information</bridgehead>
     <itemizedlist spacing="compact">
@@ -100,7 +100,7 @@
     </para>
 
     <para condition="html" role="usernotes">
-        User Notes: <ulink url='&blfs-wiki;/OpenSSH'/>
+        User Notes: <ulink url="&blfs-wiki;/OpenSSH"/>
     </para>
   </sect2>
 
@@ -129,7 +129,6 @@
 
 <screen><userinput>./configure --prefix=/usr                     \
             --sysconfdir=/etc/ssh             \
-            --datadir=/usr/share/sshd         \
             --with-md5-passwords              \
             --with-privsep-path=/var/lib/sshd &&
 make</userinput></screen>
@@ -185,12 +184,6 @@
     </para>
 
     <para>
-      <parameter>--datadir=/usr/share/sshd</parameter>: This switch puts the
-      Ssh.bin file (used for SmartCard authentication) in
-      <filename class="directory">/usr/share/sshd</filename>.
-    </para>
-
-    <para>
       <parameter>--with-md5-passwords</parameter>: This enables the use of MD5
       passwords.
     </para>

Modified: trunk/BOOK/postlfs/security/stunnel.xml
==============================================================================
--- trunk/BOOK/postlfs/security/stunnel.xml	Wed Feb 19 03:31:07 2014	(r12738)
+++ trunk/BOOK/postlfs/security/stunnel.xml	Wed Feb 19 12:16:20 2014	(r12739)
@@ -38,7 +38,7 @@
     SMTP and HTTP, and in tunneling PPP over network sockets without changes
     to the server package source code.</para>
 
-    &lfs74_checked;
+    &lfs75_checked;
 
     <bridgehead renderas="sect3">Package Information</bridgehead>
     <itemizedlist spacing="compact">
@@ -97,10 +97,10 @@
       the <command>stunnel</command> daemon. If you own, or have already
       created a signed SSL Certificate you wish to use, copy it to
       <filename>/etc/stunnel/stunnel.pem</filename> before starting the build
-      (ensure only <systemitem class='username'>root</systemitem> has read and
+      (ensure only <systemitem class="username">root</systemitem> has read and
       write access), otherwise you will be
       prompted to create one during the installation process. The
-      <filename class='extension'>.pem</filename> file must be formatted as
+      <filename class="extension">.pem</filename> file must be formatted as
       shown below:</para>
 
 <screen><literal>-----BEGIN PRIVATE KEY-----
@@ -120,7 +120,7 @@
 <screen><userinput>./configure --prefix=/usr \
             --sysconfdir=/etc \
             --localstatedir=/var \
-            --disable-libwrap &&
+            --disable-fips &&
 make</userinput></screen>
 
     <para>This package does not come with a test suite.</para>
@@ -134,25 +134,15 @@
   <sect2 role="commands">
     <title>Command Explanations</title>
 
-    <para><parameter>--sysconfdir=/etc</parameter>: This parameter forces
-    the configuration directory to <filename class='directory'>/etc</filename>
-    instead of <filename class='directory'>/usr/etc</filename>.</para>
-
-    <para><parameter>--localstatedir=/var</parameter>: This parameter
-    sets the installation to use
-    <filename class='directory'>/var/lib/stunnel</filename> instead of
-    creating and using
-    <filename class='directory'>/usr/var/stunnel</filename>.</para>
-
-    <para><parameter>--disable-libwrap</parameter>: This parameter is required
-    if you don't have <application>tcpwrappers</application> installed. Remove
-    the parameter if <application>tcpwrappers</application> is installed.</para>
+    <para><parameter>--disable-fips</parameter>: This switch disables FIPS support
+    which will cause <application>Stunnel</application> to fail to start if
+    it is enabled.</para>
 
     <para><command>make docdir=... install</command>: This command installs the
     package, changes the documentation installation directory to standard
     naming conventions and, if you did not copy an
     <filename>stunnel.pem</filename> file to the
-    <filename class='directory'>/etc/stunnel</filename> directory, prompts you
+    <filename class="directory">/etc/stunnel</filename> directory, prompts you
     for the necessary information to create one. Ensure you reply to the</para>
 
 <screen><prompt>Common Name (FQDN of your server) [localhost]:</prompt></screen>
@@ -181,10 +171,11 @@
 
       <para>As the <systemitem class="username">root</systemitem> user,
       create the directory used for the
-      <filename class='extension'>.pid</filename> file that is created
+      <filename class="extension">.pid</filename> file that is created
       when the <application>stunnel</application> daemon starts:</para>
 
-<screen role="root"><userinput>install -v -m750 -o stunnel -g stunnel -d /var/lib/stunnel/run</userinput></screen>
+<screen role="root"><userinput>install -v -m750 -o stunnel -g stunnel -d /var/lib/stunnel/run &&
+chown stunnel:stunnel /var/lib/stunnel</userinput></screen>
 
       <para>Next, create a basic <filename>/etc/stunnel/stunnel.conf</filename>
       configuration file using the following commands as the



More information about the blfs-book mailing list