Copyright © 2001-2005 BLFS Development Team
Copyright © 2001-2005, BLFS Development Team
All rights reserved.
Descriptive text is licensed under a Creative Commons License.
Computer instructions are licensed under the Academic Free License v. 2.1.
Linux® is a registered trademark of Linus Torvalds.
2005-08-14
| Revision History | |
|---|---|
| Revision 6.1 | 2005-08-14 |
| Fifth Release | |
| Revision 6.0 | 2005-04-02 |
| Fourth release | |
| Revision 5.1 | 2004-06-05 |
| Third release | |
| Revision 5.0 | 2003-11-06 |
| Second release | |
| Revision 1.0 | 2003-04-25 |
| First release | |
Abstract
This book follows on from the Linux From Scratch book. It introduces and guides the reader through additions to the system including networking, graphical interfaces, sound support, and printer and scanner support.
Having helped out with Linux From Scratch for a short time, I noticed that we were getting many queries as to how to do things beyond the base LFS system. At the time, the only assistance specifically offered relating to LFS were the LFS hints (http://www.linuxfromscratch.org/hints). Most of the LFS hints are extremely good and well written but I (and others) could still see a need for more comprehensive help to go Beyond LFS - hence BLFS.
BLFS aims to be more than the LFS-hints converted to XML although much of our work is based around the hints and indeed some authors write both hints and the relevant BLFS sections. We hope that we can provide you with enough information to not only manage to build your system up to what you want, whether it be a web server or a multimedia desktop system, but also that you will learn a lot about system configuration as you go.
Thanks as ever go to everyone in the LFS/BLFS community; especially those who have contributed instructions, written text, answered questions and generally shouted when things were wrong!
Finally, we encourage you to become involved in the community; ask questions on the mailing list or news gateway and join in the fun on #lfs at irc.linuxfromscratch.org. You can find more details about all of these in the Introduction section of the book.
Enjoy using BLFS.
Mark Hymers
markh <at> linuxfromscratch.org
BLFS Editor (July 2001–March 2003)
I still remember how I found the BLFS project and started using the instructions that were completed at the time. I could not believe how wonderful it was to get an application up and running very quickly, with explanations as to why things were done a certain way. Unfortunately, for me, it wasn't long before I was opening applications that had nothing more than "To be done" on the page. I did what most would do, I waited for someone else to do it. It wasn't too long before I am looking through Bugzilla for something easy to do. As with any learning experience, the definition of what was easy kept changing.
We still encourage you to become involved as BLFS is never really finished. Contributing or just using, we hope you enjoy your BLFS experience.
Larry Lawrence
larry <at> linuxfromscratch.org
BLFS Editor (March 2003–June 2004)
The BLFS project is a natural progression of LFS. Together, these projects provide a unique resource for the Open Source Community. They take the mystery out of the process of building a complete, functional software system from the source code contributed by many talented individuals throughout the world. They truly allow users to implement the slogan "Your distro, your rules."
Our goal is to continue to provide the best resource available that shows you how to integrate many significant Open Source applications. Since these applications are constantly updated and new applications are developed, this book will never be complete. Additionally, there is always room for improvement in explaining the nuances of how to install the different packages. To make these improvements, we need your feedback. I encourage you to participate on the different mailing lists, news groups, and IRC channels to help meet these goals.
Bruce Dubbs
bdubbs <at> linuxfromscratch.org
BLFS Editor (June 2004–Present)
Version 6.0 is a major milestone in the evolution of BLFS. This version provides installation instructions for 357 packages and an additional 21 sections covering configuration and customization of different aspects of your system.
Changes and upgrades to the individual packages are detailed in the Change Log. There you will see literally hundreds of changes made since the last edition. In this change log, one name that you will see over and over is Randy McMurchy. Without his efforts this release would not have been possible. I want to take this opportunity to thank him for the hundreds of hours he has worked to produce this release. I also want to thank the other editors, both past and present, whose insight and effort have made this current version possible. Last, but certainly not least, I want to thank our resident XSL wizard, Manuel Canales Esparcia, whose ability to format a complicated document such as BLFS is truly amazing.
There are two other areas of change that are worthy of note. First, the license that BLFS is released under has changed significantly. In fact, it is now released under two licenses. The first license, the Creative Commons License, covers the descriptive text in the book. The second, the Academic Free License v. 2.1, covers the instructions actually used to build and install the packages. These licenses, along with the book itself, represent our ongoing commitment to open and free software.
The final area of change is the addition of an Index. This section of the book is still incomplete, but as the book continues to be developed, will become an excellent resource for finding programs, libraries, configuration files, and references to kernel configuration requirements. I hope you find it useful.
Bruce Dubbs
March 17, 2005
Version 6.1 is an incremental update of BLFS. This version continues the tradition of providing an extensive set of instructions for extending a basic Linux From Scratch system. The instructions in this version of BLFS are based on the LFS 6.1 Book. As usual, the list of packages that have been upgraded or added are in the Change Log.
One major accomplishment in this version of the book is the completion of the Index. This section is now a relatively complete (but not perfect) reference for the components of the various packages in the book.
In any task as large and complex as this book, there are bound to be errors. The editors of the book are dedicated to keeping the book up to date. We appreciate any feedback in helping us to make the book as accurate as possible. The best place to provide comments is via the mailing list at mailto:blfs-dev@linuxfromscratch.org.
Enjoy!
Bruce Dubbs
August 1, 2005
This book is mainly aimed at those who have built a system based on the LFS book. It will also be useful for those who are using other distributions, but for one reason or another want to manually build software and are in need of some assistance. BLFS can be used to create a range of diverse systems and so the target audience is probably nearly as wide as that of the LFS book. If you found LFS useful, you should also like this!
Since Release 5.0, the BLFS book version matches the LFS book version. This book may be incompatible with a previous or latter release of the LFS book.
This book is divided into the following parts.
This part contains information which is essential to the rest of the book.
Here we introduce basic configuration and security issues. We also discuss a range of editors, file systems, and shells which aren't covered in the main LFS book.
In this section we cover libraries which are often needed by the rest of the book as well as system utilities. Information on Programming (including recompiling GCC to support its full range of languages) concludes this part.
Here we cover how to connect to a network when you aren't using the simple static IP setup given in the main LFS book.
Networking libraries and command-line networking tools make up the bulk of this part.
Here we deal with setting up mail and other servers (such as SSH, Apache, etc.).
This part explains how to set up a basic X Window System installation along with some generic X libraries and Window managers.
For those who want to use the K Desktop Environment or some parts of it, this part covers it.
GNOME is the main alternative to KDE in the Desktop Environment arena and we cover both GNOME-1.4 and GNOME-2.10 here.
Office programs and graphical web browsers are important to most people. They, along with some generic X software can be found in this part of the book.
Here we cover setting multimedia libraries and drivers along with some audio, video and CD-writing programs.
The PST part of the book covers document handling with applications like Ghostscript, CUPS and DocBook to installing TeX.
The Appendices cover information which doesn't belong in the main book; they are mainly there as a reference.
The Beyond Linux From Scratch book is designed to carry on from where the LFS book leaves off. But unlike the LFS book, it isn't designed to be followed straight through. Reading the Which sections of the book? part of this chapter should help guide you through the book.
Please read most of this part of the book carefully as it explains quite a few of the conventions we use throughout the book.
We would like to thank the following people and organizations for their contributions toward the BLFS and LFS projects:
All those people listed on the Credits page for submitting patches, instructions and corrections to the book. The former editor would especially like to thank Bruce, Larry and Billy for their enormous inputs to the project.
Mark Stone <mstone <at> linux.com> for donating the linuxfromscratch.org servers.
Gerard Beekmans <gerard <at> linuxfromscratch.org> for starting and writing the vast majority of the LFS project.
Jesse Tie-Ten-Quee <higho <at> @linuxfromscratch.org> for answering many questions on IRC, having a great deal of patience and for not killing the former editor for the joke in the original BLFS announcement!
DREAMWVR.COM for their ongoing sponsorship by donating various resources to the LFS and related sub projects.
Robert Briggs for donating the linuxfromscratch.org and linuxfromscratch.com domain names.
Frank Skettino <bkenoah <at> oswd.org> at OSWD for coming up the initial design of the LFS and BLFS websites.
Garrett LeSage <garrett <at> linux.com> for creating the LFS banner
Jeff Bauman (former co-editor of the book) for his assistance with getting BLFS off the ground.
Countless other people on the various LFS and BLFS mailing lists who are making this book happen by giving their suggestions, testing the book and submitting bug reports.
Many people have contributed both directly and indirectly to BLFS. This page lists all of those we can think of. We may well have left people out and if you feel this is the case, drop us line. Many thanks to all of the LFS community for their assistance with this project. If you are in the list and wish to have your email address included, again please drop us a line to bdubbs@linuxfromscratch.org and we'll be happy to add it. We don't include email addresses by default so if you want it included, please state so when you contact us.
Editor: Bruce Dubbs <bdubbs@linuxfromscratch.org>
Co-Editors: Randy McMurchy, Larry Lawrence, Igor Zivkovic, DJ Lucas, Tushar Teredesai, David Jensen, Manuel Canales Esparcia, and Richard Downing.
Chapter 01. Based on the LFS introductory text by Gerard Beekmans, modified by Mark Hymers for BLFS.
Chapter 02: The /usr versus /usr/local debate: Andrew McMurry.
Chapter 02: Going beyond BLFS: Tushar Teredesai.
Chapter 02: Package Management: Tushar Teredesai.
Chapter 03: /etc/inputrc: Chris Lynn.
Chapter 03: Customizing your logon & vimrc: Mark Hymers.
Chapter 03: /etc/shells: Igor Zivkovic.
Chapter 03: Random number script Larry Lawrence.
Chapter 03: Creating a Custom Boot Device Bruce Dubbs.
Chapter 03: The Bash Shell Startup Files James Robertson revised by Bruce Dubbs.
Chapter 03: Compressed docs Olivier Peres.
Chapter 04: Firewalling: Henning Rohde with thanks to Jeff Bauman. Revised by Bruce Dubbs.
Chapter 11: Which Mark Hymers with many thanks to Seth Klein and Jesse Tie-Ten-Quee.
Chapter 25: X Window System Environment: Bruce Dubbs.
Chapter 27: Intro to Window Managers: Bruce Dubbs.
Chapters 28 and 29: KDE: Bruce Dubbs.
Chapters 30, 31, and 32: GNOME: Larry Lawrence.
aalib, Alsa, ffmpeg, gocr, MPlayer, opendivx, transcode, xvid and xsane: Alex Kloss
AbiWord, at-spi, ATK, audiofile, avifile, bc, bonobo-activation, bug-buddy, cdrdao, cdrtools, cpio, curl, dhcp, enlightenment, eog, esound, fcron, fluxbox, FNLIB, gail, galeon, gconf-editor, gdbm, gedit, gimp, GLib2, gmp, gnet, gnome-applets, gnome-desktop, gnome-games, gnome-icon-theme, gnome-libs, gnome-media, gnome-mime-data, gnome-panel, gnome-session, gnome-system-monitor, gnome-terminal, gnome-themes, gnome-utils, gnome-vfs, gnome2-user-docs, gnumeric, GTK+2, gtk-doc, gtk-engines, gtk-thinice-engine, eel, imlib, intltool, lame, libao, libart_lgpl, libbonobo, libbonoboui, libgail-gnome, libglade2, libgnome, libgnomecanvas, libgnomeprint, libgnomeprintui, libgnomeui, libgsf, libgtkhtml, libgtop, libIDL, libogg, librep, librsvg, libvorbis, libwnck, libxml2, libxslt, linc, LPRng, Linux_PAM, metacity, MIT Kerberos 5,MPlayer, mutt, nautilus, nautilus-media, oaf, OpenJade, OpenSP, OpenSSH, ORBit, ORBit2, pan, Pango, pccts, pcre, pkgconfig, postfix, procmail, Python, QT, rep-gtk, ruby, sawfish, scrollkeeper, sgml-common, sgml-dtd, shadow, startup-notification, unzip, vorbis-tools, vte, wget, XFce, xine, xml-dtd, yelp and zip: Larry Lawrence
CDParanoia, mpg123, SDL and XMMS: Jeroen Coumans
alsa, cvs, dhcpcd, gpm, hdparm, libjpeg, libmng, libpng, libtiff, libungif, giflib, links, lynx, openssl, tcsh, which, zsch, zlib: Mark Hymers
traceroute: Jeff Bauman
db and lcms: Jeremy Jones and Mark Hymers
aspell, balsa, bind, bonobo, bonobo-conf, cvs server, db-3.3.11, db-3.1.17, emacs, evolution, exim, expat, gal, gnome-print, GnuCash, gtkhtml, guppi, guile, guppi, g-wrap, leafnode, lesstif, libcapplet, libesmtp, libfam, libghttp, libglade, pine, portmap, PostgreSQL, pspell, qpopper, readline, reiserfs, Samba, sendmail, slrn, soup, tex, tcp-wrappers, and xinetd: Billy O'Connor
ProFTPD and rsync: Daniel Baumann
ESP Ghostscript: Matt Rogers
ALSA Tools, Apache Ant, Cyrus-SASL, DejaGnu, desktop-file-utils, DocBook DSSSL Stylesheets, DocBook-utils, Ethereal, Evolution Data Server, Exim (many additions), Expect, FOP, FreeTTS, FriBidi, gnome-audio, gnome-backgrounds, gnome-menus, GNOME Doc Utils, GnuCash (many additions), Heimdal, HTML Tidy, JadeTeX, Java Access Bridge, LessTif (rewrite), libexif, libgail-gnome, libgnomecups, MPlayer (extensive overhaul), Other Programming Tools, PDL, Perl Modules, pilot-link, Samba 3 (many additions), Shadow (rewrite), SANE (original instructions by Alex Kloss), SLIB, Stunnel, Sysstat and system-tools-backends: Randy McMurchy
Screen: Andreas Pedersen
PHP: Jeremy Utley
Gimp-Print and libusb: Alexander E. Patrakov
Fetchmail and WvDial: Paul Campbell
UDFtools, Perl modules (initial version) and Bluefish: Richard Downing
Epiphany, FLAC, File Roller, GNOME Magnifier, GNOME Netstatus, GNOME Speech, GOK, GPdf, GnomeMeeting, Gnopernicus, Imlib2, LZO, MC, NASM, Nautilus CD Burner, OpenQuicktime, Speex, XScreenSaver, Zenity, compface, freeglut, gcalctool, gucharmap, id3lib, kde-i18n, kdeaccessibility, kdebindings, kdesdk, kdevelop, kdewebdev, libFAME, liba52, libdv, libdvdcss, libdvdread, libmad, libmikmod and libmpeg3: Igor Zivkovic
tripwire: Manfred Glombowski
ALSA Firmware, ALSA OSS, inetutils, gdk, GLib, GTK+, libxml and vim: James Iwanek
iptables: Henning Rohde
joe, nano, nmap, slang, w3m and whois: Timothy Bauscher
MySQL: Jesse Tie-Ten-Quee
fontconfig, gcc, gcc2, jdk, mozilla, nas, openoffice, ispell, nail, ImageMagick, hd2u, STLport, tcl, tk and bind-utils: Tushar Teredesai
cracklib, libpcap, ncpfs, netfs, ppp(update), RP-PPPoE, Samba-3 and Subversion: DJ Lucas
ntp: Eric Konopka
nfs-utils: Reinhard
Fernando Arbeiza for doing great quality assurance on Shadow utilizing PAM. The machine access he saved may have been yours.
Archaic for trouble shooting the mozilla section by performing multiple builds and for providing a description of the various mozilla extensions.
Gerard Beekmans for generally putting up with us and for running the whole LFS project.
Oliver Brakmann for developing the dhcpcd patch for FHS compliance.
Ian Chilton for writing the nfs hint.
Nathan Coulson for writing the new network bootscripts.
Nathan Coulson, DJ Lucas and Zack Winkles for reworking the bootscripts used throughout the book.
Jim Harris for writing the dig-nslookup-host.txt hint on which the bind-utils instructions are based.
Lee Harris for writing the gpm.txt hint on which our gpm instructions are based.
Marc Heerdink for creating patches for tcp_wrappers and portmap and for writing the gpm2.txt hint on which our gpm instruction are based.
Mark Hymers for initiating the BLFS project and writing many of the initial chapters of the book.
J_Man for submitting a gpm-1.19.3.diff file on which our gpm instructions are based.
Jeremy Jones (otherwise known as mca) for hacking Makefiles and general assistance.
Steffen Knollmann for revising the JadeTeX instructions to work with Tex-3.0.
Eric Konopka for writing the ntp.txt hint on which the ntp section is based.
Scot McPherson for writing the gnome-1.4.txt hint from which was gathered useful information and for warning us that GNOME Version 2.0 may not be ready to put in the book.
Alexander E. Patrakov for patches and suggestions to improve the book content, assistance with alsa dev.d helpers, and increasing the l10n awareness.
Ted Riley for writing the Linux-PAM + CrackLib + Shadow hint on which reinstalling Shadow to use PAM is based.
Unlike the Linux From Scratch book, BLFS isn't designed to be followed in a linear manner. This is because LFS provides instructions on how to create a base system which is capable of turning into anything from a web server to a multimedia desktop system. BLFS is where we try to guide you in the process of going from the base system to your intended destination. Choice is very much involved.
Everyone who reads the book will want to read certain sections. The Introduction part–which you are currently reading–contains generic information. Especially take note of the information in Important Information (Chapter 2, Important Information), as this contains comments about how to unpack software and various other aspects which apply throughout the book.
The part on Post LFS Configuration and Extra Software is where most people will want to turn next. This deals with not just configuration but also Security (Chapter 4, Security), File Systems (Chapter 5, File Systems), Editors (Chapter 6, Editors) and Shells (Chapter 7, Shells). Indeed, you may wish to reference certain parts of this chapter (especially the sections on Editors and File Systems) while building your LFS system.
Following these basic items, most people will want to at least browse through the General Libraries and Utilities part of the book. This part contains information on many items which are prerequisites for other sections of the book as well as some items (such as Programming (Chapter 12, Programming) which are useful in their own right. Note that you don't have to install all of these libraries and packages found in this part to start with, each BLFS install procedure tells you which packages it depends upon so you can choose the program you want to install and see what it needs.
Likewise, most people will probably want to look at the Connecting to a Network and Basic Networking parts. The first of these deals with connecting to the Internet or your LAN using a variety of methods such as DHCP (Chapter 14, DHCP Clients) and Dial-Up Connections (Chapter 13, Dial-up Networking). The second of these parts deals with items such as Networking Libraries (Chapter 16, Networking Libraries) and various basic networking programs and utilities.
Once you have dealt with these basics, you may wish to configure more advanced network services. These are dealt with in the Servers part of the book. Those wanting to build servers should find a good starting point there. Note that Servers also contains information on various database packages.
The next parts of the book principally deal with desktop systems. This portion of the book starts with a part talking about X and Window Managers. This part also deals with some generic X-based libraries (Chapter 26, X Libraries). After this, KDE and GNOME are given their own parts which are followed by one on X Software.
The book then moves on to deal with Multimedia packages. Note that many people may want to use the ALSA-1.0.9 instructions from this chapter quite near the start of their BLFS journey; they are placed here simply because it is the most logical place for them.
The final part of the main BLFS book deals with Printing, Scanning and Typesetting. This is useful for most people with desktop systems and even those who are creating mainly server systems will find it useful.
We hope you enjoy using BLFS and find it useful.
To make things easy to follow, there are a number of conventions used throughout the book. Following are some examples:
./configure --prefix=/usr
This form of text is designed to be typed exactly as seen unless otherwise noted in the surrounding text. It is also used to identify references to specific commands.
install-info: unknown option `--dir-file=/mnt/lfs/usr/info/dir'
This form of text (fixed width text) is showing screen output, probably as the result of commands issued and is also used to show filenames such as /boot/grub/grub.conf
Emphasis
This form of text is used for several purposes in the book but mainly to emphasize important points or to give examples as to what to type.
http://www.linuxfromscratch.org/
This form of text is used for hypertext links external to the book such as HowTo's, download locations, websites, etc.
This form of text is used for links internal to the book such as another section describing a different package.
cat > $LFS/etc/group << "EOF" root:x:0: bin:x:1: ...... EOF
This type of section is used mainly when creating configuration files. The first command (in bold) tells the system to create the file $LFS/etc/group from whatever is typed on the following lines until the sequence EOF is encountered. Therefore, this whole section is generally typed as seen.
[REPLACED TEXT]
This form of text is used to encapsulate text that should be modified and is not to be typed as seen, or copy and pasted. Note that the square brackets are not part of the text, but should be substituted for as well.
root
This form of text is used to show a specific system user reference in the instructions.
This is BLFS-BOOK version 6.1 dated August 14st, 2005. If this version is older than a month, a newer version is probably already available for download. Check one of the mirror sites below for updated versions.
The BLFS project has a number of mirrors setup world-wide to make it easier and more convenient for you to access the website. Please visit the http://www.linuxfromscratch.org/mirrors.html website for the list of current mirrors.
Within the BLFS instructions, each package has two references for finding the source files for the package—an http link and an ftp link (some packages may only list one of these links). Every effort has been made to ensure that these links are accurate. However, the World Wide Web is in continuous flux. Packages are sometimes moved or updated and the exact URL specified is not always available.
To overcome this problem, the BLFS Team, with the assistance of Server Beach, has made an http/ftp site available at anduin.linuxfromscratch.org. This site has all the sources of the exact versions of the packages used in BLFS. If you can't find the BLFS package you need, get it there.
We would like to ask a favor, however. Although this is a public resource for you to use, we do not want to abuse it. We have already had one unthinking individual download over 3 GB of data, including multiple copies of the same files that are placed at different locations (via symlinks) to make finding the right package easier. This person clearly did not know what files he needed and downloaded everything. The best place to download files is the site or sites set up by the source code developer. Please try there first.
Please note that the Change Log only lists which editor was responsible for putting the changes into SVN; please read the Credits page in Chapter 1 for details on who wrote what.
6.1 – August 14st, 2005
August 19th, 2005 [dj]: Updated dev.d scripts and surrounding text in alsa-utils.
August 12th, 2005 [randy]: Added a command to the PostgreSQL instructions to fix broken ownership of installed files.
August 11th, 2005 [randy]: Applied a patch contributed by stirling to fix many broken download URLs.
August 11th, 2005 [randy]: Added a new section "Other Programming Tools" to Chapter 12 - Programming.
August 9th, 2005 [bdubbs]: BLFS-6.1-pre2 release.
August 9th, 2005 [dj]: Added default PATH for pam_env and a note about the lack of ENV_SUPATH.
August 8th, 2005 [randy]: Added instructions to install patches to Ruby and NASM that fix security vulnerabilities discovered in both packages, thanks to Ken Moffat for the suggestions.
August 8th, 2005 [randy]: Modified documentation installation in the Fontconfig instructions.
August 8th, 2005 [randy]: Modified the Shadow instructions so that builders will not receive configuration errors during the testing recommended by the warning note.
August 7th, 2005 [randy]: Removed building the MPFR library from the GMP instructions.
July 31st, 2005 [randy]: Updated to libpcap-0.9.3 and moved the instructions from Chapter 8 "General Libraries" to Chapter 16 "Networking libraries"; updated to HTML Tidy-050722 and Ethereal-0.10.12.
July 31st, 2005 [dj]: Updated bootscripts tarball, added ALSA dev.d helper scripts, corrected SSL instructions for postfix, and updated postfix to 2.2.5.
July 31st, 2005 [richard]: Updated to firefox-1.0.6.
July 30th, 2005 [bdubbs]: Updated to fetchmail-6.2.5.2.
July 30th, 2005 [bdubbs]: Updated to mc-4.6.1.
July 30th, 2005 [richard]: Updated to thunderbird-1.0.6 with enigmail-0.92.0 and ipc-1.1.3.
July 30th, 2005 [tushar]: Added boot-time consistency check for ext3 partitions.
July 29th, 2005 [bdubbs]: Updated to exim-5.52.
July 29th, 2005 [bdubbs]: Updated to iptables-1.3.3.
July 29th, 2005 [richard]: Revised wording about LFS newsserver.
July 29th, 2005 [richard]: Updated to fcron-2.9.7 changing dependency wording for the required text editor.
July 28th, 2005 [richard]: Updated to curl-7.14.0.
July 28th, 2005 [richard]: Updated to LZO-2.01.
July 28th, 2005 [richard]: Updated to libvorbis-1.1.1 and vorbis-tools-1.1.1.
July 28th, 2005 [dj]: Added security patch for OpenOffice and removed broken optimization patch for JDK.
July 27th, 2005 [bdubbs]: Updated escape sequence explanation in the /etc/issue discussion in Chapter 3.
July 27th, 2005 [tushar]: Updated to aspell-0.60.3.
July 27th, 2005 [tushar]: Updated to libxml2-2.6.20.
July 27th, 2005 [tushar]: Updated to pkg-config-0.19.
July 27th, 2005 [tushar]: Updated to speex-1.0.5.
July 27th, 2005 [bdubbs]: Updated to KDE-3.4.1.
July 27th, 2005 [djensen]: Updated to Bluefish-1.0.2.
July 27th, 2005 [djensen]: Updated to ImageMagick-6.2.3-5.
July 25th, 2005 [djensen]: Updated to ALSA-1.0.9.
July 25th, 2005 [tushar]: Fix symlink related bug in cpio. See Bug # 1464.
July 25th, 2005 [randy]: Updated to Heimdal-0.7.
July 25th, 2005 [djensen]: Updated to Imlib2-1.2.1.
July 25th, 2005 [djensen]: Updated to freeglut-2.4.0.
July 25th, 2005 [tushar]: Added optional defines to xorg to allow installation into standard directories.
July 24th, 2005 [dj]: Updated to Linux-PAM-0.80 and corrected sed for /etc/login.defs in Shadow instructions.
July 24th, 2005 [randy]: Updated to CrackLib-2.8.3.
July 23rd, 2005 [djensen]: Added security patch to Mpg123.
July 23rd, 2005 [randy]: Updated to Shadow-4.0.9 via a patch from DJ Lucas.
July 22nd, 2005 [randy]: Added textual updates to the "After LFS Configuration" chapter.
July 21st, 2005 [randy]: Added additional text to the "Conventions" and "Unpacking" sections; numerous typo, grammar and tagging fixes to the "Introduction" chapter.
July 20th, 2005 [tushar]: Added testsuite to pango.
July 20th, 2005 [larry]: Removed document instructions from mysql, no longer in package.
July 20th, 2005 [randy]: Updated to Stunnel-4.11.
July 19th, 2005 [randy]: Updated to Doxygen-1.4.3.
July 18th, 2005 [randy]: Updated to Nail-11.24 and Cyrus-SASL-2.1.21.
July 17th, 2005 [randy]: Updated to GnuCash-1.8.11.
July 17th, 2005 [tushar]: Updated Notes on Building Software.
July 14th, 2005 [randy]: Added Finance::QuoteHist module and dependencies to Perl Modules instructions.
July 14th, 2005 [djensen]: Updated to Tcl-8.4.11 and Tk-8.4.11.
July 14th, 2005 [djensen]: Updated to Gst-plugins-0.8.10.
July 14th, 2005 [bdubbs]: Updated to koffice-1.4.0b.
July 13th, 2005 [randy]: Major overhaul to the Perl Modules instructions including adding new modules, removing obsolete modules, adding additional dependencies, complete text rewrite and new page layout.
July 12th, 2005 [djensen]: Updated to Nmap-3.81.
July 11th, 2005 [tushar]: Install static library and header in PCI Utilities.
July 11th, 2005 [djensen]: Remove inappropriate patch from OpenSSL-0.9.7g.
July 10th, 2005 [djensen]: Added recommendation to skip the Berkeley DB test-suite.
July 9th, 2005 [djensen]: Updated to Libpcap-0.9.1.
July 9th, 2005 [djensen]: Updated to Libtiff-3.7.3.
July 9th, 2005 [tushar]: For fcron, replace switch --with-answer-all=no with --with-boot-install=no.
July 9th, 2005 [tushar]: Added make check to intltool.
July 9th, 2005 [dj]: Updated blfs-bootscripts and added RTC instructions to MPlayer.
July 8th, 2005 [tushar]: Added document installation to fontconfig.
July 7th, 2005 [djensen]: Added document installation to NTP-4.2.0.
July 3rd, 2005 [tushar]: Added note on installation of ispell and spell wrappers in aspell.
July 3rd, 2005 [tushar]: Added note that gmp testsuite is highly recommended.
July 3rd, 2005 [djensen]: Updated to ImageMagick-6.2.3-3.
July 3rd, 2005 [djensen]: Updated to GIMP-2.2.8.
July 1st, 2005 [djensen]: Updated to Berkeley DB-4.3.28.
Jun 30th, 2005 [djensen]: Updated to Pkgconfig-0.18.
Jun 29th, 2005 [djensen]: Updated to MySQL-4.1.12.
Jun 28th, 2005 [djensen]: Updated to Hdparm-6.1.
Jun 28th, 2005 [djensen]: Updated to Nano-1.2.5.
Jun 28th, 2005 [djensen]: Updated to Libgsf-1.12.0.
Jun 28th, 2005 [djensen]: Updated to PCRE-6.1.
Jun 28th, 2005 [randy]: Updated Perl Modules: HTML::Parser-3.45, HTML::TableExtract-2.02, DateManip-5.44, Module-CoreList-2.02 and Compress::Zlib-1.34; added dependencies to Finance::Quote Perl Module.
Jun 26th, 2005 [dj]: Added optimization patch to JDK instructions.
Jun 25th, 2005 [randy]: Updated G-Wrap dependencies; updated to Perl Module Module::Info-0.28.
Jun 23th, 2005 [djensen]: Updated to Cdrdao-1.2.0.
Jun 21th, 2005 [djensen]: Updated to OpenSSL-0.9.7g.
Jun 21th, 2005 [djensen]: Corrected http download url in Transcode.
Jun 21th, 2005 [djensen]: Updated to XFce-4.2.2.
Jun 21th, 2005 [djensen]: Updated to Dillo-0.8.5.
Jun 21th, 2005 [djensen]: Updated to GSview-4.7.
Jun 20th, 2005 [djensen]: Updated to Freetype-2.1.10.
Jun 20th, 2005 [djensen]: Updated to Fontconfig-2.3.2.
Jun 20th, 2005 [djensen]: Moved Libwnck from gnome/core to x/libs.
Jun 20th, 2005 [djensen]: Separated the DB-4.3.27 test from the build, they are not compatible.
Jun 20th, 2005 [dj]: Added missing required patch to dhcp instructions.
June 19th, 2005 [djensen]: Changed links to t1lib-5.1.0 and mcript link to mcrypt.sourceforge.net/
Jun 18th, 2005 [dj]: Added dhcp-3.0.2-gcc_3.4.3-2.patch, updated dhclient instructions to print settings obtained in bootscript, and added libmawt.so symlink to JDK instructions.
June 18th, 2005 [djensen]: Updated to Fluxbox-0.9.13
June 18th, 2005 [djensen]: Updated to Ghostscript-8.51. Separated root/user.
June 18th, 2005 [igor]: Updated to Postfix-2.2.3.
June 17th, 2005 [igor]: Updated to Apache-2.0.54.
June 17th, 2005 [djensen]: Updated to NcFTP-3.1.9. Separated root/user.
June 17th, 2005 [djensen]: Updated to Pine-4.63. Separated root/user.
June 16th, 2005 [djensen]: Updated to Gnet-2.0.7. Added alternate gtk-doc/html doc install directory.
June 16th, 2005 [djensen]: Added document installation to W3m, separated user/root commands in W3m, Pan, Balsa, Compface, Fetchmail, Mutt, Slrn, Net-tools, NTP and Enscript.
June 15th, 2005 [djensen]: Updated to Hd2u-1.0.0. Separated user and root commands.
June 15th, 2005 [djensen]: Separated user/root instructions and/or updated Installed Directories for Libao, Libmpeg123, Libmad, OpenQuicktime, libFAME, Speex, Libdvdread, FLAC, Gst-plugins, Libcroco, Libesmtp, Libungif, MC, GSview, AAlib and Rep-gtk
June 15th, 2005 [djensen]: Updated to Avifile-0.7-0.7.43. removed pc sed.
June 15th, 2005 [djensen]: Removed --mandir configure switch from Dhcpcd.
June 15th, 2005 [archaic]: Updated to vsftpd-2.0.3.
June 14th, 2005 [djensen]: Added 8 plugin links and a python version sed to Abiword.
June 14th, 2005 [bdubbs]: Updated to autofs-4.1.4.
June 13th, 2005 [djensen]: Updated to PostgreSQL-8.0.3. Added testsuite command.
June 13th, 2005 [randy]: Modified installation path of GNOME-1.4 libraries to /opt/gnome-1.4.
June 13th, 2005 [djensen]: Added a2ps instructions to install the downloaded fonts. Added possible testsuite.
June 12th, 2005 [bdubbs]: Corrected startup scripts. Removed xterm-title and substituted extra-prompt.sh.
June 12th, 2005 [bdubbs]: Changed location of ispell dictionaries to /usr/share/ispell.
June 12th, 2005 [djensen]: Simplified the PSUtils build instructions. Separated user and root instructions.
June 12th, 2005 [bdubbs]: Updated to thunderbird-1.0.2 and fixed problem in the installation of thunderbird's defaults directory.
June 12th, 2005 [bdubbs]: Added instruction to make rc.iptables executable in firewalling section.
June 12th, 2005 [bdubbs]: Updated cpio instructions to ensure LSB testsuites pass internationalization tests.
June 12th, 2005 [djensen]: Updated to Links-2.1pre17. Added SDL to optional dependencies. Separated user and root instructions.
June 12th, 2005 [randy]: Added new package FriBidi-0.10.5.
June 11th, 2005 [djensen]: Updated to AbiWord-2.2.8, build instructions altered to build and install plugins.
June 10th, 2005 [djensen]: Fixed md5sum joe-3.3. Completed XFree86 update to 4.5.0
June 10th, 2005 [randy]: Added additional optional dependencies to the Bluefish instructions.
June 10th, 2005 [djensen]: Updated to joe-3.3.
June 8th, 2005 [randy]: Updated to PCRE-6.0 using a patch submitted by David Jensen; added documentation installation to the Imlib instructions.
June 6th, 2005 [randy]: Added a note to the Samba instructions about unprivileged users mounting SMB shares; updated JDK binary version to 1.5.0_03; updated to ZSH-4.2.5; added installation of documentation to the PCRE instructions, suggested by David Jensen.
June 6th, 2005 [bdubbs]: Updated bind and bind-utils sections to version 9.3.1.
June 5th, 2005 [randy]: Removed "which" as a dependency of DocBook-utils and created a note saying it must be installed; clarified why 'yes' is piped to 'make config' in the introduction of the installation section of Net-Tools (fixes bug #1259).
June 5th, 2005 [randy]: Created Samba client instruction page, suggested by Alexander Patrakov; added additional configuration text to the Samba server instructions, submitted by Alexander Patrakov; added SWAT (without Stunnel) configuration instructions to the Samba server instructions, suggested by Jim Gifford; removed Stunnel and added XFS as dependencies of the Samba package; added instructions to create a nobody user in the Samba server bootscript installation section, suggested by Frank Olschewski.
June 5th, 2005 [bdubbs]: Integrated system uid and gid values into individual packages.
June 5th, 2005 [bdubbs]: Added blufish-1.0.1 from patch provided by theOldFellow.
June 4th, 2005 [randy]: Standardized the creation of the nobody user (without a valid login shell) in the NFS Utilities and Postfix instructions.
June 3rd, 2005 [randy]: Updated Samba configuration information as suggested by Alexander Patrakov (fixes bug #1386); Updated to rsync-2.6.5 and OpenSSH-4.1p1.
June 3rd, 2005 [igor]: Updated to ImageMagick-6.2.3-0.
June 1st, 2005 [randy]: Updated to Galeon-1.3.21, Sysstat-6.0.0, HTML Tidy-050531, Whois-4.7.5 and Tcsh-6.14.00; moved installation of tcsh to /bin instead of /usr/bin and updated /etc/shells during the Tcsh installation.
May 31st, 2005 [bdubbs]: Added section explaining system user and group numerical assignments.
May 31st, 2005 [randy]: Removed the explicit path from the GDM bootscript commands and updated the GDM instructions to include a note to update the script if $GNOME_PREFIX is non-stardard; updated bootscripts to version 20050531.
May 30th, 2005 [randy]: Updated to GDM-2.6.0.9, GNOME Speech-0.3.7, Gnopernicus-0.10.9 and GOK-1.0.4; added new package libexif-0.6.12; moved libexif to a required dependency of Nautilus.
May 29th, 2005 [bdubbs]: Updated to Firefox-1.0.4.
May 29th, 2005 [bdubbs]: Updated to Mozilla-1.7.8.
May 29th, 2005 [randy]: Updated to Gnumeric-1.4.3 and changed the installation path to /usr (thanks to Bruce Dubbs, David Jensen and Jody Goldberg for their input); added popt to the libgnomeprint depedencies, suggested by David Jensen; updated to GNOME Magnifier-0.12.1.
May 28th, 2005 [randy]: Updated to Ethereal-0.10.11, reported by Matthias Berndt.
May 27th, 2005 [igor]: Updated to GIMP-2.2.7.
May 25th, 2005 [randy]: Updated installation commands in the FreeTTS instructions.
May 23rd, 2005 [randy]: Updated to libgail-gnome-1.1.1 and Java Access Bridge-1.4.5.
May 22nd, 2005 [randy]: Added new package FreeTTS-1.2.1.
May 22nd, 2005 [manuel]: Finished the book sources retagging and indentation to match current template.xml.
May 19th, 2005 [randy]: Updated to GnomeMeeting-1.2.1.
May 18th, 2005 [archaic]: GPM: Moved the LDFLAGS option from the configure command to the make command as libm wasn't being properly pulled into the environment.
May 18th, 2005 [randy]: Fixed documentation installation command in the EsounD instructions, suggested by David Jensen; fixed skin file MD5sum in the MPlayer instructions, suggested by Zibeli Aton.
May 18th, 2005 [randy]: Updated to GConf Editor-2.10.0, GNOME Netstatus-2.10.0, gcalctool-5.5.42, GPdf-2.10.0 and Zenity-2.10.0; commented out the Nautilus Media package from inclusion in the book.
May 17th, 2005 [randy]: Updated to GNOME System Monitor-2.10.1, bug-buddy-2.10.0, EOG-2.10.0, AT SPI-1.6.4, gtksourceview-1.2.0, gedit-2.10.2, GGV-2.8.4 and File Roller-2.10.3.
May 16th, 2005 [randy]: Added new package gnome-audio-2.0.0; updated to GNOME Utils-2.10.1 and GNOME Games-2.10.1.
May 15th, 2005 [randy]: Updated to Evolution-2.2.2, Epiphany-1.6.2, Nautilus CD Burner-2.10.1 and GNOME Media-2.10.2.
May 12th, 2005 [randy]: Updated to GAL-2.4.2 and GtkHTML-3.6.2.
May 11th, 2005 [manuel]: Fixed a typo in JDK, reported by William Harrington.
May 11th, 2005 [randy]: Updated to libgnomecups-0.2.0, libgnomeprint-2.10.3, libgnomeprintui-2.10.2, Evolution Data Server-1.2.2 and gucharmap-1.4.3.
May 11th, 2005 [randy]: Updated all the GNOME-2 core package instructions to the GNOME 2.10.1 release (ORBit-2.12.2, libbonobo-2.8.1, GConf-2.10.0, GNOME VFS-2.10.1, libgnome-2.10.0, libgnomecanvas-2.10.0, libbonoboui-2.8.1, GNOME Icon Theme-2.10.1, gnome-keyring-0.4.2, libgnomeui-2.10.0, GTK Engines-2.6.3, GNOME Themes-2.10.1, GNOME Desktop-2.10.1, libwnck-2.10.0, GNOME Panel-2.10.1, GNOME Session-2.10.0, VTE-0.11.13, GNOME Terminal-2.10.0, LibGTop-2.10.1, GAIL-1.8.3, GNOME Applets-2.10.1, EEL-2.10.1, Nautilus-2.10.1, GNOME Doc Utils-0.2.0, libgtkhtml-2.6.3, Yelp-2.6.5 and Control Center-2.10.1). Many of the add-on packages build with existing instructions, however, all of them will be updated ASAP.
May 11th, 2005 [randy]: Added three new GNOME-2 packages: gnome-menus-2.10.1, gnome-backgrounds-2.10.1 and system-tools-backends-1.2.0.
May 10th, 2005 [randy]: Increment BLFS Bootscripts version to 20050509.
May 9th, 2005 [igor]: Updated to MySQL-4.1.11.
May 8th, 2005 [randy]: Updated to Metacity-2.10.1; updated XScreenSaver dependencies and build instructions.
May 6th, 2005 [randy]: Updated to GIMP-2.2.6 and gst-plugins-0.8.8; removed the --disable-docs-build switch from the GStreamer instructions, suggested by Matthew Burgess.
May 5th, 2005 [manuel]: Shortened the Tidy documentation generation commands.
May 5th, 2005 [dj]: Removed bad MANPATH variable from JDK instructions and fixed CLASSPATH for spaces in filenames.
May 4th, 2005 [igor]: Updated to Fcron-2.9.6.
May 4th, 2005 [randy]: Updated to GStreamer-0.8.10.
May 3rd, 2005 [randy]: Updated to CVS-1.11.20 and HTML Tidy-050502; added MPlayer to the list of FFmpeg's dependencies as it can utilize the shared post-processing library.
May 2nd, 2005 [randy]: Updated to xine Libraries-1.0.1.
May 1st, 2005 [randy]: Updated to MPlayer-1.0pre7; added a sed command to the FFmpeg instructions to fix an issue on MMX capable machines.
April 29th, 2005 [bdubbs]: Update to aRts 1.4, kde 3.4, and kdevelop 3.2.
April 28th, 2005 [dj]: Added doublefree patch to OOo instructions, corrected gcc patch and libmawt symlink. Added a description for javaws to JDK instructions.
April 28th, 2005 [randy]: Added documentation installation to the id3lib instructions.
April 27th, 2005 [randy]: Updated to FLAC-1.1.2, libdv-0.104 and XviD-1.0.3; added Doxygen dependency and documentation installation to the libdvdcss instructions; added documentation installation to the liba52 instructions.
April 26th, 2005 [randy]: Updated to GStreamer-0.8.9 and libao-0.8.6; added a download URL to the PassiveTeX dependency in the libvorbis instructions; added installation of HTML documentation to the SDL and libmikmod instructions.
April 24th, 2005 [dj]: Updated to JDK-1.5.0, added gcc-3.4.2+ and jdk-1.5.0 patches to OpenOffice, and added jdk-1.5.0 patch for fop.
April 24th, 2005 [randy]: Fixed incorrect path pointing to the documentation in the Cyrus-SASL configuration section and incorrect library versions in the chmod commands in the OpenLDAP instructions, both pointed out by syaodzir; added documentation installation to the startup-notification instructions.
April 23rd, 2005 [bdubbs]: Updated to nfs-utils-1.0.7. Added comments about user nobody and pointed to section on netfs.
April 23rd, 2005 [randy]: Updated to librsvg-2.9.5.
April 22nd, 2005 [randy]: Updated to Firefox-1.0.3, libgsf-1.11.1, libglade-2.5.1 and Mozilla-1.7.7; added instructions to Firefox and Mozilla to utilize the JDK Java plugin.
April 21st, 2005 [bdubbs]: Upgraded to xscreensaver-4.21.
April 21st, 2005 [bdubbs]: Added patch to libmilmod.
April 20th, 2005 [bdubbs]: Updated qt instructions to eliminate an unnecessary copy procedure and fixed qmqke.conf adjustment.
April 20th, 2005 [randy]: Updated to Doxygen-1.4.2.
April 19th, 2005 [randy]: Updated to NAS-1.7.
April 19th, 2005 [bdubbs]: Updated to qt-3.3.4; fixed some configuration problems with build method 1.
April 18th, 2005 [randy]: Updated to shared-mime-info-0.16, hicolor-icon-theme-0.8 and GnuPG-1.4.1.
April 17th, 2005 [randy]: Updated to LessTif-0.94.4, intltool-0.33 and Module-Info-0.27 (Perl module); added an "Other Window Managers" section to Chapter 27.
April 17th, 2005 [manuel]: Updated the stylesheets to use DocBook-XSL 1.68.1.
April 15th, 2005 [randy]: Updated to libsoup-2.2.3, Samba-3.0.14a and libmng-1.0.9; added documentation installation commands to the LZO instructions; added a patch to fix a build issue and documentation installation commands to the lcms instructions.
April 14th, 2005 [randy]: Updated to libxklavier-2.0 and pkgconfig-0.17.2.
April 13th, 2005 [randy]: Updated to Glib-2.6.4, GTK+-2.6.7, Whois-4.7.2, Imlib2-1.2.0 and libart_lgpl-2.3.17; added documentation installation commands to the giflib and libungif instructions.
April 12th, 2005 [randy]: Updated to Samba-3.0.13 and pkgconfig-0.17.1.
April 12th, 2005 [bdubbs]: Finish server reorganization. Moved php to Programming and NFS to Major Servers.
April 12th, 2005 [bdubbs]: Major reorganization of server sections. Consolidated 'Server Networking' and 'Content Serving'.
April 11th, 2005 [dj]: Added 'Additional X Windows Configuration' page.
April 11th, 2005 [randy]: Updated to Nail-11.22, Guile-1.6.7 and Subversion-1.1.4; moved Guile instructions from 'Chapter 8 - General Libraries' to 'Chapter 12 - Programming'.
April 10th, 2005 [randy]: Updated to NASM-0.98.39 and Sendmail-8.13.4.
April 10th, 2005 [igor]: Updated to libIDL-0.8.5 and Firefox-1.0.2.
