diff --git a/images/caution.png b/images/caution.png
index 5b7809ca4a..ee1f0c01a1 100644
Binary files a/images/caution.png and b/images/caution.png differ
diff --git a/images/important.png b/images/important.png
index 12c90f607a..ba901662c9 100644
Binary files a/images/important.png and b/images/important.png differ
diff --git a/images/note.png b/images/note.png
index d0c3c645ab..8e9aceeca6 100644
Binary files a/images/note.png and b/images/note.png differ
diff --git a/images/tip.png b/images/tip.png
index 5c4aab3bb3..4c5cce0318 100644
Binary files a/images/tip.png and b/images/tip.png differ
diff --git a/images/warning.png b/images/warning.png
index 1c33db8f34..b3b6d638e4 100644
Binary files a/images/warning.png and b/images/warning.png differ
diff --git a/server/databases/databases.xml b/server/databases/databases.xml
deleted file mode 100644
index f493ad988c..0000000000
--- a/server/databases/databases.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-
-
- %general-entities;
-]>
-
-
-
-
- Databases
-
-
- This chapter includes databases that range from single-user
- read/write to industrial database servers with transaction support.
- Generally, you will be sent here to satisfy dependencies to other
- applications although building a SQL server on a base LFS system is
- entirely possible.
-
-
-
-
-
-
-
-
-
-
-
diff --git a/server/databases/lmdb.xml b/server/databases/lmdb.xml
deleted file mode 100644
index d1d9f5d87c..0000000000
--- a/server/databases/lmdb.xml
+++ /dev/null
@@ -1,163 +0,0 @@
-
-
- %general-entities;
-
-
-
-
-
-
-
-]>
-
-
-
-
-
- lmdb-&lmdb-version;
-
-
- lmdb
-
-
-
- Introduction to lmdb
-
-
- The lmdb package is a fast, compact, key-value
- embedded data store. It uses memory-mapped files, so it has the read
- performance of a pure in-memory database while still offering the
- persistence of standard disk-based databases, and is only limited to the
- size of the virtual address space
-
-
- &lfs121_checked;
-
- Package Information
-
-
-
- Download (HTTP):
-
-
-
-
- Download (FTP):
-
-
-
-
- Download MD5 sum: &lmdb-md5sum;
-
-
-
-
- Download size: &lmdb-size;
-
-
-
-
- Estimated disk space required: &lmdb-buildsize;
-
-
-
-
- Estimated build time: &lmdb-time;
-
-
-
-
-
-
-
- Installation of lmdb
-
-
-
- This package extracts to lmdb-LMDB_&lmdb-version;.
-
-
-
-
- Install lmdb by running the following
- commands:
-
-
-cd libraries/liblmdb &&
-make &&
-sed -i 's| liblmdb.a||' Makefile
-
-
- This package does not come with a test suite.
-
-
-
- Now, as the root user:
-
-
-make prefix=/usr install
-
-
-
-
- Command Explanations
-
-
-
-
- sed ... liblmdb.a ... Makefile: The package executables
- use a static library so it must be created. This command suppresses installation
- of the static library.
-
-
-
-
-
- Contents
-
-
- Installed Program
- Installed Library
- Installed Directories
-
-
-
- mdb_copy, mdb_dump, mdb_load, and mdb_stat
-
-
- liblmdb.so
-
-
- None
-
-
-
-
-
-
-
-
diff --git a/server/databases/mariadb.xml b/server/databases/mariadb.xml
deleted file mode 100644
index a15c8550cd..0000000000
--- a/server/databases/mariadb.xml
+++ /dev/null
@@ -1,1218 +0,0 @@
-
-
- %general-entities;
-
-
-
-
-
-
-
-
-]>
-
-
-
-
-
- MariaDB-&mariadb-version;
-
-
- MariaDB
-
-
-
- Introduction to MariaDB
-
-
- MariaDB is a community-developed fork and a
- drop-in replacement for the MySQL relational
- database management system.
-
-
- &lfs121_checked;
-
- Package Information
-
-
-
- Download (HTTP):
-
-
-
-
- Download (FTP):
-
-
-
-
- Download MD5 sum: &mariadb-md5sum;
-
-
-
-
- Download size: &mariadb-size;
-
-
-
-
- Estimated disk space required: &mariadb-buildsize;
-
-
-
-
- Estimated build time: &mariadb-time;
-
-
-
-
-
-
- The installed size of MariaDB is 723 MB, but this can be
- reduced by about 262 MB, if desired, by removing the /usr/share/mysql/test
- directory after installation.
-
-
-
- MariaDB Dependencies
-
- Required
-
-
-
-
- Recommended
-
-
-
-
- Optional
-
- ,
- ,
- ,
- ,
- ,
- ,
- ,
- ,
- ,
- ,
- ,
- Groonga,
- KyTea,
- Judy,
- MeCab,
- MessagePack,
- mruby,
- MyRocks,
- Snappy, and
-
- ZeroMQ
-
-
-
-
-
-
- Installation of MariaDB
-
-
-
- MariaDB and MySQL cannot be installed on the same system without
- extensive changes to the build configuration of one of the two applications.
-
-
-
-
- For security reasons, running the server as an unprivileged user
- and group is strongly encouraged. Issue the following (as
- root) to create the
- user and group:
-
-
-groupadd -g 40 mysql &&
-useradd -c "MySQL Server" -d /srv/mysql -g mysql -s /bin/false -u 40 mysql
-
-
- Install MariaDB by running the
- following commands:
-
-
-mkdir build &&
-cd build &&
-
-cmake -DCMAKE_BUILD_TYPE=Release \
- -DCMAKE_INSTALL_PREFIX=/usr \
- -DGRN_LOG_PATH=/var/log/groonga.log \
- -DINSTALL_DOCDIR=share/doc/mariadb-&mariadb-version; \
- -DINSTALL_DOCREADMEDIR=share/doc/mariadb-&mariadb-version; \
- -DINSTALL_MANDIR=share/man \
- -DINSTALL_MYSQLSHAREDIR=share/mysql \
- -DINSTALL_MYSQLTESTDIR=share/mysql/test \
- -DINSTALL_PAMDIR=lib/security \
- -DINSTALL_PAMDATADIR=/etc/security \
- -DINSTALL_PLUGINDIR=lib/mysql/plugin \
- -DINSTALL_SBINDIR=sbin \
- -DINSTALL_SCRIPTDIR=bin \
- -DINSTALL_SQLBENCHDIR=share/mysql/bench \
- -DINSTALL_SUPPORTFILESDIR=share/mysql \
- -DMYSQL_DATADIR=/srv/mysql \
- -DMYSQL_UNIX_ADDR=/run/mysqld/mysqld.sock \
- -DWITH_EXTRA_CHARSETS=complex \
- -DWITH_EMBEDDED_SERVER=ON \
- -DSKIP_TESTS=ON \
- -DTOKUDB_OK=0 \
- .. &&
-make
-
-
- To test the results, issue: make test.
- One test, test-connect, is known to fail.
-
-
-
- A more extensive set of tests can be run with the following:
-
-pushd mysql-test
-./mtr --parallel <N> --mem --force
-popd
-
-
- Where N is the number of tests to run in parallel.
- Over 5400 tests are run in about 24 SBU with N=4. A few tests
- may fail, mainly due to character set issues.
-
-
-
- Now, as the root user:
-
-
-make install
-
-
- If you have installed, move the
- PAM module and configuration file installed by this package as the
- &root; user:
-
-
-mv -v /usr/share/pam_use_map.so /lib/security &&
-mv -v /usr/share/user_map.conf /etc/security
-
-
-
-
- Command Explanations
-
-
- -DWITH_EMBEDDED_SERVER=ON: This switch enables
- compiling the embedded server library needed by certain applications,
- such as Amarok.
-
-
-
- -DWITH_EXTRA_CHARSETS=complex: This switch enables
- support for the complex character sets.
-
-
-
- -DSKIP_TESTS=ON: This switch disables
- tests for MariaDB Connector/C which are not supported without
- additional setup.
-
-
-
- : Use this
- switch if you don't want the server and would like to build the client
- only.
-
-
-
- There are numerous options available to cmake. Check
- the output of the cmake . -LH for additional
- customization options.
-
-
-
-
-
- Configuring MySQL
-
-
- Config Files
-
-
- /etc/mysql/my.cnf and
- ~/.my.cnf
-
-
-
- ~/.my.cnf
-
-
-
- /etc/mysql/my.cnf
-
-
-
-
-
- Configuration Information
-
-
- Create basic /etc/mysql/my.cnf
- using the following command as the root user:
-
-
-install -v -dm 755 /etc/mysql &&
-cat > /etc/mysql/my.cnf << "EOF"
-# Begin /etc/mysql/my.cnf
-
-# The following options will be passed to all MySQL clients
-[client]
-#password = your_password
-port = 3306
-socket = /run/mysqld/mysqld.sock
-
-# The MySQL server
-[mysqld]
-port = 3306
-socket = /run/mysqld/mysqld.sock
-datadir = /srv/mysql
-skip-external-locking
-key_buffer_size = 16M
-max_allowed_packet = 1M
-sort_buffer_size = 512K
-net_buffer_length = 16K
-myisam_sort_buffer_size = 8M
-
-# Don't listen on a TCP/IP port at all.
-skip-networking
-
-# required unique id between 1 and 2^32 - 1
-server-id = 1
-
-# Uncomment the following if you are using BDB tables
-#bdb_cache_size = 4M
-#bdb_max_lock = 10000
-
-# InnoDB tables are now used by default
-innodb_data_home_dir = /srv/mysql
-innodb_log_group_home_dir = /srv/mysql
-# All the innodb_xxx values below are the default ones:
-innodb_data_file_path = ibdata1:12M:autoextend
-# You can set .._buffer_pool_size up to 50 - 80 %
-# of RAM but beware of setting memory usage too high
-innodb_buffer_pool_size = 128M
-innodb_log_file_size = 48M
-innodb_log_buffer_size = 16M
-innodb_flush_log_at_trx_commit = 1
-innodb_lock_wait_timeout = 50
-
-[mysqldump]
-quick
-max_allowed_packet = 16M
-
-[mysql]
-no-auto-rehash
-# Remove the next comment character if you are not familiar with SQL
-#safe-updates
-
-[isamchk]
-key_buffer = 20M
-sort_buffer_size = 20M
-read_buffer = 2M
-write_buffer = 2M
-
-[myisamchk]
-key_buffer_size = 20M
-sort_buffer_size = 20M
-read_buffer = 2M
-write_buffer = 2M
-
-[mysqlhotcopy]
-interactive-timeout
-
-# End /etc/mysql/my.cnf
-EOF
-
-
- You can now install a database and change the ownership to the
- unprivileged user and group (perform as the root user):
-
-
-mysql_install_db --basedir=/usr --datadir=/srv/mysql --user=mysql &&
-chown -R mysql:mysql /srv/mysql
-
-
- Further configuration requires that the
- MariaDB server is running. Start
- the server using the following commands as the root user:
-
-
-install -v -m755 -o mysql -g mysql -d /run/mysqld &&
-mysqld_safe --user=mysql 2>&1 >/dev/null &
-
-
- A default installation does not set up a password for the
- administrator, so use the following command as the root user to set one.
-
-
-mysqladmin -u root password
-
-
- Configuration of the server is now finished. Shut the server
- down using the following command as the root user:
-
-
-mysqladmin -p shutdown
-
-
-
-
- Boot Script
- Systemd Unit
-
-
- Install the
- /etc/rc.d/init.d/mysql init
- script
- mysqld.service
- unit included in the
-
- package as
- the root user to start the
- MariaDB server during system boot-up.
-
-
-
- mysql
-
-
-make install-mysql
-
-make install-mysqld
-
-
-
- If you have an existing database already and this
- installation of binaries was just an upgrade to a newer
- version, check the upstream documentation for upgrading. It
- is recommended to run:
- mariadb-upgrade
-
-
-
-
-
-
-
- Contents
-
-
- Installed Programs
- Installed Libraries
- Installed Directories
-
-
-
- aria_chk, aria_dump_log, aria_ftdump, aria_pack, aria_read_log,
- aria_s3_copy, galera_new_cluster, galera_recovery,
- innochecksum, mariabackup, mariadb, mariadbd, mariadb-access,
- mariadb-admin, mariadb-backup, mariadb-binlog, mariadb-check,
- mariadb-client-test, mariadb-client-test-embedded, mariadb-conv,
- mariadb-convert-table-format, mariadb-find-rows, mariadbd-multi,
- mariadbd-safe, mariadbd-safe-helper, mariadb-dump, mariadb-dumpslow,
- mariadb-embedded, mariadb-fix-extensions, mariadb-hotcopy,
- mariadb-import, mariadb-install-db, mariadb-ldb, mariadb-plugin,
- mariadb-secure-installation, mariadb-setpermission,
- mariadb-service-convert, mariadb-show,
- mariadb-slap, mariadb-test, mariadb-test-embedded,
- mariadb-tzinfo-to-sql, mariadb-upgrade, mariadb-waitpid,
- mariadb_config,
- mbstream, msql2mysql, my_print_defaults, myisamchk,
- myisam_ftdump, myisamlog, myisampack, mysql_config, mytop, perror,
- replace, resolve_stack_dump, resolveip, sst_dump, wsrep_sst_common,
- wsrep_sst_mariabackup, wsrep_sst_mysqldump, and wsrep_sst_rsync
-
-
- libmariadbclient.a, libmariadb.so, libmariadbd.so, libmysqlclient.a,
- libmysqlclient_r.a (symbolic links to libmariadbclient.a),
- libmysqld.{so,a}, libmysqlservices.a,
- and several under /usr/lib/mysql/plugin/
-
-
- /etc/mysql,
- /usr/{include,lib,share}/mysql,
- /usr/share/groonga{-normalizer-mysql}, and
- /usr/share/doc/mariadb-&mariadb-version;
-
-
-
-
- Short Descriptions
-
-
- There are several symlinks from mysql* to their mariadb
- counterparts. These are maintained for compatibility.
-
-
-
-
- The Perl DBI modules must be installed
- for some of the MariaDB support programs to
- function properly.
-
-
-
- Short Descriptions
-
-
-
-
- aria_chk
-
-
- is used to check, repair, optimize, sort and get information
- about Aria tables
-
-
- aria_chk
-
-
-
-
-
- aria_dump_log
-
-
- is a tool to dump the contents of Aria log pages
-
-
- aria_dump_log
-
-
-
-
-
- aria_ftdump
-
-
- displays full-text index information
-
-
- aria_ftdump
-
-
-
-
-
- aria_pack
-
-
- is a tool to generate compressed, read-only Aria tables
-
-
- aria_pack
-
-
-
-
-
- aria_read_log
-
-
- displays Aria log file contents
-
-
- aria_read_log
-
-
-
-
-
- aria_s3_copy
-
-
- copies an aria table to and from AWS S3
-
-
- aria_s3_copy
-
-
-
-
-
- galera_new_cluster
-
-
- bootstraps a new Galera cluster
-
-
- galera_new_cluster
-
-
-
-
-
- galera_recovery
-
-
- recovers data from a Galera cluster
-
-
- galera_recovery
-
-
-
-
-
- innochecksum
-
-
- prints checksums for InnoDB files
-
-
- innochecksum
-
-
-
-
-
- mariabackup
-
-
- is an open source backup tool for InnoDB and XtraDB
-
-
- mariabackup
-
-
-
-
-
- mariadb
-
-
- is a simple SQL shell with input line editing capabilities
-
-
- mariadb
-
-
-
-
-
- mariadbd
-
-
- is the MySQL server daemon
-
-
- mariadbd
-
-
-
-
-
- mariadb-access
-
-
- checks the access privileges for a host name, user name, and
- database combination
-
-
- mariadb-access
-
-
-
-
-
- mariadb-admin
-
-
- is a client for performing administrative operations
-
-
- mariadb-admin
-
-
-
-
-
- mariadb-binlog
-
-
- reads binary log files
-
-
- mariadb-binlog
-
-
-
-
-
- mariadb-check
-
-
- performs table maintenance: It checks, repairs, optimizes,
- or analyzes tables
-
-
- mariadb-check
-
-
-
-
-
- mariadb-client-test
-
-
- is used for testing aspects of the MySQL client API that cannot be
- tested using mysqltest and its test language
-
-
- mariadb-client-test
-
-
-
-
-
- mariadb-client-test-embedded
-
-
- is a tool to test the client API for the embedded server
-
-
- mariadb-client-test-embedded
-
-
-
-
-
- mariadb-conv
-
-
- converts character sets for use with MariaDB
-
-
- mariadb-conv
-
-
-
-
-
- mariadb-convert-table-format
-
-
- converts the tables in a database to use a particular storage
- engine
-
-
- mariadb-convert-table-format
-
-
-
-
-
- mariadbd-multi
-
-
- is designed to manage several mysqld processes that listen for
- connections on different Unix socket files and TCP/IP ports
-
-
- mariadbd-multi
-
-
-
-
-
- mariadbd-safe
-
-
- is the recommended way to start a mysqld server on Unix
- and NetWare
-
-
- mariadbd-safe
-
-
-
-
-
- mariadb-dump
-
-
- is a backup program
-
-
- mariadb-dump
-
-
-
-
-
- mariadb-dumpslow
-
-
- parses MySQL slow query log files and prints a summary of their
- contents
-
-
- mariadb-dumpslow
-
-
-
-
-
- mariadb-embedded
-
-
- is a MySQL client statically linked to
- libmariadbd
-
-
- mariadbd-embedded
-
-
-
-
-
- mariadb-find-rows
-
-
- reads files containing SQL statements and extracts statements that
- match a given regular expression or that contain USE db_name or
- SET statements
-
-
- mariadb-find-rows
-
-
-
-
-
- mariadb-fix-extensions
-
-
- converts the extensions for MyISAM (or ISAM) table files to
- their canonical forms
-
-
- mariadb-fix-extensions
-
-
-
-
-
- mariadb-hotcopy
-
-
- locks the table, flushes the table and then performs a copy of
- the database
-
-
- mariadb-hotcopy
-
-
-
-
-
- mariadb-import
-
-
- reads a range of data formats, and inserts the data into a
- database
-
-
- mariadb-import
-
-
-
-
-
- mariadb-install-db
-
-
- initializes the MySQL data directory and creates the system
- tables that it contains, if they do not exist
-
-
- mariadb-install-db
-
-
-
-
-
- mariadb-ldb
-
-
- is the RocksDB tool
-
-
- mariadb-ldb
-
-
-
-
-
- mariadb-plugin
-
-
- is a utility that enables MySQL administrators to manage which
- plugins a MySQL server loads
-
-
- mariadb-plugin
-
-
-
-
-
- mariadb-secure-installation
-
-
- is a tool to improve MySQL installation security
-
-
- mariadb-secure-installation
-
-
-
-
-
- mariadb-service-convert
-
-
- generates a systemd unit based on the current mariadb settings
-
-
- mariadb-service-convert
-
-
-
-
-
- mariadb-setpermission
-
-
- sets permissions in the MySQL grant tables
-
-
- mariadb-setpermission
-
-
-
-
-
- mariadb-show
-
-
- shows the structure of a MariaDB database
-
-
- mariadb-show
-
-
-
-
-
- mariadb-slap
-
-
- is a diagnostic program designed to emulate client load for a
- MySQL server and to report the timing of each stage
-
-
- mariadb-slap
-
-
-
-
-
- mariadb-test
-
-
- runs a test case against a MySQL server and optionally compares
- the output with a result file
-
-
- mariadb-test
-
-
-
-
-
- mariadb-test-embedded
-
-
- is similar to the mysqltest command but is built
- with support for the libmysqld embedded server
-
-
- mariadb-test-embedded
-
-
-
-
-
- mariadb-tzinfo-to-sql
-
-
- loads the time zone tables in the mysql database
-
-
- mariadb-tzinfo-to-sql
-
-
-
-
-
- mariadb-upgrade
-
-
- examines all tables in all databases for incompatibilities with
- the current version of MySQL Server
-
-
- mariadb-upgrade
-
-
-
-
-
- mariadb-waitpid
-
-
- signals a process to terminate and waits for the process to exit
-
-
- mariadb-waitpid
-
-
-
-
-
- mariadb_config
-
-
- gets compiler flags for using the MariaDB Connector/C
-
-
- mariadb_config
-
-
-
-
-
- mbstream
-
-
- is an utility for sending InnoDB and XTraDB backups over a stream
-
-
- mbstream
-
-
-
-
-
- msql2mysql
-
-
- is a tool to convert mSQL programs for use with MySQL
-
-
- msql2mysql
-
-
-
-
-
- my_print_defaults
-
-
- displays the options from option groups of option files
-
-
- my_print_defaults
-
-
-
-
-
- myisam_ftdump
-
-
- displays information about FULLTEXT indexes in MyISAM tables
-
-
- myisam_ftdump
-
-
-
-
-
- myisamchk
-
-
- gets information about your database tables or checks, repairs,
- or optimizes them
-
-
- myisamchk
-
-
-
-
-
- myisamlog
-
-
- displays MyISAM log file contents
-
-
- myisamlog
-
-
-
-
-
- myisampack
-
-
- is a tool for compressing MyISAM tables
-
-
- myisampack
-
-
-
-
-
- mysql_config
-
-
- provides you with useful information for compiling your MySQL
- client and connecting it to MySQL
-
-
- mysql_config
-
-
-
-
-
- mytop
-
-
- is a console-based tool for monitoring the threads and overall
- performance of a MySQL server
-
-
- mytop
-
-
-
-
-
- perror
-
-
- is a utility that displays descriptions for system or storage
- engine error codes
-
-
- perror
-
-
-
-
-
- replace
-
-
- is a MariaDB/MySQL extension to the SQL standard
-
-
- replace
-
-
-
-
-
- resolve_stack_dump
-
-
- resolves a numeric stack dump to symbols
-
-
- resolve_stack_dump
-
-
-
-
-
- resolveip
-
-
- is a utility for resolving IP addresses to host names and
- vice versa
-
-
- resolveip
-
-
-
-
-
- sst_sump
-
-
- dumps the content of sst files (the format used by RocksDB)
-
-
- sst_sump
-
-
-
-
-
-
-
-
-
diff --git a/server/databases/postgresql.xml b/server/databases/postgresql.xml
deleted file mode 100644
index dcec82d0d3..0000000000
--- a/server/databases/postgresql.xml
+++ /dev/null
@@ -1,1025 +0,0 @@
-
-
- %general-entities;
-
-
-
-
-
-
-
-]>
-
-
-
-
-
- PostgreSQL-&postgresql-version;
-
-
- PostgreSQL
-
-
-
- Introduction to PostgreSQL
-
-
- PostgreSQL is an advanced
- object-relational database management system (ORDBMS), derived
- from the Berkeley Postgres database management system.
