02 December, 2010

Using slackbuilds.org to create Slackware packages

Sorry for the long posting hiatus but don't expect it to end. I just don't have a lot of time or material to devote to the blog right now.

I recently wanted to upgrade Postfix on my Slackware mail server. I used to use packages from LinuxPackages.net for unofficial packages, but the site has gotten less active and always had a reputation for varying package quality. My preference is using the SlackBuilds to build my own packages. It's fairly simple to download their build script, edit as needed, then build a Slackware package from source.

Since Postfix is not available from Slackware official repositories, I downloaded the SlackBuild files and then the Postfix source.

$ wget http://postfix.cs.utah.edu/source/official/postfix-2.6.8.tar.gz 
$ wget http://slackbuilds.org/slackbuilds/13.1/network/postfix.tar.gz
$ tar xvzf postfix.tar.gz
$ ls postfix/
README     postfix-2.6.8.tar.gz  postfix.info  slack-desc
doinst.sh  postfix.SlackBuild*   rc.postfix
I am using Cyrus-SASL, so it was important for me to note the following from the SlackBuild Postfix page.
This script builds postfix with support for Dovecot SASL but does not
include any support for Cyrus-SASL. If you need to enable support for
Cyrus see SASL_README in the source code.
I also noted the following from the postfix.SlackBuild file itself.
# Postfix unfortunately does not use a handy ./configure script so you
# must generate the makefiles using (what else?) "make makefiles". The
# following includes support for TLS and SASL. It should automatically
# find PCRE and DB3 support. The docs have information for adding
# additional support such as MySQL or LDAP.
I changed the "make makefile" lines from:
make makefiles \
  AUXLIBS="-lssl -lcrypto"
                 -I/usr/local/include/sasl -I/usr/include" \
                 AUXLIBS="-L/usr/local/lib -lsasl2 -L/usr/lib -lpcre"
This added Cyrus-SASL support and also fixed a problem I was having with it finding PCRE. I also changed the VERSION variable to 2.6.8 since the postfix.SlackBuild file was for 2.6.1. After the changes, all I have to do is run the postfix.SlackBuild file then use "upgradepkg" on the resulting postfix-2.6.8-iX86-1_SBo.tgz package. (Note that official packages use xz for compression now, not gzip, so they will have the extension txz).

The next package I will create using SlackBuilds is cyrus-imapd since it also is not included in Slackware. Cyrus-SASL actually has an official package, but I I've been running Cyrus for so long that I have always installed it from source. I don't remember if that is because it wasn't available as a package back in the day or just because I was using some non-standard options.

14 March, 2010

March Slackware-current: libblkid.so.1

 The Slackware-current updates from March 1, 2010, included updates to both the e2fsprogs package and the util-linux-ng package. An important thing to note is that libblkid was moved out of e2fsprogs and into util-linux-ng. If you search the web for libblkid.so.1, slackpkg, util-linux-ng, and e2fsprogs, you will see various forum posts about not being able to boot. This is because libblkid.so.1 is required to mount and the updates included a new kernel, which meant a lot of people updated then rebooted without having util-linux-ng installed.  Booting without the library will get you error messages about libblkid.so.1 not being found when the system tries to mount the drives.

$ man libblkid
LIBBLKID(3)                                                        LIBBLKID(3)

       libblkid - block device identification library


       cc file.c -lblkid

       The  libblkid  library  is used to identify block devices (disks) as to
       their content (e.g.  filesystem type) as well as extracting  additional
       information  such  as  filesystem  labels/volume  names, unique identi-
       fiers/serial numbers, etc. 
If you don't already have util-linux-ng installed then make sure to install it before rebooting since the update to e2fsprogs will remove libblkid.
$ sudo slackpkg update
$ sudo slackpkg install util-linux-ng
$ sudo slackpkg install-new
$ sudo slackpkg upgrade-all
If you get stuck because you ran upgrade-all, don't have util-linux-ng installed, then rebooted for the kernel update, you can boot to the Slackware install CD or DVD so you can install the old version of e2fsprogs or the new util-linux-ng. This will allow you to boot normally then fix whatever is needed, such as installing the new util-linux-ng and/or upgrading e2fsprogs.