April 9th, 2005 [randy]: Updated to PHP-5.0.4.
April 8th, 2005 [randy]: Updated to PostgreSQL-8.0.1 and Aspell-0.60.2.
April 7th, 2005 [randy]: Updated the JadeTex instructions to work with Tex-3.0, contributed by Steffen Knollmann.
April 6th, 2005 [igor]: Updated to ATK-1.9.1.
April 6th, 2005 [randy]: Updated to MySQL-4.1.10a and TeX-3.0.
April 5th, 2005 [randy]: Added a note to the GCC-3.4.3 instructions to install a missing interface header file.
April 4th, 2005 [randy]: Updated to OpenLDAP-2.2.24, Stunnel-4.09, GTK-Doc-1.3 and OpenSSH-4.0p1; added a command to the cURL instructions to fix a broken test script.
April 4th, 2005 [igor]: Updated to OpenSSL-0.9.7f contributed by Anderson Lizardo.
April 3rd, 2005 [manuel]: Updated the XML sources to use DocBook XML DTD-4.4.
April 3rd, 2005 [randy]: Updated to libxslt-1.1.14.
April 2nd, 2005 [randy]: Added which as a required dependency of DocBook-utils, reported by Andrew Benton; updated to libxml2-2.6.19.
April 1st, 2005 [randy]: Updated to DocBook XML DTD-4.4 and DocBook XSL Stylesheets-1.68.1.
March 31st, 2005 [bdubbs]: Updated the install instructions for xinetd to use /etc/xinetd.d/ directory structure. Patch by John Gnew.
March 31st, 2005 [randy]: Updated to libxml2-2.6.18 and libxslt-1.1.13.
March 30th, 2005 [randy]: Updated to libusb-0.1.10a and Python-2.4.1.
March 29th, 2005 [randy]: Updated to DocBook DSSSL Stylesheets-1.79 (with rewrite of instructions); fixed deprecated tar option in Vim instructions; added a note to the Fontconfig instructions to have the SGMLSpm Perl module installed if DocBook-utils is installed.
March 28th, 2005 [randy]: Updated to DocBook-SGML-DTD-4.4; added manpage installation to OpenJade instructions, suggested by Andrew Benton.
March 27th, 2005 [randy]: Updated to libtiff-3.7.2, pkgconfig-0.16.0 and ALSA-1.0.8.
March 26th, 2005 [randy]: Updated to HTML Tidy-050324 and UnZip-5.52.
March 25th, 2005 [randy]: Updated to GCC-3.4.3.
March 24th, 2005 [randy]: Updated to Sysstat-5.1.5, Fontconfig-2.3.1 and Expect-5.43.0; added a note the the Tk instructions about running the test suite.
March 23rd, 2005 [randy]: Updated to Shadow-4.0.7; added security patch to Vim instructions; added daemon fixes patch to Inetutils instructions.
March 22nd, 2005 [randy]: Added the installation of documentation to the Linux-PAM instructions.
March 21st, 2005 [larry]: Updated to emacs-21.4a.
March 18th, 2005 [randy]: Added a sed command to the Zip instructions to fix an installation problem, suggested by Matthew Burgess.
March 17th, 2005 [bdubbs]: Released Version 6.0-pre1.
The linuxfromscratch.org server is hosting a number of mailing lists that are used for the development of the BLFS book. These lists include, among others, the main development and support lists.
For more information regarding which lists are available, how to subscribe to them, archive locations, etc. visit http://www.linuxfromscratch.org/mail.html.
All the mailing lists hosted at linuxfromscratch.org are also accessible via the NNTP server. All messages posted to a mailing list will be copied to its correspondent newsgroup. Note, however, that as this is written, it is not possible to write to the mailing lists via the NNTP service.
The news server can be reached at news.linuxfromscratch.org.
If you encounter a problem while using this book, and your problem is not listed in the FAQ (http://www.linuxfromscratch.org/faq), you will find that most of the people on Internet Relay Chat (IRC) and on the mailing lists are willing to help you. An overview of the LFS mailing lists can be found in Mailing lists. To assist us in diagnosing and solving your problem, include as much relevant information as possible in your request for help.
Before asking for help, you should review the following items:
Is the hardware support compiled into the kernel or available as a module to the kernel? If it is a module, is it configured properly in modules.conf and has it been loaded? You should use lsmod as the root user to see if it's loaded. Check the syslog.log or run modprobe [driver] to review any error message. If it loads properly, you may need to add the modprobe command to your boot scripts.
Are your permissions properly set, especially for devices? LFS uses groups to make these settings easier, but it also adds the step of adding users to groups to allow access. A simple moduser -G audio [user] may be all that's necessary for that user to have access to the sound system. Any question that starts out with “It works as root, but not as ...” requires a thorough review of permissions prior to asking.
BLFS liberally uses /opt/[package]. The main objection to this centers around the need to expand your environment variables for each package placed there (e.g., PATH=$PATH:/opt/kde/bin). In most cases, the package instructions will walk you through the changes, but some will not. The section called “Going Beyond BLFS” is available to help you check.
Apart from a brief explanation of the problem you're having, the essential things to include in your request are:
the version of the book you are using (being 6.1),
the package or section giving you problems,
the exact error message or symptom you are receiving,
whether you have deviated from the book or LFS at all.
(Note that saying that you've deviated from the book doesn't mean that we won't help you. It'll just help us to see other possible causes of your problem.)
Expect guidance instead of specific instructions. If you are instructed to read something, please do so. It generally implies that the answer was way too obvious and that the question would not have been asked if a little research was done prior to asking. The volunteers in the mailing list prefer not to be used as an alternative to doing reasonable research on your end. In addition, the quality of your experience with BLFS is also greatly enhanced by this research, and the quality of volunteers is enhanced because they don't feel that their time has been abused, so they are far more likely to participate.
An excellent article on asking for help on the Internet in general has been written by Eric S. Raymond. It is available online at http://www.catb.org/~esr/faqs/smart-questions.html. Read and follow the hints in that document and you are much more likely to get a response to start with and also to get the help you actually need.
Please direct your emails to one of the BLFS mailing lists. See Mailing lists for more information on the available mailing lists.
The current BLFS maintainer is Bruce Dubbs. If you need to reach Bruce, send an email to bdubbs@linuxfromscratch.org.
Package Management is an often requested addition to the LFS Book. A Package Manager allows tracking the installation of files making it easy to remove and upgrade packages. And before you begin to wonder, NO—this section does not talk about any particular package manager, nor does it recommend one. What it provides is a roundup of the more popular techniques and how they work. The perfect package manager for you may be among these techniques or may be a combination of two or more of these techniques. This section briefly mentions issues that may arise when upgrading packages.
Some reasons why no package manager is mentioned in LFS or BLFS:
Dealing with package management takes the focus away from the goals of these books—teaching how a Linux system is built.
There are multiple solutions for package management, each having its strengths and drawbacks. Including one that satisfies all audiences is difficult.
There are some hints written on the topic of package management. Visit the Hints subproject to find if one of them fits your need.
A Package Manager makes it easy to upgrade to newer versions when they are released. Generally the instructions in the LFS and BLFS Book can be used to upgrade to the newer versions. Here are some points that you should be aware of when upgrading packages, especially on a running system.
If one of the toolchain packages (Glibc, GCC or Binutils) needs to be upgraded to a newer minor version, it is safer to rebuild LFS. Though you may be able to get by rebuilding all the packages in their dependency order, we do not recommend it. For example, if glibc-2.2.x needs to be updated to glibc-2.3.x, it is safer to rebuild. For micro version updates, a simple reinstallation usually works, but is not guaranteed. For example, upgrading from glibc-2.3.4 to glibc-2.3.5 will not usually cause any problems.
If a package containing a shared library is updated, and if the name of the library changes, then all the packages dynamically linked to the library need to be recompiled to link against the newer library. (Note that there is no correlation between the package version and the name of the library.) For example, consider a package foo-1.2.3 that installs a shared library with name libfoo.so.1. Say you upgrade the package to a newer version foo-1.2.4 that installs a shared library with name libfoo.so.2. In this case, all packages that are dynamically linked to libfoo.so.1 need to be recompiled to link against libfoo.so.2. Note that you should not remove the previous libraries until the dependent packages are recompiled.
If you are upgrading a running system, be on the lookout for packages that use cp instead of install to install files. The latter command is usually safer if the executable or library is already loaded in memory.
The following are some common package management techniques. Before making a decision on a package manager, do some research on the various techniques, particularly the drawbacks of the particular scheme.
Yes, this is a package management technique. Some folks do not find the need for a package manager because they know the packages intimately and know what files are installed by each package. Some users also do not need any package management because they plan on rebuilding the entire system when a package is changed.
This is a simplistic package management that does not need any extra package to manage the installations. Each package is installed in a separate directory. For example, package foo-1.1 is installed in /usr/pkg/foo-1.1 and a symlink is made from /usr/pkg/foo to /usr/pkg/foo-1.1. When installing a new version foo-1.2, it is installed in /usr/pkg/foo-1.2 and the previous symlink is replaced by a symlink to the new version.
The environment variables such as those mentioned in the section called “Going Beyond BLFS” need to be expanded to include /usr/pkg/foo. For more than a few packages, this scheme becomes unmanageable.
This is a variation of the previous package management technique. Each package is installed similar to the previous scheme. But instead of making the symlink, each file is symlinked into the /usr hierarchy. This removes the need to expand the environment variables. Though the symlinks can be created by the user to automate the creation, many package managers have been written using this approach. A few of the popular ones are Stow, Epkg, Graft, and Depot.
The installation needs to be faked, so that the package thinks that it is installed in /usr though in reality it is installed in the /usr/pkg hierarchy. Installing in this manner is not usually a trivial task. For example, consider that you are installing a package libfoo-1.1. The following instructions may not install the package properly:
./configure --prefix=/usr/pkg/libfoo/1.1 make make install
The installation will work, but the dependent packages may not link to libfoo as you would expect. If you compile a package that links against libfoo, you may notice that it is linked to /usr/pkg/libfoo/1.1/lib/libfoo.so.1 instead of /usr/lib/libfoo.so.1 as you would expect. The correct approach is to use DESTDIR strategy to fake installation of the package. This approach works as follows:
./configure --prefix=/usr make make DESTDIR=/usr/pkg/libfoo/1.1 install
Most of the packages do support this approach, but there are some which do not. For the non-compliant packages, you may either need to manually install the package, or you may find that it is easier to install some problematic packages into /opt.
In this technique, a file is timestamped before the installation of the package. After the installation, a simple use of the find command with the appropriate options can generate a log of all the files installed after the timestamp file was created. A package manager written with this approach is install-log.
Though this scheme has the advantage of being simple, it has two drawbacks. If during installation, the files are installed with any timestamp other than the current time, those files will not be tracked by the package manager. Also, this scheme can only be used when one package is installed at a time. The logs are not reliable if two packages are being installed on two different consoles.
In this approach, a library is preloaded before installation. During installation, this library tracks the packages that are being installed by attaching itself to various executables such as cp, install, mv and tracking the system calls that modify the filesystem. For this approach to work, all the executables need to be dynamically linked without the suid or sgid bit. Preloading the library may cause some unwanted side-effects during installation. Therefore, do perform some tests to ensure that the package manager does not break anything and logs all the appropriate files.
In this scheme, the package installation is faked into a separate tree as described in the Symlink style package management. After the installation, a package archive is created using the installed files. This archive is then used to install the package either on the local machine or can even be used to install the package on other machines.
This approach is used by most of the package managers found in the commercial distributions. Examples of package managers that follow this approach are RPM, pkg-utils, Debian's apt, and Gentoo's Portage system.
This scheme, unique to LFS, was devised by Matthias Benkmann, and is available from the Hints Project. In this scheme, each package is installed as a separate user into the standard locations. Files belonging to a package are easily identified by checking the user ID. The features and shortcomings of this approach are too complex to describe in this section. For the details please see the hint at http://www.linuxfromscratch.org/hints/downloads/files/more_control_and_pkg_man.txt.
Those people who have built an LFS system will be aware of the general principles of downloading and unpacking software. We will however repeat some of that information here for those new to building their own software.
Each set of installation instructions contains a URL from which you can download the package. We do however keep a selection of patches available via HTTP. These are referenced as needed in the installation instructions.
While you can keep the source files anywhere you like, we assume that you have unpacked them and unzipped any required patches into /usr/src.
We can not emphasize strongly enough that you should start from a clean source tree each time. This means that if you have had an error, it's usually best to delete the source tree and re-unpack it before trying again. This obviously doesn't apply if you're an advanced user used to hacking Makefiles and C code, but if in doubt, start from a clean tree.
The golden rule of Unix System Administration is to use your superpowers only when necessary. Hence, BLFS recommends that you build software as an unprivileged user and only become the root user when installing the software. This philosophy is followed in all the packages in this book. Unless otherwise specified, all instructions should be executed as an unprivileged user. The book will advise you on instructions that need root privileges.
If a file is in .tar format and compressed, it is unpacked by running one of the following commands:
tar -xvf filename.tar.gz tar -xvf filename.tgz tar -xvf filename.tar.Z tar -xvf filename.tar.bz2
You may omit using the v parameter in the commands shown above and below if you wish to suppress the verbose listing of all the files in the archive as they are extracted. This can help speed up the extraction as well as make any errors produced during the extraction more obvious to you.
You can also use a slightly different method:
bzcat filename.tar.bz2 | tar -xv
Finally, you sometimes need to be able to unpack patches which are generally not in .tar format. The best way to do this is to copy the patch file to /usr/src and then run one of the following commands depending on whether the file is a .gz or .bz2 file:
gunzip -v patchname.gz bunzip2 -v patchname.bz2
Generally, to verify that the downloaded file is genuine and complete, many package maintainers also distribute md5sums of the files. To verify the md5sum of the downloaded files, download both the file and the corresponding md5sum file to the same directory (preferably from different on-line locations), and (assuming file.md5sum is the md5sum file downloaded) run the following command:
md5sum -c file.md5sum
If there are any errors, they will be reported. Note that the BLFS book includes md5sums for all the source files also. To use the BLFS supplied md5sums, you can create a file.md5sum (place the md5sum data and the exact name of the downloaded file on the same line of a file, separated by white space) and run the command shown above. Alternately, simply run the command shown below and compare the output to the md5sum data shown in the BLFS book.
md5sum [name_of_downloaded_file]
For larger packages, it is convenient to create log files instead of staring at the screen hoping to catch a particular error or warning. Log files are also useful for debugging and keeping records. The following command allows you to create an installation log. Replace [command] with the command you intend to execute.
( [command] 2>&1 | tee compile.log && exit $PIPESTATUS )
2>&1 redirects error messages to the same location as standard output. The tee command allows viewing of the output while logging the results to a file. The parentheses around the command run the entire command in a subshell and finally the exit $PIPESTATUS command ensures the result of the [command] is returned as the result and not the result of the tee command.
Should I install XXX in /usr or /usr/local?
This is a question without an obvious answer for an LFS based system.
In traditional Unix systems, /usr usually contains files that come with the system distribution, and the /usr/local tree is free for the local administrator to manage. The only really hard and fast rule is that Unix distributions should not touch /usr/local, except perhaps to create the basic directories within it.
With Linux distributions, like Red Hat, Debian etc. a possible rule is that /usr is managed by the distribution's package system and /usr/local is not. This way the package manager's database knows about every file within /usr.
LFS users build their own system and so deciding where the system ends and local files begin is not straightforward. So the choice should be made in order to make things easier to administer. There are several reasons for dividing files between /usr and /usr/local.
On a network of several machines all running LFS, or mixed LFS and other Linux distributions, /usr/local could be used to hold packages that are common between all the computers in the network. It can be NFS mounted or mirrored from a single server. Here local indicates local to the site.
On a network of several computers all running an identical LFS system /usr/local could hold packages that are different between the machines. In this case local refers to the individual computers.
Even on a single computer /usr/local can be useful if you have several distributions installed simultaneously, and want a place to put packages that will be the same on all of them.
Or you might regularly rebuild your LFS, but want a place to put files that you don't want to rebuild each time. This way you can wipe the LFS file system and start from a clean partition every time without losing everything.
Some people ask why not use your own directory tree, e.g., /usr/site, rather than /usr/local?
There is nothing stopping you, many sites do make their own trees, however it makes installing new software more difficult. Automatic installers often look for dependencies in /usr and /usr/local, and if the file it is looking for is in /usr/site instead, the installer will probably fail unless you specifically tell it where to look.
What is the BLFS position on this?
All of the BLFS instructions install programs in /usr with optional instructions to install into /opt for some specific packages.
As you follow the various sections in the book, you will observe that the book occasionally includes patches that are required for a successful and secure installation of the packages. The general policy of the book is to include patches that fall in one of the following criteria:
Fixes a compilation problem.
Fixes a security problem.
Fixes a broken functionality.
In short, the book only includes patches that are either required or recommended. There is a Patches subproject which hosts various patches (including the patches referenced in the books) to enable you to configure your LFS the way you like it.
The BLFS Bootscripts package contains the init scripts that are used throughout the book. It is assumed that you will be using the BLFS Bootscripts package in conjunction with a compatible LFS-Bootscripts package. Refer to ../../../../lfs/view/stable/chapter07/bootscripts.html for more information on the LFS-Bootscripts package.
Package Information
The BLFS Bootscripts package will be used throughout the BLFS book for startup scripts. Unlike LFS, each init script has a separate install target in the BLFS Bootscripts package. It is recommended you keep the package source directory around until completion of your BLFS system. When a script is requested from BLFS Bootscripts, simply change to the directory and as the root user, execute the given make install-[init-script] command. This command installs the init script to its proper location (along with any auxiliary configuration scripts) and also creates the appropriate symlinks to start and stop the service at the appropriate run-level.
It is advisable to peruse each bootscript before installation to ascertain that it satisfies your need. Also verify that the start and stop symlinks it creates match your preferences.
The packages that are installed in this book are only the tip of the iceberg. We hope that the experience you gained with the LFS book and the BLFS book will give you the background needed to compile, install and configure packages that are not included in this book.
When you want to install a package to a location other than /, or /usr, you are installing outside the default environment settings on most machines. The following examples should assist you in determining how to correct this situation. The examples cover the complete range of settings that may need updating, but they are not all needed in every situation.
Expand the PATH to include $PREFIX/bin.
Expand the PATH for root to include $PREFIX/sbin.
Add $PREFIX/lib to /etc/ld.so.conf or expand LD_LIBRARY_PATH to include it. Before using the latter option, check out http://www.visi.com/~barr/ldpath.html. If you modify /etc/ld.so.conf, remember to update /etc/ld.so.cache by executing ldconfig as the root user.
Add $PREFIX/man to /etc/man.conf or expand MANPATH.
Add $PREFIX/info to INFOPATH.
Add $PREFIX/lib/pkgconfig to PKG_CONFIG_PATH.
Add $PREFIX/include to CPPFLAGS when compiling packages that depend on the package you installed.
If you are in search of a package that is not in the book, the following are different ways you can search for the concerned package.
If you know the name of the package, then search FreshMeat for it at http://freshmeat.net/. Also search Google at http://google.com/. Sometimes a search for the rpm at http://rpmfind.net/ or the deb at http://www.debian.org/distrib/packages#search_packages can also lead to a link to the package.
If you know the name of the executable, but not the package that the executable belongs to, first try a google search with the name of the executable. If the results are overwhelming, try searching for the given executable in the Debian repository at http://www.debian.org/distrib/packages#search_contents.
Some general hints on handling new packages:
Many of the newer packages follow the ./configure && make && make install process. Help on the options accepted by configure can be obtained via the command ./configure --help.
Most of the packages contain documentation on compiling and installing the package. Some of the documents are excellent, some not so excellent. Check out the homepage of the package for any additional and updated hints for compiling and configuring the package.
If you are having a problem compiling the package, try searching the lfs archives at http://search.linuxfromscratch.org/ for the error or if that fails try searching Google. If everything else fails, try the blfs-support mailing-list/news-group.
If you have found a package that is only available in .deb or .rpm format, there are two small scripts, rpm2targz and deb2targz that are available at http://downloads.linuxfromscratch.org/deb2targz.tar.bz2 and http://downloads.linuxfromscratch.org/rpm2targz.tar.bz2 to convert the archives into a simple tar.gz format.
The intention of LFS is to provide a basic system which you can build upon. There are several things about tidying up the system which many people wonder about once they have done the base install. We hope to cover these issues in this chapter.
Most people coming from non-Unix like backgrounds to Linux find the concept of text-only configuration files slightly strange. In Linux, just about all configuration is done via the manipulation of text files. The majority of these files can be found in the /etc hierarchy. There are often graphical configuration programs available for different subsystems but most are simply pretty front ends to the process of editing a text file. The advantage of text-only configuration is that you can edit parameters using your favorite text editor, whether that be vim, emacs, or any other editor.
The first task is making a recovery boot device in Creating a Custom Boot Device because it's the most critical need. Then the system is configured to ease addition of new users, because this can affect the choices you make in the two subsequent topics—The Bash Shell Startup Files and The vimrc Files.
The remaining topics, Customizing your Logon with /etc/issue, The /etc/shells File, Random number generation, Compressing man and info pages, autofs-4.1.4, and Configuring for Network Filesystems are then addressed, in that order. They don't have much interaction with the other topics in this chapter.
This section is really about creating a rescue device. As the name rescue implies, the host system has a problem, often lost partition information or corrupted file systems, that prevent it from booting and/or operating normally. For this reason, you must not depend on resources from the host being "rescued". To presume that any given partition or hard drive will be available is a risky presumption.
In a modern system, there are many devices that can be used as a rescue device: floppy, cdrom, usb drive, or even a network card. Which one you use depends on your hardware and your BIOS. In the past, we usually thought of rescue device as a floppy disk. Today, many systems do not even have a floppy drive.
Building a complete rescue device is a challenging task. In many ways, it is equivalent to building an entire LFS system. In addition, it would be a repetition of information already available. For these reasons, the procedures for a rescue device image are not presented here.
The software of today's systems has grown large. Linux 2.6 no longer supports booting directly from a floppy. In spite of this, there are solutions available using older versions of Linux. One of the best is Tom's Root/Boot Disk available at http://www.toms.net/rb/. This will provide a minimal Linux system on a single floppy disk and provides the ability to customize the contents of your disk if necessary.
There are several sources that can be used for a rescue CD-ROM. Just about any commercial distribution's installation CD-ROMs or DVDs will work. These include RedHat, Mandrake, and SuSE. One very popular option is Knoppix.
In addition, the LFS Community has developed its own Boot CD-ROM available at ftp://anduin.linuxfromscratch.org/isos/. A copy of this CD-ROM is available with the printed version of the Linux From Scratch book. If you download the ISO image, use cdrecord to copy the image to a CD-ROM.
In the future, the build instructions for this CD-ROM will be presented, but they are not available at the time of this writing.
A USB Pen drive, sometimes called a Thumb drive, is recognized by Linux as a SCSI device. Using one of these devices as a rescue device has the advantage that it is usually large enough to hold more than a minimal boot image. You can save critical data to the drive as well as use it to diagnose and recover a damaged system. Booting such a drive requires BIOS support, but building the system consists of formatting the drive, adding GRUB as well as the Linux kernel and supporting files.
Together, the /usr/sbin/useradd command and /etc/skel directory (both are easy to set up and use) provide a way to assure new users are added to your LFS system with the same beginning settings for things such as the PATH, keyboard processing and other environmental variables. Using these two facilities makes it easier to assure this initial state for each new user added to the system.
The /etc/skel directory holds copies of various initialization and other files that may be copied to the new user's home directory when the /usr/sbin/useradd program adds the new user.
The useradd program uses a collection of default values kept in /etc/default/useradd, if it exists. If this file does not exist, then it uses some internal defaults. You can see the default values by running /usr/sbin/useradd -D.
To change these values to something new, create a base /etc/default/useradd file as the root user with the same values as the output of /usr/sbin/useradd -D. Here is a sample:
# Begin /etc/default/useradd GROUP=100 HOME=/home INACTIVE=-1 EXPIRE= SHELL= SKEL=/etc/skel # End /etc/default/useradd
The only thing missing from the file is a default shell. Add that by running the following command as the root user:
/usr/sbin/useradd -D -s/bin/bash
This will set the SHELL= line to SHELL=/bin/bash.
useradd has many parameters that can be set in the /etc/default/useradd file. For more information see man useradd.
To get started, create an /etc/skel directory and make sure it is writable only by the system administrator, usually root. Creating the directory as root is the best way to go.
The mode of any files from this part of the book that you put in /etc/skel should be writable only by the owner. Also, since there is no telling what kind of sensitive information a user may eventually place in their copy of these files, you should make them unreadable by "group" and "other".
You can also put other files in /etc/skel and different permissions may be needed for them.
Decide which initialization files should be provided in every (or most) new user's home directory. The decisions you make will affect what you do in the next two sections, The Bash Shell Startup Files and The vimrc Files. Some or all of those files will be useful for root, any already-existing users, and new users.
The files from those sections that you might want to place in /etc/skel include .inputrc, .bash_profile, .bashrc, .bash_logout, .dircolors, and .vimrc. If you are unsure which of these should be placed there, just continue to the following sections, read each section and any references provided, and then make your decision.
You will run a slightly modified set of commands for files which are placed in /etc/skel. Each section will remind you of this. In brief, the book's commands have been written for files not added to /etc/skel and instead just sends the results to the user's home directory. If the file is going to be in /etc/skel, change the book's command(s) to send output there instead and then just copy the file from /etc/skel to the appropriate directories, like /etc, ~ or the home directory of any other user already in the system.
When adding a new user with useradd, use the -m parameter, which tells useradd to create the user's home directory and copy files from /etc/skel (can be overridden) to the new user's home directory. For example (perform as the root user):
useradd -m [newuser]
Throughout BLFS, many packages install programs that run as daemons or in some way should have a user or group name assigned. Generally these names are used to map a user ID (uid) or group ID (gid) for system use. Generally the specific uid or gid numbers used by these applications are not significant. The exception of course, is that root has a uid and gid of 0 (zero) that is indeed special. The uid values are stored in /etc/passwd and the gid values are found in /etc/group.
Customarily, Unix systems classify users and groups into two categories: system users and regular users. The system users and groups are given low numbers and regular users and groups have numeric values greater than all the system values. The cutoff for these numbers is found in two parameters in the /etc/login.defs configuration file. The default UID_MIN value is 1000 and the default GID_MIN value is 100. If a specific uid or gid value is not specified when creating a user with useradd or a group with groupadd the values assigned will always be above these cutoff values.
Additionally, the Linux Standards Base recommends that system uid and gid values should be below 100.
Below is a table of suggested uid/gid values used in BLFS. These can be changed as desired, but provide a suggested set of consistent values.
Table 3.1. UID/GID Suggested Values
| Name | uid | gid |
|---|---|---|
| bin | 1 | 1 |
| lp | 9 | |
| usb | 14 | |
| named | 20 | 20 |
| gdm | 21 | 21 |
| fcron | 22 | 22 |
| apache | 25 | 25 |
| smmsp | 26 | 26 |
| exim | 31 | 31 |
| postfix | 32 | 32 |
| postdrop | 33 | |
| sendmail | 34 | |
| 34 | ||
| vmailman | 35 | 35 |
| news | 36 | 36 |
| mysql | 40 | 40 |
| postgres | 41 | |
| ftp | 45 | 45 |
| proftpd | 46 | 46 |
| vsftpd | 47 | 47 |
| rsyncd | 48 | 48 |
| sshd | 50 | 50 |
| stunnel | 51 | 51 |
| svn | 56 | 56 |
| svntest | 57 | |
| games | 60 | 60 |
| anonymous | 98 | |
| nobody | 99 | |
| nogroup | 99 |
One value that is missing is 65534. This value is customarily assigned to the user nobody and group nogroup and is unnecessary. The issue is explained in more detail in the first note in the NFS Utilities Installation section.
The shell program /bin/bash (hereafter referred to as just "the shell") uses a collection of startup files to help create an environment. Each file has a specific use and may affect login and interactive environments differently. The files in the /etc directory generally provide global settings. If an equivalent file exists in your home directory it may override the global settings.
An interactive login shell is started after a successful login, using /bin/login, by reading the /etc/passwd file. This shell invocation normally reads /etc/profile and its private equivalent ~/.bash_profile upon startup.
An interactive non-login shell is normally started at the command-line using a shell program (e.g., [prompt]$/bin/bash) or by the /bin/su command. An interactive non-login shell is also started with a terminal program such as xterm or konsole from within a graphical environment. This type of shell invocation normally copies the parent environment and then reads the user's ~/.bashrc file for additional startup configuration instructions.
A non-interactive shell is usually present when a shell script is running. It is non-interactive because it is processing a script and not waiting for user input between commands. For these shell invocations, only the environment inherited from the parent shell is used.
The file ~/.bash_logout is not used for an invocation of the shell. It is read and executed when a user exits from an interactive login shell.
Many distributions use /etc/bashrc for system wide initialization of non-login shells. This file is usually called from the user's ~/.bashrc file and is not built directly into bash itself. This convention is followed in this section.
For more information see info bash -- Nodes: Bash Startup Files and Interactive Shells.
Most of the instructions below are used to create files located in the /etc directory structure which requires you to execute the commands as the root user. If you elect to create the files in user's home directories instead, you should run the commands as an unprivileged user.
Here is a base /etc/profile. This file starts by setting up some helper functions and some basic parameters. It specifies some bash history parameters and, for security purposes, disables keeping a permanent history file for the root user. It also sets a default user prompt. It then calls small, single purpose scripts in the /etc/profile.d directory to provide most of the initialization.
For more information on the escape sequences you can use for your prompt (i.e., the PS1 environment variable) see info bash -- Node: Printing a Prompt.
cat > /etc/profile << "EOF"
# Begin /etc/profile
# Written for Beyond Linux From Scratch
# by James Robertson <jameswrobertson@earthlink.net>
# modifications by Dagmar d'Surreal <rivyqntzne@pbzpnfg.arg>
# System wide environment variables and startup programs.
# System wide aliases and functions should go in /etc/bashrc. Personal
# environment variables and startup programs should go into
# ~/.bash_profile. Personal aliases and functions should go into
# ~/.bashrc.
# Functions to help us manage paths. Second argument is the name of the
# path variable to be modified (default: PATH)
pathremove () {
local IFS=':'
local NEWPATH
local DIR
local PATHVARIABLE=${2:-PATH}
for DIR in ${!PATHVARIABLE} ; do
if [ "$DIR" != "$1" ] ; then
NEWPATH=${NEWPATH:+$NEWPATH:}$DIR
fi
done
export $PATHVARIABLE="$NEWPATH"
}
pathprepend () {
pathremove $1 $2
local PATHVARIABLE=${2:-PATH}
export $PATHVARIABLE="$1${!PATHVARIABLE:+:${!PATHVARIABLE}}"
}
pathappend () {
pathremove $1 $2
local PATHVARIABLE=${2:-PATH}
export $PATHVARIABLE="${!PATHVARIABLE:+${!PATHVARIABLE}:}$1"
}
# Set the initial path
export PATH=/bin:/usr/bin
if [ $EUID -eq 0 ] ; then
pathappend /sbin:/usr/sbin
unset HISTFILE
fi
# Setup some environment variables.
export HISTSIZE=1000
export HISTIGNORE="&:[bf]g:exit"
#export PS1="[\u@\h \w]\\$ "
export PS1='\u@\h:\w\$ '
for script in /etc/profile.d/*.sh ; do
if [ -r $script ] ; then
. $script
fi
done
# Now to clean up
unset pathremove pathprepend pathappend
# End /etc/profile
EOF
Now create the /etc/profile.d directory, where the individual initialization scripts are placed:
install --directory --mode=0755 --owner=root --group=root /etc/profile.d
This script uses the ~/.dircolors and /etc/dircolors files to control the colors of file names in a directory listing. They control colorized output of things like ls --color. The explanation of how to initialize these files is at the end of this section.
cat > /etc/profile.d/dircolors.sh << "EOF"
# Setup for /bin/ls to support color, the alias is in /etc/bashrc.
if [ -f "/etc/dircolors" ] ; then
eval $(dircolors -b /etc/dircolors)
if [ -f "$HOME/.dircolors" ] ; then
eval $(dircolors -b $HOME/.dircolors)
fi
fi
alias ls='ls --color=auto'
EOF
This script adds several useful paths to the PATH and PKG_CONFIG_PATH environment variables. If you want, you can uncomment the last section to put a dot at the end of your path. This will allow executables in the current working directory to be executed without specifiying a ./, however you are warned that this is generally considered a security hazard.
cat > /etc/profile.d/extrapaths.sh << "EOF"
if [ -d /usr/local/lib/pkgconfig ] ; then
pathappend /usr/local/lib/pkgconfig PKG_CONFIG_PATH
fi
if [ -d /usr/local/bin ]; then
pathprepend /usr/local/bin
fi
if [ -d /usr/local/sbin -a $EUID -eq 0 ]; then
pathprepend /usr/local/sbin
fi
for directory in $(find /opt/*/lib/pkgconfig -type d 2>/dev/null); do
pathappend $directory PKG_CONFIG_PATH
done
for directory in $(find /opt/*/bin -type d 2>/dev/null); do
pathappend $directory
done
if [ -d ~/bin ]; then
pathprepend ~/bin
fi
#if [ $EUID -gt 99 ]; then
# pathappend .
#fi
EOF
This script sets up the default inputrc configuration file. If the user does not have individual settings, it uses the global file.
cat > /etc/profile.d/readline.sh << "EOF"
# Setup the INPUTRC environment variable.
if [ -z "$INPUTRC" -a ! -f "$HOME/.inputrc" ] ; then
INPUTRC=/etc/inputrc
fi
export INPUTRC
EOF
Some applications need a specific TERM setting to support color.
cat > /etc/profile.d/tinker-term.sh << "EOF" # This will tinker with the value of TERM in order to convince certain # apps that we can, indeed, display color in their window. if [ -n "$COLORTERM" ]; then export TERM=xterm-color fi if [ "$TERM" = "xterm" ]; then export TERM=xterm-color fi EOF
Setting the umask value is important for security. Here the default group write permissions are turned off for system users and when the user name and group name are not the same.
cat > /etc/profile.d/umask.sh << "EOF" # By default we want the umask to get set. if [ "$(id -gn)" = "$(id -un)" -a $EUID -gt 99 ] ; then umask 002 else umask 022 fi EOF
If X is installed, the PATH and PKG_CONFIG_PATH variables are also updated.
cat > /etc/profile.d/X.sh << "EOF"
if [ -x /usr/X11R6/bin/X ]; then
pathappend /usr/X11R6/bin
fi
if [ -d /usr/X11R6/lib/pkgconfig ] ; then
pathappend /usr/X11R6/lib/pkgconfig PKG_CONFIG_PATH
fi
EOF
This script shows an example of a different way of setting the prompt. The normal variable, PS1, is supplemented by PROMPT_COMMAND. If set, the value of PROMPT_COMMAND is executed as a command prior to issuing each primary prompt. The sequence \e is an ESC character. \a is a BEL character. For a reference on xterm escape sequences, see http://rtfm.etla.org/xterm/ctlseq.html.
cat > /etc/profile.d/extra-prompt.sh << "EOF"
PROMPT_COMMAND="echo -ne '\e[1m${USER}@${HOSTNAME} : ${PWD}\e[0m\a'"
export PROMPT_COMMAND
EOF
The escape sequences above are BOLD, NORMAL, and BEL.
This script shows how to set some environment variables necessary for native language support. Setting these variables properly gives you:
the output of programs translated into your native language
correct classification of characters into letters, digits and other classes – this is necessary for Bash to accept keystrokes properly in non-English locales
the alphabetical sorting order correct for your country
proper default paper size
correct formatting of monetary, time and date values
Replace [ll] with the two-letter code for your language (e.g., “en”) and [CC] with the two-letter code for your country (e.g., “GB”). Also you may need to specify (and this is actually the preferred form) your character encoding (e.g., “iso8859-1”) after a dot (so that the result is “en_GB.iso8859-1”). Issue the following command for more information:
man 3 setlocale
The list of all locales supported by Glibc can be obtained by running the following command:
locale -a
After you are sure about your locale settings, create the /etc/profile.d/i18n.sh file:
cat > /etc/profile.d/i18n.sh << "EOF" # Set up i18n variables export LC_ALL=[ll]_[CC] export LANG=[ll]_[CC] export G_FILENAME_ENCODING=@locale EOF
The LC_ALL variable sets the same value for all locale categories. For better control, you may prefer to set values individually for all categories listed in the output of the locale command.
The G_FILENAME_ENCODING variable tells applications such as Glib and GTK+ that filenames are in the default locale encoding and not in UTF-8 as assumed by default.
Here is a base /etc/bashrc. Comments in the file should explain everything you need.
cat > /etc/bashrc << "EOF" # Begin /etc/bashrc # Written for Beyond Linux From Scratch # by James Robertson <jameswrobertson@earthlink.net> # updated by Bruce Dubbs <bdubbs@linuxfromscratch.org> # Make sure that the terminal is set up properly for each shell if [ -f /etc/profile.d/tinker-term.sh ]; then source /etc/profile.d/tinker-term.sh fi # System wide aliases and functions. # System wide environment variables and startup programs should go into # /etc/profile. Personal environment variables and startup programs # should go into ~/.bash_profile. Personal aliases and functions should # go into ~/.bashrc # Provides a colored /bin/ls command. Used in conjunction with code in # /etc/profile. alias ls='ls --color=auto' # Provides prompt for non-login shells, specifically shells started # in the X environment. [Review the LFS archive thread titled # PS1 Environment Variable for a great case study behind this script # addendum.] #export PS1="[\u@\h \w]\\$ " export PS1='\u@\h:\w\$ ' # End /etc/bashrc EOF
Here is a base ~/.bash_profile. If you want each new user to have this file automatically, just change the output of the command to /etc/skel/.bash_profile and check the permissions after the command is run. You can then copy /etc/skel/.bash_profile to the home directories of already existing users, including root, and set the owner and group appropriately.
cat > ~/.bash_profile << "EOF"
# Begin ~/.bash_profile
# Written for Beyond Linux From Scratch
# by James Robertson <jameswrobertson@earthlink.net>
# updated by Bruce Dubbs <bdubbs@linuxfromscratch.org>
# Personal environment variables and startup programs.
# Personal aliases and functions should go in ~/.bashrc. System wide
# environment variables and startup programs are in /etc/profile.
# System wide aliases and functions are in /etc/bashrc.
append () {
# First remove the directory
local IFS=':'
local NEWPATH
for DIR in $PATH; do
if [ "$DIR" != "$1" ]; then
NEWPATH=${NEWPATH:+$NEWPATH:}$DIR
fi
done
# Then append the directory
export PATH=$NEWPATH:$1
}
if [ -f "$HOME/.bashrc" ] ; then
source $HOME/.bashrc
fi
if [ -d "$HOME/bin" ] ; then
append $HOME/bin
fi
unset append
# End ~/.bash_profile
EOF
Here is a base ~/.bashrc. The comments and instructions for using /etc/skel for .bash_profile above also apply here. Only the target file names are different.
cat > ~/.bashrc << "EOF"
# Begin ~/.bashrc
# Written for Beyond Linux From Scratch
# by James Robertson <jameswrobertson@earthlink.net>
# Personal aliases and functions.
# Personal environment variables and startup programs should go in
# ~/.bash_profile. System wide environment variables and startup
# programs are in /etc/profile. System wide aliases and functions are
# in /etc/bashrc.
if [ -f "/etc/bashrc" ] ; then
source /etc/bashrc
fi
# End ~/.bashrc
EOF
This is an empty ~/.bash_logout that can be used as a template. You will notice that the base ~/.bash_logout does not include a clear command. This is because the clear is handled in the /etc/issue file.
cat > ~/.bash_logout << "EOF" # Begin ~/.bash_logout # Written for Beyond Linux From Scratch # by James Robertson <jameswrobertson@earthlink.net> # Personal items to perform on logout. # End ~/.bash_logout EOF
If you want to use the dircolors capability, then run the following command. The /etc/skel setup steps shown above also can be used here to provide a ~/.dircolors file when a new user is set up. As before, just change the output file name on the following command and assure the permissions, owner, and group are correct on the files created and/or copied.
dircolors -p > /etc/dircolors
If you wish to customize the colors used for different file types, you can edit the /etc/dircolors file. The instructions for setting the colors are embedded in the file.
Finally, Ian Macdonald has written an excellent collection of tips and tricks to enhance your shell environment. You can read it online at http://www.caliban.org/bash/index.shtml.
The LFS book installs Vim as its text editor. At this point it should be noted that there are a lot of different editing applications out there including Emacs, nano, Joe and many more. Anyone who has been around the Internet (especially usenet) for a short time will certainly have observed at least one flame war, usually involving Vim and Emacs users!
The LFS book creates a basic vimrc file. In this section you'll find an attempt to enhance this file. At startup, vim reads /etc/vimrc and ~/.vimrc (i.e., the global vimrc and the user-specific one). Note that this is only true if you compiled vim using LFS-3.1 onwards. Prior to this, the global vimrc was /usr/share/vim/vimrc.
Here is a slightly expanded .vimrc that you can put in ~/.vimrc to provide user specific effects. Of course, if you put it into /etc/skel/.vimrc instead, it will be made available to users you add to the system later. You can also copy the file from /etc/skel/.vimrc to the home directory of users already on the system, such as root. Be sure to set permissions, owner, and group if you do copy anything directly from /etc/skel.
" Begin .vimrc set columns=80 set wrapmargin=8 set ruler " End .vimrc
A FAQ on the LFS mailing lists regards the comment tags in vimrc. Note that they are " instead of the more usual # or //. This is correct, the syntax for vimrc is slightly unusual.
Below you'll find a quick explanation of what each of the options in this example file means here:
set columns=80: This simply sets the number of columns used on the screen.
set wrapmargin=8: This is the number of characters from the right window border where wrapping starts.
set ruler: This makes vim show the current row and column at the bottom right of the screen.
More information on the many vim options can be found by reading the help inside vim itself. Do this by typing :help in vim to get the general help, or by typing :help usr_toc.txt to view the User Manual Table of Contents.
When you first boot up your new LFS system, the logon screen will be nice and plain (as it should be in a bare-bones system). Many people however, will want their system to display some information in the logon message. This can be accomplished using the file /etc/issue.
The /etc/issue file is a plain text file which will also accept certain escape sequences (see below) in order to insert information about the system. There is also the file issue.net which can be used when logging on remotely. ssh however, will only use it if you set the option in the configuration file and will not interpret the escape sequences shown below.
One of the most common things which people want to do is clear the screen at each logon. The easiest way of doing that is to put a "clear" escape sequence into /etc/issue. A simple way of doing this is to issue the command clear > /etc/issue. This will insert the relevant escape code into the start of the /etc/issue file. Note that if you do this, when you edit the file, you should leave the characters (normally '^[[H^[[2J') on the first line alone.
Terminal escape sequences are special codes recognized by the terminal. The ^[ represents an ASCII ESC character. The sequence ESC [ H puts the cursor in the upper left hand corner of the screen and ESC 2 J erases the screen. For more information on terminal escape sequences see http://rtfm.etla.org/xterm/ctlseq.html
The following sequences are recognized by agetty (the program which usually parses /etc/issue). This information is from man agetty where you can find extra information about the logon process.
The issue file can contain certain character sequences to display various information. All issue sequences consist of a backslash (\) immediately followed by one of the letters explained below (so \d in /etc/issue would insert the current date).
b Insert the baudrate of the current line.
d Insert the current date.
s Insert the system name, the name of the operating system.
l Insert the name of the current tty line.
m Insert the architecture identifier of the machine, e.g., i686.
n Insert the nodename of the machine, also known as the hostname.
o Insert the domainname of the machine.
r Insert the release number of the kernel, e.g., 2.6.11.12.
t Insert the current time.
u Insert the number of current users logged in.
U Insert the string "1 user" or "<n> users" where <n> is the
number of current users logged in.
v Insert the version of the OS, e.g., the build-date etc.
The shells file contains a list of login shells on the system. Applications use this file to determine whether a shell is valid. For each shell a single line should be present, consisting of the shell's path, relative to the root of the directory structure (/).
For example, this file is consulted by chsh to determine whether an unprivileged user may change the login shell for her own account. If the command name is not listed, the user will be denied of change.
It is a requirement for applications such as GDM which does not populate the face browser if it can't find /etc/shells, or FTP daemons which traditionally disallow access to users with shells not included in this file.
cat > /etc/shells << "EOF" # Begin /etc/shells /bin/sh /bin/bash # End /etc/shells EOF
The Linux kernel supplies a random number generator which is accessed through /dev/random and /dev/urandom. Programs that utilize the random and urandom devices, such as OpenSSH, will benefit from these instructions.
When a Linux system starts up without much operator interaction, the entropy pool (data used to compute a random number) may be in a fairly predictable state. This creates the real possibility that the number generated at startup may always be the same. In order to counteract this effect, you should carry the entropy pool information across your shut-downs and start-ups.