-
-
- &lfs121_checked;
-
- Package Information
-
-
-
- Download (HTTP):
-
-
-
-
- Download (FTP):
-
-
-
-
- Download MD5 sum: &postgresql-md5sum;
-
-
-
-
- Download size: &postgresql-size;
-
-
-
-
- Estimated disk space required: &postgresql-buildsize;
-
-
-
-
- Estimated build time: &postgresql-time;
-
-
-
-
- PostgreSQL Dependencies
-
- Optional
-
- ,
- ,
- ,
- ,
- ,
- and
- Bonjour
-
-
- Optional (To Regenerate Documentation)
-
- ,
- ,
- ,
- ,
- , and
-
-
-
- Editor Notes:
-
-
-
-
-
- Installation of PostgreSQL
-
-
- For enhanced security, it is better to have a dedicated group and user
- for running the PostgreSQL server. First, issue as the
- root user:
-
-
-groupadd -g 41 postgres &&
-useradd -c "PostgreSQL Server" -g postgres -d /srv/pgsql/data \
- -u 41 postgres
-
-
-
- There are several configuration items that add additional
- functionality with optional packages to
- PostgreSQL. Use ./configure
- --help to see a list.
-
-
-
-
- Install PostgreSQL with the
- following commands:
-
-
-sed -i '/DEFAULT_PGSOCKET_DIR/s@/tmp@/run/postgresql@' src/include/pg_config_manual.h &&
-
-./configure --prefix=/usr \
- --enable-thread-safety \
- --docdir=/usr/share/doc/postgresql-&postgresql-version; &&
-make
-
-
- There are a number of programs in the
- contrib/ directory. If you are
- going to run this installation as a server and wish to build some of
- them, enter make -C contrib or make -C
- contrib/<SUBDIR-NAME> for
- each subdirectory.
-
-
-
- Tests must be run as an unprivileged user because they need to start a
- temporary server and this is prevented as the root user. For the same
- reason, you need to stop all PostgreSQL servers if any are running. If a
- previous version of PostgreSQL is installed, it may be necessary to use
- --disable-rpath with configure to
- avoid failures, but installing the binaries created using this
- switch is not recommended. To test the results, issue:
- make check.
-
-
-
- If you are installing PostgreSQL to
- upgrade an existing installation, there are important steps that you need
- to follow. If the major version of the new build is greater than the
- previous version, there is a chance that the data file format has changed.
- new software cannot act on the existing data files. In this case, the
- server will not start because the old programs have been overwritten, so
- the data is unavailable until it's file format has been converted.
-
-
- Before upgrading an existing installation of PostgreSQL, check
- the documentation for any considerations that you must keep in mind
- during the upgrade. Note that new major versions might use a different
- binary format in the data objects, causing potential incompatibilities.
- For more information, check out upstream's documentation about
- upgrading PostgreSQL here.
- .
-
-
- At this point, you may have both the old and the new binaries
- installed on your filesystem. These binaries can be used to perform an
- upgrade of your existing database files. For the following instructions
- it is assumed that
-
- The actual data files are stored in
- /srv/pgsql/data
-
- The upgraded data files will be stored in
- /srv/pgsql/newdata
-
- There is enough disk space to hold the actual
- data files twice. The upgrade is not an inline upgrade but
- it will copy the data to new database files.
-
-
-
-
- First, do a temporary install which makes access to the new
- binaries much easier:
-make DESTDIR=$(pwd)/DESTDIR install
-
- Next, create a directory which is writable by the
- postgres user, as the
- root user:
-
-install -d -o postgres $(pwd)/DESTDIR/tmp
-
- Now, stop the existing instance of PostgreSQL
- and start the upgrade process as the
- root user:
-
-pushd $(pwd)/DESTDIR/tmp
-/etc/rc.d/init.d/postgresql stop
-su postgres -c "../usr/bin/initdb -D /srv/pgsql/newdata"
-su postgres -c "../usr/bin/pg_upgrade \
- -d /srv/pgsql/data -b /usr/bin \
- -D /srv/pgsql/newdata -B ../usr/bin"
-popd
-
-pushd $(pwd)/DESTDIR/tmp
-systemctl stop postgresql
-su postgres -c "../usr/bin/initdb -D /srv/pgsql/newdata"
-su postgres -c "../usr/bin/pg_upgrade \
- -d /srv/pgsql/data -b /usr/bin \
- -D /srv/pgsql/newdata -B ../usr/bin"
-popd
-
- At this point, your database files are available in two locations on
- disk. The old data is located in
- /srv/pgsql/data, and the new data
- is in /srv/pgsql/newdata.
- Backing up the old database files is suggested before continuing.
-
- Next, remove the old database files, and rename the new data
- directory as the root user:
-
-rm -rf /srv/pgsql/data
-mv /srv/pgsql/newdata /srv/pgsql/data
-
-
-
-
- Now, as the root user:
-
-
-make install &&
-make install-docs
-
-
- If you made any of the contrib/
- programs, as the root user:
-
-
-make -C contrib/<SUBDIR-NAME> install
-
-
-
- If you only intend to use PostgreSQL as a
- client to connect to a server on another machine, your installation is
- complete and you should not run the remaining commands.
-
-
-
-
- If you have upgraded an existing database, skip the rest of the
- commands because your database is ready to use. If this is the
- first time you install PostgreSQL,
- continue with the initialization.
-
-
-
- Initialize a database cluster with the following commands issued by the
- root user:
-
-
-install -v -dm700 /srv/pgsql/data &&
-install -v -dm755 /run/postgresql &&
-chown -Rv postgres:postgres /srv/pgsql /run/postgresql
-
-
- Now, initialize the database as the root user:
-
-
-su - postgres -c '/usr/bin/initdb -D /srv/pgsql/data'
-
-
-
-
- Command Explanations
-
-
- sed -i ...: This sed changes the server socket location
- from /tmp to
- /run/postgresql.
-
-
-
- --enable-thread-safety: This switch makes the
- client libraries thread-safe by allowing concurrent threads in
- libpq and ECPG programs to
- safely control their private connection handles.
-
-
-
- : builds the package with support for
- OpenSSL encrypted connections.
-
-
-
- : builds the PL/Perl server-side language.
-
-
-
- : builds the PL/Python server-side
- language. Python3 is used by default, Python2 is no longer supported.
-
-
-
- : builds the PL/Tcl server-side language.
-
-
-
-
-
- Configuring PostgreSQL
-
-
- Config Files
-
-
- $PGDATA/pg_ident.con,
- $PGDATA/pg_hba.conf, and
- $PGDATA/postgresql.conf
-
-
-
- $PGDATA/pg_indent.con
-
-
-
- $PGDATA/pg_hba_conf
-
-
-
- $PGDATA/postgresql.conf
-
-
-
- The PGDATA environment variable is used to
- distinguish database clusters from one another by setting it to
- the value of the directory which contains the cluster desired.
- The three configuration files exist in every PGDATA/ directory. Details on the
- format of the files and the options that can be set in each can
- be found in
- /usr/share/doc/postgresql-&postgresql-version;/html/index.html.
-
-
-
-
-
- Boot Script
- Systemd Unit
-
-
- Install the
- /etc/rc.d/init.d/postgresql
- init script
- postgresql.service
- unit included in the
-
- package:
-
-
-
- postgresql
-
-
-make install-postgresql
-
-
-
-
- Starting the PostgreSQL Server and Creating a Sample Database
-
-
- The database server can be manually started with the following command
- (as the root user):
-
-
-su - postgres -c '/usr/bin/postgres -D /srv/pgsql/data > \
- /srv/pgsql/data/logfile 2>&1 &'
-
-
- If you are scripting this part, you should wait for the server to
- start before going on, by adding for example
- sleep 2 after the above command.
-
-
-
-
- The instructions below show how to create a database, add a table to
- it, insert some rows into the table and select them, to verify that the
- installation is working properly. Still as user root, issue:
-
-
-su - postgres -c '/usr/bin/createdb test' &&
-echo "create table t1 ( name varchar(20), state_province varchar(20) );" \
- | (su - postgres -c '/usr/bin/psql test ') &&
-echo "insert into t1 values ('Billy', 'NewYork');" \
- | (su - postgres -c '/usr/bin/psql test ') &&
-echo "insert into t1 values ('Evanidus', 'Quebec');" \
- | (su - postgres -c '/usr/bin/psql test ') &&
-echo "insert into t1 values ('Jesse', 'Ontario');" \
- | (su - postgres -c '/usr/bin/psql test ') &&
-echo "select * from t1;" | (su - postgres -c '/usr/bin/psql test')
-
-
- When you are done with testing, you can shut down the server, by
- issuing as root:
-
-
-su - postgres -c "/usr/bin/pg_ctl stop -D /srv/pgsql/data"
-
-
-
-
-
-
- Contents
-
-
- Installed Programs
- Installed Libraries
- Installed Directories
-
-
-
- clusterdb, createdb, createuser, dropdb, dropuser,
- ecpg, initdb, pg_amcheck, pg_archivecleanup, pg_basebackup,
- pg_checksums,
- pg_config, pg_controldata, pg_ctl, pg_dump, pg_dumpall, pg_isready,
- pg_receivewal, pg_recvlogical, pg_resetwal, pg_restore, pg_rewind,
- pg_test_fsync, pg_test_timing, pg_upgrade, pg_verifybackup,
- pg_waldump, pgbench, postgres, psql, reindexdb, vacuumdb,
- optionally, if Tcl support has been built, pltcl_delmod,
- pltcl_listmod, pltcl_loadmod, and optionally (in contrib/) oid2name,
- pg_standby, vacuumlo, and many others
-
-
-
- libecpg.{so,a}, libecpg_compat.{so,a}, libpgcommon.a,
- libpgcommon_shlib.a, libpgfeutils.a, libpgport.a, libpgport_shlib.a,
- libpgtypes.{so,a}, libpq.{so,a}, various charset modules and
- optionally programming language modules under /usr/lib/postgresql
-
-
- /usr/include/{libpq,postgresql},
- /usr/lib/postgresql,
- /usr/share/{doc/postgresql-&postgresql-version;,postgresql}, and
- /srv/pgsql
-
-
-
-
-
- Short Descriptions
-
-
-
-
- clusterdb
-
-
- is a utility for reclustering tables in a
- PostgreSQL database
-
-
- clusterdb
-
-
-
-
-
- createdb
-
-
- creates a new PostgreSQL
- database
-
-
- createdb
-
-
-
-
-
- createuser
-
-
- defines a new PostgreSQL
- user account
-
-
- createuser
-
-
-
-
-
- dropdb
-
-
- removes a PostgreSQL database
-
-
- dropdb
-
-
-
-
-
- dropuser
-
-
- removes a PostgreSQL user account
-
-
- dropuser
-
-
-
-
-
- ecpg
-
-
- is the embedded SQL preprocessor
-
-
- ecpg
-
-
-
-
-
- initdb
-
-
- creates a new database cluster
-
-
- initdb
-
-
-
-
-
- oid2name
-
-
- resolves OIDs (Object IDs) and file nodes in a PostgreSQL data
- directory
-
-
- oid2name
-
-
-
-
-
- pg_amcheck
-
-
- checks for corruption in one or more PostgreSQL databases
-
-
- pg_amcheck
-
-
-
-
-
- pg_archivecleanup
-
-
- cleans up PostgreSQL WAL (write-ahead log) archive files
-
-
- pg_archivecleanup
-
-
-
-
-
- pg_basebackup
-
-
- takes base backups of a running
- PostgreSQL cluster
-
-
- pg_basebackup
-
-
-
-
-
- pg_checksums
-
-
- enables, disables, or checks data checksums in a
- PostgreSQL database cluster
-
-
- pg_checksums
-
-
-
-
-
- pg_config
-
-
- retrieves PostgreSQL version
- information
-
-
- pg_config
-
-
-
-
-
- pg_controldata
-
-
- returns information initialized during initdb,
- such as the catalog version and server locale
-
-
- pg_controldata
-
-
-
-
-
- pg_ctl
-
-
- controls stopping and starting the database server
-
-
- pg_ctl
-
-
-
-
-
- pg_dump
-
-
- dumps database data and metadata into scripts which are used
- to recreate the database
-
-
- pg_dump
-
-
-
-
-
- pg_dumpall
-
-
- recursively calls pg_dump for each
- database in a cluster
-
-
- pg_dumpall
-
-
-
-
-
- pg_isready
-
-
- checks the connection status of a PostgreSQL server
-
-
- pg_isready
-
-
-
-
-
- pg_receivewal
-
-
- is used to stream write-ahead logs from a PostgreSQL server
-
-
- pg_receivewal
-
-
-
-
-
- pg_recvlogical
-
-
- controls PostgreSQL logical decoding streams
-
-
- pg_recvlogical
-
-
-
-
-
- pg_resetwal
-
-
- resets the write-ahead log and other control information
- of a PostgreSQL database cluster
-
-
- pg_resetwal
-
-
-
-
-
- pg_restore
-
-
- creates databases from dump files created by
- pg_dump
-
-
- pg_restore
-
-
-
-
-
- pg_rewind
-
-
- synchronizes a PostgreSQL data directory with another data
- directory that was forked from the first one
-
-
- pg_rewind
-
-
-
-
-
- pg_standby
-
-
- supports the creation of a PostgreSQL warm standby server
-
-
- pg_standby
-
-
-
-
-
- pg_test_fsync
-
-
- determines the fastest wal_sync method for PostgreSQL
-
-
- pg_test_fsync
-
-
-
-
-
- pg_test_timing
-
-
- measures timing overhead
-
-
- pg_test_timing
-
-
-
-
-
- pg_upgrade
-
-
- upgrades a PostgreSQL server instance
-
-
- pg_upgrade
-
-
-
-
-
- pg_verifybackup
-
-
- verifies the integrity of a base backup of a PostgreSQL cluster
-
-
- pg_verifybackup
-
-
-
-
-
- pg_waldump
-
-
- displays a human-readable rendering of the write-ahead log of a
- PostgreSQL database cluster
-
-
- pg_waldump
-
-
-
-
-
- pgbench
-
-
- runs a benchmark test on PostgreSQL
-
-
- pgbench
-
-
-
-
-
- pltcl_delmod
-
-
- is a support script used to delete a module from a
- PL/Tcl table. The command
- requires the
- Pgtcl
- package to be installed
-
-
- pltcl_delmod
-
-
-
-
-
- pltcl_listmod
-
-
- is a support script used to list the modules in a
- PL/Tcl table. The command
- requires the
- Pgtcl
- package to be installed
-
-
- pltcl_listmod
-
-
-
-
-
- pltcl_loadmod
-
-
- is a support script used to load a module into a
- PL/Tcl table. The command
- requires the
- Pgtcl
- package to be installed too
-
-
- pltcl_loadmod
-
-
-
-
-
- postgres
-
-
- is the PostgreSQL database server
-
-
- postgres
-
-
-
-
-
-
-
- psql
-
-
- is a console based database shell
-
-
- psql
-
-
-
-
-
- reindexdb
-
-
- is a utility for rebuilding indexes in a database
-
-
- reindexdb
-
-
-
-
-
- vacuumdb
-
-
- compacts databases and generates statistics for the query analyzer
-
-
- vacuumdb
-
-
-
-
-
- vacuumlo
-
-
- removes orphaned large objects from a PostgreSQL database
-
-
- vacuumlo
-
-
-
-
-
- libecpg.{so,a}
-
-
- contains functions to support embedded SQL in C programs
-
-
- libecpg.{so,a}
-
-
-
-
-
- libecpg_compat.{so,a}
-
-
- is the ecpg compatibility library
-
-
- libecpg_compat.{so,a}
-
-
-
-
-
- libgport.a
-
-
- is the port-specific subsystem of the Postgres backend
-
-
- libgport.a
-
-
-
-
-
- libpgtypes.{so,a}
-
-
- contains functions for dealing with Postgres data types
-
-
- libpgtypes.{so,a}
-
-
-
-
-
- libpq.{so,a}
-
-
- is the C programmer's API to Postgres
-
-
- libpq.{so,a}
-
-
-
-
-
-
-
-
-
diff --git a/server/databases/sqlite.xml b/server/databases/sqlite.xml
deleted file mode 100644
index 8a6e4ee66f..0000000000
--- a/server/databases/sqlite.xml
+++ /dev/null
@@ -1,239 +0,0 @@
-
-
- %general-entities;
-
-
-
-
-
-
-
-
-
-
-
-
-
-]>
-
-
-
-
-
- SQLite-&sqlite-version;
-
-
- SQLite
-
-
-
- Introduction to SQLite
-
-
- The SQLite package is a software library that
- implements a self-contained, serverless, zero-configuration, transactional
- SQL database engine.
-
-
- &lfs121_checked;
-
- Package Information
-
-
-
- Download (HTTP):
-
-
-
-
- Download (FTP):
-
-
-
-
- Download MD5 sum: &sqlite-md5sum;
-
-
-
-
- Download size: &sqlite-size;
-
-
-
-
- Estimated disk space required: &sqlite-buildsize;
-
-
-
-
- Estimated build time: &sqlite-time;
-
-
-
-
- Additional Downloads
-
- Optional Documentation
-
-
- Download (HTTP):
-
-
-
-
- Download MD5 sum: &sqlite-docs-md5sum;
-
-
-
-
- Download size: &sqlite-docs-size;
-
-
-
-
- SQLite Dependencies
-
- Optional
-
- libedit and
- (required to unzip the documentation)
-
-
-
-
-
- Installation of SQLite
-
-
- If you downloaded the optional documentation, issue the following command
- to install the documentation into the source tree:
-
-
-unzip -q ../sqlite-doc-&sqlite-doc-version;.zip
-
-
- Install SQLite by running the following
- commands:
-
-
-./configure --prefix=/usr \
- --disable-static \
- --enable-fts{4,5} \
- CPPFLAGS="-DSQLITE_ENABLE_COLUMN_METADATA=1 \
- -DSQLITE_ENABLE_UNLOCK_NOTIFY=1 \
- -DSQLITE_ENABLE_DBSTAT_VTAB=1 \
- -DSQLITE_SECURE_DELETE=1 \
- -DSQLITE_ENABLE_FTS3_TOKENIZER=1" &&
-make
-
-
- This package does not come with a test suite.
-
-
-
- Now, as the root user:
-
-
-make install
-
-
- If you downloaded the optional documentation, issue the following commands
- as the root user to install it:
-
-
-install -v -m755 -d /usr/share/doc/sqlite-&sqlite-version; &&
-cp -v -R sqlite-doc-&sqlite-doc-version;/* /usr/share/doc/sqlite-&sqlite-version;
-
-
-
-
- Command Explanations
-
-
-
-
- --enable-fts{4,5}: These switches enable
- support for version 3, 4 and 5 of the full text search (FTS)
- extension. Note that the switch
- enables support for both FTS version 4 and FTS version 3.
-
-
-
- CPPFLAGS="-DSQLITE_ENABLE_COLUMN_METADATA=1 ... :
- Applications such as
- SeaMonkey require these options
- to be turned on.
- The only way to do this is to include them in
- the CFLAGS or CPPFLAGS.
- We use the latter so the default value (or any value set by the user)
- of CFLAGS won't be affected.
