diff --git a/images/caution.png b/images/caution.png index 5b7809ca4a..ee1f0c01a1 100644 Binary files a/images/caution.png and b/images/caution.png differ diff --git a/images/important.png b/images/important.png index 12c90f607a..ba901662c9 100644 Binary files a/images/important.png and b/images/important.png differ diff --git a/images/note.png b/images/note.png index d0c3c645ab..8e9aceeca6 100644 Binary files a/images/note.png and b/images/note.png differ diff --git a/images/tip.png b/images/tip.png index 5c4aab3bb3..4c5cce0318 100644 Binary files a/images/tip.png and b/images/tip.png differ diff --git a/images/warning.png b/images/warning.png index 1c33db8f34..b3b6d638e4 100644 Binary files a/images/warning.png and b/images/warning.png differ diff --git a/server/databases/databases.xml b/server/databases/databases.xml deleted file mode 100644 index f493ad988c..0000000000 --- a/server/databases/databases.xml +++ /dev/null @@ -1,29 +0,0 @@ - - - %general-entities; -]> - - - - - Databases - - - This chapter includes databases that range from single-user - read/write to industrial database servers with transaction support. - Generally, you will be sent here to satisfy dependencies to other - applications although building a SQL server on a base LFS system is - entirely possible. - - - - - - - - - - - diff --git a/server/databases/lmdb.xml b/server/databases/lmdb.xml deleted file mode 100644 index d1d9f5d87c..0000000000 --- a/server/databases/lmdb.xml +++ /dev/null @@ -1,163 +0,0 @@ - - - %general-entities; - - - - - - - -]> - - - - - - lmdb-&lmdb-version; - - - lmdb - - - - Introduction to lmdb - - - The lmdb package is a fast, compact, key-value - embedded data store. It uses memory-mapped files, so it has the read - performance of a pure in-memory database while still offering the - persistence of standard disk-based databases, and is only limited to the - size of the virtual address space - - - &lfs121_checked; - - Package Information - - - - Download (HTTP): - - - - - Download (FTP): - - - - - Download MD5 sum: &lmdb-md5sum; - - - - - Download size: &lmdb-size; - - - - - Estimated disk space required: &lmdb-buildsize; - - - - - Estimated build time: &lmdb-time; - - - - - - - - Installation of lmdb - - - - This package extracts to lmdb-LMDB_&lmdb-version;. - - - - - Install lmdb by running the following - commands: - - -cd libraries/liblmdb && -make && -sed -i 's| liblmdb.a||' Makefile - - - This package does not come with a test suite. - - - - Now, as the root user: - - -make prefix=/usr install - - - - - Command Explanations - - - - - sed ... liblmdb.a ... Makefile: The package executables - use a static library so it must be created. This command suppresses installation - of the static library. - - - - - - Contents - - - Installed Program - Installed Library - Installed Directories - - - - mdb_copy, mdb_dump, mdb_load, and mdb_stat - - - liblmdb.so - - - None - - - - - - - - diff --git a/server/databases/mariadb.xml b/server/databases/mariadb.xml deleted file mode 100644 index a15c8550cd..0000000000 --- a/server/databases/mariadb.xml +++ /dev/null @@ -1,1218 +0,0 @@ - - - %general-entities; - - - - - - - - -]> - - - - - - MariaDB-&mariadb-version; - - - MariaDB - - - - Introduction to MariaDB - - - MariaDB is a community-developed fork and a - drop-in replacement for the MySQL relational - database management system. - - - &lfs121_checked; - - Package Information - - - - Download (HTTP): - - - - - Download (FTP): - - - - - Download MD5 sum: &mariadb-md5sum; - - - - - Download size: &mariadb-size; - - - - - Estimated disk space required: &mariadb-buildsize; - - - - - Estimated build time: &mariadb-time; - - - - - - - The installed size of MariaDB is 723 MB, but this can be - reduced by about 262 MB, if desired, by removing the /usr/share/mysql/test - directory after installation. - - - - MariaDB Dependencies - - Required - - - - - Recommended - - - - - Optional - - , - , - , - , - , - , - , - , - , - , - , - Groonga, - KyTea, - Judy, - MeCab, - MessagePack, - mruby, - MyRocks, - Snappy, and - - ZeroMQ - - - - - - - Installation of MariaDB - - - - MariaDB and MySQL cannot be installed on the same system without - extensive changes to the build configuration of one of the two applications. - - - - - For security reasons, running the server as an unprivileged user - and group is strongly encouraged. Issue the following (as - root) to create the - user and group: - - -groupadd -g 40 mysql && -useradd -c "MySQL Server" -d /srv/mysql -g mysql -s /bin/false -u 40 mysql - - - Install MariaDB by running the - following commands: - - -mkdir build && -cd build && - -cmake -DCMAKE_BUILD_TYPE=Release \ - -DCMAKE_INSTALL_PREFIX=/usr \ - -DGRN_LOG_PATH=/var/log/groonga.log \ - -DINSTALL_DOCDIR=share/doc/mariadb-&mariadb-version; \ - -DINSTALL_DOCREADMEDIR=share/doc/mariadb-&mariadb-version; \ - -DINSTALL_MANDIR=share/man \ - -DINSTALL_MYSQLSHAREDIR=share/mysql \ - -DINSTALL_MYSQLTESTDIR=share/mysql/test \ - -DINSTALL_PAMDIR=lib/security \ - -DINSTALL_PAMDATADIR=/etc/security \ - -DINSTALL_PLUGINDIR=lib/mysql/plugin \ - -DINSTALL_SBINDIR=sbin \ - -DINSTALL_SCRIPTDIR=bin \ - -DINSTALL_SQLBENCHDIR=share/mysql/bench \ - -DINSTALL_SUPPORTFILESDIR=share/mysql \ - -DMYSQL_DATADIR=/srv/mysql \ - -DMYSQL_UNIX_ADDR=/run/mysqld/mysqld.sock \ - -DWITH_EXTRA_CHARSETS=complex \ - -DWITH_EMBEDDED_SERVER=ON \ - -DSKIP_TESTS=ON \ - -DTOKUDB_OK=0 \ - .. && -make - - - To test the results, issue: make test. - One test, test-connect, is known to fail. - - - - A more extensive set of tests can be run with the following: - -pushd mysql-test -./mtr --parallel <N> --mem --force -popd - - - Where N is the number of tests to run in parallel. - Over 5400 tests are run in about 24 SBU with N=4. A few tests - may fail, mainly due to character set issues. - - - - Now, as the root user: - - -make install - - - If you have installed, move the - PAM module and configuration file installed by this package as the - &root; user: - - -mv -v /usr/share/pam_use_map.so /lib/security && -mv -v /usr/share/user_map.conf /etc/security - - - - - Command Explanations - - - -DWITH_EMBEDDED_SERVER=ON: This switch enables - compiling the embedded server library needed by certain applications, - such as Amarok. - - - - -DWITH_EXTRA_CHARSETS=complex: This switch enables - support for the complex character sets. - - - - -DSKIP_TESTS=ON: This switch disables - tests for MariaDB Connector/C which are not supported without - additional setup. - - - - : Use this - switch if you don't want the server and would like to build the client - only. - - - - There are numerous options available to cmake. Check - the output of the cmake . -LH for additional - customization options. - - - - - - Configuring MySQL - - - Config Files - - - /etc/mysql/my.cnf and - ~/.my.cnf - - - - ~/.my.cnf - - - - /etc/mysql/my.cnf - - - - - - Configuration Information - - - Create basic /etc/mysql/my.cnf - using the following command as the root user: - - -install -v -dm 755 /etc/mysql && -cat > /etc/mysql/my.cnf << "EOF" -# Begin /etc/mysql/my.cnf - -# The following options will be passed to all MySQL clients -[client] -#password = your_password -port = 3306 -socket = /run/mysqld/mysqld.sock - -# The MySQL server -[mysqld] -port = 3306 -socket = /run/mysqld/mysqld.sock -datadir = /srv/mysql -skip-external-locking -key_buffer_size = 16M -max_allowed_packet = 1M -sort_buffer_size = 512K -net_buffer_length = 16K -myisam_sort_buffer_size = 8M - -# Don't listen on a TCP/IP port at all. -skip-networking - -# required unique id between 1 and 2^32 - 1 -server-id = 1 - -# Uncomment the following if you are using BDB tables -#bdb_cache_size = 4M -#bdb_max_lock = 10000 - -# InnoDB tables are now used by default -innodb_data_home_dir = /srv/mysql -innodb_log_group_home_dir = /srv/mysql -# All the innodb_xxx values below are the default ones: -innodb_data_file_path = ibdata1:12M:autoextend -# You can set .._buffer_pool_size up to 50 - 80 % -# of RAM but beware of setting memory usage too high -innodb_buffer_pool_size = 128M -innodb_log_file_size = 48M -innodb_log_buffer_size = 16M -innodb_flush_log_at_trx_commit = 1 -innodb_lock_wait_timeout = 50 - -[mysqldump] -quick -max_allowed_packet = 16M - -[mysql] -no-auto-rehash -# Remove the next comment character if you are not familiar with SQL -#safe-updates - -[isamchk] -key_buffer = 20M -sort_buffer_size = 20M -read_buffer = 2M -write_buffer = 2M - -[myisamchk] -key_buffer_size = 20M -sort_buffer_size = 20M -read_buffer = 2M -write_buffer = 2M - -[mysqlhotcopy] -interactive-timeout - -# End /etc/mysql/my.cnf -EOF - - - You can now install a database and change the ownership to the - unprivileged user and group (perform as the root user): - - -mysql_install_db --basedir=/usr --datadir=/srv/mysql --user=mysql && -chown -R mysql:mysql /srv/mysql - - - Further configuration requires that the - MariaDB server is running. Start - the server using the following commands as the root user: - - -install -v -m755 -o mysql -g mysql -d /run/mysqld && -mysqld_safe --user=mysql 2>&1 >/dev/null & - - - A default installation does not set up a password for the - administrator, so use the following command as the root user to set one. - - -mysqladmin -u root password - - - Configuration of the server is now finished. Shut the server - down using the following command as the root user: - - -mysqladmin -p shutdown - - - - - <phrase revision="sysv">Boot Script</phrase> - <phrase revision="systemd">Systemd Unit</phrase> - - - Install the - /etc/rc.d/init.d/mysql init - script - mysqld.service - unit included in the - - package as - the root user to start the - MariaDB server during system boot-up. - - - - mysql - - -make install-mysql - -make install-mysqld - - - - If you have an existing database already and this - installation of binaries was just an upgrade to a newer - version, check the upstream documentation for upgrading. It - is recommended to run: - mariadb-upgrade - - - - - - - - Contents - - - Installed Programs - Installed Libraries - Installed Directories - - - - aria_chk, aria_dump_log, aria_ftdump, aria_pack, aria_read_log, - aria_s3_copy, galera_new_cluster, galera_recovery, - innochecksum, mariabackup, mariadb, mariadbd, mariadb-access, - mariadb-admin, mariadb-backup, mariadb-binlog, mariadb-check, - mariadb-client-test, mariadb-client-test-embedded, mariadb-conv, - mariadb-convert-table-format, mariadb-find-rows, mariadbd-multi, - mariadbd-safe, mariadbd-safe-helper, mariadb-dump, mariadb-dumpslow, - mariadb-embedded, mariadb-fix-extensions, mariadb-hotcopy, - mariadb-import, mariadb-install-db, mariadb-ldb, mariadb-plugin, - mariadb-secure-installation, mariadb-setpermission, - mariadb-service-convert, mariadb-show, - mariadb-slap, mariadb-test, mariadb-test-embedded, - mariadb-tzinfo-to-sql, mariadb-upgrade, mariadb-waitpid, - mariadb_config, - mbstream, msql2mysql, my_print_defaults, myisamchk, - myisam_ftdump, myisamlog, myisampack, mysql_config, mytop, perror, - replace, resolve_stack_dump, resolveip, sst_dump, wsrep_sst_common, - wsrep_sst_mariabackup, wsrep_sst_mysqldump, and wsrep_sst_rsync - - - libmariadbclient.a, libmariadb.so, libmariadbd.so, libmysqlclient.a, - libmysqlclient_r.a (symbolic links to libmariadbclient.a), - libmysqld.{so,a}, libmysqlservices.a, - and several under /usr/lib/mysql/plugin/ - - - /etc/mysql, - /usr/{include,lib,share}/mysql, - /usr/share/groonga{-normalizer-mysql}, and - /usr/share/doc/mariadb-&mariadb-version; - - - - - Short Descriptions - - - There are several symlinks from mysql* to their mariadb - counterparts. These are maintained for compatibility. - - - - - The Perl DBI modules must be installed - for some of the MariaDB support programs to - function properly. - - - - Short Descriptions - - - - - aria_chk - - - is used to check, repair, optimize, sort and get information - about Aria tables - - - aria_chk - - - - - - aria_dump_log - - - is a tool to dump the contents of Aria log pages - - - aria_dump_log - - - - - - aria_ftdump - - - displays full-text index information - - - aria_ftdump - - - - - - aria_pack - - - is a tool to generate compressed, read-only Aria tables - - - aria_pack - - - - - - aria_read_log - - - displays Aria log file contents - - - aria_read_log - - - - - - aria_s3_copy - - - copies an aria table to and from AWS S3 - - - aria_s3_copy - - - - - - galera_new_cluster - - - bootstraps a new Galera cluster - - - galera_new_cluster - - - - - - galera_recovery - - - recovers data from a Galera cluster - - - galera_recovery - - - - - - innochecksum - - - prints checksums for InnoDB files - - - innochecksum - - - - - - mariabackup - - - is an open source backup tool for InnoDB and XtraDB - - - mariabackup - - - - - - mariadb - - - is a simple SQL shell with input line editing capabilities - - - mariadb - - - - - - mariadbd - - - is the MySQL server daemon - - - mariadbd - - - - - - mariadb-access - - - checks the access privileges for a host name, user name, and - database combination - - - mariadb-access - - - - - - mariadb-admin - - - is a client for performing administrative operations - - - mariadb-admin - - - - - - mariadb-binlog - - - reads binary log files - - - mariadb-binlog - - - - - - mariadb-check - - - performs table maintenance: It checks, repairs, optimizes, - or analyzes tables - - - mariadb-check - - - - - - mariadb-client-test - - - is used for testing aspects of the MySQL client API that cannot be - tested using mysqltest and its test language - - - mariadb-client-test - - - - - - mariadb-client-test-embedded - - - is a tool to test the client API for the embedded server - - - mariadb-client-test-embedded - - - - - - mariadb-conv - - - converts character sets for use with MariaDB - - - mariadb-conv - - - - - - mariadb-convert-table-format - - - converts the tables in a database to use a particular storage - engine - - - mariadb-convert-table-format - - - - - - mariadbd-multi - - - is designed to manage several mysqld processes that listen for - connections on different Unix socket files and TCP/IP ports - - - mariadbd-multi - - - - - - mariadbd-safe - - - is the recommended way to start a mysqld server on Unix - and NetWare - - - mariadbd-safe - - - - - - mariadb-dump - - - is a backup program - - - mariadb-dump - - - - - - mariadb-dumpslow - - - parses MySQL slow query log files and prints a summary of their - contents - - - mariadb-dumpslow - - - - - - mariadb-embedded - - - is a MySQL client statically linked to - libmariadbd - - - mariadbd-embedded - - - - - - mariadb-find-rows - - - reads files containing SQL statements and extracts statements that - match a given regular expression or that contain USE db_name or - SET statements - - - mariadb-find-rows - - - - - - mariadb-fix-extensions - - - converts the extensions for MyISAM (or ISAM) table files to - their canonical forms - - - mariadb-fix-extensions - - - - - - mariadb-hotcopy - - - locks the table, flushes the table and then performs a copy of - the database - - - mariadb-hotcopy - - - - - - mariadb-import - - - reads a range of data formats, and inserts the data into a - database - - - mariadb-import - - - - - - mariadb-install-db - - - initializes the MySQL data directory and creates the system - tables that it contains, if they do not exist - - - mariadb-install-db - - - - - - mariadb-ldb - - - is the RocksDB tool - - - mariadb-ldb - - - - - - mariadb-plugin - - - is a utility that enables MySQL administrators to manage which - plugins a MySQL server loads - - - mariadb-plugin - - - - - - mariadb-secure-installation - - - is a tool to improve MySQL installation security - - - mariadb-secure-installation - - - - - - mariadb-service-convert - - - generates a systemd unit based on the current mariadb settings - - - mariadb-service-convert - - - - - - mariadb-setpermission - - - sets permissions in the MySQL grant tables - - - mariadb-setpermission - - - - - - mariadb-show - - - shows the structure of a MariaDB database - - - mariadb-show - - - - - - mariadb-slap - - - is a diagnostic program designed to emulate client load for a - MySQL server and to report the timing of each stage - - - mariadb-slap - - - - - - mariadb-test - - - runs a test case against a MySQL server and optionally compares - the output with a result file - - - mariadb-test - - - - - - mariadb-test-embedded - - - is similar to the mysqltest command but is built - with support for the libmysqld embedded server - - - mariadb-test-embedded - - - - - - mariadb-tzinfo-to-sql - - - loads the time zone tables in the mysql database - - - mariadb-tzinfo-to-sql - - - - - - mariadb-upgrade - - - examines all tables in all databases for incompatibilities with - the current version of MySQL Server - - - mariadb-upgrade - - - - - - mariadb-waitpid - - - signals a process to terminate and waits for the process to exit - - - mariadb-waitpid - - - - - - mariadb_config - - - gets compiler flags for using the MariaDB Connector/C - - - mariadb_config - - - - - - mbstream - - - is an utility for sending InnoDB and XTraDB backups over a stream - - - mbstream - - - - - - msql2mysql - - - is a tool to convert mSQL programs for use with MySQL - - - msql2mysql - - - - - - my_print_defaults - - - displays the options from option groups of option files - - - my_print_defaults - - - - - - myisam_ftdump - - - displays information about FULLTEXT indexes in MyISAM tables - - - myisam_ftdump - - - - - - myisamchk - - - gets information about your database tables or checks, repairs, - or optimizes them - - - myisamchk - - - - - - myisamlog - - - displays MyISAM log file contents - - - myisamlog - - - - - - myisampack - - - is a tool for compressing MyISAM tables - - - myisampack - - - - - - mysql_config - - - provides you with useful information for compiling your MySQL - client and connecting it to MySQL - - - mysql_config - - - - - - mytop - - - is a console-based tool for monitoring the threads and overall - performance of a MySQL server - - - mytop - - - - - - perror - - - is a utility that displays descriptions for system or storage - engine error codes - - - perror - - - - - - replace - - - is a MariaDB/MySQL extension to the