View previous topic :: View next topic |
Author |
Message |
soban_ l33t
Joined: 27 Aug 2008 Posts: 668 Location: /home/soban
|
Posted: Tue Feb 16, 2010 5:58 pm Post subject: [Proftpd] problem z uruchomieniem / kompilacja |
|
|
Ostatnio czytajac dokumentacje http://www.gentoo.org/doc/pl/security/security-handbook.xml?part=1&chap=10&style=printable wpadlem na pomysl aby zainstalowac Proftpd. Jednak okazalo sie to troche skompilowane, poniewaz jesli zemerguje wget z (ssl) i wywale zaleznosc app-crypt/mit-krb5, ktora blokuje app-crypt/heimdal-1.2.1-r4 - paczka jest wymagana przez proftpd to wget przestaje dzialac. Po chwili googlowania wpadlem na cos takiego: https://bugs.gentoo.org/show_bug.cgi?id=234907
Quote: | Ok, the direct problem with wget, can be solved if:
echo net-misc/wget -ssl >> /etc/portage/package.use && emerge -1 wget
or
echo dev-libs/openssl -kerberos >> /etc/portage/package.use && emerge -1
openssl
Then you will be able to download any distfiles, emerge e2fsprogs-libs etc. and
then,rebuild wget and/or openssl with your default, use flags, again.
app-crypt/mit-krb5 needs to be fixed. I think that the above solution is safer
than comments #7,#9. I can't find myself a better solution. @base-system, sorry
for this madness. |
Dodalem do /etc/portage/package.use:
Code: | net-misc/wget -ssl
dev-libs/openssl -kerberos
# musialem tez heimdal zemergowac bez -ssl bo sie wykrzaczal.
app-crypt/heimdal -ssl
|
Oczywiscie po wykonaniu tego wszystko ladnie sie skompilowalo, jednak gdy chce world zrobic to dostaje zaleznosci powiazane z mit-krb5. Po usunieciu app-crypt/heimdal-1.2.1-r4 (zalznosci wymaganej przez Proftpd) dostaje cos takiego:
Code: | root@SoBaN-PC /usr/portage/distfiles # emerge -avuDN world
These are the packages that would be merged, in order:
Calculating dependencies... done!
[ebuild N ] app-crypt/mit-krb5-1.7-r2 USE="-doc" 0 kB
[ebuild N ] app-crypt/heimdal-1.2.1-r4 USE="X berkdb threads -afs -hdb-ldap -ipv6 -otp -pkinit -ssl -test" 0 kB
[blocks B ] app-crypt/mit-krb5 ("virtual/krb5" is blocking app-crypt/mit-krb5-1.7-r2)
[blocks B ] app-crypt/mit-krb5 ("virtual/krb5" is blocking app-crypt/heimdal-1.2.1-r4)
Total: 2 packages (2 new), Size of downloads: 0 kB
Conflict: 2 blocks (2 unsatisfied)
* Error: The above package list contains packages which cannot be
* installed at the same time on the same system.
('ebuild', '/', 'app-crypt/heimdal-1.2.1-r4', 'merge') pulled in by
app-crypt/heimdal required by ('installed', '/', 'net-ftp/proftpd-1.3.3_rc3-r1', 'nomerge')
('ebuild', '/', 'app-crypt/mit-krb5-1.7-r2', 'merge') pulled in by
app-crypt/mit-krb5 required by ('installed', '/', 'net-misc/openssh-5.3_p1-r1', 'nomerge')
app-crypt/mit-krb5 required by ('installed', '/', 'net-nds/openldap-2.4.19-r1', 'nomerge')
app-crypt/mit-krb5 required by ('installed', '/', 'net-misc/curl-7.19.7', 'nomerge')
(and 12 more)
For more information about Blocked Packages, please refer to the following
section of the Gentoo Linux x86 Handbook (architecture is irrelevant):
http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?full=1#blocked
| Czy ktos wie, jak rozwiazac ten problem? Innym rozwiazaniem mozna powiedziec jest zainstalowanie Pure-ftpd, jednak czy jest to poprawne rozwiazanie?