13 March, 2010

Customizing Slackware Tcl Package for Sguil

Most distributions these days are configuring their Tcl packages with --enable-threads as a default. Slackware-current switched some months back with the following in the ChangeLog.txt.

Mon Dec  7 02:13:13 UTC 2009
d/ruby-1.9.1_p243-i486-3.txz:  Rebuilt.
  Added an explicit --enable-pthread.  This is mostly to make sure that we get
  the expected option set from future releases of Ruby -- it appears that not
  only is --enable-pthread the default in ruby-1.9.1, but trying to use
  --disable-pthread doesn't work.  Furthermore, Ruby and Tcl/Tk no longer work
  together unless both Ruby and Tcl/Tk are compiled with thread support.
  Compiling Tcl/Tk with thread support has caused some problems in the past.
  If a threaded Tcl app tries to fork(), it will hang, but by now most affected
  Tcl apps (such as eggdrop) should have patches available.
  Anyway, this should fix the issues with Ruby and Tk.  Please test it, and
  report any other problems that arise.
tcl/tcl-8.5.8-i486-1.txz:  Upgraded.
  Compiled using --enable-threads, since Ruby requires it to work with Tk.
tcl/tclx-8.4-i486-3.txz:  Rebuilt.
  Recompiled using --enable-threads.
tcl/tix-8.4.3-i486-2.txz:  Rebuilt.
  Recompiled using --enable-threads.
tcl/tk-8.5.8-i486-1.txz:  Upgraded.
  Compiled using --enable-threads, since Ruby requires it to work with Tk.
The Sguil daemon will not work with threaded Tcl, so to fix this you need to build a package for the distribution of your choice with the --disable-threads configure option. In Slackware and most other distributions, it is fairly simple to customize a package.

Download Tcl from the source directory on the Slackware mirror of your choice. It should include a slack-desc file, a tcl.SlackBuild file, and the Tcl source. Modify the tcl.SlackBuild file to replace --enable-threads with --disable-threads.
./configure \
  --prefix=/usr \
  --libdir=/usr/lib${LIBDIRSUFFIX} \
  --enable-shared \
  --disable-threads \
  --enable-man-symlinks \
  --enable-man-compression=gzip \
You may also want to modify the slack-desc to note that this is a non-threaded version. Then build the new package.
$ sh tcl.SlackBuild
Slackware package /tmp/tcl-8.5.8-i486-1.txz created.
As you see, the package will get written to /tmp by default. Now replace the threaded version with the new non-threaded version.
$ sudo upgradepkg --reinstall /tmp/tcl-8.5.8-i486-1.txz
| Upgrading tcl-8.5.8-i486-1 package using /tmp/tcl-8.5.8-i486-1.txz

Pre-installing package tcl-8.5.8-i486-1...

Removing package /var/log/packages/tcl-8.5.8-i486-1-upgraded-2010-03-13,20:03:22...

Verifying package tcl-8.5.8-i486-1.txz.
Installing package tcl-8.5.8-i486-1.txz:
# tcl (Tool Command Language)
# Tcl, developed by Dr. John Ousterhout, is a simple to use text-based
# script language with many built-in features which make it especially
# nice for writing interactive scripts.
# This is a version customized by nr that uses --disable-threads.
Executing install script for tcl-8.5.8-i486-1.txz.
Package tcl-8.5.8-i486-1.txz installed.

Package tcl-8.5.8-i486-1 upgraded with new package /tmp/tcl-8.5.8-i486-1.txz.

01 January, 2010

Security News and Reporting Gets a New Blog

Brian Krebs announced on 24 December that his last day at  The Washington Post Company would be 31 December. Krebs will continue to blog at Krebs on Security. He has a good history of security reporting, and generally concentrates on investigative reporting and analysis.

He notes:

With a few exceptions, I will continue to eschew chasing the security story-of-the day, as there are plenty of sites you can go for that. My focus will remain on publishing information and reporting that you won’t find anywhere else – and with a minimum of editorializing.
I see this as a good description of his work and his first story, Virus Scanners for Virus Authors, is a good example of the type of reporting he has handled over recent years.