Install the /etc/rc.d/init.d/random init script included with the blfs-bootscripts-6.1 package.
make install-random
Man and info reader programs can transparently process files compressed with gzip or bzip2, a feature you can use to free some disk space while keeping your documentation available. However, things are not that simple; man directories tend to contain links—hard and symbolic—which defeat simple ideas like recursively calling gzip on them. A better way to go is to use the script below.
cat > /usr/sbin/compressdoc << "EOF"
#!/bin/bash
# VERSION: 20050112.0027
#
# Compress (with bzip2 or gzip) all man pages in a hierarchy and
# update symlinks - By Marc Heerdink <marc @ koelkast.net>
#
# Modified to be able to gzip or bzip2 files as an option and to deal
# with all symlinks properly by Mark Hymers <markh @ linuxfromscratch.org>
#
# Modified 20030930 by Yann E. Morin <yann.morin.1998 @ anciens.enib.fr>
# to accept compression/decompression, to correctly handle hard-links,
# to allow for changing hard-links into soft- ones, to specify the
# compression level, to parse the man.conf for all occurrences of MANPATH,
# to allow for a backup, to allow to keep the newest version of a page.
#
# Modified 20040330 by Tushar Teredesai to replace $0 by the name of the
# script.
# (Note: It is assumed that the script is in the user's PATH)
#
# Modified 20050112 by Randy McMurchy to shorten line lengths and
# correct grammar errors.
#
# TODO:
# - choose a default compress method to be based on the available
# tool : gzip or bzip2;
# - offer an option to automagically choose the best compression
# methed on a per page basis (eg. check which of
# gzip/bzip2/whatever is the most effective, page per page);
# - when a MANPATH env var exists, use this instead of /etc/man.conf
# (useful for users to (de)compress their man pages;
# - offer an option to restore a previous backup;
# - add other compression engines (compress, zip, etc?). Needed?
# Funny enough, this function prints some help.
function help ()
{
if [ -n "$1" ]; then
echo "Unknown option : $1"
fi
( echo "Usage: $MY_NAME <comp_method> [options] [dirs]" && \
cat << EOT
Where comp_method is one of :
--gzip, --gz, -g
--bzip2, --bz2, -b
Compress using gzip or bzip2.
--decompress, -d
Decompress the man pages.
--backup Specify a .tar backup shall be done for all directories.
In case a backup already exists, it is saved as .tar.old
prior to making the new backup. If a .tar.old backup
exists, it is removed prior to saving the backup.
In backup mode, no other action is performed.
And where options are :
-1 to -9, --fast, --best
The compression level, as accepted by gzip and bzip2.
When not specified, uses the default compression level
for the given method (-6 for gzip, and -9 for bzip2).
Not used when in backup or decompress modes.
--force, -F Force (re-)compression, even if the previous one was
the same method. Useful when changing the compression
ratio. By default, a page will not be re-compressed if
it ends with the same suffix as the method adds
(.bz2 for bzip2, .gz for gzip).
--soft, -S Change hard-links into soft-links. Use with _caution_
as the first encountered file will be used as a
reference. Not used when in backup mode.
--hard, -H Change soft-links into hard-links. Not used when in
backup mode.
--conf=dir, --conf dir
Specify the location of man.conf. Defaults to /etc.
--verbose, -v Verbose mode, print the name of the directory being
processed. Double the flag to turn it even more verbose,
and to print the name of the file being processed.
--fake, -f Fakes it. Print the actual parameters compman will use.
dirs A list of space-separated _absolute_ pathnames to the
man directories. When empty, and only then, parse
${MAN_CONF}/man.conf for all occurrences of MANPATH.
Note about compression:
There has been a discussion on blfs-support about compression ratios of
both gzip and bzip2 on man pages, taking into account the hosting fs,
the architecture, etc... On the overall, the conclusion was that gzip
was much more efficient on 'small' files, and bzip2 on 'big' files,
small and big being very dependent on the content of the files.
See the original post from Mickael A. Peters, titled
"Bootable Utility CD", dated 20030409.1816(+0200), and subsequent posts:
http://linuxfromscratch.org/pipermail/blfs-support/2003-April/038817.html
On my system (x86, ext3), man pages were 35564KB before compression.
gzip -9 compressed them down to 20372KB (57.28%), bzip2 -9 got down to
19812KB (55.71%). That is a 1.57% gain in space. YMMV.
What was not taken into consideration was the decompression speed. But
does it make sense to? You gain fast access with uncompressed man
pages, or you gain space at the expense of a slight overhead in time.
Well, my P4-2.5GHz does not even let me notice this... :-)
EOT
) | less
}
# This function checks that the man page is unique amongst bzip2'd,
# gzip'd and uncompressed versions.
# $1 the directory in which the file resides
# $2 the file name for the man page
# Returns 0 (true) if the file is the latest and must be taken care of,
# and 1 (false) if the file is not the latest (and has therefore been
# deleted).
function check_unique ()
{
# NB. When there are hard-links to this file, these are
# _not_ deleted. In fact, if there are hard-links, they
# all have the same date/time, thus making them ready
# for deletion later on.
# Build the list of all man pages with the same name
DIR=$1
BASENAME=`basename "${2}" .bz2`
BASENAME=`basename "${BASENAME}" .gz`
GZ_FILE="$BASENAME".gz
BZ_FILE="$BASENAME".bz2
# Look for, and keep, the most recent one
LATEST=`(cd "$DIR"; ls -1rt "${BASENAME}" "${GZ_FILE}" "${BZ_FILE}" \
2>/dev/null | tail -n 1)`
for i in "${BASENAME}" "${GZ_FILE}" "${BZ_FILE}"; do
[ "$LATEST" != "$i" ] && rm -f "$DIR"/"$i"
done
# In case the specified file was the latest, return 0
[ "$LATEST" = "$2" ] && return 0
# If the file was not the latest, return 1
return 1
}
# Name of the script
MY_NAME=`basename $0`
# OK, parse the command-line for arguments, and initialize to some
# sensible state, that is: don't change links state, parse
# /etc/man.conf, be most silent, search man.conf in /etc, and don't
# force (re-)compression.
COMP_METHOD=
COMP_SUF=
COMP_LVL=
FORCE_OPT=
LN_OPT=
MAN_DIR=
VERBOSE_LVL=0
BACKUP=no
FAKE=no
MAN_CONF=/etc
while [ -n "$1" ]; do
case $1 in
--gzip|--gz|-g)
COMP_SUF=.gz
COMP_METHOD=$1
shift
;;
--bzip2|--bz2|-b)
COMP_SUF=.bz2
COMP_METHOD=$1
shift
;;
--decompress|-d)
COMP_SUF=
COMP_LVL=
COMP_METHOD=$1
shift
;;
-[1-9]|--fast|--best)
COMP_LVL=$1
shift
;;
--force|-F)
FORCE_OPT=-F
shift
;;
--soft|-S)
LN_OPT=-S
shift
;;
--hard|-H)
LN_OPT=-H
shift
;;
--conf=*)
MAN_CONF=`echo $1 | cut -d '=' -f2-`
shift
;;
--conf)
MAN_CONF="$2"
shift 2
;;
--verbose|-v)
let VERBOSE_LVL++
shift
;;
--backup)
BACKUP=yes
shift
;;
--fake|-f)
FAKE=yes
shift
;;
--help|-h)
help
exit 0
;;
/*)
MAN_DIR="${MAN_DIR} ${1}"
shift
;;
-*)
help $1
exit 1
;;
*)
echo "\"$1\" is not an absolute path name"
exit 1
;;
esac
done
# Redirections
case $VERBOSE_LVL in
0)
# O, be silent
DEST_FD0=/dev/null
DEST_FD1=/dev/null
VERBOSE_OPT=
;;
1)
# 1, be a bit verbose
DEST_FD0=/dev/stdout
DEST_FD1=/dev/null
VERBOSE_OPT=-v
;;
*)
# 2 and above, be most verbose
DEST_FD0=/dev/stdout
DEST_FD1=/dev/stdout
VERBOSE_OPT="-v -v"
;;
esac
# Note: on my machine, 'man --path' gives /usr/share/man twice, once
# with a trailing '/', once without.
if [ -z "$MAN_DIR" ]; then
MAN_DIR=`man --path -C "$MAN_CONF"/man.conf \
| sed 's/:/\\n/g' \
| while read foo; do dirname "$foo"/.; done \
| sort -u \
| while read bar; do echo -n "$bar "; done`
fi
# If no MANPATH in ${MAN_CONF}/man.conf, abort as well
if [ -z "$MAN_DIR" ]; then
echo "No directory specified, and no directory found with \`man --path'"
exit 1
fi
# Fake?
if [ "$FAKE" != "no" ]; then
echo "Actual parameters used:"
echo -n "Compression.......: "
case $COMP_METHOD in
--bzip2|--bz2|-b) echo -n "bzip2";;
--gzip|__gz|-g) echo -n "gzip";;
--decompress|-d) echo -n "decompressing";;
*) echo -n "unknown";;
esac
echo " ($COMP_METHOD)"
echo "Compression level.: $COMP_LVL"
echo "Compression suffix: $COMP_SUF"
echo -n "Force compression.: "
[ "foo$FORCE_OPT" = "foo-F" ] && echo "yes" || echo "no"
echo "man.conf is.......: ${MAN_CONF}/man.conf"
echo -n "Hard-links........: "
[ "foo$LN_OPT" = "foo-S" ] &&
echo "convert to soft-links" || echo "leave as is"
echo -n "Soft-links........: "
[ "foo$LN_OPT" = "foo-H" ] &&
echo "convert to hard-links" || echo "leave as is"
echo "Backup............: $BACKUP"
echo "Faking (yes!).....: $FAKE"
echo "Directories.......: $MAN_DIR"
echo "Verbosity level...: $VERBOSE_LVL"
exit 0
fi
# If no method was specified, print help
if [ -z "${COMP_METHOD}" -a "${BACKUP}" = "no" ]; then
help
exit 1
fi
# In backup mode, do the backup solely
if [ "$BACKUP" = "yes" ]; then
for DIR in $MAN_DIR; do
cd "${DIR}/.."
DIR_NAME=`basename "${DIR}"`
echo "Backing up $DIR..." > $DEST_FD0
[ -f "${DIR_NAME}.tar.old" ] && rm -f "${DIR_NAME}.tar.old"
[ -f "${DIR_NAME}.tar" ] &&
mv "${DIR_NAME}.tar" "${DIR_NAME}.tar.old"
tar -cfv "${DIR_NAME}.tar" "${DIR_NAME}" > $DEST_FD1
done
exit 0
fi
# I know MAN_DIR has only absolute path names
# I need to take into account the localized man, so I'm going recursive
for DIR in $MAN_DIR; do
MEM_DIR=`pwd`
cd "$DIR"
for FILE in *; do
# Fixes the case were the directory is empty
if [ "foo$FILE" = "foo*" ]; then continue; fi
# Fixes the case when hard-links see their compression scheme change
# (from not compressed to compressed, or from bz2 to gz, or from gz
# to bz2)
# Also fixes the case when multiple version of the page are present,
# which are either compressed or not.
if [ ! -L "$FILE" -a ! -e "$FILE" ]; then continue; fi
# Do not compress whatis files
if [ "$FILE" = "whatis" ]; then continue; fi
if [ -d "$FILE" ]; then
cd "${MEM_DIR}" # Go back to where we ran "$0",
# in case "$0"=="./compressdoc" ...
# We are going recursive to that directory
echo "-> Entering ${DIR}/${FILE}..." > $DEST_FD0
# I need not pass --conf, as I specify the directory to work on
# But I need exit in case of error
"$MY_NAME" ${COMP_METHOD} ${COMP_LVL} ${LN_OPT} ${VERBOSE_OPT} \
${FORCE_OPT} "${DIR}/${FILE}" || exit 1
echo "<- Leaving ${DIR}/${FILE}." > $DEST_FD1
cd "$DIR" # Needed for the next iteration of the loop
else # !dir
if ! check_unique "$DIR" "$FILE"; then continue; fi
# Check if the file is already compressed with the specified method
BASE_FILE=`basename "$FILE" .gz`
BASE_FILE=`basename "$BASE_FILE" .bz2`
if [ "${FILE}" = "${BASE_FILE}${COMP_SUF}" \
-a "foo${FORCE_OPT}" = "foo" ]; then continue; fi
# If we have a symlink
if [ -h "$FILE" ]; then
case "$FILE" in
*.bz2)
EXT=bz2 ;;
*.gz)
EXT=gz ;;
*)
EXT=none ;;
esac
if [ ! "$EXT" = "none" ]; then
LINK=`ls -l "$FILE" | cut -d ">" -f2 \
| tr -d " " | sed s/\.$EXT$//`
NEWNAME=`echo "$FILE" | sed s/\.$EXT$//`
mv "$FILE" "$NEWNAME"
FILE="$NEWNAME"
else
LINK=`ls -l "$FILE" | cut -d ">" -f2 | tr -d " "`
fi
if [ "$LN_OPT" = "-H" ]; then
# Change this soft-link into a hard- one
rm -f "$FILE" && ln "${LINK}$COMP_SUF" "${FILE}$COMP_SUF"
chmod --reference "${LINK}$COMP_SUF" "${FILE}$COMP_SUF"
else
# Keep this soft-link a soft- one.
rm -f "$FILE" && ln -s "${LINK}$COMP_SUF" "${FILE}$COMP_SUF"
fi
echo "Relinked $FILE" > $DEST_FD1
# else if we have a plain file
elif [ -f "$FILE" ]; then
# Take care of hard-links: build the list of files hard-linked
# to the one we are {de,}compressing.
# NB. This is not optimum has the file will eventually be
# compressed as many times it has hard-links. But for now,
# that's the safe way.
inode=`ls -li "$FILE" | awk '{print $1}'`
HLINKS=`find . \! -name "$FILE" -inum $inode`
if [ -n "$HLINKS" ]; then
# We have hard-links! Remove them now.
for i in $HLINKS; do rm -f "$i"; done
fi
# Now take care of the file that has no hard-link
# We do decompress first to re-compress with the selected
# compression ratio later on...
case "$FILE" in
*.bz2)
bunzip2 $FILE
FILE=`basename "$FILE" .bz2`
;;
*.gz)
gunzip $FILE
FILE=`basename "$FILE" .gz`
;;
esac
# Compress the file with the given compression ratio, if needed
case $COMP_SUF in
*bz2)
bzip2 ${COMP_LVL} "$FILE" && chmod 644 "${FILE}${COMP_SUF}"
echo "Compressed $FILE" > $DEST_FD1
;;
*gz)
gzip ${COMP_LVL} "$FILE" && chmod 644 "${FILE}${COMP_SUF}"
echo "Compressed $FILE" > $DEST_FD1
;;
*)
echo "Uncompressed $FILE" > $DEST_FD1
;;
esac
# If the file had hard-links, recreate those (either hard or soft)
if [ -n "$HLINKS" ]; then
for i in $HLINKS; do
NEWFILE=`echo "$i" | sed s/\.gz$// | sed s/\.bz2$//`
if [ "$LN_OPT" = "-S" ]; then
# Make this hard-link a soft- one
ln -s "${FILE}$COMP_SUF" "${NEWFILE}$COMP_SUF"
else
# Keep the hard-link a hard- one
ln "${FILE}$COMP_SUF" "${NEWFILE}$COMP_SUF"
fi
# Really work only for hard-links. Harmless for soft-links
chmod 644 "${NEWFILE}$COMP_SUF"
done
fi
else
# There is a problem when we get neither a symlink nor a plain
# file. Obviously, we shall never ever come here... :-(
echo -n "Whaooo... \"${DIR}/${FILE}\" is neither a symlink "
echo "nor a plain file. Please check:"
ls -l "${DIR}/${FILE}"
exit 1
fi
fi
done # for FILE
done # for DIR
EOF
chmod 755 /usr/sbin/compressdoc
Now, as root, you can issue the command compressdoc --bz2 to compress all your system man pages. You can also run compressdoc --help to get comprehensive help about what the script is able to do.
Don't forget that a few programs, like the X Window System and XEmacs also install their documentation in non-standard places (such as /usr/X11R6/man, etc.). Be sure to add these locations to the file /etc/man.conf, as MANPATH [/path] lines.
Example:
...
MANPATH /usr/share/man
MANPATH /usr/local/man
MANPATH /usr/X11R6/man
MANPATH /opt/qt/doc/man
...
Generally, package installation systems do not compress man/info pages, which means you will need to run the script again if you want to keep the size of your documentation as small as possible. Also, note that running the script after upgrading a package is safe; when you have several versions of a page (for example, one compressed and one uncompressed), the most recent one is kept and the others are deleted.
The autofs package contains userspace tools that work with the kernel to mount and un-mount removable file systems. This is useful for allowing users to mount floppies, cdroms and other removable storage devices without requiring the system administrator to mount the devices. This may not be ideal for all installations, so be aware of the risks before implementing this feature.
Download (HTTP): http://ftp.kernel.org/pub/linux/daemons/autofs/v4/autofs-4.1.4.tar.bz2
Download (FTP): ftp://ftp.kernel.org/pub/linux/daemons/autofs/v4/autofs-4.1.4.tar.bz2
Download MD5 sum: 7e3949114c00665b4636f0c318179657
Download size: 168 KB
Estimated disk space required: 2.3 MB
Estimated build time: less than 0.1 SBU
Recommended Patch: http://ftp.kernel.org/pub/linux/daemons/autofs/v4/autofs-4.1.4-misc-fixes.patch
Recommended Patch: http://ftp.kernel.org/pub/linux/daemons/autofs/v4/autofs-4.1.4-multi-parse-fix.patch
Recommended Patch: http://ftp.kernel.org/pub/linux/daemons/autofs/v4/autofs-4.1.4-non-replicated-ping.patch
Verify that kernel support has been compiled in or built as modules in the following areas:
File systems
Kernel automounter version 4 support Y or M
Network File Systems
NFS file system support Y or M
SMB file system support Y or M
Recompile and install the new kernel, if necessary.
Install autofs by running the following commands:
patch -Np1 -i ../autofs-4.1.4-misc-fixes.patch && patch -Np1 -i ../autofs-4.1.4-multi-parse-fix.patch && patch -Np1 -i ../autofs-4.1.4-non-replicated-ping.patch && ./configure --prefix=/ --mandir=/usr/share/man && make
Now, as the root user:
make install && rm /etc/rc.d/init.d/autofs
rm /etc/rc.d/init.d/autofs: This command removes the installed script which only works on specific distributions.
The installation process creates auto.master, auto.misc and auto.net. You will replace the auto.master with the following commands:
mv /etc/auto.master /etc/auto.master.bak && cat > /etc/auto.master << "EOF" # Begin /etc/auto.master /media /etc/auto.misc # End /etc/auto.master EOF
This file mounts a new media directory over the one created by LFS and will therefore hide any mounts made by the fstab file into that directory.
While this package could be used to mount NFS shares and SMB shares, that feature is not configured in these instructions. NFS shares are covered on the next page.
The auto.misc must be configured to your working hardware. The loaded configuration file should load your cdrom if /dev/cdrom is active or it can be edited to match your device setup and examples for floppies are available in the file and easily activated. Documentation for this file is available using the man 5 autofs command.
Install the /etc/rc.d/init.d/autofs mount script and /etc/sysconfig/autofs.conf support file included with the blfs-bootscripts-6.1 package.
make install-autofs
The time-out variable is set in /etc/sysconfig/autofs.conf. The installed file sets a default of 60 seconds of inactivity before unmounting the device. A much shorter time may be necessary to protect buffer writing to a floppy if users tend to remove the media prior to the timeout setting.
While LFS is capable of mounting network file systems such as NFS, these are not mounted by the mountfs init script. Network file systems must be mounted after the networking is activated and unmounted before the network goes down. The netfs bootscript was written to handle both boot-time mounting of network filesystems, if the entry in /etc/fstab contains the _netdev option, and unmounting of all network filesystems before the network is brought down.
As the root user, install the /etc/rc.d/init.d/netfs bootscript included with the blfs-bootscripts-6.1 package.
make install-netfs
Security takes many forms in a computing environment. This chapter gives examples of three different types of security: access, prevention and detection.
Access for users is usually handled by login or an application designed to handle the login function. In this chapter, we show how to enhance login by setting policies with PAM modules. Access via networks can also be secured by policies set by iptables, commonly referred to as a firewall. For applications that don't offer the best security, you can use the Stunnel package to wrap an application daemon inside an SSL tunnel.
Prevention of breaches, like a trojan, are assisted by applications like GnuPG, specifically the ability to confirm signed packages, which recognizes modifications of the TAR ball after the packager creates it.
Finally, we touch on detection with a package that stores "signatures" of critical files (defined by the administrator) and then regenerates those "signatures" and compares for files that have been changed.
The OpenSSL package contains management tools and libraries relating to cryptography. These are useful for providing cryptography functions to other packages, notably OpenSSH, email applications and web browsers (for accessing HTTPS sites).
Download (HTTP): http://www.openssl.org/source/openssl-0.9.7g.tar.gz
Download (FTP): ftp://ftp.openssl.org/source/openssl-0.9.7g.tar.gz
Download MD5 sum: 991615f73338a571b6a1be7d74906934
Download size: 3.0 MB
Estimated disk space required: 35 MB
Estimated build time: 0.9 SBU
bc-1.06 (recommended if you run the test suite during the build)
Install OpenSSL by running the following commands:
patch -Np1 -i ../openssl-0.9.7g-fix_manpages-1.patch && ./config --openssldir=/etc/ssl --prefix=/usr shared && make MANDIR=/usr/share/man
To test the results, issue: make test.
Now, as the root user:
make MANDIR=/usr/share/man install && cp -v -r certs /etc/ssl
no-rc5 no-idea: When added to the ./config command, this will eliminate the building of those encryption methods. Patent licenses may be needed for you to utilize either of those methods in your projects.
make MANDIR=/usr/share/man; make MANDIR=/usr/share/man install: These commands install OpenSSL with the man pages in /usr/share/man instead of /etc/ssl/man.
cp -v -r certs /etc/ssl: The certificates must be copied manually since the install script skips this step.
Most people who just want to use OpenSSL for providing functions to other programs such as OpenSSH and web browsers won't need to worry about configuring OpenSSL. Configuring OpenSSL is an advanced topic and so those who do would normally be expected to either know how to do it or to be able to find out how to do it.
The CrackLib package contains a library used to enforce strong passwords by comparing user selected passwords to words in chosen word lists.
Download (HTTP): http://prdownloads.sourceforge.net/cracklib/cracklib-2.8.3.tar.gz
Download MD5 sum: 13f82f75b892cbd0ba7cb9069e307006
Download size: 480 KB
Estimated disk space required: 27.6 MB
Estimated build time: 0.1 SBU
Recommended word list for English-speaking countries (size: 4.4 MB; md5sum: d18e670e5df560a8745e1b4dede8f84f): http://prdownloads.sourceforge.net/cracklib/cracklib-words.gz
Required patch to create a library used with the Heimdal Kerberos 5 package: http://www.linuxfromscratch.org/blfs/downloads/6.1/cracklib-2.8.3-heimdal-1.patch
There are additional word lists available for download, e.g., from http://www.cotse.com/tools/wordlists.htm. CrackLib can utilize as many, or as few word lists you choose to install.
Users tend to base their passwords on regular words of the spoken language, and crackers know that. CrackLib is intended to filter out such bad passwords at the source using a dictionary created from word lists. To accomplish this, the word list(s) for use with CrackLib must be an exhaustive list of words and word-based keystroke combinations likely to be chosen by users of the system as (guessable) passwords.
The default word list recommended above for downloading mostly satisfies this role in English-speaking countries. In other situations, it may be necessary to download (or even create) additional word lists.
Note that word lists suitable for spell-checking are not usable as CrackLib word lists in countries with non-Latin based alphabets, because of “word-based keystroke combinations” that make bad passwords.
If desired, apply the Heimdal patch (note that with this patch the original library is not affected; this patch only creates an additional library used by the Heimdal password-checking routines):
patch -Np1 -i ../cracklib-2.8.3-heimdal-1.patch
Install CrackLib by running the following commands:
./configure --prefix=/usr --datadir=/lib && make
Now, as the root user:
make install && mv -v /usr/lib/libcrack.so.2* /lib && ln -v -sf ../../lib/libcrack.so.2.8.0 /usr/lib/libcrack.so
The following commands can be used to install the recommended word list. Other word lists (text based, one word per line) can also be used by simply installing them into /usr/share/dict.
install -v -m644 -D ../cracklib-words.gz \
/usr/share/dict/cracklib-words.gz &&
gunzip -v /usr/share/dict/cracklib-words.gz &&
ln -v -s cracklib-words /usr/share/dict/words &&
echo $(hostname) >>/usr/share/dict/cracklib-extra-words &&
create-cracklib-dict /usr/share/dict/cracklib-words \
/usr/share/dict/cracklib-extra-words
If desired, check the proper operation of the library as an unprivileged user using the tests included with the package:
make test
--datadir=/lib: This parameter forces the installation of the CrackLib dictionary to the /lib hierarchy.
mv -v /usr/lib/libcrack.so.2* /lib and ln -v -sf ../../lib/libcrack.so.2.8.0 ...: These two commands move the libcrack.so.2.8.0 library and associated symlink from /usr/lib to /lib, then recreates the /usr/lib/libcrack.so symlink pointing to the relocated file.
install -v -m644 -D ...: This command creates the /usr/share/dict directory (if it doesn't already exist) and installs the compressed word list there.
ln -v -s cracklib-words /usr/share/dict/words: The word list is linked to /usr/share/dict/words as historically, words is the primary word list in the /usr/share/dict directory. Omit this command if you already have a /usr/share/dict/words file installed on your system.
echo $(hostname) >>...: The value of hostname is echoed to a file called cracklib-extra-words. This extra file is intended to be a site specific list which includes easy to guess passwords such as company or department names, user's names, product names, computer names, domain names, etc.
create-cracklib-dict ...: This command creates the CrackLib dictionary from the word lists. Modify the command to add any additional word lists you have installed.
The Linux-PAM package contains Pluggable Authentication Modules. This is useful to enable the local system administrator to choose how applications authenticate users.
Download (HTTP): http://www.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-0.80.tar.bz2
Download (FTP): ftp://ftp.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-0.80.tar.bz2
Download MD5 sum: ccff87fe639efdfc22b1ba4a0f08ec57
Download size: 376 KB
Estimated disk space required: 8.6 MB
Estimated build time: 0.2 SBU
Documentation
Optional documentation: http://www.kernel.org/pub/linux/libs/pam/pre/library/Linux-PAM-0.80-docs.tar.bz2
sgmltools-lite and Berkeley DB-4.3.28 (for pam_userdb module)
Install Linux-PAM by running the following commands:
sed -i 's|DICT_DIR_CANDIDATES="|&/lib /lib/cracklib |' \
configure &&
./configure --enable-static-libpam --with-mailspool=/var/mail \
--enable-read-both-confs --sysconfdir=/etc \
--mandir=/usr/share/man &&
make
If you downloaded the documentation and wish to install it, unpack the tarball into the doc directory:
tar -jxf ../Linux-PAM-0.80-docs.tar.bz2 -C doc
Now, as the root user:
make install &&
mv -v /lib/libpam.a /lib/libpam_misc.a /lib/libpamc.a /usr/lib &&
rm -v /lib/libpam{,c,_misc}.so &&
ln -v -sf ../../lib/libpam.so.0.80 /usr/lib/libpam.so &&
ln -v -sf ../../lib/libpam_misc.so.0.80 /usr/lib/libpam_misc.so &&
ln -v -sf ../../lib/libpamc.so.0.80 /usr/lib/libpamc.so
Install the documentation using the following commands:
install -v -d -m755 /usr/share/doc/Linux-PAM-0.80 &&
for DOCTYPE in html ps specs txts
do
cp -v -R doc/$DOCTYPE /usr/share/doc/Linux-PAM-0.80
done
sed -i 's|DICT_DIR_CANDIDATES="|&/lib /lib/cracklib |' configure: This command changes where configure looks to find the CrackLib dictionary.
--enable-static-libpam: This switch builds static PAM libraries as well as the dynamic libraries.
--with-mailspool=/var/mail: This switch makes the mailspool directory FHS compliant.
--enable-read-both-confs: This switch lets the local administrator choose which configuration file setup to use.
mv -v /lib/libpam.a /lib/libpam_misc.a /lib/libpamc.a /usr/lib: This command moves the static libraries to /usr/lib to comply with FHS guidelines.
rm -v /lib/libpam{,c,_misc}.so; ln -v -sf ... /usr/lib/...: These commands move the .so symlinks from /lib to /usr/lib.
Configuration information is placed in /etc/pam.d/ or /etc/pam.conf depending on user preference. Below are example files of each type:
# Begin /etc/pam.d/other auth required pam_unix.so nullok account required pam_unix.so session required pam_unix.so password required pam_unix.so nullok # End /etc/pam.d/other # Begin /etc/pam.conf other auth required pam_unix.so nullok other account required pam_unix.so other session required pam_unix.so other password required pam_unix.so nullok # End /etc/pam.conf
The PAM man page (man pam) provides a good starting point for descriptions of fields and allowable entries. The Linux-PAM guide for system administrators is recommended for further reading.
Refer to http://www.kernel.org/pub/linux/libs/pam/modules.html for a list of various modules available.
You should now reinstall the Shadow-4.0.9 package.
Shadow was indeed installed in LFS and there is no reason to reinstall it unless you installed Linux-PAM. If you did, this will allow programs like login and su to utilize PAM.
Download (FTP): ftp://ftp.pld.org.pl/software/shadow/old/shadow-4.0.9.tar.bz2
Download MD5 sum: 66e3a3a60ea6b021a7babff311b07607
Download size: 1.1 MB
Estimated disk space required: 13 MB
Estimated build time: 0.3 SBU
Patch to fix several invalid warning messages when used with Linux_PAM: http://www.linuxfromscratch.org/blfs/downloads/6.1/shadow-4.0.9-Linux_PAM_fixes-1.patch
Reinstall Shadow by running the following commands:
patch -Np1 -i ../shadow-4.0.9-Linux_PAM_fixes-1.patch &&
./configure --libdir=/lib --enable-shared \
--with-libpam --without-libcrack &&
sed -i 's/groups$(EXEEXT) //' src/Makefile &&
sed -i '/groups/d' man/Makefile &&
make
Now, as the root user:
make install && mv -v /usr/bin/passwd /bin && mv -v /lib/libshadow.*a /usr/lib && rm -v /lib/libshadow.so && ln -v -sf ../../lib/libshadow.so.0 /usr/lib/libshadow.so
--without-libcrack: This switch tells Shadow not to use libcrack. This is desired as Linux-PAM already contains libcrack.
sed -i ...: These commands are used to suppress the installation of the groups program as the version from the Coreutils package installed during LFS is preferred.
The login program currently performs many functions which Linux-PAM modules should now handle. The following sed command will comment out the appropriate lines in /etc/login.defs, and stop login from performing these functions (a backup file named /etc/login.defs.orig is also created to preserve the original file's contents):
install -v -m644 /etc/login.defs /etc/login.defs.orig &&
for FUNCTION in LASTLOG_ENAB MAIL_CHECK_ENAB \
PORTTIME_CHECKS_ENAB CONSOLE \
MOTD_FILE NOLOGINS_FILE PASS_MIN_LEN \
SU_WHEEL_ONLY MD5_CRYPT_ENAB \
CONSOLE_GROUPS ENVIRON_FILE \
ULIMIT ENV_TZ ENV_HZ ENV_SUPATH \
ENV_PATH QMAIL_DIR MAIL_DIR MAIL_FILE \
CHFN_AUTH FAILLOG_ENAB QUOTAS_ENAB FTMP_FILE
do
sed -i -e "s/^$FUNCTION/# &/" /etc/login.defs
done
If you have CrackLib installed, also comment out four more lines using the following command:
for FUNCTION in OBSCURE_CHECKS_ENAB CRACKLIB_DICTPATH \
PASS_CHANGE_TRIES PASS_ALWAYS_WARN
do
sed -i -e "s/^$FUNCTION/# &/" /etc/login.defs
done
Add the following Linux-PAM configuration files to /etc/pam.d/ (or add them to /etc/pam.conf with the additional field for the program).
cat > /etc/pam.d/login << "EOF"
# Begin /etc/pam.d/login
auth requisite pam_securetty.so
auth requisite pam_nologin.so
auth required pam_unix.so
account required pam_access.so
account required pam_unix.so
session required pam_env.so
session required pam_motd.so
session required pam_limits.so
session optional pam_mail.so dir=/var/mail standard
session optional pam_lastlog.so
session required pam_unix.so
password required pam_cracklib.so retry=3 difok=8 minlen=5 \
dcredit=3 ocredit=3 \
ucredit=2 lcredit=2
password required pam_unix.so md5 shadow use_authtok
# End /etc/pam.d/login
EOF
cat > /etc/pam.d/login << "EOF" # Begin /etc/pam.d/login auth requisite pam_securetty.so auth requisite pam_nologin.so auth required pam_env.so auth required pam_unix.so account required pam_access.so account required pam_unix.so session required pam_motd.so session required pam_limits.so session optional pam_mail.so dir=/var/mail standard session optional pam_lastlog.so session required pam_unix.so password required pam_unix.so md5 shadow # End /etc/pam.d/login EOF
cat > /etc/pam.d/passwd << "EOF"
# Begin /etc/pam.d/passwd
password required pam_cracklib.so retry=3 difok=8 minlen=5 \
dcredit=3 ocredit=3 \
ucredit=2 lcredit=2
password required pam_unix.so md5 shadow use_authtok
# End /etc/pam.d/passwd
EOF
cat > /etc/pam.d/passwd << "EOF" # Begin /etc/pam.d/passwd password required pam_unix.so md5 shadow # End /etc/pam.d/passwd EOF
cat > /etc/pam.d/su << "EOF" # Begin /etc/pam.d/su auth sufficient pam_rootok.so auth required pam_unix.so account required pam_unix.so session optional pam_mail.so dir=/var/mail standard session required pam_env.so session required pam_unix.so # End /etc/pam.d/su EOF
cat > /etc/pam.d/chage << "EOF" # Begin /etc/pam.d/chage auth sufficient pam_rootok.so auth required pam_unix.so account required pam_unix.so session required pam_unix.so password required pam_permit.so # End /etc/pam.d/chage EOF
for PROGRAM in chpasswd newusers groupadd groupdel \
groupmod useradd userdel usermod
do
install -v -m644 /etc/pam.d/chage /etc/pam.d/$PROGRAM
sed -i -e "s/chage/$PROGRAM/" /etc/pam.d/$PROGRAM
done
At this point, you should do a simple test to see if Shadow is working as expected. Open another terminal and log in as a user, then su to root. If you do not see any errors, then all is well and you should proceed with the rest of the configuration. If you did receive errors, stop now and double check the above configuration files manually. If you cannot find and fix the error, you should recompile Shadow replacing --with-libpam with --without-libpam in the above instructions (also move the /etc/login.defs.orig backup file to /etc/login.defs). If you fail to do this and the errors remain, you will be unable to log into your system.
Currently, /etc/pam.d/other is configured to allow anyone with an account on the machine to use PAM-aware programs without a configuration file for that program. After testing Linux-PAM for proper configuration, install a more restrictive other file so that program-specific configuration files are required:
cat > /etc/pam.d/other << "EOF" # Begin /etc/pam.d/other auth required pam_deny.so auth required pam_warn.so account required pam_deny.so session required pam_deny.so password required pam_deny.so password required pam_warn.so # End /etc/pam.d/other EOF
Instead of using the /etc/login.access file for controlling access to the system, Linux-PAM uses the pam_access.so module along with the /etc/security/access.conf file. Rename the /etc/login.access file using the following command:
if [ -f /etc/login.access ]; then
mv -v /etc/login.access /etc/login.access.NOUSE
fi
Instead of using the /etc/limits file for limiting usage of system resources, Linux-PAM uses the pam_limits.so module along with the /etc/security/limits.conf file. Rename the /etc/limits file using the following command:
if [ -f /etc/limits ]; then
mv -v /etc/limits /etc/limits.NOUSE
fi
During previous configuration, several items were removed from /etc/login.defs. Some of these items are now controlled by the pam_env.so module and the /etc/security/pam_env.conf configuration file. In particular, the default path has been changed. To recover your default path, execute the following commands:
ENV_PATH=`grep '^ENV_PATH' /etc/login.defs.orig | \
awk '{ print $2 }' | sed 's/PATH=//'` &&
echo 'PATH DEFAULT='`echo "${ENV_PATH}"`' OVERRIDE=${PATH}' \
>> /etc/security/pam_env.conf &&
unset ENV_PATH
ENV_SUPATH is no longer supported. You must create a valid /root/.bashrc file to provide a modified path for the super user.
A list of the installed files, along with their short descriptions can be found at ../../../../lfs/view/stable/chapter06/shadow.html#contents-shadow.
The next part of this chapter deals with firewalls. The principal firewall tool for Linux, as of the 2.4 kernel series, is iptables. It replaces ipchains from the 2.2 series and ipfwadm from the 2.0 series. You will need to install iptables if you intend on using any form of a firewall.
Download (HTTP): http://www.iptables.org/files/iptables-1.3.3.tar.bz2
Download (FTP): ftp://ftp.netfilter.org/pub/iptables/iptables-1.3.3.tar.bz2
Download MD5 sum: 86d88455520cfdc56fd7ae27897a80a4
Download size: 176 KB
Estimated disk space required: 4.8 MB
Estimated build time: 0.2 SBU
A firewall in Linux is accomplished through a portion of the kernel called netfilter. The interface to netfilter is iptables. To use it, the appropriate kernel configuration parameters are found in Device Drivers -> Networking Support -> Networking Options -> Network Packet Filtering -> IP: Netfilter Configuration.
Installation of iptables will fail if raw kernel headers are found in /usr/src/linux either as actual files or a symlink. As of the Linux 2.6 kernel series, this directory should no longer exist because appropriate headers were installed from the Linux-Libc-Headers package during the base LFS installation.
For some non-x86 architectures, the raw kernel headers may be required. In that case, add the environment variable KERNEL_DIR=/usr/src/linux to the make commands below.
Install iptables by running the following commands:
make PREFIX=/usr LIBDIR=/lib BINDIR=/sbin
Now, as the root user:
make PREFIX=/usr LIBDIR=/lib BINDIR=/sbin install
PREFIX=/usr LIBDIR=/lib BINDIR=/sbin: Compiles and installs iptables libraries into /lib, binaries into /sbin and the remainder into the /usr hierarchy instead of /usr/local. Firewalls are generally activated during the boot process and /usr may not be mounted at that time.
Introductory instructions for configuring your firewall are presented in the next section: Firewalling
To set up the iptables firewall at boot, install the /etc/rc.d/init.d/iptables init script included in the blfs-bootscripts-6.1 package.
make install-iptables
Before you read this part of the chapter, you should have already installed iptables as described in the previous section.
The general purpose of a firewall is to protect a computer or a network against malicious access.
In a perfect world, every daemon or service on every machine is perfectly configured and immune to flaws such as buffer overflows or other problems regarding its security. Furthermore, you trust every user accessing your services. In this world, you do not need to have a firewall.
In the real world however, daemons may be misconfigured and exploits against essential services are freely available. You may wish to choose which services are accessible by certain machines or you may wish to limit which machines or applications are allowed external access. Alternatively, you may simply not trust some of your applications or users. You are probably connected to the Internet. In this world, a firewall is essential.
Don't assume however, that having a firewall makes careful configuration redundant, or that it makes any negligent misconfiguration harmless. It doesn't prevent anyone from exploiting a service you intentionally offer but haven't recently updated or patched after an exploit went public. Despite having a firewall, you need to keep applications and daemons on your system properly configured and up to date. A firewall is not a cure all, but should be an essential part of your overall security strategy.
The word firewall can have several different meanings.
This is a hardware device or software program commercially sold (or offered via freeware) by companies such as Symantec which claims that it secures a home or desktop computer connected to the Internet. This type of firewall is highly relevant for users who do not know how their computers might be accessed via the Internet or how to disable that access, especially if they are always online and connected via broadband links.
This is a system placed between the Internet and an intranet. To minimize the risk of compromising the firewall itself, it should generally have only one role—that of protecting the intranet. Although not completely risk free, the tasks of doing the routing and IP masquerading (rewriting IP headers of the packets it routes from clients with private IP addresses onto the Internet so that they seem to come from the firewall itself) are commonly considered relatively secure.
This is often an old computer you may have retired and nearly forgotten, performing masquerading or routing functions, but offering non-firewall services such as a web-cache or mail. This may be used for home networks, but is not to be considered as secure as a firewall only machine because the combination of server and router/firewall on one machine raises the complexity of the setup.
This box performs masquerading or routing, but grants public access to some branch of your network which, because of public IPs and a physically separated structure, is essentially a separate network with direct Internet access. The servers on this network are those which must be easily accessible from both the Internet and intranet. The firewall protects both networks. This type of firewall has a minimum of three network interfaces.
This introduction on how to setup a firewall is not a complete guide to securing systems. Firewalling is a complex issue that requires careful configuration. The scripts quoted here are simply intended to give examples of how a firewall works. They are not intended to fit into any particular configuration and may not provide complete protection from an attack.
Customization of these scripts for your specific situation will be necessary for an optimal configuration, but you should make a serious study of the iptables documentation and creating firewalls in general before hacking away. Have a look at the list of links for further reading at the end of this section for more details. There you will find a list of URLs that contain quite comprehensive information about building your own firewall.
The firewall configuration script installed in the iptables section differs from the standard configuration script. It only has two of the standard targets: start and status. The other targets are clear and lock. For instance if you issue:
/etc/rc.d/init.d/iptables start
the firewall will be restarted just as it is upon system startup. The status target will present a list of all currently implemented rules. The clear target turns off all firewall rules and the lock target will block all packets in and out of the computer with the exception of the loopback interface.
The main startup firewall is located in the file /etc/rc.d/rc.iptables. The sections below provide three different approaches that can be used for a system.
You should always run your firewall rules from a script. This ensures consistency and a record of what was done. It also allows retention of comments that are essential for understanding the rules long after they were written.
A Personal Firewall is designed to let you access all the services offered on the Internet, but keep your box secure and your data private.
Below is a slightly modified version of Rusty Russell's recommendation from the Linux 2.4 Packet Filtering HOWTO. It is still applicable to the Linux 2.6 kernels.
cat > /etc/rc.d/rc.iptables << "EOF" #!/bin/sh # Begin $rc_base/rc.iptables # Insert connection-tracking modules # (not needed if built into the kernel) modprobe ip_tables modprobe iptable_filter modprobe ip_conntrack modprobe ip_conntrack_ftp modprobe ipt_state modprobe ipt_LOG # Enable broadcast echo Protection echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts # Disable Source Routed Packets echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route # Enable TCP SYN Cookie Protection echo 1 > /proc/sys/net/ipv4/tcp_syncookies # Disable ICMP Redirect Acceptance echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects # Don¹t send Redirect Messages echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects # Drop Spoofed Packets coming in on an interface, where responses # would result in the reply going out a different interface. echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter # Log packets with impossible addresses. echo 1 > /proc/sys/net/ipv4/conf/all/log_martians # be verbose on dynamic ip-addresses (not needed in case of static IP) echo 2 > /proc/sys/net/ipv4/ip_dynaddr # disable Explicit Congestion Notification # too many routers are still ignorant echo 0 > /proc/sys/net/ipv4/tcp_ecn # Set a known state iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP # These lines are here in case rules are already in place and the # script is ever rerun on the fly. We want to remove all rules and # pre-existing user defined chains before we implement new rules. iptables -F iptables -X iptables -Z iptables -t nat -F # Allow local-only connections iptables -A INPUT -i lo -j ACCEPT # Free output on any interface to any ip for any service # (equal to -P ACCEPT) iptables -A OUTPUT -j ACCEPT # Permit answers on already established connections # and permit new connections related to established ones # (e.g. port mode ftp) iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Log everything else. What's Windows' latest exploitable vulnerability? iptables -A INPUT -j LOG --log-prefix "FIREWALL:INPUT " # End $rc_base/rc.iptables EOF chmod 700 /etc/rc.d/rc.iptables
This script is quite simple, it drops all traffic coming into your computer that wasn't initiated from your computer, but as long as you are simply surfing the Internet you are unlikely to exceed its limits.
If you frequently encounter certain delays at accessing FTP servers, take a look at BusyBox example number 4.
Even if you have daemons or services running on your system, these will be inaccessible everywhere but from your computer itself. If you want to allow access to services on your machine, such as ssh or ping, take a look at BusyBox.
A true Firewall has two interfaces, one connected to an intranet, in this example eth0, and one connected to the Internet, here ppp0. To provide the maximum security for the firewall itself, make sure that there are no unnecessary servers running on it such as X11 et al. As a general principle, the firewall itself should not access any untrusted service (think of a remote server giving answers that makes a daemon on your system crash, or even worse, that implements a worm via a buffer-overflow).
cat > /etc/rc.d/rc.iptables << "EOF" #!/bin/sh # Begin $rc_base/rc.iptables echo echo "You're using the example configuration for a setup of a firewall" echo "from Beyond Linux From Scratch." echo "This example is far from being complete, it is only meant" echo "to be a reference." echo "Firewall security is a complex issue, that exceeds the scope" echo "of the configuration rules below." echo "You can find additional information" echo "about firewalls in Chapter 4 of the BLFS book." echo "http://www.linuxfromscratch.org/blfs" echo # Insert iptables modules (not needed if built into the kernel). modprobe ip_tables modprobe iptable_filter modprobe ip_conntrack modprobe ip_conntrack_ftp modprobe ipt_state modprobe iptable_nat modprobe ip_nat_ftp modprobe ipt_MASQUERADE modprobe ipt_LOG modprobe ipt_REJECT # Enable broadcast echo Protection echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts # Disable Source Routed Packets echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route # Enable TCP SYN Cookie Protection echo 1 > /proc/sys/net/ipv4/tcp_syncookies # Disable ICMP Redirect Acceptance echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects # Don¹t send Redirect Messages echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects # Drop Spoofed Packets coming in on an interface where responses # would result in the reply going out a different interface. echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter # Log packets with impossible addresses. echo 1 > /proc/sys/net/ipv4/conf/all/log_martians # Be verbose on dynamic ip-addresses (not needed in case of static IP) echo 2 > /proc/sys/net/ipv4/ip_dynaddr # Disable Explicit Congestion Notification # Too many routers are still ignorant echo 0 > /proc/sys/net/ipv4/tcp_ecn # Set a known state iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP # These lines are here in case rules are already in place and the # script is ever rerun on the fly. We want to remove all rules and # pre-existing user defined chains before we implement new rules. iptables -F iptables -X iptables -Z iptables -t nat -F # Allow local connections iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT # Allow forwarding if the initiated on the intranet iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -i ! ppp+ -m state --state NEW -j ACCEPT # Do masquerading # (not needed if intranet is not using private ip-addresses) iptables -t nat -A POSTROUTING -o ppp+ -j MASQUERADE # Log everything for debugging # (last of all rules, but before policy rules) iptables -A INPUT -j LOG --log-prefix "FIREWALL:INPUT " iptables -A FORWARD -j LOG --log-prefix "FIREWALL:FORWARD" iptables -A OUTPUT -j LOG --log-prefix "FIREWALL:OUTPUT " # Enable IP Forwarding echo 1 > /proc/sys/net/ipv4/ip_forward EOF chmod 700 /etc/rc.d/rc.iptables
With this script your intranet should be reasonably secure against external attacks. No one should be able to setup a new connection to any internal service and, if it's masqueraded, makes your intranet invisible to the Internet. Furthermore, your firewall should be relatively safe because there are no services running that a cracker could attack.