- For further information on what can be specified see .
-
-
-
-
-
- Contents
-
-
- Installed Program
- Installed Library
- Installed Directory
-
-
-
- sqlite3
-
-
- libsqlite3.so
-
-
- /usr/share/doc/sqlite-&sqlite-version;
-
-
-
-
-
- Short Descriptions
-
-
-
-
- sqlite3
-
-
- is a terminal-based front-end to the SQLite
- library that can evaluate queries interactively and display the
- results
-
-
- sqlite3
-
-
-
-
-
- libsqlite3.so
-
-
- contains the SQLite API functions
-
-
- libsqlite3.so
-
-
-
-
-
-
-
-
-
diff --git a/server/databases/upgradedb.xml b/server/databases/upgradedb.xml
deleted file mode 100644
index 2622703ad2..0000000000
--- a/server/databases/upgradedb.xml
+++ /dev/null
@@ -1,283 +0,0 @@
-
-
- %general-entities;
-]>
-
-
-
-
-
- Important Notes About Upgrading Database Server Software
-
- This section is about reinstalling database software
- when an existing database is in use. It is not applicable for
- initial installations or if there is no existing database for
- the package being updated, but users should read through it
- to become aware of issues that can arise in the future.
-
- Let's start this chapter with a dramatic screenshot of an error that
- really happened. This error will not occur if you are installing database
- software for the first time:
-
-$ sudo systemctl status postgresql
--- postgresql.service - PostgreSQL database server
- Loaded: loaded (/usr/lib/systemd/system/postgresql.service; enabled; vendor preset: enabled)
- Active: failed (Result: exit-code) since Tue 2021-10-26 17:11:53 CDT; 2min 49s ago
- Process: 17336 ExecStart=/usr/bin/pg_ctl -s -D ${PGROOT}/data start -w -t 120 (code=exited, status=1/FAILURE)
- CPU: 7ms
-
-Oct 26 17:11:53 SVRNAME systemd[1]: Starting PostgreSQL database server...
-Oct 26 17:11:53 SRVNAME postgres[17338]: 2021-10-26 17:11:53.420 CDT [17338] FATAL:
- database files are incompatible with server
-Oct 26 17:11:53 SRVNAME postgres[17338]: 2021-10-26 17:11:53.420 CDT [17338] DETAIL:
- The data directory was initialized by PostgreSQL version 13,
- which is not compatible with this version 14.0.
-Oct 26 17:11:53 SRVNAME postgres[17336]: pg_ctl: could not start server
-Oct 26 17:11:53 SRVNAME postgres[17336]: Examine the log output.
-Oct 26 17:11:53 SRVNAME systemd[1]: postgresql.service: Control process exited, code=exited, status=1/FAILURE
-Oct 26 17:11:53 SRVNAME systemd[1]: postgresql.service: Failed with result 'exit-code'.
-Oct 26 17:11:53 SRVNAME systemd[1]: Failed to start PostgreSQL database server.
-
-
- To avoid situations like this (i.e., your database server
- software refuses to start), read the following discussion of the best way to
- upgrade a DBMS (Database Management System).
-
-
-
- The root cause of the error shown above was an upgrade
- of the server software to a newer major version which left the
- data files untouched. In this case, the administrator was able to recover
- the DBMS without any loss of data.
-
-
-
- Even if you are doing an initial DBMS install, read through this
- section. It provides information about implementing backup
- and restore procedures (or at least a strategy for creating
- them) which will satisfy your needs and guarantee the safety
- of your data.
-
-
-
- Upgrade Database Server Packages
-
-
- Database systems work on files which hold the database metadata and the
- data itself. The internal structure of these files is optimized for use
- by the server software. When such server software is upgraded,
- the new software may utilize a different file format than
- had previously been used. Sometimes the new software can
- work with the old format as well as the new one—but without the
- performance improvements the new format provides.
- Other times, the new server software will
- reformat the data files automatically after the upgrade.
-
-
-
- Unfortunately, the most likely case is that the new server software
- complains about out of date file formats and exits. When this happens,
- and you have overwritten the old server software, you may end up
- with a broken system and lost data.
-
-
-
- Changes in data file formats usually happen at major version changes, but
- they can also occur at other times. Before upgrading any DBMS
- software, check the documentation to see if this upgrade makes changes which
- require reformatting the database.
-
-
-
- Of course, if you have databases with content that is not easily
- rebuilt, it is always a good idea to create backups of the database from
- time to time. Before upgrading the server software, you should run
- another backup.
-
-
-
- Upgrade by Backup and Restore
-
-
-
- A backup is useless if there is no verified process
- to restore the data from this backup. When running a
- database server, you should not only create backups; you
- should also verify that the restore process
- really works. The time to test the restore procedure
- is before you urgently need
- to recover lost data.
-
-
-
-
- Most database server software provides some basic
- tools to create backups of your data. Usually the backups created with
- those tools can be read by newer versions of the software (via a
- restore tool). Using older restore tools with newer backup data is
- a bad idea; you should never blindly assume that
- it will work. It might, but usually it doesn't.
-
-
-
- The easiest way to upgrade your database files is to
-
-
-
-
- Create a full database backup using the old tools.
-
- This step creates an offline copy of the database files—for
- long term archiving, for disaster recovery, or as
- preparation for an upgrade. This offline backup consists of either (1) a full
- one-to-one copy of the current database files, or (2) a full backup of the
- database files from a certain point in time, plus all the journal data (that is
- Oracle® terminology, it is called "Continuous Archiving" or
- "write ahead log (WAL)" in Postgresql) describing the
- changes made after that point in time. This second form takes less time to create
- (if the DB software provides this type of journaling) because you only have
- to save the data that have changed since the last full backup was created.
-
- When upgrading database server software, a full backup
- (which can be used for subsequent incremental backups) should be
- created; but if there is a lot of data, an incremental backup will
- suffice. The best strategy for you depends on
- the amount of data stored in your database (is it a few hundred table
- rows, or is it hundreds of terabytes?). A full backup in the latter case
- can't be done quickly. To
- fully protect your data, create a backup of the old
- programs (and/or their sources) and save it, along with the data
- files, to be certain there is a fallback solution if
- the new software cannot read the old data.
-
-
-
- Upgrade the server software
-
- In this step, instructions to build the database server
- software are executed just as they are shown in subsequent sections
- talking about the DBMs like MariaDB or Postgresql. That is, build
- the software as usual using BLFS instructions.
-
-
-
- Restore the database by using the new tools.
-
- To restore the data, the tools of the newly installed server
- software should be used. During the restoration process, the new
- tools will create and/or upgrade the data files in the format the
- new software requires. It is assumed that newer software is capable of
- reading old data.
-
-
-
-
- Since you already have a backup procedure in place (and you
- have tested your restore procedure, right?), this might
- be the easiest way to upgrade as you can use your well known
- processes to upgrade just as you always do—at least in terms
- of the backup and restore.
-
-
-
-
-
- Upgrade the Database Files by Using System Tools
-
-
- Some database systems (for instance Postgresql) provide
- a tool which can reformat (upgrade) the existing database
- files to the new format.
- If you need to restore from a backup (for example, running
- the upgrade tool failed) you will have to reinstall the old software
- to recover your data.
-
-
-
- Even though the reformatting tools might work as advertised,
- you should create a full backup before running them. A failure
- could cause serious damage to the database.
-
-
-
-
-
-
-
- Notes for Specific DBMS
-
-
- PostgreSQL
-
-
-
- Upstream documentation for Backup/Restore:
-
-
-
-
-
-
- MariaDB
-
-
-
- Upstream documentation for Backup/Restore:
-
-
-
-
-
-
- Sqlite
-
-
-
- Do not underestimate Sqlite. It is a
- feature-rich DBMS. The main difference from the two big players above is
- that Sqlite does not provide access via a network API. Sqlite databases
- are always stored on the machine running the program which
- uses the database. The manipulation of data content is done via API calls
- to library functions directly within the program.
-
- In the upstream documentation you may find the following
- useful:
-
- Documentation of the sqlite3 command line tool:
-
-
-
- Documentation of backup API calls:
-
-
-
- Unfortunately, there is no dedicated chapter in the
- upstream documentation talking about backup/restore, but
- there are several articles about it on the
- Internet. Here is an example.
-
- Documentation for Backup/Restore:
-
-
-
-
-
-
- LMDB
-
-
-
- Like Sqlite, this
- software acts on local database files; there is no
- network interface.
-
- The relevant resources to back up/restore a LMDB database
- are the man pages for mdb_dump and its
- counterpart mdb_load.
-
-
-
-
-
diff --git a/server/mail/dovecot.xml b/server/mail/dovecot.xml
deleted file mode 100644
index e9b5dcafe7..0000000000
--- a/server/mail/dovecot.xml
+++ /dev/null
@@ -1,433 +0,0 @@
-
-
- %general-entities;
-
-
-
-
-
-
-
-]>
-
-
-
-
-
- Dovecot-&dovecot-version;
-
-
- Dovecot
-
-
-
- Introduction to Dovecot
-
-
- Dovecot is an Internet Message Access Protocol
- (IMAP) and Post Office Protocol (POP) server, written primarily with
- security in mind. Dovecot aims to be
- lightweight, fast and easy to set up as well as highly configurable and
- easily extensible with plugins.
-
-
- &lfs121_checked;
-
- Package Information
-
-
-
- Download (HTTP):
-
-
-
-
- Download (FTP):
-
-
-
-
- Download MD5 sum: &dovecot-md5sum;
-
-
-
-
- Download size: &dovecot-size;
-
-
-
-
- Estimated disk space required: &dovecot-buildsize;
-
-
-
-
- Estimated build time: &dovecot-time;
-
-
-
-
- Additional Downloads
-
-
-
- Required patch:
-
-
-
-
-
- Required patch:
-
-
-
-
-
- Dovecot Dependencies
-
- Required
-
-
-
-
- Optional
-
- ,
- ,
- ,
- ,
- ,
- ,
- or MySQL,
- ,
- ,
- ,
- ,
- ,
- Cassandra,
- stemmer and
- libsodium
-
-
-
-
-
- Installation of Dovecot
-
-
- There should be dedicated users and groups for unprivileged Dovecot
- processes and for processing users' logins. Issue the following commands
- as the root user:
-
-
-groupadd -g 42 dovecot &&
-useradd -c "Dovecot unprivileged user" -d /dev/null -u 42 \
- -g dovecot -s /bin/false dovecot &&
-groupadd -g 43 dovenull &&
-useradd -c "Dovecot login user" -d /dev/null -u 43 \
- -g dovenull -s /bin/false dovenull
-
-
- First, apply a patch to fix problems with OpenSSL-3:
-
-
-patch -Np1 -i ../dovecot-&dovecot-version;-openssl3_fixes-1.patch
-
-
- Next, apply a patch to fix a security vulnerability:
-
-
-patch -Np1 -i ../dovecot-&dovecot-version;-security_fix-1.patch
-
-
- Install Dovecot by running the following
- commands:
-
-
-CPPFLAGS="-I/usr/include/tirpc" \
-LDFLAGS+=" -ltirpc" \
-./configure --prefix=/usr \
- --sysconfdir=/etc \
- --localstatedir=/var \
- --with-systemd=no \
- --docdir=/usr/share/doc/dovecot-&dovecot-version; \
- --disable-static &&
-make
-
-CPPFLAGS="-I/usr/include/tirpc" \
-LDFLAGS+=" -ltirpc" \
-./configure --prefix=/usr \
- --sysconfdir=/etc \
- --localstatedir=/var \
- --docdir=/usr/share/doc/dovecot-&dovecot-version; \
- --disable-static &&
-make
-
-
- To test the results, issue make -k check.
-
-
-
- Now, as the root user:
-
-
-make install
-
-
-
-
- Command Explanations
-
-
- CPPFLAGS=... LDFLAGS+=...: build with libtirpc
- instead of the recently removed RPC code provided by GlibC.
-
-
-
-
-
-
-
- : This switch enables
- OpenLDAP authentication support.
-
-
-
- : This switch enables
- PostgreSQL database support.
-
-
-
- : This switch enables
- MySQL database support.
-
-
-
- : This switch enables
- SQLite database support.
-
-
-
- : This switch enables
- CLucene full text search support.
-
-
-
- : This switch enables
- Lua plugin support. This includes
- a mail and push notification plugin.
-
-
-
-
-
-
- Configuring Dovecot
-
-
- Config Files
-
-
- /etc/dovecot/dovecot.conf,
- /etc/dovecot/conf.d/*, and
- /etc/dovecot/local.conf
-
-
-
- /etc/dovecot/dovecot.conf
-
-
- /etc/dovecot/conf.d/*
-
-
- /etc/dovecot/local.conf
-
-
-
-
-
- Configuration Information
-
-
- Copy an example configuration, which you can use as a starting point:
-
-
-cp -rv /usr/share/doc/dovecot-&dovecot-version;/example-config/* /etc/dovecot
-
-
- The following configuration is a simple proof of concept with IMAP
- service using local users for authentication and mailbox location.
- Reading files from the conf.d
- directory is commented out since the included example configuration
- requires OpenSSL and
- Linux PAM.
-
-
-sed -i '/^\!include / s/^/#/' /etc/dovecot/dovecot.conf &&
-chmod -v 1777 /var/mail &&
-cat > /etc/dovecot/local.conf << "EOF"
-protocols = imap
-ssl = no
-# The next line is only needed if you have no IPv6 network interfaces
-listen = *
-mail_location = mbox:~/Mail:INBOX=/var/mail/%u
-userdb {
- driver = passwd
-}
-passdb {
- driver = shadow
-}
-EOF
-
-
- You will definitely want to read the official documentation at if you plan to use
- Dovecot in a production environment.
-
-
-
-
-
- Boot Script
- Systemd Unit
-
-
- If you want the Dovecot
- server to start automatically when the system is booted, install the
- /etc/rc.d/init.d/dovecot init script included in
- the package.
-
-
-
- To start the dovecot
- daemon at boot, enable the previously installed systemd unit with the
- following command:
-
-
-
- dovecot
-
-
-make install-dovecot
-
-systemctl enable dovecot
-
-
-
-
-
-
- Contents
-
-
- Installed Programs
- Installed Libraries
- Installed Directories
-
-
-
- doveadm, doveconf, dovecot, dovecot-sysreport, and dsync (symbolic link)
-
-
- various internal plugins in
- /usr/lib/dovecot
-
-
- /etc/dovecot,
- /usr/{include,lib,libexec,share}/dovecot and
- /usr/share/doc/dovecot-&dovecot-version;
-
-
-
-
-
- Short Descriptions
-
-
-
-
- doveadm
-
-
- is the Dovecot administration tool
-
-
- doveadm
-
-
-
-
-
- doveconf
-
-
- is Dovecot's configuration dumping
- utility
-
-
- doveconf
-
-
-
-
-
- dovecot
-
-
- is the IMAP and POP server
-
-
- dovecot
-
-
-
-
-
- dovecot-sysreport
-
-
- prints system information that is useful to the Dovecot developers
- when submitting bug reports upstream
-
-
- dovecot-sysreport
-
-
-
-
-
- dsync
-
-
- is Dovecot's mailbox synchronization
- utility
-
-
- dsync
-
-
-
-
-
-
-
-
-
-
diff --git a/server/mail/exim.xml b/server/mail/exim.xml
deleted file mode 100644
index c6ef601160..0000000000
--- a/server/mail/exim.xml
+++ /dev/null
@@ -1,736 +0,0 @@
-
-
- %general-entities;
-
-
-
-
-
-
-
-
-
-
-
-]>
-
-
-
-
-
- Exim-&exim-version;
-
-
- Exim
-
-
-
- Introduction to Exim
-
-
- The Exim package contains a Mail
- Transport Agent written by the University of Cambridge, released
- under the GNU Public License.
-
-
- &lfs121_checked;
-
- Package Information
-
-
-
- Download (HTTP):
-
-
-
-
- Download (FTP):
-
-
-
-
- Download MD5 sum: &exim-md5sum;
-
-
-
-
- Download size: &exim-size;
-
-
-
-
- Estimated disk space required: &exim-buildsize;
-
-
-
-
- Estimated build time: &exim-time;
-
-
-
-
- Additional Downloads
-
-
-
- Additional formats of the documentation (text-based docs are
- shipped with the sources) can be downloaded by following the links
- shown at .
-
-
-
-
-
- Exim Dependencies
-
- Required
-
- ,
- and
-
-
-
- Optional
-
- TDB
- (alternative to GDBM, built in LFS),
- ,
- ,
- ,
- or
- MySQL,
- ,
- ,
- ,
- ,
- ,
- Heimdal GSSAPI,
- libspf2, and
- OpenDMARC
-
-
-
-
-
- Installation of Exim
-
-
- Before building Exim, as the
- root user you should create
- the group and user exim which
- will run the exim daemon:
-
-
-groupadd -g 31 exim &&
-useradd -d /dev/null -c "Exim Daemon" -g exim -s /bin/false -u 31 exim
-
-
- Configure Exim with the following commands:
-
-
-sed -e 's,^BIN_DIR.*$,BIN_DIRECTORY=/usr/sbin,' \
- -e 's,^CONF.*$,CONFIGURE_FILE=/etc/exim.conf,' \
- -e 's,^EXIM_USER.*$,EXIM_USER=exim,' \
- -e '/# USE_OPENSSL/s,^#,,' src/EDITME > Local/Makefile &&
-
-printf "USE_GDBM = yes\nDBMLIB = -lgdbm\n" >> Local/Makefile
-
-
-
- If you want to add Linux PAM support, also run the following commands:
-
-
-sed -i '/# SUPPORT_PAM=yes/s,^#,,' Local/Makefile
-echo "EXTRALIBS=-lpam" >> Local/Makefile
-
-
-
- Build Exim with the following command:
-
-
-make
-
-
-
- This package does not come with a test suite.
-
-
-
- Now, as the root user:
-
-
-
-
-make install &&
-install -v -m644 doc/exim.8 /usr/share/man/man8 &&
-
-install -vdm 755 /usr/share/doc/exim-&exim-version; &&
-cp -Rv doc/* /usr/share/doc/exim-&exim-version; &&
-
-ln -sfv exim /usr/sbin/sendmail &&
-install -v -d -m750 -o exim -g exim /var/spool/exim
-
-
-
-
- Command Explanations
-
-
- sed -e ... > Local/Makefile: Most of
- Exim's configuration options are defined
- in Local/Makefile, which is created from
- the src/EDITME file. This command specifies the
- minimum set of options. Descriptions for the options are listed below.
-
-
-
- printf ... > Local/Makefile: Setting those
- variables allows to use GDBM instead of the default Berkeley DB. Remove
- this command if you have installed &berkeley-db;.
-
-
-
- BIN_DIRECTORY=/usr/sbin: This installs all of
- Exim's binaries and scripts in
- /usr/sbin.
-
-
-
- CONFIGURE_FILE=/etc/exim.conf: This installs
- Exim's main configuration file in
- /etc.
-
-
-
- EXIM_USER=exim: This tells
- Exim that after the daemon no longer needs
- root privileges, the process
- needs to hand off the daemon to the exim user.
-
-
-
- USE_OPENSSL: uncommenting
- and
- tells the
- build system to use OpenSSL, and to
- find the needed libraries with pkg-config.
-
-
-
- Uncomment : This allows building the
- Exim monitor program, which requires
- X Window System support, and is commented out
- by default.
-
-
-
- ln -sfv exim /usr/sbin/sendmail: Creates a link to
- sendmail for applications which need it.
- Exim will accept most
- Sendmail command-line options.
-
-
-
- install -v -m750 -o exim -g exim /var/spool/exim:
- Since /var/spool is owned by root and this version of
- exim drops
- root privileges early, to run
- as user exim, it cannot create
- the /var/spool/exim directory. As
- a work around, it is created manually.
-
-
-
-
-
- Adding Additional Functionality
-
-
- To utilize some or all of the dependency packages, you'll need to
- modify Local/Makefile to include the appropriate
- directives and parameters to link additional libraries before you build
- Exim. Local/Makefile is
- heavily commented with instructions on how to do this. Listed below is
- additional information to help you link these dependency packages or
- add additional functionality.
-
-
-
- If you wish to build and install the
- .info documentation, refer to
- .
-
-
-
- If you wish to build in Exim's interfaces for calling virus and spam
- scanning software directly from access control lists, uncomment the
- parameter and review the
- information found at .
-
-
-
- To use a backend database other than GDBM
- , see the instructions at .
-
-
-
- For SSL functionality, see the instructions at
- and .
-
-
-
- For tcpwrappers functionality, see the
- instructions at .
-
-
-
- For information about adding authentication mechanisms to the
- build, see chapters 33—41 of .
-
-
-
- For information about linking Linux-PAM,
- refer to the instructions .
-
-
-
- For information about linking database engine libraries used for
- Exim name lookups, see the instructions at
- .
-
-
-
- If you wish to add Readline support to
- Exim when invoked in test
- expansion () mode, see the information in
- the section of .
