15. Networking Programs

These applications are generally client applications used to access the appropriate server across the building or across the world. Tcpwrappers and portmap are support programs for daemons that you may have running on your machine.

15.1 bridge-utils-1.7.1

Introduction to bridge-utils

The bridge-utils package contains a utility needed to create and manage bridge devices. This is useful in setting up networks for a hosted virtual machine (VM).

This package is known to build and work properly using an LFS 11.3 platform.

Package Information

bridge-utils Dependencies

Optional (to run tests)

Net-tools-2.10

User Notes: https://wiki.linuxfromscratch.org/blfs/wiki/bridge

Kernel Configuration

Enable the following options in the kernel configuration and recompile the kernel if necessary:

[*] Networking support --->                 [CONFIG_NET]
        Networking options --->
            <*/M> 802.1d Ethernet Bridging  [CONFIG_BRIDGE]

Installation of bridge-utils

Install bridge-utils by running the following commands:

autoconf                  &&
./configure --prefix=/usr &&
make

Testing the results requires running the six shell scripts in the tools/ directory. Two of the tests require two ethernet ports. Some tests will not preserve the current network configuration. See tests/README for details.

Now, as the root user:

make install

Contents

Installed Program: brctl

Installed Libraries: None

Installed Directories: None

Short Descriptions

brctl is a program used to set up, maintain, and inspect the ethernet bridge configuration in the linux kernel.

15.2 cifs-utils-7.0

Introduction to cifs-utils

The cifs-utils package provides a means for mounting SMB/CIFS shares on a Linux system.

This package is known to build and work properly using an LFS 11.3 platform.

Package Information

cifs-utils Dependencies

Talloc-2.4.0 (required if krb is installed), MIT Kerberos V5-1.20.1

Optional

docutils-0.19 (to create the man pages), keyutils-1.6.1 (required to build PAM module), Linux-PAM-1.5.2, Samba-4.17.5, and libcap-2.67 with PAM or libcap-ng

User Notes: https://wiki.linuxfromscratch.org/blfs/wiki/cifsutils

Kernel Configuration

Enable the following options in the kernel configuration and recompile the kernel if necessary:

File systems  --->
    [*] Network File Systems  --->                                  [CONFIG_NETWORK_FILESYSTEMS]
        <*/M> SMB3 and CIFS support (advanced network filesystem)   [CONFIG_CIFS]

Depending on your server configuration, additional kernel options may be required.

Installation of cifs-utils

Install cifs-utils by running the following commands:

./configure --prefix=/usr \
            --disable-pam &&
make

This package does not come with a test suite.

Now, as the root user:

make install

Command Explanations

--disable-pam: Do not build PAM support. Remove it and use --with-pamdir (see below), if Linux-PAM-1.5.2 is installed and you wish PAM support.

--with-pamdir=/usr/lib/security: Install the PAM module in /usr/lib/security.

Contents

Installed Programs: cifs.idmap, cifs.upcall, cifscreds, getcifsacl, mount.cifs, mount.smb3, setcifsacl, smb2-quota, and smbinfo

Installed Library: /usr/lib/cifs-utils/idmapwb.so and optionally PAM module /usr/lib/security/pam_cifscreds.so

Installed Directory: /usr/lib/cifs-utils

Short Descriptions

cifs.idmap is a userspace helper program for the linux CIFS client filesystem. There are a number of activities that the kernel cannot easily do itself. This program is a callout program that does these things for the kernel and then returns the result. It is not intended to be run from the command-line.

cifs.upcall is a userspace helper program for the linux CIFS client filesystem. It is intended to be run when the kernel calls request-key for a particular key type. It is not intended to be run from the command-line.

cifscreds is a tool for managing credentials (username and password) for the purpose of establishing sessions in multiuser mounts.

getcifsacl is a userspace helper to display an ACL in a security descriptor for Common Internet File System (CIFS).

mount.cifs mounts a Linux CIFS filesystem. It is usually invoked indirectly by the mount(8) command when using the “-t cifs” option.

mount.smb3 mounts a SMB3-based filesystem. It is usually invoked indirectly by the mount(8) command when using the “-t smb3” option.

setcifsacl is intended to alter an ACL of a security descriptor for a file system object.

smb3-quota displays quota information for a SMB filesystem.

smbinfo displays SMB-specific file information, such as security descriptors and quotas.

15.3 iw-5.19

Introduction to iw

iw is a new nl80211 based CLI configuration utility for wireless devices. It supports all new drivers that have been added to the kernel recently. The old tool iwconfig, which uses Wireless Extensions interface, is deprecated and it’s strongly recommended to switch to iw and nl80211.