Podaje jeszcze dodatkowe informacje: Jesli sa potrzebne jakies dodatkowe informacje, to prosze smialo pisac :-) _________________ gg: 525600
Last edited by soban_ on Sun Nov 06, 2011 1:19 pm; edited 5 times in total |
|
Back to top |
|
|
ochach n00b
Joined: 03 Jan 2007 Posts: 14
|
Posted: Sat Mar 06, 2010 7:07 pm Post subject: |
|
|
probowales wywalic virtual/krb5? |
|
Back to top |
|
|
soban_ l33t
Joined: 27 Aug 2008 Posts: 668 Location: /home/soban
|
Posted: Sun Oct 23, 2011 11:29 pm Post subject: |
|
|
Po wielu probach aktualna wersja net-ftp/proftpd-1.3.4_rc1-r1 kompiluje sie poprawnie z nastepujacymi flagami: Quote: | acl caps ctrls kerberos ldap mysql ncurses nls pam sqlite ssl tcpd -authfile -ban -case -clamav -copy -deflate -diskuse -doc -exec -hardened -ident -ifsession -ifversion -ipv6 -postgres -qos -radius -ratio -readme -rewrite -selinux -sftp -shaper -sitemisc -softquota -trace -vroot -xinetd | Z flaga postgres paczka kompilowala sie poprawnie, jednak przy startowaniu uslugi zwracala blad, z brakiem sensownego komunikatu - dlatego zrobilem -postgres i proftpd zacza dziala poprawnie. Poprzednia alternatywa bylo uzywanie net-ftp/pure-ftpd.
Dziekuje @Zlomkowi za pomoc w rozwiazaniu problemu (-: ktoremu net-ftp/proftpd dzialal poporawnie i dzieki wykluczeniu roznic w flagach doszedlem co bylo zle.
//EDIT 24/10/2011
Nowy problem (podczas kompilacji): Code: | config.status: creating Makefile
config.status: creating mod_wrap2.h
>>> Source configured.
--------------------------- ACCESS VIOLATION SUMMARY ---------------------------
LOG FILE "/var/log/sandbox/sandbox-19421.log"
VERSION 1.0
FORMAT: F - Function called
FORMAT: S - Access Status
FORMAT: P - Path as passed to function
FORMAT: A - Absolute Path (not canonical)
FORMAT: R - Canonical Path
FORMAT: C - Command Line
F: open_wr
S: deny
P: /var/lib/rpm/__db.001
A: /var/lib/rpm/__db.001
R: /var/lib/rpm/__db.001
C: rpm -q -l krb5
F: open_wr
S: deny
P: /var/lib/rpm/__db.Name
A: /var/lib/rpm/__db.Name
R: /var/lib/rpm/__db.Name
C: rpm -q -l krb5
F: open_wr
S: deny
P: /var/lib/rpm/__db.Name
A: /var/lib/rpm/__db.Name
R: /var/lib/rpm/__db.Name
C: rpm -q -l krb5
F: open_wr
S: deny
P: /var/lib/rpm/__db.001
A: /var/lib/rpm/__db.001
R: /var/lib/rpm/__db.001
C: rpm -q -l krb5-devel
F: open_wr
S: deny
P: /var/lib/rpm/__db.Name
A: /var/lib/rpm/__db.Name
R: /var/lib/rpm/__db.Name
C: rpm -q -l krb5-devel
F: open_wr
S: deny
P: /var/lib/rpm/__db.Name
A: /var/lib/rpm/__db.Name
R: /var/lib/rpm/__db.Name
C: rpm -q -l krb5-devel
--------------------------------------------------------------------------------
>>> Failed to emerge net-ftp/proftpd-1.3.4_rc3, Log file:
>>> '/var/tmp/portage/net-ftp/proftpd-1.3.4_rc3/temp/build.log'
...
dell distfiles # cat /var/log/sandbox/sandbox-19421.log
VERSION 1.0
FORMAT: F - Function called
FORMAT: S - Access Status
FORMAT: P - Path as passed to function
FORMAT: A - Absolute Path (not canonical)
FORMAT: R - Canonical Path
FORMAT: C - Command Line
F: open_wr
S: deny
P: /var/lib/rpm/__db.001
A: /var/lib/rpm/__db.001
R: /var/lib/rpm/__db.001
C: rpm -q -l krb5
F: open_wr
S: deny
P: /var/lib/rpm/__db.Name
A: /var/lib/rpm/__db.Name
R: /var/lib/rpm/__db.Name
C: rpm -q -l krb5
F: open_wr
S: deny
P: /var/lib/rpm/__db.Name
A: /var/lib/rpm/__db.Name
R: /var/lib/rpm/__db.Name
C: rpm -q -l krb5
F: open_wr
S: deny
P: /var/lib/rpm/__db.001
A: /var/lib/rpm/__db.001
R: /var/lib/rpm/__db.001
C: rpm -q -l krb5-devel
F: open_wr
S: deny
P: /var/lib/rpm/__db.Name
A: /var/lib/rpm/__db.Name
R: /var/lib/rpm/__db.Name
C: rpm -q -l krb5-devel
F: open_wr
S: deny
P: /var/lib/rpm/__db.Name
A: /var/lib/rpm/__db.Name
R: /var/lib/rpm/__db.Name
C: rpm -q -l krb5-devel | Podaje informacje dodatkowe: Code: | [U] net-ftp/proftpd
