xinetd
nnrpd wird für den Port 119 vom innd gestartet. Bei Fedora ist nnrpd -S nicht mit einkompiliert, da wird man sich das RPM selber bauen müssen (siehe unten). Aber für den Fall, dass der inn sowieso schon --with-openssl kompiliert wurde und ein Zertifikat bei der Installation mit make cert erstellt wurde, dann genügt:
cat /etc/xinetd.d/nntps
service nntps
{
disable = no
socket_type = stream
protocol = tcp
user = news
wait = no
server = /usr/lib/news/bin/nnrpd
server_args = -S
per_source = 4
instances = 200
log_on_success += DURATION HOST USERID
}
der Eintrag im Kasten zum Starten von nttps.
inetd
Und wer statt des xinetd den openbsd-inetd benutzt, editiert '/etc/inetd.conf':
nntps stream tcp6 nowait news /usr/sbin/tcpd /usr/lib/news/bin/nnrpd-ssl -S
nntps stream tcp4 nowait news /usr/sbin/tcpd /usr/lib/news/bin/nnrpd-ssl -S
Zertifikat erstellen
cat /etc/news/makecert.ssl
SSLBIN=/usr/bin/
NEWSUSER=news
NEWSGROUP=news
PATHLIB=/usr/lib/news/lib
## Install a certificate for TLS/SSL support.
cert:
$(SSLBIN)/openssl req -new -x509 -nodes \
-out $(PATHLIB)/cert.pem -days 366 \
-keyout $(PATHLIB)/key.pem
chown $(NEWSUSER) $(PATHLIB)/cert.pem
chgrp $(NEWSGROUP) $(PATHLIB)/cert.pem
chmod 640 $(PATHLIB)/cert.pem
chown $(NEWSUSER) $(PATHLIB)/key.pem
chgrp $(NEWSGROUP) $(PATHLIB)/key.pem
chmod 600 $(PATHLIB)/key.pem
sasl.conf
cat /etc/news/sasl.conf
tls_ca_path: /usr/lib/news/lib
tls_cert_file: /usr/lib/news/lib/cert.pem
tls_key_file: /usr/lib/news/lib/key.pem
Certifikation Request
CONFIG=/etc/news/custom_openssl.cnf
cat >> /etc/news/custom_openssl.cnf EOF
# -------------- BEGIN custom openssl.cnf -----
HOME = /etc/news
oid_section = new_oids
[ new_oids ]
[ req ]
default_days = 730 # how long to certify for
default_keyfile = /usr/lib/news/lib/key.pem
distinguished_name = req_distinguished_name
encrypt_key = no
string_mask = nombstr
req_extensions = v3_req # Extensions to add to certificate request
[ req_distinguished_name ]
commonName = Common Name (eg, YOUR name)
commonName_default = news.newsserver.example
commonName_max = 64
[ v3_req ]
subjectAltName=DNS:newsX.open-news-network.org
# -------------- END custom openssl.cnf -----
EOF
Certification Request Datei erstellen
HOST=news
HOME=/etc/news
openssl req -batch -config $CONFIG -newkey rsa:2048 -out $HOME/${HOST}_csr.pem
cat $HOME/${HOST}_csr.pem
Bei http://www.cacert.org/ oder http://www.startssl.com/ sich mit dem Inhalt von news_csr.pem ein Serverzertifkat holen und den Inhalt des Zertifikats in cert.pem einfügen:
vi /usr/lib/news/lib/cert.pem
CA.pem von der CA runterladen nach /usr/lib/news/lib/ legen und in der sasl.conf angeben z.B:
tls_ca_path: /usr/lib/news/lib
tls_ca_file: /usr/lib/news/lib/root.crt
tls_cert_file: /usr/lib/news/lib/cert.pem
tls_key_file: /usr/lib/news/lib/key.pem
Debian
Debian hat als Besonderheit nicht nnrpd sondern nnrpd-ssl als extra Binary.