-
-
-
- You may wish to modify the default configuration and send log files to
- syslog instead of the default
- /var/spool/exim/log directory. See
- the information at .
-
-
-
- A wealth of information can be also found at the Exim Wiki.
-
-
-
-
-
- Configuring Exim
-
-
- Config Files
-
-
- /etc/exim.conf and
- /etc/aliases
-
-
-
- /etc/exim.conf
-
-
-
- /etc/aliases
-
-
-
-
-
- Configuration Information
-
-
- Review the file /etc/exim.conf, and modify any
- settings to suit your needs. Note that the default configuration
- assumes that the /var/mail
- directory is world writable, but has the sticky bit set. If you want
- to use the default configuration, issue as the root user:
-
-
-chmod -v a+wt /var/mail
-
-
- A default (nothing but comments) /etc/aliases
- file is installed during the package installation if this file did not
- exist on your system. Create the necessary aliases and start the
- Exim daemon using the following commands:
-
-
-cat >> /etc/aliases << "EOF"
-postmaster: root
-MAILER-DAEMON: root
-EOF
-/usr/sbin/exim -bd -q15m
-
-
-
- To protect an existing /etc/aliases file,
- the command above appends these aliases to it. This file should be
- checked and duplicate aliases removed, if present.
-
-
-
-
- The /usr/sbin/exim -bd -q15m command starts
- the Exim daemon with a 15 minute interval
- in processing the mail queue. Adjust this parameter to suit your
- desires.
-
-
-
-
- Linux PAM Configuration
-
-
- If you have built Exim with
- Linux PAM support, you need to create a
- PAM configuration file to get it working
- correctly with BLFS.
-
-
-
- Issue the following command as the root user to create the configuration
- file for Linux PAM:
-
-
-cat > /etc/pam.d/exim << "EOF"
-# Begin /etc/pam.d/exim
-
-auth include system-auth
-account include system-account
-session include system-session
-
-# End /etc/pam.d/exim
-EOF
-
-
-
-
- Boot Script
- Systemd Unit
-
-
- To automatically start exim at boot, install the
- /etc/rc.d/init.d/exim
- init script
- exim.service
- unit
- included in the
- package:
-
-
-
- exim
-
-
-make install-exim
-
-
- The bootscript also starts the Exim daemon
- and dispatches a queue runner process every 15 minutes. Modify the
-
- parameter in /etc/rc.d/init.d/exim, if necessary
- for your installation.
-
-
-
-
-
-
-
- Contents
-
-
- Installed Programs
- Installed Libraries
- Installed Directories
-
-
- exicyclog, exigrep, exim, exim-&exim-daemon-version;, exim_checkaccess,
- exim_dbmbuild, exim_dumpdb, exim_fixdb, exim_lock, exim_tidydb,
- eximstats, exinext, exipick, exiqgrep, exiqsumm, exiwhat, and
- optionally, eximon, eximon.bin, and sendmail (symlink)
- None
- /usr/share/doc/exim-&exim-version; and /var/spool/exim
-
-
-
-
- Short Descriptions
-
-
-
-
- exicyclog
-
-
- cycles Exim log files
-
-
- exicyclog
-
-
-
-
-
- exigrep
-
-
- searches Exim log files
-
-
- exigrep
-
-
-
-
-
- exim
-
-
- is a symlink to the exim-&exim-daemon-version;
- MTA daemon
-
-
- exim
-
-
-
-
-
- exim-&exim-daemon-version;
-
-
- is the Exim mail transport agent daemon
-
-
- exim-&exim-daemon-version;
-
-
-
-
-
- exim_checkaccess
-
-
- states whether a given recipient address from a given host is
- acceptable or not
-
-
- exim_checkaccess
-
-
-
-
-
- exim_dbmbuild
-
-
- creates and rebuilds Exim databases
-
-
- exim_dbmbuild
-
-
-
-
-
- exim_dumpdb
-
-
- writes the contents of Exim
- databases to the standard output
-
-
- exim_dumpdb
-
-
-
-
-
- exim_fixdb
-
-
- modifies data in Exim databases
-
-
- exim_fixdb
-
-
-
-
-
- exim_lock
-
-
- locks a mailbox file
-
-
- exim_lock
-
-
-
-
-
- exim_tidydb
-
-
- removes old records from Exim
- databases
-
-
- exim_tidydb
-
-
-
-
-
- eximstats
-
-
- generates mail statistics from Exim
- log files
-
-
- eximstats
-
-
-
-
-
- exinext
-
-
- queries remote host retry times
-
-
- exinext
-
-
-
-
-
- exipick
-
-
- selects messages based on various criteria
-
-
- exipick
-
-
-
-
-
- exiqgrep
-
-
- is a utility for selective queue listing
-
-
- exiqgrep
-
-
-
-
-
- exiqsumm
-
-
- produces a summary of the messages in the mail queue
-
-
- exiqsumm
-
-
-
-
-
- exiwhat
-
-
- queries running Exim processes
-
-
- exiwhat
-
-
-
-
-
- eximon
-
-
- is a start-up shell script for eximon.bin
- used to set the required environment variables before running the
- program
-
-
- eximon
-
-
-
-
-
- eximon.bin
-
-
- is a monitor program which displays current information in an
- X window, and also contains a menu
- interface to Exim's command line
- administration options
-
-
- eximon.bin
-
-
-
-
-
-
-
-
-
diff --git a/server/mail/mail.xml b/server/mail/mail.xml
deleted file mode 100644
index 0ccb880012..0000000000
--- a/server/mail/mail.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-
-
- %general-entities;
-]>
-
-
-
-
- Mail Server Software
-
-
- MTAs are the programs which transport mail from one machine to the
- other. The traditional MTA is Sendmail, however
- there are several other choices.
-
-
-
- In addition to the SMTP servers, there is also a POP/IMAP server (Dovecot).
-
-
-
-
-
-
-
-
diff --git a/server/mail/postfix.xml b/server/mail/postfix.xml
deleted file mode 100644
index 67394a070b..0000000000
--- a/server/mail/postfix.xml
+++ /dev/null
@@ -1,760 +0,0 @@
-
-
- %general-entities;
-
-
-
-
-
-
-
-
-]>
-
-
-
-
-
- Postfix-&postfix-version;
-
-
- Postfix
-
-
-
- Introduction to Postfix
-
-
- The Postfix package contains a Mail Transport
- Agent (MTA). This is useful for sending email to other users of your host
- machine. It can also be configured to be a central mail server for your
- domain, a mail relay agent or simply a mail delivery agent to your local
- Internet Service Provider.
-
-
- &lfs121_checked;
-
- Package Information
-
-
-
- Download (HTTP):
-
-
-
-
- Download (FTP):
-
-
-
-
- Download MD5 sum: &postfix-md5sum;
-
-
-
-
- Download size: &postfix-size;
-
-
-
-
- Estimated disk space required: &postfix-buildsize;
-
-
-
-
- Estimated build time: &postfix-time;
-
-
-
-
- Postfix Dependencies
-
- Recommended
-
- ,
- , and
-
-
-
- Optional
-
- for Email Address Internationalization (SMTPUTF8) support,
- or MySQL,
- ,
- ,
- ,
- ,
- &berkeley-db;, and
- CDB or
- TinyCDB
-
-
-
- Note that SQLite,
- MySQL, PostgreSQL
- and CDB are only useful if there is a known
- need for them.
-
-
-
- Editor Notes:
-
-
-
-
- Installation of Postfix
-
-
- Adding Users and Groups
-
-
- Before you compile the program, you need to create users and groups that
- will be expected to be in place during the installation. Add the users
- and groups with the following commands issued by the
- root user:
-
-
-groupadd -g 32 postfix &&
-groupadd -g 33 postdrop &&
-useradd -c "Postfix Daemon User" -d /var/spool/postfix -g postfix \
- -s /bin/false -u 32 postfix &&
-chown -v postfix:postfix /var/mail
-
-
-
- Configuring the Build
-
-
- The README files are formatted to be read with a pager like
- less or more.
- If you want to use a text editor, make them legible with the
- following sed:
-
-
-sed -i 's/.\x08//g' README_FILES/*
-
-
- The Postfix source tree does not contain a
- configure script, rather the makefile in the
- top-level directory contains a target that
- regenerates all the other makefiles in the build tree. If you wish to
- use additional software such as a database back-end for virtual users,
- or TLS/SSL authentication, you will need to regenerate the makefiles
- using one or more of the appropriate CCARGS and
- AUXLIBS settings listed below.
-
-
-
-
- For all variants of the CCARGS you should ensure that -DNO_NIS is
- specified so that the build does not attempt to access an rpcsvc
- header which do not exist in BLFS. If &berkeley-db; is
- not installed, -DNO_DB needs to be specified as well.
-
-
-
-
- For more details read the readme files.
-
-
-
- Initialize the CCARGS and AUXLIBS
- according to the note above:
-
-
-CCARGS="-DNO_NIS -DNO_DB"
-AUXLIBS=""
-
-
- Next, the CCARGS and the AUXLIBS
- variables are filled with settings depending on the actual
- system configuration. If an optional package is installed but
- should not be included in the
- Postfix build, simply skip the
- corresponding if [ ... ]; then scriptlets.
-
-
-
- Cyrus-SASL
-
-
- To use Cyrus-SASL with
- Postfix, use the following arguments:
-
-
-if [ -r /usr/lib/libsasl2.so ]; then
- CCARGS="$CCARGS -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl"
- AUXLIBS="$AUXLIBS -lsasl2"
-fi
-
-
-
- LMDB
-
- To use LMDB with
- Postfix, use the following arguments:
-
-
-if [ -r /usr/lib/liblmdb.so ]; then
- CCARGS="$CCARGS -DHAS_LMDB"
- AUXLIBS="$AUXLIBS -llmdb"
-fi
-
-
-
- OpenLDAP
-
-
- To use OpenLDAP with
- Postfix, use the following arguments:
-
-
-if [ -r /usr/lib/libldap.so -a -r /usr/lib/liblber.so ]; then
- CCARGS="$CCARGS -DHAS_LDAP"
- AUXLIBS="$AUXLIBS -lldap -llber"
-fi
-
-
-
-
- Sqlite
-
-
- To use Sqlite with
- Postfix, use the following arguments:
-
-
-if [ -r /usr/lib/libsqlite3.so ]; then
- CCARGS="$CCARGS -DHAS_SQLITE"
- AUXLIBS="$AUXLIBS -lsqlite3 -lpthread"
-fi
-
-
-
-
- MySQL
-
-
- To use MySQL with
- Postfix, use the following arguments:
-
-
-if [ -r /usr/lib/libmysqlclient.so ]; then
- CCARGS="$CCARGS -DHAS_MYSQL -I/usr/include/mysql"
- AUXLIBS="$AUXLIBS -lmysqlclient -lz -lm"
-fi
-
-
-
-
- PostgreSQL
-
-
- To use PostgreSQL with
- Postfix, use the following arguments:
-
-
-if [ -r /usr/lib/libpq.so ]; then
- CCARGS="$CCARGS -DHAS_PGSQL -I/usr/include/postgresql"
- AUXLIBS="$AUXLIBS -lpq -lz -lm"
-fi
-
-
-
-
- CDB/TinyCDB
-
-
- To use CDB or
- TinyCDB with
- Postfix, use the following arguments:
-
-
-if [ -r </path/to/CDB>/libcdb.a ]; then
- CCARGS="$CCARGS -DHAS_CDB"
- AUXLIBS="$AUXLIBS </path/to/CDB>/libcdb.a"
-fi
-
-
-
-
- StartTLS Authentication
-
-
- To use OpenSSL with
- Postfix, use the following arguments:
-
-
-if [ -r /usr/lib/libssl.so -a -r /usr/lib/libcrypto.so ]; then
- CCARGS="$CCARGS -DUSE_TLS -I/usr/include/openssl/"
- AUXLIBS="$AUXLIBS -lssl -lcrypto"
-fi
-
- OpenSSL is installed by LFS so it
- should be always there. The if ... then is here
- just for consistency.
-
-
-
-
-
-
- Installing Postfix
-
-
- There might be duplicate settings in AUXLIBS
- like -lm when both, MariaDB
- and PostgreSQL are used. They do
- not harm. Install Postfix by
- running the following commands:
-
-
-make CCARGS="$CCARGS" AUXLIBS="$AUXLIBS" makefiles &&
-make
-
-
-
- This package does not come with a useful test suite.
-
-
-
- Now, as the root user:
-
-
-
-
-sh postfix-install -non-interactive \
- daemon_directory=/usr/lib/postfix \
- manpage_directory=/usr/share/man \
- html_directory=/usr/share/doc/postfix-&postfix-version;/html \
- readme_directory=/usr/share/doc/postfix-&postfix-version;/readme
-
-
-
-
-
-
- Command Explanations
-
-
- make makefiles: This command rebuilds the makefiles
- throughout the source tree to use the options contained in the
- CCARGS and AUXLIBS variables.
-
-
-
- sh postfix-install -non-interactive: This keeps the
- install script from asking any questions, thereby accepting default
- destination directories in all but the few cases. If the
- and
- options are not set then the documentation will not be installed.
-
-
-
- : this will turn off SMTPUTF8
- support, for example if the rest of your email address infrastructure
- cannot handle UTF-8 email addresses and message header values.
-
-
-
-
-
- Configuring Postfix
-
-
- Config Files
-
-
- /etc/aliases,
- /etc/postfix/main.cf, and
- /etc/postfix/master.cf
-
-
-
- /etc/aliases
-
-
-
- /etc/postfix/*
-
-
-
-
-
- Configuration Information
-
-
- Create (or append to an existing) /etc/aliases
- with the following command. Change
- <LOGIN> to your non-root login
- identity so mail addressed to
- root can be forwarded to you.
- As the root user:
-
-
-cat >> /etc/aliases << "EOF"
-# Begin /etc/aliases
-
-MAILER-DAEMON: postmaster
-postmaster: root
-
-root: <LOGIN>
-# End /etc/aliases
-EOF
-
-
- To protect an existing /etc/aliases file,
- the above command appends these aliases to it if it exists. This file
- should be checked and duplicate aliases removed, if present.
-
-
-
- The BLFS editors recommend to use LMDB instead of Berkeley DB for
- Postfix tables. Add three lines into
- /etc/postfix/main.cf to make
- postmap encode the lookup tables in the LMDB
- format by default and to change the default hash setting of the
- alias tables:
-
-
-echo 'default_database_type = lmdb' >> /etc/postfix/main.cf &&
-echo 'alias_database = lmdb:/etc/aliases' >> /etc/postfix/main.cf &&
-echo 'alias_maps = lmdb:/etc/aliases' >> /etc/postfix/main.cf
-
-
- To protect your server against the recent SMTP smuggling attacks,
- additional steps are required. Add two lines into
- /etc/postfix/main.cf to disconnect remote SMTP
- clients that send bare newlines in the DATA section, while also
- allowing clients on your network with non-standard SMTP implementations
- to still send mail:
-
-
-echo 'smtpd_forbid_bare_newline = normalize' >> /etc/postfix/main.cf &&
-echo 'smtpd_forbid_bare_newline_exclusions = $mynetworks' >> /etc/postfix/main.cf
-
-
- Note that if you are following an online tutorial to configure
- Postfix, the tutorial may refer to a lookup table with
- hash:/path/to/lookup_table. You should replace
- hash with lmdb in order to use
- a lookup table encoded in the LMDB format.
-
-
-
-
- The /etc/postfix/main.cf and
- /etc/postfix/master.cf files must be personalized
- for your system. The main.cf file needs your
- fully qualified hostname. You will find that
- main.cf is self documenting, so load it into your
- editor to make the changes you need for your situation.
-
-
-
-
-
- Postfix can also be set up to
- run in a chroot jail. See the file in the source
- examples/chroot-setup/LINUX2 for details.
-
-
-
-
- To ensure that all permissions are set properly, postfix
- provides a tool which is to be run as the
- root user:
-
-
-/usr/sbin/postfix -c /etc/postfix set-permissions
-
-
- If you have an existing configuration, you can run the
- postfix utility to add any necessary definitions to
- your existing files. As the
- root user:
-
-
-/usr/sbin/postfix upgrade-configuration
-
-
- Before starting Postfix, you should check
- that your configuration and file permissions will work properly. Run the
- following commands as the root
- user to check and start your Postfix server:
-
-
-/usr/sbin/postfix check &&
-/usr/sbin/postfix start
-
-
-
-
- Boot Script
- Systemd Unit
-
-
- To automate the running of Postfix at startup, install the
- /etc/rc.d/init.d/postfix
- init script
- postfix.service
- unit included in the
-
- package:
-
-
-
- postfix
-
-
-make install-postfix
-
-
-
-
-
-
- Contents
-
-
- Installed Programs
- Installed Libraries
- Installed Directories
-
-
-
- mailq (symlink), newaliases (symlink), postalias, postcat, postconf,
- postdrop, postfix, postkick, postlock, postlog, postmap, postmulti,
- postqueue, postsuper, and sendmail
-
-
- None
-
-
- /{etc,usr/lib}/postfix,
- /usr/share/doc/postfix-&postfix-version; and
- /var/{lib,spool}/postfix
-
-
-
-
-
- Short Descriptions
-
-
-
-
- mailq
-
-
- A symlink to sendmail
-
-
- mailq
-
-
-
-
-
- newaliases
-
-
- A symlink to sendmail
-
-
- newaliases
-
-
-
-
-
- postalias
-
-
- is a utility for Postfix alias database
- maintenance
-
-
- postalias
-
-
-
-
-
- postcat
-
-
- Prints the contents of files from the
- Postfix queue in human readable format
-
-
- postcat
-
-
-
-
-
- postconf
-
-
- Displays or changes the value of
- Postfix configuration parameters
-
-
- postconf
-
-
-
-
-
- postdrop
-
-
- Creates a file in the maildrop directory and copies its standard
- input to the file
-
-
- postdrop
-
-
-
-
-
- postfix
-
-
- is the Postfix control program
-
-
- postfix
-
-
-
-
-
- postkick
-
-
- Sends requests to the specified service over a local transport
- channel
-
-
- postkick
-
-
-
-
-
- postlock
-
-
- Locks a mail folder for exclusive use, and executes commands passed
- to it
-
-
- postlock
-
-
-
-
-
- postlog
-
-
- A Postfix-compatible logging interface
- for use in, for example, shell scripts
-
-
- postlog
-
-
-
-
-
- postmap
-
-
- Creates or queries one or more Postfix lookup tables, or updates an
- existing one
-
-
- postmap
-
-
-
-
-
- postmulti
-
-
- is the Postfix multi-instance manager.
- It allows a system administrator to manage multiple
- Postfix instances on a single host
-
-
- postmulti
-
-
-
-
-
- postqueue
-
-
- The Postfix user interface for
- queue management
-
-
- postqueue
-
-
-
-
-
- postsuper
-
-
- The Postfix user interface for
- superuser queue management
-
-
- postsuper
-
-
-
-
-
- sendmail
-
-
- is the Postfix to
- Sendmail compatibility interface
-
-
- sendmail
-
-
-
-
-
-
-
-
-
diff --git a/server/mail/sendmail.xml b/server/mail/sendmail.xml
deleted file mode 100644
index 2719e1cc5b..0000000000
--- a/server/mail/sendmail.xml
+++ /dev/null
@@ -1,521 +0,0 @@
-
-
- %general-entities;
-
-
-
-
-
-
-
-]>
-
-
-
-
-
- sendmail-&sendmail-version;
-
-
- sendmail
-
-
-
- Introduction to sendmail
-
-
- The sendmail package contains a Mail
- Transport Agent (MTA).
-
-
- &lfs121_checked;
-
- Package Information
-
-
-
- Download (HTTP):
-
-
-
-
- Download (FTP):
-
-
-
-
- Download MD5 sum: &sendmail-md5sum;
-
-
-
-
- Download size: &sendmail-size;
-
-
-
-
- Estimated disk space required: &sendmail-buildsize;
-
-
-
-
- Estimated build time: &sendmail-time;
-
-
-
-
-
-
- sendmail Dependencies
-
- Required
-
- (client)
-
-
- Recommended
-
-
-
-
- Optional
-
- (for creating PDF documentation),
- (the configuration proposed below requires
- that procmail be present at run-time), and
- nph
-
-
-
-
-
- Installation of sendmail
-
-
- Before building sendmail, create the
- required user, group and directory with the following commands issued as
- the root user:
-
-
-groupadd -g 26 smmsp &&
-useradd -c "Sendmail Daemon" -g smmsp -d /dev/null \
- -s /bin/false -u 26 smmsp &&
-chmod -v 1777 /var/mail &&
-install -v -m700 -d /var/spool/mqueue
-
-
-
- See the source tree sendmail/README file
- for information on linking optional packages into the build. Use the
- example below, which adds support for SASL, StartTLS
- (OpenSSL) and
- OpenLDAP, as a starting point. Of course,
- modify it to suit your particular needs.
