On 03/04/2012 05:20 PM, Armin K. wrote:
Here is update for cyrus sasl in the book. I've rewritten boot script using template from latest lfs bootscripts and also added seperate configuration file /etc/sysconfig/cyrus-sasl to configure package. Someone please review it and if possible apply it.
Mmmm ... svn diff failed to create good patch for bootscripts. It even missed out sysconfig file. Here are new ones. I've also included patch header and version as pointed out. Sorry for sending wrong patches.
Index: BOOK/postlfs/security/cyrus-sasl.xml =================================================================== --- BOOK/postlfs/security/cyrus-sasl.xml (revision 9592) +++ BOOK/postlfs/security/cyrus-sasl.xml (working copy) @@ -6,10 +6,10 @@ <!ENTITY cyrus-sasl-download-http "http://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-&cyrus-sasl-version;.tar.gz";> <!ENTITY cyrus-sasl-download-ftp "ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-&cyrus-sasl-version;.tar.gz";> - <!ENTITY cyrus-sasl-md5sum "2eb0e48106f0e9cd8001e654f267ecbc"> - <!ENTITY cyrus-sasl-size "1.6 MB"> - <!ENTITY cyrus-sasl-buildsize "17 MB"> - <!ENTITY cyrus-sasl-time "0.3 SBU"> + <!ENTITY cyrus-sasl-md5sum "341cffe829a4d71f2a6503d669d5a946"> + <!ENTITY cyrus-sasl-size "5.0 MB"> + <!ENTITY cyrus-sasl-buildsize "20 MB"> + <!ENTITY cyrus-sasl-time "0.5 SBU"> ]> <sect1 id="cyrus-sasl" xreflabel="Cyrus SASL-&cyrus-sasl-version;"> @@ -37,6 +37,8 @@ its use is negotiated, a security layer is inserted between the protocol and the connection.</para> + &lfs70_checked; + <bridgehead renderas="sect3">Package Information</bridgehead> <itemizedlist spacing="compact"> <listitem> @@ -59,22 +61,30 @@ </listitem> </itemizedlist> + <bridgehead renderas="sect3">Additional Downloads</bridgehead> + <itemizedlist spacing="compact"> + <listitem> + <para>Required patch: <ulink + url="&patch-root;/cyrus-sasl-&cyrus-sasl-version;-bdb5-1.patch"/></para> + </listitem> + </itemizedlist> + <bridgehead renderas="sect3">Cyrus SASL Dependencies</bridgehead> <bridgehead renderas="sect4">Required</bridgehead> <para role="required"><xref linkend="openssl"/></para> + <bridgehead renderas="sect4">Recommended</bridgehead> + <para role="recommended"><xref linkend="db"/></para> + <bridgehead renderas="sect4">Optional</bridgehead> <para role="optional"><xref linkend="linux-pam"/>, <xref linkend="openldap"/>, - <xref linkend="heimdal"/> or <xref linkend="mitkrb"/>, + <xref linkend="mitkrb"/>, <xref linkend="icedtea6"/> or <xref linkend="jdk"/>, <xref linkend="mysql"/>, <xref linkend="postgresql"/>, - <xref linkend="db"/>, <xref linkend="sqlite"/>, - <!-- <xref linkend="gdbm"/>, - <xref linkend="courier"/>, --> <ulink url="http://www.pdc.kth.se/kth-krb/";>krb4</ulink>, and <ulink url="http://dmalloc.com/";>Dmalloc</ulink></para> @@ -89,10 +99,7 @@ <para>Install <application>Cyrus SASL</application> by running the following commands:</para> -<screen><userinput>sed -i.bak 's/#elif WITH_DES/#elif defined(WITH_DES)/' \ - plugins/digestmd5.c && -sed -i 's#DB_VERSION_MAJOR == 4.*#(&) || DB_VERSION_MAJOR == 5#' \ - {sasldb/db_berkeley.c,utils/dbconverter-2.c} && +<screen><userinput>patch -Np1 -i ../cyrus-sasl-&cyrus-sasl-version;-bdb5-1.patch && ./configure --prefix=/usr \ --sysconfdir=/etc \ --with-dbpath=/var/lib/sasl/sasldb2 \ @@ -112,20 +119,13 @@ install -v -m755 -d /usr/share/doc/cyrus-sasl-&cyrus-sasl-version; && install -v -m644 doc/{*.