If the interface you're connecting to the Internet doesn't connect via PPP, you will need to change ppp+ to the name of the interface (e.g., eth1) which you are using.
This scenario isn't too different from the Masquerading Router, but additionally offers some services to your intranet. Examples of this can be when you want to administer your firewall from another host on your intranet or use it as a proxy or a name server.
Outlining a true concept of how to protect a server that offers services on the Internet goes far beyond the scope of this document. See the references at the end of this section for more information.
Be cautious. Every service you have enabled makes your setup more complex and your firewall less secure. You are exposed to the risks of misconfigured services or running a service with an exploitable bug. A firewall should generally not run any extra services. See the introduction to the Masquerading Router for some more details.
If you want to add services such as internal Samba or name servers that do not need to access the Internet themselves, the additional statements are quite simple and should still be acceptable from a security standpoint. Just add the following lines into the script before the logging rules.
iptables -A INPUT -i ! ppp+ -j ACCEPT iptables -A OUTPUT -o ! ppp+ -j ACCEPT
If daemons, such as squid, have to access the Internet themselves, you could open OUTPUT generally and restrict INPUT.
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -j ACCEPT
However, it is generally not advisable to leave OUTPUT unrestricted. You lose any control over trojans who would like to "call home", and a bit of redundancy in case you've (mis-)configured a service so that it broadcasts its existence to the world.
To accomplish this, you should restrict INPUT and OUTPUT on all ports except those that it's absolutely necessary to have open. Which ports you have to open depends on your needs: mostly you will find them by looking for failed accesses in your log files.
Have a Look at the Following Examples:
Squid is caching the web:
iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp --sport 80 -m state --state ESTABLISHED \ -j ACCEPT
Your caching name server (e.g., named) does its lookups via UDP:
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
You want to be able to ping your computer to ensure it's still alive:
iptables -A INPUT -p icmp -m icmp --icmp-type echo-request -j ACCEPT iptables -A OUTPUT -p icmp -m icmp --icmp-type echo-reply -j ACCEPT
If you are frequently accessing FTP servers or enjoy chatting, you might notice certain delays because some implementations of these daemons have the feature of querying an identd on your system to obtain usernames. Although there's really little harm in this, having an identd running is not recommended because many security experts feel the service gives out too much additional information.
To avoid these delays you could reject the requests with a 'tcp-reset':
iptables -A INPUT -p tcp --dport 113 -j REJECT --reject-with tcp-reset
To log and drop invalid packets (packets that came in after netfilter's timeout or some types of network scans):
iptables -I INPUT -p tcp -m state --state INVALID \ -j LOG --log-prefix "FIREWALL:INVALID" iptables -I INPUT -p tcp -m state --state INVALID -j DROP
Anything coming from the outside should not have a private address, this is a common attack called IP-spoofing:
iptables -A INPUT -i ppp+ -s 10.0.0.0/8 -j DROP iptables -A INPUT -i ppp+ -s 172.16.0.0/12 -j DROP iptables -A INPUT -i ppp+ -s 192.168.0.0/16 -j DROP
There are other addresses that you may also want to drop: 0.0.0.0/8, 127.0.0.0/8, 224.0.0.0/3 (multicast and experimental), 169.254.0.0/16 (Link Local Networks), and 192.0.2.0/24 (IANA defined test network).
If your firewall is a DHCP client, you need to allow those packets:
iptables -A INPUT -i ppp0 -p udp -s 0.0.0.0 --sport 67 \ -d 255.255.255.255 --dport 68 -j ACCEPT
To simplify debugging and be fair to anyone who'd like to access a service you have disabled, purposely or by mistake, you could REJECT those packets that are dropped.
Obviously this must be done directly after logging as the very last lines before the packets are dropped by policy:
iptables -A INPUT -j REJECT
These are only examples to show you some of the capabilities of the firewall code in Linux. Have a look at the man page of iptables. There you will find much more information. The port numbers needed for this can be found in /etc/services, in case you didn't find them by trial and error in your log file.
Finally, there is one fact you must not forget: The effort spent attacking a system corresponds to the value the cracker expects to gain from it. If you are responsible for valuable information, you need to spend the time to protect it properly.
www.netfilter.org - Homepage of the netfilter/iptables project
Netfilter related FAQ
Netfilter related HOWTO's
en.tldp.org/LDP/nag2/x-087-2-firewall.html
en.tldp.org/HOWTO/Security-HOWTO.html
en.tldp.org/HOWTO/Firewall-HOWTO.html
www.ibm.com/developerworks/security/library/s-fire.html
www.ibm.com/developerworks/security/library/s-fire2.html
www.interhack.net/pubs/fw-faq/
www.linuxsecurity.com/docs/
www.little-idiot.de/firewall (German & outdated, but very comprehensive)
www.linuxgazette.com/issue65/stumpel.html
linux.oreillynet.com/pub/a/linux/2000/03/10/netadmin/ddos.html
staff.washington.edu/dittrich/misc/ddos
www.e-infomax.com/ipmasq
www.circlemud.org/~jelson/writings/security/index.htm
www.securityfocus.com
www.cert.org - tech_tips
security.ittoolbox.com
www.linux-firewall-tools.com/linux/
logi.cc/linux/athome-firewall.php3
www.insecure.org/reading.html
www.robertgraham.com/pubs/firewall-seen.html
The GnuPG package contains a public/private key encryptor. This is becoming useful for signing files or emails as proof of identity and preventing tampering with the contents of the file or email.
Download (HTTP): http://public.ftp.planetmirror.com/pub/gnupg/gnupg-1.4.1.tar.bz2
Download (FTP): ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.4.1.tar.bz2
Download MD5 sum: fdfc5553d0904cd65011e47a42a9532c
Download size: 2.8 MB
Estimated disk space required: 32 MB
Estimated build time: 0.42 SBU
OpenLDAP-2.2.24, libusb-0.1.10a, cURL-7.14.0, MTA, DocBook-utils-0.6.14 and docbook-to-man
Install GnuPG by running the following commands:
./configure --prefix=/usr --libexecdir=/usr/lib && make
Now, as the root user:
make install && chmod -v 4755 /usr/bin/gpg
--libexecdir=/usr/lib: This command creates a gnupg directory in /usr/lib instead of /usr/libexec.
chmod -v 4755 /usr/bin/gpg: gpg is installed setuid root to avoid swapping out sensitive data.
The Tripwire package contains programs used to verify the integrity of the files on a given system.
Download (HTTP): http://www.frenchfries.net/paul/tripwire/tripwire-portable-0.9.tar.gz
Download MD5 sum: 02610d0593fe04d35d809ff6c5becc02
Download size: 869 KB
Estimated disk space required: 22 MB
Estimated build time: 2.96 SBU
MTA (See Chapter 22, Mail Server Software)
Compile Tripwire by running the following commands:
sed -i -e 's@TWDB="${prefix}@TWDB="/var@' install/install.cfg &&
./configure --prefix=/usr --sysconfdir=/etc/tripwire &&
make
Now, as the root user:
make install && cp -v policy/*.txt /usr/share/doc/tripwire
The default configuration is to use a local MTA. If you don't have an MTA installed and have no wish to install one, modify install.cfg to use an SMTP server instead.
sed -i -e 's@TWDB="${prefix}@TWDB="/var@' install/install.cfg: This command tells the package to install the program database and reports in /var/lib/tripwire.
make install: This command creates the Tripwire security keys as well as installing the binaries. There are two keys: a site key and a local key which are stored in /etc/tripwire/.
cp -v policy/*.txt /usr/share/doc/tripwire: This command installs the documentation.
Tripwire uses a policy file to determine which files are integrity checked. The default policy file (/etc/tripwire/twpol.txt) is for a default Redhat installation and will need to be updated for your system.
Policy files should be tailored to each individual distribution and/or installation. Some custom policy files can be found below:
http://home.iprimus.com.au/glombowski/blfs/twpol-all.txt
Checks integrity of all files
http://home.iprimus.com.au/glombowski/blfs/twpol-lfs.txt
Custom policy file for Base LFS 3.0 system
http://home.iprimus.com.au/glombowski/blfs/twpol-suse7.2.txt
Custom policy file for SuSE 7.2 system
Download the custom policy file you'd like to try, copy it into /etc/tripwire/, and use it instead of twpol.txt. It is, however, recommended that you make your own policy file. Get ideas from the examples above and read /usr/share/doc/tripwire/policyguide.txt for additional information. twpol.txt is a good policy file for beginners as it will note any changes to the file system and can even be used as an annoying way of keeping track of changes for uninstallation of software.
After your policy file has been transferred to /etc/tripwire/ you may begin the configuration steps (perform as the root):
twadmin --create-polfile --site-keyfile /etc/tripwire/site.key \
/etc/tripwire/twpol.txt &&
tripwire --init
To use Tripwire after creating a policy file to run a report, use the following command:
tripwire --check > /etc/tripwire/report.txt
View the output to check the integrity of your files. An automatic integrity report can be produced by using a cron facility to schedule the runs.
Please note that after you run an integrity check, you must examine the report (or email) and then modify the Tripwire database to reflect the changed files on your system. This is so that Tripwire will not continually notify you that files you intentionally changed are a security violation. To do this you must first ls -l /var/lib/tripwire/report/ and note the name of the newest file which starts with linux- and ends in .twr. This encrypted file was created during the last report creation and is needed to update the Tripwire database of your system. Then, as the root user, type in the following command making the appropriate substitutions for [?]:
tripwire --update -twrfile \
/var/lib/tripwire/report/linux-[???????]-[??????].twr
You will be placed into vim with a copy of the report in front of you. If all the changes were good, then just type :x and after entering your local key, the database will be updated. If there are files which you still want to be warned about, remove the 'x' before the filename in the report and type :x.
Heimdal is a free implementation of Kerberos 5 that aims to be compatible with MIT krb5 and is backward compatible with krb4. Kerberos is a network authentication protocol. Basically it preserves the integrity of passwords in any untrusted network (like the Internet). Kerberized applications work hand-in-hand with sites that support Kerberos to ensure that passwords cannot be stolen or compromised. A Kerberos installation will make changes to the authentication mechanisms on your network and will overwrite several programs and daemons from the Coreutils, Inetutils, Qpopper and Shadow packages.
Download (HTTP): http://ftp.vc-graz.ac.at/mirror/crypto/kerberos/heimdal/heimdal-0.7.tar.gz
Download (FTP): ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.7.tar.gz
Download MD5 sum: 0a8097a8772d5d2de8c5539d3182b82a
Download size: 4.5 MB
Estimated disk space required: 91 MB
Estimated build time: 2.4 SBU
Required Patch: http://www.linuxfromscratch.org/blfs/downloads/6.1/heimdal-0.7-fhs_compliance-1.patch
Required patch for CrackLib support: http://www.linuxfromscratch.org/blfs/downloads/6.1/heimdal-0.7-cracklib-1.patch
OpenSSL-0.9.7g and Berkeley DB-4.3.28
Linux-PAM-0.80, OpenLDAP-2.2.24, X (X.org-6.8.2 or XFree86-4.5.0), CrackLib-2.8.3 (compiled with the heimdal patch) and krb4
Some sort of time synchronization facility on your system (like NTP-4.2.0) is required since Kerberos won't authenticate if the time differential between a kerberized client and the KDC server is more than 5 minutes.
Before installing the package, you may want to preserve the ftp program from the Inetutils package. This is because using the Heimdal ftp program to connect to non-kerberized ftp servers may not work properly. It will allow you to connect (letting you know that transmission of the password is clear text) but will have problems doing puts and gets. Issue the following command as the root user.
mv -v /usr/bin/ftp /usr/bin/ftpn
If you wish the Heimdal package to link against the CrackLib library (requires CrackLib-2.8.3 installed with the heimdal patch), you must apply a patch:
patch -Np1 -i ../heimdal-0.7-cracklib-1.patch
Install Heimdal by running the following commands:
patch -Np1 -i ../heimdal-0.7-fhs_compliance-1.patch &&
./configure --prefix=/usr \
--sysconfdir=/etc/heimdal \
--libexecdir=/usr/sbin \
--datadir=/var/lib/heimdal \
--localstatedir=/var/lib/heimdal \
--enable-shared \
--with-readline=/usr &&
make
To test the results, issue: make check.
Now, as the root user:
make install &&
install -v -m755 -d /usr/share/doc/heimdal-0.7/standardisation &&
install -v -m644 doc/{init-creds,layman.asc} \
/usr/share/doc/heimdal-0.7 &&
install -v -m644 doc/standardisation/* \
/usr/share/doc/heimdal-0.7/standardisation &&
mv -v /bin/login /bin/login.shadow &&
mv -v /bin/su /bin/su.shadow &&
mv -v /usr/bin/{login,su} /bin &&
ln -v -sf ../../bin/login /usr/bin &&
mv -v /usr/lib/lib{otp,kafs,krb5,asn1,roken,crypto}.so.* \
/usr/lib/libdb-4.3.so /lib &&
ln -v -sf ../../lib/libdb-4.3.so /usr/lib/libdb.so &&
ln -v -sf ../../lib/libdb-4.3.so /usr/lib/libdb-4.so &&
for SYMLINK in otp.so.0.1.3 kafs.so.0.4.1 krb5.so.17.4.0 \
asn1.so.6.1.0 roken.so.16.1.0 crypto.so.0.9.7
do
ln -v -sf ../../lib/lib$SYMLINK \
/usr/lib/lib`echo $SYMLINK | cut -d. -f1`.so
done
ldconfig
--libexecdir=/usr/sbin: This switch puts the daemon programs into /usr/sbin.
If you want to preserve all your existing Inetutils package daemons, install the Heimdal daemons into /usr/sbin/heimdal (or wherever you want). Since these programs will be called from (x)inetd or rc scripts, it really doesn't matter where they are installed, as long as they are correctly specified in the /etc/(x)inetd.conf file and rc scripts. If you choose something other than /usr/sbin, you may want to move some of the user programs (such as kadmin) to /usr/sbin manually so they'll be in the privileged user's default PATH.
mv ... .shadow; mv ... /bin; ln -v -sf ../../bin...: The login and su programs installed by Heimdal belong in the /bin directory. The login program is symlinked because Heimdal is expecting to find it in /usr/bin. The old executables are preserved before the move to keep things sane should breaks occur.
mv ... /lib; ln -v -sf ../../lib/lib... /usr/lib...: The login and su programs installed by Heimdal link against Heimdal libraries as well as libraries provided by the OpenSSL and Berkeley DB packages. These libraries are moved to /lib to be FHS compliant and also in case /usr is located on a separate partition which may not always be mounted.
All the configuration steps shown below must be accomplished by the root user unless otherwise noted.
Create the Kerberos configuration file with the following commands:
install -v -m755 -d /etc/heimdal &&
cat > /etc/heimdal/krb5.conf << "EOF"
# Begin /etc/heimdal/krb5.conf
[libdefaults]
default_realm = [EXAMPLE.COM]
encrypt = true
[realms]
[EXAMPLE.COM] = {
kdc = [hostname.example.com]
admin_server = [hostname.example.com]
kpasswd_server = [hostname.example.com]
}
[domain_realm]
.[example.com] = [EXAMPLE.COM]
[logging]
kdc = FILE:/var/log/kdc.log
admin_server = FILE:/var/log/kadmin.log
default = FILE:/var/log/krb.log
# End /etc/heimdal/krb5.conf
EOF
chmod -v 644 /etc/heimdal/krb5.conf
You will need to substitute your domain and proper hostname for the occurrences of the [hostname] and [EXAMPLE.COM] names.
default_realm should be the name of your domain changed to ALL CAPS. This isn't required, but both Heimdal and MIT krb5 recommend it.
encrypt = true provides encryption of all traffic between kerberized clients and servers. It's not necessary and can be left off. If you leave it off, you can encrypt all traffic from the client to the server using a switch on the client program instead.
The [realms] parameters tell the client programs where to look for the KDC authentication services.
The [domain_realm] section maps a domain to a realm.
Store the master password in a key file using the following commands:
install -v -m755 -d /var/lib/heimdal && kstash
Create the KDC database:
kadmin -l
The commands below will prompt you for information about the principles. Choose the defaults for now unless you know what you are doing and need to specify different values. You can go in later and change the defaults, should you feel the need. You may use the up and down arrow keys to use the history feature of kadmin in a similar manner as the bash history feature.
At the kadmin> prompt, issue the following statement:
init [EXAMPLE.COM]
The database must now be populated with at least one principle (user). For now, just use your regular login name or root. You may create as few, or as many principles as you wish using the following statement:
add [loginname]
The KDC server and any machine running kerberized server daemons must have a host key installed:
add --random-key host/[hostname.example.com]
After choosing the defaults when prompted, you will have to export the data to a keytab file:
ext host/[hostname.example.com]
This should have created two files in /etc/heimdal: krb5.keytab (Kerberos 5) and srvtab (Kerberos 4). Both files should have 600 (root rw only) permissions. Keeping the keytab files from public access is crucial to the overall security of the Kerberos installation.
Eventually, you'll want to add server daemon principles to the database and extract them to the keytab file. You do this in the same way you created the host principles. Below is an example:
add --random-key ftp/[hostname.example.com]
(choose the defaults)
ext ftp/[hostname.example.com]
Exit the kadmin program (use quit or exit) and return back to the shell prompt. Start the KDC daemon manually, just to test out the installation:
/usr/sbin/kdc &
Attempt to get a TGT (ticket granting ticket) with the following command:
kinit [loginname]
You will be prompted for the password you created. After you get your ticket, you should list it with the following command:
klist
Information about the ticket should be displayed on the screen.
To test the functionality of the keytab file, issue the following command:
ktutil list
This should dump a list of the host principals, along with the encryption methods used to access the principals.
At this point, if everything has been successful so far, you can feel fairly confident in the installation, setup and configuration of your new Heimdal Kerberos 5 installation.
Install the /etc/rc.d/init.d/heimdal init script included in the blfs-bootscripts-6.1 package:
make install-heimdal
To use the kerberized client programs (telnet, ftp, rsh, rxterm, rxtelnet, rcp, xnlock), you first must get a TGT. Use the kinit program to get the ticket. After you've acquired the ticket, you can use the kerberized programs to connect to any kerberized server on the network. You will not be prompted for authentication until your ticket expires (default is one day), unless you specify a different user as a command line argument to the program.
The kerberized programs will connect to non-kerberized daemons, warning you that authentication is not encrypted. As mentioned earlier, only the ftp program gives any trouble connecting to non-kerberized daemons.
In order to use the Heimdal X programs, you'll need to add a service port entry to the /etc/services file for the kxd server. There is no 'standardized port number' for the 'kx' service in the IANA database, so you'll have to pick an unused port number. Add an entry to the services file similar to the entry below (substitute your chosen port number for [49150]):
kx [49150]/tcp # Heimdal kerberos X kx [49150]/udp # Heimdal kerberos X
For additional information consult the Heimdal hint on which the above instructions are based.
MIT krb5 is a free implementation of Kerberos 5. Kerberos is a network authentication protocol. It centralizes the authentication database and uses kerberized applications to work with servers or services that support Kerberos allowing single logins and encrypted communication over internal networks or the Internet.
Download (HTTP): http://web.mit.edu/kerberos/www/dist/krb5/1.4/krb5-1.4.1-signed.tar
Download MD5 sum: 617e0071fa5b74ab4116f064678af551
Download size: 6.4 MB
Estimated disk space required: TBD MB
Estimated build time: TBD SBU
The instructions for MIT Krb5 have not yet been validated by the BLFS Editors. Until this section is updated, the Editors reccomend using Heimdal-0.7 to implement the functionality of this package.
The Cyrus SASL package contains a Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. To use SASL, a protocol includes a command for identifying and authenticating a user to a server and for optionally negotiating protection of subsequent protocol interactions. If its use is negotiated, a security layer is inserted between the protocol and the connection.
Download (HTTP): http://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.21.tar.gz
Download (FTP): ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.21.tar.gz
Download MD5 sum: dde02db234dea892bee298390890502e
Download size: 1.6 MB
Estimated disk space required: 16 MB
Estimated build time: 0.3 SBU
Linux-PAM-0.80, OpenLDAP-2.2.24, Heimdal-0.7 or MIT krb5-1.4.1, JDK-1.5.0, MySQL-4.1.12, PostgreSQL-8.0.3, Berkeley DB-4.3.28, GDBM-1.8.3, krb4, SQLite and Dmalloc
Install Cyrus SASL by running the following commands:
./configure --prefix=/usr --sysconfdir=/etc \
--with-dbpath=/var/lib/sasl/sasldb2 \
--with-saslauthd=/var/run &&
make
This package does not come with a test suite. If you are planning on using the GSSAPI authentication mechanism, it is recommended to test it after installing the package using the sample server and client programs which were built in the preceding step. Instructions for performing the tests can be found at http://www.linuxfromscratch.org/hints/downloads/files/cyrus-sasl.txt.
Now, as the root user:
make install &&
install -v -m644 saslauthd/saslauthd.8 /usr/share/man/man8 &&
install -v -m755 -d /usr/share/doc/cyrus-sasl-2.1.21 &&
install -v -m644 doc/{*.{html,txt,fig},ONEWS,TODO} \
saslauthd/LDAP_SASLAUTHD /usr/share/doc/cyrus-sasl-2.1.21 &&
install -v -m700 -d /var/lib/sasl
--with-dbpath=/var/lib/sasl/sasldb2: This parameter forces the saslauthd database to be created in /var/lib/sasl instead of /etc.
--with-saslauthd=/var/run: This parameter forces saslauthd to use the FHS compliant directory /var/run for variable run-time data.
--with-ldap: This parameter enables use with OpenLDAP.
--enable-ldapdb: This parameter enables the LDAPDB authentication backend. There is a circular dependency with this parameter which requires you to build the Cyrus SASL package, then the OpenLDAP package (with SASL support), then finally building the Cyrus SASL package again with this parameter.
install -v -m644 ...: These commands install documentation which is not installed by the make install command.
install -v -m700 -d /var/lib/sasl: This directory must exist when starting saslauthd. If you're not going to be running the daemon, you may omit the creation of this directory.
/etc/saslauthd.conf (for LDAP configuration) and /usr/lib/sasl2/Appname.conf (where "Appname" is the application defined name of the application)
See file:///usr/share/doc/cyrus-sasl-2.1.21/sysadmin.html for information on what to include in the application configuration files. See file:///usr/share/doc/cyrus-sasl-2.1.21/LDAP_SASLAUTHD for configuring saslauthd with OpenLDAP.
If you need to run the saslauthd daemon at system startup, install the /etc/rc.d/init.d/cyrus-sasl init script included in the blfs-bootscripts-6.1 package.
make install-cyrus-sasl
You'll need to modify the init script and replace the [authmech] parameter to the -a switch with your desired authentication mechanism.
The Stunnel package contains a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) so you can easily communicate with clients over secure channels. Stunnel can be used to add SSL functionality to commonly used Inetd daemons like POP-2, POP-3, and IMAP servers, to standalone daemons like NNTP, SMTP and HTTP, and in tunneling PPP over network sockets without changes to the server package source code.
Download (HTTP): http://www.stunnel.org/download/stunnel/src/stunnel-4.11.tar.gz
Download (FTP): ftp://stunnel.mirt.net/stunnel/stunnel-4.11.tar.gz
Download MD5 sum: 253c50435d4d81cba6f19ca34266e6dc
Download size: 484 KB
Estimated disk space required: 4.0 MB
Estimated build time: 0.1 SBU
The stunnel daemon will be run in a chroot jail by an unprivileged user. Create the new user, group and chroot home directory structure using the following commands as the root user:
groupadd -g 51 stunnel &&
useradd -c "Stunnel Daemon" -d /var/lib/stunnel \
-g stunnel -s /bin/false -u 51 stunnel &&
install -v -m700 -o stunnel -g stunnel -d /var/lib/stunnel/run
A signed SSL Certificate and a Private Key is necessary to run the stunnel daemon. If you own, or have already created a signed SSL Certificate you wish to use, copy it to /etc/stunnel/stunnel.pem before starting the build (ensure only root has read and write access), otherwise you will be prompted to create one during the installation process. The .pem file must be formatted as shown below:
-----BEGIN RSA PRIVATE KEY----- [many encrypted lines of unencrypted key] -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- [many encrypted lines of certificate] -----END CERTIFICATE----- -----BEGIN DH PARAMETERS----- [multiple encrypted lines of DH parameters] -----END DH PARAMETERS-----
Install Stunnel by running the following commands:
./configure --prefix=/usr --sysconfdir=/etc \
--localstatedir=/var/lib &&
make
This package does not come with a test suite.
Now, as the root user:
make install
--sysconfdir=/etc: This parameter forces the configuration directory to /etc instead of /usr/etc.
--localstatedir=/var/lib: This parameter causes the installation process to create /var/lib/stunnel instead of /usr/var/stunnel.
make install: This command installs the package and, if you did not copy an stunnel.pem file to the /etc/stunnel directory, prompts you for the necessary information to create one. Ensure you reply to the
Common Name (FQDN of your server) [localhost]:
prompt with the name or IP address you will be using to access the service(s).
Create a basic /etc/stunnel/stunnel.conf configuration file using the following commands:
cat >/etc/stunnel/stunnel.conf << "EOF" # File: /etc/stunnel/stunnel.conf pid = /run/stunnel.pid chroot = /var/lib/stunnel client = no setuid = stunnel setgid = stunnel EOF
Next, you need to add the service(s) you wish to encrypt to the configuration file. The format is as follows:
[[service]] accept = [hostname:portnumber] connect = [hostname:portnumber]
If you use Stunnel to encrypt a daemon started from [x]inetd, you may need to disable that daemon in the /etc/[x]inetd.conf file and enable a corresponding [service]_stunnel service. You may have to add an appropriate entry in /etc/services as well.
For a full explanation of the commands and syntax used in the configuration file, run man stunnel. To see a BLFS example of an actual setup of an stunnel encrypted service, read the the section called “Configuring SWAT” in the Samba instructions.
To automatically start the stunnel daemon when the system is rebooted, install the /etc/rc.d/init.d/stunnel bootscript from the blfs-bootscripts-6.1 package.
make install-stunnel
Journaling file systems reduce the time needed to recover a file system that was not unmounted properly. While this can be extremely important in reducing downtime for servers, it has also become popular for desktop environments. This chapter contains a variety of journaling file systems.
Ext3 is a journaling file system that is an extension to the ext2 file system. It is backward compatible with ext2 and the conversion from ext2 to ext3 is trivial.
You don't need to install anything to use ext3, all the required packages are available with a bare LFS system.
When building the kernel, ensure that you have compiled in ext3 support. If you want your root partition to be ext3, then compile the ext3 support in the kernel, else you may compile it as a module. Recompile the kernel if needed.
Edit your /etc/fstab. For each partition that you want to convert into ext3, edit the entry so that it looks similar to the following line.
/dev/hd[XX] /mnt_point ext3 defaults 1 1
In the above line, replace /dev/hd[XX] by the partition (e.g., /dev/hda2), /mnt_point by the mount point (e.g., /home). The 1 in the last field ensures that the partition will be checked for consistency during the boot process by the checkfs script as recommended by the maintainer. You may replace the ext3 fs type in the above by auto if you want to ensure that the partition is mounted even if you accidentally disable ext3 support in the kernel.
For each partition that you have converted to ext3 in /etc/fstab, enable the journal for the partition by running the following command.
tune2fs -j /dev/hd[XX]
Remount the concerned partitions, or simply reboot if you have recompiled the kernel to enable ext3 support.
More information is available at http://www.zip.com.au/~akpm/linux/ext3/ext3-usage.html. This information is still relevant to the 2.6 kernels.
The ReiserFS package contains various utilities for use with the Reiser file system.
Download (HTTP): http://ftp.namesys.com/pub/reiserfsprogs/reiserfsprogs-3.6.19.tar.gz
Download (FTP): ftp://ftp.namesys.com/pub/reiserfsprogs/reiserfsprogs-3.6.19.tar.gz
Download MD5 sum: b42cf15f6651c3ceff5cb84996c0d539
Download size: 400 KB
Estimated disk space required: 7.9 MB
Estimated build time: 0.16 SBU
Install ReiserFS by running the following commands:
./configure --prefix=/usr --sbindir=/sbin && make
Now, as the root user:
make install && ln -sf reiserfsck /sbin/fsck.reiserfs && ln -sf mkreiserfs /sbin/mkfs.reiserfs
--prefix=/usr: This ensures that the manual pages are installed in the correct location while still installing the programs in /sbin as they should be.
--sbindir=/sbin: This ensures that the ReiserFS utilities are installed in /sbin as they should be.
The XFS package contains administration and debugging tools for the XFS file system.
Download (HTTP): http://mirrors.sunsite.dk/xfs/download/cmd_tars/xfsprogs-2.6.25.src.tar.gz
Download (FTP): ftp://oss.sgi.com/projects/xfs/download/cmd_tars/xfsprogs-2.6.25.src.tar.gz
Download MD5 sum: 65fbf692f348b57f21edd4813733d9ae
Download size: 833 KB
Estimated disk space required: 25.2 MB
Estimated build time: 0.59 SBU
Install XFS by running the following commands:
sed -i 's/autoconf//' Makefile && make
Now, as the root user:
make install
sed -i 's/autoconf//' Makefile: This command disables running autoconf because it is unnecessary.
This chapter is referenced in the LFS book for those wishing to use other editors on their LFS system. You're also shown how some LFS installed programs benefit from being recompiled after GUI libraries have been installed.
The Vim package, which is an abbreviation for VI IMproved, contains a vi clone with extra features as compared to the original vi.
The default LFS instructions install vim as a part of the base system. If you would prefer to link vim against X, you should recompile vim to enable GUI mode. There is no need for special instructions since X support is automatically detected.
Download (HTTP): http://ftp.at.vim.org/pub/vim/unix/vim-6.3.tar.bz2
Download (FTP): ftp://ftp.vim.org/pub/vim/unix/vim-6.3.tar.bz2
Download MD5 sum: 821fda8f14d674346b87e3ef9cb96389
Download size: 3.7 MB
Estimated disk space required: 48 MB
Estimated build time: 0.59 SBU
Required patch: http://www.linuxfromscratch.org/blfs/downloads/6.1/vim-6.3-security_fix-1.patch
Translated Vim messages: http://ftp.at.vim.org/pub/vim/extra/vim-6.3-lang.tar.gz
X (XFree86-4.5.0 or X.org-6.8.2)
GTK+-2.6.7, LessTif-0.94.4, Python-2.4.1, Tcl-8.4.11, Ruby-1.8.2 and GPM-1.20.1
If you recompile Vim to link against X, and your X libraries are not on the root partition, you will no longer have an editor for use in emergencies. You may choose to install an additional editor, not link Vim against X, or move the current vim executable to the /bin directory under a different name such as vi.
If desired, unpack the translated messages archive:
tar -zxf ../vim-6.3-lang.tar.gz --strip-components=1
Install Vim by running the following commands:
echo '#define SYS_VIMRC_FILE "/etc/vimrc"' >> src/feature.h && echo '#define SYS_GVIMRC_FILE "/etc/gvimrc"' >> src/feature.h && patch -Np1 -i ../vim-6.3-security_fix-1.patch && ./configure --prefix=/usr --with-features=huge && make
Now, as the root user:
make install
--with-features=huge: This switch enables all the additional features available in Vim.
--enable-gui=no: If you prefer not to link Vim against X, use this switch.
A list of the reinstalled files, along with their short descriptions can be found at ../../../../lfs/view/stable/chapter06/vim.html#contents-vim.
The Emacs package contains an extensible, customizable, self-documenting real-time display editor.
Download (HTTP): http://ftp.gnu.org/pub/gnu/emacs/emacs-21.4a.tar.gz
Download (FTP): ftp://ftp.gnu.org/pub/gnu/emacs/emacs-21.4a.tar.gz
Download MD5 sum: 5ec2c01f7604cf207628de0e82181647
Download size: 20 MB
Estimated disk space required: 96.8 MB
Estimated build time: 4.20 SBU
X (XFree86-4.5.0 or X.org-6.8.2), libjpeg-6b, libpng-1.2.8, libtiff-3.7.3, and libungif-4.1.3 or giflib-4.1.3
Install Emacs by running the following commands:
./configure --prefix=/usr --libexecdir=/usr/sbin && make bootstrap
Now, as the root user:
make install
The nano package contains a small, simple text editor which aims to replace Pico, the default editor in the Pine package.
Download (HTTP): http://www.nano-editor.org/dist/v1.2/nano-1.2.5.tar.gz
Download (FTP): ftp://ftp.uni-koeln.de/editor/nano-1.2.5.tar.gz
Download MD5 sum: f2b3efbf1cf356d736740d531b6b22c4
Download size: 891 KB
Estimated disk space required: 5.1 MB
Estimated build time: 0.1 SBU
Install nano by running the following commands:
./configure --prefix=/usr --sysconfdir=/etc/nano \
--enable-color --enable-multibuffer --enable-nanorc &&
make
This package does not come with a test suite.
Now, as the root user:
make install && install -v -m644 -D nanorc.sample /etc/nano/nanorc.sample && install -v -m755 -d /usr/share/doc/nano-1.2.5 && install -v -m644 *.html /usr/share/doc/nano-1.2.5
Example configuration (create as a system-wide /etc/nano/nanorc or a personal ~/.nanorc file)
set autoindent set const set fill 72 set historylog set multibuffer set nohelp set regexp set smooth set suspend
Another example is the nanorc.sample file in the /etc/nano directory. It includes color configurations and has some documentation included in the comments.
JOE (Joe's own editor) is a small text editor capable of emulating WordStar, Pico, and Emacs.
Download (HTTP): http://prdownloads.sourceforge.net/joe-editor/joe-3.3.tar.gz
Download MD5 sum: 02221716679c039c5da00c275d61dbf4
Download size: 468 KB
Estimated disk space required: 6.4 MB
Estimated build time: 0.15 SBU
Install JOE by running the following commands:
./configure --sysconfdir=/etc --prefix=/usr && make
This package does not come with a test suite.
Now, as the root user:
make install
Ed is a line-oriented text editor. It is used to create, display, modify and otherwise manipulate text files, both interactively and via shell scripts. Ed isn't something which many people use. It's described here because it can be used by the patch program if you encounter an ed-based patch file. This happens rarely because diff-based patches are preferred these days.
Download (HTTP): http://ftp.gnu.org/pub/gnu/ed/ed-0.2.tar.gz
Download (FTP): ftp://ftp.gnu.org/pub/gnu/ed/ed-0.2.tar.gz
Download MD5 sum: ddd57463774cae9b50e70cd51221281b
Download size: 182 KB
Estimated disk space required: 2.9 MB
Estimated build time: 0.02 SBU
Ed normally uses the mktemp function to create temporary files in /tmp, but this function contains a vulnerability (see the section on Temporary Files at http://en.tldp.org/HOWTO/Secure-Programs-HOWTO/avoid-race.html). Apply the following patch to make Ed use mkstemp instead, a secure way to create temporary files:
patch -Np1 -i ../ed-0.2-mkstemp-1.patch
Install Ed by running the following commands:
./configure --prefix=/usr --exec-prefix="" && make
Now, as the root user:
make install
--exec-prefix="": This forces the programs to be installed into the /bin directory. Having the programs available there is useful in the event of the /usr partition being unavailable.
The Bluefish package contains a powerful X Window System editor designed for web designers, but also suitable as a programmer's editor. Bluefish supports many programming and markup languages, and as such is ideal for editing XML and HTML files.
Download (HTTP): http://pkedu.fbt.eitn.wau.nl/~olivier/downloads/bluefish-1.0.2.tar.bz2
Download (FTP): ftp://ftp.ratisbona.com/pub/bluefish/downloads/bluefish-1.0.2.tar.bz2
Download MD5 sum: 281d72f5c45c913671c36bc6b7b45445
Download size: 1.4 MB
Estimated disk space required: 23.0 MB
Estimated build time: 0.3 SBU
GTK+-2.6.7 and PCRE-6.1
GNOME Virtual File System-2.10.1 (for remote files), Aspell-0.60.3 (for spellchecking), libgnomeui-2.10.0, GNOME MIME Data-2.4.2, desktop-file-utils-0.10 and shared-mime-info-0.16
Install Bluefish by running the following commands:
./configure --prefix=/usr && make
This package does not come with a test suite.
Now, as the root user:
make install
We are all familiar with the Bourne Again SHell, but there are two other user interfaces that are considered useful modern shells -- the Berkeley Unix C shell and the Korn shell. This chapter installs packages compatible with these additional shell types.
ash is a shell that is the most compliant with the Bourne Shell (not to be confused with Bourne Again SHell i.e., Bash installed in LFS) without any additional features. Bourne Shell is available on most commercial UNIX systems. Hence ash is useful for testing scripts to be sh-compliant. It also has small memory and space requirements compared to the other sh-compliant shells.
Download (FTP): ftp://distro.ibiblio.org/pub/linux/distributions/slackware/slackware_source/ap/ash/ash-0.4.0.tar.gz
Download MD5 sum: 1c59f5b62a081cb0cb3b053c01d79529
Download size: 118 KB
Estimated disk space required: 2.2 MB
Estimated build time: 0.06 SBU
Install ASH by running the following commands:
patch -Np1 -i ../ash-0.4.0-cumulative_fixes-1.patch && make
Now, as the root user:
install -v -m 755 sh /bin/ash && install -v -m 644 sh.1 /usr/share/man/man1/ash.1
If you would like to make ash the default sh shell, make a symlink.
ln -v -sf ash /bin/sh
The Tcsh package contains “an enhanced but completely compatible version of the Berkeley Unix C shell (csh)”. This is useful as an alternative shell for those who prefer C syntax to that of the bash shell, and also because some programs require the C shell in order to perform installation tasks.
Download (HTTP): http://gd.tuwien.ac.at/utils/shells/tcsh/tcsh-6.14.00.tar.gz
Download (FTP): ftp://ftp.funet.fi/pub/unix/shells/tcsh/tcsh-6.14.00.tar.gz
Download MD5 sum: 353d1bb7d2741bf8de602c7b6f0efd79
Download size: 859 KB
Estimated disk space required: 9 MB
Estimated build time: 0.2 SBU
Install Tcsh by running the following commands:
./configure --prefix=/usr --bindir=/bin && make && sh ./tcsh.man2html
This package does not come with a test suite.
Now, as the root user:
make install && make install.man && ln -v -sf tcsh /bin/csh && ln -v -sf tcsh.1 /usr/man/man1/csh.1 && install -v -m755 -d /usr/share/doc/tcsh-6.14.00/html && install -v -m644 tcsh.html/* /usr/share/doc/tcsh-6.14.00/html && install -v -m644 FAQ /usr/share/doc/tcsh-6.14.00
--bindir=/bin: This installs the tcsh program in /bin instead of /usr/bin.
sh ./tcsh.man2html: This creates HTML documentation from the formatted man page.
ln -v -sf tcsh /bin/csh: The FHS states that if there is a C shell installed, there should be a symlink from /bin/csh to it. This creates that symlink.
There are numerous configuration files for the C shell. Examples of these are /etc/csh.cshrc, /etc/csh.login, /etc/csh.logout, ~/.tcshrc, ~/.cshrc, ~/.history, ~/.cshdirs, ~/.login, and ~/.logout. More information on these files can be found in the tcsh(1) man page.
The ZSH package contains a command interpreter (shell) usable as an interactive login shell and as a shell script command processor. Of the standard shells, ZSH most closely resembles KSH but includes many enhancements.
Download (HTTP): http://prdownloads.sourceforge.net/zsh/zsh-4.2.5.tar.bz2
Download MD5 sum: e2060f743dcdf3b383e80e862a6548fe
Download size: 2.0 MB
Estimated disk space required: 24 MB
Estimated build time: 0.5 SBU
Install ZSH by running the following commands:
./configure --prefix=/usr && make
To test the results, issue: make check.
Now, as the root user:
make install && make install.info
There are a whole host of configuration files for ZSH including /etc/zshenv, /etc/zprofile, /etc/zshrc, /etc/zlogin, and /etc/zlogout. You can find more information on these in the zsh(1) and related man pages.
Libraries contain code which is often required by more than one program. This has the advantage that each program doesn't need to duplicate code (and risk introducing bugs), it just has to call functions from the libraries installed on the system. The most obvious example of a set of libraries is Glibc which is installed during the LFS book. This contains all of the C library functions which programs use.
There are two types of libraries: static and shared. Shared libraries (usually libXXX.so) are loaded into memory from the shared copy at runtime (hence the name). Static libraries (libXXX.a ) are actually linked into the program executable file itself, thus making the program file larger. Quite often, you will find both static and shared copies of the same library on your system.
Generally, you only need to install libraries when you are installing software that needs the functionality they supply. In the BLFS book, each package is presented with a list of (known) dependencies. Thus, you can figure out which libraries you need to have before installing that program. If you are installing something without using BLFS instructions, usually the README or INSTALL file will contain details of the program's requirements.
There are certain libraries which nearly everyone will need at some point. In this chapter we list these and some others and explain why you may want to install them.
The PCRE package contains Perl Compatible Regular Expression libraries. These are useful for implementing regular expression pattern matching using the same syntax and semantics as Perl 5.
Download (FTP): ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-6.1.tar.bz2
Download MD5 sum: 069a8c34df7ec4bd0dad8f26c64c9dd3
Download size: 543 KB
Estimated disk space required: 11.4 MB
Estimated build time: 0.3 SBU
Install PCRE by running the following commands:
./configure --prefix=/usr --enable-utf8 && make
To test the results, issue: make runtest.
Now, as the root user:
make install &&
install -v -m755 -d /usr/share/doc/pcre-6.1/html &&
install -v -m644 doc/html/* /usr/share/doc/pcre-6.1/html &&
install -v -m644 doc/{Tech.Notes,*.txt} /usr/share/doc/pcre-6.1
If you reinstall Grep after installing PCRE, Grep will get linked against PCRE and may cause problems if /usr is a separate mount point. To avoid this, either pass the option --disable-perl-regexp when executing ./configure for Grep or move libpcre to /lib as follows.
mv -v /usr/lib/libpcre.so.* /lib/ && ln -v -sf ../../lib/libpcre.so.0 /usr/lib/libpcre.so
--enable-utf8: This switch includes the code for handling UTF-8 character strings in the library.
The popt package contains the popt libraries which are used by some programs to parse command-line options.
Download (HTTP): http://ftp.debian.org/debian/pool/main/p/popt/popt_1.7.orig.tar.gz
Download (FTP): ftp://ftp.debian.org/debian/pool/main/p/popt/popt_1.7.orig.tar.gz
Download MD5 sum: 5988e7aeb0ae4dac8d83561265984cc9
Download size: 562 KB
Estimated disk space required: 5.5 MB
Estimated build time: 0.17 SBU
Patch level upgrade: http://ftp.debian.org/debian/pool/main/p/popt/popt_1.7-5.diff.gz
Install popt by running the following commands:
patch -Np1 -i ../popt_1.7-5.diff && ./configure --prefix=/usr && cp configure.in configure.ac && touch configure.in configure.ac && make
To test the results, issue: make check.
Now, as the root user:
make install
cp configure.in configure.ac: Because configure.in is updated with the patch, this file is needed for make to work properly.
touch configure.in configure.ac: Ensure file timestamps are the same.
The slang package contains the slang library, which provides facilities such as display/screen management, keyboard input, and keymaps.
Download (HTTP): http://gd.tuwien.ac.at/editors/davis/slang/v1.4/slang-1.4.9.tar.bz2
Download (FTP): ftp://space.mit.edu/pub/davis/slang/v1.4/slang-1.4.9.tar.bz2
Download MD5 sum: 4fbb1a7f1257e065ca830deefe13d350
Download size: 624 KB
Estimated disk space required: 10.7 MB
Estimated build time: 0.2 SBU
Install slang by running the following commands:
./configure --prefix=/usr && make
This package does not come with a test suite.
Now, as the root user:
make install
Now, as the unprivileged user:
make elf
And finally, as the root user:
make install-elf && chmod 755 /usr/lib/libslang.so.1.4.9
make elf and make install-elf: These commands create and install the dynamic shared library version of slang.
As with most libraries, there is no configuration to do, save that the library directory i.e., /opt/lib or /usr/local/lib should appear in /etc/ld.so.conf so that ldd can find the shared libraries. After checking that this is the case, /sbin/ldconfig should be run while logged in as root.
The FAM package contains a File Alteration Monitor which is useful for notifying applications of changes to the file system.