-
-
-
-cat >> devtools/Site/site.config.m4 << "EOF"
-APPENDDEF(`confENVDEF',`-DSTARTTLS -DSASL -DLDAPMAP -DHASFLOCK')
-APPENDDEF(`confLIBS', `-lssl -lcrypto -lsasl2 -lldap -llber')
-APPENDDEF(`confINCDIRS', `-I/usr/include/sasl')
-EOF
-
-
- Install sendmail with the following commands:
-
-
-cat >> devtools/Site/site.config.m4 << "EOF"
-define(`confMANGRP',`root')
-define(`confMANOWN',`root')
-define(`confSBINGRP',`root')
-define(`confUBINGRP',`root')
-define(`confUBINOWN',`root')
-EOF
-
-sed -i 's|/usr/man/man|/usr/share/man/man|' \
- devtools/OS/Linux &&
-
-cd sendmail &&
-sh Build &&
-cd ../cf/cf &&
-cp generic-linux.mc sendmail.mc &&
-sh Build sendmail.cf
-
-
- This package does not come with a test suite.
-
-
-
-
- Now, as the root user:
-
-
-install -v -d -m755 /etc/mail &&
-sh Build install-cf &&
-
-cd ../.. &&
-sh Build install &&
-
-install -v -m644 cf/cf/{submit,sendmail}.mc /etc/mail &&
-cp -v -R cf/* /etc/mail &&
-
-install -v -m755 -d /usr/share/doc/sendmail-&sendmail-version;/{cf,sendmail} &&
-
-install -v -m644 CACerts FAQ KNOWNBUGS LICENSE PGPKEYS README RELEASE_NOTES \
- /usr/share/doc/sendmail-&sendmail-version; &&
-
-install -v -m644 sendmail/{README,SECURITY,TRACEFLAGS,TUNING} \
- /usr/share/doc/sendmail-&sendmail-version;/sendmail &&
-
-install -v -m644 cf/README /usr/share/doc/sendmail-&sendmail-version;/cf &&
-
-for manpage in sendmail editmap mailstats makemap praliases smrsh
-do
- install -v -m644 $manpage/$manpage.8 /usr/share/man/man8
-done &&
-
-install -v -m644 sendmail/aliases.5 /usr/share/man/man5 &&
-install -v -m644 sendmail/mailq.1 /usr/share/man/man1 &&
-install -v -m644 sendmail/newaliases.1 /usr/share/man/man1 &&
-install -v -m644 vacation/vacation.1 /usr/share/man/man1
-
-
- Install the sendmail Installation and
- Operations Guide with the following commands:
-
-
-
-
- Remove op.pdf from the make
- and install commands below if
- you don't have Ghostscript installed.
-
-
-
-cd doc/op &&
-sed -i 's/groff/GROFF_NO_SGR=1 groff/' Makefile &&
-make op.txt op.pdf
-
-
- Now, as the root user:
-
-
-install -v -d -m755 /usr/share/doc/sendmail-&sendmail-version; &&
-install -v -m644 op.ps op.txt op.pdf /usr/share/doc/sendmail-&sendmail-version; &&
-cd ../..
-
-
-
-
- Command Explanations
-
-
- cat > devtools/Site/site.config.m4 << "EOF":
- This creates a configuration file changing some of the default settings.
-
-
-
- sed ... devtools/OS/Linux: The site.config.m4
- does not honor a change to the man directory, so fix it in the OS
- definitions.
-
-
-
-
-
- sh Build; sh Build sendmail.cf; sh Build install-cf;
- sh Build install: sendmail uses an
- m4 based build script to create the various
- Makefiles. These commands build and install the
- package.
-
-
-
- for manpage in...;do...;done; install ...: The man
- pages are installed already formatted and man displays
- them somewhat garbled. These commands replace the formatted pages with
- pages man can display properly.
-
-
-
-
-
- Configuring sendmail
-
-
- Config Files
-
-
- /etc/mail/*
-
-
-
- /etc/mail/*
-
-
-
-
-
- Configuration Information
-
-
-
- Ensure you have a fully qualified domain name defined
- in /etc/hosts for your system before proceeding.
-
-
-
-
- Create the /etc/mail/local-host-names and
- /etc/mail/aliases files using the following
- commands as the root user:
-
-
-echo $(hostname) > /etc/mail/local-host-names
-cat > /etc/mail/aliases << "EOF"
-postmaster: root
-MAILER-DAEMON: root
-
-EOF
-# Does not work if there is no database backend compiled in:
-#newaliases
-
-
- sendmail's primary configuration file,
- /etc/mail/sendmail.cf, is complex and not meant to
- be directly edited. The recommended method for changing it is to modify
- /etc/mail/sendmail.mc and various
- m4 files, then run the m4
- macro processor from within
- /etc/mail as follows:
-
-
-cd /etc/mail &&
-m4 m4/cf.m4 sendmail.mc > sendmail.cf
-
-
- A full explanation of the files to modify, and the available
- parameters can be found in /etc/mail/README.
-
-
-
-
-
- Boot Script
- Systemd Unit
-
-
- To automate the running of sendmail
- at startup, install the
- /etc/rc.d/init.d/sendmail
- init script
- sendmail.service
- unit included in the
-
- package:
-
-
-
- sendmail
-
-
-make install-sendmail
-
-
-
- The -qNm option to sendmail, where N is number
- of minutes, controls how often sendmail
- will process the mail queue. A default of 5 minutes is used in the
- init script.
- systemd unit. Individual
- workstation users may want to set this as low as 1 minute, large
- installations handling more mail may want to set it higher.
-
-
-
-
-
-
-
-
- Contents
-
-
- Installed Programs
- Installed Libraries
- Installed Directories
-
-
- editmap, mailstats, makemap, praliases, sendmail, smrsh,
- and vacation; symlinks to /usr/sbin/sendmail: hoststat, mailq,
- newaliases, and purgestat
- None
- /etc/mail, /usr/share/doc/sendmail-&sendmail-version;,
- and /var/spool/clientmqueue
-
-
-
-
- Short Descriptions
-
-
-
-
- editmap
-
-
- queries and edits sendmail map files
-
-
- editmap
-
-
-
-
-
- hoststat
-
-
- prints sendmail's persistent host status
-
-
- hoststat
-
-
-
-
-
- mailstats
-
-
- displays sendmail statistics
-
-
- mailstats
-
-
-
-
-
- mailq
-
-
- prints a summary of outbound mail messages waiting for delivery
-
-
- mailq
-
-
-
-
-
- makemap
-
-
- creates sendmail map files
-
-
- makemap
-
-
-
-
-
- newaliases
-
-
- rebuilds /etc/mail/aliases.db from the
- contents of /etc/mail/aliases
-
-
- newaliases
-
-
-
-
-
- praliases
-
-
- displays current sendmail aliases
-
-
- praliases
-
-
-
-
-
- purgestat
-
-
- causes sendmail to clear (purge)
- all its host-status information
-
-
- purgestat
-
-
-
-
-
- sendmail
-
-
- is the sendmail mail transport agent
-
-
- sendmail
-
-
-
-
-
- smrsh
-
-
- is a restricted shell for sendmail
-
-
- smrsh
-
-
-
-
-
- vacation
-
-
- is an email auto responder
-
-
- vacation
-
-
-
-
-
-
-
-
-
diff --git a/server/major/apache.xml b/server/major/apache.xml
deleted file mode 100644
index 00155cf722..0000000000
--- a/server/major/apache.xml
+++ /dev/null
@@ -1,548 +0,0 @@
-
-
- %general-entities;
-
-
-
-
-
-
-
-]>
-
-
-
-
-
- Apache-&apache-version;
-
-
- Apache
-
-
-
- Introduction to Apache HTTPD
-
-
- The Apache HTTPD package contains an open-source HTTP
- server. It is useful for creating local intranet web sites or running huge
- web serving operations.
-
-
- &lfs121_checked;
-
- Package Information
-
-
-
- Download (HTTP):
-
-
-
-
- Download (FTP):
-
-
-
-
- Download MD5 sum: &apache-md5sum;
-
-
-
-
- Download size: &apache-size;
-
-
-
-
- Estimated disk space required: &apache-buildsize;
-
-
-
-
- Estimated build time: &apache-time;
-
-
-
-
- Additional Downloads
-
-
-
- Required patch:
-
-
-
-
-
- Apache HTTPD Dependencies
-
- Required
-
- and
-
-
-
- Optional
-
- ,
- ,
- ,
- ,
- ,
- or
- or
- ELinks,
- ,
- ( needs to be
- installed with ldap support),
- ,
- &berkeley-db;, and
- Distcache
-
-
-
-
-
- Installation of Apache HTTPD
-
-
- For security reasons, running the server as an unprivileged user and group
- is strongly encouraged. Create the following group and user using the
- following commands as root:
-
-
-groupadd -g 25 apache &&
-useradd -c "Apache Server" -d /srv/www -g apache \
- -s /bin/false -u 25 apache
-
-
- Build and install Apache HTTPD by running the
- following commands:
-
-
-patch -Np1 -i ../httpd-&apache-version;-blfs_layout-1.patch &&
-
-sed '/dir.*CFG_PREFIX/s@^@#@' -i support/apxs.in &&
-
-sed -e '/HTTPD_ROOT/s:${ap_prefix}:/etc/httpd:' \
- -e '/SERVER_CONFIG_FILE/s:${rel_sysconfdir}/::' \
- -e '/AP_TYPES_CONFIG_FILE/s:${rel_sysconfdir}/::' \
- -i configure &&
-
-sed -e '/encoding.h/a # include <libxml/xmlstring.h>' \
- -i modules/filters/mod_xml2enc.c &&
-
-./configure --enable-authnz-fcgi \
- --enable-layout=BLFS \
- --enable-mods-shared="all cgi" \
- --enable-mpms-shared=all \
- --enable-suexec=shared \
- --with-apr=/usr/bin/apr-1-config \
- --with-apr-util=/usr/bin/apu-1-config \
- --with-suexec-bin=/usr/lib/httpd/suexec \
- --with-suexec-caller=apache \
- --with-suexec-docroot=/srv/www \
- --with-suexec-logfile=/var/log/httpd/suexec.log \
- --with-suexec-uidmin=100 \
- --with-suexec-userdir=public_html &&
-make
-
-
- This package does not come with a test suite.
-
-
-
- Now, as the root user:
-
-
-make install &&
-
-mv -v /usr/sbin/suexec /usr/lib/httpd/suexec &&
-chgrp apache /usr/lib/httpd/suexec &&
-chmod 4754 /usr/lib/httpd/suexec &&
-
-chown -v -R apache:apache /srv/www
-
-
-
-
- Command Explanations
-
-
- sed '/dir.*CFG_PREFIX/s@^@#@'...: Forces the
- apxs utility to use absolute pathnames for
- modules, when instructed to do so.
-
-
-
- sed -e '/HTTPD_ROOT/s ...: Fixes some paths.
-
-
-
- sed -e '/encoding.h/a ...; Fix building against
- libxml-2.12.x.
-
-
-
- --enable-authnz-fcgi: Build FastCGI
- authorizer-based authentication and authorization (mod_authnz_fcgi.so
- fast CGI module).
-
-
-
- --enable-mods-shared="all cgi": The modules should be
- compiled and used as Dynamic Shared Objects (DSOs) so they can be included
- and excluded from the server using the run-time configuration directives.
-
-
-
- --enable-mpms-shared=all: This switch ensures that
- all MPM (Multi Processing Modules) are built as Dynamic Shared Objects
- (DSOs), so the user can choose which one to use at runtime.
-
-
-
- --enable-suexec: This switch enables building of the
- Apache suEXEC module which can be used to allow
- users to run CGI and SSI scripts under user IDs different from the user ID
- of the calling web server.
-
-
-
- --with-suexec-*: These switches control suEXEC module
- behavior, such as default document root, minimal UID that can be used to
- run the script under the suEXEC. Please note that with minimal UID 100, you
- can't run CGI or SSI scripts under suEXEC as the
- apache user.
-
-
-
- ... /usr/lib/httpd/suexec: These commands put
- suexec wrapper into proper location, since it
- is not meant to be run directly. They also adjust proper
- permissions of the binary, making it setgid
- apache.
-
-
-
- chown -R apache:apache /srv/www: By default, the
- installation process installs files (documentation, error messages,
- default icons, etc.) with the ownership of the user that extracted the
- files from the tar file. If you want to change the ownership to another
- user, you should do so at this point. The only requirement is that the
- document directories need to be accessible by the httpd
- process with (r-x) permissions and files need to be readable (r--) by the
- apache user.
-
-
-
-
-
- Configuring Apache
-
-
- Config Files
-
-
- /etc/httpd/httpd.conf and
- /etc/httpd/extra/*
-
-
-
- /etc/httpd/httpd.conf
-
-
-
- /etc/httpd/extra/*
-
-
-
-
-
- Configuration Information
-
-
- See
- for detailed instructions on customising your
- Apache HTTP server configuration file.
-
-
-
- There is no reason, at least for internet facing sites, not
- to use SSL encryption. Setting up a secured website does not cost
- anything except installing one additional small tool and a few
- minutes of configuration work. Use this guideline at
- to create
- world-wide accepted certificates and renew them on a regular basis.
-
-
-
-
-
- Boot Script
- Systemd Unit
-
-
- If you want the Apache server to
- start automatically when the system is booted, install the
- /etc/rc.d/init.d/httpd
- init script
- httpd.service
- unit included in the
-
- package:
-
-
-
- apache
-
-
-make install-httpd
-
-
-
-
-
-
- Contents
-
-
- Installed Programs
- Installed Libraries
- Installed Directories
-
-
-
- ab, apachectl, apxs, checkgid, dbmmanage, fcgistarter,
- htcacheclean, htdbm, htdigest, htpasswd, httpd,
- httxt2dbm, logresolve, and rotatelogs
-
-
-
- Several libraries under /usr/lib/httpd/modules/
-
-
- /etc/httpd,
- /srv/www,
- /usr/include/httpd,
- /usr/lib/httpd,
- /usr/share/httpd,
- /var/log/httpd, and
- /var/run/httpd
-
-
-
-
-
- Short Descriptions
-
-
-
-
- ab
-
-
- is a tool for benchmarking your Apache
- HTTP server
-
-
- ab
-
-
-
-
-
- apachectl
-
-
- is a front end to the Apache HTTP server
- which is designed to help the administrator control the functioning
- of the Apache httpd daemon
-
-
- apachectl
-
-
-
-
-
- apxs
-
-
- is a tool for building and installing extension modules for the
- Apache HTTP server
-
-
- apxs
-
-
-
-
-
- checkgid
-
-
- is a program that checks whether it can setgid to the group
- specified. This is to see if it is a valid group for Apache2 to use
- at runtime. If the user (should be run as superuser) is in that
- group, or can setgid to it, it will return 0
-
-
- checkgid
-
-
-
-
-
- dbmmanage
-
-
- is used to create and update the DBM format files used to store
- usernames and passwords for basic authentication of HTTP users
-
-
- dbmmanage
-
-
-
-
-
- fcgistarter
-
-
- is a tool to start a FastCGI program
-
-
- fcgistarter
-
-
-
-
-
- htcacheclean
-
-
- is used to clean up the disk cache
-
-
- htcacheclean
-
-
-
-
-
- htdbm
-
-
- is used to manipulate the DBM password databases
-
-
- htdbm
-
-
-
-
-
- htdigest
-
-
- is used to create and update the flat-files used to store usernames,
- realms and passwords for digest authentication of HTTP users
-
-
- htdigest
-
-
-
-
-
- htpasswd
-
-
- is used to create and update the flat-files used to store usernames
- and passwords for basic authentication of HTTP users
-
-
- htpasswd
-
-
-
-
-
- httpd
-
-
- is the Apache HTTP server program
-
-
- httpd
-
-
-
-
-
- httxt2dbm
-
-
- is used to generate DBM files from text, for use in RewriteMap
-
-
- httxt2dbm
-
-
-
-
-
- logresolve
-
-
- is a post-processing program to resolve IP-addresses in
- Apache's access log files
-
-
- logresolve
-
-
-
-
-
- rotatelogs
-
-
- is a simple program for use in conjunction with
- Apache's piped log file feature
-
-
- rotatelogs
-
-
-
-
-
- suexec
-
-
- allows users to run CGI and SSI applications as a different user
-
-
- suexec
-
-
-
-
-
-
-
-
-
diff --git a/server/major/bind.xml b/server/major/bind.xml
deleted file mode 100644
index 3b5122b530..0000000000
--- a/server/major/bind.xml
+++ /dev/null
@@ -1,980 +0,0 @@
-
-
- %general-entities;
-
-
-
-
-
-
-
-]>
-
-
-
-
-
- BIND-&bind-version;
-
-
- BIND
-
-
-
- Introduction to BIND
-
-
- The BIND package provides a DNS server
- and client utilities. If you are only interested in the utilities, refer
- to the .
-
-
- &lfs121_checked;
-
- Package Information
-
-
-
- Download (HTTP):
-
-
-
-
- Download (FTP):
-
-
-
-
- Download MD5 sum: &bind-md5sum;
-
-
-
-
- Download size: &bind-size;
-
-
-
-
- Estimated disk space required: &bind-buildsize;
-
-
-
-
- Estimated build time: &bind-time;
-
-
-
-
- BIND Dependencies
-
- Required
-
-
-
-
- Recommended
-
- ,
- , and
-
-
-
- Optional
-
- ,
- ,
- ,
- ,
- ,
- ,
- (required to build documentation),
- cmocka,
- geoip,
- jemalloc,
- w3m
-
-
- Optional database backends
-
- or MySQL,
- ,
- ,
- , and
- &berkeley-db;
-
-
- Optional (to run the test suite)
-
-
-
-
-
- Editor Notes:
-
-
-
-
-
- Installation of BIND
-
-
-
-
-
- Starting with bind-9.18.20, the IP addresses for B.ROOT-SERVERS.NET
- have changed.
-
-
-
-
- Install BIND by running the
- following commands:
-
-
-./configure --prefix=/usr \
- --sysconfdir=/etc \
- --localstatedir=/var \
- --mandir=/usr/share/man \
- --disable-static &&
-make
-
-
- Issue the following commands to run the complete suite of tests.
- First, as the root user, set up
- some test interfaces:
-
-
-
-
- If IPv6 is not enabled in the kernel, there will be several
- error messages: "RTNETLINK answers: Operation not permitted". These
- messages do not affect the tests.
-
-
-
-bin/tests/system/ifconfig.sh up
-
-
- The test suite may indicate some skipped tests depending on
- what configuration options are used. Some tests are marked
- UNTESTED or do even fail if
- is not installed. Two tests, resolver and
- dispatch, are known to fail.
- To run the tests, as an unprivileged user, execute:
-
-
-make -k check
-
-
- Again as root, clean up the
- test interfaces:
-
-
-bin/tests/system/ifconfig.sh down
-
-
- Finally, install the package as the root user:
-
-
-
-make install
-
-
-
-
- Command Explanations
-
-
- --sysconfdir=/etc: This parameter forces
- BIND to look for configuration
- files in /etc instead of
- /usr/etc.
-
-
-
-
-
- : This parameter enables
- the IDNA2008 (Internationalized Domain Names in Applications)
- support.
-
-
-
- : Use this option if you want
- to be able to limit the rate of recursive client queries. This may be
- useful on servers which receive a large number of queries.
-
-
-
- : BIND can also be built without
- capability support by using this option, at the cost of some loss of
- security.
-
-
-
- : Use
- one (or more) of those options to add Dynamically Loadable Zones support.
- For more information refer to bind-dlz.sourceforge.net.
-
-
-
- : Use this option if you do not have
- installed and do not need support
- for DNS over HTTPS.
-
-
-
-
-
-
-
- Configuring BIND
-
-
- Config files
-
-
- named.conf,
- root.hints,
- 127.0.0,
- rndc.conf, and
- resolv.conf
-
-
-
- /etc/named.conf
-
-
-
- /etc/rndc.conf
-
-
-
- /etc/resolv.conf
-
-
-
- /etc/namedb/root.hints
-
-
-
- /etc/namedb/pz/127.0.0.0
-
-
-
-
- Configuration Information
-
-
- BIND will be configured to run in a
- chroot jail as an unprivileged user (named). This configuration is more secure
- in that a DNS compromise can only affect a few files in the named user's HOME
- directory.
