r936 - in trunk/BOOK: . chapter01 chapter04 chapter06 security

robert at linuxfromscratch.org robert at linuxfromscratch.org
Mon Dec 4 04:50:52 PST 2006


Author: robert
Date: 2006-12-04 05:50:49 -0700 (Mon, 04 Dec 2006)
New Revision: 936

Added:
   trunk/BOOK/chapter06/openssl.xml
Removed:
   trunk/BOOK/security/openssh.xml
   trunk/BOOK/security/openssl.xml
Modified:
   trunk/BOOK/chapter01/changelog.xml
   trunk/BOOK/chapter04/packages.xml
   trunk/BOOK/chapter04/patches.xml
   trunk/BOOK/chapter06/chapter06.xml
   trunk/BOOK/packages.ent
   trunk/BOOK/patches.ent
   trunk/BOOK/security/security.xml
Log:
Moved OpenSSL to chapter 6, and moved Zlib ahead of it (after GCC), and upgraded to 0.9.8c. Removed OpenSSH page.

Modified: trunk/BOOK/chapter01/changelog.xml
===================================================================
--- trunk/BOOK/chapter01/changelog.xml	2006-12-04 12:44:49 UTC (rev 935)
+++ trunk/BOOK/chapter01/changelog.xml	2006-12-04 12:50:49 UTC (rev 936)
@@ -110,6 +110,9 @@
 </listitem>
 -->
 
+<listitem><para>December 4rth, 2006 [Robert]: Moved OpenSSL to chapter 6, and moved
+Zlib ahead of it (after GCC), and upgraded to 0.9.8c. Removed OpenSSH page.</para></listitem>
+
 <listitem><para>December 4rth, 2006 [Robert]: Move Sed and E2fsprogs ahead of Coreutils
 to deal with new Coreutils test suite dependencies (from LFS-svn).</para></listitem>
 

Modified: trunk/BOOK/chapter04/packages.xml
===================================================================
--- trunk/BOOK/chapter04/packages.xml	2006-12-04 12:44:49 UTC (rev 935)
+++ trunk/BOOK/chapter04/packages.xml	2006-12-04 12:50:49 UTC (rev 936)
@@ -432,6 +432,16 @@
     </varlistentry>
 
     <varlistentry>
+      <term>OpenSSL (&openssl-version;) - 3,243 KB:</term>
+      <listitem>
+        <para>Home page: <ulink url="http://www.openssl.org/"/></para>
+        <para>Download: <ulink
+        url="http://www.openssl.org/source/openssl-&openssl-version;.tar.gz"/></para>
+        <para>MD5 sum: <literal>&openssl-md5;</literal></para>
+      </listitem>
+    </varlistentry>
+
+    <varlistentry>
       <term>Patch (&patch-version;) - 204 KB:</term>
       <listitem>
         <para>Home page: <ulink url="&gnu-software;patch/"/></para>

Modified: trunk/BOOK/chapter04/patches.xml
===================================================================
--- trunk/BOOK/chapter04/patches.xml	2006-12-04 12:44:49 UTC (rev 935)
+++ trunk/BOOK/chapter04/patches.xml	2006-12-04 12:50:49 UTC (rev 936)
@@ -315,6 +315,14 @@
     </varlistentry>
 
     <varlistentry>
+      <term>OpenSSL Fix Man Pages Patch - &openssl-fix_manpages-patch-size;:</term>
+      <listitem>
+        <para>Download: <ulink url="&patches-root;&openssl-fix_manpages-patch;"/></para>
+        <para>MD5 sum: <literal>&openssl-fix_manpages-patch-md5;</literal></para>
+      </listitem>
+    </varlistentry>
+
+    <varlistentry>
       <term>Patch Mkstemp Patch - &patch-mkstemp-patch-size;:</term>
       <listitem>
         <para>Download: <ulink url="&patches-root;&patch-mkstemp-patch;"/></para>