SQL standard - - - replace - - - - - - resolve_stack_dump - - - resolves a numeric stack dump to symbols - - - resolve_stack_dump - - - - - - resolveip - - - is a utility for resolving IP addresses to host names and - vice versa - - - resolveip - - - - - - sst_sump - - - dumps the content of sst files (the format used by RocksDB) - - - sst_sump - - - - - - - - - diff --git a/server/databases/postgresql.xml b/server/databases/postgresql.xml deleted file mode 100644 index dcec82d0d3..0000000000 --- a/server/databases/postgresql.xml +++ /dev/null @@ -1,1025 +0,0 @@ - - - %general-entities; - - - - - - - -]> - - - - - - PostgreSQL-&postgresql-version; - - - PostgreSQL - - - - Introduction to PostgreSQL - - - PostgreSQL is an advanced - object-relational database management system (ORDBMS), derived - from the Berkeley Postgres database management system. - - - &lfs121_checked; - - Package Information - - - - Download (HTTP): - - - - - Download (FTP): - - - - - Download MD5 sum: &postgresql-md5sum; - - - - - Download size: &postgresql-size; - - - - - Estimated disk space required: &postgresql-buildsize; - - - - - Estimated build time: &postgresql-time; - - - - - PostgreSQL Dependencies - - Optional - - , - , - , - , - , - and - Bonjour - - - Optional (To Regenerate Documentation) - - , - , - , - , - , and - - - - Editor Notes: - - - - - - Installation of PostgreSQL - - - For enhanced security, it is better to have a dedicated group and user - for running the PostgreSQL server. First, issue as the - root user: - - -groupadd -g 41 postgres && -useradd -c "PostgreSQL Server" -g postgres -d /srv/pgsql/data \ - -u 41 postgres - - - - There are several configuration items that add additional - functionality with optional packages to - PostgreSQL. Use ./configure - --help to see a list. - - - - - Install PostgreSQL with the - following commands: - - -sed -i '/DEFAULT_PGSOCKET_DIR/s@/tmp@/run/postgresql@' src/include/pg_config_manual.h && - -./configure --prefix=/usr \ - --enable-thread-safety \ - --docdir=/usr/share/doc/postgresql-&postgresql-version; && -make - - - There are a number of programs in the - contrib/ directory. If you are - going to run this installation as a server and wish to build some of - them, enter make -C contrib or make -C - contrib/<SUBDIR-NAME> for - each subdirectory. - - - - Tests must be run as an unprivileged user because they need to start a - temporary server and this is prevented as the root user. For the same - reason, you need to stop all PostgreSQL servers if any are running. If a - previous version of PostgreSQL is installed, it may be necessary to use - --disable-rpath with configure to - avoid failures, but installing the binaries created using this - switch is not recommended. To test the results, issue: - make check. - - - - If you are installing PostgreSQL to - upgrade an existing installation, there are important steps that you need - to follow. If the major version of the new build is greater than the - previous version, there is a chance that the data file format has changed. - new software cannot act on the existing data files. In this case, the - server will not start because the old programs have been overwritten, so - the data is unavailable until it's file format has been converted. - - - Before upgrading an existing installation of PostgreSQL, check - the documentation for any considerations that you must keep in mind - during the upgrade. Note that new major versions might use a different - binary format in the data objects, causing potential incompatibilities. - For more information, check out upstream's documentation about - upgrading PostgreSQL here. - . - - - At this point, you may have both the old and the new binaries - installed on your filesystem. These binaries can be used to perform an - upgrade of your existing database files. For the following instructions - it is assumed that - - The actual data files are stored in - /srv/pgsql/data - - The upgraded data files will be stored in - /srv/pgsql/newdata - - There is enough disk space to hold the actual - data files twice. The upgrade is not an inline upgrade but - it will copy the data to new database files. - - - - - First, do a temporary install which makes access to the new - binaries much easier: -make DESTDIR=$(pwd)/DESTDIR install - - Next, create a directory which is writable by the - postgres user, as the - root user: - -install -d -o postgres $(pwd)/DESTDIR/tmp - - Now, stop the existing instance of PostgreSQL - and start the upgrade process as the - root user: - -pushd $(pwd)/DESTDIR/tmp -/etc/rc.d/init.d/postgresql stop -su postgres -c "../usr/bin/initdb -D /srv/pgsql/newdata" -su postgres -c "../usr/bin/pg_upgrade \ - -d /srv/pgsql/data -b /usr/bin \ - -D /srv/pgsql/newdata -B ../usr/bin" -popd - -pushd $(pwd)/DESTDIR/tmp -systemctl stop postgresql -su postgres -c "../usr/bin/initdb -D /srv/pgsql/newdata" -su postgres -c "../usr/bin/pg_upgrade \ - -d /srv/pgsql/data -b /usr/bin \ - -D /srv/pgsql/newdata -B ../usr/bin" -popd - - At this point, your database files are available in two locations on - disk. The old data is located in - /srv/pgsql/data, and the new data - is in /srv/pgsql/newdata. - Backing up the old database files is suggested before continuing. - - Next, remove the old database files, and rename the new data - directory as the root user: - -rm -rf /srv/pgsql/data -mv /srv/pgsql/newdata /srv/pgsql/data - - - - - Now, as the root user: - - -make install && -make install-docs - - - If you made any of the contrib/ - programs, as the root user: - - -make -C contrib/<SUBDIR-NAME> install - - - - If you only intend to use PostgreSQL as a - client to connect to a server on another machine, your installation is - complete and you should not run the remaining commands. - - - - - If you have upgraded an existing database, skip the rest of the - commands because your database is ready to use. If this is the - first time you install PostgreSQL, - continue with the initialization. - - - - Initialize a database cluster with the following commands issued by the - root user: - - -install -v -dm700 /srv/pgsql/data && -install -v -dm755 /run/postgresql && -chown -Rv postgres:postgres /srv/pgsql /run/postgresql - - - Now, initialize the database as the root user: - - -su - postgres -c '/usr/bin/initdb -D /srv/pgsql/data' - - - - - Command Explanations - - - sed -i ...: This sed changes the server socket location - from /tmp to - /run/postgresql. - - - - --enable-thread-safety: This switch makes the - client libraries thread-safe by allowing concurrent threads in - libpq and ECPG programs to - safely control their private connection handles. - - - - : builds the package with support for - OpenSSL encrypted connections. - - - - : builds the PL/Perl server-side language. - - - - : builds the PL/Python server-side - language. Python3 is used by default, Python2 is no longer supported. - - - - : builds the PL/Tcl server-side language. - - - - - - Configuring PostgreSQL - - - Config Files - - - $PGDATA/pg_ident.con, - $PGDATA/pg_hba.conf, and - $PGDATA/postgresql.conf - - - - $PGDATA/pg_indent.con - - - - $PGDATA/pg_hba_conf - - - - $PGDATA/postgresql.conf - - - - The PGDATA environment variable is used to - distinguish database clusters from one another by setting it to - the value of the directory which contains the cluster desired. - The three configuration files exist in every PGDATA/ directory. Details on the - format of the files and the options that can be set in each can - be found in - /usr/share/doc/postgresql-&postgresql-version;/html/index.html. - - - - - - <phrase revision="sysv">Boot Script</phrase> - <phrase revision="systemd">Systemd Unit</phrase> - - - Install the - /etc/rc.d/init.d/postgresql - init script - postgresql.service - unit included in the - - package: - - - - postgresql - - -make install-postgresql - - - - - Starting the PostgreSQL Server and Creating a Sample Database - - - The database server can be manually started with the following command - (as the root user): - - -su - postgres -c '/usr/bin/postgres -D /srv/pgsql/data > \ - /srv/pgsql/data/logfile 2>&1 &' - - - If you are scripting this part, you should wait for the server to - start before going on, by adding for example - sleep 2 after the above command. - - - - - The instructions below show how to create a database, add a table to - it, insert some rows into the table and select them, to verify that the - installation is working properly. Still as user root, issue: - - -su - postgres -c '/usr/bin/createdb test' && -echo "create table t1 ( name varchar(20), state_province varchar(20) );" \ - | (su - postgres -c '/usr/bin/psql test ') && -echo "insert into t1 values ('Billy', 'NewYork');" \ - | (su - postgres -c '/usr/bin/psql test ') && -echo "insert into t1 values ('Evanidus', 'Quebec');" \ - | (su - postgres -c '/usr/bin/psql test ') && -echo "insert into t1 values ('Jesse', 'Ontario');" \ - | (su - postgres -c '/usr/bin/psql test ') && -echo "select * from t1;" | (su - postgres -c '/usr/bin/psql test') - - - When you are done with testing, you can shut down the server, by - issuing as root: - - -su - postgres -c "/usr/bin/pg_ctl stop -D /srv/pgsql/data" - - - - - - - Contents - - - Installed Programs - Installed Libraries - Installed Directories - - - - clusterdb, createdb, createuser, dropdb, dropuser, - ecpg, initdb, pg_amcheck, pg_archivecleanup, pg_basebackup, - pg_checksums, - pg_config, pg_controldata, pg_ctl, pg_dump, pg_dumpall, pg_isready, - pg_receivewal, pg_recvlogical, pg_resetwal, pg_restore, pg_rewind, - pg_test_fsync, pg_test_timing, pg_upgrade, pg_verifybackup, - pg_waldump, pgbench, postgres, psql, reindexdb, vacuumdb, - optionally, if Tcl support has been built, pltcl_delmod, - pltcl_listmod, pltcl_loadmod, and optionally (in contrib/) oid2name, - pg_standby, vacuumlo, and many others - - - - libecpg.{so,a}, libecpg_compat.{so,a}, libpgcommon.a, - libpgcommon_shlib.a, libpgfeutils.a, libpgport.a, libpgport_shlib.a, - libpgtypes.{so,a}, libpq.{so,a}, various charset modules and - optionally programming language modules under /usr/lib/postgresql - - - /usr/include/{libpq,postgresql}, - /usr/lib/postgresql, - /usr/share/{doc/postgresql-&postgresql-version;,postgresql}, and - /srv/pgsql - - - - - - Short Descriptions - - - - - clusterdb - - - is a utility for reclustering tables in a - PostgreSQL database - - - clusterdb - - - - - - createdb - - - creates a new PostgreSQL - database - - - createdb - - - - - - createuser - - - defines a new PostgreSQL - user account - - - createuser - - - - - - dropdb - - - removes a PostgreSQL database - - - dropdb - - - - - - dropuser - - - removes a PostgreSQL user account - - - dropuser - - - - - - ecpg - - - is the embedded SQL preprocessor - - - ecpg - - - - - - initdb - - - creates a new database cluster - - - initdb - - - - - - oid2name - - - resolves OIDs (Object IDs) and file nodes in a PostgreSQL data - directory - - - oid2name - - - - - - pg_amcheck - - - checks for corruption in one or more PostgreSQL databases - - - pg_amcheck - - - - - - pg_archivecleanup - - - cleans up PostgreSQL WAL (write-ahead log) archive files - - - pg_archivecleanup - - - - - - pg_basebackup - - - takes base backups of a running - PostgreSQL cluster - - - pg_basebackup - - - - - - pg_checksums - - - enables, disables, or checks data checksums in a - PostgreSQL database cluster - - - pg_checksums - - - - - - pg_config - - - retrieves PostgreSQL version - information - - - pg_config - - - - - - pg_controldata - - - returns information initialized during initdb, - such as the catalog version and server locale - - - pg_controldata - - - - - - pg_ctl - - - controls stopping and starting the database server - - - pg_ctl - - - - - - pg_dump - - - dumps database data and metadata into scripts which are used - to recreate the database - - - pg_dump - - - - - - pg_dumpall - - - recursively calls pg_dump for each - database in a cluster - - - pg_dumpall - - - - - - pg_isready - - - checks the connection status of a PostgreSQL server - - - pg_isready - - - - - - pg_receivewal - - - is used to stream write-ahead logs from a PostgreSQL server - - - pg_receivewal - - - - - - pg_recvlogical - - - controls PostgreSQL logical decoding streams - - - pg_recvlogical - - - - - - pg_resetwal - - - resets the write-ahead log and other control information - of a PostgreSQL database cluster - - - pg_resetwal - - - - - - pg_restore - - - creates databases from dump files created by - pg_dump - - - pg_restore - - - - - - pg_rewind - - - synchronizes a PostgreSQL data directory with another data - directory that was forked from the first one - - - pg_rewind - - - - - - pg_standby - - - supports the creation of a PostgreSQL warm standby server - - - pg_standby - - - - - - pg_test_fsync - - - determines the fastest wal_sync method for PostgreSQL - - - pg_test_fsync - - - - - - pg_test_timing - - - measures timing overhead - - - pg_test_timing - - - - - - pg_upgrade - - - upgrades a PostgreSQL server instance - - - pg_upgrade - - - - - - pg_verifybackup - - - verifies the integrity of a base backup of a PostgreSQL cluster - - - pg_verifybackup - - - - - - pg_waldump - - - displays a human-readable rendering of the write-ahead log of a - PostgreSQL database cluster - - - pg_waldump - - - - - - pgbench - - - runs a benchmark test on PostgreSQL - - - pgbench - - - - - - pltcl_delmod - - - is a support script used to delete a module from a - PL/Tcl table. The command - requires the - Pgtcl - package to be installed - - - pltcl_delmod - - - - - - pltcl_listmod - - - is a support script used to list the modules in a - PL/Tcl table. The command - requires the - Pgtcl - package to be installed - - - pltcl_listmod - - - - - - pltcl_loadmod - - - is a support script used to load a module into a - PL/Tcl table. The command - requires the - Pgtcl - package to be installed too - - - pltcl_loadmod - - - - - - postgres - - - is the PostgreSQL database server - - - postgres - - - - - - - - psql - - - is a console based database shell - - - psql - - - - - - reindexdb - - - is a utility for rebuilding indexes in a database - - - reindexdb - - - - - - vacuumdb - - - compacts databases and generates statistics for the query analyzer - - - vacuumdb - - - - - - vacuumlo - - - removes orphaned large objects from a PostgreSQL database - - - vacuumlo - - - - - - libecpg.{so,a} - - - contains functions to support embedded SQL in C programs - - - libecpg.{so,a} - - - - - - libecpg_compat.{so,a} - - - is the ecpg compatibility library - - - libecpg_compat.{so,a} - - - - - - libgport.a - - - is the port-specific subsystem of the Postgres backend - - - libgport.a - - - - - - libpgtypes.{so,a} - - - contains functions for dealing with Postgres data types - - - libpgtypes.{so,a} - - - - - - libpq.{so,a} - - - is the C programmer's API to Postgres - - - libpq.{so,a} - - - - - - - - - diff --git a/server/databases/sqlite.xml b/server/databases/sqlite.xml deleted file mode 100644 index 8a6e4ee66f..0000000000 --- a/server/databases/sqlite.xml +++ /dev/null @@ -1,239 +0,0 @@ - - - %general-entities; - - - - - - - - - - - - - -]> - - - - - - SQLite-&sqlite-version; - - - SQLite - - - - Introduction to SQLite - - - The SQLite package is a software library that - implements a self-contained, serverless, zero-configuration, transactional - SQL database engine. - - - &lfs121_checked; - - Package Information - - - - Download (HTTP): - - - - - Download (FTP): - - - - - Download MD5 sum: &sqlite-md5sum; - - - - - Download size: &sqlite-size; - - - - - Estimated disk space required: &sqlite-buildsize; - - - - - Estimated build time: &sqlite-time; - - - - - Additional Downloads - - Optional Documentation - - - Download (HTTP): - - - - - Download MD5 sum: &sqlite-docs-md5sum; - - - - - Download size: &sqlite-docs-size; - - - - - SQLite Dependencies - - Optional - - libedit and - (required to unzip the documentation) - - - - - - Installation of SQLite - - - If you downloaded the optional documentation, issue the following command - to install the documentation into the source tree: - - -unzip -q ../sqlite-doc-&sqlite-doc-version;.zip - - - Install SQLite by running the following - commands: - - -./configure --prefix=/usr \ - --disable-static \ - --enable-fts{4,5} \ - CPPFLAGS="-DSQLITE_ENABLE_COLUMN_METADATA=1 \ - -DSQLITE_ENABLE_UNLOCK_NOTIFY=1 \ - -DSQLITE_ENABLE_DBSTAT_VTAB=1 \ - -DSQLITE_SECURE_DELETE=1 \ - -DSQLITE_ENABLE_FTS3_TOKENIZER=1" && -make - - - This package does not come with a test suite. - - - - Now, as the root user: - - -make install - - - If you downloaded the optional documentation, issue the following commands - as the root user to install it: - - -install -v -m755 -d /usr/share/doc/sqlite-&sqlite-version; && -cp -v -R sqlite-doc-&sqlite-doc-version;/* /usr/share/doc/sqlite-&sqlite-version; - - - - - Command Explanations - - - - - --enable-fts{4,5}: These switches enable - support for version 3, 4 and 5 of the full text search (FTS) - extension. Note that the switch - enables support for both FTS version 4 and FTS version 3. - - - - CPPFLAGS="-DSQLITE_ENABLE_COLUMN_METADATA=1 ... : - Applications such as - SeaMonkey require these options - to be turned on. - The only way to do this is to include them in - the CFLAGS or CPPFLAGS. - We use the latter so the default value (or any value set by the user) - of CFLAGS won't be affected. - For further information on what can be specified see . - - - - - - Contents - - - Installed Program - Installed Library - Installed Directory - - - - sqlite3 - - - libsqlite3.so - - - /usr/share/doc/sqlite-&sqlite-version; - - - - - - Short Descriptions - - - - - sqlite3 - - - is a terminal-based front-end to the SQLite - library that can evaluate queries interactively and display the - results - - - sqlite3 - - - - - - libsqlite3.so - - - contains the SQLite API functions - - - libsqlite3.so - - - - - - - - - diff --git a/server/databases/upgradedb.xml b/server/databases/upgradedb.xml deleted file mode 100644 index 2622703ad2..0000000000 --- a/server/databases/upgradedb.xml +++ /dev/null @@ -1,283 +0,0 @@ - - - %general-entities; -]> - - - - - - Important