-
-
-
- Create the unprivileged user and group named:
-
-
-groupadd -g 20 named &&
-useradd -c "BIND Owner" -g named -s /bin/false -u 20 named &&
-install -d -m770 -o named -g named /srv/named
-
-
- Set up some files, directories and devices needed by
- BIND:
-
-
-mkdir -p /srv/named &&
-cd /srv/named &&
-mkdir -p dev etc/named/{slave,pz} usr/lib/engines var/run/named &&
-mknod /srv/named/dev/null c 1 3 &&
-mknod /srv/named/dev/urandom c 1 9 &&
-chmod 666 /srv/named/dev/{null,urandom} &&
-cp /etc/localtime etc
-
-
- The rndc.conf file contains information for
- controlling named operations with the
- rndc utility. Generate a key for use in the
- named.conf and rndc.conf
- with the rndc-confgen command:
-
-
-rndc-confgen -a -b 512 -t /srv/named
-
-
- Create the named.conf file from which
- named will read the location of zone files, root
- name servers and secure DNS keys:
-
-
-cat >> /srv/named/etc/named.conf << "EOF"
-options {
- directory "/etc/named";
- pid-file "/var/run/named.pid";
- statistics-file "/var/run/named.stats";
-
-};
-zone "." {
- type hint;
- file "root.hints";
-};
-zone "0.0.127.in-addr.arpa" {
- type master;
- file "pz/127.0.0";
-};
-
-// Bind 9 now logs by default through syslog (except debug).
-// These are the default logging rules.
-
-logging {
- category default { default_syslog; default_debug; };
- category unmatched { null; };
-
- channel default_syslog {
- syslog daemon; // send to syslog's daemon
- // facility
- severity info; // only send priority info
- // and higher
- };
-
- channel default_debug {
- file "named.run"; // write to named.run in
- // the working directory
- // Note: stderr is used instead
- // of "named.run"
- // if the server is started
- // with the '-f' option.
- severity dynamic; // log at the server's
- // current debug level
- };
-
- channel default_stderr {
- stderr; // writes to stderr
- severity info; // only send priority info
- // and higher
- };
-
- channel null {
- null; // toss anything sent to
- // this channel
- };
-};
-EOF
-
-
- Create a zone file with the following contents:
-
-
-cat > /srv/named/etc/named/pz/127.0.0 << "EOF"
-$TTL 3D
-@ IN SOA ns.local.domain. hostmaster.local.domain. (
- 1 ; Serial
- 8H ; Refresh
- 2H ; Retry
- 4W ; Expire
- 1D) ; Minimum TTL
- NS ns.local.domain.
-1 PTR localhost.
-EOF
-
-
- Create the root.hints file with the following
- commands:
-
-
-
-
- Caution must be used to ensure there are no leading spaces in
- this file.
-
-
-
-cat > /srv/named/etc/named/root.hints << "EOF"
-. 6D IN NS A.ROOT-SERVERS.NET.
-. 6D IN NS B.ROOT-SERVERS.NET.
-. 6D IN NS C.ROOT-SERVERS.NET.
-. 6D IN NS D.ROOT-SERVERS.NET.
-. 6D IN NS E.ROOT-SERVERS.NET.
-. 6D IN NS F.ROOT-SERVERS.NET.
-. 6D IN NS G.ROOT-SERVERS.NET.
-. 6D IN NS H.ROOT-SERVERS.NET.
-. 6D IN NS I.ROOT-SERVERS.NET.
-. 6D IN NS J.ROOT-SERVERS.NET.
-. 6D IN NS K.ROOT-SERVERS.NET.
-. 6D IN NS L.ROOT-SERVERS.NET.
-. 6D IN NS M.ROOT-SERVERS.NET.
-A.ROOT-SERVERS.NET. 6D IN A 198.41.0.4
-A.ROOT-SERVERS.NET. 6D IN AAAA 2001:503:ba3e::2:30
-B.ROOT-SERVERS.NET. 6D IN A 170.247.170.2
-B.ROOT-SERVERS.NET. 6D IN AAAA 2801:1b8:10::b
-C.ROOT-SERVERS.NET. 6D IN A 192.33.4.12
-C.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:2::c
-D.ROOT-SERVERS.NET. 6D IN A 199.7.91.13
-D.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:2d::d
-E.ROOT-SERVERS.NET. 6D IN A 192.203.230.10
-E.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:a8::e
-F.ROOT-SERVERS.NET. 6D IN A 192.5.5.241
-F.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:2f::f
-G.ROOT-SERVERS.NET. 6D IN A 192.112.36.4
-G.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:12::d0d
-H.ROOT-SERVERS.NET. 6D IN A 198.97.190.53
-H.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:1::53
-I.ROOT-SERVERS.NET. 6D IN A 192.36.148.17
-I.ROOT-SERVERS.NET. 6D IN AAAA 2001:7fe::53
-J.ROOT-SERVERS.NET. 6D IN A 192.58.128.30
-J.ROOT-SERVERS.NET. 6D IN AAAA 2001:503:c27::2:30
-K.ROOT-SERVERS.NET. 6D IN A 193.0.14.129
-K.ROOT-SERVERS.NET. 6D IN AAAA 2001:7fd::1
-L.ROOT-SERVERS.NET. 6D IN A 199.7.83.42
-L.ROOT-SERVERS.NET. 6D IN AAAA 2001:500:9f::42
-M.ROOT-SERVERS.NET. 6D IN A 202.12.27.33
-M.ROOT-SERVERS.NET. 6D IN AAAA 2001:dc3::35
-EOF
-
-
- The root.hints file is a list of root name
- servers. This file must be updated periodically with the
- dig utility. A current copy of root.hints can be
- obtained from .
- For details, consult the "BIND 9 Administrator Reference Manual".
-
-
-
- Create or modify resolv.conf to use the new
- name server with the following commands:
-
-
-
-
- Replace <yourdomain.com> with
- your own valid domain name.
-
-
-
-cp /etc/resolv.conf /etc/resolv.conf.bak &&
-cat > /etc/resolv.conf << "EOF"
-search <yourdomain.com>
-nameserver 127.0.0.1
-EOF
-
-
- Set permissions on the chroot jail with the
- following command:
-
-
-chown -R named:named /srv/named
-
-
-
-
- Boot Script
- Systemd Unit
-
-
- To start the DNS server at boot, install the
- /etc/rc.d/init.d/bind init
- script
- named.service
- unit included in the
-
- package:
-
-
-
- bind
-
-
-make install-bind
-make install-named
-
-
- Now start BIND with the following command:
-
-
-/etc/rc.d/init.d/bind start
-systemctl start named
-
-
-
-
- Testing BIND
-
-
- Test out the new BIND 9 installation.
- First query the local host address with dig:
-
-
-dig -x 127.0.0.1
-
-
- Now try an external name lookup, taking note of the speed
- difference in repeated lookups due to the caching. Run the
- dig command twice on the same address:
-
-
-dig www.&lfs-domainname; &&
-dig www.&lfs-domainname;
-
-
- You can see almost instantaneous results with the named caching
- lookups. Consult the BIND Administrator
- Reference Manual (see below) for further configuration options.
-
-
-
-
-
-
-
- Administrator Reference Manual (ARM)
-
-
- The ARM documentation (do not confuse with the processor architecture)
- is included in the source package. The documentation is in .rst
- format which means that it can be converted in human readable formats
- if is installed.
-
-
-
- When BIND is set up, especially if it is going
- to be operating in a real live scenario, it is highly
- recommended to consult the ARM documentation. ISC provides an
- updated set of excellent documentation along with every release
- so it can be easily viewed and/or downloaded – so there is
- no excuse to not read the docs. The formats ISC provides are PDF,
- epub and html at .
-
-
-
-
- Contents
-
-
- Installed Programs
- Installed Libraries
- Installed Directories
-
-
-
- arpaname, ddns-confgen, delv, dig, dnssec-cds,
- dnssec-dsfromkey, dnssec-importkey, dnssec-keyfromlabel, dnssec-keygen,
- dnssec-revoke, dnssec-settime, dnssec-signzone,
- dnssec-verify, host, mdig, named, named-checkconf,
- named-checkzone, named-compilezone, named-journalprint,
- named-nzd2nzf, named-rrchecker, nsec3hash, nslookup, nsupdate, rndc,
- rndc-confgen, and tsig-keygen (symlink)
-
- libbind9.so, libdns.so, libirs.so, libisc.so, libisccc.so,
- libisccfg.so, and libns.so
-
- /usr/include/{bind9,dns,dst,irs,isc,isccc,isccfg,ns},
- /usr/lib/bind,
- and /srv/named
-
-
-
-
- Short Descriptions
-
-
-
-
- arpaname
-
-
- translates IP addresses to the corresponding ARPA names
-
-
- arpaname
-
-
-
-
-
- ddns-confgen
-
-
- generates a key for use by nsupdate and named
-
-
- ddns-confgen
-
-
-
-
-
- delv
-
-
- is a new debugging tool that is a successor to
- dig
-
-
- delv
-
-
-
-
-
- dig
-
-
- interrogates DNS servers
-
-
- dig
-
-
-
-
-
- dnssec-cds
-
-
- changes DS records for a child zone based on
- CDS/CDNSKEY
-
-
- dnssec-cds
-
-
-
-
-
- dnssec-dsfromkey
-
-
- outputs the Delegation Signer (DS) resource record (RR)
-
-
- dnssec-dsfromkey
-
-
-
-
-
- dnssec-importkey
-
-
- reads a public DNSKEY record and generates a pair of
- .key/.private files
-
-
- dnssec-importkey
-
-
-
-
-
- dnssec-keyfromlabel
-
-
- gets keys with the given label from a cryptography hardware device
- and builds key files for DNSSEC
-
-
- dnssec-keyfromlabel
-
-
-
-
-
- dnssec-keymgr
-
-
- ensures correct DNSKEY coverage based on a defined policy
-
-
- dnssec-keymgr
-
-
-
-
-
- dnssec-revoke
-
-
- sets the REVOKED bit on a DNSSEC key
-
-
- dnssec-revoke
-
-
-
-
-
- dnssec-settime
-
-
- sets the key timing metadata for a DNSSEC key
-
-
- dnssec-settime
-
-
-
-
-
- dnssec-signzone
-
-
- generates signed versions of zone files
-
-
- dnssec-signzone
-
-
-
-
-
- dnssec-verify
-
-
- verifies that a zone is fully signed for each algorithm found
- in the DNSKEY RRset for the zone, and that the NSEC / NSEC3
- chains are complete
-
-
- dnssec-verify
-
-
-
-
-
- host
-
-
- is a utility for DNS lookups
-
-
- host
-
-
-
-
-
- mdig
-
-
- is a version of dig that allows multiple queries at once
-
-
- mdig
-
-
-
-
-
- named
-
-
- is the name server daemon
-
-
- named
-
-
-
-
-
- named-checkconf
-
-
- checks the syntax of named.conf
- files
-
-
- named-checkconf
-
-
-
-
-
- named-checkzone
-
-
- checks zone file validity
-
-
- named-checkzone
-
-
-
-
-
- named-compilezone
-
-
- is similar to named-checkzone, but it always
- dumps the zone contents to a specified file in a specified format
-
-
- named-compilezone
-
-
-
-
-
- named-journalprint
-
-
- prints the zone journal in human-readable form
-
-
- named-journalprint
-
-
-
-
-
- named-rrchecker
-
-
- reads an individual DNS resource record from standard input and
- checks if it is syntactically correct
-
-
- named-rrchecker
-
-
-
-
-
- named-nzd2nzf
-
-
- converts an NZD database to NZF text format
-
-
- named-nzd2nzf
-
-
-
-
-
- nsec3hash
-
-
- generates an NSEC3 hash based on a set of NSEC3 parameters
-
-
- nsec3hash
-
-
-
-
-
- nslookup
-
-
- is a program used to query Internet domain nameservers
-
-
- nslookup
-
-
-
-
-
- nsupdate
-
-
- is used to submit DNS update requests
-
-
- nsupdate
-
-
-
-
-
- rndc
-
-
- controls the operation of BIND
-
-
- rndc
-
-
-
-
-
- rndc-confgen
-
-
- generates rndc.conf files
-
-
- rndc-confgen
-
-
-
-
-
- tsig-keygen
-
-
- is a symlink to ddns-confgen
-
-
- tsig-keygen
-
-
-
-
-
-
-
-
-
diff --git a/server/major/kea-kernel.xml b/server/major/kea-kernel.xml
deleted file mode 100644
index 9aee57443a..0000000000
--- a/server/major/kea-kernel.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-
-
-
-[*] Networking support ---> [NET]
- Networking options --->
- <*/M> Packet socket [PACKET]
- [*] TCP/IP networking [INET]
- <*> The IPv6 protocol ---> [IPV6]
diff --git a/server/major/kea.xml b/server/major/kea.xml
deleted file mode 100644
index 76043c29c4..0000000000
--- a/server/major/kea.xml
+++ /dev/null
@@ -1,807 +0,0 @@
-
-
- %general-entities;
-
-
-
-
-
-
-
-
-]>
-
-
-
-
- Kea &kea-dhcp-version; DHCP Server
-
-
- Kea DHCP Server
-
-
-
- Introduction to ISC Kea DHCP Server
-
-
- The ISC Kea package contains the
- server programs for DHCP. It is the successor of the
- old ISC DHCP server which is end-of-life since December 2022.
-
-
- &lfs121_checked;
-
- Package Information
-
-
-
- Download (HTTP):
-
-
-
-
- Download (FTP):
-
-
-
-
- Download MD5 sum: &kea-md5sum;
-
-
-
-
- Download size: &kea-size;
-
-
-
-
- Estimated disk space required: &kea-buildsize;
-
-
-
-
- Estimated build time: &kea-time;
-
-
-
-
- Kea Dependencies
-
- Required
-
- and
-
-
-
- Optional
-
- ,
- ; for documentation:
- ,
- , and
- ; for tests:
- GoogleTest
-
-
- Optional database backends
-
- or MySQL, and
-
-
-
-
-
-
- Kernel Configuration
-
-
- You must have Packet Socket support. IPv6 support is optional.
-
-
-
-
-
- Kea
-
-
-
-
-
- Installation of ISC Kea DHCP Server
-
-
- First fix detection of Python-3.12 by the build system:
-
-
-sed -e 's/:3/:4/' \
- -i configure
-
-
- Remove one installation step that uses an obsolete python module:
-
-
-sed -e '/dlist="/d' \
- -i src/bin/shell/Makefile.in
-
-
- Install ISC Kea DHCP Server by running
- the following commands:
-
-
-./configure --prefix=/usr \
- --sysconfdir=/etc \
- --localstatedir=/var \
- --enable-shell \
- --with-openssl \
- --disable-static \
- --docdir=/usr/share/doc/kea-&kea-dhcp-version; &&
-make
-
-
- To test the results, you must have installed GoogleTest and kept
- its source. You should also have passed
- to
- configure above. Run the tests with
- make check. Three tests in the TLSTest suite are
- known to fail.
-
-
-
- To install the ISC Kea DHCP Server suite,
- issue the following commands as the
- root user:
-
-
-make -j1 install
-
-
-
-
- Command Explanations
-
-
- --enable-shell: Allows building
- kea-shell, a command line interface for
- the control agent.
-
-
-
- --with-openssl: Allows using OpenSSL for
- communicating with the control-agent and for DNS updates.
-
-
-
-
-
- or :
- ISC Kea can store the leases on a
- database. This might be useful in large environments running
- a cluster of DHCP servers. Using the memfile
- backend (which is a CSV file stored locally) is possible anyhow.
-
-
-
- :
- If documentation is to be rebuilt, add that option. Several
- dependencies must be installed for generating the documentation.
-
-
-
- make -j1 install: ISC does not recommend
- any form of parallel or job server options when doing the install.
-
-
-
-
-
- Configuring ISC Kea DHCP Server
-
-
- The support of IPv4, IPv6 and DDNS has been split into
- separate servers which runs independently from each other. Each
- of them has its own configuration file.
- Additional configuration files come from the keactrl agent which
- is used to control the servers in an easy way.
-
-
-
- Consult the
- Kea Administrator Reference Manual
- for detailed information about the configuration of
- ISC Kea as it is a quite capable system.
- The configuration shown below is a bare minimum to get a DHCP server
- running but it already includes configuration for DDNS (Dynamic DNS).
- That setup might be working for small networks with a few clients and
- low traffic. For greater installations with thousands of clients,
- ISC Kea can be configured to use databases
- (mariadb or postgresql) to store the leases and build a cluster with
- multiple nodes. It can be integrated to
- ISC Stork
- which is a management dashboard to ISC Kea.
-
-
-
- If you want to start the DHCP Server at boot, install the
- /etc/rc.d/init.d/kea-dhcpd
- init script
- kea-dhcpd.service
- unit included in the
-
-
- package:
-
-
-make install-kea-dhcpd
-
-
- Config Files
-
-
-
- /etc/kea/keactrl.conf,
-
- /etc/kea/kea-ctrl-agent.conf,
- /etc/kea/kea-dhcp4.conf,
- /etc/kea/kea-dhcp6.conf, and
- /etc/kea/kea-dhcp-ddns.conf
-
-
-
- /etc/kea/keactrl.conf
-
-
-
- /etc/kea/kea-ctrl-agent.conf
-
-
-
- /etc/kea/kea-dhcp4.conf
-
-
-
- /etc/kea/kea-dhcp6.conf
-
-
-
- /etc/kea/kea-dhcp-ddns.conf
-
-
-
-
- Kea Control Configuration
-
- keactrl is used to control the
- independent servers (IPv4, IPv6, DDNS). Its configuration file
- /etc/kea/keactrl.conf is installed by
- default and includes many path settings which are defined
- due to the configure at build time. It also
- includes settings to specify which of the servers should be
- started.
-
-
-
- Control Agent
- The Control Agent is a daemon which allows the
- (re)configuration of the Kea DHCP service via REST API.
- Set ctrl_agent=yes to start the
- control agent (service providing a REST API), set
- ctrl_agent=no in case the control agent
- is not needed.
-
-
- IPv4 DHCP server
- This daemon handles requests for IPv4 addresses.
- Set dhcp4=yes to start it, set
- dhcp4=no in case DHCP service for IPv4
- is not wanted.
-
-
- IPv6 DHCP server
- This daemon handles requests for IPv6 addresses.
- Set dhcp6=yes to start it, set
- dhcp6=no in case DHCP service for IPv6
- is not wanted.
-
-
- Dynamic DNS
- This daemon is used to update a DNS server dynamically
- when Kea assigns an IP address to a device.
- Set dhcp_ddns=yes to enable it, set
- dhcp_ddns=no in case dynamic DNS updates
- are not wanted.
-
-
-
-
- The Netconf service is not installed because required
- dependencies are not covered by the current BLFS book.
-.
-
-
- With the following command, Kea will be configured to
- start the dhcp service for IPv4 and the
- dynamic DNS update, while the control agent and
- the dhcp service for IPv6 remain down. Tweak the command to
- match your needs on started services and execute as the
- &root; user:
-
-
-sed -e "s/^dhcp4=.*/dhcp4=yes/" \
- -e "s/^dhcp6=.*/dhcp6=no/" \
- -e "s/^dhcp_ddns=.*/dhcp_ddns=yes/" \
- -e "s/^ctrl_agent=.*/ctrl_agent=no/" \
- -i /etc/kea/keactrl.conf
-
-
-
-
-
- Kea Configuration Using Systemd Units
-
-
- Four service units are used to start various daemons
- provided by Kea:
-
-
-
-
- Control Agent
-
- The Control Agent is a daemon which allows the
- (re)configuration of the Kea DHCP service via REST API.
- Run systemctl enable kea-ctrl-agent
- if this daemon is needed.
-
-
-
- IPv4 DHCP server
-
- This daemon handles requests for IPv4 addresses.
- Run systemctl enable kea-dhcp4-server to
- have it started by systemd.
-
-
-
- IPv6 DHCP server
-
- This daemon handles requests for IPv6 addresses.
- Run systemctl enable kea-dhcp6-server to
- have it started by systemd.
-
-
-
- Dynamic DNS
-
- This daemon is used to update a DNS server dynamically
- when Kea assigns an IP address to a device.
- Run systemctl enable kea-ddns-server to
- have it started by systemd.
-
-
-
-
- The Netconf service is not installed because required
- dependencies are not covered by the current BLFS book.
-
-
-
-
- Control Agent Configuration
-
-
- The provided configuration could be used without changes
- but in BLFS, objects like sockets are stored in
- /run
- rather than in
- /tmp.
-
-
-cat > /etc/kea/kea-ctrl-agent.conf << "EOF"
-// Begin /etc/kea/kea-ctrl-agent.conf
-{
- // This is a basic configuration for the Kea Control Agent.
- // RESTful interface to be available at http://127.0.0.1:8000/
- "Control-agent": {
- "http-host": "127.0.0.1",
- "http-port": 8000,
- "control-sockets": {
- "dhcp4": {
- "socket-type": "unix",
- "socket-name": "/run/kea4-ctrl-socket"
- },
- "dhcp6": {
- "socket-type": "unix",
- "socket-name": "/run/kea6-ctrl-socket"
- },
- "d2": {
- "socket-type": "unix",
- "socket-name": "/run/kea-ddns-ctrl-socket"
- }
- },
-
- "loggers": [
- {
- "name": "kea-ctrl-agent",
- "output_options": [
- {
- "output": "/var/log/kea-ctrl-agent.log",
- "pattern": "%D{%Y-%m-%d %H:%M:%S.%q} %-5p %m\n"
- }
- ],
- "severity": "INFO",
- "debuglevel": 0
- }
- ]
- }
-}
-// End /etc/kea/kea-ctrl-agent.conf
-EOF
-
-
-
-
- IPv4 DHCP Server Configuration
-
-
- A sample configuration file is created in /etc/kea/kea-dhcp4.conf.