Modified: trunk/BOOK/chapter06/chapter06.xml
===================================================================
--- trunk/BOOK/chapter06/chapter06.xml	2006-12-04 12:44:49 UTC (rev 935)
+++ trunk/BOOK/chapter06/chapter06.xml	2006-12-04 12:50:49 UTC (rev 936)
@@ -22,10 +22,11 @@
 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="uclibc.xml"/>
 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="readjusting.xml"/>
 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="butterfly-toolchain.xml"/>
+<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="zlib.xml"/>
+<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="openssl.xml"/>
 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="sed.xml"/>
 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="e2fsprogs.xml"/>
 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="coreutils.xml"/>
-<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="zlib.xml"/>
 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="mktemp.xml"/>
 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="iana-etc.xml"/>
 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="findutils.xml"/>

Added: trunk/BOOK/chapter06/openssl.xml
===================================================================
--- trunk/BOOK/chapter06/openssl.xml	                        (rev 0)
+++ trunk/BOOK/chapter06/openssl.xml	2006-12-04 12:50:49 UTC (rev 936)
@@ -0,0 +1,132 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
+  "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
+  <!ENTITY % general-entities SYSTEM "../general.ent">
+  %general-entities;
+]>
+
+<sect1 id="ch-system-openssl" role="wrap">
+  <?dbhtml filename="openssl.html"?>
+
+  <title>OpenSSL-&openssl-version;</title>
+
+  <indexterm zone="ch-system-openssl">
+    <primary sortas="a-OpenSSL">OpenSSL</primary>
+  </indexterm>
+
+  <sect2 role="package">
+    <title/>
+
+    <para>The OpenSSL package contains management tools and libraries
+    relating to cryptography.</para>
+
+    <segmentedlist>
+      <segtitle>&buildtime;</segtitle>
+      <segtitle>&diskspace;</segtitle>
+
+      <seglistitem>
+        <seg>?? SBU</seg>
+        <seg>?? MB</seg>
+      </seglistitem>
+    </segmentedlist>
+
+  </sect2>
+
+  <sect2 role="installation">
+    <title>Installation of OpenSSL</title>
+
+    <para>Apply this patch to fix conflicts between OpenSSL
+    manual pages and manual pages from other packages:</para>
+
+<screen><userinput>patch -Np1 -i ../&openssl-fix_manpages-patch;</userinput></screen>
+
+    <para>Prepare OpenSSL for compilation:</para>
+
+<screen><userinput>./config --openssldir=/etc/ssl --prefix=/usr shared zlib-dynamic</userinput></screen>
+
+    <variablelist>
+      <title>The meaning of the configure options:</title>
+
+      <varlistentry>
+        <term><parameter>--openssldir=/etc/ssl</parameter></term>
+        <listitem>
+          <para>This option tells OpenSSL to install and use
+          configuration files from
+          <filename class="directory">/etc/ssl</filename>.</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><parameter>shared</parameter></term>
+        <listitem>
+          <para>This option tells OpenSSL to build the shared
+          libraries of OpenSSL.</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><parameter>zlib-dynamic</parameter></term>
+        <listitem>
+          <para>This option tells OpenSSL to use the Zlib shared
+          library, rather than the static version.</para>
+        </listitem>
+      </varlistentry>
+
+    </variablelist>
+
+    <para>Compile the package:</para>
+
+<screen><userinput>make MANDIR=/usr/share/man</userinput></screen>
+
+    <para>To test the results, issue:
+    <userinput>make test</userinput>. This test suite depends on
+    the <command>bc</command> package from BLFS.</para>
+
+    <para>Install the package:</para>
+
+<screen><userinput>make MANDIR=/usr/share/man install
+cp -v -r certs /etc/ssl</userinput></screen>
+
+    <para>Install the documentation:</para>
+
+<screen><userinput>install -v -d -m755 /usr/share/doc/openssl-0.9.8c
+cp -v -r doc/{HOWTO,README,*.{txt,html,gif}} \
+    /usr/share/doc/openssl-0.9.8c</userinput></screen>
+
+    <para>Move the static libraries:</para>
+
+<screen><userinput>mv -v /usr/lib/{libcrypto,libssl}.a /usr/lib/static</userinput></screen>
+
+  </sect2>
+
+  <sect2 id="contents-openssl" role="content">
+    <title>Contents of OpenSSL</title>
+
+    <segmentedlist>
+      <segtitle>Installed libraries</segtitle>
+
+      <seglistitem>
+        <seg>FIXME</seg>
+      </seglistitem>
+    </segmentedlist>
+
+    <variablelist>
+      <bridgehead renderas="sect3">Short Descriptions</bridgehead>
+      <?dbfo list-presentation="list"?>
+      <?dbhtml list-presentation="table"?>
+
+      <varlistentry id="libssl">
+        <term><filename class="libraryfile">FIXME</filename></term>
+        <listitem>
+          <para>FIXME</para>
+          <indexterm zone="ch-system-openssl libssl">
+            <primary sortas="c-libssl">libssl</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+
+    </variablelist>
+
+  </sect2>
+
+</sect1>