Notes About Upgrading Database Server Software - - This section is about reinstalling database software - when an existing database is in use. It is not applicable for - initial installations or if there is no existing database for - the package being updated, but users should read through it - to become aware of issues that can arise in the future. - - Let's start this chapter with a dramatic screenshot of an error that - really happened. This error will not occur if you are installing database - software for the first time: - -$ sudo systemctl status postgresql --- postgresql.service - PostgreSQL database server - Loaded: loaded (/usr/lib/systemd/system/postgresql.service; enabled; vendor preset: enabled) - Active: failed (Result: exit-code) since Tue 2021-10-26 17:11:53 CDT; 2min 49s ago - Process: 17336 ExecStart=/usr/bin/pg_ctl -s -D ${PGROOT}/data start -w -t 120 (code=exited, status=1/FAILURE) - CPU: 7ms - -Oct 26 17:11:53 SVRNAME systemd[1]: Starting PostgreSQL database server... -Oct 26 17:11:53 SRVNAME postgres[17338]: 2021-10-26 17:11:53.420 CDT [17338] FATAL: - database files are incompatible with server -Oct 26 17:11:53 SRVNAME postgres[17338]: 2021-10-26 17:11:53.420 CDT [17338] DETAIL: - The data directory was initialized by PostgreSQL version 13, - which is not compatible with this version 14.0. -Oct 26 17:11:53 SRVNAME postgres[17336]: pg_ctl: could not start server -Oct 26 17:11:53 SRVNAME postgres[17336]: Examine the log output. -Oct 26 17:11:53 SRVNAME systemd[1]: postgresql.service: Control process exited, code=exited, status=1/FAILURE -Oct 26 17:11:53 SRVNAME systemd[1]: postgresql.service: Failed with result 'exit-code'. -Oct 26 17:11:53 SRVNAME systemd[1]: Failed to start PostgreSQL database server. - - - To avoid situations like this (i.e., your database server - software refuses to start), read the following discussion of the best way to - upgrade a DBMS (Database Management System). - - - - The root cause of the error shown above was an upgrade - of the server software to a newer major version which left the - data files untouched. In this case, the administrator was able to recover - the DBMS without any loss of data. - - - - Even if you are doing an initial DBMS install, read through this - section. It provides information about implementing backup - and restore procedures (or at least a strategy for creating - them) which will satisfy your needs and guarantee the safety - of your data. - - - - Upgrade Database Server Packages - - - Database systems work on files which hold the database metadata and the - data itself. The internal structure of these files is optimized for use - by the server software. When such server software is upgraded, - the new software may utilize a different file format than - had previously been used. Sometimes the new software can - work with the old format as well as the new one—but without the - performance improvements the new format provides. - Other times, the new server software will - reformat the data files automatically after the upgrade. - - - - Unfortunately, the most likely case is that the new server software - complains about out of date file formats and exits. When this happens, - and you have overwritten the old server software, you may end up - with a broken system and lost data. - - - - Changes in data file formats usually happen at major version changes, but - they can also occur at other times. Before upgrading any DBMS - software, check the documentation to see if this upgrade makes changes which - require reformatting the database. - - - - Of course, if you have databases with content that is not easily - rebuilt, it is always a good idea to create backups of the database from - time to time. Before upgrading the server software, you should run - another backup. - - - - Upgrade by Backup and Restore - - - - A backup is useless if there is no verified process - to restore the data from this backup. When running a - database server, you should not only create backups; you - should also verify that the restore process - really works. The time to test the restore procedure - is before you urgently need - to recover lost data. - - - - - Most database server software provides some basic - tools to create backups of your data. Usually the backups created with - those tools can be read by newer versions of the software (via a - restore tool). Using older restore tools with newer backup data is - a bad idea; you should never blindly assume that - it will work. It might, but usually it doesn't. - - - - The easiest way to upgrade your database files is to - - - - - Create a full database backup using the old tools. - - This step creates an offline copy of the database files—for - long term archiving, for disaster recovery, or as - preparation for an upgrade. This offline backup consists of either (1) a full - one-to-one copy of the current database files, or (2) a full backup of the - database files from a certain point in time, plus all the journal data (that is - Oracle® terminology, it is called "Continuous Archiving" or - "write ahead log (WAL)" in Postgresql) describing the - changes made after that point in time. This second form takes less time to create - (if the DB software provides this type of journaling) because you only have - to save the data that have changed since the last full backup was created. - - When upgrading database server software, a full backup - (which can be used for subsequent incremental backups) should be - created; but if there is a lot of data, an incremental backup will - suffice. The best strategy for you depends on - the amount of data stored in your database (is it a few hundred table - rows, or is it hundreds of terabytes?). A full backup in the latter case - can't be done quickly. To - fully protect your data, create a backup of the old - programs (and/or their sources) and save it, along with the data - files, to be certain there is a fallback solution if - the new software cannot read the old data. - - - - Upgrade the server software - - In this step, instructions to build the database server - software are executed just as they are shown in subsequent sections - talking about the DBMs like MariaDB or Postgresql. That is, build - the software as usual using BLFS instructions. - - - - Restore the database by using the new tools. - - To restore the data, the tools of the newly installed server - software should be used. During the restoration process, the new - tools will create and/or upgrade the data files in the format the - new software requires. It is assumed that newer software is capable of - reading old data. - - - - - Since you already have a backup procedure in place (and you - have tested your restore procedure, right?), this might - be the easiest way to upgrade as you can use your well known - processes to upgrade just as you always do—at least in terms - of the backup and restore. - - - - - - Upgrade the Database Files by Using System Tools - - - Some database systems (for instance Postgresql) provide - a tool which can reformat (upgrade) the existing database - files to the new format. - If you need to restore from a backup (for example, running - the upgrade tool failed) you will have to reinstall the old software - to recover your data. - - - - Even though the reformatting tools might work as advertised, - you should create a full backup before running them. A failure - could cause serious damage to the database. - - - - - - - - Notes for Specific DBMS - - - PostgreSQL - - - - Upstream documentation for Backup/Restore: - - - - - - - MariaDB - - - - Upstream documentation for Backup/Restore: - - - - - - - Sqlite - - - - Do not underestimate Sqlite. It is a - feature-rich DBMS. The main difference from the two big players above is - that Sqlite does not provide access via a network API. Sqlite databases - are always stored on the machine running the program which - uses the database. The manipulation of data content is done via API calls - to library functions directly within the program. - - In the upstream documentation you may find the following - useful: - - Documentation of the sqlite3 command line tool: - - - - Documentation of backup API calls: - - - - Unfortunately, there is no dedicated chapter in the - upstream documentation talking about backup/restore, but - there are several articles about it on the - Internet. Here is an example. - - Documentation for Backup/Restore: - - - - - - - LMDB - - - - Like Sqlite, this - software acts on local database files; there is no - network interface. - - The relevant resources to back up/restore a LMDB database - are the man pages for mdb_dump and its - counterpart mdb_load. - - - - - diff --git a/server/mail/dovecot.xml b/server/mail/dovecot.xml deleted file mode 100644 index e9b5dcafe7..0000000000 --- a/server/mail/dovecot.xml +++ /dev/null @@ -1,433 +0,0 @@ - - - %general-entities; - - - - - - - -]> - - - - - - Dovecot-&dovecot-version; - - - Dovecot - - - - Introduction to Dovecot - - - Dovecot is an Internet Message Access Protocol - (IMAP) and Post Office Protocol (POP) server, written primarily with - security in mind. Dovecot aims to be - lightweight, fast and easy to set up as well as highly configurable and - easily extensible with plugins. - - - &lfs121_checked; - - Package Information - - - - Download (HTTP): - - - - - Download (FTP): - - - - - Download MD5 sum: &dovecot-md5sum; - - - - - Download size: &dovecot-size; - - - - - Estimated disk space required: &dovecot-buildsize; - - - - - Estimated build time: &dovecot-time; - - - - - Additional Downloads - - - - Required patch: - - - - - - Required patch: - - - - - - Dovecot Dependencies - - Required - - - - - Optional - - , - , - , - , - , - , - or MySQL, - , - , - , - , - , - Cassandra, - stemmer and - libsodium - - - - - - Installation of Dovecot - - - There should be dedicated users and groups for unprivileged Dovecot - processes and for processing users' logins. Issue the following commands - as the root user: - - -groupadd -g 42 dovecot && -useradd -c "Dovecot unprivileged user" -d /dev/null -u 42 \ - -g dovecot -s /bin/false dovecot && -groupadd -g 43 dovenull && -useradd -c "Dovecot login user" -d /dev/null -u 43 \ - -g dovenull -s /bin/false dovenull - - - First, apply a patch to fix problems with OpenSSL-3: - - -patch -Np1 -i ../dovecot-&dovecot-version;-openssl3_fixes-1.patch - - - Next, apply a patch to fix a security vulnerability: - - -patch -Np1 -i ../dovecot-&dovecot-version;-security_fix-1.patch - - - Install Dovecot by running the following - commands: - - -CPPFLAGS="-I/usr/include/tirpc" \ -LDFLAGS+=" -ltirpc" \ -./configure --prefix=/usr \ - --sysconfdir=/etc \ - --localstatedir=/var \ - --with-systemd=no \ - --docdir=/usr/share/doc/dovecot-&dovecot-version; \ - --disable-static && -make - -CPPFLAGS="-I/usr/include/tirpc" \ -LDFLAGS+=" -ltirpc" \ -./configure --prefix=/usr \ - --sysconfdir=/etc \ - --localstatedir=/var \ - --docdir=/usr/share/doc/dovecot-&dovecot-version; \ - --disable-static && -make - - - To test the results, issue make -k check. - - - - Now, as the root user: - - -make install - - - - - Command Explanations - - - CPPFLAGS=... LDFLAGS+=...: build with libtirpc - instead of the recently removed RPC code provided by GlibC. - - - - - - - - : This switch enables - OpenLDAP authentication support. - - - - : This switch enables - PostgreSQL database support. - - - - : This switch enables - MySQL database support. - - - - : This switch enables - SQLite database support. - - - - : This switch enables - CLucene full text search support. - - - - : This switch enables - Lua plugin support. This includes - a mail and push notification plugin. - - - - - - - Configuring Dovecot - - - Config Files - - - /etc/dovecot/dovecot.conf, - /etc/dovecot/conf.d/*, and - /etc/dovecot/local.conf - - - - /etc/dovecot/dovecot.conf - - - /etc/dovecot/conf.d/* - - - /etc/dovecot/local.conf - - - - - - Configuration Information - - - Copy an example configuration, which you can use as a starting point: - - -cp -rv /usr/share/doc/dovecot-&dovecot-version;/example-config/* /etc/dovecot - - - The following configuration is a simple proof of concept with IMAP - service using local users for authentication and mailbox location. - Reading files from the conf.d - directory is commented out since the included example configuration - requires OpenSSL and - Linux PAM. - - -sed -i '/^\!include / s/^/#/' /etc/dovecot/dovecot.conf && -chmod -v 1777 /var/mail && -cat > /etc/dovecot/local.conf << "EOF" -protocols = imap -ssl = no -# The next line is only needed if you have no IPv6 network interfaces -listen = * -mail_location = mbox:~/Mail:INBOX=/var/mail/%u -userdb { - driver = passwd -} -passdb { - driver = shadow -} -EOF - - - You will definitely want to read the official documentation at if you plan to use - Dovecot in a production environment. - - - - - - <phrase revision="sysv">Boot Script</phrase> - <phrase revision="systemd">Systemd Unit</phrase> - - - If you want the Dovecot - server to start automatically when the system is booted, install the - /etc/rc.d/init.d/dovecot init script included in - the package. - - - - To start the dovecot - daemon at boot, enable the previously installed systemd unit with the - following command: - - - - dovecot - - -make install-dovecot - -systemctl enable dovecot - - - - - - - Contents - - - Installed Programs - Installed Libraries - Installed Directories - - - - doveadm, doveconf, dovecot, dovecot-sysreport, and dsync (symbolic link) - - - various internal plugins in - /usr/lib/dovecot - - - /etc/dovecot, - /usr/{include,lib,libexec,share}/dovecot and - /usr/share/doc/dovecot-&dovecot-version; - - - - - - Short Descriptions - - - - - doveadm - - - is the Dovecot administration tool - - - doveadm - - - - - - doveconf - - - is Dovecot's configuration dumping - utility - - - doveconf - - - - - - dovecot - - - is the IMAP and POP server - - - dovecot - - - - - - dovecot-sysreport - - - prints system information that is useful to the Dovecot developers - when submitting bug reports upstream - - - dovecot-sysreport - - - - - - dsync - - - is Dovecot's mailbox synchronization - utility - - - dsync - - - - - - - - - - diff --git a/server/mail/exim.xml b/server/mail/exim.xml deleted file mode 100644 index c6ef601160..0000000000 --- a/server/mail/exim.xml +++ /dev/null @@ -1,736 +0,0 @@ - - - %general-entities; - - - - - - - - - - - -]> - - - - - - Exim-&exim-version; - - - Exim - - - - Introduction to Exim - - - The Exim package contains a Mail - Transport Agent written by the University of Cambridge, released - under the GNU Public License. - - - &lfs121_checked; - - Package Information - - - - Download (HTTP): - - - - - Download (FTP): - - - - - Download MD5 sum: &exim-md5sum; - - - - - Download size: &exim-size; - - - - - Estimated disk space required: &exim-buildsize; - - - - - Estimated build time: &exim-time; - - - - - Additional Downloads - - - - Additional formats of the documentation (text-based docs are - shipped with the sources) can be downloaded by following the links - shown at . - - - - - - Exim Dependencies - - Required - - , - and - - - - Optional - - TDB - (alternative to GDBM, built in LFS), - , - , - , - or - MySQL, - , - , - , - , - , - Heimdal GSSAPI, - libspf2, and - OpenDMARC - - - - - - Installation of Exim - - - Before building Exim, as the - root user you should create - the group and user exim which - will run the exim daemon: - - -groupadd -g 31 exim && -useradd -d /dev/null -c "Exim Daemon" -g exim -s /bin/false -u 31 exim - - - Configure Exim with the following commands: - - -sed -e 's,^BIN_DIR.*$,BIN_DIRECTORY=/usr/sbin,' \ - -e 's,^CONF.*$,CONFIGURE_FILE=/etc/exim.conf,' \ - -e 's,^EXIM_USER.