This package is known to build and work properly using an LFS 11.3 platform.

Package Information

iw Dependencies

Required

libnl-3.7.0

User Notes: https://wiki.linuxfromscratch.org/blfs/wiki/iw

Kernel Configuration

To use iw, the kernel must have the appropriate drivers and other support available. The appropriate bus must also be available. For older laptops, the PCMCIA bus (CONFIG_PCCARD) needs to be built. In some cases, this bus support will also need to be built for embedded iw cards. The appropriate bridge support also needs to be built. For many modern laptops, the CardBus host bridge (CONFIG_YENTA) will be needed.

In addition to the bus, the actual driver for the specific wireless card must also be available. There are many wireless cards and they don’t all work with Linux. The first place to look for card support is the kernel. The drivers are located in Device Drivers → Network Device Support → Wireless LAN (non-hamradio). There are also external drivers available for some very common cards. For more information, look at the user notes.

After the correct drivers are loaded, the interface will appear in /proc/net/wireless.

Installation of iw

To install iw, use the following commands:

sed -i "/INSTALL.*gz/s/.gz//" Makefile &&
make

This package does not come with a test suite.

Now, as the root user:

make install

Command Explanations

sed …: Install uncompressed manual pages in accordance with other man pages.

Contents

Installed Programs: iw

Installed Libraries: None

Installed Directories: None

Short Descriptions

iw shows / manipulates wireless devices and their configuration.

15.4 NcFTP-3.2.6

Introduction to NcFTP

The NcFTP package contains a powerful and flexible interface to the Internet standard File Transfer Protocol. It is intended to replace or supplement the stock ftp program.

This package is known to build and work properly using an LFS 11.3 platform.

Package Information

NcFTP Dependencies

Optional

LLVM-15.0.7 (with Clang, used by default if installed)

User Notes: https://wiki.linuxfromscratch.org/blfs/wiki/ncftp

Installation of NcFTP

There are two ways to build NcFTP. The first (and optimal) way builds most of the functionality as a shared library and then builds and installs the program linked against this library. The second method simply links all of the functionality into the binary statically. This doesn’t make the dynamic library available for linking by other applications. You need to choose which method best suits you. Note that the second method does not create an entirely statically linked binary; only the libncftp parts are statically linked in, in this case. Be aware that building and using the shared library is covered by the Clarified Artistic License; however, developing applications that utilize the shared library is subject to a different license.

First, fix an issue caused by a change in behavior in GCC-10:

sed -i 's/^Bookmark/extern Bookmark/' sh_util/gpshare.c

To install NcFTP using the first (and optimal) method, run the following commands:

./configure --prefix=/usr --sysconfdir=/etc &&
make -C libncftp shared &&
make

This package does not come with a test suite.

Now, as the root user:

make -C libncftp soinstall &&
make install

To install NcFTP using the second method (with the libncftp functionality linked in statically) run the following commands:

./configure --prefix=/usr --sysconfdir=/etc &&
make

This package does not come with a test suite.

Now, as the root user:

make install

Command Explanations

make -C … && make -C …: These commands make and install the dynamic library libncftp which is then used to link against when compiling the main program.

Configuring NcFTP

Config Files

/etc/ncftp.* and ~/.ncftp/*; especially /etc/ncftp.prefs_v3 and ~/.ncftp/prefs_v3

Configuration Information

Most NcFTP configuration is done while in the program, and the configuration files are dealt with automatically. One exception to this is ~/.ncftp/prefs_v3. There are various options to alter in there, including:

yes-i-know-about-NcFTPd=yes

This disables the splash screen advertising the NcFTPd server.

There are other options in the prefs_v3 file. Most of these are self-explanatory. Global defaults can be set in /etc/ncftp.prefs_v3.

Contents

Installed Programs: ncftp, ncftpbatch, ncftpbookmarks, ncftpget, ncftpls, ncftpput, and ncftpspooler

Installed Library: libncftp.so

Installed Directories: None

Short Descriptions

ncftp is a browser program for File Transfer Protocol.

ncftpbatch is an individual batch FTP job processor.

ncftpbookmarks is the NcFTP Bookmark Editor (NCurses-based).

ncftpget is an internet file transfer program for scripts used to retrieve files.

ncftpls is an internet file transfer program for scripts used to list files.

ncftpput is an internet file transfer program for scripts used to transfer files.

ncftpspooler is a global batch FTP job processor daemon.

15.5 Net-tools-2.10

Introduction to Net-tools

The Net-tools package is a collection of programs for controlling the network subsystem of the Linux kernel.