Modified: trunk/BOOK/packages.ent
===================================================================
--- trunk/BOOK/packages.ent	2006-12-04 12:44:49 UTC (rev 935)
+++ trunk/BOOK/packages.ent	2006-12-04 12:50:49 UTC (rev 936)
@@ -122,6 +122,9 @@
 <!ENTITY ncurses-version "5.5">
 <!ENTITY ncurses-md5 "e73c1ac10b4bfc46db43b2ddfd6244ef">
 
+<!ENTITY openssl-version "0.9.8c">
+<!ENTITY openssl-md5 "78454bec556bcb4c45129428a766c886">
+
 <!ENTITY patch-version "2.5.9">
 <!ENTITY patch-md5 "dacfb618082f8d3a2194601193cf8716">
 

Modified: trunk/BOOK/patches.ent
===================================================================
--- trunk/BOOK/patches.ent	2006-12-04 12:44:49 UTC (rev 935)
+++ trunk/BOOK/patches.ent	2006-12-04 12:50:49 UTC (rev 936)
@@ -150,6 +150,10 @@
 <!ENTITY ncurses-fixes-patch-md5 "0e033185008f21578c6e4c7249f92cbb">
 <!ENTITY ncurses-fixes-patch-size "8.2 KB">
 
+<!ENTITY openssl-fix_manpages-patch "openssl-&openssl-version;-fix_manpages-1.patch">
+<!ENTITY openssl-fix_manpages-patch-md5 "c4cf66cc2f3ea463be12e53267617aef">
+<!ENTITY openssl-fix_manpages-patch-size "72 KB">
+
 <!ENTITY patch-mkstemp-patch "patch-&patch-version;-mkstemp-1.patch">
 <!ENTITY patch-mkstemp-patch-md5 "c53c2f8a7349010da6afb002042ecec9">
 <!ENTITY patch-mkstemp-patch-size "8 KB">