{html,txt,fig},ONEWS,TODO} \ saslauthd/LDAP_SASLAUTHD /usr/share/doc/cyrus-sasl-&cyrus-sasl-version; && -install -v -m700 -d /var/lib/sasl && -install -v -m711 -d /var/run/saslauthd</userinput></screen> +install -v -m700 -d /var/lib/sasl</userinput></screen> </sect2> <sect2 role="commands"> <title>Command Explanations</title> - <para><command>sed -i.bak ... plugins/digestmd5.c</command>: This fixes - a build problem caused by using newer compilers.</para> - - <para><command>sed -i 's#DB_VERSION_MAJOR ...</command>: This fixes - compiling against version 5 of <xref linkend="db"/>.</para> - <para><parameter>--with-dbpath=/var/lib/sasl/sasldb2</parameter>: This parameter forces the <command>sasldb</command> database to be created in <filename class='directory'>/var/lib/sasl</filename> instead of @@ -148,13 +148,21 @@ parameter. See <ulink url="&blfs-wiki;/cyrus-sasl"/> for a solution to this problem.</para> + <para><option>--enable-java</option>: This option enables compiling of + <application>Java</application> support libraries</para> + + <para><option>--enable-login</option>: This option enables unsupported + LOGIN authentication</para> + + <para><option>--enable-ntlm</option>: This option enables unsupported + NTLM authentication</para> + <para><command>install -v -m644 ...</command>: These commands install documentation which is not installed by the <command>make install</command> command.</para> - <para><command>install -v -m700 -d /var/lib/sasl ... - -m711 /var/run/saslauthd</command>: - These directories must exist when starting <command>saslauthd</command> or + <para><command>install -v -m700 -d /var/lib/sasl</command>: + This directoriy must exist when starting <command>saslauthd</command> or using the sasldb plugin. If you're not going to be running the daemon or using the plugins, you may omit the creation of this directory.</para> @@ -183,10 +191,16 @@ <para>See <ulink url="file:///usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/sysadmin.html"/> for information on what to include in the application configuration files. + </para><para> See <ulink url="file:///usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/LDAP_SASLAUTHD"/> for configuring <command>saslauthd</command> with - <application>OpenLDAP</application>.</para> + <application>OpenLDAP</application>.</para><para> + See <ulink + url="file:///usr/share/doc/cyrus-sasl-&cyrus-sasl-version;/gssapi.html"/> + for configuring <command>saslauthd</command> with + <application>Kerberos</application>. + </para> </sect3> @@ -205,10 +219,9 @@ <screen role="root"><userinput>make install-cyrus-sasl</userinput></screen> <note> - <para>You'll need to modify the init script and replace the - <option><replaceable><authmech></replaceable></option> parameter - to the <option>-a</option> switch with your desired authentication - mechanism.</para> + <para>You'll need to modify /etc/sysconfig/cyrus-sasl and replace the + <option><replaceable>AUTHMECH</replaceable></option> parameter + with your desired authentication mechanism.</para> </note> </sect3> @@ -224,10 +237,9 @@ <segtitle>Installed Directories</segtitle> <seglistitem> - <seg>saslauthd, sasldblistusers2, and saslpasswd2</seg> - <seg>libjavasasl.so, libsasl2.so, and numerous SASL plugins and - Java classes</seg> - <seg>/usr/include/sasl, /usr/lib/java/classes/sasl, /usr/lib/sasl2, + <seg>pluginviewer, saslauthd, sasldblistusers2, saslpasswd2 and testsaslauthd</seg> + <seg>libsasl2.so, and numerous SASL plugins</seg> + <seg>/usr/include/sasl, /usr/lib/sasl2, /usr/share/doc/cyrus-sasl-&cyrus-sasl-version;, and /var/lib/sasl</seg> </seglistitem> </segmentedlist> @@ -237,6 +249,16 @@ <?dbfo list-presentation="list"?