cat > /etc/xinetd.d/nntps "EOF"
# description: NNTP over SSL
service nntps
{
disable = no
socket_type = stream
protocol = tcp
user = news
wait = no
server = /usr/lib/news/bin/nnrpd-ssl
server_args = -S
per_source = 4
instances = 200
log_on_success += DURATION HOST USERID
}
EOF
Fedora
Fedora.src.rpm besorgen und inn.spec anpassen. Fedora10 mit verlageerten home auf /home/news statt /var/lib/news, da das Fedora-rpm ohne ssl-Support ausgeliefert wird und deswegen "nntp -S" nicht geht. Dieses Specfile hier beinhaltetet inn-2.4.5.filter_nnrpd.patch, der beim Sourcerpm nicht dabei ist.
cat /home/compileuser/rpm/SPECS/inn.spec
Summary: The InterNetNews (INN) system, an Usenet news server
Name: inn
Version: 2.4.5
Release: opennews4%{?dist}
#see LICENSE file for details
License: GPL+ and BSD and MIT and Public Domain
Group: System Environment/Daemons
URL: http://www.isc.org/products/INN/
Source0: ftp://ftp.isc.org/isc/inn/inn-%{version}.tar.gz
Source2: inn-default-distributions
Source4: inn-cron-expire
Source5: inn-cron-rnews
Source7: inn-cron-nntpsend
Source8: innd.init
Source10: inn-faq.tar.gz
Patch: inn-2.4.3.rh.patch
Patch2: inn-2.4.1.perl.patch
Patch3: inn-2.4.1.headusage.patch
Patch4: inn-2.4.1.pie.patch
Patch6: inn-2.4.1.posix.patch
Patch7: inn-2.4.3.warn.patch
Patch8: inn-2.4.2-makedbz.patch
Patch9: inn-2.4.3.rcreaderaddrinuse.patch
Patch10: inn-2.4.3-nologinshell.patch
Patch11: inn-2.4.5-dynlib.patch
Patch12: inn-2.4.5.filter_nnrpd.patch
BuildRequires: perl-devel python db4-devel byacc krb5-devel pam-devel e2fsprogs-devel
BuildRequires: perl(ExtUtils::Embed)
Requires(pre): shadow-utils
Prereq: chkconfig, grep, coreutils, sed
Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
Requires: bash >= 2.0, inews
# XXX white out bogus perl requirement for now
Provides: perl(::usr/lib/innshellvars.pl)
Buildroot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
%description
INN (InterNetNews) is a complete system for serving Usenet news and/or
private newsfeeds. INN includes innd, an NNTP (NetNews Transport
Protocol) server, and nnrpd, a newsreader that is spawned foreach
client. Both innd and nnrpd vary slightly from the NNTP protocol, but
not in ways that are easily noticed.
Install the inn package if you need a complete system for serving and
reading Usenet news. You may also need to install inn-devel,if you
are going to use a separate program which interfaces to INN, like
newsgate or tin.
%package devel
Summary: The INN (InterNetNews) library
Group: Development/Libraries
Requires: inn = %{version}
%description devel
The inn-devel package contains the INN (InterNetNews) library, which
several programs that interface with INN need in order to work (for
example, newsgate and tin).
If you are installing a program which must interface with theINN news
system, you should install inn-devel.
%package -n inews
Summary: Sends Usenet articles to a local news server for distribution
Group: System Environment/Daemons
%description -n inews
The inews program is used by some news programs (for example,inn and
trn) to post Usenet news articles to local news servers. Inews reads
an article from a file or standard input, adds headers, performs some
consistency checks and then sends the article to the local news server
specified in the inn.conf file.
Install inews if you need a program for posting Usenet articles to
local news servers.