Deleted: trunk/BOOK/security/openssh.xml
===================================================================
--- trunk/BOOK/security/openssh.xml	2006-12-04 12:44:49 UTC (rev 935)
+++ trunk/BOOK/security/openssh.xml	2006-12-04 12:50:49 UTC (rev 936)
@@ -1,290 +0,0 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>
-<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
-   "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
-  <!ENTITY % general-entities SYSTEM "../general.ent">
-  %general-entities;
-
-<!ENTITY openssh-download-http "http://sunsite.ualberta.ca/pub/OpenBSD/OpenSSH/portable/openssh-&openssh-version;.tar.gz">
-<!ENTITY openssh-download-ftp "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-&openssh-version;.tar.gz">
-<!ENTITY openssh-size "?? KB">
-<!ENTITY openssh-buildsize "?? MB">
-<!ENTITY openssh-time "?? SBU">
-<!ENTITY openssh-version "4.2p1">
-]>
-
-<sect1 id="openssh" xreflabel="OpenSSH-&openssh-version;">
-<?dbhtml filename="openssh.html"?>
-<title>Open<acronym>SSH</acronym>-&openssh-version;</title>
-<indexterm zone="openssh">
-<primary sortas="a-OpenSSH">OpenSSH</primary></indexterm>
-
-<sect2>
-<title>Introduction to 
-<application>Open<acronym>SSH</acronym></application></title>
-
-<para>The <application>Open<acronym>SSH</acronym></application> package 
-contains <command>ssh</command> clients and the <command>sshd</command> daemon. 
-This is useful for encrypting authentication and subsequent traffic over a 
-network.</para>
-
-<segmentedlist>
-<segtitle>Download (HTTP)</segtitle>
-<segtitle>Download (FTP)</segtitle>
-<segtitle>Download size</segtitle>
-<segtitle>&buildtime;</segtitle>
-<segtitle>&diskspace;</segtitle>
-<seglistitem>
-<seg><ulink url="&openssh-download-http;"/></seg>
-<seg><ulink url="&openssh-download-ftp;"/></seg>
-<seg>&openssh-size;</seg>
-<seg>&openssh-time;</seg>
-<seg>&openssh-buildsize;</seg>
-</seglistitem>
-</segmentedlist>
-
-<bridgehead renderas="sect3">Dependencies</bridgehead>
-<segmentedlist>
-<segtitle>Required</segtitle>
-<segtitle>Optional</segtitle>
-<seglistitem>
-<seg><xref linkend="OpenSSL"/></seg>
-<seg><ulink url="&blfs-book;basicnet/tcpwrappers.html">tcpwrappers</ulink></seg>
-</seglistitem>
-</segmentedlist>
-
-</sect2>
-
-<sect2>
-<title>Installation of 
-<application>Open<acronym>SSH</acronym></application></title>
-
-<para><application>Open<acronym>SSH</acronym></application> runs as two 
-processes when connecting to other computers. The first process is a 
-privileged process and controls the issuance of privileges as necessary. 
-The second process communicates with the network. Additional installation 
-steps are necessary to set up the proper environment, which are performed 
-by the following commands:</para>
-
-<screen><userinput><command>groupadd sshd
-useradd -c 'OpenSSH daemon' -d /var/empty -g sshd -s /sbin/nologin sshd</command></userinput></screen>
-
-<para>Install <application>Open<acronym>SSH</acronym></application> by running 
-the following commands:</para>
-
-<screen><userinput><command>./configure --prefix=/usr --sysconfdir=/etc/ssh \
-    --libexecdir=/usr/sbin --with-md5-passwords \
-    --with-privsep-path=/var/empty</command></userinput></screen>
-
-<para>Continue the build:</para>
-
-<screen><userinput><command>make</command></userinput></screen>
-
-<para>If you linked <application>tcp_wrappers</application> into the build 
-using the <option>--with-tcp-wrappers</option> parameter, ensure you add 
-127.0.0.1 to the sshd line in <filename>/etc/hosts.allow</filename> if you 
-have a restrictive <filename>/etc/hosts.deny</filename> file, or the testsuite 
-will fail. To run the testsuite, issue: <command>make -k 