*$,EXIM_USER=exim,' \ - -e '/# USE_OPENSSL/s,^#,,' src/EDITME > Local/Makefile && - -printf "USE_GDBM = yes\nDBMLIB = -lgdbm\n" >> Local/Makefile - - - - If you want to add Linux PAM support, also run the following commands: - - -sed -i '/# SUPPORT_PAM=yes/s,^#,,' Local/Makefile -echo "EXTRALIBS=-lpam" >> Local/Makefile - - - - Build Exim with the following command: - - -make - - - - This package does not come with a test suite. - - - - Now, as the root user: - - - - -make install && -install -v -m644 doc/exim.8 /usr/share/man/man8 && - -install -vdm 755 /usr/share/doc/exim-&exim-version; && -cp -Rv doc/* /usr/share/doc/exim-&exim-version; && - -ln -sfv exim /usr/sbin/sendmail && -install -v -d -m750 -o exim -g exim /var/spool/exim - - - - - Command Explanations - - - sed -e ... > Local/Makefile: Most of - Exim's configuration options are defined - in Local/Makefile, which is created from - the src/EDITME file. This command specifies the - minimum set of options. Descriptions for the options are listed below. - - - - printf ... > Local/Makefile: Setting those - variables allows to use GDBM instead of the default Berkeley DB. Remove - this command if you have installed &berkeley-db;. - - - - BIN_DIRECTORY=/usr/sbin: This installs all of - Exim's binaries and scripts in - /usr/sbin. - - - - CONFIGURE_FILE=/etc/exim.conf: This installs - Exim's main configuration file in - /etc. - - - - EXIM_USER=exim: This tells - Exim that after the daemon no longer needs - root privileges, the process - needs to hand off the daemon to the exim user. - - - - USE_OPENSSL: uncommenting - and - tells the - build system to use OpenSSL, and to - find the needed libraries with pkg-config. - - - - Uncomment : This allows building the - Exim monitor program, which requires - X Window System support, and is commented out - by default. - - - - ln -sfv exim /usr/sbin/sendmail: Creates a link to - sendmail for applications which need it. - Exim will accept most - Sendmail command-line options. - - - - install -v -m750 -o exim -g exim /var/spool/exim: - Since /var/spool is owned by root and this version of - exim drops - root privileges early, to run - as user exim, it cannot create - the /var/spool/exim directory. As - a work around, it is created manually. - - - - - - Adding Additional Functionality - - - To utilize some or all of the dependency packages, you'll need to - modify Local/Makefile to include the appropriate - directives and parameters to link additional libraries before you build - Exim. Local/Makefile is - heavily commented with instructions on how to do this. Listed below is - additional information to help you link these dependency packages or - add additional functionality. - - - - If you wish to build and install the - .info documentation, refer to - . - - - - If you wish to build in Exim's interfaces for calling virus and spam - scanning software directly from access control lists, uncomment the - parameter and review the - information found at . - - - - To use a backend database other than GDBM - , see the instructions at . - - - - For SSL functionality, see the instructions at - and . - - - - For tcpwrappers functionality, see the - instructions at . - - - - For information about adding authentication mechanisms to the - build, see chapters 33—41 of . - - - - For information about linking Linux-PAM, - refer to the instructions . - - - - For information about linking database engine libraries used for - Exim name lookups, see the instructions at - . - - - - If you wish to add Readline support to - Exim when invoked in test - expansion () mode, see the information in - the section of . - - - - You may wish to modify the default configuration and send log files to - syslog instead of the default - /var/spool/exim/log directory. See - the information at . - - - - A wealth of information can be also found at the Exim Wiki. - - - - - - Configuring Exim - - - Config Files - - - /etc/exim.conf and - /etc/aliases - - - - /etc/exim.conf - - - - /etc/aliases - - - - - - Configuration Information - - - Review the file /etc/exim.conf, and modify any - settings to suit your needs. Note that the default configuration - assumes that the /var/mail - directory is world writable, but has the sticky bit set. If you want - to use the default configuration, issue as the root user: - - -chmod -v a+wt /var/mail - - - A default (nothing but comments) /etc/aliases - file is installed during the package installation if this file did not - exist on your system. Create the necessary aliases and start the - Exim daemon using the following commands: - - -cat >> /etc/aliases << "EOF" -postmaster: root -MAILER-DAEMON: root -EOF -/usr/sbin/exim -bd -q15m - - - - To protect an existing /etc/aliases file, - the command above appends these aliases to it. This file should be - checked and duplicate aliases removed, if present. - - - - - The /usr/sbin/exim -bd -q15m command starts - the Exim daemon with a 15 minute interval - in processing the mail queue. Adjust this parameter to suit your - desires. - - - - - Linux PAM Configuration - - - If you have built Exim with - Linux PAM support, you need to create a - PAM configuration file to get it working - correctly with BLFS. - - - - Issue the following command as the root user to create the configuration - file for Linux PAM: - - -cat > /etc/pam.d/exim << "EOF" -# Begin /etc/pam.d/exim - -auth include system-auth -account include system-account -session include system-session - -# End /etc/pam.d/exim -EOF - - - - - <phrase revision="sysv">Boot Script</phrase> - <phrase revision="systemd">Systemd Unit</phrase> - - - To automatically start exim at boot, install the - /etc/rc.d/init.d/exim - init script - exim.service - unit - included in the - package: - - - - exim - - -make install-exim - - - The bootscript also starts the Exim daemon - and dispatches a queue runner process every 15 minutes. Modify the - - parameter in /etc/rc.d/init.d/exim, if necessary - for your installation. - - - - - - - - Contents - - - Installed Programs - Installed Libraries - Installed Directories - - - exicyclog, exigrep, exim, exim-&exim-daemon-version;, exim_checkaccess, - exim_dbmbuild, exim_dumpdb, exim_fixdb, exim_lock, exim_tidydb, - eximstats, exinext, exipick, exiqgrep, exiqsumm, exiwhat, and - optionally, eximon, eximon.bin, and sendmail (symlink) - None - /usr/share/doc/exim-&exim-version; and /var/spool/exim - - - - - Short Descriptions - - - - - exicyclog - - - cycles Exim log files - - - exicyclog - - - - - - exigrep - - - searches Exim log files - - - exigrep - - - - - - exim - - - is a symlink to the exim-&exim-daemon-version; - MTA daemon - - - exim - - - - - - exim-&exim-daemon-version; - - - is the Exim mail transport agent daemon - - - exim-&exim-daemon-version; - - - - - - exim_checkaccess - - - states whether a given recipient address from a given host is - acceptable or not - - - exim_checkaccess - - - - - - exim_dbmbuild - - - creates and rebuilds Exim databases - - - exim_dbmbuild - - - - - - exim_dumpdb - - - writes the contents of Exim - databases to the standard output - - - exim_dumpdb - - - - - - exim_fixdb - - - modifies data in Exim databases - - - exim_fixdb - - - - - - exim_lock - - - locks a mailbox file - - - exim_lock - - - - - - exim_tidydb - - - removes old records from Exim - databases - - - exim_tidydb - - - - - - eximstats - - - generates mail statistics from Exim - log files - - - eximstats - - - - - - exinext - - - queries remote host retry times - - - exinext - - - - - - exipick - - - selects messages based on various criteria - - - exipick - - - - - - exiqgrep - - - is a utility for selective queue listing - - - exiqgrep - - - - - - exiqsumm - - - produces a summary of the messages in the mail queue - - - exiqsumm - - - - - - exiwhat - - - queries running Exim processes - - - exiwhat - - - - - - eximon - - - is a start-up shell script for eximon.bin - used to set the required environment variables before running the - program - - - eximon - - - - - - eximon.bin - - - is a monitor program which displays current information in an - X window, and also contains a menu - interface to Exim's command line - administration options - - - eximon.bin - - - - - - - - - diff --git a/server/mail/mail.xml b/server/mail/mail.xml deleted file mode 100644 index 0ccb880012..0000000000 --- a/server/mail/mail.xml +++ /dev/null @@ -1,28 +0,0 @@ - - - %general-entities; -]> - - - - - Mail Server Software - - - MTAs are the programs which transport mail from one machine to the - other. The traditional MTA is Sendmail, however - there are several other choices. - - - - In addition to the SMTP servers, there is also a POP/IMAP server (Dovecot). - - - - - - - - diff --git a/server/mail/postfix.xml b/server/mail/postfix.xml deleted file mode 100644 index 67394a070b..0000000000 --- a/server/mail/postfix.xml +++ /dev/null @@ -1,760 +0,0 @@ - - - %general-entities; - - - - - - - - -]> - - - - - - Postfix-&postfix-version; - - - Postfix - - - - Introduction to Postfix - - - The Postfix package contains a Mail Transport - Agent (MTA). This is useful for sending email to other users of your host - machine. It can also be configured to be a central mail server for your - domain, a mail relay agent or simply a mail delivery agent to your local - Internet Service Provider. - - - &lfs121_checked; - - Package Information - - - - Download (HTTP): - - - - - Download (FTP): - - - - - Download MD5 sum: &postfix-md5sum; - - - - - Download size: &postfix-size; - - - - - Estimated disk space required: &postfix-buildsize; - - - - - Estimated build time: &postfix-time; - - - - - Postfix Dependencies - - Recommended - - , - , and - - - - Optional - - for Email Address Internationalization (SMTPUTF8) support, - or MySQL, - , - , - , - , - &berkeley-db;, and - CDB or - TinyCDB - - - - Note that SQLite, - MySQL, PostgreSQL - and CDB are only useful if there is a known - need for them. - - - - Editor Notes: - - - - - Installation of Postfix - - - Adding Users and Groups - - - Before you compile the program, you need to create users and groups that - will be expected to be in place during the installation. Add the users - and groups with the following commands issued by the - root user: - - -groupadd -g 32 postfix && -groupadd -g 33 postdrop && -useradd -c "Postfix Daemon User" -d /var/spool/postfix -g postfix \ - -s /bin/false -u 32 postfix && -chown -v postfix:postfix /var/mail - - - - Configuring the Build - - - The README files are formatted to be read with a pager like - less or more. - If you want to use a text editor, make them legible with the - following sed: - - -sed -i 's/.\x08//g' README_FILES/* - - - The Postfix source tree does not contain a - configure script, rather the makefile in the - top-level directory contains a target that - regenerates all the other makefiles in the build tree. If you wish to - use additional software such as a database back-end for virtual users, - or TLS/SSL authentication, you will need to regenerate the makefiles - using one or more of the appropriate CCARGS and - AUXLIBS settings listed below. - - - - - For all variants of the CCARGS you should ensure that -DNO_NIS is - specified so that the build does not attempt to access an rpcsvc - header which do not exist in BLFS. If &berkeley-db; is - not installed, -DNO_DB needs to be specified as well. - - - - - For more details read the readme files. - - - - Initialize the CCARGS and AUXLIBS - according to the note above: - - -CCARGS="-DNO_NIS -DNO_DB" -AUXLIBS="" - - - Next, the CCARGS and the AUXLIBS - variables are filled with settings depending on the actual - system configuration. If an optional package is installed but - should not be included in the - Postfix build, simply skip the - corresponding if [ ... ]; then scriptlets. - - - - Cyrus-SASL - - - To use Cyrus-SASL with - Postfix, use the following arguments: - - -if [ -r /usr/lib/libsasl2.so ]; then - CCARGS="$CCARGS -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl" - AUXLIBS="$AUXLIBS -lsasl2" -fi - - - - LMDB - - To use LMDB with - Postfix, use the following arguments: - - -if [ -r /usr/lib/liblmdb.so ]; then - CCARGS="$CCARGS -DHAS_LMDB" - AUXLIBS="$AUXLIBS -llmdb" -fi - - - - OpenLDAP - - - To use OpenLDAP with - Postfix, use the following arguments: - - -if [ -r /usr/lib/libldap.so -a -r /usr/lib/liblber.so ]; then - CCARGS="$CCARGS -DHAS_LDAP" - AUXLIBS="$AUXLIBS -lldap -llber" -fi - - - - - Sqlite - - - To use Sqlite with - Postfix, use the following arguments: - - -if [ -r /usr/lib/libsqlite3.so ]; then - CCARGS="$CCARGS -DHAS_SQLITE" - AUXLIBS="$AUXLIBS -lsqlite3 -lpthread" -fi - - - - - MySQL - - - To use MySQL with - Postfix, use the following arguments: - - -if [ -r /usr/lib/libmysqlclient.so ]; then - CCARGS="$CCARGS -DHAS_MYSQL -I/usr/include/mysql" - AUXLIBS="$AUXLIBS -lmysqlclient -lz -lm" -fi - - - - - PostgreSQL - - - To use PostgreSQL with - Postfix, use the following arguments: - - -if [ -r /usr/lib/libpq.so ]; then - CCARGS="$CCARGS -DHAS_PGSQL -I/usr/include/postgresql" - AUXLIBS="$AUXLIBS -lpq -lz -lm" -fi - - - - - CDB/TinyCDB - - - To use CDB or - TinyCDB with - Postfix, use the following arguments: - - -if [ -r </path/to/CDB>/libcdb.a ]; then - CCARGS="$CCARGS -DHAS_CDB" - AUXLIBS="$AUXLIBS </path/to/CDB>/libcdb.a" -fi - - - - - StartTLS Authentication - - - To use OpenSSL with - Postfix, use the following arguments: - - -if [ -r /usr/lib/libssl.so -a -r /usr/lib/libcrypto.so ]; then - CCARGS="$CCARGS -DUSE_TLS -I/usr/include/openssl/" - AUXLIBS="$AUXLIBS -lssl -lcrypto" -fi - - OpenSSL is installed by LFS so it - should be always there. The if ... then is here - just for consistency. - - - - - - - Installing Postfix - - - There might be duplicate settings in AUXLIBS - like -lm when both, MariaDB - and PostgreSQL are used. They do - not harm. Install Postfix by - running the following commands: - - -make CCARGS="$CCARGS" AUXLIBS="$AUXLIBS" makefiles && -make - - - - This package does not come with a useful test suite. - - - - Now, as the root user: - - - - -sh postfix-install -non-interactive \ - daemon_directory=/usr/lib/postfix \ - manpage_directory=/usr/share/man \ - html_directory=/usr/share/doc/postfix-&postfix-version;/html \ - readme_directory=/usr/share/doc/postfix-&postfix-version;/readme - - - - - - - Command Explanations - - - make makefiles: This command rebuilds the makefiles - throughout the source tree to use the options contained in the - CCARGS and AUXLIBS variables. - - - - sh postfix-install -non-interactive: This keeps the - install script from asking any questions, thereby accepting default - destination directories in all but the few cases. If the - and - options are not set then the documentation will not be installed. - - - - : this will turn off SMTPUTF8 - support, for example if the rest of your email address infrastructure - cannot handle UTF-8 email addresses and message header values. - - - - - - Configuring Postfix - - - Config Files - - - /etc/aliases, - /etc/postfix/main.cf, and - /etc/postfix/master.cf - - - - /etc/aliases - - - - /etc/postfix/* - - - - - - Configuration Information - - - Create (or append to an existing) /etc/aliases - with the following command. Change - <LOGIN> to your non-root login - identity so mail addressed to - root can be forwarded to you. - As the root user: - - -cat >> /etc/aliases << "EOF" -# Begin /etc/aliases - -MAILER-DAEMON: postmaster -postmaster: root - -root: <LOGIN> -# End /etc/aliases -EOF - - - To protect an existing /etc/aliases file, - the above command appends these aliases to it if it exists. This file - should be checked and duplicate aliases removed, if present. - - - - The BLFS editors recommend to use LMDB instead of Berkeley DB for - Postfix tables. Add three lines into - /etc/postfix/main.cf to make - postmap encode the lookup tables in the LMDB - format by default and to change the default hash setting of the - alias tables: - - -echo 'default_database_type = lmdb' >> /etc/postfix/main.cf && -echo 'alias_database = lmdb:/etc/aliases' >> /etc/postfix/main.cf && -echo 'alias_maps = lmdb:/etc/aliases' >> /etc/postfix/main.cf - - - To protect your server against the recent SMTP smuggling attacks, - additional steps are required. Add two lines into - /etc/postfix/main.cf to disconnect remote SMTP - clients that send bare newlines in the DATA section, while also - allowing clients on your network with non-standard SMTP implementations - to still send mail: - - -echo 'smtpd_forbid_bare_newline = normalize' >> /etc/postfix/main.cf && -echo 'smtpd_forbid_bare_newline_exclusions = $mynetworks' >> /etc/postfix/main.cf - - - Note that if you are following an online tutorial to configure - Postfix, the tutorial may refer to a lookup table with - hash:/path/to/lookup_table. You should replace - hash with lmdb in order to use - a lookup table encoded in the LMDB format. - - - - - The /etc/postfix/main.cf and - /etc/postfix/master.cf files must be personalized - for your system. The main.cf file needs your - fully qualified hostname. You will find that - main.cf is self documenting, so load it into your - editor to make the changes you need for your situation. - - - - - - Postfix can also be set up to - run in a chroot jail. See the file in the source - examples/chroot-setup/LINUX2 for details. - - - - - To ensure that all permissions are set properly, postfix - provides a tool which is to be run as the - root user: - - -/usr/sbin/postfix -c /etc/postfix set-permissions - - - If you have an existing configuration, you can run the - postfix utility to add any necessary definitions to - your existing files. As the - root user: - - -/usr/sbin/postfix upgrade-configuration - - - Before starting Postfix, you should check - that your configuration and file permissions will work properly. Run the - following commands as the root - user to check and start your Postfix server: - - -/usr/sbin/postfix check && -/usr/sbin/postfix start - - - - - <phrase revision="sysv">Boot Script</phrase> - <phrase revision="systemd">Systemd Unit</phrase> - - - To automate the running of Postfix at startup, install the - /etc/rc.d/init.d/postfix - init script - postfix.service - unit included in the - - package: - - - - postfix - - -make install-postfix - - - - - - - Contents - - - Installed Programs - Installed Libraries - Installed Directories - - - - mailq (symlink), newaliases (symlink), postalias, postcat, postconf, - postdrop, postfix, postkick, postlock, postlog, postmap, postmulti, - postqueue, postsuper, and sendmail - - - None - - - /{etc,usr/lib}/postfix, - /usr/share/doc/postfix-&postfix-version; and - /var/{lib,spool}/postfix - - - - - - Short Descriptions - - - - - mailq - - - A symlink to sendmail - - - mailq - - - - - - newaliases - - - A symlink to sendmail - - - newaliases - - - - - - postalias - - - is a utility for Postfix alias database - maintenance - - - postalias - - - - - - postcat - - - Prints the contents of files from the - Postfix queue in human readable format - - - postcat - - - - - - postconf - - - Displays or changes the value of - Postfix configuration parameters - - - postconf - - - - - - postdrop - - - Creates a file in the maildrop directory and copies its standard - input to the file - - - postdrop - - - - - - postfix - - - is the Postfix control program - - - postfix - - - - - - postkick - - - Sends requests to the specified service over a local transport - channel - - - postkick - - - - - - postlock - - - Locks a mail folder for exclusive use, and executes commands passed - to it - - - postlock - - - - - - postlog - - - A Postfix-compatible logging interface - for use in, for example, shell scripts - - - postlog - - - - - - postmap - - - Creates or queries one or more Postfix lookup tables, or updates an - existing one - - - postmap - - - - - - postmulti - - - is the Postfix multi-instance manager. - It allows a system administrator to manage multiple - Postfix instances on a single host - - - postmulti - - - - - - postqueue - - - The Postfix user interface for - queue management - - - postqueue - - - - - - postsuper - - - The Postfix user interface for - superuser queue management - - - postsuper - - - - - - sendmail - - - is the Postfix to - Sendmail compatibility interface - - - sendmail - - - - - - - - - diff --git a/server/mail/sendmail.xml b/server/mail/sendmail.xml deleted file mode 100644 index 2719e1cc5b..0000000000 --- a/server/mail/sendmail.xml +++ /dev/null @@ -1,521 +0,0 @@ - - - %general-entities; - - - - - - - -]> - - - - - - sendmail-&sendmail-version; - - - sendmail - - - - Introduction to sendmail - - - The sendmail package contains a Mail - Transport Agent (MTA). - - - &lfs121_checked; - - Package Information - - - - Download (HTTP): - - - - - Download (FTP): - - - - - Download MD5 sum: &sendmail-md5sum; - - - - - Download size: &sendmail-size; - - - - - Estimated disk space required: &sendmail-buildsize; - - - - - Estimated build time: &sendmail-time; - - - - - - - sendmail Dependencies - - Required - - (client) - - - Recommended - - - - - Optional - - (for creating PDF documentation), - (the configuration proposed below requires - that procmail be present at run-time), and - nph - - - - - - Installation of sendmail - - - Before building sendmail, create the - required user, group and directory with the following commands issued as - the root user: - - -groupadd -g 26 smmsp && -useradd -c "Sendmail Daemon" -g smmsp -d /dev/null \ - -s /bin/false -u 26 smmsp && -chmod -v 1777 /var/mail && -install -v -m700 -d /var/spool/mqueue - - - - See the source tree sendmail/README file - for information on linking optional packages into the build. Use the - example below, which adds support for SASL, StartTLS - (OpenSSL) and - OpenLDAP, as a starting point. Of course, - modify it to suit your particular needs. - - - -cat >> devtools/Site/site.config.m4 << "EOF" -APPENDDEF(`confENVDEF',`-DSTARTTLS -DSASL -DLDAPMAP -DHASFLOCK') -APPENDDEF(`confLIBS', `-lssl -lcrypto -lsasl2 -lldap -llber') -APPENDDEF(`confINCDIRS', `-I/usr/include/sasl') -EOF - - - Install sendmail with the following commands: - - -cat >> devtools/Site/site.config.m4 << "EOF" -define(`confMANGRP',`root') -define(`confMANOWN',`root') -define(`confSBINGRP',`root') -define(`confUBINGRP',`root') -define(`confUBINOWN',`root') -EOF - -sed -i 's|/usr/man/man|/usr/share/man/man|' \ - devtools/OS/Linux && - -cd sendmail && -sh Build && -cd ../cf/cf && -cp generic-linux.mc sendmail.mc && -sh Build sendmail.cf - - - This package does not come with a test suite. - - - - - Now, as the root user: - - -install -v -d -m755 /etc/mail && -sh Build install-cf && - -cd ../.. && -sh Build install && - -install -v -m644 cf/cf/{submit,sendmail}.mc /etc/mail && -cp -v -R cf/* /etc/mail && - -install -v -m755 -d /usr/share/doc/sendmail-&sendmail-version;/{cf,sendmail} && - -install -v -m644 CACerts FAQ KNOWNBUGS LICENSE PGPKEYS README RELEASE_NOTES \ - /usr/share/doc/sendmail-&sendmail-version; && - -install -v -m644 sendmail/{README,SECURITY,TRACEFLAGS,TUNING} \ - /usr/share/doc/sendmail-&sendmail-version;/sendmail && - -install -v -m644 cf/README /usr/share/doc/sendmail-&sendmail-version;/cf && - -for manpage in sendmail editmap mailstats makemap praliases smrsh -do - install -v -m644 $manpage/$manpage.8 /usr/share/man/man8 -done && - -install -v -m644 sendmail/aliases.5 /usr/share/man/man5 && -install -v -m644 sendmail/mailq.1 /usr/share/man/man1 && -install -v -m644 sendmail/newaliases.1 /usr/share/man/man1 && -install -v -m644 vacation/vacation.1 /usr/share/man/man1 - - - Install the sendmail Installation and - Operations Guide with the following commands: - - - - - Remove op.pdf from the make - and install commands below if - you don't have Ghostscript installed. - - - -cd doc/op && -sed -i 's/groff/GROFF_NO_SGR=1 groff/' Makefile && -make op.txt op.pdf - - - Now, as the root user: - - -install -v -d -m755 /usr/share/doc/sendmail-&sendmail-version; && -install -v -m644 op.ps op.txt op.pdf /usr/share/doc/sendmail-&sendmail-version; && -cd ../.. - - - - - Command Explanations - - - cat > devtools/Site/site.config.m4 << "EOF": - This creates a configuration file changing some of the default settings. - - - - sed ... devtools/OS/Linux: The site.config.m4 - does not honor a change to the man directory, so fix it in the OS - definitions. - - - - - - sh Build; sh Build sendmail.cf; sh Build install-cf; - sh Build install: sendmail uses an - m4 based build script to create the various - Makefiles. These commands build and install the - package. - - - - for manpage in...;do...;done; install ...: The man - pages are installed already formatted and man displays - them somewhat garbled. These commands replace the formatted pages with - pages man can display properly. - - - - - - Configuring sendmail - - - Config Files - - - /etc/mail/* - - - - /etc/mail/* - - - - - - Configuration Information - - - - Ensure you have a fully qualified domain name defined - in /etc/hosts for your system before proceeding. - - - - - Create the /etc/mail/local-host-names and - /etc/mail/aliases files using the following - commands as the root user: - - -echo $(hostname) > /etc/mail/local-host-names -cat > /etc/mail/aliases << "EOF" -postmaster: root -MAILER-DAEMON: root - -EOF -# Does not work if there is no database backend compiled in: -#newaliases - - - sendmail's primary configuration file, - /etc/mail/sendmail.cf, is complex and not meant to - be directly edited. The recommended method for changing it is to modify - /etc/mail/sendmail.mc and various - m4 files, then run the m4 - macro processor from within - /etc/mail as follows: - - -cd /etc/mail && -m4 m4/cf.m4 sendmail.mc > sendmail.cf - - - A full explanation of the files to modify, and the available - parameters can be found in /etc/mail/README. - - - - - - <phrase revision="sysv">Boot Script</phrase> - <phrase revision="systemd">Systemd Unit</phrase> - - - To automate the running of sendmail - at startup, install the - /etc/rc.d/init.d/sendmail - init script - sendmail.service - unit included in the - - package: - - - - sendmail - - -make install-sendmail - - - - The -qNm option to sendmail, where N is number - of minutes, controls how often sendmail - will process the mail queue. A default of 5 minutes is used in the - init script. - systemd unit. Individual - workstation users may want to set this as low as 1 minute, large - installations handling more mail may want to set it higher. - - - - - - - - - Contents - - - Installed Programs - Installed Libraries - Installed Directories - - - editmap, mailstats, makemap, praliases, sendmail, smrsh, - and vacation; symlinks to /usr/sbin/sendmail: hoststat, mailq, - newaliases, and purgestat - None - /etc/mail, /usr/share/doc/sendmail-&sendmail-version;, - and /var/spool/clientmqueue - - - - - Short Descriptions - - - - - editmap - - - queries and edits sendmail map files - - - editmap - - - - - - hoststat - - - prints sendmail's persistent host status - - - hoststat - - - - - - mailstats - - - displays sendmail statistics - - - mailstats - - - - - - mailq - - - prints a summary of outbound mail messages waiting for delivery - - - mailq - - - - - - makemap - - - creates sendmail map files - - - makemap - - - - - - newaliases - - - rebuilds /etc/mail/aliases.db from the - contents of /etc/mail/aliases - - - newaliases - - - - - - praliases - - - displays current sendmail aliases - - - praliases - - - - - - purgestat - - - causes sendmail to clear (purge) - all its host-status information - - - purgestat - - - - - - sendmail - - - is the sendmail mail transport agent - - - sendmail - - - - - - smrsh - - - is a restricted shell for sendmail - - - smrsh - - - - - - vacation - - - is an email auto responder - - - vacation - - - - - - - - - diff --git a/server/major/apache.xml b/server/major/apache.xml deleted file mode 100644 index 00155cf722..0000000000 --- a/server/major/apache.xml +++ /dev/null @@ -1,548 +0,0 @@ - - - %general-entities; - - - - - - - -]> - - - - - - Apache-&apache-version; - - - Apache - - - - Introduction to Apache HTTPD - - - The Apache HTTPD package contains an open-source HTTP - server. It is useful for creating local intranet web sites or running huge - web serving operations. - - - &lfs121_checked; - - Package Information - - - - Download (HTTP): - - - - - Download (FTP): - - - - - Download MD5 sum: &apache-md5sum; - - - - - Download size: &apache-size; - - - - - Estimated disk space required: &apache-buildsize; - - - - - Estimated build time: &apache-time; - - - - - Additional Downloads - - - - Required patch: - - - - - - Apache HTTPD Dependencies - - Required - - and - - - - Optional - - , - , - , - , - , - or - or - ELinks, - , - ( needs to be - installed with ldap support), - , - &berkeley-db;, and - Distcache - - - - - - Installation of Apache HTTPD - - - For security reasons, running the server as an unprivileged user and group - is strongly encouraged. Create the following group and user using the - following commands as root: - - -groupadd -g 25 apache && -useradd -c "Apache Server" -d /srv/www -g apache \ - -s /bin/false -u 25 apache - - - Build and install Apache HTTPD by running the - following commands: - - -patch -Np1 -i ../httpd-&apache-version;-blfs_layout-1.patch && - -sed '/dir.*CFG_PREFIX/s@^@#@' -i support/apxs.in && - -sed -e '/HTTPD_ROOT/s:${ap_prefix}:/etc/httpd:' \ - -e '/SERVER_CONFIG_FILE/s:${rel_sysconfdir}/::' \ - -e '/AP_TYPES_CONFIG_FILE/s:${rel_sysconfdir}/::' \ - -i configure && - -sed -e '/encoding.h/a # include <libxml/xmlstring.h>' \ - -i modules/filters/mod_xml2enc.c && - -./configure --enable-authnz-fcgi \ - --enable-layout=BLFS \ - --enable-mods-shared="all cgi" \ - --enable-mpms-shared=all \ - --enable-suexec=shared \ - --with-apr=/usr/bin/apr-1-config \ - --with-apr-util=/usr/bin/apu-1-config \ - --with-suexec-bin=/usr/lib/httpd/suexec \ - --with-suexec-caller=apache \ - --with-suexec-docroot=/srv/www \ - --with-suexec-logfile=/var/log/httpd/suexec.log \ - --with-suexec-uidmin=100 \ - --with-suexec-userdir=public_html && -make - - - This package does not come with a test suite. - - - - Now, as the root user: - - -make install && - -mv -v /usr/sbin/suexec /usr/lib/httpd/suexec && -chgrp apache /usr/lib/httpd/suexec && -chmod 4754 /usr/lib/httpd/suexec && - -chown -v -R apache:apache /srv/www - - - - - Command Explanations - - - sed '/dir.*CFG_PREFIX/s@^@#@'...: Forces the - apxs utility to use absolute pathnames for - modules, when instructed to do so. - - - - sed -e '/HTTPD_ROOT/s ...: Fixes some paths. - - - - sed -e '/encoding.h/a ...; Fix building against - libxml-2.12.x. - - - - --enable-authnz-fcgi: Build FastCGI - authorizer-based authentication and authorization (mod_authnz_fcgi.so - fast CGI module). - - - - --enable-mods-shared="all cgi": The modules should be - compiled and used as Dynamic Shared Objects (DSOs) so they can be included - and excluded from the server using the run-time configuration directives. - - - - --enable-mpms-shared=all: This switch ensures that - all MPM (Multi Processing Modules) are built as Dynamic Shared Objects - (DSOs), so the user can choose which one to use at runtime. - - - - --enable-suexec: This switch enables building of the - Apache suEXEC module which can be used to allow - users to run CGI and SSI scripts under user IDs different from the user ID - of the calling web server. - - - - --with-suexec-*: These switches control suEXEC module - behavior, such as default document root, minimal UID that can be used to - run the script under the suEXEC. Please note that with minimal UID 100, you - can't run CGI or SSI scripts under suEXEC as the - apache user. - - - - ... /usr/lib/httpd/suexec: These commands put - suexec wrapper into proper location, since it - is not meant to be run directly. They also adjust proper - permissions of the binary, making it setgid - apache. - - - - chown -R apache:apache /srv/www: By default, the - installation process installs files (documentation, error messages, - default icons, etc.) with the ownership of the user that extracted the - files from the tar file. If you want to change the ownership to another - user, you should do so at this point. The only requirement is that the - document directories need to be accessible by the httpd - process with (r-x) permissions and files need to be readable (r--) by the - apache user. - - - - - - Configuring Apache - - - Config Files - - - /etc/httpd/httpd.conf and - /etc/httpd/extra/* - - - - /etc/httpd/httpd.conf - - - - /etc/httpd/extra/* - - - - - - Configuration Information - - - See - for detailed instructions on customising your - Apache HTTP server configuration file. - - - - There is no reason, at least for internet facing sites, not - to use SSL encryption. Setting up a secured website does not cost - anything except installing one additional small tool and a few - minutes of configuration work. Use this guideline at - to create - world-wide accepted certificates and renew them on a regular basis. - - - - - - <phrase revision="sysv">Boot Script</phrase> - <phrase revision="systemd">Systemd Unit</phrase> - - - If you want the Apache server to - start automatically when the system is booted, install the - /etc/rc.d/init.d/httpd - init script - httpd.service - unit included in the - - package: - - - - apache - - -make install-httpd - - - - - - - Contents - - - Installed Programs - Installed Libraries - Installed Directories - - - - ab, apachectl, apxs, checkgid, dbmmanage, fcgistarter, - htcacheclean, htdbm, htdigest, htpasswd, httpd, - httxt2dbm, logresolve, and rotatelogs - - - - Several libraries under /usr/lib/httpd/modules/ - - - /etc/httpd, - /srv/www, - /usr/include/httpd, - /usr/lib/httpd, - /usr/share/httpd, - /var/log/httpd, and - /var/run/httpd - - - - - - Short Descriptions - - - - - ab - - - is a tool for benchmarking your Apache - HTTP server - - - ab - - - - - - apachectl - - - is a front end to the Apache HTTP server - which is designed to help the administrator control the functioning - of the Apache httpd daemon - - - apachectl - - - - - - apxs - - - is a tool for building and installing extension modules for the - Apache HTTP server - - - apxs - - - - - - checkgid - - - is a program that checks whether it can setgid to the group - specified. This is to see if it is a valid group for Apache2 to use - at runtime. If the user (should be run as superuser) is in that - group, or can setgid to it, it will return 0 - - - checkgid - - - - - - dbmmanage - - - is used to create and update the DBM format files used to store - usernames and passwords for basic authentication of HTTP users - - - dbmmanage - - - - - - fcgistarter - - - is a tool to start a FastCGI program - - - fcgistarter - - - - - - htcacheclean - - - is used to clean up the disk cache - - - htcacheclean - - - - - - htdbm - - - is used to manipulate the DBM password databases - - - htdbm - - - - - - htdigest - - - is used to create and update the flat-files used to store usernames, - realms and passwords for digest authentication of HTTP users - - - htdigest - - - - - - htpasswd - - - is used to create and update the flat-files used to store usernames - and passwords for basic authentication of HTTP users - - - htpasswd - - - - - - httpd - - - is the Apache HTTP server program - - - httpd - - - - - - httxt2dbm - - - is used to generate DBM files from text, for use in RewriteMap - - - httxt2dbm - - - - - - logresolve - - - is a post-processing program to resolve IP-addresses in - Apache's access log files - - - logresolve - - - - - - rotatelogs - - - is a simple program for use in conjunction with - Apache's piped log file feature - - - rotatelogs - - - - - - suexec - - - allows users to run CGI and SSI applications as a different user - - - suexec - - - - - - - - - diff --git a/server/major/bind.xml b/server/major/bind.xml deleted file mode 100644 index 3b5122b530..0000000000 --- a/server/major/bind.xml +++ /dev/null @@ -1,980 +0,0 @@ - - - %general-entities; - - - - - - - -]> - - - - - - BIND-&bind-version; - - - BIND - - - - Introduction to BIND - - - The BIND package provides a DNS server - and client utilities. If you are only interested in the utilities, refer - to the . - - - &lfs121_checked; - - Package Information - - - - Download (HTTP): - - - - - Download (FTP): - - - - - Download MD5 sum: &bind-md5sum; - - - - - Download size: &bind-size; - - - - - Estimated disk space required: &bind-buildsize; - - - - - Estimated build time: &bind-time; - - - - - BIND Dependencies - - Required - - - - - Recommended - - , - , and - - - - Optional - - , - , - , - , - , - , - (required to build documentation), - cmocka, - geoip, - jemalloc, - w3m - - - Optional database backends - - or MySQL, - , - , - , and - &berkeley-db; - - - Optional (to run the test suite) - - - - - - Editor Notes: - - - - - - Installation of BIND - - - - - - Starting with bind-9.18.20, the IP addresses for B.ROOT-SERVERS.NET - have changed. - - - - - Install BIND by running the - following commands: - - -./configure --prefix=/usr \ - --sysconfdir=/etc \ - --localstatedir=/var \ - --mandir=/usr/share/man \ - --disable-static && -make - - - Issue the following commands to run the complete suite of tests. - First, as the root user, set up - some test interfaces: - - - - - If IPv6 is not enabled in the kernel, there will be several - error messages: "RTNETLINK answers: Operation not permitted". These - messages do not affect the tests. - - - -bin/tests/system/ifconfig.sh up - - - The test suite may indicate some skipped tests depending on - what configuration options are used. Some tests are marked - UNTESTED or do even fail if - is not installed. Two tests, resolver and - dispatch, are known to fail. - To run the tests, as an unprivileged user, execute: - - -make -k check - - - Again as root, clean up the - test interfaces: - - -bin/tests/system/ifconfig.sh down - - - Finally, install the package as the root user: - - - -make install - - - - - Command Explanations - - - --sysconfdir=/etc: This parameter forces - BIND to look for configuration - files in /etc instead of - /usr/etc. - - - - - - : This parameter enables - the IDNA2008 (Internationalized Domain Names in Applications) - support. - - - - : Use this option if you want - to be able to limit the rate of recursive client queries. This may be - useful on servers which receive a large number of queries. - - - - : BIND can also be built without - capability support by using this option, at the cost of some loss of - security. - - - - : Use - one (or more) of those options to add Dynamically Loadable Zones support. - For more information refer to bind-dlz.sourceforge.net. - - - - : Use this option if you do not have - installed and do not