- Adjust the file to suit your needs or overwrite it by running
- the following command as the &root; user (you'll need to edit this
- file anyway: at least the interfaces field,
- the ddns-qualifying-suffix field, and almost
- all the fields in Subnet4:
-
-
-cat > /etc/kea/kea-dhcp4.conf << "EOF"
-// Begin /etc/kea/kea-dhcp4.conf
-{
- "Dhcp4": {
- // Add names of your network interfaces to listen on.
- "interfaces-config": {
- "interfaces": [ "eth0", "eth2" ]
- },
-
- "control-socket": {
- "socket-type": "unix",
- "socket-name": "/run/kea4-ctrl-socket"
- },
-
- "lease-database": {
- "type": "memfile",
- "lfc-interval": 3600
- },
-
- "expired-leases-processing": {
- "reclaim-timer-wait-time": 10,
- "flush-reclaimed-timer-wait-time": 25,
- "hold-reclaimed-time": 3600,
- "max-reclaim-leases": 100,
- "max-reclaim-time": 250,
- "unwarned-reclaim-cycles": 5
- },
-
- "renew-timer": 900,
- "rebind-timer": 1800,
- "valid-lifetime": 3600,
-
- // Enable DDNS - Kea will dynamically update the DNS
- "ddns-send-updates" : true,
- "ddns-qualifying-suffix": "your.domain.tld",
- "dhcp-ddns" : {
- "enable-updates": true
- },
-
- "subnet4": [
- {
- "subnet": "192.168.56.0/24",
- "pools": [ { "pool": "192.168.56.16 - 192.168.56.254" } ],
- "option-data": [
- {
- "name": "domain-name",
- "data": "your.domain.tld"
- },
- {
- "name": "domain-name-servers",
- "data": "192.168.56.2, 192.168.3.7"
- },
- {
- "name": "domain-search",
- "data": "your.domain.tld"
- },
- {
- "name": "routers",
- "data": "192.168.56.2"
- }
- ]
- }
- ],
-
- "loggers": [
- {
- "name": "kea-dhcp4",
- "output_options": [
- {
- "output": "/var/log/kea-dhcp4.log",
- "pattern": "%D{%Y-%m-%d %H:%M:%S.%q} %-5p %m\n"
- }
- ],
- "severity": "INFO",
- "debuglevel": 0
- }
- ]
- }
-}
-// End /etc/kea/kea-dhcp4.conf
-EOF
-
-
-
-
- IPv6 DHCP Server Configuration
-
-
- The configuration for IPv6 is similar to the configuration
- of IPv4. The configuration file is
- /etc/kea/kea-dhcp6.conf.
-
-
-
-
-
- Dynamic DNS Configuration
-
-
- If there is a server running,
- ISC Kea can update the DNS when
- it gives an IP address to a client. A sample configuration
- file is created in /etc/kea/kea-dhcp-ddns.conf.
- Adjust the file to suit your needs or overwrite it by running
- the following command as the &root; user:
-
-
-cat > /etc/kea/kea-dhcp-ddns.conf << "EOF"
-// Begin /etc/kea/kea-dhcp-ddns.conf
-{
- "DhcpDdns": {
- "ip-address": "127.0.0.1",
- "port": 53001,
- "control-socket": {
- "socket-type": "unix",
- "socket-name": "/run/kea-ddns-ctrl-socket"
- },
-
- "tsig-keys": [
- {
- "name" : "rndc-key",
- "algorithm" : "hmac-sha256",
- "secret" : "1FU5hD7faYaajQCjSdA54JkTPQxbbPrRnzOKqHcD9cM="
- }
- ],
-
- "forward-ddns" : {
- "ddns-domains" : [
- {
- "name" : "your.domain.tld.",
- "key-name": "rndc-key",
- "dns-servers" : [
- {
- "ip-address" : "127.0.0.1",
- "port" : 53
- }
- ]
- }
- ]
- },
-
- "reverse-ddns" : {
- "ddns-domains" : [
- {
- "name" : "56.168.192.in-addr.arpa.",
- "key-name": "rndc-key",
- "dns-servers" : [
- {
- "ip-address" : "127.0.0.1",
- "port" : 53
- }
- ]
- }
- ]
- },
-
- "loggers": [
- {
- "name": "kea-dhcp-ddns",
- "output_options": [
- {
- "output": "/var/log/kea-ddns.log",
- "pattern": "%D{%Y-%m-%d %H:%M:%S.%q} %-5p %m\n"
- }
- ],
- "severity": "INFO",
- "debuglevel": 0
- }
- ]
- }
-}
-// End /etc/kea/kea-dhcp-ddns.conf
-EOF
-
-
-
- The value of secret is just an example.
- Generate the key for your installation by using the
- rndc-confgen -a command or the
- tsig-keygen command which both are
- provided by .
-
-
- In this example configuration, it is assumed that the DNS server
- runs on the same machine as Kea does (accessible via
- 127.0.0.1) and that this machine has
- the IP 192.168.56.2.
-
-
-
-
-
-
-
-
- Contents
-
-
- Installed Programs
- Installed Libraries
- Installed Directories
-
-
-
- keactrl, kea-admin, kea-ctrl-agent, kea-dhcp4, kea-dhcp6,
- kea-dhcp-ddns, kea-lfc, kea-shell
-
-
- libkea-asiodns.so,
- libkea-asiolink.so,
- libkea-cc.so,
- libkea-cgfclient.so,
- libkea-cryptolink.so,
- libkea-d2srv.so,
- libkea-database.so,
- libkea-dhcp_ddns.so,
- libkea-dhcp++.so,
- libkea-dhcpsrv.so,
- libkea-dns++.so,
- libkea-eval.so,
- libkea-exceptions.so,
- libkea-hooks.so,
- libkea-http.so,
- libkea-log.so,
- libkea-process.so,
- libkea-stats.so,
- libkea-tcp.so,
- libkea-util.so, and
- libkea-util-io.so
-
-
- /etc/kea,
- /usr/include/kea,
- /usr/lib/kea,
- /usr/lib/python&python3-majorver;/site-packages/kea,
- /usr/share/kea,
- /usr/share/doc/kea-&kea-dhcp-version;, and
- /var/lib/kea
-
-
-
-
-
- Short Descriptions
-
-
-
-
- keactrl
-
-
- Tool to control (start/stop) the server processes.
-
-
- keactrl
-
-
-
-
- kea-admin
-
-
- kea-admin is a shell script which offers database maintenance.
-
-
- kea-admin
-
-
-
-
- kea-ctrl-agent
-
-
- Daemon which exposes a RESTful control interface for
- managing Kea servers.
-
-
- kea-ctrl-agent
-
-
-
-
- kea-dhcp4
-
-
- The server daemon providing IPv4 addresses.
-
-
- kea-dhcp4
-
-
-
-
- kea-dhcp6
-
-
- The server daemon providing IPv6 addresses.
-
-
- kea-dhcp6
-
-
-
-
- kea-dhcp-ddns
-
-
- The server daemon performing the dynamic DNS updates.
-
-
- kea-dhcp-ddns
-
-
-
-
- kea-lfc
-
-
- The kea-lfc service process removes redundant information
- from the files used to provide persistent storage for the
- memfile database backend. It is run by the Kea DHCP server.
-
-
- kea-lfc
-
-
-
-
- keashell
-
-
- RESTful client to the ISC Kea
- services.
-
-
- keashell
-
-
-
-
-
-
-
-
-
diff --git a/server/major/major.xml b/server/major/major.xml
deleted file mode 100644
index 99d048d42b..0000000000
--- a/server/major/major.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-
-
- %general-entities;
-]>
-
-
-
-
- Major Servers
-
-
- Major servers are the programs that provide content or services
- to users or other programs.
-
-
-
-
-
-
-
-
-
diff --git a/server/major/proftpd.xml b/server/major/proftpd.xml
deleted file mode 100644
index b7cbf6cde9..0000000000
--- a/server/major/proftpd.xml
+++ /dev/null
@@ -1,469 +0,0 @@
-
-
- %general-entities;
-
-
-
-
-
-
-
-]>
-
-
-
-
-
- ProFTPD-&proftpd-version;
-
-
- Proftpd
-
-
-
- Introduction to ProFTPD
-
-
- The ProFTPD package contains a secure
- and highly configurable FTP daemon. This is useful for serving large
- file archives over a network.
-
-
- &lfs121_checked;
-
- Package Information
-
-
-
- Download (HTTP):
-
-
-
-
- Download (FTP):
-
-
-
-
- Download MD5 sum: &proftpd-md5sum;
-
-
-
-
- Download size: &proftpd-size;
-
-
-
-
- Estimated disk space required: &proftpd-buildsize;
-
-
-
-
- Estimated build time: &proftpd-time;
-
-
-
-
- ProFTPD Dependencies
-
- Optional
-
- ,
- ,
- ,
- or MySQL,
- ,
- , and
- Net::SSH2
-
-
-
-
-
- Installation of ProFTPD
-
-
- For security reasons, you should install
- ProFTPD using an unprivileged user and group.
- As the root user:
-
-
-groupadd -g 46 proftpd &&
-useradd -c proftpd -d /srv/ftp -g proftpd \
- -s /usr/bin/proftpdshell -u 46 proftpd &&
-
-install -v -d -m775 -o proftpd -g proftpd /srv/ftp &&
-ln -v -s /usr/bin/false /usr/bin/proftpdshell &&
-echo /usr/bin/proftpdshell >> /etc/shells
-
-
- Install ProFTPD as an unprivileged user by
- running the following commands:
-
-
-./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/run &&
-make
-
-
- This packages does not come with a usable test suite.
-
-
-
- Now, as the root user:
-
-
-make install &&
-install -d -m755 /usr/share/doc/proftpd-&proftpd-version; &&
-cp -Rv doc/* /usr/share/doc/proftpd-&proftpd-version;
-
-
-
-
- Command Explanations
-
-
- install -v -d -m775 -o proftpd -g proftpd /srv/ftp:
- Create the home directory for ProFTPD.
-
-
-
- ln -v -s /usr/bin/false /usr/bin/proftpdshell:
- Set the default shell as a link to an invalid shell.
-
-
-
- echo /usr/bin/proftpdshell >> /etc/shells:
- Fake a valid shell for compatibility purposes.
-
-
-
-
- The above two commands can be omitted if the following directive is
- placed in the configuration file:
-
-
-RequireValidShell off
-
-
- By default, proftpd will require that users logging in have valid
- shells. The RequireValidShell directive turns off this requirement.
- This is only recommended if you are setting up your FTP server
- exclusively for anonymous downloads.
-
-
-
-
-
- Support for most of the dependency packages requires using options
- passed to the configure script. View the output
- from ./configure --help for complete information
- about enabling dependency packages.
-
-
-
-
-
-
- Configuring ProFTPD
-
-
- Config Files
-
-
- /etc/proftpd.conf
-
-
-
- /etc/proftpd.conf
-
-
-
-
-
- Configuration Information
-
-
- This is a simple, download-only sample configuration. See the
- ProFTPD documentation in
- /usr/share/doc/proftpd and
- consult the website at for
- example configurations.
-
-
-cat > /etc/proftpd.conf << "EOF"
-# This is a basic ProFTPD configuration file
-# It establishes a single server and a single anonymous login.
-
-ServerName "ProFTPD Default Installation"
-ServerType standalone
-DefaultServer on
-
-# Port 21 is the standard FTP port.
-Port 21
-# Umask 022 is a good standard umask to prevent new dirs and files
-# from being group and world writable.
-Umask 022
-
-# To prevent DoS attacks, set the maximum number of child processes
-# to 30. If you need to allow more than 30 concurrent connections
-# at once, simply increase this value. Note that this ONLY works
-# in standalone mode, in inetd mode you should use an inetd server
-# that allows you to limit maximum number of processes per service
-
-MaxInstances 30
-
-# Set the user and group that the server normally runs at.
-User proftpd
-Group proftpd
-
-# To cause every FTP user to be "jailed" (chrooted) into their home
-# directory, uncomment this line.
-#DefaultRoot ~
-
-
-# Normally, files should be overwritable.
-<Directory /*>
- AllowOverwrite on
-</Directory>
-
-# A basic anonymous configuration, no upload directories.
-<Anonymous ~proftpd>
- User proftpd
- Group proftpd
- # Clients should be able to login with "anonymous" as well as "proftpd"
- UserAlias anonymous proftpd
-
- # Limit the maximum number of anonymous logins
- MaxClients 10
-
- # 'welcome.msg' should be displayed at login, and '.message' displayed
- # in each newly chdired directory.
- DisplayLogin welcome.msg
- DisplayChdir .message
-
- # Limit WRITE everywhere in the anonymous chroot
- <Limit WRITE>
- DenyAll
- </Limit>
-</Anonymous>
-EOF
-
-
-
-
- Boot Script
- Systemd Unit
-
-
- Install the
- /etc/rc.d/init.d/proftpd
- init script
- proftpd.service
- unit included in the
-
-
- package:
-
-
-
- proftpd
-
-
-make install-proftpd
-
-
-
-
-
-
- Contents
-
-
- Installed Programs
- Installed Libraries
- Installed Directory
-
-
-
- ftpasswd, ftpcount, ftpdctl, ftpmail, ftpquota, ftpscrub, ftpshut,
- ftptop, ftpwho, in.proftpd (symlink to proftpd), proftpd, and prxs
-
-
- None
-
-
- /usr/{include,lib}/proftpd,
- /usr/share/doc/proftpd-&proftpd-version;, and
- /srv/ftp
-
-
-
-
-
- Short Descriptions
-
-
-
-
- proftpd
-
-
- is the FTP daemon
-
-
- proftpd
-
-
-
-
-
- ftpcount
-
-
- shows the current number of connections
-
-
- ftpcount
-
-
-
-
-
- ftpdctl
-
-
- is used to control the proftpd daemon while it is running
-
-
- ftpdctl
-
-
-
-
-
- ftpasswd
-
-
- is a Perl script designed to create and manage
- AuthUserFiles and AuthGroupFiles of the correct format for proftpd
-
-
- ftpasswd
-
-
-
-
-
- ftpmail
-
-
- is a Perl script for sending email based on the proftpd TransferLog
-
-
- ftpmail
-
-
-
-
-
- ftpquota
-
-
- is a Perl script designed to create and manage limits and tally
- files for the mod_quotatab + mod_quotatab_file module combination
- for proftpd
-
-
- ftpquota
-
-
-
-
-
- ftpscrub
-
-
- provides a way to scrub the scoreboard file on demand
-
-
- ftpscrub
-
-
-
-
-
- ftpshut
-
-
- shuts down all proftpd servers
- at a given time
-
-
- ftpshut
-
-
-
-
-
- ftptop
-
-
- displays running status on connections
-
-
- ftptop
-
-
-
-
-
- ftpwho
-
-
- shows current process information for each session
-
-
- ftpwho
-
-
-
-
-
- prxs
-
-
- is a Perl script designed to compile and install third-party
- modules, from source code, as DSO modules for the installed
- proftpd
-
-
- prxs
-
-
-
-
-
-
-
-
-
diff --git a/server/major/vsftpd.xml b/server/major/vsftpd.xml
deleted file mode 100644
index 86ff00c4f1..0000000000
--- a/server/major/vsftpd.xml
+++ /dev/null
@@ -1,328 +0,0 @@
-
-
- %general-entities;
-
-
-
-
-
-
-
-
-]>
-
-
-
-
-
- vsftpd-&vsftpd-version;
-
-
- vsftpd
-
-
-
- Introduction to vsftpd
-
-
- The vsftpd package contains a very
- secure and very small FTP daemon. This is useful for serving files
- over a network.
-
-
- &lfs121_checked;
-
- Package Information
-
-
-
- Download (HTTP):
-
-
-
-
- Download (FTP):
-
-
-
-
- Download MD5 sum: &vsftpd-md5sum;
-
-
-
-
- Download size: &vsftpd-size;
-
-
-
-
- Estimated disk space required: &vsftpd-buildsize;
-
-
-
-
- Estimated build time: &vsftpd-time;
-
-
-
-
- vsftpd Dependencies
-
- Required
-
-
-
-
- Recommended
-
-
-
-
- Optional
-
-
-
-
-
-
-
- Installation of vsftpd
-
-
- For security reasons, running vsftpd
- as an unprivileged user and group is encouraged. Also, a user should be
- created to map anonymous users. As the root user, create the needed directories,
- users, and groups with the following commands:
-
-
-install -v -d -m 0755 &vsftpd-empty; &&
-install -v -d -m 0755 /home/ftp &&
-groupadd -g 47 vsftpd &&
-groupadd -g 45 ftp &&
-
-useradd -c "vsftpd User" -d /dev/null -g vsftpd -s /bin/false -u 47 vsftpd &&
-useradd -c anonymous_user -d /home/ftp -g ftp -s /bin/false -u 45 ftp
-
-
- Gcc-10 and later flags an error for an implicit type cast. Make it
- explicit:
-
-
-sed -e "s/kVSFSysStrOpenUnknown;/(enum EVSFSysUtilOpenMode)&/" -i sysstr.c
-
-
- Build vsftpd as an unprivileged user
- using the following command:
-
-
-make
-
-
- This package does not come with a test suite.
-
-
-
- Once again, become the root
- user and install vsftpd with the following
- commands:
-
-
-install -v -m 755 vsftpd /usr/sbin/vsftpd &&
-install -v -m 644 vsftpd.8 /usr/share/man/man8 &&
-install -v -m 644 vsftpd.conf.5 /usr/share/man/man5 &&
-install -v -m 644 vsftpd.conf /etc
-
-
-
-
- Command Explanations
-
-
- install -v -d ...: This creates the
- directory that anonymous users will use (/home/ftp)
- and the directory the daemon will chroot into
- (&vsftpd-empty;).
-
-
-
-
- /home/ftp should not be
- owned by the user vsftpd,
- or the user ftp.
-
-
-
-
- echo "#define VSF_BUILD_TCPWRAPPERS" >>builddefs.h:
- Use this prior to make to add support for
- tcpwrappers.
-
-
-
- echo "#define VSF_BUILD_SSL" >>builddefs.h:
- Use this prior to make to add support for SSL.
-
-
-
- install -v -m ...:
- The Makefile uses non-standard installation paths.
- These commands install the files in
- /usr and
- /etc.
-
-
-
-
-
- Configuring vsftpd
-
-
- Config Files
-
-
- /etc/vsftpd.conf
-
-
-
- /etc/vsftpd.conf
-
-
-
-
-
- Configuration Information
-
-
- vsftpd comes with a basic
- anonymous-only configuration file that was copied to
- /etc above. While still as
- root, this file should be
- modified because it is now recommended to run vsftpd
- in standalone mode. Also, you
- should specify the privilege separation user created above. Finally,
- you should specify the chroot directory.
- man vsftpd.conf will give you all the details.
-
-
-cat >> /etc/vsftpd.conf << "EOF"
-background=YES
-nopriv_user=vsftpd
-secure_chroot_dir=&vsftpd-empty;
-EOF
-
-
-
-
- To enable local logins, append the following to the
- /etc/vsftpd.conf file (as the
- root user):
-
-
-cat >> /etc/vsftpd.conf << "EOF"
-local_enable=YES
-EOF
-
-
- In addition, if using Linux-PAM and
- vsftpd with local user logins, you will need
- a Linux-PAM configuration file. As the
- root user, create the
- /etc/pam.d/vsftpd file, and add the needed
- configuration changes for Linux-PAM session
- support using the following commands:
-
-
-cat > /etc/pam.d/vsftpd << "EOF" &&
-# Begin /etc/pam.d/vsftpd
-auth required /lib/security/pam_listfile.so item=user sense=deny \
- file=/etc/ftpusers \
- onerr=succeed
-auth required pam_shells.so
-auth include system-auth
-account include system-account
-session include system-session
-EOF
-
-cat >> /etc/vsftpd.conf << "EOF"
-session_support=YES
-pam_service_name=vsftpd
-EOF
-
-
-
-
- Boot Script
- Systemd Unit
-
-
- Install the
- /etc/rc.d/init.d/vsftpd
- init script
- vsftpd.service
- unit included in the
-
- package:
-
-
-make install-vsftpd
-
-
-
-
-
-
- Contents
-
-
- Installed Program
- Installed Libraries
- Installed Directories
-
-
- vsftpd
- None
- /usr/share/vsftpd, /home/ftp
-
-
-
-
- Short Descriptions
-
-
-
-
- vsftpd
-
-
- is the FTP daemon
-
-
- vsftpd
-
-
-
-
-
-
-
-
-
diff --git a/server/other/openldap.xml b/server/other/openldap.xml
deleted file mode 100644
index 7218dc6d17..0000000000
--- a/server/other/openldap.xml
+++ /dev/null
@@ -1,892 +0,0 @@
-
-
- %general-entities;
-
-
-
-
-
-
-
-]>
-
-
-
-
-
- OpenLDAP-&openldap-version;
-
-
- OpenLDAP
-
-
-
- Introduction to OpenLDAP
-
-
- The OpenLDAP package provides an open
- source implementation of the Lightweight Directory Access Protocol.