-tests</command>.</para>
-
-<para>Now, as the root user:</para>
-
-<screen><userinput role='root'><command>make install
-install -v -m755 -d /usr/share/doc/openssh-&openssh-version;
-install -v -m644 INSTALL LICENCE OVERVIEW README* WARNING.RNG \
-    /usr/share/doc/openssh-&openssh-version;</command></userinput></screen>
-
-<para>The installed programs <command>ssh</command> and <command>scp</command>
-are replacements for <command>rsh</command> and <command>rcp</command>. Create
-these symlinks so that applications like <command>cvs</command> can use the
-<application>Open<acronym>SSH</acronym></application> versions of these programs:</para>
-
-<screen><userinput><command>ln -s ssh /usr/bin/rsh
-ln -s scp /usr/bin/rcp</command></userinput></screen>
-
-</sect2>
-
-<sect2>
-<title>Command explanations</title>
-
-<para><parameter>--sysconfdir=/etc/ssh</parameter>: This prevents the 
-configuration files from being installed in 
-<filename class="directory">/usr/etc</filename>.</para>
-
-<para><parameter>--with-md5-passwords</parameter>: This is required
-if you made the changes recommended by the shadowpasswd_plus
-<acronym>LFS</acronym> hint on
-your <acronym>SSH</acronym> server when you installed the Shadow Password 
-Suite or if you access a <acronym>SSH</acronym> server that authenticates by 
-user passwords encrypted with md5. </para>
-
-<para><parameter>--libexecdir=/usr/sbin</parameter>: This parameter 
-changes the installation path of some programs to 
-<filename class="directory">/usr/sbin</filename> instead of 
-<filename class="directory">/usr/libexec</filename>.</para>
-
-</sect2>
-
-<sect2>
-<title>Configuring <application>Open<acronym>SSH</acronym></application></title>
-
-<sect3 id="openssh-config"><title>Config files</title>
-
-<para><filename>~/.ssh/*, /etc/ssh/ssh_config</filename> and 
-<filename>/etc/ssh/sshd_config</filename></para>
-<indexterm zone="openssh openssh-config">
-<primary sortas="e-AA.ssh">~/.ssh/*</primary></indexterm>
-<indexterm zone="openssh openssh-config">
-<primary sortas="e-etc-ssh-ssh_config">/etc/ssh/ssh_config</primary>
-</indexterm>
-<indexterm zone="openssh openssh-config">
-<primary sortas="e-etc-ssh-sshd_config">/etc/ssh/sshd_config</primary>
-</indexterm>
-
-<para>There are no required changes to any of these files. However,  
-you may wish to view the <filename class='directory'>/etc/ssh/</filename> 
-files and make any changes appropriate for the security of your system. One 
-recomended change is that you disable root login via <command>ssh</command>. 
-Execute the following command to disable root login via 
-<command>ssh</command>:</para>
-
-<screen><userinput><command>echo "PermitRootLogin no" >> /etc/ssh/sshd_config</command></userinput></screen>
-
-<para>Additional configuration information can be found in the man pages for
-<command>sshd</command>, <command>ssh</command> and 
-<command>ssh-agent</command>.</para>
-</sect3>
-
-<sect3 id="openssh-init"><title>sshd init.d script</title>
-
-<para>To start the <acronym>SSH</acronym> server at system boot, install the 
-<filename>/etc/rc.d/init.d/sshd</filename> init script included in the 
-<ulink url="&blfs-book;introduction/bootscripts.html">blfs-bootscripts</ulink> package.</para>
-<indexterm zone="openssh openssh-init">
-<primary sortas="f-sshd">sshd</primary></indexterm>
-
-<screen><userinput><command>make install-sshd</command></userinput></screen>
-</sect3>
-
-</sect2>
-
-<sect2>
-<title>Contents</title>
-
-<segmentedlist>
-<segtitle>Installed Programs</segtitle>
-<segtitle>Installed Libraries</segtitle>
-<segtitle>Installed Directories</segtitle>
-
-<seglistitem>