%pre
getent group news >/dev/null || groupadd -r news
getent passwd news >/dev/null || \
useradd -r -g news -d /etc/news -s /bin/bash \
-c "News server user" news
exit 0
%prep
%setup -q -a 10
%patch -p1 -b .rh
%patch2 -p1 -b .perl
%patch3 -p1 -b .headusage
%patch4 -p1 -b .pie
%patch6 -p1 -b .posix
%patch7 -p1 -b .warn
%patch8 -p1 -b .makedbz
%patch9 -p1 -b .addrinuse
%patch10 -p1 -b .nologin
%patch11 -p1 -b .dynlib
%patch12 -p1 -b .filter_nnrpd
perl -pi -e 's/LOCK_READ/LLOCK_READ/' `find . -type f`
perl -pi -e 's/LOCK_WRITE/LLOCK_WRITE/' `find . -type f`
%build
export DEFINE_INN_FLAGS="-D_XOPEN_SOURCE=600 -D_BSD_SOURCE -DHAVE_ET_COM_ERR_H"
%ifarch s390 s390x sparc sparcv9 sparc64
export CFLAGS="$RPM_OPT_FLAGS $DEFINE_INN_FLAGS -fPIC -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE"
%else
export CFLAGS="$RPM_OPT_FLAGS $DEFINE_INN_FLAGS -fpic -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE"
%endif
with_tmp_path=/var/lib/news/tmp ./configure \
--prefix=/usr/lib/news \
--sysconfdir=/etc/news --mandir=%{_mandir} \
--with-log-dir=/home/news/log --with-spool-dir=/home/news\
--with-db-dir=/home/news/db --with-run-dir=/var/run/news \
--with-etc-dir=/etc/news --with-tmp-dir=/home/news/db/tmp \
--with-perl --enable-shared --enable-uucp-rnews \
--enable-pgp-verify --with-sendmail=/usr/sbin/sendmail \
--with-news-user=news --with-news-group=news --with-news-master=news \
--with-openssl\
--enable-ipv6 \
--enable-libtool \
%{_target_platform}
# XXX don't include
perl -pi -e 's/HAVE_DB1_NDBM_H/XXX_HAVE_DB1_NDBM_H/' ./include/config.h
make
%install
rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT
make install DESTDIR=$RPM_BUILD_ROOT
# -- Install man pages needed by suck et al.
mkdir -p $RPM_BUILD_ROOT/usr/include/inn
mkdir -p $RPM_BUILD_ROOT/var/spool/news
mkdir -p $RPM_BUILD_ROOT/var/log/news
mkdir -p $RPM_BUILD_ROOT/var/lib/news
for f in clibrary.h config.h dbz.h libinn.h storage.h
do
install -c -m 0644 ./include/$f $RPM_BUILD_ROOT/usr/include/inn
done
for f in defines.h system.h
do
install -c -m 0644 ./include/inn/$f $RPM_BUILD_ROOT/usr/include/inn
done
mkdir -p $RPM_BUILD_ROOT/etc
mv $RPM_BUILD_ROOT/usr/lib/news/bin/rc.news $RPM_BUILD_ROOT/etc
touch $RPM_BUILD_ROOT/home/news/db/subscriptions
chmod 644 $RPM_BUILD_ROOT/home/news/db/subscriptions
install -m 644 %{SOURCE2} $RPM_BUILD_ROOT/home/news/db/distributions
mkdir -p $RPM_BUILD_ROOT/etc/cron.{hourly,daily}
install %{SOURCE4} $RPM_BUILD_ROOT/etc/cron.daily/inn-cron-expire
install %{SOURCE5} $RPM_BUILD_ROOT/etc/cron.hourly/inn-cron-rnews
install %{SOURCE7} $RPM_BUILD_ROOT/etc/cron.hourly/inn-cron-nntpsend
mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d
install %{SOURCE8} $RPM_BUILD_ROOT/etc/rc.d/init.d/innd
touch $RPM_BUILD_ROOT/home/news/db/history