This package is known to build and work properly using an LFS 11.3 platform.

Package Information

User Notes: https://wiki.linuxfromscratch.org/blfs/wiki/net-tools

Installation of Net-tools

The instructions below automate the configuration process by piping yes to the make command. If you wish to run the interactive configuration process (by changing the instruction to just make), but you are not sure how to answer all the questions, then just accept the defaults. This will be just fine in the majority of cases. What you’re asked here is a bunch of questions about which network protocols you’ve enabled in your kernel. The default answers will enable the tools from this package to work with the most common protocols: TCP, PPP, and several others. You still need to actually enable these protocols in the kernel—what you do here is merely tell the package to include support for those protocols in its programs, but it’s up to the kernel to make the protocols available.

Note

This package has several unneeded protocols and hardware device specific functions that are obsolete. To only build the minimum needed for your system, skip the yes command and answer each question interactively. The minimum needed options are ‘UNIX protocol family’ and ‘INET (TCP/IP) protocol family’.

For this package, we use the DESTDIR method of installation in order to easily remove files from the build that overwrite those that we want to keep or are not appropriate for our system.

Install Net-tools by running the following commands:

export BINDIR='/usr/bin' SBINDIR='/usr/bin' &&
yes "" | make -j1                           &&
make DESTDIR=$PWD/install -j1 install       &&
rm    install/usr/bin/{nis,yp}domainname    &&
rm    install/usr/bin/{hostname,dnsdomainname,domainname,ifconfig} &&
rm -r install/usr/share/man/man1            &&
rm    install/usr/share/man/man8/ifconfig.8 &&
unset BINDIR SBINDIR

This package does not come with a test suite.

Now, as the root user:

chown -R root:root install &&
cp -a install/* /

Command Explanations

export BINDIR=’/usr/bin’ SBINDIR=’/usr/bin’: Ensure the executables are installed in the correct location.

**yes “” make** : Piping yes to make config skips the interactive configuration and accepts the defaults.

rm …: Remove unneeded programs and man pages.

Contents

Installed Programs: arp, ipmaddr, iptunnel, mii-tool, nameif, netstat, plipconfig, rarp, route, and slattach

Installed Libraries: None

Installed Directories: None

Short Descriptions

arp is used to manipulate the kernel’s ARP cache, usually to add or delete an entry, or to dump the entire cache.

ipmaddr adds, deletes and shows an interface’s multicast addresses.

iptunnel adds, changes, deletes and shows an interface’s tunnels.

mii-tool checks or sets the status of a network interface’s Media Independent Interface (MII) unit.

nameif names network interfaces based on MAC addresses.

netstat is used to report network connections, routing tables, and interface statistics.

plipconfig is used to fine tune the PLIP device parameters, to improve its performance.

rarp is used to manipulate the kernel’s RARP table.

route is used to manipulate the IP routing table.

slattach attaches a network interface to a serial line. This allows you to use normal terminal lines for point-to-point links to others computers.

15.6 NFS-Utils-2.6.2

Introduction to NFS Utilities

The NFS Utilities package contains the userspace server and client tools necessary to use the kernel’s NFS abilities. NFS is a protocol that allows sharing file systems over the network.

This package is known to build and work properly using an LFS 11.3 platform.

Package Information

NFS Utilities Dependencies

Required

libtirpc-1.3.3 and rpcsvc-proto-1.4.3

Optional

Cyrus SASL-2.1.28 (for SASL authentication), LVM2-2.03.18 (libdevmapper for NFSv4 support), libnsl-2.0.0 (for NIS client support), OpenLDAP-2.6.4 (for LDAP authentication), SQLite-3.40.1, MIT Kerberos V5-1.20.1 or libgssapi , and librpcsecgss (for GSS and RPC security support), and libcap-2.67 with PAM

Required (runtime)

rpcbind-1.2.6

User Notes: https://wiki.linuxfromscratch.org/blfs/wiki/nfs-utils

Kernel Configuration

Enable the following options in the kernel configuration (choose client and/or server support as appropriate) and recompile the kernel if necessary:

File systems  --->
    [*] Network File Systems  --->          [CONFIG_NETWORK_FILESYSTEMS]
        <*/M> NFS client support            [CONFIG_NFS_FS]
        <*/M> NFS server support            [CONFIG_NFSD]

Select the appropriate sub-options that appear when the above options are selected.

Note

In BLFS we assume that nfs v3 will be used. If the server offers nfs v4 (for linux, CONFIG_NFSD_V4) then auto-negotiation for v3 will fail and you will need to add nfsver=3 to the mount options. This also applies if that option is enabled in the client’s kernel, for example in a distro trying to mount from a BLFS v3 server.