-
-
- &lfs121_checked;
-
- Package Information
-
-
-
- Download (HTTP):
-
-
-
-
- Download (FTP):
-
-
-
-
- Download MD5 sum: &openldap-md5sum;
-
-
-
-
- Download size: &openldap-size;
-
-
-
-
- Estimated disk space required: &openldap-buildsize;
-
-
-
-
- Estimated build time: &openldap-time;
-
-
-
-
- Additional Downloads
-
-
-
- Required patch:
-
-
-
-
-
- OpenLDAP Dependencies
-
- Recommended
-
-
-
-
- Optional
-
- ,
- ,
- or
- or
- MySQL,
- OpenSLP,
- WiredTiger, and
- &berkeley-db; (for slapd, also deprecated)
-
-
-
-
-
- Installation of OpenLDAP
-
-
-
- If you only need to install the client side ldap*
- binaries, corresponding man pages, libraries and header files (referred
- to as a client-only install), issue these commands
- instead of the following ones (no test suite available):
-
-
-patch -Np1 -i ../openldap-&openldap-version;-consolidated-1.patch &&
-autoconf &&
-
-./configure --prefix=/usr \
- --sysconfdir=/etc \
- --disable-static \
- --enable-dynamic \
- --disable-debug \
- --disable-slapd &&
-
-make depend &&
-make
-
-
- Then, as the root user:
-
-
-make install
-
-
-
-
- There should be a dedicated user and group to take control
- of the slapd daemon after it is
- started. Issue the following commands as the
- root user:
-
-
-groupadd -g 83 ldap &&
-useradd -c "OpenLDAP Daemon Owner" \
- -d /var/lib/openldap -u 83 \
- -g ldap -s /bin/false ldap
-
-
- Install OpenLDAP by
- running the following commands:
-
-
-patch -Np1 -i ../openldap-&openldap-version;-consolidated-1.patch &&
-autoconf &&
-
-./configure --prefix=/usr \
- --sysconfdir=/etc \
- --localstatedir=/var \
- --libexecdir=/usr/lib \
- --disable-static \
- --disable-debug \
- --with-tls=openssl \
- --with-cyrus-sasl \
- --without-systemd \
- --enable-dynamic \
- --enable-crypt \
- --enable-spasswd \
- --enable-slapd \
- --enable-modules \
- --enable-rlookups \
- --enable-backends=mod \
- --disable-sql \
- --disable-wt \
- --enable-overlays=mod &&
-
-make depend &&
-make
-
-
- The tests are fragile, and errors may cause the tests to abort
- prior to finishing. Some errors may happen due to timing problems.
- The tests take around an hour, and the time is CPU independent due
- to delays in the tests. On most systems, the tests will run up to the
- test065-proxyauth for mdb test.
- To test the results, issue: make test.
-
-
-
- Now, as the root user:
-
-
-make install &&
-
-sed -e "s/\.la/.so/" -i /etc/openldap/slapd.{conf,ldif}{,.default} &&
-
-install -v -dm700 -o ldap -g ldap /var/lib/openldap &&
-
-install -v -dm700 -o ldap -g ldap /etc/openldap/slapd.d &&
-chmod -v 640 /etc/openldap/slapd.{conf,ldif} &&
-chown -v root:ldap /etc/openldap/slapd.{conf,ldif} &&
-
-install -v -dm755 /usr/share/doc/openldap-&openldap-version; &&
-cp -vfr doc/{drafts,rfc,guide} \
- /usr/share/doc/openldap-&openldap-version;
-
-
-
-
- Command Explanations
-
-
-
-
- --disable-debug: This switch disables
- the debugging code in OpenLDAP.
-
-
-
- --enable-dynamic: This switch forces the
- OpenLDAP libraries to be dynamically
- linked to the executable programs.
-
-
-
- --enable-crypt: This switch enables using
- crypt(3) passwords.
-
-
-
- --enable-spasswd: This switch enables
- SASL password verification.
-
-
-
- --enable-modules: This switch enables dynamic
- module support.
-
-
-
- --enable-rlookups: This switch enables
- reverse lookups of client hostnames.
-
-
-
- --enable-backends: This switch enables
- all available backends.
-
-
-
- --enable-overlays: This switch enables
- all available overlays.
-
-
-
-
-
- --disable-sql: This switch explicitly
- disables the SQL backend. Omit this switch if a SQL server is
- installed and you are going to use a SQL backend.
-
-
-
- --disable-wt: This switch explicitly
- disables the WiredTiger backend. Omit this switch if WiredTiger is
- installed and you are going to use a WiredTiger backend.
-
-
-
- --libexecdir=/usr/lib: This switch controls where
- the /usr/lib/openldap directory is
- installed. Everything in that directory is a library, so it belongs under
- /usr/lib instead of
- /usr/libexec.
-
-
-
- : This switch enables
- SLPv2 support. Use it if you have installed
- OpenSLP.
-
-
-
- : This switch disables
- symbol versioning in the OpenLDAP libraries.
- The default is to have symbol versioning. Note that if you have
- built applications using this package with symbol versioning, and
- remove the symbols, the applications may fail to run.
-
-
-
-
- You can run ./configure --help to see if there
- are other switch you can pass to the configure
- command to enable other options or dependency packages.
-
-
-
-
- install ..., chown ...,
- and chmod ...:
- Having slapd configuration files and ldap databases in /var/lib/openldap
- readable by anyone is a SECURITY ISSUE, especially since a file stores the
- admin password in PLAIN TEXT. That's why mode 640 and root:ldap ownership
- were used. The owner is root, so only root can modify the file, and group is
- ldap, so that the group which owns slapd daemon could read but not modify
- the file in case of a security breach.
-
-
-
-
-
- Configuring OpenLDAP
-
-
- Config Files
-
-
-
-
- For LDAP client: /etc/openldap/ldap.conf and
- ~/.ldaprc
-
-
-
-
- For LDAP server, two configuration mechanisms are used:
- a legacy /etc/openldap/slapd.conf
- configuration file and the recommended
- slapd-config system, using an LDIF database
- stored in
- /etc/openldap/slapd.d.
-
-
-
-
-
- /etc/openldap/ldap.conf
-
-
-
- ~/.ldaprc
-
-
-
- /etc/openldap/slapd.conf
-
-
-
- /etc/openldap/slapd.d/*
-
-
-
-
-
- Configuration Information
-
-
- Configuring the slapd servers can be complex.
- Securing the LDAP directory, especially if you are storing non-public
- data such as password databases, can also be a challenging task. In
- order to set up OpenLDAP, you'll need to
- modify either the /etc/openldap/slapd.conf
- file (old method), or the /etc/openldap/slapd.ldif
- file and then use ldapadd to create the LDAP
- configuration database in
- /etc/openldap/slapd.d
- (recommended by the OpenLDAP documentation).
-
-
-
-
- The instructions above install an empty LDAP structure and a default
- /etc/openldap/slapd.conf file, which are
- suitable for testing the build and other packages using LDAP. Do not
- use them on a production server.
-
-
-
-
- Resources to assist you with topics such as choosing a directory
- configuration, backend and database definitions, access control
- settings, running as a user other than
- root
- and setting a chroot environment include:
-
-
-
-
-
- The slapd(8) man
- page.
-
-
-
-
- The slapd.conf(5) and
- slapd-config(5) man pages.
-
-
-
-
- The OpenLDAP 2.6
- Administrator's Guide (also installed locally in
-
- /usr/share/doc/openldap-&openldap-version;/guide/admin).
-
-
-
-
- Documents located at
- .
-
-
-
-
-
-
-
-
-
- Boot Script
- Systemd Unit
-
-
- To automate the startup of the LDAP server at system bootup,
- install the
- /etc/rc.d/init.d/slapd
- init script
- slapd.service
- unit included in the
-
-
- package using the following command:
-
-
-
- slapd
-
-
-make install-slapd
-
-
-
- You'll need to modify
- /etc/sysconfig/slapd
- /etc/default/slapd
- to include the parameters needed for your specific configuration. See
- the slapd man page for parameter information.
-
-
-
-
-
-
- Testing the Configuration
-
-
- Start the LDAP server using
- the init script:
- systemctl:
-
-
-/etc/rc.d/init.d/slapd start
-
-systemctl start slapd
-
-
- Verify access to the LDAP server with the following command:
-
-
-ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts
-
-
- The expected result is:
-
-
-# extended LDIF
-#
-# LDAPv3
-# base <> with scope baseObject
-# filter: (objectclass=*)
-# requesting: namingContexts
-#
-
-#
-dn:
-namingContexts: dc=my-domain,dc=com
-
-# search result
-search: 2
-result: 0 Success
-
-# numResponses: 2
-# numEntries: 1
-
-
-
-
-
-
- Contents
-
-
- Installed Programs
- Installed Libraries
- Installed Directories
-
-
-
- ldapadd, ldapcompare, ldapdelete, ldapexop, ldapmodify, ldapmodrdn,
- ldappasswd, ldapsearch, ldapurl, ldapvc, ldapwhoami, slapacl, slapadd,
- slapauth, slapcat, slapd, slapdn, slapindex, slapmodify, slappasswd,
- slapschema, and slaptest
-
-
- liblber.so, libldap.so, and several under /usr/lib/openldap
-
-
- /etc/openldap,
- /{usr,var}/lib/openldap, and
- /usr/share/doc/openldap-&openldap-version;
-
-
-
-
-
- Short Descriptions
-
-
-
-
- ldapadd
-
-
- opens a connection to an LDAP server, binds and adds entries
-
-
- ldapadd
-
-
-
-
-
- ldapcompare
-
-
- opens a connection to an LDAP server, binds and performs
- a compare using specified parameters
-
-
- ldapcompare
-
-
-
-
-
- ldapdelete
-
-
- opens a connection to an LDAP server, binds and deletes
- one or more entries
-
-
- ldapdelete
-
-
-
-
-
- ldapexop
-
-
- issues the LDAP extended operation specified by
- oid or one of the special keywords whoami,
- cancel, or refresh
-
-
- ldapexop
-
-
-
-
-
- ldapmodify
-
-
- opens a connection to an LDAP server, binds and modifies entries
-
-
- ldapmodify
-
-
-
-
-
- ldapmodrdn
-
-
- opens a connection to an LDAP server, binds and modifies
- the RDN of entries
-
-
- ldapmodrdn
-
-
-
-
-
- ldappasswd
-
-
- is a tool used to set the password of an LDAP user
-
-
- ldappasswd
-
-
-
-
-
- ldapsearch
-
-
- opens a connection to an LDAP server, binds and performs
- a search using specified parameters
-
-
- ldapsearch
-
-
-
-
-
- ldapurl
-
-
- is a command that allows to either compose or
- decompose LDAP URIs
-
-
- ldapurl
-
-
-
-
-
- ldapvc
-
-
- verifies LDAP credentials
-
-
- ldapvc
-
-
-
-
-
- ldapwhoami
-
-
- opens a connection to an LDAP server, binds and displays
- whoami information
-
-
- ldapwhoami
-
-
-
-
-
- slapacl
-
-
- is used to check the behavior of slapd by verifying
- access to directory data according to the access control
- list directives defined in its configuration
-
-
- slapacl
-
-
-
-
-
- slapadd
-
-
- is used to add entries specified in LDAP Directory Interchange
- Format (LDIF) to an LDAP database
-
-
- slapadd
-
-
-
-
-
- slapauth
-
-
- is used to check the behavior of the slapd
- in mapping identities for authentication and
- authorization purposes, as specified in slapd.conf
-
-
- slapauth
-
-
-
-
-
- slapcat
-
-
- is used to generate an LDAP LDIF output based upon the
- contents of a slapd database
-
-
- slapcat
-
-
-
-
-
- slapd
-
-
- is the standalone LDAP server
-
-
- slapd
-
-
-
-
-
- slapdn
-
-
- checks a list of string-represented DNs based on schema syntax
-
-
- slapdn
-
-
-
-
-
- slapindex
-
-
- is used to regenerate slapd indexes based upon the current
- contents of a database
-
-
- slapindex
-
-
-
-
-
- slapmodify
-
-
- modifies entries in a slapd database
-
-
- slapmodify
-
-
-
-
-
- slappasswd
-
-
- is an OpenLDAP password utility
-
-
- slappasswd
-
-
-
-
-
- slapschema
-
-
- is used to check schema compliance of the contents
- of a slapd database
-
-
- slapschema
-
-
-
-
-
- slaptest
-
-
- checks the sanity of the slapd.conf file
-
-
- slaptest
-
-
-
-
-
- liblber.so
-
-
- is a set of Lightweight Basic Encoding Rules routines. These
- routines are used by the LDAP library routines to encode and decode
- LDAP protocol elements using the (slightly simplified) Basic
- Encoding Rules defined by LDAP. They are not normally used directly
- by an LDAP application program except in the handling of controls
- and extended operations
-
-
- liblber.so
-
-
-
-
-
- libldap.so
-
-
- supports the LDAP programs and provide functionality for
- other programs interacting with LDAP
-
-
- libldap.so
-
-
-
-
-
-
-
-
-
-
-
diff --git a/server/other/other.xml b/server/other/other.xml
deleted file mode 100644
index 8fc3edb307..0000000000
--- a/server/other/other.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-
-
- %general-entities;
-]>
-
-
-
-
- Other Server Software
-
-
- Here you will find many ways to share your machine with the rest
- of the world or your local network. Before installing
- any packages in this chapter, you need to be sure you understand what
- the package does and how to set it up correctly. It might also be
- helpful to learn about the consequences of an improper setup so
- that you can analyze the risks.
-
-
-
-
-
-
-
-
-
diff --git a/server/other/unbound.xml b/server/other/unbound.xml
deleted file mode 100644
index 16a44019f1..0000000000
--- a/server/other/unbound.xml
+++ /dev/null
@@ -1,368 +0,0 @@
-
-
- %general-entities;
-
-
-
-
-
-
-
-]>
-
-
-
-
-
- Unbound-&unbound-version;
-
-
- Unbound
-
-
-
- Introduction to Unbound
-
-
- Unbound is a validating, recursive, and caching
- DNS resolver. It is designed as a set of modular components that
- incorporate modern features, such as enhanced security (DNSSEC)
- validation, Internet Protocol Version 6 (IPv6), and a client resolver
- library API as an integral part of the architecture.
-
-
- &lfs121_checked;
-
- Package Information
-
-
-
- Download (HTTP):
-
-
-
-
- Download (FTP):
-
-
-
-
- Download MD5 sum: &unbound-md5sum;
-
-
-
-
- Download size: &unbound-size;
-
-
-
-
- Estimated disk space required: &unbound-buildsize;
-
-
-
-
- Estimated build time: &unbound-time;
-
-
-
-
- Unbound Dependencies
-
-
- Optional
-
- ,
- ,
- ,
- (for Python bindings documentation),
- (for Python bindings),
- (for html documentation), and
- dnstap
-
-
-
-
-
- Installation of Unbound
-
-
- There should be a dedicated user and group to take control of the
- unbound daemon after it is started. Issue the following
- commands as the root user:
-
-
-groupadd -g 88 unbound &&
-useradd -c "Unbound DNS Resolver" -d /var/lib/unbound -u 88 \
- -g unbound -s /bin/false unbound
-
-
- Install Unbound by running the following
- commands:
-
-
-./configure --prefix=/usr \
- --sysconfdir=/etc \
- --disable-static \
- --with-pidfile=/run/unbound.pid &&
-make
-
-
- If you have package installed and want to build
- html documentation, run the following command:
-
-
-make doc
-
-
- To test the results, issue make check.
-
-
-
- Now, as the root user:
-
-
-make install &&
-mv -v /usr/sbin/unbound-host /usr/bin/
-
-
- If you built the documentation, install it by running the following
- commands as the root user:
-
-
-install -v -m755 -d /usr/share/doc/unbound-&unbound-version; &&
-install -v -m644 doc/html/* /usr/share/doc/unbound-&unbound-version;
-
-
-
-
- Command Explanations
-
-
-
-
- : This option enables libevent support
- allowing use of large outgoing port ranges.
-
-
-
- : This option enables building of the Python
- bindings.
-
-
-
-
-
- Configuring Unbound
-
-
- Config Files
-
-
- /etc/unbound/unbound.conf
-
-
-
- /etc/unbound/unbound.conf
-
-
-
-
-
- Configuration Information
-
-
- In the default configuration, unbound will bind to
- localhost (127.0.0.1 IP address) and allow recursive queries only from
- localhost clients. If you want to use unbound for
- local DNS resolution, run the following command as the
- root user:
-
-
-echo "nameserver 127.0.0.1" > /etc/resolv.conf
-
-
- For advanced configuration see
- /etc/unbound/unbound.conf file and the
- documentation.
-
-
-
- When Unbound is installed, some package
- builds fail if the file /etc/unbound/root.key is
- not found. This file is created by running the boot script (install
- instructions below). Alternatively, it can be created by running the
- following command as the root
- user:
-
-
-
- When Unbound is installed, some package
- builds fail if the file /etc/unbound/root.key is
- not found. Create this file by running the following command as the
- root user:
-
-
-unbound-anchor
-
-
-
-
- Boot Script
- Systemd Unit
-
-
- If you want the Unbound server to
- start automatically when the system is booted, install the
- /etc/rc.d/init.d/unbound
- init script
- unbound.service
- unit included
- in the
- package:
-
-
-
- unbound
-
-
-make install-unbound
-
-
-
-
-
-
- Contents
-
-
- Installed Programs
- Installed Library
- Installed Directories
-
-
-
- unbound, unbound-anchor, unbound-checkconf, unbound-control,
- unbound-control-setup, and unbound-host
-
-
- libunbound.so and (optional)
- /usr/lib/python&python2-majorver;/site-packages/_unbound.so
-
-
- /etc/unbound and /usr/share/doc/unbound-&unbound-version; (optional)
-
-
-
-
-
- Short Descriptions
-
-
-
-
- unbound
-
-
- is a DNS resolver daemon
-
-
- unbound
-
-
-
-
-
- unbound-anchor
-
-
- performs setup or update of the root trust anchor for DNSSEC
- validation
-
-
- unbound-anchor
-
-
-
-
-
- unbound-checkconf
-
-
- checks the unbound configuration file for syntax
- and other errors
-
-
- unbound-checkconf
-
-
-
-
-
- unbound-control
-
-
- performs remote administration on the unbound DNS
- resolver
-
-
- unbound-control
-
-
-
-
-
- unbound-control-setup
-
-
- generates a self-signed certificate and private keys for the server
- and client
-
-
- unbound-control-setup
-
-
-
-
-
- unbound-host
-
-
- is a DNS lookup utility similar to host from
-
-
-
- unbound-host
-
-
-
-
-
- libunbound.so
-
-
- provides the Unbound API functions to
- programs
-
-
- libunbound.so
-
-
-
-
-
-
-
-
-
diff --git a/server/server.xml b/server/server.xml
deleted file mode 100644
index 8c529af79d..0000000000
--- a/server/server.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-
-
- %general-entities;
-]>
-
-
-
-
- Servers
-
-
-
-
-
-
-
diff --git a/stylesheets/lfs-xsl/dark.lfs.css b/stylesheets/lfs-xsl/dark.lfs.css
index 37019bc315..9289142ba3 100644
--- a/stylesheets/lfs-xsl/dark.lfs.css
+++ b/stylesheets/lfs-xsl/dark.lfs.css
@@ -300,7 +300,9 @@ span.blue {
/* Admonitions */
div.admon img {
- padding: .3em;
+ padding: .3em;
+ max-height: 5%;
+ max-width: 5%;
}
div.admon h3 {
diff --git a/stylesheets/lfs-xsl/lfs.css b/stylesheets/lfs-xsl/lfs.css
index 37019bc315..9289142ba3 100644
--- a/stylesheets/lfs-xsl/lfs.css
+++ b/stylesheets/lfs-xsl/lfs.css
@@ -300,7 +300,9 @@ span.blue {
/* Admonitions */
div.admon img {
- padding: .3em;
+ padding: .3em;
+ max-height: 5%;
+ max-width: 5%;
}
div.admon h3 {
diff --git a/stylesheets/lfs-xsl/light.lfs.css b/stylesheets/lfs-xsl/light.lfs.css
index e9f36e72c2..930100b13f 100644
--- a/stylesheets/lfs-xsl/light.lfs.css
+++ b/stylesheets/lfs-xsl/light.lfs.css
@@ -300,7 +300,9 @@ span.blue {
/* Admonitions */
div.admon img {
- padding: .3em;
+ padding: .3em;
+ max-height: 5%;
+ max-width: 5%;
}
div.admon h3 {