need support - for DNS over HTTPS. - - - - - - - - Configuring BIND - - - Config files - - - named.conf, - root.hints, - 127.0.0, - rndc.conf, and - resolv.conf - - - - /etc/named.conf - - - - /etc/rndc.conf - - - - /etc/resolv.conf - - - - /etc/namedb/root.hints - - - - /etc/namedb/pz/127.0.0.0 - - - - - Configuration Information - - - BIND will be configured to run in a - chroot jail as an unprivileged user (named). This configuration is more secure - in that a DNS compromise can only affect a few files in the named user's HOME - directory. - - - - Create the unprivileged user and group named: - - -groupadd -g 20 named && -useradd -c "BIND Owner" -g named -s /bin/false -u 20 named && -install -d -m770 -o named -g named /srv/named - - - Set up some files, directories and devices needed by - BIND: - - -mkdir -p /srv/named && -cd /srv/named && -mkdir -p dev etc/named/{slave,pz} usr/lib/engines var/run/named && -mknod /srv/named/dev/null c 1 3 && -mknod /srv/named/dev/urandom c 1 9 && -chmod 666 /srv/named/dev/{null,urandom} && -cp /etc/localtime etc - - - The rndc.conf file contains information for - controlling named operations with the - rndc utility. Generate a key for use in the - named.conf and rndc.conf - with the rndc-confgen command: - - -rndc-confgen -a -b 512 -t /srv/named - - - Create the named.conf file from which - named will read the location of zone files, root - name servers and secure DNS keys: - - -cat >> /srv/named/etc/named.conf << "EOF" -options { - directory "/etc/named"; - pid-file "/var/run/named.pid"; - statistics-file "/var/run/named.stats"; - -}; -zone "." { - type hint; - file "root.hints"; -}; -zone "0.0.127.in-addr.arpa" { - type master; - file "pz/127.0.0"; -}; - -// Bind 9 now logs by default through syslog (except debug). -// These are the default logging rules. - -logging { - category default { default_syslog; default_debug; }; - category unmatched { null; }; - - channel default_syslog { - syslog daemon; // send to syslog's daemon - // facility - severity info; // only send priority info - // and higher - }; - - channel default_debug { - file "named.run"; // write to named.run in - // the working directory - // Note: stderr is used instead - // of "named.run" - // if the server is started - // with the '-f' option. - severity dynamic; // log at the server's - // current debug level - }; - - channel default_stderr { - stderr; // writes to stderr - severity info; // only send priority info - // and higher - }; - - channel null { - null; // toss anything sent to - // this channel - }; -}; -EOF - - - Create a zone file with the following contents: - - -cat > /srv/named/etc/named/pz/127.0.0 << "EOF" -$TTL 3D -@ IN SOA ns.local.domain. hostmaster.local.domain. ( - 1 ; Serial - 8H ; Refresh - 2H ; Retry - 4W ; Expire - 1D) ; Minimum TTL - NS ns.local.domain. -1 PTR localhost. -EOF - - - Create the root.hints file with the following - commands: - - - - - Caution must be used to ensure there are no leading spaces in - this file. - - - -cat > /srv/named/etc/named/root.hints << "EOF" -. 6D IN NS A.ROOT-SERVERS.NET. -. 6D IN NS B.ROOT-SERVERS.NET. -. 6D IN NS C.ROOT-SERVERS.NET. -. 6D IN NS D.ROOT-SERVERS.NET. -. 6D IN NS E.ROOT-SERVERS.NET. -. 6D IN NS F.ROOT-SERVERS.NET. -. 6D IN NS G.ROOT-SERVERS.NET. -. 6D IN NS H.ROOT-SERVERS.NET. -. 6D IN NS I.ROOT-SERVERS.NET. -. 6D IN NS J.ROOT-SERVERS.NET. -. 6D IN NS K.ROOT-SERVERS.NET. -. 6D IN NS L.ROOT-SERVERS.NET. -. 6D IN NS M.ROOT-SERVERS.NET. -A.ROOT-SERVERS.NET. 6D IN A 198.41.0.4 -A.ROOT-SERVERS.NET. 6D IN AAAA 2001:503:ba3e::2:30 -B.ROOT-SERVERS.NET. 6D IN A 170.247.170.2 -B.ROOT-SERVERS.NET. 6D IN AAAA 2801:1b8:10::b -C.ROOT-SERVERS.NET. 6D IN A 192.33.4.12 -C.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:2::c -D.ROOT-SERVERS.NET. 6D IN A 199.7.91.13 -D.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:2d::d -E.ROOT-SERVERS.NET. 6D IN A 192.203.230.10 -E.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:a8::e -F.ROOT-SERVERS.NET. 6D IN A 192.5.5.241 -F.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:2f::f -G.ROOT-SERVERS.NET. 6D IN A 192.112.36.4 -G.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:12::d0d -H.ROOT-SERVERS.NET. 6D IN A 198.97.190.53 -H.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:1::53 -I.ROOT-SERVERS.NET. 6D IN A 192.36.148.17 -I.ROOT-SERVERS.NET. 6D IN AAAA 2001:7fe::53 -J.ROOT-SERVERS.NET. 6D IN A 192.58.128.30 -J.ROOT-SERVERS.NET. 6D IN AAAA 2001:503:c27::2:30 -K.ROOT-SERVERS.NET. 6D IN A 193.0.14.129 -K.ROOT-SERVERS.NET. 6D IN AAAA 2001:7fd::1 -L.ROOT-SERVERS.NET. 6D IN A 199.7.83.42 -L.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:9f::42 -M.ROOT-SERVERS.NET. 6D IN A 202.12.27.33 -M.ROOT-SERVERS.NET. 6D IN AAAA 2001:dc3::35 -EOF - - - The root.hints file is a list of root name - servers. This file must be updated periodically with the - dig utility. A current copy of root.hints can be - obtained from . - For details, consult the "BIND 9 Administrator Reference Manual". - - - - Create or modify resolv.conf to use the new - name server with the following commands: - - - - - Replace <yourdomain.com> with - your own valid domain name. - - - -cp /etc/resolv.conf /etc/resolv.conf.bak && -cat > /etc/resolv.conf << "EOF" -search <yourdomain.com> -nameserver 127.0.0.1 -EOF - - - Set permissions on the chroot jail with the - following command: - - -chown -R named:named /srv/named - - - - - <phrase revision="sysv">Boot Script</phrase> - <phrase revision="systemd">Systemd Unit</phrase> - - - To start the DNS server at boot, install the - /etc/rc.d/init.d/bind init - script - named.service - unit included in the - - package: - - - - bind - - -make install-bind -make install-named - - - Now start BIND with the following command: - - -/etc/rc.d/init.d/bind start -systemctl start named - - - - - Testing BIND - - - Test out the new BIND 9 installation. - First query the local host address with dig: - - -dig -x 127.0.0.1 - - - Now try an external name lookup, taking note of the speed - difference in repeated lookups due to the caching. Run the - dig command twice on the same address: - - -dig www.&lfs-domainname; && -dig www.&lfs-domainname; - - - You can see almost instantaneous results with the named caching - lookups. Consult the BIND Administrator - Reference Manual (see below) for further configuration options. - - - - - - - - Administrator Reference Manual (ARM) - - - The ARM documentation (do not confuse with the processor architecture) - is included in the source package. The documentation is in .rst - format which means that it can be converted in human readable formats - if is installed. - - - - When BIND is set up, especially if it is going - to be operating in a real live scenario, it is highly - recommended to consult the ARM documentation. ISC provides an - updated set of excellent documentation along with every release - so it can be easily viewed and/or downloaded – so there is - no excuse to not read the docs. The formats ISC provides are PDF, - epub and html at . - - - - - Contents - - - Installed Programs - Installed Libraries - Installed Directories - - - - arpaname, ddns-confgen, delv, dig, dnssec-cds, - dnssec-dsfromkey, dnssec-importkey, dnssec-keyfromlabel, dnssec-keygen, - dnssec-revoke, dnssec-settime, dnssec-signzone, - dnssec-verify, host, mdig, named, named-checkconf, - named-checkzone, named-compilezone, named-journalprint, - named-nzd2nzf, named-rrchecker, nsec3hash, nslookup, nsupdate, rndc, - rndc-confgen, and tsig-keygen (symlink) - - libbind9.so, libdns.so, libirs.so, libisc.so, libisccc.so, - libisccfg.so, and libns.so - - /usr/include/{bind9,dns,dst,irs,isc,isccc,isccfg,ns}, - /usr/lib/bind, - and /srv/named - - - - - Short Descriptions - - - - - arpaname - - - translates IP addresses to the corresponding ARPA names - - - arpaname - - - - - - ddns-confgen - - - generates a key for use by nsupdate and named - - - ddns-confgen - - - - - - delv - - - is a new debugging tool that is a successor to - dig - - - delv - - - - - - dig - - - interrogates DNS servers - - - dig - - - - - - dnssec-cds - - - changes DS records for a child zone based on - CDS/CDNSKEY - - - dnssec-cds - - - - - - dnssec-dsfromkey - - - outputs the Delegation Signer (DS) resource record (RR) - - - dnssec-dsfromkey - - - - - - dnssec-importkey - - - reads a public DNSKEY record and generates a pair of - .key/.private files - - - dnssec-importkey - - - - - - dnssec-keyfromlabel - - - gets keys with the given label from a cryptography hardware device - and builds key files for DNSSEC - - - dnssec-keyfromlabel - - - - - - dnssec-keymgr - - - ensures correct DNSKEY coverage based on a defined policy - - - dnssec-keymgr - - - - - - dnssec-revoke - - - sets the REVOKED bit on a DNSSEC key - - - dnssec-revoke - - - - - - dnssec-settime - - - sets the key timing metadata for a DNSSEC key - - - dnssec-settime - - - - - - dnssec-signzone - - - generates signed versions of zone files - - - dnssec-signzone - - - - - - dnssec-verify - - - verifies that a zone is fully signed for each algorithm found - in the DNSKEY RRset for the zone, and that the NSEC / NSEC3 - chains are complete - - - dnssec-verify - - - - - - host - - - is a utility for DNS lookups - - - host - - - - - - mdig - - - is a version of dig that allows multiple queries at once - - - mdig - - - - - - named - - - is the name server daemon - - - named - - - - - - named-checkconf - - - checks the syntax of named.conf - files - - - named-checkconf - - - - - - named-checkzone - - - checks zone file validity - - - named-checkzone - - - - - - named-compilezone - - - is similar to named-checkzone, but it always - dumps the zone contents to a specified file in a specified format - - - named-compilezone - - - - - - named-journalprint - - - prints the zone journal in human-readable form - - - named-journalprint - - - - - - named-rrchecker - - - reads an individual DNS resource record from standard input and - checks if it is syntactically correct - - - named-rrchecker - - - - - - named-nzd2nzf - - - converts an NZD database to NZF text format - - - named-nzd2nzf - - - - - - nsec3hash - - - generates an NSEC3 hash based on a set of NSEC3 parameters - - - nsec3hash - - - - - - nslookup - - - is a program used to query Internet domain nameservers - - - nslookup - - - - - - nsupdate - - - is used to submit DNS update requests - - - nsupdate - - - - - - rndc - - - controls the operation of BIND - - - rndc - - - - - - rndc-confgen - - - generates rndc.conf files - - - rndc-confgen - - - - - - tsig-keygen - - - is a symlink to ddns-confgen - - - tsig-keygen - - - - - - - - - diff --git a/server/major/kea-kernel.xml b/server/major/kea-kernel.xml deleted file mode 100644 index 9aee57443a..0000000000 --- a/server/major/kea-kernel.xml +++ /dev/null @@ -1,10 +0,0 @@ - - - -[*] Networking support ---> [NET] - Networking options ---> - <*/M> Packet socket [PACKET] - [*] TCP/IP networking [INET] - <*> The IPv6 protocol ---> [IPV6] diff --git a/server/major/kea.xml b/server/major/kea.xml deleted file mode 100644 index 76043c29c4..0000000000 --- a/server/major/kea.xml +++ /dev/null @@ -1,807 +0,0 @@ - - - %general-entities; - - - - - - - - -]> - - - - - Kea &kea-dhcp-version; DHCP Server - - - Kea DHCP Server - - - - Introduction to ISC Kea DHCP Server - - - The ISC Kea package contains the - server programs for DHCP. It is the successor of the - old ISC DHCP server which is end-of-life since December 2022. - - - &lfs121_checked; - - Package Information - - - - Download (HTTP): - - - - - Download (FTP): - - - - - Download MD5 sum: &kea-md5sum; - - - - - Download size: &kea-size; - - - - - Estimated disk space required: &kea-buildsize; - - - - - Estimated build time: &kea-time; - - - - - Kea Dependencies - - Required - - and - - - - Optional - - , - ; for documentation: - , - , and - ; for tests: - GoogleTest - - - Optional database backends - - or MySQL, and - - - - - - - Kernel Configuration - - - You must have Packet Socket support. IPv6 support is optional. - - - - - - Kea - - - - - - Installation of ISC Kea DHCP Server - - - First fix detection of Python-3.12 by the build system: - - -sed -e 's/:3/:4/' \ - -i configure - - - Remove one installation step that uses an obsolete python module: - - -sed -e '/dlist="/d' \ - -i src/bin/shell/Makefile.in - - - Install ISC Kea DHCP Server by running - the following commands: - - -./configure --prefix=/usr \ - --sysconfdir=/etc \ - --localstatedir=/var \ - --enable-shell \ - --with-openssl \ - --disable-static \ - --docdir=/usr/share/doc/kea-&kea-dhcp-version; && -make - - - To test the results, you must have installed GoogleTest and kept - its source. You should also have passed - to - configure above. Run the tests with - make check. Three tests in the TLSTest suite are - known to fail. - - - - To install the ISC Kea DHCP Server suite, - issue the following commands as the - root user: - - -make -j1 install - - - - - Command Explanations - - - --enable-shell: Allows building - kea-shell, a command line interface for - the control agent. - - - - --with-openssl: Allows using OpenSSL for - communicating with the control-agent and for DNS updates. - - - - - - or : - ISC Kea can store the leases on a - database. This might be useful in large environments running - a cluster of DHCP servers. Using the memfile - backend (which is a CSV file stored locally) is possible anyhow. - - - - : - If documentation is to be rebuilt, add that option. Several - dependencies must be installed for generating the documentation. - - - - make -j1 install: ISC does not recommend - any form of parallel or job server options when doing the install. - - - - - - Configuring ISC Kea DHCP Server - - - The support of IPv4, IPv6 and DDNS has been split into - separate servers which runs independently from each other. Each - of them has its own configuration file. - Additional configuration files come from the keactrl agent which - is used to control the servers in an easy way. - - - - Consult the - Kea Administrator Reference Manual - for detailed information about the configuration of - ISC Kea as it is a quite capable system. - The configuration shown below is a bare minimum to get a DHCP server - running but it already includes configuration for DDNS (Dynamic DNS). - That setup might be working for small networks with a few clients and - low traffic. For greater installations with thousands of clients, - ISC Kea can be configured to use databases - (mariadb or postgresql) to store the leases and build a cluster with - multiple nodes. It can be integrated to - ISC Stork - which is a management dashboard to ISC Kea. - - - - If you want to start the DHCP Server at boot, install the - /etc/rc.d/init.d/kea-dhcpd - init script - kea-dhcpd.service - unit included in the - - - package: - - -make install-kea-dhcpd - - - Config Files - - - - /etc/kea/keactrl.conf, - - /etc/kea/kea-ctrl-agent.conf, - /etc/kea/kea-dhcp4.conf, - /etc/kea/kea-dhcp6.conf, and - /etc/kea/kea-dhcp-ddns.conf - - - - /etc/kea/keactrl.conf - - - - /etc/kea/kea-ctrl-agent.conf - - - - /etc/kea/kea-dhcp4.conf - - - - /etc/kea/kea-dhcp6.conf - - - - /etc/kea/kea-dhcp-ddns.conf - - - - - Kea Control Configuration - - keactrl is used to control the - independent servers (IPv4, IPv6, DDNS). Its configuration file - /etc/kea/keactrl.conf is installed by - default and includes many path settings which are defined - due to the configure at build time. It also - includes settings to specify which of the servers should be - started. - - - - Control Agent - The Control Agent is a daemon which allows the - (re)configuration of the Kea DHCP service via REST API. - Set ctrl_agent=yes to start the - control agent (service providing a REST API), set - ctrl_agent=no in case the control agent - is not needed. - - - IPv4 DHCP server - This daemon handles requests for IPv4 addresses. - Set dhcp4=yes to start it, set - dhcp4=no in case DHCP service for IPv4 - is not wanted. - - - IPv6 DHCP server - This daemon handles requests for IPv6 addresses. - Set dhcp6=yes to start it, set - dhcp6=no in case DHCP service for IPv6 - is not wanted. - - - Dynamic DNS - This daemon is used to update a DNS server dynamically - when Kea assigns an IP address to a device. - Set dhcp_ddns=yes to enable it, set - dhcp_ddns=no in case dynamic DNS updates - are not wanted. - - - - - The Netconf service is not installed because required - dependencies are not covered by the current BLFS book. -. - - - With the following command, Kea will be configured to - start the dhcp service for IPv4 and the - dynamic DNS update, while the control agent and - the dhcp service for IPv6 remain down. Tweak the command to - match your needs on started services and execute as the - &root; user: - - -sed -e "s/^dhcp4=.*/dhcp4=yes/" \ - -e "s/^dhcp6=.*/dhcp6=no/" \ - -e "s/^dhcp_ddns=.*/dhcp_ddns=yes/" \ - -e "s/^ctrl_agent=.*/ctrl_agent=no/" \ - -i /etc/kea/keactrl.conf - - - - - - Kea Configuration Using Systemd Units - - - Four service units are used to start various daemons - provided by Kea: - - - - - Control Agent - - The Control Agent is a daemon which allows the - (re)configuration of the Kea DHCP service via REST API. - Run systemctl enable kea-ctrl-agent - if this daemon is needed. - - - - IPv4 DHCP server - - This daemon handles requests for IPv4 addresses. - Run systemctl enable kea-dhcp4-server to - have it started by systemd. - - - - IPv6 DHCP server - - This daemon handles requests for IPv6 addresses. - Run systemctl enable kea-dhcp6-server to - have it started by systemd. - - - - Dynamic DNS - - This daemon is used to update a DNS server dynamically - when Kea assigns an IP address to a device. - Run systemctl enable kea-ddns-server to - have it started by systemd. - - - - - The Netconf service is not installed because required - dependencies are not covered by the current BLFS book. - - - - - Control Agent Configuration - - - The provided configuration could be used without changes - but in BLFS, objects like sockets are stored in - /run - rather than in - /tmp. - - -cat > /etc/kea/kea-ctrl-agent.conf << "EOF" -// Begin /etc/kea/kea-ctrl-agent.conf -{ - // This is a basic configuration for the Kea Control Agent. - // RESTful interface to be available at http://127.0.0.1:8000/ - "Control-agent": { - "http-host": "127.0.0.1", - "http-port": 8000, - "control-sockets": { - "dhcp4": { - "socket-type": "unix", - "socket-name": "/run/kea4-ctrl-socket" - }, - "dhcp6": { - "socket-type": "unix", - "socket-name": "/run/kea6-ctrl-socket" - }, - "d2": { - "socket-type": "unix", - "socket-name": "/run/kea-ddns-ctrl-socket" - } - }, - - "loggers": [ - { - "name": "kea-ctrl-agent", - "output_options": [ - { - "output": "/var/log/kea-ctrl-agent.log", - "pattern": "%D{%Y-%m-%d %H:%M:%S.