#LD_LIBRARY_PATH=$RPM_BUILD_ROOT/usr/lib $RPM_BUILD_ROOT/usr/bin/makedbz -i \
# -f $RPM_BUILD_ROOT/var/lib/news/history
#chmod 644 $RPM_BUILD_ROOT/var/lib/news/*
cat > $RPM_BUILD_ROOT/etc/news/.profile
PATH=\$PATH:/usr/lib/news/bin
export PATH
EOF
# we get this from cleanfeed
rm -f $RPM_BUILD_ROOT/usr/lib/news/bin/filter/filter_innd.pl
#Fix perms in sample directory to avoid bogus dependencies
find samples -name "*.in" -exec chmod a-x {} \;
mkdir -p $RPM_BUILD_ROOT/usr/bin
ln -sf ../lib/news/bin/inews $RPM_BUILD_ROOT/usr/bin/inews
ln -sf ../lib/news/bin/rnews $RPM_BUILD_ROOT/usr/bin/rnews
rm -rf $RPM_BUILD_ROOT/usr/lib/news/lib/*.la
rm -rf $RPM_BUILD_ROOT/usr/lib/news/lib/*.a
%if "%{_libdir}" != "/usr/lib"
rm -rf $RPM_BUILD_ROOT%{_libdir}/news/lib/*.a
mkdir -p $RPM_BUILD_ROOT%{_libdir}/news/lib
mv $RPM_BUILD_ROOT/usr/lib/news/lib/*.so* $RPM_BUILD_ROOT%{_libdir}/news/lib
%endif
mkdir $RPM_BUILD_ROOT/%{_sysconfdir}/ld.so.conf.d/
echo '%{_libdir}/news/lib' > $RPM_BUILD_ROOT%{_sysconfdir}/ld.so.conf.d/inn-%{_arch}.conf
#Build filelist
rm -rf $RPM_BUILD_ROOT/usr/lib/news/include
echo "%defattr(-,news,news)" > files.list
find $RPM_BUILD_ROOT -type f -or -type l | \
sed -e "s|$RPM_BUILD_ROOT||g" | \
sed 's|^/etc/cron|%config(noreplace) %attr(-,root,root) &|'| \
sed 's|^/etc/rc.d|%config(noreplace) %attr(-,root,root) &|'| \
sed 's|^/etc|%config(noreplace) &|' | \
sed 's|^/etc/news|%config(noreplace) %attr(0640,news,news) &|' | \
sed 's|^/home/news/db/|%config(noreplace) &|' | \
sed 's|.*innshellvar|%config &|' | \
sed 's|/home/news/log/news|%ghost &|' | \
sed 's|/usr/lib/news/bin/inndstart$|%attr(4550,root,news) /usr/lib/news/bin/inndstart|' | \
sed 's|/usr/lib/news/bin/startinnfeed$|%attr(4550,root,news) /usr/lib/news/bin/startinnfeed|' | \
sed 's|/usr/lib/news/bin/rnews$|%attr(4550,uucp,news) /usr/lib/news/bin/rnews|' > files.list
echo "/usr/lib/news/bin/filter/*.pyc" >> files.list
echo "/usr/lib/news/bin/filter/*.pyo" >> files.list
(echo "%defattr(-,news,news)" ; grep -v inews files.list | \
egrep -v "\.(h|so|a|la)$" | \
grep -v "news/inn.conf" | \
grep -v "/man/") > files.main
echo "%defattr(-,root,root)" > files.devel
egrep "\.(h|so)$" files.list >> files.devel
%clean
rm -rf $RPM_BUILD_ROOT
rm -f files.list files.main files.devel files.inews
%post
/sbin/ldconfig
/sbin/chkconfig --add innd
su -m news -c '/usr/lib/news/bin/makedbz -i -o'
umask 002
touch /home/news/log/news.notice
touch /home/news/log/news.crit
touch /home/news/log/news.err
chown -R news:news /home/news/log/news*
%triggerpostun -- inn 2.3.0
service innd stop > /dev/null 2>&1
exit 0
%triggerin -- rsyslog
if [ -f /etc/rsyslog.conf ]; then
if ! grep -q INN /etc/rsyslog.conf; then
sed 's/mail.none;/mail.none;news.none;/' /etc/rsyslog.conf > /etc/rsyslog.conf.inn
mv /etc/rsyslog.conf.inn /etc/rsyslog.conf
echo '' \