Even if neither end of the connection supports nfs v4, adding nfsver=3 is still beneficial because it prevents an error message “NFS: bad mount option value specified: minorversion=1” being logged on every mount.

Installation of NFS Utilities

Install NFS Utilities by running the following commands:

./configure --prefix=/usr          \
            --sysconfdir=/etc      \
            --sbindir=/usr/sbin    \
            --disable-nfsv4        \
            --disable-gss &&
make

This package does not come with a working test suite.

Now, as the root user:

make install                      &&
chmod u+w,go+r /usr/sbin/mount.nfs    &&
chown nobody.nogroup /var/lib/nfs

Command Explanations

--disable-gss: Disables support for RPCSEC GSS (RPC Security).

chown nobody.nogroup /var/lib/nfs: The rpc.statd program uses the ownership of this directory to set it’s UID and GID. This command sets those to unprivileged entries.

Configuring NFS Utilities

Server Configuration

/etc/exports contains the exported directories on NFS servers. Refer to the exports.5 manual page for the syntax of this file. Also refer to the “NFS HowTo” available at https://nfs.sourceforge.net/nfs-howto/ for information on how to configure the servers and clients in a secure manner. For example, for sharing the /home directory over the local network, the following line may be added:

cat >> /etc/exports << EOF
/home 192.168.0.0/24(rw,subtree_check,anonuid=99,anongid=99)
EOF

Note

Be sure to replace the directory, network address. and prefix above to match your network. The only space in the line above should be between the directory and the network address.

Systemd Units

Install the NFSv4 server units included in the blfs-systemd-units-20220720 package to start the server at boot.

make install-nfsv4-server

If you have disabled NFSv4 support, run the following command as the root user to omit the NFSv4 specific systemd units:

make install-nfs-server

You can edit the /etc/default/nfs-utils file to change the startup options for NFS daemons. Defaults should be fine for most use cases.

Client Configuration

/etc/fstab contains the directories that are to be mounted on the client. Alternately the partitions can be mounted by using the mount command with the proper options. To mount the /home and /usr partitions, add the following to the /etc/fstab:

<server-name>:/home  /home nfs   rw,_netdev 0 0
<server-name>:/usr   /usr  nfs   ro,_netdev 0 0

The options which can be used are specified in man 5 nfs . If both the client and server are running recent versions of linux, most of the options will be negotiated (but see the Note above on nfsver=3). You can specify either rw or ro, _netdev if the filesystem is to be automatically mounted at boot, or noauto (and perhaps user) for other filesystems.

If the fileserver is not running a recent version of linux, you may need to specify other options.

You may need to enable autofs v4 in your kernel, and add the option comment=systemd.automount. Some machines may need this because systemd tries to mount the external filesystems before the network is up. An alternative is to run mount -a as the root user after the system has started.

Systemd Units

Note

The following systemd units are not required if the nfs-server units are installed.

Install the units included in the blfs-systemd-units-20220720 package to start the client services at boot.

make install-nfs-client

Contents

Installed Programs: exportfs, mountstats, mount.nfs, mount.nfs4 (link to mount.nfs), nfsconf, nfsdclnts, nfsiostat, nfsstat, rpc.mountd, rpc.nfsd, rpc.statd, rpcdebug, showmount, sm-notify, start-statd, umount.nfs (link to mount.nfs), and umount.nfs4 (link to mount.nfs)

Installed Libraries: None

Installed Directories: /var/lib/nfs

Short Descriptions

exportfs maintains a list of NFS exported file systems.

mountstats displays NFS client per-mount statistics.

mount.nfs is used to mount a network share using NFS.

mount.nfs4 is used to mount a network share using NFSv4.

nfsconf can be used to test for and retrieve configuration settings from a range of nfs-utils configuration files.

nfsdclnts prints information about NFS clients.

nfsiostat reports input/output statistics for network filesystems.

nfsstat displays statistics kept about NFS client and server activity.

rpc.mountd implements the NFS mount protocol on an NFS server.

rpc.nfsd implements the user level part of the NFS service on the server.

rpc.statd is used by the NFS file locking service. Run on both sides, client as well as server, when you want file locking enabled.

rpcdebug sets or clears the kernel’s NFS client and server debug flags.

showmount displays mount information for an NFS server.

sm-notify is used to send Network Status Monitor reboot messages.

start-statd is a script called by nfsmount when mounting a filesystem with locking enabled, if statd does not appear to be running. It can be customised with whatever flags are appropriate for the site.

umount.nfs is used to unmount a network share using NFS.

umount.nfs4 is used to unmount a network share using NFSv4.