%q} %-5p %m\n" - } - ], - "severity": "INFO", - "debuglevel": 0 - } - ] - } -} -// End /etc/kea/kea-ctrl-agent.conf -EOF - - - - - IPv4 DHCP Server Configuration - - - A sample configuration file is created in /etc/kea/kea-dhcp4.conf. - Adjust the file to suit your needs or overwrite it by running - the following command as the &root; user (you'll need to edit this - file anyway: at least the interfaces field, - the ddns-qualifying-suffix field, and almost - all the fields in Subnet4: - - -cat > /etc/kea/kea-dhcp4.conf << "EOF" -// Begin /etc/kea/kea-dhcp4.conf -{ - "Dhcp4": { - // Add names of your network interfaces to listen on. - "interfaces-config": { - "interfaces": [ "eth0", "eth2" ] - }, - - "control-socket": { - "socket-type": "unix", - "socket-name": "/run/kea4-ctrl-socket" - }, - - "lease-database": { - "type": "memfile", - "lfc-interval": 3600 - }, - - "expired-leases-processing": { - "reclaim-timer-wait-time": 10, - "flush-reclaimed-timer-wait-time": 25, - "hold-reclaimed-time": 3600, - "max-reclaim-leases": 100, - "max-reclaim-time": 250, - "unwarned-reclaim-cycles": 5 - }, - - "renew-timer": 900, - "rebind-timer": 1800, - "valid-lifetime": 3600, - - // Enable DDNS - Kea will dynamically update the DNS - "ddns-send-updates" : true, - "ddns-qualifying-suffix": "your.domain.tld", - "dhcp-ddns" : { - "enable-updates": true - }, - - "subnet4": [ - { - "subnet": "192.168.56.0/24", - "pools": [ { "pool": "192.168.56.16 - 192.168.56.254" } ], - "option-data": [ - { - "name": "domain-name", - "data": "your.domain.tld" - }, - { - "name": "domain-name-servers", - "data": "192.168.56.2, 192.168.3.7" - }, - { - "name": "domain-search", - "data": "your.domain.tld" - }, - { - "name": "routers", - "data": "192.168.56.2" - } - ] - } - ], - - "loggers": [ - { - "name": "kea-dhcp4", - "output_options": [ - { - "output": "/var/log/kea-dhcp4.log", - "pattern": "%D{%Y-%m-%d %H:%M:%S.%q} %-5p %m\n" - } - ], - "severity": "INFO", - "debuglevel": 0 - } - ] - } -} -// End /etc/kea/kea-dhcp4.conf -EOF - - - - - IPv6 DHCP Server Configuration - - - The configuration for IPv6 is similar to the configuration - of IPv4. The configuration file is - /etc/kea/kea-dhcp6.conf. - - - - - - Dynamic DNS Configuration - - - If there is a server running, - ISC Kea can update the DNS when - it gives an IP address to a client. A sample configuration - file is created in /etc/kea/kea-dhcp-ddns.conf. - Adjust the file to suit your needs or overwrite it by running - the following command as the &root; user: - - -cat > /etc/kea/kea-dhcp-ddns.conf << "EOF" -// Begin /etc/kea/kea-dhcp-ddns.conf -{ - "DhcpDdns": { - "ip-address": "127.0.0.1", - "port": 53001, - "control-socket": { - "socket-type": "unix", - "socket-name": "/run/kea-ddns-ctrl-socket" - }, - - "tsig-keys": [ - { - "name" : "rndc-key", - "algorithm" : "hmac-sha256", - "secret" : "1FU5hD7faYaajQCjSdA54JkTPQxbbPrRnzOKqHcD9cM=" - } - ], - - "forward-ddns" : { - "ddns-domains" : [ - { - "name" : "your.domain.tld.", - "key-name": "rndc-key", - "dns-servers" : [ - { - "ip-address" : "127.0.0.1", - "port" : 53 - } - ] - } - ] - }, - - "reverse-ddns" : { - "ddns-domains" : [ - { - "name" : "56.168.192.in-addr.arpa.", - "key-name": "rndc-key", - "dns-servers" : [ - { - "ip-address" : "127.0.0.1", - "port" : 53 - } - ] - } - ] - }, - - "loggers": [ - { - "name": "kea-dhcp-ddns", - "output_options": [ - { - "output": "/var/log/kea-ddns.log", - "pattern": "%D{%Y-%m-%d %H:%M:%S.%q} %-5p %m\n" - } - ], - "severity": "INFO", - "debuglevel": 0 - } - ] - } -} -// End /etc/kea/kea-dhcp-ddns.conf -EOF - - - - The value of secret is just an example. - Generate the key for your installation by using the - rndc-confgen -a command or the - tsig-keygen command which both are - provided by . - - - In this example configuration, it is assumed that the DNS server - runs on the same machine as Kea does (accessible via - 127.0.0.1) and that this machine has - the IP 192.168.56.2. - - - - - - - - - Contents - - - Installed Programs - Installed Libraries - Installed Directories - - - - keactrl, kea-admin, kea-ctrl-agent, kea-dhcp4, kea-dhcp6, - kea-dhcp-ddns, kea-lfc, kea-shell - - - libkea-asiodns.so, - libkea-asiolink.so, - libkea-cc.so, - libkea-cgfclient.so, - libkea-cryptolink.so, - libkea-d2srv.so, - libkea-database.so, - libkea-dhcp_ddns.so, - libkea-dhcp++.so, - libkea-dhcpsrv.so, - libkea-dns++.so, - libkea-eval.so, - libkea-exceptions.so, - libkea-hooks.so, - libkea-http.so, - libkea-log.so, - libkea-process.so, - libkea-stats.so, - libkea-tcp.so, - libkea-util.so, and - libkea-util-io.so - - - /etc/kea, - /usr/include/kea, - /usr/lib/kea, - /usr/lib/python&python3-majorver;/site-packages/kea, - /usr/share/kea, - /usr/share/doc/kea-&kea-dhcp-version;, and - /var/lib/kea - - - - - - Short Descriptions - - - - - keactrl - - - Tool to control (start/stop) the server processes. - - - keactrl - - - - - kea-admin - - - kea-admin is a shell script which offers database maintenance. - - - kea-admin - - - - - kea-ctrl-agent - - - Daemon which exposes a RESTful control interface for - managing Kea servers. - - - kea-ctrl-agent - - - - - kea-dhcp4 - - - The server daemon providing IPv4 addresses. - - - kea-dhcp4 - - - - - kea-dhcp6 - - - The server daemon providing IPv6 addresses. - - - kea-dhcp6 - - - - - kea-dhcp-ddns - - - The server daemon performing the dynamic DNS updates. - - - kea-dhcp-ddns - - - - - kea-lfc - - - The kea-lfc service process removes redundant information - from the files used to provide persistent storage for the - memfile database backend. It is run by the Kea DHCP server. - - - kea-lfc - - - - - keashell - - - RESTful client to the ISC Kea - services. - - - keashell - - - - - - - - - diff --git a/server/major/major.xml b/server/major/major.xml deleted file mode 100644 index 99d048d42b..0000000000 --- a/server/major/major.xml +++ /dev/null @@ -1,24 +0,0 @@ - - - %general-entities; -]> - - - - - Major Servers - - - Major servers are the programs that provide content or services - to users or other programs. - - - - - - - - - diff --git a/server/major/proftpd.xml b/server/major/proftpd.xml deleted file mode 100644 index b7cbf6cde9..0000000000 --- a/server/major/proftpd.xml +++ /dev/null @@ -1,469 +0,0 @@ - - - %general-entities; - - - - - - - -]> - - - - - - ProFTPD-&proftpd-version; - - - Proftpd - - - - Introduction to ProFTPD - - - The ProFTPD package contains a secure - and highly configurable FTP daemon. This is useful for serving large - file archives over a network. - - - &lfs121_checked; - - Package Information - - - - Download (HTTP): - - - - - Download (FTP): - - - - - Download MD5 sum: &proftpd-md5sum; - - - - - Download size: &proftpd-size; - - - - - Estimated disk space required: &proftpd-buildsize; - - - - - Estimated build time: &proftpd-time; - - - - - ProFTPD Dependencies - - Optional - - , - , - , - or MySQL, - , - , and - Net::SSH2 - - - - - - Installation of ProFTPD - - - For security reasons, you should install - ProFTPD using an unprivileged user and group. - As the root user: - - -groupadd -g 46 proftpd && -useradd -c proftpd -d /srv/ftp -g proftpd \ - -s /usr/bin/proftpdshell -u 46 proftpd && - -install -v -d -m775 -o proftpd -g proftpd /srv/ftp && -ln -v -s /usr/bin/false /usr/bin/proftpdshell && -echo /usr/bin/proftpdshell >> /etc/shells - - - Install ProFTPD as an unprivileged user by - running the following commands: - - -./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/run && -make - - - This packages does not come with a usable test suite. - - - - Now, as the root user: - - -make install && -install -d -m755 /usr/share/doc/proftpd-&proftpd-version; && -cp -Rv doc/* /usr/share/doc/proftpd-&proftpd-version; - - - - - Command Explanations - - - install -v -d -m775 -o proftpd -g proftpd /srv/ftp: - Create the home directory for ProFTPD. - - - - ln -v -s /usr/bin/false /usr/bin/proftpdshell: - Set the default shell as a link to an invalid shell. - - - - echo /usr/bin/proftpdshell >> /etc/shells: - Fake a valid shell for compatibility purposes. - - - - - The above two commands can be omitted if the following directive is - placed in the configuration file: - - -RequireValidShell off - - - By default, proftpd will require that users logging in have valid - shells. The RequireValidShell directive turns off this requirement. - This is only recommended if you are setting up your FTP server - exclusively for anonymous downloads. - - - - - - Support for most of the dependency packages requires using options - passed to the configure script. View the output - from ./configure --help for complete information - about enabling dependency packages. - - - - - - - Configuring ProFTPD - - - Config Files - - - /etc/proftpd.conf - - - - /etc/proftpd.conf - - - - - - Configuration Information - - - This is a simple, download-only sample configuration. See the - ProFTPD documentation in - /usr/share/doc/proftpd and - consult the website at for - example configurations. - - -cat > /etc/proftpd.conf << "EOF" -# This is a basic ProFTPD configuration file -# It establishes a single server and a single anonymous login. - -ServerName "ProFTPD Default Installation" -ServerType standalone -DefaultServer on - -# Port 21 is the standard FTP port. -Port 21 -# Umask 022 is a good standard umask to prevent new dirs and files -# from being group and world writable. -Umask 022 - -# To prevent DoS attacks, set the maximum number of child processes -# to 30. If you need to allow more than 30 concurrent connections -# at once, simply increase this value. Note that this ONLY works -# in standalone mode, in inetd mode you should use an inetd server -# that allows you to limit maximum number of processes per service - -MaxInstances 30 - -# Set the user and group that the server normally runs at. -User proftpd -Group proftpd - -# To cause every FTP user to be "jailed" (chrooted) into their home -# directory, uncomment this line. -#DefaultRoot ~ - - -# Normally, files should be overwritable. -<Directory /*> - AllowOverwrite on -</Directory> - -# A basic anonymous configuration, no upload directories. -<Anonymous ~proftpd> - User proftpd - Group proftpd - # Clients should be able to login with "anonymous" as well as "proftpd" - UserAlias anonymous proftpd - - # Limit the maximum number of anonymous logins - MaxClients 10 - - # 'welcome.msg' should be displayed at login, and '.message' displayed - # in each newly chdired directory. - DisplayLogin welcome.msg - DisplayChdir .message - - # Limit WRITE everywhere in the anonymous chroot - <Limit WRITE> - DenyAll - </Limit> -</Anonymous> -EOF - - - - - <phrase revision="sysv">Boot Script</phrase> - <phrase revision="systemd">Systemd Unit</phrase> - - - Install the - /etc/rc.d/init.d/proftpd - init script - proftpd.service - unit included in the - - - package: - - - - proftpd - - -make install-proftpd - - - - - - - Contents - - - Installed Programs - Installed Libraries - Installed Directory - - - - ftpasswd, ftpcount, ftpdctl, ftpmail, ftpquota, ftpscrub, ftpshut, - ftptop, ftpwho, in.proftpd (symlink to proftpd), proftpd, and prxs - - - None - - - /usr/{include,lib}/proftpd, - /usr/share/doc/proftpd-&proftpd-version;, and - /srv/ftp - - - - - - Short Descriptions - - - - - proftpd - - - is the FTP daemon - - - proftpd - - - - - - ftpcount - - - shows the current number of connections - - - ftpcount - - - - - - ftpdctl - - - is used to control the proftpd daemon while it is running - - - ftpdctl - - - - - - ftpasswd - - - is a Perl script designed to create and manage - AuthUserFiles and AuthGroupFiles of the correct format for proftpd - - - ftpasswd - - - - - - ftpmail - - - is a Perl script for sending email based on the proftpd TransferLog - - - ftpmail - - - - - - ftpquota - - - is a Perl script designed to create and manage limits and tally - files for the mod_quotatab + mod_quotatab_file module combination - for proftpd - - - ftpquota - - - - - - ftpscrub - - - provides a way to scrub the scoreboard file on demand - - - ftpscrub - - - - - - ftpshut - - - shuts down all proftpd servers - at a given time - - - ftpshut - - - - - - ftptop - - - displays running status on connections - - - ftptop - - - - - - ftpwho - - - shows current process information for each session - - - ftpwho - - - - - - prxs - - - is a Perl script designed to compile and install third-party - modules, from source code, as DSO modules for the installed - proftpd - - - prxs - - - - - - - - - diff --git a/server/major/vsftpd.xml b/server/major/vsftpd.xml deleted file mode 100644 index 86ff00c4f1..0000000000 --- a/server/major/vsftpd.xml +++ /dev/null @@ -1,328 +0,0 @@ - - - %general-entities; - - - - - - - - -]> - - - - - - vsftpd-&vsftpd-version; - - - vsftpd - - - - Introduction to vsftpd - - - The vsftpd package contains a very - secure and very small FTP daemon. This is useful for serving files - over a network. - - - &lfs121_checked; - - Package Information - - - - Download (HTTP): - - - - - Download (FTP): - - - - - Download MD5 sum: &vsftpd-md5sum; - - - - - Download size: &vsftpd-size; - - - - - Estimated disk space required: &vsftpd-buildsize; - - - - - Estimated build time: &vsftpd-time; - - - - - vsftpd Dependencies - - Required - - - - - Recommended - - - - - Optional - - - - - - - - Installation of vsftpd - - - For security reasons, running vsftpd - as an unprivileged user and group is encouraged. Also, a user should be - created to map anonymous users. As the root user, create the needed directories, - users, and groups with the following commands: - - -install -v -d -m 0755 &vsftpd-empty; && -install -v -d -m 0755 /home/ftp && -groupadd -g 47 vsftpd && -groupadd -g 45 ftp && - -useradd -c "vsftpd User" -d /dev/null -g vsftpd -s /bin/false -u 47 vsftpd && -useradd -c anonymous_user -d /home/ftp -g ftp -s /bin/false -u 45 ftp - - - Gcc-10 and later flags an error for an implicit type cast. Make it - explicit: - - -sed -e "s/kVSFSysStrOpenUnknown;/(enum EVSFSysUtilOpenMode)&/" -i sysstr.c - - - Build vsftpd as an unprivileged user - using the following command: - - -make - - - This package does not come with a test suite. - - - - Once again, become the root - user and install vsftpd with the following - commands: - - -install -v -m 755 vsftpd /usr/sbin/vsftpd && -install -v -m 644 vsftpd.8 /usr/share/man/man8 && -install -v -m 644 vsftpd.conf.5 /usr/share/man/man5 && -install -v -m 644 vsftpd.conf /etc - - - - - Command Explanations - - - install -v -d ...: This creates the - directory that anonymous users will use (/home/ftp) - and the directory the daemon will chroot into - (&vsftpd-empty;). - - - - - /home/ftp should not be - owned by the user vsftpd, - or the user ftp. - - - - - echo "#define VSF_BUILD_TCPWRAPPERS" >>builddefs.h: - Use this prior to make to add support for - tcpwrappers. - - - - echo "#define VSF_BUILD_SSL" >>builddefs.h: - Use this prior to make to add support for SSL. - - - - install -v -m ...: - The Makefile uses non-standard installation paths. - These commands install the files in - /usr and - /etc. - - - - - - Configuring vsftpd - - - Config Files - - - /etc/vsftpd.conf - - - - /etc/vsftpd.conf - - - - - - Configuration Information - - - vsftpd comes with a basic - anonymous-only configuration file that was copied to - /etc above. While still as - root, this file should be - modified because it is now recommended to run vsftpd - in standalone mode. Also, you - should specify the privilege separation user created above. Finally, - you should specify the chroot directory. - man vsftpd.conf will give you all the details. - - -cat >> /etc/vsftpd.conf << "EOF" -background=YES -nopriv_user=vsftpd -secure_chroot_dir=&vsftpd-empty; -EOF - - - - - To enable local logins, append the following to the - /etc/vsftpd.conf file (as the - root user): - - -cat >> /etc/vsftpd.conf << "EOF" -local_enable=YES -EOF - - - In addition, if using Linux-PAM and - vsftpd with local user logins, you will need - a Linux-PAM configuration file. As the - root user, create the - /etc/pam.d/vsftpd file, and add the needed - configuration changes for Linux-PAM session - support using the following commands: - - -cat > /etc/pam.d/vsftpd << "EOF" && -# Begin /etc/pam.d/vsftpd -auth required /lib/security/pam_listfile.so item=user sense=deny \ - file=/etc/ftpusers \ - onerr=succeed -auth required pam_shells.so -auth include system-auth -account include system-account -session include system-session -EOF - -cat >> /etc/vsftpd.conf << "EOF" -session_support=YES -pam_service_name=vsftpd -EOF - - - - - <phrase revision="sysv">Boot Script</phrase> - <phrase revision="systemd">Systemd Unit</phrase> - - - Install the - /etc/rc.d/init.d/vsftpd - init script - vsftpd.service - unit included in the - - package: - - -make install-vsftpd - - - - - - - Contents - - - Installed Program - Installed Libraries - Installed Directories - - - vsftpd - None - /usr/share/vsftpd, /home/ftp - - - - - Short Descriptions - - - - - vsftpd - - - is the FTP daemon - - - vsftpd - - - - - - - - - diff --git a/server/other/openldap.xml b/server/other/openldap.xml deleted file mode 100644 index 7218dc6d17..0000000000 --- a/server/other/openldap.xml +++ /dev/null @@ -1,892 +0,0 @@ - - - %general-entities; - - - - - - - -]> - - - - - - OpenLDAP-&openldap-version; - - - OpenLDAP - - - - Introduction to OpenLDAP - - - The OpenLDAP package provides an open - source implementation of the Lightweight Directory Access Protocol. - - - &lfs121_checked; - - Package Information - - - - Download (HTTP): - - - - - Download (FTP): - - - - - Download MD5 sum: &openldap-md5sum; - - - - - Download size: &openldap-size; - - - - - Estimated disk space required: &openldap-buildsize; - - - - - Estimated build time: &openldap-time; - - - - - Additional Downloads - - - - Required patch: - - - - - - OpenLDAP Dependencies - - Recommended - - - - - Optional - - , - , - or - or - MySQL, - OpenSLP, - WiredTiger, and - &berkeley-db; (for slapd, also deprecated) - - - - - - Installation of OpenLDAP - - - - If you only need to install the client side ldap* - binaries, corresponding man pages, libraries and header files (referred - to as a client-only install), issue these commands - instead of the following ones (no test suite available): - - -patch -Np1 -i ../openldap-&openldap-version;-consolidated-1.patch && -autoconf && - -./configure --prefix=/usr \ - --sysconfdir=/etc \ - --disable-static \ - --enable-dynamic \ - --disable-debug \ - --disable-slapd && - -make depend && -make - - - Then, as the root user: - - -make install - - - - - There should be a dedicated user and group to take control - of the slapd daemon after it is - started. Issue the following commands as the - root user: - - -groupadd -g 83 ldap && -useradd -c "OpenLDAP Daemon Owner" \ - -d /var/lib/openldap -u 83 \ - -g ldap -s /bin/false ldap - - - Install OpenLDAP by - running the following commands: - - -patch -Np1 -i ../openldap-&openldap-version;-consolidated-1.patch && -autoconf && - -./configure --prefix=/usr \ - --sysconfdir=/etc \ - --localstatedir=/var \ - --libexecdir=/usr/lib \ - --disable-static \ - --disable-debug \ - --with-tls=openssl \ - --with-cyrus-sasl \ - --without-systemd \ - --enable-dynamic \ - --enable-crypt \ - --enable-spasswd \ - --enable-slapd \ - --enable-modules \ - --enable-rlookups \ - --enable-backends=mod \ - --disable-sql \ - --disable-wt \ - --enable-overlays=mod && - -make depend && -make - - - The tests are fragile, and errors may cause the tests to abort - prior to finishing. Some errors may happen due to timing problems. - The tests take around an hour, and the time is CPU independent due - to delays in the tests. On most systems, the tests will run up to the - test065-proxyauth for mdb test. - To test the results, issue: make test. - - - - Now, as the root user: - - -make install && - -sed -e "s/\.la/.so/" -i /etc/openldap/slapd.