>> /etc/rsyslog.conf
echo '#' \
>> /etc/rsyslog.conf
echo '# INN' \
>> /etc/rsyslog.conf
echo '#' \
>> /etc/rsyslog.conf
echo 'news.=crit /home/news/log/news.crit' >> /etc/rsyslog.conf
echo 'news.=err /home/news/log/news.err' >> /etc/rsyslog.conf
echo 'news.notice /home/news/log/news.notice' >> /etc/rsyslog.conf
echo 'news.=debug /home/news/log/news.debug' >> /etc/rsyslog.conf
fi
if [ -f /var/run/rsyslogd.pid ]; then
kill -HUP `cat /var/run/rsyslogd.pid` 2> /dev/null ||:
fi
fi
%triggerin -- sysklogd
if [ -f /etc/syslog.conf ]; then
if ! grep -q INN /etc/syslog.conf; then
sed 's/mail.none;/mail.none;news.none;/' /etc/syslog.conf > /etc/syslog.conf.inn
mv /etc/syslog.conf.inn /etc/syslog.conf
echo '' \
>> /etc/syslog.conf
echo '#' \
>> /etc/syslog.conf
echo '# INN' \
>> /etc/syslog.conf
echo '#' \
>> /etc/syslog.conf
echo 'news.=crit /home/news/log/news.crit' >> /etc/syslog.conf
echo 'news.=err /home/news/log/news.err' >> /etc/syslog.conf
echo 'news.notice /home/news/log/news.notice' >> /etc/syslog.conf
fi
if [ -f /var/run/syslogd.pid ]; then
kill -HUP `cat /var/run/syslogd.pid` 2> /dev/null ||:
fi
fi
%preun
if [ $1 = 0 ]; then
service innd stop > /dev/null 2>&1
/sbin/chkconfig --del innd
if [ -f /home/news/db/history.dir ]; then
rm -f /home/news/db/history.*
fi
fi
%postun
/sbin/ldconfig
if [ "$1" -ge 1 ]; then
service innd condrestart > /dev/null 2>&1
fi
exit 0
%files -f files.main
%defattr(-,news,news,-)
%dir /usr/lib/news
%dir /usr/lib/news/bin
%dir /usr/lib/news/doc
%dir /usr/lib/news/lib
%dir /usr/lib/news/bin/rnews.libexec
%dir /usr/lib/news/bin/auth
%dir /usr/lib/news/bin/auth/passwd
%dir /usr/lib/news/bin/auth/resolv
%dir /usr/lib/news/bin/filter
%dir /usr/lib/news/bin/control
%if "(_libdir}" != "/usr/lib"
%dir %{_libdir}/news
%endif
%dir /etc/news/
%dir /home/news
%dir /home/news/archive
%dir /home/news/articles
%attr(0775,news,news) %dir /home/news/incoming
%attr(0775,news,news) %dir /home/news/incoming/bad
%dir /home/news/innfeed
%dir /home/news/outgoing
%dir /home/news/overview
%dir /home/news/log
%dir /home/news/log/OLD
%dir /home/news/db
%dir /home/news/db/tmp
%dir /var/run/news
%defattr(-,root,root)
%{_mandir}/man1/c*.1.gz
%{_mandir}/man1/f*.1.gz
%{_mandir}/man1/g*.1.gz
%{_mandir}/man1/inn*.1.gz
%{_mandir}/man1/n*.1.gz
%{_mandir}/man1/p*.1.gz
%{_mandir}/man1/r*.1.gz
%{_mandir}/man1/s*.1.gz
%{_mandir}/man[58]/*
%doc NEWS README* ChangeLog CONTRIBUTORS LICENSE INSTALL
%doc %dir samples
%files devel -f files.devel
%defattr(-,root,root)
%{_mandir}/man3/*
%files -n inews
%defattr(-,root,root)
%config(noreplace) /etc/news/inn.conf
/usr/bin/inews
%attr(0755,root,root) /usr/lib/news/bin/inews
%{_mandir}/man1/inews*
%changelog
Sa 3. Jan 06:20:56 CET 2009 Arnold Schiller news@news2.open-news-network.org Opennewsversion mit patch fillter_nnrpd.pl