15.7 ntp-4.2.8p15

Introduction to ntp

The ntp package contains a client and server to keep the time synchronized between various computers over a network. This package is the official reference implementation of the NTP protocol.

This package is known to build and work properly using an LFS 11.3 platform.

Package Information

ntp Dependencies

Required

IO-Socket-SSL-2.081

Optional

libcap-2.67 with PAM, libevent-2.1.12, libedit, and libopts from AutoGen

User Notes: https://wiki.linuxfromscratch.org/blfs/wiki/ntp

Installation of ntp

There should be a dedicated user and group to take control of the ntpd daemon after it is started. Issue the following commands as the root user:

groupadd -g 87 ntp &&
useradd -c "Network Time Protocol" -d /var/lib/ntp -u 87 \
        -g ntp -s /bin/false ntp

The update-leap command needs to be fixed in order to run properly:

sed -e 's/"(\\S+)"/"?([^\\s"]+)"?/' \
    -i scripts/update-leap/update-leap.in

Now fix an issue introduced with glibc-2.34:

sed -e 's/#ifndef __sun/#if !defined(__sun) \&\& !defined(__GLIBC__)/' \
    -i libntp/work_thread.c

Install ntp by running the following commands:

./configure --prefix=/usr         \
            --bindir=/usr/sbin    \
            --sysconfdir=/etc     \
            --enable-linuxcaps    \
            --with-lineeditlibs=readline \
            --docdir=/usr/share/doc/ntp-4.2.8p15 &&
make

The test suite of this package is broken with GCC 10 or later.

Now, as the root user:

make install &&
install -v -o ntp -g ntp -d /var/lib/ntp

Command Explanations

CFLAGS="-O2 -g -fPIC": This environment variable is necessary to generate Position Independent Code needed for use in the package libraries.

--bindir=/usr/sbin: This parameter places the administrative programs in /usr/sbin.

--enable-linuxcaps: ntpd is run as user ntp, so use Linux capabilities for non-root clock control.

--with-lineeditlibs=readline: This switch enables Readline support for ntpdc and ntpq programs. If omitted, libedit will be used if installed, otherwise no readline capabilities will be compiled.

Configuring ntp

Config Files

/etc/ntp.conf

Configuration Information

The following configuration file first defines various ntp servers with open access from different continents. Second, it creates a drift file where ntpd stores the frequency offset and a pid file to store the ntpd process ID. Third, it defines the location for the leap-second definition file /etc/ntp.leapseconds, that the update-leap script checks and updates, when necessary. This script can be run as a cron job and the ntp developers recommend a frequency of about three weeks for the updates. Since the documentation included with the package is sparse, visit the ntp website at https://www.ntp.org/ and https://www.ntppool.org/ for more information.

cat > /etc/ntp.conf << "EOF"
# Asia
server 0.asia.pool.ntp.org

# Australia
server 0.oceania.pool.ntp.org

# Europe
server 0.europe.pool.ntp.org

# North America
server 0.north-america.pool.ntp.org

# South America
server 2.south-america.pool.ntp.org

driftfile /var/lib/ntp/ntp.drift
pidfile   /run/ntpd.pid

leapfile  /var/lib/ntp/ntp.leapseconds
EOF

You may wish to add a “Security session”. For explanations, see https://www.eecis.udel.edu/~mills/ntp/html/accopt.html#restrict.

cat >> /etc/ntp.conf << "EOF"
# Security session
restrict    default limited kod nomodify notrap nopeer noquery
restrict -6 default limited kod nomodify notrap nopeer noquery

restrict 127.0.0.1
restrict ::1
EOF

Synchronizing the Time

There are two options. Option one is to run ntpd continuously and allow it to synchronize the time in a gradual manner. The other option is to run ntpd periodically (using cron) and update the time each time ntpd is scheduled.