-<seg>scp, sftp, sftp-server, slogin, ssh, sshd, ssh-add, ssh-agent, 
-ssh-keygen, ssh-keyscan and ssh-keysign</seg>
-<seg>None</seg>
-<seg>/etc/ssh and /var/lib/sshd</seg>
-</seglistitem>
-</segmentedlist>
-
-<variablelist>
-<bridgehead renderas="sect3">Short Descriptions</bridgehead>
-<?dbfo list-presentation="list"?>
-
-<varlistentry id="scp">
-<term><command>scp</command></term>
-<listitem><para>is a file copy program that acts like <command>rcp</command> 
-except it uses an encrypted protocol.</para>
-<indexterm zone="openssh scp">
-<primary sortas="b-scp">scp</primary>
-</indexterm></listitem>
-</varlistentry>
-
-<varlistentry id="sftp">
-<term><command>sftp</command></term>
-<listitem><para>is an <acronym>FTP</acronym>-like program that works over 
-<acronym>SSH</acronym>1 and <acronym>SSH</acronym>2 protocols.</para>
-<indexterm zone="openssh sftp">
-<primary sortas="b-sftp">sftp</primary>
-</indexterm></listitem>
-</varlistentry>
-
-<varlistentry id="sftp-server">
-<term><command>sftp-server</command></term>
-<listitem><para>is an <acronym>SFTP</acronym> server subsystem.</para>
-<indexterm zone="openssh sftp-server">
-<primary sortas="b-sftp-server">sftp-server</primary>
-</indexterm></listitem>
-</varlistentry>
-
-<varlistentry id="slogin">
-<term><command>slogin</command></term>
-<listitem><para>is a symlink to <command>ssh</command>.</para>
-<indexterm zone="openssh slogin">
-<primary sortas="g-slogin">slogin</primary>
-</indexterm></listitem>
-</varlistentry>
-
-<varlistentry id="ssh">
-<term><command>ssh</command></term>
-<listitem><para>is an <command>rlogin</command>/<command>rsh</command>-like 
-client program except it uses an encrypted protocol.</para>
-<indexterm zone="openssh ssh">
-<primary sortas="b-ssh">ssh</primary>
-</indexterm></listitem>
-</varlistentry>
-
-<varlistentry id="sshd">
-<term><command>sshd</command></term>
-<listitem><para>is a daemon that listens for <command>ssh</command> login 
-requests.</para>
-<indexterm zone="openssh sshd">
-<primary sortas="b-sshd">sshd</primary>
-</indexterm></listitem>
-</varlistentry>
-
-<varlistentry id="ssh-add">
-<term><command>ssh-add</command></term>
-<listitem><para>is a tool which adds keys to the 
-<command>ssh-agent</command>.</para>
-<indexterm zone="openssh ssh-add">
-<primary sortas="b-ssh-add">ssh-add</primary>
-</indexterm></listitem>
-</varlistentry>
-
-<varlistentry id="ssh-agent">
-<term><command>ssh-agent</command></term>
-<listitem><para>is an authentication agent that can store private keys.</para>
-<indexterm zone="openssh ssh-agent">
-<primary sortas="b-ssh-agent">ssh-agent</primary>
-</indexterm></listitem>
-</varlistentry>
-
-<varlistentry id="ssh-keygen">
-<term><command>ssh-keygen</command></term>
-<listitem><para>is a key generation tool.</para>
-<indexterm zone="openssh ssh-keygen">
-<primary sortas="b-ssh-keygen">ssh-keygen</primary>
-</indexterm></listitem>
-</varlistentry>
-
-<varlistentry id="ssh-keyscan">
-<term><command>ssh-keyscan</command></term>
-<listitem><para>is a utility for gathering public host keys from a number of 
-hosts.</para>
-<indexterm zone="openssh ssh-keyscan">
-<primary sortas="b-ssh-keyscan">ssh-keyscan</primary>
-</indexterm></listitem>
-</varlistentry>
-
-<varlistentry id="ssh-keysign">
-<term><command>ssh-keysign</command></term>
-<listitem><para>is used by <command>ssh</command> to access the local host 
-keys and generate the digital signature required during hostbased 
-authentication with <acronym>SSH</acronym> protocol version 2.</para>
-<indexterm zone="openssh ssh-keysign">
-<primary sortas="b-ssh-keysign">ssh-keysign</primary>
-</indexterm></listitem>
-</varlistentry>
-</variablelist>
-
-</sect2>
-
-</sect1>
-

