[blfs-support] BLFS_8.1 vsftpd-3.0.3

Discussion:

Ken Moffat

2018-06-03 18:44:10 UTC

I'm getting close to the end of my build, now on LibreOffice-5.4(.5.1).
a) One should be warned that it cannot be made as root.

The book does not recommend building BLFS as root. Those of us who
do that are expected to be able to deal with the consequences, as
I'm sure you are.

More to the point, ISTR make fails *quickly*.

I've also had to build as a user with development versions of clisp
(again, it quickly tells you). At the moment I build and test rust
as a user, but I think that was to do with trying to catch dump
files when tests segfaulted.

ĸen

--
Keyboard not found, Press F1 to continue
--
http://lists.linuxfromscratch.org/listinfo/blfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq

Ken Moffat

2018-06-04 21:44:45 UTC

Permalink

I was cleaning out my "junk room" late last week because I need to put some rhododendros seedling under lights in there and came across a 256K S-100 DRAM board. Yes, we had S-100 systems that supported that much RAM; hard drives too! I come from an IBM mainframe environment, very familiar with punch cards. Got a box of 10" reels of 1/2" mag tape (24MB/reel!) I need to toss, would if they would be recycled.

S100 just-about predates my computer interest (as in, it was
available, but not something I could even dream about affording),
but I thought it was all 8080 or Z80 ? I think I recall a
development of the Z80 which could address more memory (hd64180),
but according to wikipedia that was after the 80286 and probably
after the 80386.

Oh, and I must remember "No, officer, the lights are for my
rhododenron seedlings" :)

Post by Ken Moffat
The book does not recommend building BLFS as root. Those of us who

Yeah, heard that. Made no sense. Everybody makes mistakes, so you prepare for them! Why do I need sudo? Protect me from myself? Like I don't know the root password?

On a bad day (or forgetting *which* machine I'm logged in to, or a
day like today where something is giving me intermittent keyboard
delays) I don't know the root password. But yes, I agree with your
sentiment.

Post by Ken Moffat
More to the point, ISTR make fails *quickly*.

It does for root, but this SSL thing is buried *deep*, in stuff it downloads. Not sure what I'm going to do. So I hung a garage side door today--amazingly everythhing fitted spot on!

Obviously a computer was not involved if it all went perfectly ;)

Post by Ken Moffat
as a user, but I think that was to do with trying to catch dump
files when tests segfaulted.

"C 0" I'm not young enough to use a core dump on somebody else's code! One of the things "life's too short" for.

I was trying to stop my ryzen rebooting during the tests - somebody
else said he had a ryzen and (with systemd) it dumped core but did
not reboot. I had hoped to be able to report the details to
upstream (as distinct from my initial "this reboots" report), but I
got nowhere. No, core dumps are not my thing either, but it did
manage some runs of the tests without rebooting (and still rebooted
on others) - hence what I wrote for rustc-1.25.0 in the book.

Sounding like an old curmudgeon, I am!

Happy Birthday, Yoda.

ĸen

--
Keyboard not found, Press F1 to continue
--
http://lists.linuxfromscratch.org/listinfo/blfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsub

lei niu

2018-06-07 00:48:32 UTC

Permalink

Dear Paul, I am afraid the default principle of building package in LFS is to 'not use root privielege' unless told to. I often forget this and cause unexpected failures too. Yours, Lei niuneilneo é®ç®±ïŒ***@gmail.com çŸåç±Â çœæé®ç®±å€§åžÂ å®å¶ åš2018å¹Ž06æ04æ¥ 02:05ïŒPaul Rogers åéïŒ I'm getting close to the end of my build, now on LibreOffice-5.4(.5.1). a) One should be warned that it cannot be made as root. b) Guess who rears its ugly head: SSL_library_init check in openldap & postgress. Â I have no other known uses for them, so I let LibreOffice use its own. So getting rid of vsftpd does not solve this problem. Â I'm going to checkout Hazel's report that OpenSSL-1.1.0g did not cause a problem with vsftpd, suggesting maybe SSL_library_init is back in that version? -- Paul Rogers ***@fastmail.fm Rogers' Second Law: "Everything you do communicates." (I do not personally endorse any additions after this line. TANSTAAFL :-) -- http://lists.linuxfromscratch.org/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page

Paul Rogers

2018-06-05 03:41:31 UTC

Permalink

To get back to the topic at hand, given that one has followed the books as matters, installed openssl-1.1.0 as the default, then openssl-1.0.2 with versioning, how is/was one meant to install libreoffice-5.4? By versioning 1.0.2, BLFS mot only creates the problem that openldap & postgress can't find it, but clearly means 1.1.0 is meant to be primary. I didn't read the bit in the book about installing 1.0.2 for programs that needed it as telling me to not install 1.1 and disregard versioning.