If you choose Option one, then install the ntpd.service unit included in the blfs-systemd-units-20220720 package.

make install-ntpd

If you prefer to run ntpd periodically, add the following command to root’s crontab:

ntpd -q

Contents

Installed Programs: calc_tickadj, ntp-keygen, ntp-wait, ntpd, ntpdate, ntpdc, ntpq, ntptime, ntptrace, sntp, tickadj and update-leap

Installed Libraries: None

Installed Directories: /usr/share/ntp, /usr/share/doc/ntp-4.2.8 and /var/lib/ntp

Short Descriptions

calc_tickadj calculates optimal value for tick given ntp drift file.

ntp-keygen generates cryptographic data files used by the NTPv4 authentication and identification schemes.

ntp-wait is useful at boot time, to delay the boot sequence until ntpd has set the time.

ntpd is a ntp daemon that runs in the background and keeps the date and time synchronized based on response from configured ntp servers. It also functions as a ntp server.

ntpdate is a client program that sets the date and time based on the response from an ntp server. This command is deprecated.

ntpdc is used to query the ntp daemon about its current state and to request changes in that state.

ntpq is a utility program used to monitor ntpd operations and determine performance.

ntptime reads and displays time-related kernel variables.

ntptrace traces a chain of ntp servers back to the primary source.

sntp is a Simple Network Time Protocol (SNTP) client.

tickadj reads, and optionally modifies, several timekeeping-related variables in older kernels that do not have support for precision timekeeping.

update-leap is a script to verify and, if necessary, update the leap-second definition file.

15.8 rpcbind-1.2.6

Introduction to rpcbind

The rpcbind program is a replacement for portmap. It is required for import or export of Network File System (NFS) shared directories.

This package is known to build and work properly using an LFS 11.3 platform.

Package Information

Additional Downloads

rpcbind Dependencies

Required

libtirpc-1.3.3

User Notes: https://wiki.linuxfromscratch.org/blfs/wiki/rpcbind

Installation of rpcbind

There should be a dedicated user and group to take control of the rpcbind daemon after it is started. Issue the following commands as the root user:

groupadd -g 28 rpc &&
useradd -c "RPC Bind Daemon Owner" -d /dev/null -g rpc \
        -s /bin/false -u 28 rpc

In order to get rpcbind to work properly, first fix the package to use correct service name:

sed -i "/servname/s:rpcbind:sunrpc:" src/rpcbind.c

Install rpcbind by running the following commands:

patch -Np1 -i ../rpcbind-1.2.6-vulnerability_fixes-1.patch &&

./configure --prefix=/usr       \
            --bindir=/usr/sbin  \
            --enable-warmstarts \
            --with-rpcuser=rpc  &&
make

This package does not come with a test suite.

Now, as the root user:

make install

Command Explanations

--with-rpcuser=rpc: This switch is used so the rpcbind daemon will run as an unprivileged user instead of the root user.

Configuring rpcbind

Systemd Unit

Enable the systemd unit installed with the package:

systemctl enable rpcbind

Contents

Installed Program: rpcbind and rpcinfo

Installed Libraries: None

Installed Directories: None

Short Descriptions

rpcbind is a server that converts RPC program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine.

rpcinfo makes an RPC call to an RPC server and reports data according to the requested options.

15.9 rsync-3.2.7

Introduction to rsync

The rsync package contains the rsync utility. This is useful for synchronizing large file archives over a network.

This package is known to build and work properly using an LFS 11.3 platform.

Package Information

rsync Dependencies

popt-1.19

Optional

Doxygen-1.9.6, lz4, and xxhash

User Notes: https://wiki.linuxfromscratch.org/blfs/wiki/rsync

Installation of rsync

For security reasons, running the rsync server as an unprivileged user and group is encouraged. If you intend to run rsync as a daemon, create the rsyncd user and group with the following commands issued by the root user:

groupadd -g 48 rsyncd &&
useradd -c "rsyncd Daemon" -m -d /home/rsync -g rsyncd \
    -s /bin/false -u 48 rsyncd

Install rsync by running the following commands:

./configure --prefix=/usr    \
            --disable-lz4    \
            --disable-xxhash \
            --without-included-zlib &&
make

If you have Doxygen-1.9.6 installed and wish to build HTML API documentation, issue:

doxygen

To test the results, issue: make check.

Now, as the root user:

make install

If you built the documentation, install it using the following commands as the root user:

install -v -m755 -d          /usr/share/doc/rsync-3.2.7/api &&
install -v -m644 dox/html/*  /usr/share/doc/rsync-3.2.7/api

Command Explanations

--disable-lz4: This switch disables LZ4 compression support. Note that it uses the superior ‘zstd’ algorithm when this switch is in use, and zstd is provided in LFS.

--disable-xxhash: This switch disables advanced xxhash checksum support. Remove this switch if you have installed xxhash.

--without-included-zlib: This switch enables compilation with the system-installed zlib library.

Configuring rsync

Config Files

/etc/rsyncd.conf

Configuration Information

For client access to remote files, you may need to install the OpenSSH-9.2p1 package to connect to the remote server.