Deleted: trunk/BOOK/security/openssl.xml
===================================================================
--- trunk/BOOK/security/openssl.xml	2006-12-04 12:44:49 UTC (rev 935)
+++ trunk/BOOK/security/openssl.xml	2006-12-04 12:50:49 UTC (rev 936)
@@ -1,155 +0,0 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>
-<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN" "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
-  <!ENTITY % general-entities SYSTEM "../general.ent">
-  %general-entities;
-
-<!-- Don't forget to time the build and check build size, etc.-->
-
-<!ENTITY openssl-download-http "http://www.openssl.org/source/openssl-&openssl-version;.tar.gz">
-<!ENTITY openssl-download-ftp "ftp://ftp.openssl.org/source/openssl-&openssl-version;.tar.gz">
-<!ENTITY openssl-size "?? KB">
-<!ENTITY openssl-buildsize "?? MB">
-<!ENTITY openssl-time "?? SBU">
-<!ENTITY openssl-version "0.9.8a">
-
-]>
-<sect1 id="OpenSSL" role="wrap" xreflabel="OpenSSL-&openssl-version;">
-<title>OpenSSL-&openssl-version;</title>
-<?dbhtml filename="openssl.html"?>
-
-<indexterm zone="OpenSSL"><primary sortas="a-OpenSSL">OpenSSL</primary></indexterm>
-
-<sect2 role="package"><title/>
-
-<para>The <application>Open<acronym>SSL</acronym></application> package 
-contains management tools and libraries relating to cryptography.  These are 
-useful for providing cryptography functions to other packages, notably 
-<application>OpenSSH</application>, email applications and web browsers (for 
-accessing <acronym>HTTPS</acronym> sites).</para>
-
-<segmentedlist>
-<segtitle>Download (HTTP)</segtitle>
-<segtitle>Download (FTP)</segtitle>
-<segtitle>Download size</segtitle>
-<segtitle>&buildtime;</segtitle>
-<segtitle>&diskspace;</segtitle>
-<seglistitem>
-<seg><ulink url="&openssl-download-http;"/></seg>
-<seg><ulink url="&openssl-download-ftp;"/></seg>
-<seg>&openssl-size;</seg>
-<seg>&openssl-time;</seg>
-<seg>&openssl-buildsize;</seg>
-</seglistitem>
-</segmentedlist>
-
-<bridgehead renderas="sect3">Additional downloads</bridgehead>
-<itemizedlist>
-<listitem><para>Required Patch to ... : <ulink
-url="&patches-root;openssl-&openssl-version;-arc4random-2.patch"/></para></listitem>
-<listitem><para>Required Patch: <ulink
-url="&patches-root;openssl-&openssl-version;-fix_manpages-1.patch"/></para></listitem>
-</itemizedlist>
-
-</sect2>
-
-<sect2 role="installation">
-<title>Installation of OpenSSL</title>
-
-<para>Apply the patch:</para>
-
-<screen><userinput>patch -Np1 -i ../openssl-&openssl-version;-arc4random-2.patch</userinput></screen>
-
-<para>Apply the patch to fix conflicts with man pages included in other packages.</para>
-
-<screen><userinput>patch -Np1 -i ../openssl-&openssl-version;-fix_manpages-1.patch</userinput></screen>
-
-<para>Prepare OpenSSL for compilation:</para>
-
-<screen><userinput>./config --openssldir=/etc/ssl --prefix=/usr shared zlib-dynamic</userinput></screen>
-
-<para>The <parameter>zlib-dynamic</parameter> switch is added to make 
-upgrading in the future easier.</para>
-
-<para>Compile the package:</para>
-
-<screen><userinput>make MANDIR=/usr/share/man</userinput></screen>
-
-<para>Now, as the root user, install the package:</para>
-
-<screen><userinput>make MANDIR=/usr/share/man install
-cp -r certs /etc/ssl</userinput></screen>
-
-<para>Do yourself a favor and remove the static libs. This will prevent other
-packages from statically linking to the OpenSSL libraries. Then when