Download (HTTP): http://gd.tuwien.ac.at/opsys/linux/gentoo/distfiles/fam-2.7.0.tar.gz
Download (FTP): ftp://oss.sgi.com/projects/fam/download/stable/fam-2.7.0.tar.gz
Download MD5 sum: 1bf3ae6c0c58d3201afc97c6a4834e39
Download size: 301 KB
Estimated disk space required: 7.7 MB
Estimated build time: 0.26 SBU
Dnotify patch (Recommended): http://www.linuxfromscratch.org/blfs/downloads/6.1/fam-2.7.0-dnotify-1.patch
Install FAM by running the following commands:
patch -Np1 -i ../fam-2.7.0-dnotify-1.patch && chmod -v 755 configure && autoreconf -f -i && ./configure --prefix=/usr --sysconfdir=/etc && make
Now, as the root user:
make install
patch -Np1 -i ../fam-2.7.0-dnotify-1.patch: This patch enables FAM to use the Linux kernel dnotify mechanism to inform the calling process of file modifications, rather than polling the file system for modifications.
chmod -v 755 configure: configure is set to read-only and autoreconf will fail if the permissions aren't changed.
autoreconf -f -i: The autotools need rebuilding because the dnotify patch affects configure.ac and Makefile.am.
Configuring the File Alteration Monitor. Perform the following instructions as the root user.
If you use inetd, add the FAM entry to /etc/inetd.conf with the following command:
echo "sgi_fam/1-2 stream rpc/tcp wait root /usr/sbin/famd fam" \
>> /etc/inetd.conf
If you use xinetd, the following command will create the FAM file as /etc/xinetd.d/sgi_fam (be sure the nogroup group exists):
cat >> /etc/xinetd.d/sgi_fam << "EOF"
# Begin /etc/xinetd.d/sgi_fam
# description: FAM - file alteration monitor
service sgi_fam
{
type = RPC UNLISTED
socket_type = stream
user = root
group = nogroup
server = /usr/sbin/famd
wait = yes
protocol = tcp
rpc_version = 2
rpc_number = 391002
}
# End /etc/xinetd.d/sgi_fam
EOF
If you do not have an inetd daemon installed and have no wish to install one, you can also start famd during system startup by installing the /etc/rc.d/init.d/fam init script included in the blfs-bootscripts-6.1 package.
make install-fam
The libxml package contains the libxml libraries. These are useful for parsing XML files.
Download (HTTP): http://ftp.gnome.org/pub/GNOME/sources/libxml/1.8/libxml-1.8.17.tar.bz2
Download (FTP): ftp://ftp.gnome.org/pub/GNOME/sources/libxml/1.8/libxml-1.8.17.tar.bz2
Download MD5 sum: c7d1b9b1cbfcfbbc56c92f424c37d32c
Download size: 743 KB
Estimated disk space required: 14 MB
Estimated build time: 0.3 SBU
Install libxml by running the following commands:
./configure --prefix=/usr && make
To test the results, issue: make check.
Now, as the root user:
make install
The libxml2 package contains XML libraries. These are useful for parsing XML files.
Download (HTTP): http://ftp.gnome.org/pub/GNOME/sources/libxml2/2.6/libxml2-2.6.20.tar.bz2
Download (FTP): ftp://ftp.gnome.org/pub/GNOME/sources/libxml2/2.6/libxml2-2.6.20.tar.bz2
Download MD5 sum: 342f722d1770071be19253f229fef677
Download size: 3.0 MB
Estimated disk space required: 79.3 MB
Estimated build time: 0.50 SBU (additional 0.65 SBU to run the testsuite)
Install libxml2 by running the following commands:
./configure --prefix=/usr --with-history && make
To test the results, issue: make check.
Now, as the root user:
make install
The libxslt package contains XSLT libraries. These are useful for extending libxml2 libraries to support XSLT files.
Download (HTTP): http://ftp.gnome.org/pub/GNOME/sources/libxslt/1.1/libxslt-1.1.14.tar.gz
Download (FTP): ftp://xmlsoft.org/libxslt-1.1.14.tar.gz
Download MD5 sum: db71660bb7d01ccd4e6be990af8d813b
Download size: 2.6 MB
Estimated disk space required: 36 MB
Estimated build time: 0.32 SBU
Install libxslt by running the following commands:
./configure --prefix=/usr && make
To test the results, issue: make check.
Now, as the root user:
make install
The GMP package contains math libraries. These have useful functions for arbitrary precision arithmetic.
Download (HTTP): http://ftp.gnu.org/gnu/gmp/gmp-4.1.4.tar.bz2
Download (FTP): ftp://ftp.gnu.org/gnu/gmp/gmp-4.1.4.tar.bz2
Download MD5 sum: 0aa7d3b3f5b5ec5951e7dddd6f65e891
Download size: 1.6 MB
Estimated disk space required: 60.8 MB
Estimated build time: 0.88 SBU (additional 0.81 SBU to run the testsuite)
Install GMP by running the following commands:
./configure --prefix=/usr --enable-cxx --enable-mpbsd && make
To test the results, issue: make check. Owing to various reports of mis-compilations, the maintainer strongly recommends running the test-suite and report any failures. The libraries should not be used in a production environment if there are problems running make check.
Now, as the root user:
make install
--enable-cxx: This parameter enables C++ support by building the libgmpxx libraries.
--enable-mpbsd: This parameter enables building the Berkeley MP compatibility (libmp) libraries.
The GDBM package contains the GNU Database Manager. This is a disk file format database which stores key/data-pairs in single files. The actual data of any record being stored is indexed by a unique key, which can be retrieved in less time than if it was stored in a text file.
Download (HTTP): http://ftp.gnu.org/gnu/gdbm/gdbm-1.8.3.tar.gz
Download (FTP): ftp://ftp.gnu.org/gnu/gdbm/gdbm-1.8.3.tar.gz
Download MD5 sum: 1d1b1d5c0245b1c00aff92da751e9aa1
Download size: 223 KB
Estimated disk space required: 2.75 MB
Estimated build time: 0.08 SBU
Install GDBM by running the following commands:
./configure --prefix=/usr && make
This package does not come with a test suite.
Now, as the root user:
make BINOWN=root BINGRP=root install
In addition, you may need to install the DBM and NDBM compatibility headers and library since some applications look for these older dbm routines.
make BINOWN=root BINGRP=root install-compat
make BINOWN=root BINGRP=root install: This command overrides the BINOWN and BINGRP variables in the Makefile changing ownership of the installed files to root instead of the bin user.
The glib package contains a low-level core library. This is useful for providing data structure handling for C, portability wrappers and interfaces for such runtime functionality as an event loop, threads, dynamic loading, and an object system.
Download (HTTP): http://gd.tuwien.ac.at/graphics/gimp/gtk/v1.2/glib-1.2.10.tar.gz
Download (FTP): ftp://ftp.gtk.org/pub/gtk/v1.2/glib-1.2.10.tar.gz
Download MD5 sum: 6fe30dad87c77b91b632def29dd69ef9
Download size: 412 KB
Estimated disk space required: 6.4 MB
Estimated build time: 0.19 SBU
Install glib by running the following commands:
patch -Np1 -i ../glib-1.2.10-gcc34-1.patch && ./configure --prefix=/usr && make
To test the results, issue: make check.
Now, as the root user:
make install && chmod -v 755 /usr/lib/libgmodule-1.2.so.0.0.10
The glib package contains a low-level core library. This is useful for providing data structure handling for C, portability wrappers and interfaces for such runtime functionality as an event loop, threads, dynamic loading, and an object system.
Download (HTTP): http://gd.tuwien.ac.at/graphics/gimp/gtk/v2.6/glib-2.6.4.tar.bz2
Download (FTP): ftp://ftp.gtk.org/pub/gtk/v2.6/glib-2.6.4.tar.bz2
Download MD5 sum: af7eeb8aae764ff763418471ed6eb93d
Download size: 2.3 MB
Estimated disk space required: 40.9 MB
Estimated build time: 2.82 SBU (includes rebuilding documentation)
Install glib by running the following commands:
./configure --prefix=/usr && make
To test the results, issue: make check.
Now, as the root user:
make install
--enable-gtk-doc: This switch will rebuild the API documentation during the make command.
The libIDL package contains libraries for Interface Definition Language files. This is a specification for defining portable interfaces.
Download (HTTP): http://ftp.gnome.org/pub/GNOME/sources/libIDL/0.8/libIDL-0.8.5.tar.bz2
Download (FTP): ftp://ftp.gnome.org/pub/GNOME/sources/libIDL/0.8/libIDL-0.8.5.tar.bz2
Download MD5 sum: c63f6513dc7789d0575bea02d62d58d7
Download size: 332 KB
Estimated disk space required: 4.9 MB
Estimated build time: 0.13 SBU
Install libIDL by running the following commands:
./configure --prefix=/usr && make
This package does not come with a test suite.
Now, as the root user:
make install
The libcroco package contains libcroco libraries. This is useful for providing a CSS API.
Download (HTTP): http://ftp.gnome.org/pub/gnome/sources/libcroco/0.6/libcroco-0.6.0.tar.bz2
Download (FTP): ftp://ftp.gnome.org/pub/gnome/sources/libcroco/0.6/libcroco-0.6.0.tar.bz2
Download MD5 sum: 78fb2bf78d469df83b1fc94ce196c1c4
Download size: 360 KB
Estimated disk space required: 8.7 MB
Estimated build time: 0.22 SBU
Install libcroco by running the following commands:
./configure --prefix=/usr && make
This package does not come with a test suite.
Now, as the root user:
make install
The libgsf package contains libgsf libraries. These are useful for providing an extensible input/output abstraction layer for structured file formats.
Download (HTTP): http://ftp.gnome.org/pub/gnome/sources/libgsf/1.12/libgsf-1.12.0.tar.bz2
Download (FTP): ftp://ftp.gnome.org/pub/gnome/sources/libgsf/1.12/libgsf-1.12.0.tar.bz2
Download MD5 sum: 34c4672edd2e4e814fb82d7b94d71ffd
Download size: 428 KB
Estimated disk space required: 10.1 MB
Estimated build time: 0.3 SBU
GNOME Virtual File System-2.10.1 (required for GNOME-2 support) and GTK-Doc-1.3
Install libgsf by running the following commands:
./configure --prefix=/usr && make
This package does not come with a test suite.
Now, as the root user:
make install
The libglade package contains libglade libraries. These are useful for loading Glade interface files in a program at runtime.
Download (HTTP): http://ftp.gnome.org/pub/GNOME/sources/libglade/2.5/libglade-2.5.1.tar.bz2
Download (FTP): ftp://ftp.gnome.org/pub/GNOME/sources/libglade/2.5/libglade-2.5.1.tar.bz2
Download MD5 sum: e4734a59f1f2308d7714dc0ebf8163f1
Download size: 317 KB
Estimated disk space required: 5.1 MB
Estimated build time: 0.15 SBU
Install libglade by running the following commands:
./configure --prefix=/usr && make
Now, as the root user:
make install
The expat package contains a stream oriented C library for parsing XML.
Download (HTTP): http://prdownloads.sourceforge.net/expat/expat-1.95.8.tar.gz
Download MD5 sum: aff487543845a82fe262e6e2922b4c8e
Download size: 314 KB
Estimated disk space required: 4.2 MB
Estimated build time: 0.08 SBU
Check (for running the test suite)
Install expat by running the following commands:
./configure --prefix=/usr && make
To test the results, issue: make check.
Now, as the root user:
make install
The libesmtp package contains the libesmtp libraries which are used by some programs to manage email submission to a mail transport layer.
Download (HTTP): http://www.stafford.uklinux.net/libesmtp/libesmtp-1.0.3r1.tar.bz2
Download MD5 sum: c07aa79293aa36298626fe5e68d6bfba
Download size: 270 KB
Estimated disk space required: 6.9 MB
Estimated build time: 0.16 SBU
Install libesmtp by running the following commands:
./configure --prefix=/usr && make
This package does not come with a test suite.
Now, as the root user:
make install
The Aspell package contains an interactive spell checking program and the Aspell libraries. Aspell can either be used as a library or as an independent spell checker.
Download (HTTP): http://ftp.gnu.org/gnu/aspell/aspell-0.60.3.tar.gz
Download (FTP): ftp://ftp.gnu.org/gnu/aspell/aspell-0.60.3.tar.gz
Download MD5 sum: ca44ac2fcfdc7213e03d3b5610ce141a
Download size: 1.6 MB
Estimated disk space required: 26.0 MB (Additional 8 MB for en dict)
Estimated build time: 0.62 SBU
You'll need to download at least one dictionary. The link below will take you to a page containing links to dictionaries in many languages.
Aspell dictionaries: ftp://ftp.gnu.org/gnu/aspell/dict
Install Aspell by running the following commands:
./configure --prefix=/usr && make
Now, as the root user:
make install
If you do not plan to install Ispell, then copy the wrapper script ispell:
install -v -m 755 scripts/ispell /usr/bin/
If you do not plan to install Spell, then copy the wrapper script spell:
install -v -m 755 scripts/spell /usr/bin/
The ispell package contains a spell checker that can handle international languages.
Download (HTTP): http://membled.com/work/patches/ispell/ispell-3.2.06.epa7.tar.bz2
Download MD5 sum: d5d867e62776524f60b3b5dcc3d8014f
Download size: 1.2 MB
Estimated disk space required: 11 MB
Estimated build time: less than 0.1 SBU
The first step is to create local.h.
sed -e "s:/usr/local:/usr:g" -e "s:/lib:/share/ispell:" \
local.h.linux > local.h
By default, ispell only installs an American English dictionary. To set up other languages, check out the config.X file for the #define entry to append to local.h.
Build ispell using the following commands:
make
To test the build, issue: make test.
Now, as the root user:
make install
sed -e "s:/usr/local:/usr:g" -e "s:/lib:/share/ispell:" local.h.linux > local.h: This command corrects the installation directories of the package.
The SLIB package is a portable library for the programming language Scheme. It provides a platform independent framework for using “packages” of Scheme procedures and syntax. SLIB contains useful packages for all Scheme implementations, including Guile. Its catalog can be transparently extended to accommodate packages specific to a site, implementation, user or directory.
Download (HTTP): http://swiss.csail.mit.edu/ftpdir/scm/OLD/slib3a1.tar.gz
Download MD5 sum: dc1aa0ffb9e2414223ceefc315f6baf9
Download size: 705 KB
Estimated disk space required: 8.6 MB
Estimated build time: 0.01 SBU
Install SLIB by issuing the following commands:
patch -Np1 -i ../slib-3a1-automate_install-1.patch && make
Now, as the root user:
make prefix=/usr/ install && make prefix=/usr/ catalogs && make prefix=/usr/ installinfo
make prefix=/usr/ catalogs: This command builds the SLIB Scheme implementation catalog.
make prefix=/usr/ installinfo: This commands installs the info documentation.
The G-Wrap package contains tools for exporting C libraries into Scheme interpreters.
Download (HTTP): http://www.gnucash.org/pub/g-wrap/source/g-wrap-1.3.4.tar.gz
Download MD5 sum: bf29b8b563cc27d9f7fd90a6243653aa
Download size: 403 KB
Estimated disk space required: 3.1 MB
Estimated build time: 0.1 SBU
Install G-Wrap by running the following commands:
./configure --prefix=/usr && make
To test the results, issue: make check.
Now, as the root user:
make install
LZO is a data compression library which is suitable for data decompression and compression in real-time. This means it favors speed over compression ratio.
Download (HTTP): http://www.oberhumer.com/opensource/lzo/download/lzo-2.01.tar.gz
Download (FTP): ftp://ftp.uni-koeln.de/util/arc/lzo-2.01.tar.gz
Download MD5 sum: 0068c3f5a6325323dcdad3a4c52ed51e
Download size: 591 KB
Estimated disk space required: 8.7 MB
Estimated build time: 0.28 SBU
NASM-0.98.39 and Dmalloc
Install LZO by running the following commands:
./configure --prefix=/usr --enable-shared && make
Now, as the root user:
make install && install -v -m755 -d /usr/share/doc/lzo-2.01 && install -v -m644 doc/* /usr/share/doc/lzo-2.01
The libusb package contains a library used by some applications for USB device access.
Download (HTTP): http://prdownloads.sourceforge.net/libusb/libusb-0.1.10a.tar.gz
Download MD5 sum: c6062b29acd2cef414bcc34e0decbdd1
Download size: 375 KB
Estimated disk space required: 7.4 MB (additional 1.3 MB to install documentation)
Estimated build time: 0.1 SBU
OpenJade-1.3.2 and DocBOOK SGML DTD-4.2
Install libusb by running the following commands:
./configure --prefix=/usr --disable-build-docs && make
If you wish to build the API documentation, issue the following command:
make apidox
Now, as the root user:
make install
If you built the HTML user manual, install it using the following commands as the root user:
install -v -d -m755 /usr/share/doc/libusb-0.1.10a/html && install -v -m644 doc/html/* /usr/share/doc/libusb-0.1.10a/html
If you built the API documentation, install it using the following commands as the root user:
install -v -d -m755 /usr/share/doc/libusb-0.1.10a/apidocs &&
install -v -m644 apidocs/html/* \
/usr/share/doc/libusb-0.1.10a/apidocs
--disable-build-docs: This switch avoids building the HTML user manual. If you wish to build the user manual, you may need to remove the OpenSP catalog definitions from the system SGML catalogs. Use the following command before building the package to accomplish this:
sed -i.orig \
-e "/CATALOG \/etc\/sgml\/OpenSP-1.5.1.cat/d" \
/etc/sgml/catalog \
/etc/sgml/sgml-docbook.cat
libusb requires the usbfs kernel filesystem to be mounted on /proc/bus/usb. Applications require the files in this directory to be accessible to the user, sometimes for both reading and writing. To restrict access to USB devices, ensure the usb group exits on your system. If necessary, create the usb group using the following command:
groupadd -g 14 usb
Ensure that you have compiled the “USB device filesystem” directly into the kernel or compiled it as a module (listing the resulting “usbcore” module in the /etc/sysconfig/modules file). You should also have an entry similar to the line below in your /etc/fstab file:
usbfs /proc/bus/usb usbfs devgid=14,devmode=0660 0 0
Depending on what your system will be used for, you may or may not require the graphics and font libraries. Most desktop machines will want them for use with graphical applications. Most servers on the other hand, will not require them.
The libjpeg package contains libraries that allow compression of image files based on the Joint Photographic Experts Group standard. It is a "lossy" compression algorithm.
Download (HTTP): http://www.photopost.com/jpegsrc.v6b.tar.gz
Download (FTP): ftp://ftp.uu.net/graphics/jpeg/jpegsrc.v6b.tar.gz
Download MD5 sum: dbd5f3b47ed13132f04c685d608a7547
Download size: 599 KB
Estimated disk space required: 4.6 MB
Estimated build time: 0.15 SBU
Install libjpeg by running the following commands:
./configure --prefix=/usr --enable-static --enable-shared && make
To test the results, issue: make test.
Now, as the root user:
make install
--enable-static --enable-shared: These switches tell libjpeg to build both shared and static libraries.
As with most libraries, there is no configuration to do, save that the library directory i.e., /opt/lib or /usr/local/lib should appear in /etc/ld.so.conf so that ldd can find the shared libraries. After checking that this is the case, /sbin/ldconfig should be run while logged in as root.
The libpng package contains libraries used by other programs for reading and writing PNG files.
Download (HTTP): http://prdownloads.sourceforge.net/libpng/libpng-1.2.8.tar.bz2
Download MD5 sum: 00cea4539bea4bd34cbf8b82ff9589cd
Download size: 376 KB
Estimated disk space required: 5.75 MB
Estimated build time: 0.13 SBU
Required Patch to explicitly link libpng against system libraries: http://www.linuxfromscratch.org/blfs/downloads/6.1/libpng-1.2.8-link_to_proper_libs-1.patch
Install libpng by running the following commands:
patch -Np1 -i ../libpng-1.2.8-link_to_proper_libs-1.patch &&
make prefix=/usr ZLIBINC= \
ZLIBLIB= -f scripts/makefile.linux
To test the results, issue: make -f scripts/makefile.linux test.
Now, as the root user:
make prefix=/usr install -f scripts/makefile.linux
ZLIBINC=; ZLIBLIB=: This forces libpng to look for the Zlib includes and libraries in the default locations (/usr/include and /usr/lib respectively).
-f scripts/makefile.linux: This points make at the Linux version of the Makefile as libpng doesn't use an Autoconf routine. Instead, it has various Makefiles for different platforms.
As with most libraries, there is no configuration to do, save that the library directory i.e., /opt/lib or /usr/local/lib should appear in /etc/ld.so.conf so that ldd can find the shared libraries. After checking that this is the case, /sbin/ldconfig should be run while logged in as root.
The libtiff package contains the TIFF libraries and associated utilities. The libraries are used by many programs for reading and writing TIFF files and the utilities are useful for general work with TIFF files.
Download (FTP): ftp://ftp.remotesensing.org/libtiff/tiff-3.7.3.tar.gz
Download MD5 sum: 8a4511793f4b20b91ddee0e53bc08dea
Download size: 1.3 MB
Estimated disk space required: 17.7 MB
Estimated build time: 0.5 SBU
libjpeg-6b, X (XFree86-4.5.0 or X.org-6.8.2) and freeglut-2.4.0
Install libtiff by running the following commands:
./configure --prefix=/usr && make
To test the results, issue: make check.
Now, as the root user:
make install
The libungif package contains libraries for reading all GIFs and writing non-compressed ones as well as programs for converting and working with GIF files. The libraries are useful for any graphics program wishing to deal with GIF files while the programs are useful for conversion purposes as well as cleaning up images.
The reason libungif only writes non-compressed GIFs is due to a legal issue with LZW compression (which Unisys claimed a patent on). Reading GIFs is not a problem as the decompression routines do not seem to be limited in this way. Note that this has in the past been disputed. The best way to avoid this whole mess is to simply use libungif for looking at GIF images on the web, while in any pages which you design, use the open source PNG format instead (which uses, not surprisingly, the libpng library) which has no patent issues at all.
Download (HTTP): http://prdownloads.sourceforge.net/libungif/libungif-4.1.3.tar.bz2
Download MD5 sum: 8c198831cc0495596c78134b8849e9ad
Download size: 430 KB
Estimated disk space required: 6.2 MB
Estimated build time: 0.16 SBU
X (XFree86-4.5.0 or X.org-6.8.2)
Install libungif by running the following commands:
./configure --prefix=/usr && make
This package does not come with a test suite.
Now, as the root user:
make install &&
install -v -m755 -d /usr/share/doc/libungif-4.1.3/html &&
install -v -m644 doc/*.{png,html} \
/usr/share/doc/libungif-4.1.3/html &&
install -v -m644 doc/*.txt \
/usr/share/doc/libungif-4.1.3
The giflib package contains libraries for reading and writing GIFs as well as programs for converting and working with GIF files. The libraries are useful for any graphics program wishing to deal with GIF files while the programs are useful for conversion purposes as well as cleaning up images.
Download (HTTP): http://prdownloads.sourceforge.net/libungif/giflib-4.1.3.tar.bz2
Download MD5 sum: 22efc9599ccf91d288374dcf0679abf1
Download size: 440 KB
Estimated disk space required: 6.2 MB
Estimated build time: 0.16 SBU
X (XFree86-4.5.0 or X.org-6.8.2)
Install giflib by running the following commands:
./configure --prefix=/usr && make
Now, as the root user:
make install &&
install -v -m755 -d /usr/share/doc/giflib-4.1.3/html &&
install -v -m644 doc/*.{png,html} \
/usr/share/doc/giflib-4.1.3/html &&
install -v -m644 doc/*.txt \
/usr/share/doc/giflib-4.1.3
The lcms library is used by other programs to provide color management facilities.
Download (HTTP): http://www.littlecms.com/lcms-1.14.tar.gz
Download MD5 sum: 5a803460aeb10e762d97e11a37462a69
Download size: 654 KB
Estimated disk space required: 18.4 MB
Estimated build time: 0.34 SBU (includes building the Python module)
Required patch (if building the Python module): http://www.linuxfromscratch.org/blfs/downloads/6.1/lcms-1.14-gcc343-1.patch
libtiff-3.7.3, libjpeg-6b and Python-2.4.1 (with SWIG)
Install lcms by running the following commands:
patch -Np1 -i ../lcms-1.14-gcc343-1.patch && ./configure --prefix=/usr && make
To test the results, issue: make check.
Now, as the root user:
make install && install -v -m755 -d /usr/share/doc/lcms-1.14 && install -v -m644 doc/* /usr/share/doc/lcms-1.14
The libmng libraries are used by programs wanting to read and write Multiple-image Network Graphics (MNG) files which are the animation equivalents to PNG files.
Download (HTTP): http://prdownloads.sourceforge.net/libmng/libmng-1.0.9.tar.gz
Download MD5 sum: ff1205ef70855a75c098ea09690413c6
Download size: 554 KB
Estimated disk space required: 7.1 MB
Estimated build time: 0.11 SBU
libjpeg-6b and lcms-1.14
Install libmng by running the following commands:
cp makefiles/makefile.linux Makefile && make
Now, as the root user:
make prefix=/usr install &&
install -v -m644 doc/man/*.3 /usr/share/man/man3 &&
install -v -m644 doc/man/*.5 /usr/share/man/man5 &&
install -v -m755 -d /usr/share/doc/libmng-1.0.9 &&
install -v -m644 doc/*.{png,txt} /usr/share/doc/libmng-1.0.9
cp makefiles/makefile.linux Makefile: There are no autotools shipped with this package. The Linux Makefile is copied to the root of the source tree, facilitating the installation.
install ...: The documentation files are not installed by the installation procedure, so they are copied manually.
The FreeType2 package contains a library to allow applications to properly render TrueType fonts.
Download (HTTP): http://prdownloads.sourceforge.net/freetype/freetype-2.1.10.tar.bz2
Download MD5 sum: a4012e7d1f6400df44a16743b11b8423
Download size: 1.0 MB
Estimated disk space required: 19.1 MB
Estimated build time: 0.3 SBU
Install FreeType2 by running the following commands:
sed -i -r 's:.*(#.*BYTE.*) .*:\1:' \
include/freetype/config/ftoption.h &&
./configure --prefix=/usr &&
make
This package does not come with a test suite.
Now, as the root user:
make install
sed -i -r 's:.*(#.*BYTE.*) .*:\1:' include/freetype/config/ftoption.h: Uncomments configuration options.
The Fontconfig package is a library for configuring and customizing font access.
Download (HTTP): http://fontconfig.org/release/fontconfig-2.3.2.tar.gz
Download MD5 sum: 7354f9f125ea78a8f2851cb9c31d4866
Download size: 942 KB
Estimated disk space required: 13.0 MB
Estimated build time: 0.2 SBU
The numbering system of Fontconfig is unusual. The beta versions of the package are numbered with a 9x in the last portion of the release number. This means that 2.3.90 is a beta release and the most current release is of the form 2.3.2
FreeType-2.1.10 and expat-1.95.8
If you have DocBook-utils installed and you remove the --disable-docs parameter from the configure command below, you must have SGMLSpm and JadeTeX-3.13 installed also, or the Fontconfig build will fail.
Install Fontconfig by running the following commands:
./configure --prefix=/usr --sysconfdir=/etc --disable-docs && make
To test the results, issue: make check.
Now, as the root user:
make install &&
install -v -m755 -d /usr/share/doc/fontconfig/fontconfig-devel &&
install -v -m644 doc/*.3 /usr/share/man/man3 &&
install -v -m644 doc/*.5 /usr/share/man/man5 &&
install -v -m644 doc/*.{html,pdf,txt} /usr/share/doc/fontconfig &&
install -v -m644 doc/fontconfig-devel/* \
/usr/share/doc/fontconfig/fontconfig-devel
--disable-docs: This switch avoids building the documentation (the release tarball includes pre-generated documentation).
The configuration file for Fontconfig is /etc/fonts/fonts.conf. Generally you do not want to edit this file. To put a new font directory in the configuration, create (or update) the /etc/fonts/local.conf file with your local information. The default location of fonts in Fontconfig is:
/usr/share/fonts
~/.fonts
X also includes an internal (and older) version of Fontconfig and unless it is explicitly disabled when building Xorg or XFree86, the internal version is created leaving two slightly incompatible libraries on your system. It is recommended that you only install one version.
The libart_lgpl package contains the libart libraries. These are useful for high-performance 2D graphics.
Download (HTTP): http://ftp.gnome.org/pub/GNOME/sources/libart_lgpl/2.3/libart_lgpl-2.3.17.tar.bz2
Download (FTP): ftp://ftp.gnome.org/pub/GNOME/sources/libart_lgpl/2.3/libart_lgpl-2.3.17.tar.bz2
Download MD5 sum: dfca42529393c8a8f59dc4dc10675a46
Download size: 289 KB
Estimated disk space required: 4.7 MB
Estimated build time: 0.14 SBU
Install libart_lgpl by running the following commands:
./configure --prefix=/usr && make
This package does not come with a test suite.
Now, as the root user:
make install
The librsvg package contains librsvg libraries and tools used to manipulate, convert and view Scalable Vector Graphic (SVG) images.
Download (HTTP): http://ftp.gnome.org/pub/GNOME/sources/librsvg/2.9/librsvg-2.9.5.tar.bz2
Download (FTP): ftp://ftp.gnome.org/pub/GNOME/sources/librsvg/2.9/librsvg-2.9.5.tar.bz2
Download MD5 sum: 44799d75e940eb4150acdae4f63cbe2a
Download size: 392 KB
Estimated disk space required: 9.8 MB
Estimated build time: 0.3 SBU
GTK+-2.6.7, libxml2-2.6.20, libart_lgpl-2.3.17 and popt-1.7-5
libcroco-0.6.0, libgsf-1.12.0, GNOME Virtual File System-2.10.1, libgnomeprintui-2.10.2, Mozilla-1.7.8, GTK-Doc-1.3 and DocBook-utils-0.6.14
Install librsvg by running the following commands:
./configure --prefix=/usr --sysconfdir=/etc \
--disable-gtk-doc &&
make
Now, as the root user:
make install
--disable-gtk-doc: This option prevents the rebuilding of documentation during the make command.
The Imlib package contains image libraries. These are useful for loading, rendering and dithering a wide variety of image data formats.
Download (HTTP): http://ftp.gnome.org/pub/GNOME/sources/imlib/1.9/imlib-1.9.15.tar.bz2
Download (FTP): ftp://ftp.gnome.org/pub/GNOME/sources/imlib/1.9/imlib-1.9.15.tar.bz2
Download MD5 sum: 7db987e6c52e4daf70d7d0f471238eae
Download size: 668 KB
Estimated disk space required: 12 MB
Estimated build time: 0.43 SBU
GTK+-1.2.10, and libungif-4.1.3 or giflib-4.1.3
Install Imlib by running the following commands:
./configure --prefix=/usr --sysconfdir=/etc/imlib && make
This package does not come with a test suite.
Now, as the root user:
make install &&
install -v -m755 -d /usr/share/doc/imlib-1.9.15 &&
install -v -m644 doc/{index.html,*.gif} /usr/share/doc/imlib-1.9.15
--sysconfdir=/etc/imlib: This installs and combines the configuration files into /etc/imlib instead of /usr/etc.
AAlib is a library to render any graphic into ASCII Art.
Download (HTTP): http://prdownloads.sourceforge.net/aa-project/aalib-1.4rc5.tar.gz
Download (FTP): ftp://ftp.ratmir.tver.ru/pub/FreeBsd/ports/distfiles/aalib-1.4rc5.tar.gz
Download MD5 sum: 9801095c42bba12edebd1902bcf0a990
Download size: 388 KB
Estimated disk space required: 6.5 MB
Estimated build time: 0.15 SBU
X (XFree86-4.5.0 or X.org-6.8.2), slang-1.4.9 and GPM-1.20.1
Install AAlib by running the following commands:
./configure --prefix=/usr && make
This package does not come with a test suite.
Now, as the root user:
make install
Imlib2 is a graphics library for fast file loading, saving, rendering and manipulation.
Download (HTTP): http://prdownloads.sourceforge.net/enlightenment/imlib2-1.2.1.tar.gz
Download MD5 sum: e32970d03d8aee2885782312d0a7f15f
Download size: 879 KB
Estimated disk space required: 12.5 MB
Estimated build time: 0.4 SBU
FreeType-2.1.10, libpng-1.2.8 and libjpeg-6b
X (XFree86-4.5.0 or X.org-6.8.2
libtiff-3.7.3, and libungif-4.1.3 or giflib-4.1.3
Install Imlib2 by running the following commands:
./configure --prefix=/usr && make
Now, as the root user:
make install &&
install -v -m755 -d /usr/share/doc/imlib2-1.2.1 &&
install -v -m644 doc/{*.gif,index.html} \
/usr/share/doc/imlib2-1.2.1
--without-x: Add this parameter if you do not have an X Window System installed.
The libexif package contains a library for parsing, editing, and saving EXIF data. Most digital cameras produce EXIF files, which are JPEG files with extra tags that contain information about the image. All EXIF tags described in EXIF standard 2.1 are supported.
Download (HTTP): http://prdownloads.sourceforge.net/libexif/libexif-0.6.12.tar.bz2
Download MD5 sum: 9f952ee8db0be7c53a075c34e8286d91
Download size: 378 KB
Estimated disk space required: 6 MB
Estimated build time: 0.1 SBU
Install libexif by running the following commands:
./configure --prefix=/usr && make
To test the results, issue: make check.
Now, as the root user:
make install
The FriBidi package is an implementation of the Unicode Bidirectional Algorithm (bidi). This is useful for supporting Arabic and Hebrew alphabets in other packages.
Download (HTTP): http://fribidi.org/download/fribidi-0.10.5.tar.gz
Download MD5 sum: 4f187c7e6bbb9d03bd1cd7ddc12d3069
Download size: 491 KB
Estimated disk space required: 4.4 MB
Estimated build time: less than 0.1 SBU
Install FriBidi by running the following commands:
./configure --prefix=/usr && make
To test the results, issue: make check.
Now, as the root user:
make install
| fribidi |
is a command-line interface to the libfribidi library and can be used to convert a logical string to visual output. |
| fribidi-config |
is used to acquire information about the installed libfribidi library. |
| libfribidi.[so,a] |
contains functions used to implement the Unicode Bidirectional Algorithm. |
This chapter contains various utilities that do not fit conveniently into other chapters. Programs include a command line calculator, several utilities for manipulating text and graphics, and a program to interface with a palm-pilot.
The bc package contains an arbitrary precision numeric processing language.
Download (HTTP): http://ftp.gnu.org/gnu/bc/bc-1.06.tar.gz
Download (FTP): ftp://ftp.gnu.org/gnu/bc/bc-1.06.tar.gz
Download MD5 sum: d44b5dddebd8a7a7309aea6c36fda117
Download size: 278 KB
Estimated disk space required: 2.31 MB
Estimated build time: 0.04 SBU
libedit (as an alternative to readline)
Install bc by running the following commands:
patch -Np1 -i ../bc-1.06-flex_invocation-1.patch && patch -Np1 -i ../bc-1.06-readline-1.patch && ./configure --prefix=/usr --with-readline && make
This package does not come with a test suite.
Now, as the root user:
make install
The rep-gtk package contains a Lisp and GTK binding. This is useful for extending GTK-2 and GDK libraries with Lisp. Starting at rep-gtk-0.15, the package contains the bindings to GTK and uses the same instructions. Both can be installed, if needed.
Download (HTTP): http://prdownloads.sourceforge.net/rep-gtk/rep-gtk-0.18.tar.gz
Download MD5 sum: 220b0d728656472c068e40823f0a3b22
Download size: 152 KB
Estimated disk space required: 7.7 MB
Estimated build time: 0.18 SBU
Install rep-gtk by running the following commands:
patch -Np1 -i ../rep-gtk-0.18-gtk2.4-1.patch && ./configure --prefix=/usr && make
This package does not come with a test suite.
Now, as the root user:
make install
Compface provides utilities and a library to convert from/to X-Face format, a 48x48 bitmap format used to carry thumbnails of email authors in a mail header.
Download (HTTP): http://www.ibiblio.org/pub/Linux/apps/graphics/convert/compface-1.4.tar.gz
Download MD5 sum: c45b54f67cc5d3580a18e4113219bc26
Download size: 28 KB
Estimated disk space required: 520 KB
Estimated build time: 0.01 SBU
Install Compface by running the following commands:
patch -Np1 -i ../compface-1.4-errno-2.patch && ./configure --prefix=/usr && make
This package does not come with a test suite.
Now, as the root user:
make install
ImageMagick is a collection of tools and libraries to read, write, and manipulate an image in various image formats. Image processing operations are available from the command line. Bindings to various programming languages are also available.
Download (HTTP): http://www.imagemagick.org/download/ImageMagick-6.2.3-5.tar.bz2
Download (FTP): ftp://ftp.imagemagick.net/pub/ImageMagick/ImageMagick-6.2.3-5.tar.bz2
Download MD5 sum: 599d9a01d825c138882374922c3cda96
Download size: 4.8 MB
Estimated disk space required: up to 150 MB (depends which dependencies are installed)
Estimated build time: up to 4 SBU (Additional 1.1 SBU for the test suite)
X (XFree86-4.5.0 or X.org-6.8.2)
lcms-1.14, ESP Ghostscript-7.07.1 or AFPL Ghostscript-8.51, libpng-1.2.8, libjpeg-6b, FreeType-2.1.10, libtiff-3.7.3, libxml2-2.6.20, Mozilla-1.7.8, TeX-3.0, GIMP-2.2.8, SANE-1.0.15, Wget-1.9.1, Enscript-1.6.4, libexif-0.6.12, GraphViz, FlashPIX (or FlashPIX library), Jasper, JBIG-KIT, libwmf, AutoTrace, RALCGM, DCRaw, Transfig, Gnuplot, hp2xx, html2ps, Netpbm, MPEG-2 Video Codec, POV-Ray, Utah Raster Toolkit (or source), txt2html, Radiance, corefonts, Electric Fence and Dmalloc
Install Imagemagick by running the following commands:
sed -i -e 's/\$(LIBLTDL) \$/\$/' Makefile.in && ./configure --prefix=/usr --with-modules && make
Now, as the root user:
make install
To test the results, as an unprivileged user, issue: make check.
sed -i -e 's/\$(LIBLTDL) \$/\$/' Makefile.in: The package will build and install a different version of the Libtool library in /usr/lib. This command forces the package to link to the installed version of libltdl, and not replace it.
--with-modules: Enables support for dynamically loadable modules.
The hd2u package contains an any to any text format converter.
Download (HTTP): http://www.megaloman.com/~hany/_data/hd2u/hd2u-1.0.0.tgz
Download MD5 sum: 21249099fbb04b98e30e35d6a89061dd
Download size: 54 KB
Estimated disk space required: 312 KB
Estimated build time: 0.1 SBU
Install hd2u by running the following commands:
./configure --prefix=/usr && make
This package does not come with a test suite.
Now, as the root user:
make install
The GTK-Doc package contains a code documentor. This is useful for extracting specially formatted comments from the code to create API documentation. This package is optional; if it is not installed, packages will not build the documentation. This does not mean that you will not have any documentation. If GTK-Doc is not available, the install process will copy any pre-built documentation to your system.
Download (HTTP): http://ftp.gnome.org/pub/GNOME/sources/gtk-doc/1.3/gtk-doc-1.3.tar.bz2
Download (FTP): ftp://ftp.gnome.org/pub/GNOME/sources/gtk-doc/1.3/gtk-doc-1.3.tar.bz2
Download MD5 sum: d105d5b28e7e023ab1b7e85fb65e45c3
Download size: 145 KB
Estimated disk space required: 1.6 MB
Estimated build time: less than 0.1 SBU
OpenJade-1.3.2, libxslt-1.1.14, DocBook XML DTD-4.4 and DocBook XSL Stylesheets-1.68.1
Install GTK-Doc by running the following commands:
./configure --prefix=/usr
Now, as the root user:
make install
The intltool package contains an internationalization tool. This is useful for extracting translatable strings from source files, collecting the extracted strings with messages from traditional source files (<source directory>/<package>/po) and merging the translations into .xml, .desktop and .oaf files.
Download (HTTP): http://ftp.gnome.org/pub/GNOME/sources/intltool/0.33/intltool-0.33.tar.bz2
Download (FTP): ftp://ftp.gnome.org/pub/GNOME/sources/intltool/0.33/intltool-0.33.tar.bz2
Download MD5 sum: 7d3b6d421b0fb9beee7faf97daab45e6
Download size: 126 KB
Estimated disk space required: 1.5 MB
Estimated build time: less than 0.1 SBU
Install intltool by running the following commands:
./configure --prefix=/usr && make
To test the results, issue: make check.
Now, as the root user:
make install
Screen is a terminal multiplexor that runs several separate processes, typically interactive shells, on a single physical character-based terminal. Each virtual terminal emulates a DEC VT100 plus several ANSI X3.64 and ISO 2022 functions and also supports configurable input and output translation, serial port support, configurable logging, multi-user support, and UTF-8 character encoding support (currently not supported by LFS). Screen sessions can be detached and resumed later on a different terminal.
Download (HTTP): http://ftp.gnu.org/pub/gnu/screen/screen-4.0.2.tar.gz
Download (FTP): ftp://ftp.gnu.org/pub/gnu/screen/screen-4.0.2.tar.gz
Download MD5 sum: ed68ea9b43d9fba0972cb017a24940a1
Download size: 825 KB
Estimated disk space required: 5.8 MB
Estimated build time: 0.2 SBU
Install Screen by running the following commands:
./configure --prefix=/usr --with-socket-dir=/var/run/screen \
--with-sys-screenrc=/etc/screenrc &&
sed -i -e "s%/usr/local/etc/screenrc%/etc/screenrc%" {etc,doc}/* &&
make
This package does not come with a test suite.
Now, as the root user:
make install && install -m 644 etc/etcscreenrc /etc/screenrc
--with-socket-dir=/var/run/screen: This option places the per-user sockets in a standard location.
--with-sys-screenrc=/etc/screenrc: This option places the global screenrc file in /etc.
sed -i -e "s%/usr/local/etc/screenrc%/etc/screenrc%" {etc,doc}/*: This command corrects the configuration and documention files to the location that is used here for the global screenrc file.
The HTML Tidy package contains a command line tool and libraries used to read HTML, XHTML and XML files and write cleaned up markup. It detects and corrects many common coding errors and strives to produce visually equivalent markup that is both W3C compliant and compatible with most browsers.
Download (HTTP): http://tidy.sourceforge.net/src/tidy_src_050722.tgz
Download MD5 sum: 0ef3bf907a8429b2bc1e66e43bfff3d7
Download size: 254 KB
Estimated disk space required: 10.3 MB
Estimated build time: 0.2 SBU
HTML Tidy is updated very frequently by its maintainers, and the source package listed above may not be available at the listed URL due to the release of a newer version. The most current source package can be always be downloaded from http://tidy.sourceforge.net/src/. If this version is newer than the version listed above, the following instructions should work, but have not yet been tested by BLFS. If you'd rather download the version listed above, you can find it at http://tidy.sourceforge.net/src/old/.
Documentation: http://tidy.sourceforge.net/docs/tidy_docs_050705.tgz
Download MD5 sum: 2e6533fc48b077ff6243deaf21a781de
Download size: 150 KB
The HTML Tidy documentation is contained in a separate tarball. Unpack both the source and docs tarballs before starting the build.
Install HTML Tidy by running the following commands:
patch -Np1 -i ../tidy-050722-prevent_PRE_newlines-1.patch && sh build/gnuauto/setup.sh && ./configure --prefix=/usr && make
This package does not come with a test suite.
Now, as the root user:
make install
If you have libxslt-1.1.14 installed, issue the following commands as an unprivileged user to build the man page and HTML documentation:
cd htmldoc && tidy -xml-help > tidy-help.xml && tidy -xml-config > tidy-config.xml && xsltproc -o tidy.1 tidy1.xsl tidy-help.xml && xsltproc -o quickref.html quickref-html.xsl tidy-config.xml && cd ..
If you built the man page and the Quick Reference HTML file, install the man page by issuing the following command as the root user:
install -v -m644 htmldoc/tidy.1 /usr/share/man/man1
Now finish the installation by installing the pre-built documentation as the root user:
install -v -m755 -d /usr/share/doc/tidy && cp -v -R htmldoc/* /usr/share/doc/tidy
sh build/gnuauto/setup.sh: This command prepares the source tree for building using the GNU “Auto” tools.
The desktop-file-utils package contains command line utilities for working with desktop entries. These utilities are used by GNOME-2 and other applications to manipulate the MIME-types application databases and help adhere to the desktop entries standards specification.
Download (HTTP): http://freedesktop.org/software/desktop-file-utils/releases/desktop-file-utils-0.10.tar.gz
Download MD5 sum: 8b930e9ad08ac6b8205dd00a1d694b0c
Download size: 341 KB
Estimated disk space required: 2.7 MB
Estimated build time: less than 0.1 SBU
GLib-2.6.4 and popt-1.7-5
Install desktop-file-utils by running the following commands:
./configure --prefix=/usr && make
Now, as the root user:
make install
The default location for the MIME-types application database is /usr/share/applications/mimeinfo.cache. If you are going to install, or have already installed, a desktop environment such as GNOME or KDE in a prefix other than /usr, you'll need to update the XDG_DATA_DIRS environment variable so that additional MIME-types application databases are properly maintained. Add the following to the system-wide or personal profile:
For GNOME:
XDG_DATA_DIRS=$XDG_DATA_DIRS:$GNOME_PREFIX/share export XDG_DATA_DIRS
For KDE:
XDG_DATA_DIRS=$XDG_DATA_DIRS:$KDE_PREFIX/share export XDG_DATA_DIRS
If you're installing both GNOME and KDE:
XDG_DATA_DIRS=$XDG_DATA_DIRS:$GNOME_PREFIX/share:$KDE_PREFIX/share export XDG_DATA_DIRS
The XScreenSaver is a modular screen saver and locker for the X Window System. It is highly customizable and allows the use of any program that can draw on the root window as a display mode. The purpose of XScreenSaver is to display pretty pictures on your screen when it is not in use, in keeping with the philosophy that unattended monitors should always be doing something interesting, just like they do in the movies. However, XScreenSaver can also be used as a screen locker, to prevent others from using your terminal while you are away.