This is a simple download-only configuration to set up running rsync as a server. See the rsyncd.conf(5) man-page for additional options (i.e., user authentication).

cat > /etc/rsyncd.conf << "EOF"
# This is a basic rsync configuration file
# It exports a single module without user authentication.

motd file = /home/rsync/welcome.msg
use chroot = yes

[localhost]
    path = /home/rsync
    comment = Default rsync module
    read only = yes
    list = yes
    uid = rsyncd
    gid = rsyncd

EOF

You can find additional configuration information and general documentation about rsync at https://rsync.samba.org/documentation.html.

Systemd Unit

Note that you only need to start the rsync server if you want to provide an rsync archive on your local machine. You don’t need this unit to run the rsync client.

Install the rsyncd.service unit included in the blfs-systemd-units-20220720 package.

make install-rsyncd

Note

This package comes with two types of units: A service file and a socket file. The service file will start rsync daemon once at boot and it will keep running until the system shuts down. The socket file will make systemd listen on rsync port (Default 873, needs to be edited for anything else) and will start rsync daemon when something tries to connect to that port and stop the daemon when the connection is terminated. This is called socket activation and is analogous to using {,x}inetd on a SysVinit based system.

By default, the first method is used - rsync daemon is started at boot and stopped at shutdown. If the socket method is desired, you need to run as the root user:

systemctl stop rsyncd &&
systemctl disable rsyncd &&
systemctl enable rsyncd.socket &&
systemctl start rsyncd.socket

Note that socket method is only useful for remote backups. For local backups you’ll need the service method.

Contents

Installed Program: rsync and rsync-ssl

Installed Libraries: None

Installed Directories: Optionally, /usr/share/doc/rsync-3.2.7

Short Descriptions

rsync is a replacement for rcp (and scp) that has many more features. It uses the “rsync algorithm” which provides a very fast method of syncing remote files. It does this by sending just the differences in the files across the link, without requiring that both sets of files are present at one end of the link beforehand.

rsync-ssl is a helper script used when connecting to an rsync daemon that has SSL support built in.

15.10 Samba-4.17.5

Introduction to Samba

The Samba package provides file and print services to SMB/CIFS clients and Windows networking to Linux clients. Samba can also be configured as a Windows Domain Controller replacement, a file/print server acting as a member of a Windows Active Directory domain and a NetBIOS (RFC1001/1002) nameserver (which among other things provides LAN browsing support).

This package is known to build and work properly using an LFS 11.3 platform.

Package Information

Samba Dependencies

Required

GnuTLS-3.8.0, jansson-2.14, JSON-4.10, libtirpc-1.3.3, lmdb-0.9.29, and rpcsvc-proto-1.4.3

Fuse-3.13.1, GPGME-1.18.0, ICU-72.1, libtasn1-4.19.0, libxslt-1.1.37 (for documentation), Linux-PAM-1.5.2, Parse-Yapp-1.21, and OpenLDAP-2.6.4

Optional

Avahi-0.8, BIND-9.18.12, Cups-2.4.2, Cyrus SASL-2.1.28, GDB-13.1, git-2.39.2, GnuPG-2.4.0 (required for ADS and test suite), libaio-0.3.113, libarchive-3.6.2, libcap-2.67 with PAM, libgcrypt-1.10.1, libnsl-2.0.0, libunwind-1.6.2, MIT Kerberos V5-1.20.1, nss-3.88.1, popt-1.19, Talloc-2.4.0 (included), Vala-0.56.4, Valgrind-3.20.0 (optionally used by the test suite), xfsprogs-6.1.1, cmocka, cryptography, ctdb (included), cwrap, dnspython, FAM, Gamin, GlusterFS, Heimdal (included), iso8601, ldb (included), M2Crypto (required for ADS), OpenAFS, pyasn1, PyGPGME (recommended for ADS), tevent (included), tdb (included), and tracker-2

Optional (for the Developer Test Suite)

Install in listed order: six-1.16.0, pytest-7.2.1, argparse, extras, hypothesis, coverage, pytest-cov, doctools, unittest2, testtools, fixtures, python-mimeparse, contextlib2, traceback2, linecache2, testscenarios, testresources, virtualenv, pbr, and python-subunit

User Notes: https://wiki.linuxfromscratch.org/blfs/wiki/samba4

Installation of Samba

To support the test suite, set up a Python virtual environment for some Python modules out of the scope of BLFS:

python3 -m venv pyvenv &&
./pyvenv/bin/pip3 install cryptography pyasn1 iso8601

Install Samba by running the following commands:

PYTHON=$PWD/pyvenv/bin/python3             \
CPPFLAGS="-I/usr/include/tirpc"            \
LDFLAGS="-ltirpc"                          \
./configure                                \
    --prefix=/usr                          \
    --sysconfdir=/etc                      \
    --localstatedir=/var                   \
    --with-piddir=/run/samba               \
    --with-pammodulesdir=/usr/lib/security \
    --enable-fhs                           \
    --without-ad-dc                        \
    --enable-selftest                      &&
make

To test the results, issue: PATH=$PWD/pyvenv/bin:$PATH make quicktest. The test suite will produce lines that look like failures, but these are innocuous. The last few lines of output should report “ALL OK” for a good test run. A summary of any failures can be found in ./st/summary.