-OpenSSL is upgraded in the future nothing else will need to be reinstalled:</para>
-
-<screen><userinput>rm /usr/lib/{libcrypto,libssl}.a</userinput></screen>
-
-</sect2>
-
-
-<sect2 role="content"><title>Contents of OpenSSL</title>
-
-<segmentedlist>
-<segtitle>Installed programs</segtitle>
-<segtitle>Installed libraries</segtitle>
-<seglistitem><seg>c_rehash and openssl</seg>
-<seg>libcrypto.so and libssl.so</seg></seglistitem>
-</segmentedlist>
-
-<variablelist><bridgehead renderas="sect3">Short Descriptions</bridgehead>
-<?dbfo list-presentation="list"?>
-<?dbhtml list-presentation="table"?>
-
-<varlistentry id="c_rehash">
-<term><command>c_rehash</command></term>
-<listitem><para>Is a <application>Perl</application> script that scans all 
-files in a directory and adds symbolic links to their hash values</para>
-<indexterm zone="OpenSSL c_rehash">
-<primary sortas="b-c_rehash">c_rehash</primary></indexterm>
-</listitem>
-</varlistentry>
-
-<varlistentry id="openssl">
-<term><command>openssl</command></term>
-<listitem><para>Is a command-line tool for using the various cryptography 
-functions of <application>Open<acronym>SSL</acronym></application>'s crypto 
-library from the shell. It can be used for various functions which are 
-documented in <command>man 1 openssl</command></para>
-<indexterm zone="OpenSSL openssl">
-<primary sortas="b-openssl">openssl</primary></indexterm>
-</listitem>
-</varlistentry>
-
-<varlistentry id="libcrypto">
-<term><filename class='libraryfile'>libcrypto</filename></term>
-<listitem><para>Implements a wide range of cryptographic algorithms used in 
-various Internet standards. The services provided by  this library are used by 
-the <application>Open<acronym>SSL</acronym></application> implementations of 
-<acronym>SSL</acronym>, <acronym>TLS</acronym> and <acronym>S/MIME</acronym>, 
-and they have also been used to implement 
-<application>Open<acronym>SSH</acronym></application>, 
-<application>Open<acronym>PGP</acronym></application>, and other cryptographic 
-standards</para>
-<indexterm zone="OpenSSL libcrypto">
-<primary sortas="c-libcrypto">libcrypto</primary></indexterm>
-</listitem>
-</varlistentry>
-
-<varlistentry id="libssl">
-<term><filename class='libraryfile'>libssl</filename></term>
-<listitem><para>Implements the Secure Sockets Layer (<acronym>SSL</acronym> 
-v2/v3) and Transport Layer Security (<acronym>TLS</acronym> v1) protocols. It 
-provides a rich <acronym>API</acronym>, documentation on which can be found by 
-running <command>man 3 ssl</command></para>
-<indexterm zone="OpenSSL libssl">
-<primary sortas="c-libssl">libssl</primary></indexterm>
-</listitem>
-</varlistentry>
-
-</variablelist>
-
-</sect2>
-
-</sect1>
-

Modified: trunk/BOOK/security/security.xml
===================================================================
--- trunk/BOOK/security/security.xml	2006-12-04 12:44:49 UTC (rev 935)
+++ trunk/BOOK/security/security.xml	2006-12-04 12:50:49 UTC (rev 936)
@@ -9,8 +9,6 @@
 <?dbhtml filename="security.html"?>
 
 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="introduction.xml"/>
-<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="openssl.xml"/>
-<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="openssh.xml"/>
 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="gnupg.xml"/>
 
 </chapter>




More information about the hlfs-book mailing list