{conf,ldif}{,.default} && - -install -v -dm700 -o ldap -g ldap /var/lib/openldap && - -install -v -dm700 -o ldap -g ldap /etc/openldap/slapd.d && -chmod -v 640 /etc/openldap/slapd.{conf,ldif} && -chown -v root:ldap /etc/openldap/slapd.{conf,ldif} && - -install -v -dm755 /usr/share/doc/openldap-&openldap-version; && -cp -vfr doc/{drafts,rfc,guide} \ - /usr/share/doc/openldap-&openldap-version; - - - - - Command Explanations - - - - - --disable-debug: This switch disables - the debugging code in OpenLDAP. - - - - --enable-dynamic: This switch forces the - OpenLDAP libraries to be dynamically - linked to the executable programs. - - - - --enable-crypt: This switch enables using - crypt(3) passwords. - - - - --enable-spasswd: This switch enables - SASL password verification. - - - - --enable-modules: This switch enables dynamic - module support. - - - - --enable-rlookups: This switch enables - reverse lookups of client hostnames. - - - - --enable-backends: This switch enables - all available backends. - - - - --enable-overlays: This switch enables - all available overlays. - - - - - - --disable-sql: This switch explicitly - disables the SQL backend. Omit this switch if a SQL server is - installed and you are going to use a SQL backend. - - - - --disable-wt: This switch explicitly - disables the WiredTiger backend. Omit this switch if WiredTiger is - installed and you are going to use a WiredTiger backend. - - - - --libexecdir=/usr/lib: This switch controls where - the /usr/lib/openldap directory is - installed. Everything in that directory is a library, so it belongs under - /usr/lib instead of - /usr/libexec. - - - - : This switch enables - SLPv2 support. Use it if you have installed - OpenSLP. - - - - : This switch disables - symbol versioning in the OpenLDAP libraries. - The default is to have symbol versioning. Note that if you have - built applications using this package with symbol versioning, and - remove the symbols, the applications may fail to run. - - - - - You can run ./configure --help to see if there - are other switch you can pass to the configure - command to enable other options or dependency packages. - - - - - install ..., chown ..., - and chmod ...: - Having slapd configuration files and ldap databases in /var/lib/openldap - readable by anyone is a SECURITY ISSUE, especially since a file stores the - admin password in PLAIN TEXT. That's why mode 640 and root:ldap ownership - were used. The owner is root, so only root can modify the file, and group is - ldap, so that the group which owns slapd daemon could read but not modify - the file in case of a security breach. - - - - - - Configuring OpenLDAP - - - Config Files - - - - - For LDAP client: /etc/openldap/ldap.conf and - ~/.ldaprc - - - - - For LDAP server, two configuration mechanisms are used: - a legacy /etc/openldap/slapd.conf - configuration file and the recommended - slapd-config system, using an LDIF database - stored in - /etc/openldap/slapd.d. - - - - - - /etc/openldap/ldap.conf - - - - ~/.ldaprc - - - - /etc/openldap/slapd.conf - - - - /etc/openldap/slapd.d/* - - - - - - Configuration Information - - - Configuring the slapd servers can be complex. - Securing the LDAP directory, especially if you are storing non-public - data such as password databases, can also be a challenging task. In - order to set up OpenLDAP, you'll need to - modify either the /etc/openldap/slapd.conf - file (old method), or the /etc/openldap/slapd.ldif - file and then use ldapadd to create the LDAP - configuration database in - /etc/openldap/slapd.d - (recommended by the OpenLDAP documentation). - - - - - The instructions above install an empty LDAP structure and a default - /etc/openldap/slapd.conf file, which are - suitable for testing the build and other packages using LDAP. Do not - use them on a production server. - - - - - Resources to assist you with topics such as choosing a directory - configuration, backend and database definitions, access control - settings, running as a user other than - root - and setting a chroot environment include: - - - - - - The slapd(8) man - page. - - - - - The slapd.conf(5) and - slapd-config(5) man pages. - - - - - The OpenLDAP 2.6 - Administrator's Guide (also installed locally in - - /usr/share/doc/openldap-&openldap-version;/guide/admin). - - - - - Documents located at - . - - - - - - - - - - <phrase revision="sysv">Boot Script</phrase> - <phrase revision="systemd">Systemd Unit</phrase> - - - To automate the startup of the LDAP server at system bootup, - install the - /etc/rc.d/init.d/slapd - init script - slapd.service - unit included in the - - - package using the following command: - - - - slapd - - -make install-slapd - - - - You'll need to modify - /etc/sysconfig/slapd - /etc/default/slapd - to include the parameters needed for your specific configuration. See - the slapd man page for parameter information. - - - - - - - Testing the Configuration - - - Start the LDAP server using - the init script: - systemctl: - - -/etc/rc.d/init.d/slapd start - -systemctl start slapd - - - Verify access to the LDAP server with the following command: - - -ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts - - - The expected result is: - - -# extended LDIF -# -# LDAPv3 -# base <> with scope baseObject -# filter: (objectclass=*) -# requesting: namingContexts -# - -# -dn: -namingContexts: dc=my-domain,dc=com - -# search result -search: 2 -result: 0 Success - -# numResponses: 2 -# numEntries: 1 - - - - - - - Contents - - - Installed Programs - Installed Libraries - Installed Directories - - - - ldapadd, ldapcompare, ldapdelete, ldapexop, ldapmodify, ldapmodrdn, - ldappasswd, ldapsearch, ldapurl, ldapvc, ldapwhoami, slapacl, slapadd, - slapauth, slapcat, slapd, slapdn, slapindex, slapmodify, slappasswd, - slapschema, and slaptest - - - liblber.so, libldap.so, and several under /usr/lib/openldap - - - /etc/openldap, - /{usr,var}/lib/openldap, and - /usr/share/doc/openldap-&openldap-version; - - - - - - Short Descriptions - - - - - ldapadd - - - opens a connection to an LDAP server, binds and adds entries - - - ldapadd - - - - - - ldapcompare - - - opens a connection to an LDAP server, binds and performs - a compare using specified parameters - - - ldapcompare - - - - - - ldapdelete - - - opens a connection to an LDAP server, binds and deletes - one or more entries - - - ldapdelete - - - - - - ldapexop - - - issues the LDAP extended operation specified by - oid or one of the special keywords whoami, - cancel, or refresh - - - ldapexop - - - - - - ldapmodify - - - opens a connection to an LDAP server, binds and modifies entries - - - ldapmodify - - - - - - ldapmodrdn - - - opens a connection to an LDAP server, binds and modifies - the RDN of entries - - - ldapmodrdn - - - - - - ldappasswd - - - is a tool used to set the password of an LDAP user - - - ldappasswd - - - - - - ldapsearch - - - opens a connection to an LDAP server, binds and performs - a search using specified parameters - - - ldapsearch - - - - - - ldapurl - - - is a command that allows to either compose or - decompose LDAP URIs - - - ldapurl - - - - - - ldapvc - - - verifies LDAP credentials - - - ldapvc - - - - - - ldapwhoami - - - opens a connection to an LDAP server, binds and displays - whoami information - - - ldapwhoami - - - - - - slapacl - - - is used to check the behavior of slapd by verifying - access to directory data according to the access control - list directives defined in its configuration - - - slapacl - - - - - - slapadd - - - is used to add entries specified in LDAP Directory Interchange - Format (LDIF) to an LDAP database - - - slapadd - - - - - - slapauth - - - is used to check the behavior of the slapd - in mapping identities for authentication and - authorization purposes, as specified in slapd.conf - - - slapauth - - - - - - slapcat - - - is used to generate an LDAP LDIF output based upon the - contents of a slapd database - - - slapcat - - - - - - slapd - - - is the standalone LDAP server - - - slapd - - - - - - slapdn - - - checks a list of string-represented DNs based on schema syntax - - - slapdn - - - - - - slapindex - - - is used to regenerate slapd indexes based upon the current - contents of a database - - - slapindex - - - - - - slapmodify - - - modifies entries in a slapd database - - - slapmodify - - - - - - slappasswd - - - is an OpenLDAP password utility - - - slappasswd - - - - - - slapschema - - - is used to check schema compliance of the contents - of a slapd database - - - slapschema - - - - - - slaptest - - - checks the sanity of the slapd.conf file - - - slaptest - - - - - - liblber.so - - - is a set of Lightweight Basic Encoding Rules routines. These - routines are used by the LDAP library routines to encode and decode - LDAP protocol elements using the (slightly simplified) Basic - Encoding Rules defined by LDAP. They are not normally used directly - by an LDAP application program except in the handling of controls - and extended operations - - - liblber.so - - - - - - libldap.so - - - supports the LDAP programs and provide functionality for - other programs interacting with LDAP - - - libldap.so - - - - - - - - - - - diff --git a/server/other/other.xml b/server/other/other.xml deleted file mode 100644 index 8fc3edb307..0000000000 --- a/server/other/other.xml +++ /dev/null @@ -1,28 +0,0 @@ - - - %general-entities; -]> - - - - - Other Server Software - - - Here you will find many ways to share your machine with the rest - of the world or your local network. Before installing - any packages in this chapter, you need to be sure you understand what - the package does and how to set it up correctly. It might also be - helpful to learn about the consequences of an improper setup so - that you can analyze the risks. - - - - - - - - - diff --git a/server/other/unbound.xml b/server/other/unbound.xml deleted file mode 100644 index 16a44019f1..0000000000 --- a/server/other/unbound.xml +++ /dev/null @@ -1,368 +0,0 @@ - - - %general-entities; - - - - - - - -]> - - - - - - Unbound-&unbound-version; - - - Unbound - - - - Introduction to Unbound - - - Unbound is a validating, recursive, and caching - DNS resolver. It is designed as a set of modular components that - incorporate modern features, such as enhanced security (DNSSEC) - validation, Internet Protocol Version 6 (IPv6), and a client resolver - library API as an integral part of the architecture. - - - &lfs121_checked; - - Package Information - - - - Download (HTTP): - - - - - Download (FTP): - - - - - Download MD5 sum: &unbound-md5sum; - - - - - Download size: &unbound-size; - - - - - Estimated disk space required: &unbound-buildsize; - - - - - Estimated build time: &unbound-time; - - - - - Unbound Dependencies - - - Optional - - , - , - , - (for Python bindings documentation), - (for Python bindings), - (for html documentation), and - dnstap - - - - - - Installation of Unbound - - - There should be a dedicated user and group to take control of the - unbound daemon after it is started. Issue the following - commands as the root user: - - -groupadd -g 88 unbound && -useradd -c "Unbound DNS Resolver" -d /var/lib/unbound -u 88 \ - -g unbound -s /bin/false unbound - - - Install Unbound by running the following - commands: - - -./configure --prefix=/usr \ - --sysconfdir=/etc \ - --disable-static \ - --with-pidfile=/run/unbound.pid && -make - - - If you have package installed and want to build - html documentation, run the following command: - - -make doc - - - To test the results, issue make check. - - - - Now, as the root user: - - -make install && -mv -v /usr/sbin/unbound-host /usr/bin/ - - - If you built the documentation, install it by running the following - commands as the root user: - - -install -v -m755 -d /usr/share/doc/unbound-&unbound-version; && -install -v -m644 doc/html/* /usr/share/doc/unbound-&unbound-version; - - - - - Command Explanations - - - - - : This option enables libevent support - allowing use of large outgoing port ranges. - - - - : This option enables building of the Python - bindings. - - - - - - Configuring Unbound - - - Config Files - - - /etc/unbound/unbound.conf - - - - /etc/unbound/unbound.conf - - - - - - Configuration Information - - - In the default configuration, unbound will bind to - localhost (127.0.0.1 IP address) and allow recursive queries only from - localhost clients. If you want to use unbound for - local DNS resolution, run the following command as the - root user: - - -echo "nameserver 127.0.0.1" > /etc/resolv.conf - - - For advanced configuration see - /etc/unbound/unbound.conf file and the - documentation. - - - - When Unbound is installed, some package - builds fail if the file /etc/unbound/root.key is - not found. This file is created by running the boot script (install - instructions below). Alternatively, it can be created by running the - following command as the root - user: - - - - When Unbound is installed, some package - builds fail if the file /etc/unbound/root.key is - not found. Create this file by running the following command as the - root user: - - -unbound-anchor - - - - - <phrase revision="sysv">Boot Script</phrase> - <phrase revision="systemd">Systemd Unit</phrase> - - - If you want the Unbound server to - start automatically when the system is booted, install the - /etc/rc.d/init.d/unbound - init script - unbound.service - unit included - in the - package: - - - - unbound - - -make install-unbound - - - - - - - Contents - - - Installed Programs - Installed Library - Installed Directories - - - - unbound, unbound-anchor, unbound-checkconf, unbound-control, - unbound-control-setup, and unbound-host - - - libunbound.so and (optional) - /usr/lib/python&python2-majorver;/site-packages/_unbound.so - - - /etc/unbound and /usr/share/doc/unbound-&unbound-version; (optional) - - - - - - Short Descriptions - - - - - unbound - - - is a DNS resolver daemon - - - unbound - - - - - - unbound-anchor - - - performs setup or update of the root trust anchor for DNSSEC - validation - - - unbound-anchor - - - - - - unbound-checkconf - - - checks the unbound configuration file for syntax - and other errors - - - unbound-checkconf - - - - - - unbound-control - - - performs remote administration on the unbound DNS - resolver - - - unbound-control - - - - - - unbound-control-setup - - - generates a self-signed certificate and private keys for the server - and client - - - unbound-control-setup - - - - - - unbound-host - - - is a DNS lookup utility similar to host from - - - - unbound-host - - - - - - libunbound.so - - - provides the Unbound API functions to - programs - - - libunbound.so - - - - - - - - - diff --git a/server/server.xml b/server/server.xml deleted file mode 100644 index 8c529af79d..0000000000 --- a/server/server.xml +++ /dev/null @@ -1,18 +0,0 @@ - - - %general-entities; -]> - - - - - Servers - - - - - - - diff --git a/stylesheets/lfs-xsl/dark.lfs.css b/stylesheets/lfs-xsl/dark.lfs.css index 37019bc315..9289142ba3 100644 --- a/stylesheets/lfs-xsl/dark.lfs.css +++ b/stylesheets/lfs-xsl/dark.lfs.css @@ -300,7 +300,9 @@ span.blue { /* Admonitions */ div.admon img { - padding: .3em; + padding: .3em; + max-height: 5%; + max-width: 5%; } div.admon h3 { diff --git a/stylesheets/lfs-xsl/lfs.css b/stylesheets/lfs-xsl/lfs.css index 37019bc315..9289142ba3 100644 --- a/stylesheets/lfs-xsl/lfs.css +++ b/stylesheets/lfs-xsl/lfs.css @@ -300,7 +300,9 @@ span.blue { /* Admonitions */ div.admon img { - padding: .3em; + padding: .3em; + max-height: 5%; + max-width: 5%; } div.admon h3 { diff --git a/stylesheets/lfs-xsl/light.lfs.css b/stylesheets/lfs-xsl/light.lfs.css index e9f36e72c2..930100b13f 100644 --- a/stylesheets/lfs-xsl/light.lfs.css +++ b/stylesheets/lfs-xsl/light.lfs.css @@ -300,7 +300,9 @@ span.blue { /* Admonitions */ div.admon img { - padding: .3em; + padding: .3em; + max-height: 5%; + max-width: 5%; } div.admon h3 {