Prev: samba posix_acls.c file and dir permissions
Next: Dumb questions
From: Nico Kadel-Garcia on 10 Aug 2010 20:30
On Mon, Aug 9, 2010 at 10:10 AM, Daniel Müller <mueller(a)tropenklinik.de> wrote:
>
> centOs5.5/samba4/named  here is a short guide setting it up to work.
> First of all do not install the bind package coming with centos 5.5!!
>
> Install needs for samba
>
> yum install libacl*  gnutls* readline* python* gdb* autoconf*
>
> Named installation:
> Here is a description on what to do:
> http://jason.roysdon.net/2009/10/16/building-bind-9-6-on-rhel5-centos5-for-d
> nssec-nsec3-support/
> The steps,

Thanks for the pointer. I do have some strong suggestions for you.

* Never build RPM's as root. Always do them as a user. This takes
setting up your $HOME/.rpmmacros, but it's far safer and helps prevent
badly written or erroneous .spec files from accidentally doing "rm -rf
/" or modifying your installed system files. (I just published patches
to an upstream package maintainer to prevent exactly this sort of
accidental local modification in the build process.) I'd be happy to
publish notes for it.

* If possible, build RPM's with the "mock" tool. This assures that
you're building them with a clean build environment, rather than with
locally modified libraries, or if you need local modifications you've
identified them all. Again, I'd be happy to publish notes.

> yum -y install make gcc rpm-build libtool autoconf openssl-devel libcap-devel libidn-devel libxml2-devel openldap-devel postgresql-devel sqlite-devel mysql-devel krb5-devel xmlto

Simply doing "yum -y insall rpmbuild", then "rpmbuild --rebuild
samba-*.src.rpm" should identify the dependencies for the existing
samba packages or any *.src.rpm you work with.

> For named to compile correctly you need this 2 packages too:
>
> yum -y install curl*
>
> download.fedora.redhat.com/pub/fedora/epel/5/i386/python-dns-1.7.1-1.el5.noa
> rch.rpm

EPEL is great, and also available at
ftp://mirrors.kernel.org/fedora-epel/5/. And whether to use i386 or
x86_64 depends on your architecture. And EPEL changes versions and
discards old ones without announcements, so your needed tool may
change behind you back..

Better to install the 'epel-release" RPM from the same repository, and
disable the /etc/yum.repos.d/epel.repo if you don't want it on by
default, but use it as needed to more gracefully install and update
such packages.

Also, "dnssec-conf" has been obsoleted in the EPEL repository by
"unbound", which I assume will also work.

> cd /usr/src/redhat/SRPMS
> wget -c
> ftp://mirrors.kernel.org/pub/fedora/updates/11/SRPMS/bind-9.6.*.src.rpm
> wget -c
> ftp://mirrors.kernel.org/pub/fedora/updates/11/SRPMS/dnssec-conf-*.src.rpm
>
>
> cd /usr/src/redhat/SRPMS
> wget -c
> ftp://mirrors.kernel.org/pub/fedora/updates/12/SRPMS/bind-9.6.*.src.rpm
> wget -c
> ftp://mirrors.kernel.org/pub/fedora/releases/12/Fedora/source/SRPMS/dnssec-c
> onf-*.src.rpm
> rpm -ivh --nomd5 bind-9.6.*.src.rpm dnssec-conf-*.src.rpm


Fedora 13 is out. But this doesn't work with either Fedora 12 or 13
packages, unless you've separately updated your RPM to be compatible
with current Fedora releases. That's fairly awkward to do.

To work around that, you need to extract the files and drop them ni
place manually. If you use .rpmmacros, it looks like this:

cd $HOME/rpm/SOURCES
for name in ../SRPMS/bind-9.6.*.src.rpm
rpm2cpio $name | cpio -i
mv bind.spec ../SPECS/bind.spec
rpmbuild -bs --nodeps ../SPECS/bind.spec
done
rpmbuild -bs --nodeps
rpmbuild --rebuild ../SRPMS/bind-9.6-[whatever].el5.src.rpm

> cd /usr/src/redhat/SPECS
> rpmbuild -ba ./bind.spec
>
> The built bind RPM is now in /usr/src/redhat/RPMS/i386/ or /usr/src/redhat/RPMS/x86_64/ depending on your Arch.
>
> rpmbuild --ba ./dnssec-conf.spec
>
> The built dnssec-conf RPM is now in /usr/src/redhat/RPMS/noarch/

Which is now unnecessary, due to the availability of dnssec-conf's
successor in EPEL.

> cd /usr/src/redhat/RPMS/*86*
> rpm -Uvh bind-9.6.*.rpm bind-utils-9.6.*.rpm bind-libs-9.6.*.rpm ../noarch/dnssec-conf-1.21-*.noarch.rpm
>
> Now bind is installed Config-File in /etc/named.conf I disabled in options:
> //dnssec-enable yes;
> //dnssec-validation yes;
> //dnssec-lookaside . trust-anchor dlv.isc.org.;
>
> To make bind work you have to add user named to the group named.
> Set the rights to make named work correctly
> chmod 770 /etc/named.conf
> chmod 770 /etc/named.rfc1912.zones
> chown root:named /etc/named.conf
> chown named:named /etc/named.rfc1912.zones
> chmod -R 770 /var/named
> chown -R named:named /var/named
> chown named:named /etc/rndc.key
> chown named:named /var/run/named/

named is already there from your installations of the bind RPM. Look
in the '%post' commands.

I'm going to take a break here, before getting into building Samba 4
itself. While your guidelines are helpful, I'm afraid they're off the
beaten path for RPM based installations, and I'd like to encourage
you to update them.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
 | 
Pages: 1
Prev: samba posix_acls.c file and dir permissions
Next: Dumb questions