Download (HTTP): http://www.jwz.org/xscreensaver/xscreensaver-4.21.tar.gz
Download (FTP): ftp://ftp.fu-berlin.de/unix/X11/graphics/xscreensaver/xscreensaver-4.21.tar.gz
Download MD5 sum: 3ea7d0bc9b7159523855296e175d7ac7
Download size: 4.3 MB
Estimated disk space required: 99.2 MB
Estimated build time: 1.0 SBU
bc-1.06 and libglade-2.5.1 (alternatively LessTif-0.94.4 but not recommended)
libjpeg-6b, GLE, Netpbm, XDaliClock, Linux-PAM-0.80, krb4, and Heimdal-0.7 or MIT krb5-1.4.1
Install XScreenSaver by running the following commands:
./configure --prefix=/usr --libexecdir=/usr/lib && make
Now, as the root user:
make install
--with-setuid-hacks: This switch allows some demos to be installed setuid root which is needed in order to ping other hosts.
--enable-locking: This switch provides support for locking the display.
The pilot-link package provides a suite of tools containing a series of conduits, libraries, and language bindings for moving information to and from your Palm device and your desktop or server/workstation system, as well as across a network.
Download (HTTP): http://downloads.pilot-link.org/pilot-link-0.11.8.tar.bz2
Download (FTP): ftp://ftp.fu-berlin.de/unix/linux/mirrors/gentoo/distfiles/pilot-link-0.11.8.tar.bz2
Download MD5 sum: 586f84add601e8b86da3093ab784e997
Download size: 649 KB
Estimated disk space required: 15 MB
Estimated build time: 0.5 SBU
libpng-1.2.8, JDK-1.5.0, Tcl-8.4.11, Python-2.4.1 and Electric Fence
You may need to configure the “USB_SERIAL_VISOR” device into the kernel before your system can communicate with your Palm device. Add this device by enabling the following kernel parameter setting and rebuilding the kernel (and modules, if applicable):
Device Drivers:
USB support:
USB Serial Converter support:
USB Handspring Visor / Palm m50x / Sony Client Driver
For additional information about connecting your USB Palm device, see: http://www.pilot-link.org/README.usb.
Install pilot-link by running the following commands:
patch -Np1 -i ../pilot-link-0.11.8-bindings_fix-1.patch && ./configure --prefix=/usr && make
To test the results, issue: make check.
Now, as the root user:
make install
--with-perl --with-java --with-tcl=/usr/lib --with-python: Use any or all of these options to enable the respective language bindings desired.
This chapter contains mainly hardware utilities. It also contains some applications used by other applications in the book for installation purposes.
The GPM (General Purpose Mouse daemon) package contains a mouse server for the console and xterm. It not only provides cut and paste support generally, but its library component is used by various software such as Links to provide mouse support to the application. It is useful on desktops, especially if following (Beyond) Linux From Scratch instructions; it's often much easier (and less error prone) to cut and paste between two console windows than to type everything by hand!
Download (FTP): ftp://arcana.linux.it/pub/gpm/gpm-1.20.1.tar.bz2
Download MD5 sum: 2c63e827d755527950d9d13fe3d87692
Download size: 556 KB
Estimated disk space required: 6.7 MB
Estimated build time: 0.09 SBU
Recommended Patch: http://www.linuxfromscratch.org/blfs/downloads/6.1/gpm-1.20.1-segfault-1.patch
Recommended Patch: http://www.linuxfromscratch.org/blfs/downloads/6.1/gpm-1.20.1-silent-1.patch
Install GPM by running the following commands:
patch -Np1 -i ../gpm-1.20.1-segfault-1.patch && patch -Np1 -i ../gpm-1.20.1-silent-1.patch && ./configure --prefix=/usr --sysconfdir=/etc && LDFLAGS="-lm" make
Now, as the root user:
make install && cp -v conf/gpm-root.conf /etc && ldconfig
LDFLAGS="-lm": The math library must be linked with gpm, as ceil() is used in some cursor scrolling logic.
Install the /etc/rc.d/init.d/gpm init script included in the blfs-bootscripts-6.1 package.
make install-gpm
/etc/gpm-root.conf and ~/.gpm-root: The default and individual user gpm-root configuration files.
/etc/sysconfig/mouse: This file contains the name of your mouse device and the protocol which it uses. To create this file, run the following as the root user:
cat > /etc/sysconfig/mouse << "EOF" # Begin /etc/sysconfig/mouse MDEVICE="[yourdevice]" PROTOCOL="[yourprotocol]" GPMOPTS="[additional options]" # End /etc/sysconfig/mouse EOF
Examples of values to set MDEVICE, PROTOCOL, and GPMOPTS to are:
MDEVICE="/dev/psaux" PROTOCOL="imps2" GPMOPTS=""
A list of which protocol values are known can be found by running gpm -t -help. The MDEVICE setting depends on which type of mouse you have. For example, /dev/ttyS0 for a serial mouse (on Windows this is COM1), /dev/input/mice is often used for USB mice and /dev/psaux for PS2 mice. GPMOPTS is the 'catch all' for any additional options that are needed for your hardware.
The Fcron package contains a periodical command scheduler which aims at replacing Vixie Cron.
Download (HTTP): http://fcron.free.fr/archives/fcron-2.9.7.src.tar.gz
Download (FTP): ftp://ftp.seul.org/pub/fcron/fcron-2.9.7.src.tar.gz
Download MD5 sum: 9ead65bd13ea6a3278e167f88c572ddb
Download size: 409 KB
Estimated disk space required: 3.6 MB
Estimated build time: 0.10 SBU
Fcron uses the cron facility of syslog to log all messages. Since LFS does not set up this facility in /etc/syslog.conf, it needs to be done prior to installing Fcron. This command will append the necessary line to the current /etc/syslog.conf (perform as the root user):
cat >> /etc/syslog.conf << "EOF" # Begin fcron addition to /etc/syslog.conf cron.* -/var/log/cron.log # End fcron addition EOF
The configuration file has been modified, so reloading the sysklogd daemon will activate the changes (again as the root user).
/etc/rc.d/init.d/sysklogd reload
For security reasons, an unprivileged user and group for Fcron should be created (perform as the root user):
groupadd -g 22 fcron && useradd -d /dev/null -c "Fcron User" -g fcron -s /bin/false -u 22 fcron
Install Fcron by running the following commands:
./configure --without-sendmail --with-boot-install=no && make
This package does not come with a test suite.
Now, as the root user:
make install
--without-sendmail: Fcron will use an installed MTA to email you the results of the fcron script. Omit the switch and use --with-sendmail=[/path/to/MTA] if you wish to utilize this feature.
--with-boot-install=no: This prevents installation of the bootscript included with the package.
There are no required changes in any of the config files. Configuration information can be found in the man page for fcron.conf.
The default text editor used is /usr/bin/vi, and this is installed by LFS.
fcron scripts are written using fcrontab. Refer to the fcrontab man page for proper parameters to address your situation.
If Linux-PAM is installed, two PAM configuration files are installed in /etc/pam.d. Alternatively if /etc/pam.d is not used, the installation will append two configuration sections to the exiting /etc/pam.conf file. You should ensure the files match your preferences. Modify them as required to suit your needs.
Install the /etc/rc.d/init.d/fcron init script from the blfs-bootscripts-6.1 package.
make install-fcron
The hdparm package contains a utility that is useful for controlling ATA/IDE controllers and hard drives both to increase performance and sometimes to increase stability.
As well as being useful, incorrect usage of hdparm can destroy your information and in rare cases, drives. Use with caution and make sure you know what you are doing. If in doubt, it is recommended that you leave the default kernel parameters alone.
Download (HTTP): http://prdownloads.sourceforge.net/hdparm/hdparm-6.1.tar.gz
Download MD5 sum: b883944bc26a480dcccae837c4ddf732
Download size: 40 KB
Estimated disk space required: 360 KB
Estimated build time: 0.1 SBU
Build hdparm by running the following command:
make
This package does not come with a test suite.
Now, as the root user:
make install
Note that by default, hdparm is installed in /sbin as some systems may require it during the boot process before /usr is mounted. If you wish to install hdparm under the /usr hierarchy, then replace the above command with the following:
make binprefix=/usr install
The presence or absence of the which program in the main LFS book is probably one of the most contentious issues on the mailing lists. It has resulted in at least one flame war in the past. To hopefully put an end to this once and for all, presented here are two options for equipping your system with which. The question of which “which” is for you to decide.
The first option is to install the actual GNU which package.
Download (HTTP): http://www.xs4all.nl/~carlo17/which/which-2.16.tar.gz
Download (FTP): ftp://ftp.gnu.org/gnu/which/which-2.16.tar.gz
Download MD5 sum: 830b83af48347a9a3520f561e47cbc9b
Download size: 123 KB
Estimated disk space required: 940 KB
Estimated build time: less than 0.1 SBU
Install which by running the following commands:
./configure --prefix=/usr && make
This package does not come with a test suite.
Now, as the root user:
make install
The second option (for those who don't want to install the package) is to create a simple script (execute as the root user):
cat > /usr/bin/which << "EOF"
#!/bin/bash
type -pa "$@" | head -n 1 ; exit ${PIPESTATUS[0]}
EOF
chmod -v 755 /usr/bin/which
chown -v root:root /usr/bin/which
This should work OK and is probably the easiest solution for most cases, but is not the most comprehensive implementation.
The UnZip package contains ZIP extraction utilities. These are useful for extracting files from ZIP archives. ZIP archives are created with PKZIP or Info-ZIP utilities primarily in a DOS environment.
Download (HTTP): http://www.mirrorservice.org/sites/ftp.info-zip.org/pub/infozip/src/unzip552.tar.gz
Download (FTP): ftp://ftp.info-zip.org/pub/infozip/src/unzip552.tar.gz
Download MD5 sum: 9d23919999d6eac9217d1f41472034a9
Download size: 1.1 MB
Estimated disk space required: 7.2 MB
Estimated build time: 0.09 SBU
Install UnZip by running the following commands:
patch -Np1 -i ../unzip-5.52-fix_Makefile-1.patch && patch -Np1 -i ../unzip-5.52-fix_libz-1.patch && patch -Np1 -i ../unzip-5.52-dont_make_noise-1.patch && cp -v unix/Makefile . && make prefix=/usr LOCAL_UNZIP=-DUSE_UNSHRINK linux && make prefix=/usr LOCAL_UNZIP=-DUSE_UNSHRINK linux_shlibz
To test the results, issue: LD_LIBRARY_PATH=$PWD && make check.
Now, as the root user:
make prefix=/usr LOCAL_UNZIP=-DUSE_UNSHRINK install && cp -v -d libunzip.so* /usr/lib
make prefix=/usr LOCAL_UNZIP=-DUSE_UNSHRINK linux: This command overrides the prefix variable that is set to /usr/local in the Makefile, sets the LOCAL_UNZIP environment variable to instruct UnZip to use the shrinking algorithm based on the LZW compression algorithm, and builds the executables for a Linux system. The alternatives to 'linux' can be seen with a make list command.
make ... linux_shlibz: Build shared libunzip and link UnZip against it and zlib.
The Zip package contains Zip utilities. These are useful for compressing files into ZIP archives.
Download (HTTP): http://www.mirrorservice.org/sites/ftp.info-zip.org/pub/infozip/src/zip231.tar.gz
Download (FTP): ftp://ftp.info-zip.org/pub/infozip/src/zip231.tar.gz
Download MD5 sum: 6bfc076664416251d7624ab3538d1cb9
Download size: 781 KB
Estimated disk space required: 4.1 MB
Estimated build time: 0.04 SBU
Install Zip by running the following commands:
sed -i -e 's@$(INSTALL) man/zip.1@$(INSTALL_PROGRAM) man/zip.1@' \
unix/Makefile &&
make prefix=/usr -f unix/Makefile generic_gcc
This package does not come with a test suite.
Now, as the root user:
make prefix=/usr -f unix/Makefile install
sed -i -e ... unix/Makefile: The Makefile has a bug which causes the installation to fail. This command fixes the problem.
make prefix=/usr -f unix/Makefile generic_gcc: This command overrides the prefix variable that is set to /usr/local in the unix/Makefile which is used as a Makefile and builds the executables for a Linux system. The alternatives to generic_gcc can be seen with a make -f unix/Makefile list command.
The PCI Utilities package is a set of programs for listing PCI devices, inspecting their status and setting their configuration registers.
Download (HTTP): http://www.kernel.org/pub/software/utils/pciutils/pciutils-2.1.11.tar.bz2
Download (FTP): ftp://ftp.kernel.org/pub/software/utils/pciutils/pciutils-2.1.11.tar.bz2
Download MD5 sum: 2b3b2147b7bc91f362be55cb49fa1c4e
Download size: 107 KB
Estimated disk space required: 1.04 MB
Estimated build time: 0.01 SBU
Install PCI Utilities by running the following commands:
make PREFIX=/usr
Now, as the root user:
make PREFIX=/usr install
Some packages require the PCI static library. To install the library and headers, issue the following commands as the root user:
install -v -m755 -d /usr/include/pci && install -v -m 644 lib/libpci.a /usr/lib && install -v -m 644 lib/*.h /usr/include/pci
The current version of PCI Utilities is a bit dated (2003). The application works quite well, but the default data file, pci.ids, is out of date. To get a current version of this file, run update-pciids as the root user. This program uses wget or lynx to fetch the most current file and place it in /usr/share.
| lspci |
is a utility for displaying information about all PCI buses in the system and all devices connected to them. |
| setpci |
is a utility for querying and configuring PCI devices. |
| update-pciids |
fetches the current version of the PCI ID list. Requires Wget-1.9.1 or Lynx-2.8.5. |
| libpci.a |
is the static library that allows applications to access the PCI subsystem. |
The Pkg-config package contains tools for passing the include path and/or library paths to build tools during the make file execution.
Download (HTTP): http://pkgconfig.freedesktop.org/releases/pkg-config-0.19.tar.gz
Download MD5 sum: 25f106d2cc82a0013f5bdc89875d5790
Download size: 947 KB
Estimated disk space required: 11 MB
Estimated build time: 0.21 SBU
Till version 0.18, this package was called Pkgconfig.
Install Pkg-config by running the following commands:
./configure --prefix=/usr && make
To test the results, issue: make check.
Now, as the root user:
make install
The default setting for PKG_CONFIG_PATH is /usr/lib/pkgconfig because of the prefix used to install Pkg-config. You may add to PKG_CONFIG_PATH by exporting additional paths on your system where pkgconfig files are installed. Note that PKG_CONFIG_PATH is only needed when compiling packages, not during run-time.
The cpio package contains tools for archiving.
Download (HTTP): http://ftp.gnu.org/pub/gnu/cpio/cpio-2.6.tar.gz
Download (FTP): ftp://ftp.gnu.org/pub/gnu/cpio/cpio-2.6.tar.gz
Download MD5 sum: 76b4145f33df088a5bade3bf4373d17d
Download size: 561 KB
Estimated disk space required: 5.3 MB
Estimated build time: 0.1 SBU
Install cpio by running the following commands:
sed -i -e "s/invalid_arg/argmatch_invalid/" src/mt.c &&
patch -Np1 -i ../cpio-2.6-security_fixes-1.patch &&
./configure CPIO_MT_PROG=mt --prefix=/usr \
--bindir=/bin --libexecdir=/tmp \
--with-rmt=/usr/sbin/rmt &&
echo "#define HAVE_SETLOCALE 1" >> config.h &&
echo "#define HAVE_LSTAT 1" >> config.h &&
make
To test the results, issue: make check.
Now, as the root user:
make install
sed -i -e "s/invalid_arg/argmatch_invalid/" src/mt.c: This command fixes a build problem with the mt program.
CPIO_MT_PROG=mt: This parameter forces the building and installation of the mt program.
--bindir=/bin: This parameter installs cpio to /bin instead of /usr/bin as recommended by the FHS guidelines.
--libexecdir=/tmp: This parameter is used so that /usr/libexec is not created.
--with-rmt=/usr/sbin/rmt: This parameter inhibits building the rmt program as it is already installed by the Tar package in LFS.
echo "#define HAVE_SETLOCALE 1" >> config.h: This command specifies that the system Libc implements the setlocale function since it is not detected by configure.
echo "#define HAVE_LSTAT 1" >> config.h: This define fixes a bug that causes cpio to convert symlinks into regular files during archive creation.
MC (Midnight Commander) is a text-mode full-screen file manager and visual shell. It provides a clear, user-friendly, and somewhat protected interface to a Unix system while making many frequent file operations more efficient and preserving the full power of the command prompt.
Download (HTTP): http://www.ibiblio.org/pub/Linux/utils/file/managers/mc/mc-4.6.1.tar.gz
Download (FTP): ftp://ftp.uni-koeln.de/util/shell/mc-4.6.1.tar.gz
Download MD5 sum: 18b20db6e40480a53bac2870c56fc3c4
Download size: 3.8 MB
Estimated disk space required: 29 MB
Estimated build time: 0.4 SBU
GPM-1.20.1, X (XFree86-4.5.0 or X.org-6.8.2), Samba-3.0.14a, slang-1.4.9, Zip-2.31, UnZip-5.52 and GNOME Libraries-1.4.2
Install MC by running the following commands:
./configure --prefix=/usr && make
This package does not come with a test suite.
Now, as the root user:
make install
The Sysstat package contains utilities to monitor system performance and usage activity. Sysstat contains the sar utility, common to many commercial Unixes, and tools you can schedule via cron to collect and historize performance and activity data.
Download (HTTP): http://perso.wanadoo.fr/sebastien.godard/sysstat-6.0.0.tar.bz2
Download (FTP): ftp://ibiblio.org/pub/linux/system/status/sysstat-6.0.0.tar.bz2
Download MD5 sum: 706044b99a29b7de7bf4b06310bbe6a6
Download size: 118 KB
Estimated disk space required: 2 MB
Estimated build time: less than 0.1 SBU
Install Sysstat by running the following commands:
make config && make
This package does not come with a test suite.
Now, as the root user:
make install
make config: Runs the interactive configuration process. The first question prompts you for an “Installation directory”. Reply with /usr, as this is equivalent to Autoconf's --prefix=/usr parameter to configure. For all other prompts, you may press Enter to accept the (very sane) defaults. When prompted for “Number of daily data files to keep: [7]”, you may wish to keep a larger number of files. However, don't exceed 25 because Sysstat will resuse existing files the next month, leading to erroneous daily reports.
To begin gathering Sysstat history information, you must add to, or create a privileged user's crontab. The default history data location is /var/log/sa. The user running Sysstat utilities via cron must have write access to this location.
Below is an example of what to install in the crontab. Adjust the parameters to suit your needs. Use man sa1 and man sa2 for information about the commands.
# 8am-7pm activity reports every 10 minutes during weekdays 0 8-18 * * 1-5 /usr/lib/sa/sa1 600 6 & # 7pm-8am activity reports every hour during weekdays 0 19-7 * * 1-5 /usr/lib/sa/sa1 & # Activity reports every hour on Saturday and Sunday 0 * * * 0,6 /usr/lib/sa/sa1 & # Daily summary prepared at 19:05 5 19 * * * /usr/lib/sa/sa2 -A &
Ensure you submit the revised crontab to the cron daemon.
At system startup, a LINUX RESTART message must be inserted in the daily data file to reinitialize the kernel counters. This can be automated by installing the /etc/rc.d/init.d/sysstat init script included in the blfs-bootscripts-6.1 package using the following command as the root user:
make install-sysstat
The Apache Ant package is a Java-based build tool. In theory, it is kind of like make, but without make's wrinkles. Ant is different. Instead of a model where it is extended with shell-based commands, Ant is extended using Java classes. Instead of writing shell commands, the configuration files are XML-based, calling out a target tree where various tasks get executed. Each task is run by an object that implements a particular task interface.
Download (HTTP): http://archive.apache.org/dist/ant/source/apache-ant-1.6.2-src.tar.bz2
Download (FTP): ftp://ftp.oregonstate.edu/pub/apache/ant/source/apache-ant-1.6.2-src.tar.bz2
Download MD5 sum: 83c3adefdbf90bcbc4b804d4c55c0778
Download size: 6.2 MB
Estimated disk space required: 92 MB
Estimated build time: 0.47 SBU
You may need additional libraries to satisfy the build requirements of various packages installed using Apache Ant. Review the table at http://ant.apache.org/manual/install.html#librarydependencies for any prerequisite libraries you may need. One such library is the JUnit testing framework library. Many Ant-installed packages will use this library to perform the unit tests during the build process. To install the JUnit library along with the Apache Ant package, download it from http://www.junit.org/, unzip the distribution file (requires UnZip-5.52) and copy the junit.jar file into the lib subdirectory of the Apache Ant source tree before beginning the Apache Ant build.
Install Apache Ant by running the following commands:
patch -Np1 -i ../apache-ant-1.6.2-blfs_install-1.patch
Now, as the root user:
./build.sh -Ddist.dir=/opt/ant-1.6.2 dist && ln -v -sf /etc/ant /opt/ant-1.6.2/etc && ln -v -sf ant-1.6.2 /opt/ant
./build.sh -Ddist.dir=/opt/ant-1.6.2 dist: This command does everything. It builds the package, then installs the package into /opt/ant-1.6.2.
ln -v -sf /etc/ant /opt/ant-1.6.2/etc: The patch changes the configuration directory to /etc/ant to conform with FHS guidelines. This command creates a symlink from the configuration directory back to the installation directory as the package is expecting to find the files there.
ln -v -sf ant-1.6.2 /opt/ant: This command is optional, and creates a convenience symlink.
Some packages will require ant to be in the search path and the $ANT_HOME environment variable defined. Satisfy these requirements by adding the following lines to /etc/profile or to individual user's ~/.profile or ~/.bashrc files:
export PATH=$PATH:/opt/ant/bin export ANT_HOME=/opt/ant
A base LFS system can be used as a development platform, however the base system only includes language support for C, C++ and Perl. This chapter provides instructions to build many popular programming environments to greatly expand your system's development capabilities.
DejaGnu is a framework for running test suites on GNU tools. It is written in expect, which uses Tcl (Tool command language).
Download (HTTP): http://freshmeat.net/redir/dejagnu/12564/url_tgz/dejagnu-1.4.4.tar.gz
Download (FTP): ftp://ftp.gnu.org/pub/gnu/dejagnu/dejagnu-1.4.4.tar.gz
Download MD5 sum: 053f18fd5d00873de365413cab17a666
Download size: 1.08 MB
Estimated disk space required: 8.5 MB
Estimated build time: .04 SBU
Install DejaGnu by running the following commands:
./configure --prefix=/usr && make
Now, as the root user:
make install && make install-doc
To test the installation, issue make check as an unprivileged user.
The Doxygen package contains a documentation system for C++, C, Java, Objective-C, Corba IDL and to some extent PHP, C# and D. This is useful for generating HTML documentation and/or an off-line reference manual from a set of documented source files. There is also support for generating output in RTF, PostScript, hyperlinked PDF, compressed HTML, and Unix man pages. The documentation is extracted directly from the sources, which makes it much easier to keep the documentation consistent with the source code.
You can also configure Doxygen to extract the code structure from undocumented source files. This is very useful to quickly find your way in large source distributions. Used along with GraphViz, you can also visualize the relations between the various elements by means of include dependency graphs, inheritance diagrams, and collaboration diagrams, which are all generated automatically.
Download (HTTP): http://ftp.stack.nl/pub/users/dimitri/doxygen-1.4.3.src.tar.gz
Download (FTP): ftp://ftp.stack.nl/pub/users/dimitri/doxygen-1.4.3.src.tar.gz
Download MD5 sum: 6cad81b86c1271777b8ee7c953a496ac
Download size: 2.7 MB
Estimated disk space required: 41 MB (additional 6.3 MB to install docs)
Estimated build time: 1.4 SBU
Install Doxygen by running the following commands:
rm src/unistd.h && ./configure --prefix /usr --docdir /usr/share/doc && make
This package does not come with a test suite.
Now, as the root user:
make install
If you wish to generate and install the package documentation (note that man pages have already been installed), you must have TeX installed, then issue the following command as the root user:
make install_docs
If you don't have TeX installed but wish to generate and install the HTML documentation (very good docs), issue the following commands:
make docs
Now, as the root user:
install -v -m755 -d /usr/share/doc/doxygen && cp -v -R examples html /usr/share/doc/doxygen
rm src/unistd.h: There is a bug in Flex-2.5.31 which causes make to use this file instead of the system installed version. Removing this file allows the GUI front-end to build successfully. This command is not required if you don't pass the --with-doxywizard parameter (but won't affect the build otherwise).
--with-doxywizard: Use this parameter if Qt is installed and you wish to build the GUI front-end.
There is no real configuration necessary for the Doxygen package although three additional packages are required if you wish to use extended capabilities. If you need to use the language translation features, you must have Python-2.4.1 installed. If you require formulas to create PDF documentation, then you must have TeX-3.0 installed. If you require formulas to convert PostScript files to bitmaps, then you must have AFPL Ghostscript-8.51 or ESP Ghostscript-7.07.1 installed.
The Expect package contains tools for automating interactive applications such as telnet, ftp, passwd, fsck, rlogin, tip, etc. Expect is also useful for testing these same applications as well as easing all sorts of tasks that are prohibitively difficult with anything else.
Download (HTTP): http://expect.nist.gov/old/expect-5.43.0.tar.gz
Download MD5 sum: 230400129630335b3060a42f66fec11d
Download size: 525 KB
Estimated disk space required: 4.6 MB
Estimated build time: 0.07 SBU
Install Expect by running the following commands:
patch -Np1 -i ../expect-5.43.0-spawn-2.patch &&
./configure --prefix=/usr --with-tcl=/usr/lib \
--with-tclinclude=/usr/include/tcl8.4 --enable-shared &&
make
Now, as the root user:
make install && ln -sf ../libexpect5.43.a /usr/lib/expect5.43
--enable-shared: This option enables building the shared library.
--with-tk=/usr/lib: Use this option to link in the Tk library.
ln -sf ../libexpect5.43.a /usr/lib/expect5.43: This command creates a required link to the static library.
Reference the expect man page for information about utilizing the expect.rc configuration files. Additionally, many of the tools contained in the Expect package will use their own configuration files. Reference the respective man page, or examine the script directly for configuration file information.
The GCC package contains GNU compilers. This is useful for compiling programs written in C, C++, Fortran, Java, Objective C and Ada.
Download (HTTP): http://mirrors.rcn.net/pub/sourceware/gcc/releases/gcc-3.4.3/gcc-3.4.3.tar.bz2
Download (FTP): ftp://mirrors.rcn.net/pub/sourceware/gcc/releases/gcc-3.4.3/gcc-3.4.3.tar.bz2
Download MD5 sum: e744b30c834360fccac41eb7269a3011
Download size: 27.4 MB
Estimated disk space required: 1.62 GB
Estimated build time: 45.50 SBU (build and install all compilers)
If you plan to compile Ada, you will need to install GNAT temporarily to satisfy the circular dependency when you recompile GCC to include Ada.
Download (FTP): ftp://cs.nyu.edu/pub/gnat/3.15p/gnat-3.15p-i686-pc-redhat71-gnu-bin.tar.gz
Download MD5 sum: 57c060cd1ccef8b1ae9165b11d98780a
Download size: 13.4 MB
Estimated build time: less than 0.1 SBU
Install GNAT by running the following commands:
./doconfig
The above script will ask you how and where you would like to install GNAT. To avoid conflicts with the system gcc, the package will be installed in a separate directory, that can later be removed from the system.
In response to the questions asked by the doconfig script, enter 3 in response to the first question and /opt/gnat in response to the second question.
To finish the install, run the following command as the root user:
./doinstall
The GNAT compiler can be invoked by executing the gcc binary installed by the above script.
You may now remove the GNAT source directory:
cd .. && rm -rf gnat-3.15p-i686-pc-linux-gnu-bin
Prepare to compile GCC by placing the GNAT gcc at the beginning of the PATH variable by using the following commands:
PATH_HOLD=$PATH && export PATH=/opt/gnat/bin:$PATH
Install GCC by running the following commands:
The installation process may overwrite your existing GCC compiler and libraries. It is highly recommended that you have the Tcl, Expect and DejaGnu packages installed before beginning the build so you can run the full suite of tests.
Do not continue with the make install command until you're confident the build was successful. You can compare your test results with those found at http://gcc.gnu.org/ml/gcc-testresults/. There's also an i686 platform test result produced by an LFS-6.1 system at http://linuxfromscratch.org/~randy/gcc343_test.txt. You may also want to refer to the information found in the GCC-Pass 2 section of Chapter 5 in the LFS book ( ../../../../lfs/view/stable/chapter05/gcc-pass2.html).
patch -Np1 -i ../gcc-3.4.3-no_fixincludes-1.patch &&
patch -Np1 -i ../gcc-3.4.3-linkonce-1.patch &&
sed -i 's/install_to_$(INSTALL_DEST) //' libiberty/Makefile.in &&
mkdir ../gcc-build &&
cd ../gcc-build &&
../gcc-3.4.3/configure --prefix=/usr --libexecdir=/usr/lib \
--enable-shared --enable-threads=posix --enable-__cxa_atexit \
--enable-clocale=gnu --enable-languages=c,c++,objc,f77,ada,java &&
make bootstrap &&
make -C gcc gnatlib-shared &&
make -C gcc gnattools &&
make -k check &&
../gcc-3.4.3/contrib/test_summary
Now, as the root user:
make install &&
ln -v -sf ../usr/bin/cpp /lib &&
ln -v -sf gcc /usr/bin/cc &&
ln -v -sf g77 /usr/bin/f77 &&
chown -v -R root:root \
/usr/lib/gcc/i686-pc-linux-gnu/3.4.3/include &&
chown -v -R root:root \
/usr/lib/gcc/i686-pc-linux-gnu/3.4.3/ada{lib,include}
There is a bug in the installation of the libffi interface headers. The architecture specific ffitarget.h file is not installed. If you included Java as one of the installed languages, install the missing file using the command below. Substitute for the [arch] in the command with the appropriate directory path for your system.
install -v -m644 ../gcc-3.4.3/libffi/src/[arch]/ffitarget.h \
/usr/include
As the root user, remove the GNAT installation:
rm -rf /opt/gnat
Now, as the unprivileged user, restore your old PATH:
export PATH=$PATH_HOLD && unset PATH_HOLD
Some of the Java programs installed by the GCC package conflict (have the same names) with programs from the JDK-1.5.0 package. If you installed the Java language from the GCC package but you wish to use the programs from the JDK as the defaults, ensure $JAVA_HOME/bin is listed before /usr/bin in your PATH variable.
sed -i 's/install_to_$(INSTALL_DEST) //' libiberty/Makefile.in: This command suppresses the installation of libiberty.a as the version provided by Binutils is used instead.
mkdir ../gcc-build; cd ../gcc-build: The GCC documentation recommends building the package in a dedicated build directory.
--enable-shared --enable-threads=posix --enable-__cxa_atexit: These commands are required to build the C++ libraries to published standards.
--enable-clocale=gnu: This command is a failsafe for incomplete locale data.
--enable-languages=c,c++,objc,f77,ada,java: This command identifies which languages to build. You may modify this command to remove undesired languages.
make -C gcc gnatlib-shared: This command builds the Ada shared and static libraries. Skip this step if you have not enabled Ada as one of the languages.
make -C gcc gnattools: This command builds the Ada development tools and binaries. Skip this step if you have not enabled Ada as one of the languages.
make -k check: This command runs the test suite without stopping should any errors be encountered.
../gcc-3.4.3/contrib/test_summary: This command will produce a summary of the test suite results. You can append | grep -A7 Summ to the command to produce an even more condensed version of the summary. You may also wish to redirect the output to a file for review and comparison later on.
ln -sf ../usr/bin/cpp /lib: This command creates a link to the C PreProcessor as some packages expect it to be installed in the /lib directory.
ln -sf gcc /usr/bin/cc; ln -sf g77 /usr/bin/f77: These links are created as some packages refer to the C and Fortran compilers using an alternate name.
chown -R root:root /usr/lib/gcc/i686-pc-linux-gnu/...: If the package is built by a user other than root, the ownership of the installed include and adalib directories (and their contents) will be incorrect. These commands change the ownership to root:root. Omit the command changing the Ada directories if you did not include Ada as one of the installed languages.
Some program and library descriptions are not listed here, but can be found at ../../../../lfs/view/stable/chapter06/gcc.html#contents-gcc.
The reason for installing GCC-3.3.4 is that some BLFS packages (such as compiled Java and OpenOffice) have not been updated to be compilable by GCC-3.4.3. Additionally, some pre-compiled packages may require the GCC-3.3.4 libraries.
Download (HTTP): http://ftp.gnu.org/gnu/gcc/gcc-3.3.4/gcc-3.3.4.tar.bz2
Download (FTP): ftp://ftp.gnu.org/gnu/gcc/gcc-3.3.4/gcc-3.3.4.tar.bz2
Download MD5 sum: a1c267b34f05c8660b24251865614d8b
Download size: 23 MB
Estimated disk space required: 489 MB
Estimated build time: 5.72 SBU (additional 12.54 SBU to run the test suite)
DejaGnu-1.4.4 (required to run the full test suite)
Install GCC-3.3.4 by running the following commands:
patch -Np1 -i ../gcc-3.3.4-no_fixincludes-1.patch &&
patch -Np1 -i ../gcc-3.3.4-linkonce-1.patch &&
mkdir ../gcc-build &&
cd ../gcc-build &&
../gcc-3.3.4/configure \
--prefix=/opt/gcc-3.3.4 \
--enable-shared --enable-languages=c,c++ \
--enable-threads=posix &&
make bootstrap
If desired, run the test suite using the following commands. The test_summary commands create log files which can be compared to known good results located at http://linuxfromscratch.org/~randy/gcc-334-lfs-6.0-test_summary.log and http://linuxfromscratch.org/~randy/gcc-334-lfs-6.0-test_summary_short.log.
make -k check &&
../gcc-3.3.4/contrib/test_summary >test_summary.log 2>&1 &&
../gcc-3.3.4/contrib/test_summary | \
grep -A7 Summ >test_summary_short.log 2>&1
Now, as the root user:
make install &&
mv -v /opt/gcc-3.3.4/lib/libstdc++.so.5* /usr/lib &&
ln -v -sf /usr/lib/libstdc++.so.5.0.6 /opt/gcc-3.3.4/lib &&
ln -v -sf libstdc++.so.5.0.6 /opt/gcc-3.3.4/lib/libstdc++.so.5 &&
chown -v -R root:root \
/opt/gcc-3.3.4/lib/gcc-lib/i686-pc-linux-gnu/3.3.4/include
mkdir ../gcc-build; cd ../gcc-build: The GCC development team recommends building in a separate directory.
--enable-shared --enable-languages=c,c++ --enable-threads=posix: Configures GCC to build the C and C++ compilers and enable the related C++ options.
mv -v /opt/gcc-3.3.4/lib/libstdc++.so.5* /usr/lib: Moves the C++ libraries to the standard lib directory to avoid having to add /opt/gcc-3.3.4/lib to /etc/ld.so.conf.
As with most libraries, there is no configuration to do, save that the library directory i.e., /opt/lib or /usr/local/lib should appear in /etc/ld.so.conf so that ldd can find the shared libraries. After checking that this is the case, /sbin/ldconfig should be run while logged in as root.
If you only need the GCC-3.3.4 libraries, you may delete /opt/gcc-3.3.4.
Whenever you need to use GCC-3.3.4 instead of your system installed compiler, add /opt/gcc-3.3.4/bin to the front of your PATH or (preferably) set the CC environment variable before compiling the concerned package.
The GCC-3.3.4 package contains the gcc-3.3.4 C and C++ compilers and the GCC-3.3.4 libstdc++.so library that is required by some commercial and pre-compiled packages.
The Guile package contains the Project GNU's extension language library. Guile also contains a stand alone Scheme interpreter.
Download (HTTP): http://ftp.gnu.org/pub/gnu/guile/guile-1.6.7.tar.gz
Download (FTP): ftp://ftp.gnu.org/pub/gnu/guile/guile-1.6.7.tar.gz
Download MD5 sum: c2ff2a2231f0cbb2e838dd8701a587c5
Download size: 3.0 MB
Estimated disk space required: 37.4 MB
Estimated build time: 0.86 SBU
Install Guile by running the following commands:
./configure --prefix=/usr && make
To test the results, issue: make check.
Now, as the root user:
make install
| guile |
is a stand-alone Scheme interpreter for Guile. |
| guile-config |
is a Guile script which provides the information necessary to link your programs against the Guile library, in much the same way pkg-config-0.19 does. |
| guile-snarf |
is a script to parse declarations in your C code for Scheme visible C functions, i Scheme objects to be used by C code, etc. |
| guile-tools |
is a wrapper program installed along with guile which knows where a particular module is installed and calls it passing its args to a program. |
The JDK package contains Sun's Java development environment. This is useful for developing Java programs and provides the runtime environment necessary to run Java programs. It also includes a plug-in for browsers so that they can be Java aware.
The JDK comes in two flavors, a precompiled binary and a source package. Previously, the plugin included in the JDK binary package was unusable on LFS owing to incompatibilities with GCC-3 compiled browsers. This is not the case anymore.
In order to use the source code and patches, you must read and agree to the Sun Java Research License. In addition, the source code cannot be downloaded from some countries, so for users in those countries, the binary is the only option.
If you plan on compiling the JDK source, you will still need to download the binary version to bootstrap the JDK build. You will need to download a total of four files to complete the source build: jdk-1_5_0_03-linux-i586.bin, jdk-1_5_0-src-jrl.zip, jdk-1_5_0-bin-jrl.zip, and jdk-1_5_0-mozilla_headers-unix.zip.
Binary download: http://java.sun.com/j2se/1.5.0/download.jsp
Version used (binary): 1.5.0_03
Download MD5 sum (binary): bc221641fcfdc9268499001326fc8ebb
Source download: http://java.sun.com/j2se/jrl_download.html
Download MD5 sum (source): http://anduin.linuxfromscratch.org/sources/BLFS/SVN/I-K/JDK/jdk-1.5.0.md5sums
Download size (binary): 48.7 MB
Download size (source): 65.7 MB (three .zip files)
Estimated disk space required: 1444 MB
Estimated build time: 33.06 SBU
http://www.linuxfromscratch.org/blfs/downloads/6.1/jdk-1.5.0-gcc_3.4.2+-3.patch
http://www.linuxfromscratch.org/blfs/downloads/6.1/jdk-1.5.0-motif_mkmsgcat-1.patch
http://www.linuxfromscratch.org/blfs/downloads/6.1/jdk-1.5.0-nptl-1.patch
http://www.linuxfromscratch.org/blfs/downloads/6.1/jdk-1.5.0-remove_broken_demo-1.patch
http://www.linuxfromscratch.org/blfs/downloads/6.1/jdk-1.5.0-remove_fixed_paths-1.patch
http://www.linuxfromscratch.org/blfs/downloads/6.1/jdk-1.5.0-remove_debug_image-1.patch (skips compiling of the JDK debug image)
http://www.linuxfromscratch.org/blfs/downloads/6.1/jdk-1.5.0-static_cxx-1.patch (forces dynamic linking to GCC libs)
http://www.linuxfromscratch.org/blfs/downloads/6.1/jdk-1.5.0-xorg-6.8.1-1.patch (only required if building against X.org-6.8.2)
X (XFree86-4.5.0 or X.org-6.8.2), Zip-2.31, UnZip-5.52, cpio-2.6, ALSA-1.0.9, and Tcsh-6.14.00
Both versions will be installed in parallel. You may choose to keep either or both.
Install the precompiled JDK with the following commands:
export VERSION=1.5.0_03 &&
export MV=`echo $VERSION | cut -d "_" -f 1,1` &&
export V=`echo ${VERSION} | sed -e "s/\./_/g"` &&
sed -i "s:^PATH=.*::" jdk-${V}-linux-i?86.bin &&
chmod -v +x jdk-${V}-linux-i?86.bin &&
mkdir -v -p bin &&
ln -v -sf /bin/true bin/more &&
yes | PATH=$PWD/bin:$PATH ./jdk-${V}-linux-i?86.bin &&
cd jdk${VERSION}
Now, as the root user:
install -v -d /opt/jdk/jdk-precompiled-${MV} &&
mv -v * /opt/jdk/jdk-precompiled-${MV}
chown -v -R root:root /opt/jdk/jdk-precompiled-${MV}
The binary version is now installed.
If you don't want to compile the source or are not in a position to download the source owing to license restrictions, skip ahead to the configuration section.
Add the recently installed JDK to the path.
export JAVA_HOME=/opt/jdk/jdk-precompiled-${MV} &&
export PATH=$PATH:${JAVA_HOME}/bin
Unzip the sources:
mkdir jdk-build &&
cd jdk-build &&
VERSION=1.5.0 &&
V=`echo $VERSION | sed -e "s/\./_/g"` &&
unzip ../jdk-${V}-src-jrl.zip &&
unzip ../jdk-${V}-bin-jrl.zip &&
unzip ../jdk-${V}-mozilla_headers-unix.zip
Apply all the patches downloaded above.
for PATCH in ../jdk-1.5.0*.patch
do patch -Np1 -i ${PATCH}
done
Set/unset some variables which affect the build:
export ALT_BOOTDIR="$JAVA_HOME" &&
unset JAVA_HOME &&
unset CLASSPATH
unset CFLAGS
unset CXXFLAGS
unset LDFLAGS
export ALT_DEVTOOLS_PATH="/usr/bin" &&
export BUILD_NUMBER="blfs-6.1" &&
export DEV_ONLY=true &&
export ALT_MOZILLA_PATH=$PWD &&
export INSANE=true &&
export MAKE_VERBOSE=true &&
export ALT_CACERTS_FILE=${ALT_BOOTDIR}/jre/lib/security/cacerts
Setting CFLAGS/CXXFLAGS/LDFLAGS is guaranteed to make the build fail. If you are interested in optimizing the build, set OTHER_CFLAGS/OTHER_CXXFLAGS/OTHER_LDFLAGS instead. -O3, even in OTHER_C{,XX}FLAGS, is known to cause a build failure.
Additionally, if you would like to make in parallel, add the following:
export HOTSPOT_BUILD_JOBS=[3]
Build the JDK with the following commands. There will be a lot of messages about missing files that look like errors. These are caused by not meeting the expected build environment (Red Hat). As long as the build doesn't stop, the messages are harmless.
cd control/make && make && cd ../build/linux-i?86
Now, as the root user, install the JDK:
cp -v -a j2sdk-image /opt/jdk/jdk-1.5.0 && chown -v -R root:root /opt/jdk/jdk-1.5.0 && ln -sf motif21/libmawt.so /opt/jdk/jdk-1.5.0/jre/lib/i386/
Restore the unprivileged user's environment using the following commands:
unset VERSION && unset MV && unset V && unset ALT_BOOTDIR && unset ALT_DEVTOOLS_PATH && unset BUILD_NUMBER && unset DEV_ONLY && unset ALT_MOZILLA_PATH && unset INSANE && unset MAKE_VERBOSE && unset ALT_CACERTS_FILE
export ALT_BOOTDIR="$JAVA_HOME": This variable sets the location of the bootstrap JDK.
export ALT_MOZILLA_PATH=$PWD: This tells the build where to find the base directory of the plugin path (which contains the Mozilla headers).
export ALT_DEVTOOLS_PATH="/usr/bin": This changes the location where the build finds the needed executables.
export BUILD_NUMBER="blfs-6.1": This will help you identify the compiled version of the runtime environment and virtual machine by appending this information to the version string.
export DEV_ONLY=true: This command skips compiling the documentation and eliminates a dependency on rpm.
unset JAVA_HOME: This clears the JAVA_HOME variable as recommended by the build instructions.
unset CLASSPATH: This clears the CLASSPATH variable as recommended by the build instructions.
unset CFLAGS/CXXFLAGS...: These variables cause miscompilation of the build. Never set them.
export INSANE=true: The certified platform for the build is Redhat Enterprise Advanced Server 2.1. This variable ensures that all the errors related to compiling on a non-certified platform will be displayed as warnings instead of errors.
export MAKE_VERBOSE=true: Allows the compiler commands to be displayed on the console.
export ALT_CACERTS_FILE...: Specifies the certificate file to use (from the installed binary JDK).
ln -sf motif21/libmawt.so /opt/jdk/jdk-1.5.0/jre/lib/i386/: This fixes linking issues with other applications that expect to find the motif libraries with the other JDK libraries.
There are now two Java 2 SDKs installed in /opt/jdk. You should decide on which one you would like to use as the default. For example if you decide to use the source compiled JDK, do the following as the root user:
ln -v -nsf jdk-1.5.0 /opt/jdk/jdk
Add the following jdk.sh shell startup file to the /etc/profile.d directory with the following commands as the root user:
cat > /etc/profile.d/jdk.sh << "EOF"
# Begin /etc/profile.d/jdk.sh
# Set JAVA_HOME directory
JAVA_HOME=/opt/jdk/jdk
export JAVA_HOME
# Adjust PATH
pathappend ${JAVA_HOME}/bin PATH
# Auto Java Classpath Updating
# Create symlinks to this directory for auto classpath setting
AUTO_CLASSPATH_DIR=/usr/lib/classpath
if [ -z ${CLASSPATH} ]; then
CLASSPATH=.:${AUTO_CLASSPATH_DIR}
else
CLASSPATH="${CLASSPATH}:.:${AUTO_CLASSPATH_DIR}"
fi
# Check for empty AUTO_CLASSPATH_DIR
ls ${AUTO_CLASSPATH_DIR}/*.jar &> /dev/null &&
for i in ${AUTO_CLASSPATH_DIR}/*.jar
do CLASSPATH=${CLASSPATH}:"${i}"
done
export CLASSPATH
# End /etc/profile.d/jdk.sh
EOF
The Java plugin is located in $JAVA_HOME/jre/plugin/i?86/ns7/. Make a symbolic link to the file in that directory from your browser(s) plugins directory.