Is there some way I should have added something to put the versioned 1.0.2 in the search path?

I just reran just the autoconfig, hoping something would then surface with the SSL_library_init string I could edit. It didn't. Everything happens in the make, where I can't use the vsftpd trick.

It's not even clear to me that openldap & postgress, which tripped up my build attempt are using only compatible bits of the API. I don't know it's worth the effort to try and install those, having diddled the string they're looking for. I don't need them for anything else, but if I'd get them anyhow...

The prereqs say OpenSSL-1.0.2f *or* GnuTLS, but no such option is in the autoconfig options, nor is it clear that switching to "--without-system-openssl --with-system-gnutls" would prevent them from trying to find openssl, then failing download their own duplicate of 1.0.2.

I don't want to go off on my own, I just can't make sense of what I'm expected to do.

--
Paul Rogers
***@fastmail.fm
Rogers' Second Law: "Everything you do communicates."
(I do not personally endorse any additions after this line. TANSTAAFL :-)
--
http://lists.linuxfromscratch.org/listinfo/blfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the a

Bruce Dubbs

2018-06-03 11:50:53 UTC

Permalink

Paul,
echo "#define VSF_BUILD_SSL" >> builddefs.h
make

Correct. Following the book. It says to add that for SSL support. SSL support seemed like a good thing.
echo "#define VSF_BUILD_TCPWRAPPERS" >>builddefs.h &&
echo "#define VSF_BUILD_SSL" >>builddefs.h &&
echo "#undef VSF_BUILD_PAM" >>builddefs.h &&
#sed -e 's|#define VSF_SYSDEP_HAVE_LIBCAP|//&|' -i sysdeputil.c && #obsolete, soft delete
sed 's/SSL_library_init/SSL_CTX_new/' -i vsf_findlibs.sh

We don't normally test with the define as that is not in the mainline
instructions, but only in Command Explanations as an optional thing to do.

I don't know why one wouldn't want SSL support in a network server.

Can you share the patch for vsftpd that you found?

See last line above.

OK. Thanks. That indeed works.

OTOH, perhaps we should just remove vsftpd from the book. I can't get
to the url in the book right now and the last update to the package is
dated July 2015. It does not appear to be maintained.

"Ain't broke, don't fix it!"
First question is: does it need updating? CVE-2015-1419 was reported 2/1/15 against 3.0.2. 3.0.3 was released 7/25/15. I can't find any vulnerabilities reported against 3.0.3. I don't know what you expect.

In addition ftp seems to have become be a relatively unused protocol.

I don't know why you claim that. You don't use it, I do.

Of course I use it. There are several upstream sites that are ftp only,
but those are slowly going away. My comment referred to uploading via
ftp.

Uploads would generally be via scp and downloads either scp or http(s).

I typically use FTP at OSUOSL(.org).

You know that the base LFS system provides an FTP client?
You also know that vsftpd is a server, not a client?

Why do you need vsftpd? I'm not saying you don't, but I'm curious what
your use case is.

About the only thing I can see using ftp server for is for anonymous
uploads and that would be unusual/dangerous. In addition that could be
done via http if really needed.

What happened to "Your system, your rules"? I think we have a
significant difference of opinion here. For example, I have used
telnet more than a few times when ssh got bolixed. Dangerous? Not
inherently, the sysadmin (me) took steps to preserve security,
pulling plugs. Presume sysadmins know their job, have judged their
risks.

Of course it is your system to do as you please. But sometimes newer
things are better than the old ways. Of course, some newer things are
worse (*cough* systemd *cough*).

One of the things I like to teach at school are what applications or
programs are still around, but of questionable value. Most books I see
want to teach every program in coreutils. Some have been around since
RAM was measured in K and floppies or punch cards were the main mass
storage devices. (e.g. When is the last time you used the unlink command?)

-- Bruce

--
http://lists.linuxfromscratch.org/listinfo/blfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above