> <?dbhtml list-presentation="table"?> + <varlistentry id="pluginviewer"> + <term><command>pluginviewer</command></term> + <listitem> + <para>is used to list loadable SASL plugins and their properties.</para> + <indexterm zone="cyrus-sasl pluginviewer"> + <primary sortas="b-pluginviewer">pluginviewer</primary> + </indexterm> + </listitem> + </varlistentry> + <varlistentry id="saslauthd"> <term><command>saslauthd</command></term> <listitem> @@ -270,6 +292,16 @@ </listitem> </varlistentry> + <varlistentry id="testsaslauthd"> + <term><command>testsaslauthd</command></term> + <listitem> + <para>is a test utility for the SASL authentication server.</para> + <indexterm zone="cyrus-sasl testsaslauthd"> + <primary sortas="b-testsaslauthd">testsaslauthd</primary> + </indexterm> + </listitem> + </varlistentry> + <varlistentry id="libsasl2"> <term><filename class='libraryfile'>libsasl2.so</filename></term> <listitem> Index: BOOK/general.ent =================================================================== --- BOOK/general.ent (revision 9592) +++ BOOK/general.ent (working copy) @@ -111,7 +111,7 @@ <!ENTITY attr-version "2.4.44"> <!ENTITY consolekit-version "0.4.5"> <!ENTITY cracklib-version "2.8.18"> -<!ENTITY cyrus-sasl-version "2.1.23"> +<!ENTITY cyrus-sasl-version "2.1.25"> <!ENTITY iptables-version "1.4.12"> <!ENTITY gnupg-version "1.4.11"> <!ENTITY gnupg2-version "2.0.18">
Submitted By: Armin K. <krejzi at email dot com> Date: 2012-03-04 Initial Package Version: 2.1.25 Upstream Status: Unknown Origin: http://patch-tracker.debian.org/package/cyrus-sasl2/2.1.25.dfsg1-3 Description: Support Berkeley DB 5.x --- a/sasldb/db_berkeley.c +++ b/sasldb/db_berkeley.c @@ -101,7 +101,7 @@ static int berkeleydb_open(const sasl_ut ret = db_create(mbdb, NULL, 0); if (ret == 0 && *mbdb != NULL) { -#if DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1 +#if (DB_VERSION_MAJOR > 4) || ((DB_VERSION_MAJOR == 4) && (DB_VERSION_MINOR >= 1)) ret = (*mbdb)->open(*mbdb, NULL, path, NULL, DB_HASH, flags, 0660); #else ret = (*mbdb)->open(*mbdb, path, NULL, DB_HASH, flags, 0660); --- a/utils/dbconverter-2.c +++ b/utils/dbconverter-2.c @@ -214,7 +214,7 @@ static int berkeleydb_open(const char *p ret = db_create(mbdb, NULL, 0); if (ret == 0 && *mbdb != NULL) { -#if DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR >= 1 +#if (DB_VERSION_MAJOR > 4) || ((DB_VERSION_MAJOR == 4) && (DB_VERSION_MINOR >= 1)) ret = (*mbdb)->open(*mbdb, NULL, path, NULL, DB_HASH, DB_CREATE, 0664); #else ret = (*mbdb)->open(*mbdb, path, NULL, DB_HASH, DB_CREATE, 0664);
diff -Naur bootscripts.orig/blfs/init.d/cyrus-sasl bootscripts/blfs/init.d/cyrus-sasl --- bootscripts.orig/blfs/init.d/cyrus-sasl 2012-03-04 20:23:26.808528762 +0100 +++ bootscripts/blfs/init.d/cyrus-sasl 2012-03-04 20:09:23.845298814 +0100 @@ -1,40 +1,74 @@ #!/bin/sh -# Begin $rc_base/init.d/cyrus-sasl +######################################################################## +# Begin cyrus-sasl +# +# Description : Cyrus SASL Boot Script +# +# Authors : Armin K. <[email protected]> +# +# Version : BLFS SVN +# +# Notes : Not enabled by default. +# +######################################################################## + +### BEGIN INIT INFO +# Provides: saslauthd +# Required-Start: $local_fs +# Should-Start: +# Required-Stop: $local_fs +# Should-Stop: +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: saslauthd startup script +# Description: This script starts the saslauthd daemon. It is +# configured using the file /etc/sysconfig/cyrus-sasl. +# X-LFS-Provided-By: BLFS +### END INIT INFO + +. /lib/lsb/init-functions +. /etc/sysconfig/cyrus-sasl + +DAEMON="/usr/sbin/saslauthd -a $AUTHMECH $OPTIONS" + +case "${1}" in + start) + + if [ "$START" != "yes" ]; then + log_warning_msg "Configure saslauthd in /etc/sysconfig/cyrus-sasl and set START to yes" + exit 1 + fi + + if [ -z "$AUTHMECH" ]; then + log_warning_msg "You need to select auth mechanism in /etc/sysconfig/cyrus-sasl" + exit 1 + fi + + if [ ! -d /var/run/saslauthd ]; then + install -d -o root -g root -m 711 /var/run/saslauthd + fi + + log_info_msg "Starting SASL Authentication Daemon saslauthd" + start_daemon ${DAEMON} + ;; + + stop) + log_info_msg "Stopping SASL Authentication Daemon saslauthd" + killproc /usr/sbin/saslauthd + ;; + + restart) + ${0} stop + sleep 1 + ${0} start + ;; + + *) + echo "Usage: ${0} {start|stop|restart}" + exit 1 + ;; + esac -# Based on sysklogd script from LFS-3.1 and earlier. -# Rewritten by Gerard Beekmans - [email protected] +exit 0 -#$LastChangedBy: bdubbs $ -#$Date: 2005-08-01 21:29:19 +0200 (Mon, 01 Aug 2005) $ - -. /etc/sysconfig/rc -. $rc_functions - -case "$1" in - start) - boot_mesg "Starting the Cyrus SASL Server..." - loadproc /usr/sbin/saslauthd -a [authmech] - ;; - - stop) - boot_mesg "Stopping the Cyrus SASL Server..." - killproc /usr/sbin/saslauthd - ;; - - restart) - $0 stop - sleep 1 - $0 start - ;; - - status) - statusproc /usr/sbin/saslauthd - ;; - - *) - echo "Usage: $0 {start|stop|restart|status}" - exit 1 - ;; -esac - -# End $rc_base/init.d/cyrus-sasl +# End cyrus-sasl diff -Naur bootscripts.orig/blfs/sysconfig/cyrus-sasl bootscripts/blfs/sysconfig/cyrus-sasl --- bootscripts.orig/blfs/sysconfig/cyrus-sasl 1970-01-01 01:00:00.000000000 +0100 +++ bootscripts/blfs/sysconfig/cyrus-sasl 2012-03-04 20:18:01.367372880 +0100 @@ -0,0 +1,24 @@ +# Begin /etc/sysconfig/cyrus-sasl + +# Change this to "yes" and select authentification mechanism below +# to enable saslauthd +START="no" + +# Which authentification mechanism should saslauthd use? +# +# These are some of the available options: +# kerberos5 -- use Kerberos 5 (available if you compiled cyrus-sasl with MIT Kerberos5 support). +# pam -- use PAM (available if you compiled cyrus-sasl with Linux PAM support). +# shadow -- use the local shadow password file +# sasldb -- use the local sasldb database file +# ldap -- use LDAP (configuration is in /etc/saslauthd.conf) (Available only if you compiled cyrus-sasl +# with OpenLDAP support and with --enable-ldapdb configure switch). +# +# Alternatively, you can run /usr/sbin/pluginviewer to see which plugins are available. +AUTHMECH="" + +# Add any aditional options you want to pass to saslauthd command line. +# See man 8 saslauthd for more information +OPTIONS="" + +# End /etc/sysconfig/cyrus-sasl diff -Naur bootscripts.orig/Makefile bootscripts/Makefile --- bootscripts.orig/Makefile 2012-03-04 20:23:26.847529591 +0100 +++ bootscripts/Makefile 2012-03-04 20:23:49.153004860 +0100 @@ -95,6 +95,7 @@ install-cyrus-sasl: create-dirs install -m ${MODE} blfs/init.d/cyrus-sasl ${EXTDIR}/rc.d/init.d/ + install -m ${CONFMODE} blfs/sysconfig/cyrus-sasl ${EXTDIR}/sysconfig/ ln -sf ../init.d/cyrus-sasl ${EXTDIR}/rc.d/rc0.d/K49cyrus-sasl ln -sf ../init.d/cyrus-sasl ${EXTDIR}/rc.d/rc1.d/K49cyrus-sasl ln -sf ../init.d/cyrus-sasl ${EXTDIR}/rc.d/rc2.d/S24cyrus-sasl
-- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