The plugin must be a symlink for it to work. If not, the browsers will crash when you attempt to load a Java application.
The librep package contains a Lisp system. This is useful for scripting or for applications that may use the Lisp interpreter as an extension language.
Download (HTTP): http://prdownloads.sourceforge.net/librep/librep-0.17.tar.gz
Download MD5 sum: ad4ad851ff9f82a5d61024cd96bc2998
Download size: 1.2 MB
Estimated disk space required: 13.4 MB
Estimated build time: 0.47 SBU
GMP-4.1.4 and GCC-3.4.3 (build Java so that libffi is built)
Install librep by running the following commands:
./configure --prefix=/usr --libexecdir=/usr/lib && make
Now, as the root user:
make install
--libexecdir=/usr/lib: This parameter installs files to /usr/lib/rep instead of /usr/libexec/rep.
NASM (Netwide Assembler) is an 80x86 assembler designed for portability and modularity. It includes a disassembler as well.
Download (HTTP): http://prdownloads.sourceforge.net/nasm/nasm-0.98.39.tar.bz2
Download MD5 sum: 2032ad44c7359f7a9a166a40a633e772
Download size: 543 KB
Estimated disk space required: 17.3 MB (includes building and installing all docs)
Estimated build time: 0.2 SBU
Required patch to fix a buffer overrun vulnerability: http://www.linuxfromscratch.org/blfs/downloads/6.1/nasm-0.98.39-security_fix-1.patch
TeX-3.0, and ESP Ghostscript-7.07.1 or AFPL Ghostscript-8.51
Install NASM by running the following commands:
patch -Np1 -i ../nasm-0.98.39-security_fix-1.patch && ./configure --prefix=/usr && make && make -C rdoff/doc && make -C rdoff/doc html
To build the base NASM documentation, ensure you have Ghostscript installed and issue:
make doc
To build the RDOFF Postscript documentation, ensure you have TeX-3.0 installed and issue:
sed -i -e "s/dvips \$</& -o rdoff.ps/" rdoff/doc/Makefile && make -C rdoff/doc ps
To build the RDOFF PDF documentation, ensure you have Ghostscript installed and issue:
make -C rdoff/doc pdf
This package does not come with a test suite.
Now, as the root user:
make install && make install_rdf && install -v -m644 rdoff/doc/rdoff.info /usr/share/info && install -v -m755 -d /usr/share/doc/nasm/html && install -v -m644 rdoff/doc/v1-v2.txt /usr/share/doc/nasm && cp -v -R rdoff/doc/rdoff /usr/share/doc/nasm/html
If you built the Ghostscript generated documentation, install it using the following commands as the root user:
make install_doc && install -v -m644 rdoff/doc/rdoff.pdf /usr/share/doc/nasm
Lastly, if you built the RDOFF Postscript documentation, install it using the following command as the root user:
install -v -m644 rdoff/doc/rdoff.ps /usr/share/doc/nasm
PDL (Perl Data Language) gives standard Perl the ability to compactly store and quickly manipulate the large N-dimensional data arrays common to scientific computing. PDL turns Perl into an array-oriented, numerical language similar to such commercial packages as IDL and MatLab. One can write simple Perl expressions to manipulate entire numerical arrays all at once.
PDL provides extensive numerical and semi-numerical functionality with support for two- and three-dimensional visualisation as well as a variety of I/O formats. The goal is to allow PDL to interact with a variety of external numerical packages, graphics and visualisation systems. Easy interfacing to such systems is one of the core design features of PDL.
Download (HTTP): http://prdownloads.sourceforge.net/pdl/PDL-2.4.2.tar.gz
Download MD5 sum: edd056a006eae8b46e8ef804b9774a93
Download size: 2.1 MB
Estimated disk space required: 74 MB
Estimated build time: 2.56 SBU
PDL is a collection of over 90 Perl modules. Some of these modules require additional libraries and/or Perl modules for full functionality. Listed below are the modules which require additional software or configuration. If you don't need a particular module's functionality, you don't need to install its dependencies. The dependency tree for each module is listed downward, meaning you'll need to start at the bottom of a module's tree and work up. The dependencies are listed in the same order as they are in the DEPENDENCIES file, found in the package source tree.
The PDL::NiceSlice module is used to enhance PDL's slice syntax. “Slicing” is a term used in the process of creating a cross-section, or slice, of a PDL object (piddle).
The Inline::Pdlpp module allows you to define fast PP code inline in your scripts.
perldl is a simple shell (written in Perl) which allows interactive use of PDL.
The PDL::Graphics::TriD module implements a generic 3D plotting interface for PDL. Points, lines and surfaces (among other objects) are supported.
OpenGL (XFree86-4.5.0 or X.org-6.8.2)
The PDL::Graphics::PGPLOT module is a convenience interface to the PGPLOT commands, implemented using the object oriented PGPLOT plotting package in the PDL::Graphics::PGPLOT::Window module.
GCC-3.4.3 (Fortran compiler)
X (XFree86-4.5.0 or X.org-6.8.2), LessTif-0.94.4, Tk-8.4.11 and GCC-3.4.3 (Fortran compiler)
The PDL::Graphics::PLPLOT module is a simple interface to the PLplot plotting library.
pkg-config-0.19, X (XFree86-4.5.0 or X.org-6.8.2), GTK+-1.2.10, FreeType-2.1.10, GD, SVGAlib, GNOME Libraries-1.4.2, JDK-1.5.0, Tk-8.4.11, Python-2.4.1 (with the Numerical Extension), GCC-3.4.3 (Fortran compiler), SWIG, iTcl
The PDL::Graphics::IIS module provides an interface to any image display “device” which supports the “IIS protocol”.
X (XFree86-4.5.0 or X.org-6.8.2)
X (XFree86-4.5.0 or X.org-6.8.2) and Tk-8.4.11
The PDL::Graphics::Karma module is an interface to Karma visualisation applications.
X (XFree86-4.5.0 or X.org-6.8.2)
Note: You may need to modify the WHERE_KARMA => undef line in the source tree perldl.conf file to point to your installation of Karma
The PDL::IO::Pic module implements I/O for a number of popular image formats by exploiting the xxxtopnm and pnmtoxxx converters from the Netpbm package and the cjpeg and djpeg converters. It also contains the routine wmpeg to write MPEG movies from piddles representing image stacks.
Netpbm, libjpeg-6b and mpeg_encode
The PDL::Slatec module serves the dual purpose of providing an interface to parts of the slatec library and showing how to interface PDL to an external library. The module provides routines to manipulate matrices, calculate FFTs, fit data using polynomials, and interpolate/integrate data using piecewise cubic Hermite interpolation.
GCC-3.4.3 (Fortran compiler)
The PDL::GSL module is an interface to the functions provided by the Gnu Scientific Library.
The PDL::FFTW module is a means to interface PDL with the FFTW library. It's similar to the standard FFT routine but it's usually faster and has support for real transforms. It works well for the types of piddles for which the library was compiled (otherwise it must do conversions).
The PDL::IO::Browser module is a 2D cursor terminal data browser for piddles.
There is no additional software required to use the module. However, the default is to not install the module because some platforms don't provide a curses compatible library. To enable the module, issue the following command:
sed -i -e "s/WITH_IO_BROWSER => 0/WITH_IO_BROWSER => 1/" \
perldl.conf
The PDL::IO::NDF module adds the ability to read and write Starlink N-dimensional data files as N-dimensional piddles.
Install PDL (and all the dependency Perl modules) by running the following commands:
perl Makefile.PL && make && make test
Now, as the root user:
make install
See http://pdl.sourceforge.net/PDLdocs/perldl.html#the startup file ~/.perldlrc for information about configuring perldl to suit your needs.
The Perl module packages add useful objects to the Perl language. Modules utilized by packages throughout BLFS are listed here, along with their dependencies. Most references to Perl modules are in the form of Module, Module::SubName or Module::Sub::Name, however occasionally you'll also see Module, Module-SubName or Module-Sub-Name. Most references on this page are in the latter form, as these are the official package names.
Download MD5 sums (HTTP): http://anduin.linuxfromscratch.org/sources/BLFS/SVN/Perl_Modules/Perl_Modules.gz.md5sums
Download MD5 sums (FTP): ftp://anduin.linuxfromscratch.org/BLFS/SVN/Perl_Modules/Perl_Modules.gz.md5sums
One module in particular is shown first, as this module's usefulness warrants installation, even though it won't be required by many other modules. The Module::Info module can tell you if a particular module is included in, or has been installed into your Perl installation. Additionally, Module::Info can tell you what versions are installed and what dependencies are required for them. You can even use Module::Info to gather dependencies of uninstalled modules.
Another useful module, and one which is (typically optionally) used by other modules during the build process is the Test:Pod module. This module is used to check the validity of POD (Plain Old Documentation) files. The Test::Pod module is typically included by module authors to automatically find and check all POD files in a module distribution. This module and all the dependencies can be installed using the build and installation instructions.
The Module::Build module is a system for building, testing, and installing Perl modules. It is meant to be an alternative to ExtUtils::MakeMaker. Developers may alter the behavior of the module through subclassing in a much more straightforward way than with MakeMaker. It also does not require a make command on your system. Most of the Module::Build code is pure-Perl and written in a very cross-platform way.
The Module::Build module (as well as any other Perl module that uses the Module::Build build system) uses modified build instructions. All the dependencies can be installed using the build and installation instructions.
The Compress::Zlib module requires the following sed after untarring the distribution tarball (before any other build commands) to use the system-installed copy of Zlib.
sed -i -e "s|BUILD_ZLIB = True|BUILD_ZLIB = False|" \
-e "s|INCLUDE = ./zlib-src|INCLUDE = /usr/include|" \
-e "s|LIB = ./zlib-src|LIB = /usr/lib|" \
config.in
perl Build.PL && ./Build test
Now, as the root user:
./Build install
The HTML::Parser distribution is a collection of modules that parse and extract information from HTML documents. In order to use the included HTML::HeadParser module, you will also need to install LWP. The two modules listed below can be installed using the Perl Module build and installation instructions.
The XML::Parser module is a Perl extension interface to James Clark's XML parser, expat. The module can be installed using the Perl Module build and installation instructions.
The SGMLSpm module is a Perl library used for parsing the output from James Clark's SGMLS and NSGMLS parsers. This module requires modified installation instructions, shown below.
If your system's Perl version is different than 5.8.6, you'll need to modify the sed command below to reflect the version you have installed.
sed -i -e "s@/usr/local/bin@/usr/bin@" \
-e "s@/usr/local/lib/perl5@/usr/lib/perl5/site_perl/5.8.6@" \
-e "s@/usr/local/lib/www/docs@/usr/share/doc/perl5@" \
Makefile
Now, as the root user:
make install && install -v -d -m755 /usr/share/doc/perl5 && make install_html && rm -v -f /usr/share/doc/perl5/SGMLSpm/sample.pl && install -v -m644 DOC/sample.pl /usr/share/doc/perl5/SGMLSpm
The Tk module is a Perl interface to the Tk package. The goal of this release is Unicode support via Perl's and core-Tk's use of UTF-8. Tk-804.027 builds and loads into a threaded Perl but is NOT yet thread safe. The module can be installed using the Perl Module build and installation instructions.
Net::DNS is a DNS resolver implemented in Perl. It can be used to perform nearly any type of DNS query from a Perl script. The Net::DNS module and all its dependencies can be installed using the Perl Module build and installation instructions.
IO-Socket-INET6-2.51 (required for IPv6 support)
Digest-BubbleBabble-0.01 (optional, only used during the test suite)
The libwww-perl (LWP) collection is a set of Perl modules which provides a simple and consistent application programming interface to the World-Wide Web. The main focus of the library is to provide classes and functions that allow you to write WWW clients. The library also contains modules that are of more general use and even classes that help you implement simple HTTP servers. The LWP modules and all its Perl module dependencies can be installed using the Perl Module build and installation instructions.
The Compress::Zlib module requires the following sed after untarring the distribution tarball (before any other build commands) to use the system-installed copy of Zlib.
sed -i -e "s|BUILD_ZLIB = True|BUILD_ZLIB = False|" \
-e "s|INCLUDE = ./zlib-src|INCLUDE = /usr/include|" \
-e "s|LIB = ./zlib-src|LIB = /usr/lib|" \
config.in
Business-ISBN-1.80 (optional, only used during the test suite)
Crypt-SSLeay-0.51 (optional, for HTTPS support)
Date::Manip is a set of routines designed to make any common date/time manipulation easy to do. Operations such as comparing two times, calculating a time a given amount of time from another, or parsing international times are all easily done. From the very beginning, the main focus of Date::Manip has been to be able to do ANY desired date/time operation easily.
Finance::Quote is used to get stock quotes from various Internet sources, including Yahoo! Finance, Fidelity Investments, and the Australian Stock Exchange. There are two methods of using this module – a functional interface that is depreciated, and an object-orientated method that provides greater flexibility and stability. With the exception of straight currency exchange rates, all information is returned as a two-dimensional hash (or a reference to such a hash, if called in a scalar context).
After you've installed the package, issue perldoc Finance::Quote for full information. Alternatively, you can issue perldoc lib/Finance/Quote.pm after unpacking the distribution tarball and changing into the top-level directory. The module and dependencies can be installed using the Perl module build and installation instructions.
To run the regression test suite, you'll need to create a symbolic link to the test directory using the following command after unpacking the tarball and changing into the root directory of the sources:
ln -s test t
Some tests will fail depending on certain conditions. See the INSTALL file for full details.
The Finance::QuoteHist bundle is several modules designed to fetch historical stock quotes from the web. The module and dependencies can be installed using the Perl module build and installation instructions.
Install Perl modules by running the following commands:
perl Makefile.PL && make && make test
Now, as the root user:
make install
There is an alternate way of installing the modules using Perl's built-in install command. The command automatically downloads the source from the CPAN archive, extracts it, runs the commands mentioned above, and removes the build tree. You may still need to install dependent library packages before running the automated installation method.
The first time you run this command, you'll be prompted to enter some information regarding download locations and methods. This information is retained in files located in ~/.cpan. Start the perl shell with the following command as the root user:
perl -MCPAN -e shell
Each module may now be installed from this shell with the command:
install [Module::Name]
For additional commands and help, type help.
Alternatively, for scripted or non-interactive installations, use the following syntax as the root user:
perl -MCPAN -e 'install [Module::Name]'
PHP is the PHP Hypertext Preprocessor. Primarily used in dynamic web sites, it allows for programming code to be directly embedded into the HTML markup.
Download (HTTP): http://us2.php.net/distributions/php-5.0.4.tar.bz2
Download (FTP): ftp://ftp.isu.edu.tw/pub/Unix/Web/PHP/distributions/php-5.0.4.tar.bz2
Download MD5 sum: fb1aac107870f897d26563a9cc5053c0
Download size: 4.7 MB
Estimated disk space required: 126 MB
Estimated build time: 1.82 SBU
Required patch for Berkeley DB: http://www.linuxfromscratch.org/blfs/downloads/6.1/php-5.0.4-db43-1.patch
libxml2-2.6.20, libxslt-1.1.14, OpenSSL-0.9.7g, ClibPDF, libjpeg-6b, libtiff-3.7.3, cURL-7.14.0, QDBM, cdb, GDBM-1.8.3, Berkeley DB-4.3.28, FAM-2.7.0, GD, libpng-1.2.8, X (X.org-6.8.2 or XFree86-4.5.0), FreeType-2.1.10, t1lib, GMP-4.1.4 MySQL-4.1.12, PCRE-6.1, PostgreSQL-8.0.3, Aspell-0.60.3, pkg-config-0.19, HTML Tidy-050722, OpenLDAP-2.2.24, Cyrus SASL-2.1.21, MIT krb5-1.4.1 or Heimdal-0.7, libmcrypt, mhash, OSSP mm, Net-SNMP, SQLite, Dmalloc, mnoGoSearch, Mini SQL, Empress, Birdstep, DBMaker, Adabas, FrontBase, Caudium, WDDX, FDF Toolkit, Hyperwave, Monetra, expat-1.95.8 and MTA
You can use PHP for server-side scripting, command line scripting or client-side GUI applications. The book provides instructions for setting up PHP for server-side scripting as it is the most common form.
If you have Berkeley DB installed and wish to utilize it, apply the following patch:
patch -Np1 -i ../php-5.0.4-db43-1.patch
Install PHP by running the following commands:
./configure --prefix=/usr \
--sysconfdir=/etc \
--with-apxs2 \
--with-config-file-path=/etc \
--with-zlib \
--enable-bcmath \
--with-bz2 \
--enable-calendar \
--enable-dba \
--enable-exif \
--enable-ftp \
--with-gettext \
--enable-mbstring \
--with-ncurses \
--with-readline \
--disable-libxml &&
make
To test the results, issue: make test.
Now, as the root user:
make install && cp -v php.ini-recommended /etc/php.ini
Remove the --disable-libxml switch if you have libxml2-2.6.20 installed otherwise pear will not be built.
PHP has many more configure options that will enable support for certain things. You can use ./configure --help to see a full list of the available options. Also, use of the PHP web site is highly recommended, as their online docs are very good.
--with-apxs2: This parameter builds the Apache 2.0 module.
--with-config-file-path=/etc: This parameter puts the php.ini configuration file in /etc.
--with-zlib: This parameter adds support for Zlib compression.
--enable-bcmath: Enables bc style precision math functions.
--with-bz2: Add support for bz2 compression functions.
--enable-calendar: This parameter provides support for calendar conversion.
--enable-dba: This parameter enables numerous database support including Berkeley DB functions.
--enable-exif: Enables functions to access metadata from images.
--enable-ftp: This parameter enables FTP functions.
--with-gettext: Enables functions that use Gettext text translation.
--enable-mbstring: This parameter enables multibyte string support.
--with-ncurses: Provides ncurses terminal independent cursor handling.
--with-readline: This parameter enables command line readline support.
--disable-libxml: This parameter disables XML support functions.
To enable PHP support in the Apache web server, a new LoadModule (which should be handled automatically by the make install command) and AddType directives must be added to the httpd.conf file:
LoadModule php5_module lib/apache/libphp5.so AddType application/x-httpd-php .php
Also, it can be useful to add an entry for index.php to the DirectoryIndex directive of the httpd.conf file.
You'll need to restart the Apache web server after making any modifications to the httpd.conf file.
The Python package contains the Python development environment. This is useful for object-oriented programming, writing scripts, prototyping large programs or developing entire applications.
Download (HTTP): http://www.python.org/ftp/python/2.4.1/Python-2.4.1.tar.bz2
Download (FTP): ftp://ftp.python.org/pub/python/2.4.1/Python-2.4.1.tar.bz2
Download MD5 sum: de3e9a8836fab6df7c7ce545331afeb3
Download size: 7.8 MB
Estimated disk space required: 115 MB
Estimated build time: 0.91 SBU (additional 2.20 SBU to run the testsuite)
OpenSSL-0.9.7g, Tk-8.4.11, GDBM-1.8.3 and Berkeley DB-4.3.28
Install Python by running the following commands:
patch -Np1 -i ../Python-2.4.1-gdbm-1.patch && ./configure --prefix=/usr --enable-shared && make
To test the results, issue: make test.
Now, as the root user:
make install
There is no documentation installed using the instructions above. However, There are LaTeX sources included with the distribution. See the Doc/README file in the source distribution for instructions to format the LaTeX sources. Alternatively, you can download preformatted documentation from http://www.python.org/doc/current/download.html.
The Ruby package contains the Ruby development environment. This is useful for object-oriented scripting.
Download (HTTP): http://www.ibiblio.org/pub/languages/ruby/ruby/ruby-1.8.2.tar.gz
Download (FTP): ftp://ftp.ruby-lang.org/pub/ruby/ruby-1.8.2.tar.gz
Download MD5 sum: 8ffc79d96f336b80f2690a17601dea9b
Download size: 3.5 MB
Estimated disk space required: 55.2 MB
Estimated build time: 0.9 SBU
Required patch to fix a vulnerability which allows remote attackers to execute arbitrary commands: http://www.ruby-lang.org/patches/ruby-1.8.2-xmlrpc-ipimethods-fix.diff
OpenSSL-0.9.7g, Tk-8.4.11, Berkeley DB-4.3.28 and GDBM-1.8.3
Install Ruby by running the following commands:
patch -Np1 -i ../ruby-1.8.2-xmlrpc-ipimethods-fix.diff &&
./configure --prefix=/usr --enable-shared \
--enable-pthread --enable-install-doc &&
make
To test the results, issue: make test.
Now, as the root user:
make install
--enable-shared: This parameter builds the libruby shared library.
--enable-pthread: This parameter links the threading library into the Ruby build.
The Tcl package contains the Tool Command Language, a robust general-purpose scripting language.
Download (HTTP): http://prdownloads.sourceforge.net/tcl/tcl8.4.11-src.tar.gz
Download MD5 sum: 629dfea34e4087eb4683f834060abb63
Download size: 3.4 MB
Estimated disk space required: 22.5 MB
Estimated build time: 0.3 SBU (additional 0.9 SBU to run the test suite)
This package is also installed in LFS during the bootstrap phase. At the time of the LFS-6.1 release, 8.4.11 was not available. The significant difference between the two installations (other than installing to /usr) is that the package is installed in such a way that there is no need to keep the build directory around after installation.
Install Tcl by running the following commands:
export VERSION=8.4.11 &&
export V=`echo $VERSION | cut -d "." -f 1,2` &&
export DIR=$PWD &&
cd unix &&
./configure --prefix=/usr --enable-threads &&
make &&
sed -i "s:${DIR}/unix:/usr/lib:" tclConfig.sh &&
sed -i "s:${DIR}:/usr/include/tcl${V}:" tclConfig.sh &&
sed -i "s,^TCL_LIB_FILE='libtcl${V}..TCL_DBGX..so',\
TCL_LIB_FILE=\"libtcl${V}\$\{TCL_DBGX\}.so\"," tclConfig.sh
To test the results, issue: make test.
Now, as the root user:
make install &&
install -v -d /usr/include/tcl${V}/unix &&
install -v -m644 *.h /usr/include/tcl${V}/unix/ &&
install -v -d /usr/include/tcl${V}/generic &&
install -v -c -m644 ../generic/*.h /usr/include/tcl${V}/generic/ &&
rm -v -f /usr/include/tcl${V}/generic/{tcl,tclDecls,tclPlatDecls}.h &&
ln -v -nsf ../../include/tcl${V} /usr/lib/tcl${V}/include &&
ln -v -sf libtcl${V}.so /usr/lib/libtcl.so &&
ln -v -sf tclsh${V} /usr/bin/tclsh
Clean up the unprivileged user's environment using the following commands:
unset VERSION && unset V && unset DIR
--enable-threads: This switch forces the package to build with thread support.
sed -i ...: The Tcl package assumes that the source used to build Tcl is always kept around for compiling packages that depend on Tcl. These seds remove the reference to the build directory and replace them by saner system-wide locations.
install ...: These commands install the internal headers into a system-wide location.
ln -v -sf ...: These commands create compatibility symbolic links.
The Tk package contains a TCL GUI Toolkit.
Download (HTTP): http://prdownloads.sourceforge.net/tcl/tk8.4.11-src.tar.gz
Download MD5 sum: 408e34fe8a1cec497f98f05bbe89b348
Download size: 3.1 MB
Estimated disk space required: 21.6 MB
Estimated build time: 0.4 SBU
X (XFree86-4.5.0 or X.org-6.8.2) and Tcl-8.4.11
Install Tk by running the following commands:
export VERSION=8.4.11 &&
export V=`echo $VERSION | cut -d "." -f 1,2` &&
export DIR=$PWD &&
cd unix &&
./configure --prefix=/usr --enable-threads &&
make &&
sed -i "s:${DIR}/unix:/usr/lib:" tkConfig.sh &&
sed -i "s:${DIR}:/usr/include/tk${V}:" tkConfig.sh
The test is not recommended. Some tests may crash your X Server. To test the results, issue: make test. Ensure you run it from an X Window display device with the GLX extensions loaded, else the tests will hang.
Now, as the root user:
make install &&
install -v -d /usr/include/tk${V}/unix &&
install -v -m644 *.h /usr/include/tk${V}/unix/ &&
install -v -d /usr/include/tk${V}/generic &&
install -v -m644 ../generic/*.h /usr/include/tk${V}/generic/ &&
rm -v -f /usr/include/tk${V}/generic/{tk,tkDecls,tkPlatDecls}.h &&
ln -v -nsf ../../include/tk${V} /usr/lib/tk${V}/include &&
ln -v -sf libtk${V}.so /usr/lib/libtk.so &&
ln -v -sf wish${V} /usr/bin/wish
Clean up the unprivileged user's environment using the following commands:
unset VERSION && unset V && unset DIR
--enable-threads: This switch forces the package to build with thread support.
sed -i ...: The Tk package assumes that the source used to build Tk is always kept around for compiling packages that depend on Tk. These seds remove the reference to the build directory and replace them by saner system-wide locations.
install ...: These commands install the internal headers into a system-wide location.
ln -v -sf ...: These commands create compatibility symbolic links.
This section is provided to show you some additional programming tools for which instructions have not yet been created in the book or for those that are not appropriate for the book. Note that these packages may not have been tested by the BLFS team, but their mention here is meant to be a convenient source of additional information.
Boost provides free peer-reviewed portable C++ source libraries. The emphasis is on libraries which work well with the C++ Standard Library. The libraries are intended to be widely useful, and are in regular use by thousands of programmers across a broad spectrum of applications, platforms and programming environments.
Project Home Page: http://www.boost.org/
Download Location: http://prdownloads.sourceforge.net/boost/
GNU DDD is a graphical front-end for command-line debuggers such as GDB, DBX, WDB, Ladebug, JDB, XDB, the Perl debugger, the Bash debugger, or the Python debugger. Besides “usual” front-end features such as viewing source texts, DDD has an interactive graphical data display, where data structures are displayed as graphs..
Project Home Page: http://www.gnu.org/software/ddd/
Download Location: http://ftp.gnu.org/gnu/ddd/
cachecc1 is a GCC cache. It can be compared with the well known ccache package. It has some unique features including the use of an LD_PRELOADed shared object to catch invocations to cc1, cc1plus and as, it transparently supports all build methods, it can cache GCC bootstraps and it can be combined with distcc to transparently distribute compilations.
Project Home Page: http://cachecc1.sourceforge.net/
Download Location: http://prdownloads.sourceforge.net/cachecc1
ccache is a compiler cache. It acts as a caching pre-processor to C/C++ compilers, using the -E compiler switch and a hash to detect when a compilation can be satisfied from cache. This often results in 5 to 10 times faster speeds in common compilations.
Project Home Page: http://ccache.samba.org/
Download Location: http://ccache.samba.org/ftp/ccache/
distcc is a program to distribute builds of C, C++, Objective C or Objective C++ code across several machines on a network. distcc should always generate the same results as a local build, is simple to install and use, and is usually much faster than a local compile. distcc does not require all machines to share a filesystem, have synchronized clocks, or to have the same libraries or header files installed. They can even have different processors or operating systems, if cross-compilers are installed.
Project Home Page: http://distcc.samba.org/
Download Location: http://distcc.samba.org/download.html
Euphoria is a simple, flexible, and easy-to-learn programming language. It lets you quickly and easily develop programs for Windows, DOS, Linux and FreeBSD. Euphoria was first released in 1993. Since then Rapid Deployment Software has been steadily improving it with the help of a growing number of enthusiastic users. Although Euphoria provides subscript checking, uninitialized variable checking and numerous other run-time checks, it is extremely fast. People have used it to develop high-speed DOS games, Windows GUI programs, and Linux X Windows programs. It is also very useful for CGI (Web-based) programming.
Project Home Page: http://www.rapideuphoria.com/
Download Location: http://www.rapideuphoria.com/v20.htm
FFTW is a C subroutine library for computing the discrete Fourier transform (DFT) in one or more dimensions, of arbitrary input size, and of both real and complex data (as well as of even/odd data, i.e., the discrete cosine/sine transforms or DCT/DST).
Project Home Page: http://www.fftw.org/
Download Location: http://www.fftw.org/download.html
GDB is the GNU Project debugger. It allows you to see what is going on “inside” another program while it executes. It also allows you to see what another program was doing at the moment it crashed.
Project Home Page: http://www.gnu.org/software/gdb/
Download Location: ftp://ftp.gnu.org/gnu/gdb/
GOB (GOB2 anyway) is a preprocessor for making GObjects with inline C code so that generated files are not edited. Syntax is inspired by Java and Yacc or Lex. The implementation is intentionally kept simple, and no C actual code parsing is done.
Project Home Page: http://www.5z.com/jirka/gob.html
Download Location: http://ftp.5z.com/pub/gob/
ccache is clone of ccache, with the goal of supporting other compilers than GCC and adding additional features. Embedded compilers will especially be in focus.
Project Home Page: http://sourceforge.net/projects/gocache/
Download Location: http://prdownloads.sourceforge.net/gocache/
GTK+/GNOME language bindings allow GTK+ to be used from other programming languages, in the style of those languages.
Project Home Page: http://www.gtk.org/bindings.html
gtkmm is the official C++ interface for the popular GUI library GTK+. Highlights include typesafe callbacks, widgets extensible via inheritance and a comprehensive set of widgets. You can create user interfaces either in code or with the Glade designer, using libglademm.
Project Home Page: http://www.gtkmm.org/
Download Location: http://www.gtkmm.org/download.shtml
Java-GNOME is a set of Java bindings for the GNOME and GTK+ libraries that allow GNOME and GTK+ applications to be written in Java. The Java-GNOME API has been carefully designed to be easy to use, maintaining a good OO paradigm, yet still wrapping the entire functionality of the underlying libraries. Java-GNOME can be used with the Eclipse development environment and Glade user interface designer to create applications with ease.
Project Home Page: http://java-gnome.sourceforge.net/cgi-bin/bin/view
Download Location: http://java-gnome.sourceforge.net/cgi-bin/bin/view/Main/GetJavaGnome#Source_Code
gtk2-perl is the collective name for a set of perl bindings for GTK+ 2.x and various related libraries. These modules make it easy to write GTK and GNOME applications using a natural, perlish, object-oriented syntax.
Project Home Page: http://gtk2-perl.sourceforge.net/
Download Location: http://prdownloads.sourceforge.net/gtk2-perl
PyGTK provides a convenient wrapper for the GTK library for use in Python programs, and takes care of many of the boring details such as managing memory and type casting. When combined with PyORBit and gnome-python, it can be used to write full featured GNOME applications.
Project Home Page: http://www.pygtk.org/
Download Location: http://www.pygtk.org/downloads.html
KDE and most KDE applications are implemented using the C++ programming language, however there are number of bindings to other languages are available. These include scripting languages like Perl, Python and Ruby, and systems programming languages such as Java and C#.
Project Home Page: http://developer.kde.org/language-bindings/
Numerical Python adds a fast array facility to the Python language.
Project Home Page: http://numeric.scipy.org/
Download Location: http://prdownloads.sourceforge.net/numpy/
There are many Perl scripts and additional modules located on the Comprehensive Perl Archive Network (CPAN) web site. Here you will find “All Things Perl”.
Project Home Page: http://cpan.org/
SCons is an Open Source software construction tool, i.e, a next-generation build tool. Think of SCons as an improved, cross-platform substitute for the classic make utility with integrated functionality similar to Autoconf/Automake and compiler caches such as ccache.
Project Home Page: http://scons.sourceforge.net/
Download Location: http://prdownloads.sourceforge.net/scons/
strace is a system call tracer, i.e., a debugging tool which prints out a trace of all the system calls made by another process or program.
Project Home Page: http://www.liacs.nl/~wichert/strace/
Download Location: http://prdownloads.sourceforge.net/strace/
SWIG is a software development tool that connects programs written in C and C++ with a variety of high-level programming languages. SWIG is used with different types of languages including common scripting languages such as Perl, Python, Tcl/Tk and Ruby. The list of supported languages also includes non-scripting languages such as C#, Common Lisp (Allegro CL), Java, Modula-3 and OCAML. Also several interpreted and compiled Scheme implementations (Chicken, Guile, MzScheme) are supported. SWIG is most commonly used to create high-level interpreted or compiled programming environments, user interfaces, and as a tool for testing and prototyping C/C++ software. SWIG can also export its parse tree in the form of XML and Lisp s-expressions.
Project Home Page: http://www.swig.org/
Download Location: http://prdownloads.sourceforge.net/swig/
Valgrind is a collection of five tools: two memory error detectors, a thread error detector, a cache profiler and a heap profiler used for debugging and profiling Linux programs. Features include automatic detection of many memory management and threading bugs as well as detailed profiling to speed up and reduce memory use of your programs.
Project Home Page: http://valgrind.org/
Download Location: http://valgrind.org/downloads/source_code.html
The LFS book covers setting up networking by connecting to a LAN with a static IP address. There are other methods used to connect to a LAN and other networks (such as the Internet). The most popular methods are covered in this chapter.
This chapter provides utilities for system interaction with a modem.
The PPP package contains the pppd daemon and the chat program. This is used for connecting to other machines; often for connecting to the Internet via a dial-up or PPPoE connection to an ISP.
Download (HTTP): http://ccache.samba.org/ftp/ppp/ppp-2.4.3.tar.gz
Download (FTP): ftp://ftp.samba.org/pub/ppp/ppp-2.4.3.tar.gz
Download MD5 sum: 848f6c3cafeb6074ffeb293c3af79b7c
Download size: 672 KB
Estimated disk space required: 6.2 MB
Estimated build time: 0.13 SBU
PPP support must be compiled into the kernel or available as a kernel module.
Install PPP by running the following commands:
./configure --prefix=/usr && make
This package does not come with a test suite.
Now, as the root user:
make install && make install-etcppp
make install-etcppp: This command puts example configuration files in /etc/ppp.
The PPP daemon requires very little configuration. The main trick is scripting the connection. This can be done either using the chat program which comes with this package or by using WvDial-1.54.0.
The WvDial package contains a no-nonsense, quick and easy to use alternative to chat and pppd scripts. If you simply want to dial a modem without the fuss and hassle of chat issues, then you'll want this.
Download (HTTP): http://open.nit.ca/download/wvdial-1.54.0.tar.gz
Download (FTP): ftp://ftp.ing-steen.se/pub/unix/unsort/wvdial-1.54.0.tar.gz
Download MD5 sum: 8648c044305fc66ee33ecc55d36f8c8b
Download size: 66 KB
Estimated disk space required: 2.7 MB
Estimated build time: 0.06 SBU
Install WvDial by running the following commands:
make PREFIX=/usr
Now, as the root user:
make PREFIX=/usr install
Perform the following two commands as the root user:
touch /etc/wvdial.conf && wvdialconf /etc/wvdial.conf
wvdialconf will test that you have a working modem and try to determine its exact setup. You will then need to enter your ISP's phone number, login name and password into the /etc/wvdial.conf file.
You then start wvdial with:
wvdial
For more information, examine the wvdialconf, wvdial.conf and wvdial man pages. Also, have a look at the Non-Root Dial Out HOWTO if you want to give non-root users access to wvdial.
DHCP stands for Dynamic Host Configuration Protocol. It is a protocol used by many sites to automatically provide information such as IP addresses, subnet masks and routing information to computers. If your network uses DHCP, you will need a DHCP client in order to connect to it. DHCP is also used by some cable modems.
BLFS currently provides installation instructions for two DHCP clients, dhclient (from the dhcp package) and dhcpcd. BLFS presents both sets of installation instructions and discusses how to create an appropriate service script to work with the network bootscript and the DHCP client of your choice.
The DHCP package comes with both a client (dhclient) and a server program for using DHCP. If you want to install this package, the instructions can be found at DHCP-3.0.2. Note that if you only want to use the client, you do not need to run the server and so do not need the startup script and links provided for the server daemon. You only need to run the DHCP server if you're providing this service to a network, and it's likely that you'll know if that's the case; if it isn't, don't run the server! Once you have installed the package, return here for information on how to configure the client (dhclient).
To configure dhclient, you need to first install the network service script, /etc/sysconfig/network-devices/services/dhclient included in the blfs-bootscripts-6.1 package (as root):
make install-service-dhclient
Next, create the /etc/sysconfig/network-devices/ifconfig.eth0/dhclient configuration file with the following commands as the root user. Adjust as necessary for additional interfaces:
install -v -d /etc/sysconfig/network-devices/ifconfig.eth0 && cat > /etc/sysconfig/network-devices/ifconfig.eth0/dhclient << "EOF" ONBOOT="yes" SERVICE="dhclient" DHCP_START="-q [add additional start parameters here]" DHCP_STOP="-q -r [add additional stop parameters here]" # Set PRINTIP="yes" to have the script print # the DHCP assigned IP address PRINTIP="no" # Set PRINTALL="yes" to print the DHCP assigned values for # IP, SM, DG, and 1st NS. This requires PRINTIP="yes". PRINTALL="no" EOF
For more information on the appropriate DHCP_START and DHCP_STOP values, examine the man page for dhclient.
Finally, you should create the /etc/dhclient.conf file using the following commands as the root user:
You'll need to add a second interface definition to the file if you have more than one interface.
cat > /etc/dhclient.conf << "EOF"
# dhclient.conf
interface "eth0"{
prepend domain-name-servers 127.0.0.1;
request subnet-mask, broadcast-address, time-offset, routers,
domain-name, domain-name-servers, host-name;
require subnet-mask, domain-name-servers;
}
# end dhclient.conf
EOF
The dhcpcd package contains the dhcpcd client. This is useful for connecting your computer to a network which uses DHCP to assign network addresses.
Download (HTTP): http://www.phystech.com/ftp/dhcpcd-1.3.22-pl4.tar.gz
Download (FTP): ftp://ftp.phystech.com/pub/dhcpcd-1.3.22-pl4.tar.gz
Download MD5 sum: dd627a121e43835bead3ffef5b1a72fd
Download size: 145 KB
Estimated disk space required: 944 KB
Estimated build time: 0.04 SBU
Install dhcpcd by running the following commands:
patch -Np1 -i ../dhcpcd-1.3.22-pl4-fhs-1.patch && ./configure --prefix="" --sysconfdir=/var/lib && make
Now, as the root user:
make install
patch -Np1 -i ../dhcpcd-1.3.22-pl4-fhs-1.patch: dhcpcd unpatched puts all configuration and temporary files in /etc/dhcpc. This becomes very annoying when dhcpcd tells you it's running and it's not. You look in /var/run for the PID file, but it's not there, the PID file that needs deleting is in /etc/dhcpc. This patch brings this program into FHS compliance, but more importantly, puts files where you expect them to be.
--prefix="": There may be a good reason for abandoning the normal BLFS convention of using --prefix=/usr here. If you are installing DHCP, it is likely that it is required during the boot process and /usr may be network mounted, in which case dhcpcd wouldn't be available due to being on the network! Therefore, depending on your situation, you may want it to be installed in /sbin or /usr/sbin. This command installs to /sbin.
--sysconfdir=/var/lib: This command installs configuration files in the /var/lib directory.
To configure dhcpcd, you need to first install the network service script, /etc/sysconfig/network-devices/services/dhcpcd included in the blfs-bootscripts-6.1 package (as user root):
make install-service-dhcpcd
Finally, as the root user create the /etc/sysconfig/network-devices/ifconfig.eth0/dhcpcd configuration file using the following commands. Adjust appropriately for additional interfaces:
install -v -d /etc/sysconfig/network-devices/ifconfig.eth0 && cat > /etc/sysconfig/network-devices/ifconfig.eth0/dhcpcd << "EOF" ONBOOT="yes" SERVICE="dhcpcd" DHCP_START="[insert appropriate start options here]" DHCP_STOP="-k [insert additional stop options here]" # Set PRINTIP="yes" to have the script print # the DHCP assigned IP address PRINTIP="no" # Set PRINTALL="yes" to print the DHCP assigned values for # IP, SM, DG, and 1st NS. This requires PRINTIP="yes". PRINTALL="no" EOF
For more information on the appropriate DHCP_START and DHCP_STOP values, examine the man page for dhcpcd.
Other methods to connect to large networks are through ISDN and PPPoE interfaces, among others. PPPoE is discussed here. Pages written for ISDN (or others as the need arises) are always welcome and will be included in future books, if the information becomes available.
The Roaring Penguin PPPoE package contains both a client and a server component that works with the client. The client allows you to connect to large networks that use the PPPoE protocol, common among ADSL providers. The server component runs alongside the client, allowing you to configure other clients that send out a configuration request.
Download (HTTP): http://www.roaringpenguin.com/penguin/pppoe/rp-pppoe-3.5.tar.gz
Download (FTP): ftp://ftp.fu-berlin.de/unix/linux/mirrors/gentoo/distfiles/rp-pppoe-3.5.tar.gz
Download MD5 sum: 97972f8f8f6a3ab9b7070333a6a29c4b
Download size: 185 KB
Estimated disk space required: 2.2 MB
Estimated build time: 0.05 SBU
PPP-2.4.3 and Net-tools-1.60 (you may omit Net-tools by using the following patch to utilize IPRoute2 instead: http://www.linuxfromscratch.org/blfs/downloads/6.1/rp-pppoe-3.5-iproute2-1.patch)
If you plan on using kernel-mode PPPoE, this package is no longer explicitly needed, however, it is recommended for ease of configuration. Additional information about kernel mode PPPoE can be found in rp-pppoe-3.5/doc/KERNEL-MODE-PPPOE.
Fix the location of the logger executable in several ADSL scripts:
sed -i s%/usr/bin/logger%/bin/logger% \
scripts/adsl-{connect,setup,stop}.in
Install RP-PPPoE by running the following commands:
cd src && ./configure && make
This package does not come with a test suite.
Now, as the root user:
make install
These are the standard installation commands that will install the package into the /usr prefix. You can optionally use the go script in the root of the source tree to run the same commands, which are then immediately followed by the adsl-setup script.
/etc/ppp/pppoe.conf, /etc/ppp/firewall-standalone, /etc/ppp/firewall-masq, /etc/ppp/pppoe-server-options, /etc/resolv.conf, /etc/ppp/pap-secrets, /etc/ppp/chap-secrets
To configure RP-PPPoE after installation, you should run the adsl-setup script.
When configuring your connection, you will need to have your ISP's nameserver information available, as well as your username and password. You will also be asked whether to configure a dial-on-demand or a constant connection. If your service provider does not charge by the minute, it is usually good to have a bootscript handle the connection for you. You can, of course, choose not to install the following script, and start your connection manually with the adsl-start script.
Optionally install the /etc/sysconfig/network-devices/services/pppoe service script included with the blfs-bootscripts-6.1 package (as user root).
make install-service-pppoe
Now create the config file for use with the pppoe service script (as user root):
If you have previously configured the network interface that will now use PPPoE, you should remove the interface configuration files for that interface (as user root):
rm -v /etc/sysconfig/network-devices/ifconfig.eth0/*
install -v -d /etc/sysconfig/network-devices/ifconfig.eth0 && cat > /etc/sysconfig/network-devices/ifconfig.eth0/pppoe << "EOF" ONBOOT="yes" SERVICE="pppoe" EOF
These applications are support libraries for other applications in the book. It is unlikely that you would just install these libraries, you will generally find that you will be referred to this chapter to satisfy a dependency of other applications.
The cURL package contains curl and its support library. This is useful for transferring files with URL syntax. This ability to both download and redirect files can be incorporated into other programs to support functions like streaming media.
Download (HTTP): http://www.execve.net/curl/curl-7.14.0.tar.bz2
Download MD5 sum: 46ce665e47d37fce1a0bad935cce58a9
Download size: 1.9 MB
Estimated disk space required: 23.8 MB
Estimated build time: 0.34 SBU (additional 0.86 SBU to run the test suite)
pkg-config-0.19, OpenSSL-0.9.7g, OpenLDAP-2.2.24, MIT krb5-1.4.1 or Heimdal-0.7, krb4, Libidn, SPNEGO and c-ares
Stunnel-4.11 (for running HTTPS and FTPS tests) and Valgrind (not used if building the shared library)
Install cURL by running the following commands:
./configure --prefix=/usr && make
If you wish to run the testsuite, use the following commands to fix a bug in the test script and then run the tests:
sed -i -e 's/^require "valgrind.pm"/# &/' tests/runtests.pl && make check
Now, as the root user:
make install &&
find docs -name "Makefile*" \
-o -name "*.1" \
-o -name "*.3" | xargs rm &&
install -v -d -m755 /usr/share/doc/curl-7.14.0 &&
cp -v -R docs/* /usr/share/doc/curl-7.14.0
| curl |
is a client that can get documents from or send documents to any of the following protocols: HTTP, HTTPS (needs OpenSSL-0.9.7g), FTP, GOPHER, DICT, TELNET, LDAP (needs OpenLDAP-2.2.24 at run time) or FILE. |
| curl-config |
prints information about the last compile, like libraries linked to and prefix setting. |
| libcurl.[so,a] |
provides the API functions required by curl and other programs. |
WvStreams is a library suite containing platform-independent C++ networking and utilities libraries for rapid application development.