Available versions: 1.3.3e (~)1.3.3f (~)1.3.4_rc3 {acl authfile ban +caps case clamav copy (+)ctrls deflate diskuse doc exec ident ifsession ifversion ipv6 kerberos ldap memcache mysql ncurses nls pam +pcre postgres qos radius ratio readme rewrite selinux sftp shaper sitemisc softquota sqlite ssl tcpd test trace vroot xinetd}
Installed versions: 1.3.4_rc2-r1(01:25:02 15.04.2011)(acl caps kerberos ldap mysql ncurses nls pam pcre sqlite ssl tcpd -authfile -ban -case -clamav -copy -ctrls -deflate -diskuse -doc -exec -ident -ifsession -ifversion -ipv6 -memcache -postgres -qos -radius -ratio -readme -rewrite -selinux -sftp -shaper -sitemisc -softquota -trace -vroot -xinetd)
Homepage: http://www.proftpd.org/ http://www.castaglia.org/proftpd/ http://www.thrallingpenguin.com/resources/mod_clamav.htm http://gssmod.sourceforge.net/
Description: An advanced and very configurable FTP server. | Natrafil ktos na cos takiego juz? _________________ gg: 525600 |
|
Back to top |
|
|
Jacekalex Guru
Joined: 17 Sep 2009 Posts: 553
|
Posted: Sat Nov 05, 2011 3:47 pm Post subject: |
|
|
Ostatnio kompilowałem proftpd z takimi flagami:
Code: | net-ftp/proftpd acl ban caps case clamav ctrls deflate hardened ifsession mysql ncurses nls pam radius ratio readme rewrite selinux sftp shaper sitemisc softquota ssl tcpd trace vroot |
na gcc-4.4.5 i działał.
System x86 hardened.
I działa:
Code: | [I] net-ftp/proftpd
........
Installed versions: 1.3.3e{tbz2}(16:52:45 05.11.2011)(acl ban caps case clamav ctrls deflate ifsession mysql ncurses nls pam radius ratio readme rewrite selinux sftp shaper sitemisc softquota ssl tcpd trace vroot -authfile -doc -exec -ident -ipv6 -kerberos -ldap -postgres -xinetd) |
Code: | ftp 16465 0.0 0.0 10692 1564 ? Ss 17:18 0:00 proftpd: (accepting connections) |
Kompilowany:
Quote: | gcc version 4.5.3 (Gentoo Hardened 4.5.3-r1 p1.0, pie-0.4.5) |
Edyta:
Code: | qlist -IvUqC app-crypt/heimdal samba openldap wget openssl
app-crypt/heimdal-1.3.3-r1 X berkdb ssl test threads
dev-libs/openssl-1.0.0e rfc3779 sse2 zlib
net-fs/samba-3.5.11 acl aio caps client cups examples fam ldb netapi pam quota readline server smbclient smbsharemodes swat syslog winbind
net-misc/gwget-1.0.4 libnotify
net-misc/wget-1.12-r3 nls ssl
net-nds/openldap-2.4.24 berkdb gnutls icu iodbc odbc overlays perl samba sasl selinux slp smbkrb5passwd ssl syslog tcpd
sec-policy/selinux-openldap-2.20101213-r1
|
Pozdro
|
|
Back to top |
|
|
soban_ l33t
Joined: 27 Aug 2008 Posts: 668 Location: /home/soban
|
Posted: Sun Nov 06, 2011 1:19 pm Post subject: |
|
|
No wlasnie na x86 moim lapkowato-zlomkowym serwerze tez sie ladnie kompliluje. Gorzej na amd64 - ale dzisiaj jeszcze sprobuje z tymi flagami co podales i dam znac o wyniku. Dzieki wielkie w kazdym badz razie nawet za zainteresowanie, bo jest to dosyc denerwujace jak przy kazdym upgradzie probuje go zemergowac i zwraca jakis dziwny blad.
//EDIT 6 listopada 2011 14:12
Z tymi flagami jednak nie dziala, na amd64. Blad jest ten sam. _________________ gg: 525600 |
|
Back to top |
|
|
Jacekalex Guru
Joined: 17 Sep 2009 Posts: 553
|
Posted: Sun Nov 06, 2011 3:06 pm Post subject: |
|
|
To obejrzyj dokładnie ten log z budowania, bo chyba kompilator w wersji amd64 coś rozrabia.
Czy przypadkiem nie próbowałes go kompilować z flagą hardened na standardowym profilu/stage default?
Bo niedawno dovecot nie znosił takiej mieszanki.
Na systemie ze stage hardened kompilował się ładnie, na stage default kompilował się ładnie, ale na stage default z flagą hardened wywalał się do góry kopytami.
Sznurek: http://forum.dug.net.pl/viewtopic.php?id=19893 |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|