Download (HTTP): http://open.nit.ca/download/wvstreams-4.0.1.tar.gz
Download MD5 sum: 89cdc4f979d1f6d745e173bc7485f325
Download size: 1.0 MB
Estimated disk space required: 57 MB (additional 43 MB to install documentation)
Estimated build time: 0.77 SBU (additional 0.45 SBU to build documentation)
Required Patch for Tcl: http://www.linuxfromscratch.org/blfs/downloads/6.1/wvstreams-4.0.1-tcl84-1.patch
pkg-config-0.19, FAM-2.7.0, Berkeley DB-4.3.28, Linux-PAM-0.80, Tcl-8.4.11, Qt-3.3.4, Speex-1.0.5, libvorbis-1.1.1, Doxygen-1.4.3, FFTW-2.X, SWIG, QDBM, OpenSLP, XPLC, Valgrind and Electric Fence
If you have Tcl and SWIG installed and wish to utilize them, apply the following patch and run the autoreconf program:
patch -Np1 -i ../wvstreams-4.0.1-tcl84-1.patch && autoreconf -f
Install WvStreams by running the following commands:
./configure --prefix=/usr \
--sysconfdir=/etc --localstatedir=/var &&
make
If Doxygen is installed and you wish to build the API documentation, issue the following command:
make doxygen
Now, as the root user:
make install
If you built the API documentation, install it using the following commands:
install -v -d -m755 /usr/share/doc/wvstreams-4.0.1/doxy-html &&
install -v -m644 Docs/doxy-html/* \
/usr/share/doc/wvstreams-4.0.1/doxy-html
--sysconfdir=/etc: This parameter places configuration files in /etc instead of /usr/etc.
--localstatedir=/var: This parameter places uniconfd run-time files in /var/lib instead of /usr/var/lib.
As with most libraries, there is no configuration to do, save that the library directory i.e., /opt/lib or /usr/local/lib should appear in /etc/ld.so.conf so that ldd can find the shared libraries. After checking that this is the case, /sbin/ldconfig should be run while logged in as root.
The GNet package contains a simple network library. This is useful for supporting TCP sockets, UDP and IP multicast, asynchronous DNS lookup, and more.
Download (HTTP): http://gnetlibrary.org/src/gnet-2.0.7.tar.gz
Download MD5 sum: 3a7a40411775688fe4c42141ab007048
Download size: 595 KB
Estimated disk space required: 7.6 MB
Estimated build time: 0.2 SBU
Install GNet by running the following commands:
./configure --prefix=/usr && make
This package does not come with a test suite.
Now, as the root user:
make install
The libsoup package contains an HTTP library implementation in C. This is useful for accessing HTTP servers in a completely asynchronous mode.
Download (HTTP): http://ftp.gnome.org/pub/gnome/sources/libsoup/2.2/libsoup-2.2.3.tar.bz2
Download (FTP): ftp://ftp.gnome.org/pub/gnome/sources/libsoup/2.2/libsoup-2.2.3.tar.bz2
Download MD5 sum: 2591f32e036a5869f7e2bd0d95e6f14b
Download size: 358 KB
Estimated disk space required: 9.1 MB
Estimated build time: 0.30 SBU
GTK-Doc-1.3 and GnuTLS (which needs libgpg-error then libgcrypt)
Install libsoup by running the following commands:
./configure --prefix=/usr && make
Now, as the root user:
make install
libpcap provides functions for user-level packet capture, used in low-level network monitoring.
Download (HTTP): http://www.tcpdump.org/release/libpcap-0.9.3.tar.gz
Download MD5 sum: 0ad921c881fdd3d278046afcd352a151
Download size: 424 KB
Estimated disk space required: 3.2 MB
Estimated build time: less than 0.1 SBU
Install libpcap by running the following commands:
./configure --prefix=/usr && make
This package does not come with a test suite.
Now, as the root user:
make install &&
install -v -m755 -d /usr/share/doc/libpcap-0.9.3 &&
install -v -m644 doc/*{html,txt} /usr/share/doc/libpcap-0.9.3
People who are new to Unix-based systems tend to ask the question "Why on earth would I want a text-mode browser? I'm going to compile X and use Konqueror/Mozilla/Whatever!". Those who have been around systems for a while know that when (not if) you manage to mess up your graphical browser install and you need to look up some information on the web, a console based browser will save you. Also, there are quite a few people who prefer to use one of these browsers as their principle method of browsing; either to avoid the clutter and bandwidth which accompanies images or because they may use a text-to-speech synthesizer which can read the page to them (of use for instance to partially sighted or blind users). In this chapter you will find installation instructions for three console web browsers:
Links is a text and graphics mode WWW browser. It includes support for rendering tables and frames, features background downloads, can display colors and has many other features.
Download (HTTP): http://atrey.karlin.mff.cuni.cz/~clock/twibright/links/download/links-2.1pre17.tar.bz2
Download (FTP): ftp://atrey.karlin.mff.cuni.cz/pub/local/clock/links/links-2.1pre17.tar.bz2
Download MD5 sum: 94315d9ba68bbb543d93b3b3b4f07582
Download size: 3.7 MB
Estimated disk space required: 24.0 MB
Estimated build time: 0.21 SBU
GPM-1.20.1, OpenSSL-0.9.7g, libpng-1.2.8, libjpeg-6b, libtiff-3.7.3, SDL-1.2.8, SVGAlib, DirectFB and X (XFree86-4.5.0 or X.org-6.8.2)
Install Links by running the following commands:
./configure --prefix=/usr && make
This package does not come with a test suite.
Now, as the root user:
make install
--enable-graphics: Add this switch if you want to use Links in graphics mode. You will either need to install the X Window System or enable frame buffer support in your kernel and install GPM-1.20.1.
Lynx is a text based web browser.
Download (HTTP): http://lynx.isc.org/release/lynx2.8.5.tar.bz2
Download (FTP): ftp://lynx.isc.org/lynx2.8.5/lynx2.8.5.tar.bz2
Download MD5 sum: d1e5134e5d175f913c16cb6768bc30eb
Download size: 2.2 MB
Estimated disk space required: 25 MB
Estimated build time: 0.48 SBU
OpenSSL-0.9.7g or GnuTLS (which needs libgpg-error then libgcrypt), MTA, Zip-2.31, UnZip-5.52, slang-1.4.9, ncompress and sharutils
Install Lynx by running the following commands:
./configure --prefix=/usr --libdir=/etc \
--with-zlib --with-bzlib &&
make
Now, as the root user:
make install &&
make docdir=/usr/share/doc/lynx-2.8.5/lynx_doc \
helpdir=/usr/share/doc/lynx-2.8.5/lynx_help install-doc &&
make docdir=/usr/share/doc/lynx-2.8.5/lynx_doc \
helpdir=/usr/share/doc/lynx-2.8.5/lynx_help install-help &&
chgrp -v -R root /usr/share/doc/lynx-2.8.5/lynx_doc
--libdir=/etc: For some reason, the configure and make routine for Lynx uses libdir as the prefix for the configuration file. This is set to /etc so that the system wide configuration file is /etc/lynx.cfg.
--with-zlib: This enables support for linking libz into Lynx.
--with-bzlib: This enables support for linking libbz2 into Lynx.
docdir=... helpdir=...: These variables are set to avoid getting the help and documentation files installed under /etc.
--with-ssl: This enables support for linking SSL into Lynx.
--with-gnutls: This enables support for linking GnuTLS into Lynx.
chgrp -v -R root /usr/share/doc/lynx-2.8.5/lynx_doc: This command corrects the improper group ownership of installed documentation files caused if Lynx is built by any user other than root.
w3m is primarily a pager but it can also be used as a text-mode WWW browser.
Download (HTTP): http://prdownloads.sourceforge.net/w3m/w3m-0.5.1.tar.gz
Download MD5 sum: 0678b72e07e69c41709d71ef0fe5da13
Download size: 1.9 MB
Estimated disk space required: 18.4 MB
Estimated build time: 0.28 SBU
pkg-config-0.19, GPM-1.20.1, OpenSSL-0.9.7g, Imlib-1.9.15 or Imlib2-1.2.1, GDK Pixel Buffer-0.22.0, Compface-1.4, nkf, a Mail User Agent and an External Browser
Install w3m by running the following commands:
./configure --prefix=/usr --libexecdir=/usr/lib --sysconfdir=/etc && make
This package does not come with a test suite.
Now, as the root user:
make install &&
install -v -D -m 644 doc/keymap.default /etc/w3m/keymap &&
install -v -D -m 644 doc/menu.default /etc/w3m/menu &&
install -v -d -m 755 /usr/share/doc/w3m-0.5.1/html &&
install -v -m 644 doc/{HISTORY,READM*,keymap.*,menu.*} \
/usr/share/doc/w3m-0.5.1 &&
install -v -m 644 doc/*.html \
/usr/share/doc/w3m-0.5.1/html
These applications are generally client applications used to access the appropriate server across the building or across the world. Tcpwrappers and portmap are support programs for daemons that you may have running on your machine.
CVS is the Concurrent Versions System. This is a version control system useful for projects using a central repository to hold files and then track all changes made to those files. These instructions install the client used to manipulate the repository, creation of a repository is covered at Running a CVS Server.
Download (HTTP): https://ccvs.cvshome.org/files/documents/19/861/cvs-1.11.20.tar.bz2
Download MD5 sum: 9e215c0ee3bb7dfb76515d7cd81a3742
Download size: 2.4 MB
Estimated disk space required: 22 MB
Estimated build time: 0.3 SBU (additional 19.1 SBU to run the test suite)
Recommended patch: http://www.linuxfromscratch.org/blfs/downloads/6.1/cvs-1.11.20-zlib-1.patch
GDBM-1.8.3, Tcsh-6.14.00, krb4, MIT krb5-1.4.1 or Heimdal-0.7 (for the GSSAPI libraries), AFPL Ghostscript-8.51 or ESP Ghostscript-7.07.1, and an MTA
By default CVS is statically linked against the Zlib library included in its source tree. This makes it exposed to possible security vulnerabilities in that library. If you want to modify CVS to use the newest system shared Zlib library, apply the following patch:
patch -Np1 -i ../cvs-1.11.20-zlib-1.patch
Install CVS by running the following commands:
./configure --prefix=/usr && make
To test the results, issue: make check.
Now, as the root user:
make install &&
install -v -m755 -d /usr/share/doc/cvs-1.11.20 &&
install -v -m644 doc/cvs{,client}.ps /usr/share/doc/cvs-1.11.20
~/.cvsrc is the main CVS configuration file. This file is used by users to specify defaults for different cvs commands. For example, to make all cvs diff commands run with -u, a user would add diff -u to their .cvsrc file.
~/.cvswrappers specifies wrappers to be used in addition to those specified in the CVSROOT/cvswrappers file in the repository.
~/.cvspass can hold passwords to complete logins to servers.
The Inetutils package contains network clients and servers.
Download (HTTP): http://gd.tuwien.ac.at/gnu/gnusrc/inetutils/inetutils-1.4.2.tar.gz
Download (FTP): ftp://ftp.gnu.org/gnu/inetutils/inetutils-1.4.2.tar.gz
Download MD5 sum: df0909a586ddac2b7a0d62795eea4206
Download size: 1.04 MB
Estimated disk space required: 10.2 MB
Estimated build time: 0.26 SBU
Linux-PAM-0.80, tcpwrappers-7.6, krb4, and Heimdal-0.7 or MIT krb5-1.4.1
Install Inetutils by running the following commands:
patch -Np1 -i ../inetutils-1.4.2-kernel_headers-1.patch &&
patch -Np1 -i ../inetutils-1.4.2-daemon_fixes-1.patch &&
./configure --prefix=/usr --libexecdir=/usr/sbin \
--sysconfdir=/etc --localstatedir=/var \
--mandir=/usr/share/man --infodir=/usr/share/info \
--disable-logger --disable-syslogd &&
make
This package does not come with a test suite.
Now, as the root user:
make install && mv -v /usr/bin/ping /bin
--disable-logger: This switch prevents Inetutils installing a logger program, which is installed in the LFS book.
--disable-syslogd: This switch prevents Inetutils installing a system log daemon, which is installed in the LFS book.
--with-wrap: This switch makes Inetutils compile against tcp-wrappers. Add this option if you want to utilize tcp-wrappers.
--disable-whois: This switch will prevent Inetutils installing an outdated whois client. Add this option if you plan on installing Whois-4.7.5.
--with-pam: This switch makes Inetutils link against Linux-PAM libraries. Add this option if you want to utilize PAM.
--disable-servers: Some of the servers included with Inetutils are insecure in nature and in some cases better alternatives exist. You can choose this switch to enable only the servers you need, avoiding the installation of unneeded servers.
A list of the installed programs not included here, along with their short descriptions can be found at ../../../../lfs/view/stable/chapter06/inetutils.html#contents-inetutils.
| ftpd |
is a DARPA Internet File Transfer Protocol Server. |
| inetd |
is an Internet super-server. Note that the xinetd-2.3.13 package provides a much better server that does the same thing. |
| rexecd |
is a remote execution server. |
| rlogind |
is a remote login server. |
| rshd |
is a remote shell server. |
| talkd |
is a remote user communication server. |
| telnetd |
is a DARPA TELNET protocol server. |
| tftpd |
is an Internet Trivial File Transfer Protocol server. |
| uucpd |
is a server for supporting UUCP connections over networks. |
| whois |
is a client for the whois directory service. Note that the Whois-4.7.5 package provides a much better client. |
The NcFTP package contains a powerful and flexible interface to the Internet standard File Transfer Protocol. It is intended to replace or supplement the stock ftp program.
Download (HTTP): http://gd.tuwien.ac.at/infosys/clients/ftp/ncftp/ncftp-3.1.9-src.tar.bz2
Download (FTP): ftp://ftp.ncftp.com/ncftp/ncftp-3.1.9-src.tar.bz2
Download MD5 sum: 66cf8dacec848eb11a70632fe9f21807
Download size: 401 KB
Estimated disk space required: 9.9 MB
Estimated build time: 0.3 SBU
There are two ways to build NcFTP. The first (and optimal) way builds most of the functionality as a shared library and then builds and installs the program linked against this library. The second method simply links all of the functionality into the binary statically. This doesn't make the dynamic library available for linking by other applications. You need to choose which method best suits you. Note that the second method does not create an entirely statically linked binary; only the libncftp parts are statically linked in, in this case. Be aware that building and using the shared library is covered by the Clarified Artistic License; however, developing applications that utilize the shared library is subject to a different license.
To install NcFTP using the first (and optimal) method, run the following commands:
./configure --prefix=/usr && make -C libncftp shared
Now, as the root user:
make -C libncftp soinstall
Again, as an unprivileged user:
make
Again, as the root user:
make install
To install NcFTP using the second method (with the libncftp functionality linked in statically) run the following commands:
./configure --prefix=/usr && make
Now, as the root user:
make install
make -C ... && make -C ...: These commands make and install the dynamic library libncftp which is then used to link against when compiling the main program.
Most NcFTP configuration is done while in the program, and the configuration files are dealt with automatically. One exception to this is ~/.ncftp/prefs_v3. There are various options to alter in there, including:
yes-i-know-about-NcFTPd=yes
This disables the splash screen advertising the NcFTPd server.
There are other options in the prefs_v3 file. Most of these are self-explanatory.
The NCPFS package contains client and administration tools for use with Novell networks.
Download (HTTP): http://platan.vc.cvut.cz/ftp/pub/linux/ncpfs/ncpfs-2.2.4.tar.gz
Download (FTP): ftp://platan.vc.cvut.cz/pub/linux/ncpfs/ncpfs-2.2.4.tar.gz
Download MD5 sum: 5fd2ec0680ba7e66df142637e17a5ac9
Download size: 1.6 MB
Estimated disk space required: 30 MB
Estimated build time: 0.52 SBU
Install NCPFS by running the following commands:
./configure --prefix="" --includedir=/usr/include \
--mandir=/usr/share/man --datadir=/usr/share &&
make &&
make install &&
make install-dev
--prefix="": Installs binaries on the root partition so that they are available at boot time. This may not be ideal for all systems. If /usr is mounted locally, --prefix=/usr may be a better option.
--includedir=/usr/include: Tells configure to look in /usr/include for header files. It also tells make to install NCPFS's headers here.
--mandir=/usr/share/man: Installs the man pages in the correct location.
--datadir=/usr/share: Correctly installs the locale files to /usr/share.
If you do not need to use the IPX protocol, or you use a different IPX package, you can optionally pass --disable-ipx and/or --disable-ipx-tools to the configure script to disable these options.
A config file ~/.nwclient should be placed in the home directory of each user that intends to use NCPFS. The permissions on this file should be set to 600, for obvious security reasons. The configuration file should contain a single line per server that the user will use. Each line should contain the server name, the user name, and optionally the password. Below is a sample .nwclient file.
# Begin example ~/.nwclient config file Server1/User1 Password Server2/User1 Server2/Guest1 - # End example .nwclient config file
The syntax for the .nwclient file is simple, server_name/user_name password. Be extremely careful when creating or editing this file as the client utilities are very picky about syntax. There should always be a space immediately after the username. If this space is substituted by a tab or multiple spaces, you will not get the expected results when attempting to use the NCPFS tools. If no password is supplied, the client utilities will ask for a password when it is needed. If no password is needed, for instance when using a guest account, a single '-' should be put in place of a password.
It should be noted that ncpmount is not intended to mount individual volumes because each mount point creates a separate client connection to the Novell server. Mounting each individual volume separately would be unwise, as mounting all volumes on a server under one mount point uses only one client connection.
If you need to set up the IPX protocol at boot, you can install the /etc/sysconfig/network-devices/services/ipx network service script included with the blfs-bootscripts-6.1 package.
make install-service-ipx
Next install the /etc/sysconfig/network-devices/ifconfig.eth0/ipx configuration file with the following commands:
install -v -d /etc/sysconfig/network-devices/ifconfig.eth0 && cat > /etc/sysconfig/network-devices/ifconfig.eth0/ipx << "EOF" ONBOOT="yes" SERVICE="ipx" FRAME="[802.2]" EOF
The Net-tools package is a collection of programs for controlling the network subsystem of the Linux kernel.
Download (HTTP): http://www.tazenda.demon.co.uk/phil/net-tools/net-tools-1.60.tar.bz2
Download (FTP): ftp://ftp.ibiblio.org/pub/Linux/distributions/rootlinux/rootlinux-1.3/source/base/net-tools/net-tools-1.60.tar.gz
Download MD5 sum (HTTP): 888774accab40217dde927e21979c165
Download MD5 sum (FTP): e1e83a4d4cdd72d35bcf90d76a16206f
Download size: 194 KB
Estimated disk space required: 4.3 MB
Estimated build time: 0.10 SBU
Required Patch (if compiled using GCC-3.4.x): http://www.linuxfromscratch.org/blfs/downloads/6.1/net-tools-1.60-gcc34-3.patch
Required Patch: http://www.linuxfromscratch.org/blfs/downloads/6.1/net-tools-1.60-kernel_headers-2.patch
Required Patch: http://www.linuxfromscratch.org/blfs/downloads/6.1/net-tools-1.60-mii_ioctl-1.patch
The Net-tools package installs a hostname program which will overwrite the existing program installed by Coreutils during a base LFS installation. If, for whatever reason, you need to reinstall the Coreutils package after installing Net-tools, you should use the coreutils-5.2.1-suppress_hostname_uptime_kill_su-1.patch patch if you wish to preserve the Net-tools hostname program.
The instructions below automate the configuration process by piping yes to the make config command. If you wish to run the interactive configuration process (by changing the instruction to just make config), but you are not sure how to answer all the questions, then just accept the defaults. This will be just fine in the majority of cases. What you're asked here is a bunch of questions about which network protocols you've enabled in your kernel. The default answers will enable the tools from this package to work with the most common protocols: TCP, PPP, and several others. You still need to actually enable these protocols in the kernel—what you do here is merely tell the package to include support for those protocols in its programs, but it's up to the kernel to make the protocols available.
Install Net-tools by running the following commands:
patch -Np1 -i ../net-tools-1.60-gcc34-3.patch &&
patch -Np1 -i ../net-tools-1.60-kernel_headers-2.patch &&
patch -Np1 -i ../net-tools-1.60-mii_ioctl-1.patch &&
yes "" | make config &&
sed -i -e 's|HAVE_IP_TOOLS 0|HAVE_IP_TOOLS 1|g' \
-e 's|HAVE_MII 0|HAVE_MII 1|g' config.h &&
sed -i -e 's|# HAVE_IP_TOOLS=0|HAVE_IP_TOOLS=1|g' \
-e 's|# HAVE_MII=0|HAVE_MII=1|g' config.make &&
make
This package does not come with a test suite.
Now, as the root user:
make update
yes "" | make config: Piping yes to make config skips the interactive configuration and accepts the defaults.
sed -i -e ...: These two seds change the configuration files to force building the ipmaddr, iptunnel and mii-tool programs.
The NTP package contains a client and server to keep the time synchronized between various computers over a network. This package is the official reference implementation of the NTP protocol.
Download (HTTP): http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2.0.tar.gz
Download (FTP): ftp://ftp.udel.edu/pub/ntp/ntp4/ntp-4.2.0.tar.gz
Download MD5 sum: 0f8fabe87cf54f409b57c6283f0c0c3d
Download size: 2.4 MB
Estimated disk space required: 27 MB
Estimated build time: 0.53 SBU
Install NTP by running the following commands:
./configure --prefix=/usr --bindir=/usr/sbin \
--sysconfdir=/etc &&
make
To test the results, issue: make check.
Now, as the root user:
make install && install -v -m755 -d /usr/share/doc/ntp-4.2.0 && cp -v -R html /usr/share/doc/ntp-4.2.0/
The following configuration file defines various NTP stratum 2 servers with open access from different continents. It also creates a drift file where ntpd stores the frequency offset. Since the documentation included with the package is sparse, visit the NTP website at http://www.ntp.org/ for more information.
cat > /etc/ntp.conf << "EOF" # Africa server tock.nml.csir.co.za # Asia server ntp.shim.org # Australia server ntp.saard.net # Europe server ntp.tuxfamily.net # North America server clock.psu.edu driftfile /var/cache/ntp.drift EOF
There are two options. Option one is to run ntpd continuously and allow it to synchronize the time in a gradual manner. The other option is to run ntpd periodically (using cron) and update the time each time ntpd is scheduled.
If you choose Option one, then install the /etc/rc.d/init.d/ntp init script included in the blfs-bootscripts-6.1 package.
make install-ntp
If you prefer to run ntpd periodically, add the following command to root's crontab:
ntpd -q
Execute the following command if you would like to set the hardware clock to the current system time at shutdown and reboot:
ln -v -sf ../init.d/setclock /etc/rc.d/rc0.d/K46setclock && ln -v -sf ../init.d/setclock /etc/rc.d/rc6.d/K46setclock
The other way around is already set up by LFS.
The ssh client is a secure replacement for telnet. If you want to install it, the instructions can be found in Chapter 21 – OpenSSH-4.1p1. Note that if you only want to use the client, you do not need to run the server and so do not need the startup script and links. In accordance with good practice, only run the server if you actually need it (and if you don't know whether you need it or not, it's likely that you don't!).
The portmap package is a more secure replacement for the original SUN portmap package. Portmap is used to forward RPC requests to RPC daemons such as NFS and NIS.
Download (FTP): ftp://ftp.porcupine.org/pub/security/portmap_5beta.tar.gz
Download MD5 sum: 781e16ed4487c4caa082c6fef09ead4f
Download size: 18 KB
Estimated disk space required: 268 KB
Estimated build time: 0.01 SBU
Install portmap with the following commands:
patch -Np1 -i ../portmap-5beta-compilation_fixes-3.patch && patch -Np1 -i ../portmap-5beta-glibc_errno_fix-1.patch && make
Now, as the root user:
make install
The above installation places executable portmap in /sbin. You may choose to move the file to /usr/sbin. If you do, remember to modify the bootscript also.
Install the /etc/rc.d/init.d/portmap init script included in the blfs-bootscripts-6.1 package.
make install-portmap
rsync is a utility for fast incremental file transfers. If you want to install it, the instructions can be found in Chapter 24 – rsync-2.6.5. Note that if you only want to use the client, you do not need to run the server and so do not need the startup script and links. In accordance with good practice, only run the server if you actually need it (and if you don't know whether you need it or not, it's likely that you don't!).
The Samba client utilities are used to transfer files to and from, mount SMB shares located on or use printers attached to Windows and other SMB servers. If you want to install these utilities, the instructions can be found in Chapter 21 – Samba-3.0.14a. After performing the basic installation, configure the utilities using the configuration section titled “Scenario 1: Minimal Standalone Client-Only Installation”.
Note that if you only want to use these client utilities, you do not need to run the server daemons and so do not need the startup script and links. In accordance with good practice, only run the server daemons if you actually need them. You'll find an explanation of the services provided by the server daemons in the Samba-3.0.14a instructions.
Subversion is a version control system that is designed to be a compelling replacement for CVS in the open source community. It extends and enhances CVS' feature set, while maintaining a similar interface for those already familiar with CVS. These instructions install the client and server software used to manipulate a Subversion repository. Creation of a repository is covered at Running a Subversion Server.
Download (HTTP): http://subversion.tigris.org/tarballs/subversion-1.1.4.tar.bz2
Download MD5 sum: 6e557ae65b6b8d7577cc7704ede85a23
Download size: 6.7 MB
Estimated disk space required: 182 MB (additional 577 MB to run all test suites)
Estimated build time: 1.24 SBU (add 0.90 SBU for SWIG bindings and 6.45 SBU to run test suites)
libxml2-2.6.20 (only if using the bundled version of neon)
Python-2.4.1 (required to run the full test suite), Apache-2.0.54, OpenSSH-4.1p1 (runtime only), neon-0.24.7, JDK-1.5.0 (to build the JAVA bindings), JUnit (for running the JAVA bindings test suite and requires UnZip-5.52), Dante (alternate JAVA compiler), Jikes (another alternate JAVA compiler) and inetd or xinetd-2.3.13 (server only)
pkg-config-0.19, OpenSSL-0.9.7g, Heimdal-0.7 or MIT krb5-1.4.1
SWIG and Python-2.4.1
Install Subversion by running the following commands:
./configure --prefix=/usr && make
If you have Apache installed, pass the --with-apr=/usr and --with-apr-util=/usr switches to the configure script. Otherwise, Subversion will overwrite APR and APR-utils from the Apache installation with its own files. You may also need to pass --with-apxs=/usr/sbin/apxs as apxs might not be in an unprivileged user's PATH and won't be properly discovered.
If you passed the --enable-javahl parameter to configure and wish to build the JAVA Subversion bindings, issue the following command:
make javahl
If you passed the --with-swig and --enable-swig-bindings parameters to configure and wish to build the SWIG Perl and Python Subversion bindings, issue the following commands:
make swig-pl && make swig-py
To test the results, issue: make check.
Now, as the root user:
make install && install -v -d -m755 /usr/share/doc/subversion-1.1.4 && cp -v -R doc/* /usr/share/doc/subversion-1.1.4
If you built the JAVA Subversion bindings, issue the following command as the root user to install them:
make install-javahl
If you built the SWIG Perl and Python Subversion bindings, issue the following commands as the root user to install them:
make install-swig-pl &&
make install-swig-py &&
echo /usr/lib/svn-python \
> /usr/lib/python2.4/site-packages/subversion.pth
--with-ssl: This switch enables OpenSSL support in neon (only required if you use the bundled version of neon).
/etc/subversion/config is the Subversion system-wide configuration file. This file is used to specify defaults for different svn commands.
~/.subversion/config is the user's personal configuration file. It is used to override the system-wide defaults set in /etc/subversion/config.
The tcpwrappers package provides daemon wrapper programs that report the name of the client requesting network services and the requested service.
Download (HTTP): http://files.ichilton.co.uk/nfs/tcp_wrappers_7.6.tar.gz
Download (FTP): ftp://ftp.porcupine.org/pub/security/tcp_wrappers_7.6.tar.gz
Download MD5 sum: e6fa25f71226d090f34de3f6b122fb5a
Download size: 97 KB
Estimated disk space required: 1.09 MB
Estimated build time: 0.03 SBU
Required Patch (Fixes some build issues and adds building of a shared library): http://www.linuxfromscratch.org/blfs/downloads/6.1/tcp_wrappers-7.6-shared_lib_plus_plus-1.patch
Install tcpwrappers with the following commands:
patch -Np1 -i ../tcp_wrappers-7.6-shared_lib_plus_plus-1.patch && sed -i -e "s,^extern char \*malloc();,/* & */," scaffold.c && make REAL_DAEMON_DIR=/usr/sbin STYLE=-DPROCESS_OPTIONS linux
Now, as the root user:
make install
sed -i -e ... scaffold.c: This command removes an obsolete C declaration which causes the build to fail if using GCC-3.4.x.
/etc/hosts.allow and /etc/hosts.deny
File protections: the wrapper, all files used by the wrapper, and all directories in the path leading to those files, should be accessible but not writable for unprivileged users (mode 755 or mode 555). Do not install the wrapper set-uid.
As the root user, perform the following edits on the /etc/inetd.conf configuration file:
finger stream tcp nowait nobody /usr/sbin/in.fingerd in.fingerd
becomes:
finger stream tcp nowait nobody /usr/sbin/tcpd in.fingerd
The finger server is used as an example here.
Similar changes must be made if xinetd is used, with the emphasis being on calling /usr/sbin/tcpd instead of calling the service daemon directly, and passing the name of the service daemon to tcpd.
The Wget package contains a utility useful for non-interactive downloading of files from the Web.
Download (HTTP): http://ftp.gnu.org/gnu/wget/wget-1.9.1.tar.gz
Download (FTP): ftp://ftp.gnu.org/gnu/wget/wget-1.9.1.tar.gz
Download MD5 sum: e6051f1e1487ec0ebfdbda72bedc70ad
Download size: 1.3 MB
Estimated disk space required: 7.7 MB
Estimated build time: 0.11 SBU
OpenSSL-0.9.7g and Dante
Install Wget by running the following commands:
./configure --prefix=/usr --sysconfdir=/etc && make
This package does not come with a test suite.
Now, as the root user:
make install
--sysconfdir=/etc: This relocates the configuration file from /usr/etc to /etc.
This chapter contains some tools that come in handy when the network needs investigating.
The Traceroute package contains a program which is used to display the network route that packets take to reach a specified host. This is a standard network troubleshooting tool. If you find yourself unable to connect to another system, traceroute can help pinpoint the problem.
Download (HTTP): http://gd.tuwien.ac.at/platform/sun/packages/solaris/freeware/SOURCES/traceroute-1.4a12.tar.gz
Download (FTP): ftp://ftp.ee.lbl.gov/traceroute-1.4a12.tar.gz
Download MD5 sum: 964d599ef696efccdeebe7721cd4828d
Download size: 74 KB
Estimated disk space required: 540 KB
Estimated build time: 0.01 SBU
Install Traceroute by running the following commands:
sed -i -e 's/-o bin/-o root/' Makefile.in && ./configure --prefix=/usr && make
Now, as the root user:
make install && make install-man
sed 's/-o bin/-o root/' Makefile.in: Adjusts the Makefile so that the program is installed with user root owning the files instead of user bin (which doesn't exist on a default LFS system).
make install: Installs traceroute with SUID set to root in the /usr/sbin directory. This makes it possible for all users to execute traceroute. For absolute security, turn off the SUID bit in traceroute's file permissions with the command:
chmod -v 0755 /usr/sbin/traceroute
The risk is that if a security problem such as a buffer overflow was ever found in the Traceroute code, a regular user on your system could gain root access if the program is SUID root. Of course, removing the SUID permission also makes it impossible for users other than root to utilize traceroute, so decide what's right for your individual situation.
The goal of BLFS is to be completely FHS compliant, so if you do leave the traceroute binary SUID root, then you should move traceroute to /usr/bin with the following command:
mv -v /usr/sbin/traceroute /usr/bin
This ensures that the binary is in the path for non-root users.
Nmap is a utility for network exploration and security auditing. It supports ping scanning, port scanning and TCP/IP fingerprinting.
Download (HTTP): http://download.insecure.org/nmap/dist/nmap-3.81.tar.bz2
Download (FTP): ftp://ftp.fu-berlin.de/unix/linux/mirrors/gentoo/distfiles/nmap-3.81.tar.bz2
Download MD5 sum: 0713306dda85aee2c95ef31b4b7d2838
Download size: 1.5 MB
Estimated disk space required: 14.8 MB
Estimated build time: 0.4 SBU
OpenSSL-0.9.7g, PCRE-6.1, GTK+-1.2.10 (for building the graphical front-end) and libpcap-0.9.3
Install Nmap by running the following commands:
./configure --prefix=/usr && make
This package does not come with a test-suite:
Now, as the root user:
make install
Whois is a client-side application which queries the whois directory service for information pertaining to a particular domain name.
Download (HTTP): http://ftp.debian.org/debian/pool/main/w/whois/whois_4.7.5.tar.gz
Download (FTP): ftp://ftp.debian.org/debian/pool/main/w/whois/whois_4.7.5.tar.gz
Download MD5 sum: c6657a888a20bd5d5915de6ba18599c8
Download size: 55 KB
Estimated disk space required: 600 KB
Estimated build time: less than 0.1 SBU
Install Whois by running the following commands:
make
This package does not come with a test suite.
Now, as the root user:
make prefix=/usr install
BIND Utilities is not a separate package, it is a collection of the client side programs that are included with BIND-9.3.1. The BIND package includes the client side programs nslookup, dig and host. If you install BIND server, these programs will be installed automatically. This section is for those users who don't need the complete BIND server, but need these client side applications.
Download (HTTP): http://gd.tuwien.ac.at/infosys/servers/isc/bind9/9.3.1/bind-9.3.1.tar.gz
Download (FTP): ftp://ftp.isc.org/isc/bind9/9.3.1/bind-9.3.1.tar.gz
Download MD5 sum: 9ff3204eea27184ea0722f37e43fc95d
Download size: 4.6 MB
Estimated disk space required: 52.2 MB
Estimated build time: 0.6 SBU
Install BIND Utilities by running the following commands:
./configure --prefix=/usr && make -C lib/dns && make -C lib/isc && make -C lib/bind9 && make -C lib/isccfg && make -C lib/lwres && make -C bin/dig
Now, as the root user:
make -C bin/dig install
make -C lib/...: These commands build the libraries that are needed for the client programs.
make -C bin/dig: This command builds the client programs.
See the program descriptions in the BIND-9.3.1 section.
The Ethereal package contains a network protocol analyzer, also known as a “sniffer”. This is useful for analyzing data captured “off the wire” from a live network connection, or data read from a capture file. Ethereal provides both GUI and TTY-mode programs for examining captured network packets from over 500 protocols, as well as the capability to read capture files from many other popular network analyzers.
Download (HTTP): http://www.ethereal.com/distribution/ethereal-0.10.12.tar.bz2
Download (FTP): ftp://ftp.ethereal.com/pub/ethereal/all-versions/ethereal-0.10.12.tar.bz2
Download MD5 sum: 372b60e6eca14b7e1cf3e789207027f7
Download size: 7.7 MB
Estimated disk space required: 255 MB
Estimated build time: 4.6 SBU
GLib-1.2.10 or GLib-2.6.4 (to build the TTY-mode front-end only)
libpcap-0.9.3 (required to capture data)
pkg-config-0.19, GTK+-1.2.10 or GTK+-2.6.7 (to build the GUI front-end), OpenSSL-0.9.7g, Heimdal-0.7 or MIT krb5-1.4.1, Python-2.4.1, PCRE-6.1, Net-SNMP and adns
The kernel must have the Packet protocol enabled for Ethereal to capture live packets from the network. Enable the Packet protocol by choosing “Y” in the “Device Drivers” – “Networking support” – “Networking options” – “Packet socket” configuration parameter. Alternatively, build the af_packet module by choosing “M” in this parameter.
Install Ethereal by running the following commands:
./configure --prefix=/usr --sysconfdir=/etc --enable-threads && make
This package does not come with a test suite.
Now, as the root user:
make install &&
install -v -m644 doc/README.* /usr/share/ethereal &&
install -v -m644 -D ethereal.desktop \
/usr/share/applications/ethereal.desktop &&
install -v -m644 -D image/elogo3d48x48.png \
/usr/share/pixmaps/ethereal.png &&
install -v -m755 -d /usr/share/pixmaps/ethereal/toolbar &&
install -v -m644 image/*.{png,ico,xpm} /usr/share/pixmaps/ethereal &&
install -v -m644 image/toolbar/* /usr/share/pixmaps/ethereal/toolbar
--enable-threads: This parameter enables the use of threads in ethereal.
--with-ssl: This parameter enables the use of the OpenSSL libcrypto library.
Though the default configuration parameters are very sane, reference the configuration section of the Ethereal User's Guide for configuration information. Most of Ethereal's configuration can be accomplished using the menu options of the ethereal GUI interface.
If you want to look at packets, make sure you don't filter them out with iptables-1.3.3. If you want to exclude certain classes of packets, it is more efficient to do it with iptables than Ethereal.
Mail Clients help you retrieve (Fetchmail), sort (Procmail), read and compose responses (Nail, Mutt, Pine, Kmail, Balsa, Evolution, Mozilla) to email.
News clients also help you retrieve, sort, read and compose responses, but these messages travel through USENET (a worldwide bulletin board system) using the Network News Transfer Protocol (NNTP).
The Nail package contains nail, a command-line Mail User Agent derived from Berkeley Mail which is intended to provide the functionality of the POSIX mailx command with additional support for MIME messages, IMAP (including caching), POP3, SMTP, S/MIME, message threading/sorting, scoring, and filtering. Nail is especially useful for writing scripts and batch processing.
Download (HTTP): http://prdownloads.sourceforge.net/nail/nail-11.24.tar.bz2
Download MD5 sum: e127cdbba1220a45f6f1f463ac4b4fd1
Download size: 266 KB
Estimated disk space required: 3.0 MB
Estimated build time: less than 0.1 SBU
OpenSSL-0.9.7g or Mozilla NSS (from Mozilla-1.7.8 or Firefox-1.0.6 or Thunderbird-1.0.6), Heimdal-0.7 or MIT krb5-1.4.1 (for IMAP GSSAPI authentication) and MTA
Install Nail by running the following commands.
make SENDMAIL=/usr/sbin/sendmail
This package does not come with a test suite.
Now, as the root user:
make PREFIX=/usr install UCBINSTALL=/usr/bin/install && ln -v -sf nail /usr/bin/mail && ln -v -sf nail /usr/bin/mailx
make SENDMAIL=/usr/sbin/sendmail: This changes the default MTA path of /usr/lib/sendmail.
make PREFIX=/usr install UCBINSTALL=/usr/bin/install: This changes the default installation path of /usr/local and the default install command path of /usr/ucb.
The Procmail package contains an autonomous mail processor. This is useful for filtering and sorting incoming mail.
Download (HTTP): http://www.procmail.org/procmail-3.22.tar.gz
Download (FTP): ftp://ftp.procmail.net/pub/procmail/procmail-3.22.tar.gz
Download MD5 sum: 1678ea99b973eb77eda4ecf6acae53f1
Download size: 226 KB
Estimated disk space required: 1.7 MB
Estimated build time: 0.08 SBU
Install Procmail by running the following commands as the root user:
make LOCKINGTEST=/tmp install && make install-suid
make LOCKINGTEST=/tmp install: This prevents make from asking you where to test file-locking patterns.
make install-suid: Modifies permissions of the installed files.
The Fetchmail package contains a mail retrieval program. "It retrieves mail from remote mail servers and forwards it to your local (client) machine's delivery system, so it can then be read by normal mail user agents."
Download (HTTP): http://download.berlios.de/fetchmail/fetchmail-6.2.5.2.tar.gz
Download (FTP): ftp://ftp2.be.freesbie.org/packages/openbsd/distfiles/fetchmail-6.2.5.2.tar.gz
Download MD5 sum: 6eefef076bf3517a870f27a6133ff8c4
Download size: 1.2 MB
Estimated disk space required: 6.1 MB
Estimated build time: 0.1 SBU
OpenSSL-0.9.7g and a local MDA (Procmail-3.22)
Install Fetchmail by running the following commands:
./configure --prefix=/usr --with-ssl --enable-fallback=procmail && make
This package does not come with a test suite.
Now, as the root user:
make install
--with-ssl: This enables SSL if found, so that you can handle connections to secure POP3 and IMAP servers.
--enable-fallback=procmail: This tells Fetchmail to hand incoming mail to Procmail for delivery if your port 25 mail server is not present or not responding.
cat > ~/.fetchmailrc << "EOF"
set logfile /var/log/fetchmail.log
set no bouncemail
set postmaster root
poll SERVERNAME :
user [username] pass [password];
mda "/usr/bin/procmail -f %F -d %T";
EOF
chmod -v 0600 ~/.fetchmailrc
This is an example configuration that should suffice for most people. You can add as many users and servers as you need using the same syntax.
man fetchmail: Look for the section near the bottom named CONFIGURATION EXAMPLES. It gives some quick examples. There are countless other config options once you get used to it.
The Mutt package contains a Mail User Agent. This is useful for reading, writing, replying to, saving, and deleting your email.
Download (HTTP): http://gd.tuwien.ac.at/infosys/mail/mutt/mutt-1.4.2.1i.tar.gz
Download (FTP): ftp://ftp.mutt.org/mutt/mutt-1.4.2.1i.tar.gz
Download MD5 sum: 710bd56d3c4c4bcd1403bc4e053f7476
Download size: 2.6 MB
Estimated disk space required: 16.9 MB
Estimated build time: 0.35 SBU
GnuPG-1.4.1, ispell-3.2.06.epa7, MIT krb5-1.4.1 or Heimdal-0.7, Cyrus SASL-2.1.21, OpenSSL-0.9.7g, slang-1.4.9 and GDB
Mutt requires a group named mail. You can add this group, if it does not exist, with this command:
groupadd -g 34 mail
If you did not install a MTA, such as Postfix-2.2.5 or Sendmail-8.13.4, you need to modify the ownership of /var/mail with this command:
chgrp -v mail /var/mail
Install Mutt by running the following commands:
./configure --prefix=/usr --sysconfdir=/etc \
--enable-pop --enable-imap &&
make
This package does not come with a test suite.
Now, as the root user:
make install
--enable-pop: This switch enables POP3 support.
--enable-imap: This switch enables IMAP support.
The Pine package contains the Pine Mail User Agent and several server daemons for various mail protocols, in addition to some nice file and directory editing/browsing programs.
Download (HTTP): http://mirror.sit.wisc.edu/pub/net/mail/pine/pine4.63.tar.bz2
Download (FTP): ftp://ftp.fu-berlin.de/unix/linux/mirrors/gentoo/distfiles/pine4.63.tar.bz2
Download MD5 sum: e881f439f38039b310d22554ab08feb4
Download size: 3.0 MB
Estimated disk space required: 57 MB
Estimated build time: 0.5 SBU
Recommended Patch: http://www.linuxfromscratch.org/blfs/downloads/6.1/pine-4.63-fhs-1.patch
Install Pine by running the following commands:
patch -Np1 -i ../pine-4.63-fhs-3.patch &&
./build DEBUG=-O MAILSPOOL=/var/mail \
SSLDIR=/usr SSLCERTS=/etc/ssl/certs slx
This package does not come with a test suite.
Now, as the root user:
cp -v doc/*.1 /usr/share/man/man1 &&
cd bin &&
install -v -m755 pine imapd ipop2d ipop3d mailutil mtest pico \
pilot rpdump rpload /usr/bin
patch -Np1 -i ../pine-4.63-fhs-x.patch: This patch will make Pine use /etc for configuration files.
The build procedure for Pine is somewhat unusual, in that options usually passed as ./configure options or housed in $CFLAGS must all be passed on the command line to the ./build script.
./build slx: Pine offers quite a few target platforms, slx specifies Linux using -lcrypt to get the crypt function. See the doc/pine-ports file for more information and other authentication options.
DEBUG=-O: This flag compiles an optimized version of pine and pico that produces no debug files.
MAILSPOOL=/var/mail: Location of mail spool files, /var/mail.
SSLDIR=/usr SSLCERTS=/etc/ssl/certs: Location of OpenSSL files.
cd bin && install ... /usr/bin: This installs the Pine programs.
slrn is a slang-based news reader, capable of reading local news spools as well as groups from an NNTP server. Small local news spools can also be created with the use of the slrnpull program included in the slrn distribution.
Download (HTTP): http://prdownloads.sourceforge.net/slrn/slrn-0.9.8.1.tar.bz2
Download (FTP): ftp://ftp.fh-heilbronn.de/pub/mirrors/slrn/slrn-0.9.8.1.tar.bz2
Download MD5 sum: 9b613007df537444a5f8a4a2994fadb7
Download size: 1011 KB
Estimated disk space required: 9.3 MB
Estimated build time: 0.19 SBU
slang-1.4.9 and a MTA (See Chapter 22, Mail Server Software)
OpenSSL-0.9.7g, GnuTLS, UUDeview, INN and libcanlock
Install slrn by running the following commands:
./configure --prefix=/usr --sysconfdir=/etc \
--with-slrnpull --enable-spool &&
make
This package does not come with a test suite.
Now, as the root user:
make install
--with-slrnpull --enable-spool: These switches enable building the slrnpull executable.
--with-ssl: This switch adds OpenSSL support to slrn.
--with-uudeview: This switch adds UUDeview support to slrn.
The first time slrn is run, the ~/.jnewsrc file must be created. For this configuration to work, you must have an environmental variable, NNTPSERVER, set. In normal operation it would be exported into the environment by a startup file, like /etc/profile or ~/.bashrc. Here it is just put it into the environment of the configuration step. For now, the LFS news server is used in this example, but you should use whatever server you prefer.
Create the ~/.jnewsrc file with the following command:
NNTPSERVER=news.linuxfromscratch.org \
slrn -f ~/.jnewsrc --create
You will also have to edit one of the configuration files. There is a sample startup /usr/share/doc/slrn/slrn.rc file that comes with slrn. It is extensively documented but if you need more information, look at the slrn website.
Pan-0.14.2 is a GTK2 based newsreader program.
knode is a Qt based newsreader program from kdepim-3.4.1.
kmail is a Qt based mail client from kdepim-3.4.1.
Balsa-2.2.6 is a GTK2 based mail client.
Mozilla-1.7.8 includes both a mail client and newsreader in its installation.
Thunderbird-1.0.6 is a mail/news client based on the Mozilla code base.
Evolution-2.2.2 includes a GTK2 based mail client.