Note

Additionally, developer test suites are available. If you’ve installed the optional python modules above in the Python virtual environment for building this package, you can run these tests with make test. It is not recommended for the average builder at around 290 SBU and over a gigabyte of disk space, and you should expect ~73 errors and ~30 failures from the 3000+ tests.

Fix a hard coded path to Python 3 interpreter:

sed '1s@^.*$@#!/usr/bin/python3@' \
    -i ./bin/default/source4/scripting/bin/samba-gpupdate.inst

If upgrading from an old version of samba, as the root user, remove the old Python support files to prevent some issues:

rm -rf /usr/lib/python3.11/site-packages/samba

Still as the root user, install the package:

make install &&

install -v -m644    examples/smb.conf.default /etc/samba &&

sed -e "s;log file =.*;log file = /var/log/samba/%m.log;" \
    -e "s;path = /usr/spool/samba;path = /var/spool/samba;" \
    -i /etc/samba/smb.conf.default &&

mkdir -pv /etc/openldap/schema                        &&

install -v -m644    examples/LDAP/README              \
                    /etc/openldap/schema/README.LDAP  &&

install -v -m644    examples/LDAP/samba*              \
                    /etc/openldap/schema              &&

install -v -m755    examples/LDAP/{get*,ol*} \
                    /etc/openldap/schema

Command Explanations

--enable-fhs: Assigns all other file paths in a manner compliant with the Filesystem Hierarchy Standard (FHS).

--without-ad-dc: Disables Active Directory Domain Controller functionality. See Set up a Samba Active Directory Domain Controller for detailed information. Remove this switch if you’ve installed the Python modules needed for ADS support. Note that BLFS does not provide a samba bootscript or systemd unit for an Active Directory domain controller.

--with-selftest-prefix=SELFTEST_PREFIX: This option specifies the test suite work directory (default=./st).

install -v -m644 examples/LDAP/* /etc/openldap/schema: These commands are used to copy sample Samba schemas to the OpenLDAP schema directory.

install -v -m644 ../examples/smb.conf.default /etc/samba: This copies a default smb.conf file into /etc/samba. This sample configuration will not work until you copy it to /etc/samba/smb.conf and make the appropriate changes for your installation. See the configuration section for minimum values which must be set.

Configuring Samba

Config Files

/etc/samba/smb.conf

Printing to SMB Clients

If you use CUPS for print services, and you wish to print to a printer attached to an SMB client, you need to create an SMB backend device. To create the device, issue the following command as the root user:

install -dvm 755 /usr/lib/cups/backend &&
ln -v -sf /usr/bin/smbspool /usr/lib/cups/backend/smb

Configuration Information

Due to the complexity and the many various uses for Samba, complete configuration for all the package’s capabilities is well beyond the scope of the BLFS book. This section provides instructions to configure the /etc/samba/smb.conf file for two common scenarios. The complete contents of /etc/samba/smb.conf will depend on the purpose of Samba installation.

Note

You may find it easier to copy the configuration parameters shown below into an empty /etc/samba/smb.conf file instead of copying and editing the default file as mentioned in the “Command Explanations” section. How you create/edit the /etc/samba/smb.conf file will be left up to you. Do ensure the file is only writable by the root user (mode 644).

Scenario 1: Minimal Standalone Client-Only Installation

Choose this variant if you only want to transfer files using smbclient, mount Windows shares and print to Windows printers, and don’t want to share your files and printers to Windows machines.

A /etc/samba/smb.conf file with the following three parameters is sufficient:

[global]
    workgroup = WORKGROUP
    dos charset = cp850
    unix charset = ISO-8859-1

The values in this example specify that the computer belongs to a Windows workgroup named “WORKGROUP”, uses the “cp850” character set on the wire when talking to MS-DOS and MS Windows 9x, and that the filenames are stored in the “ISO-8859-1” encoding on the disk. Adjust these values appropriately for your installation. The “unix charset” value must be the same as the output of locale charmap when executed with the LANG variable set to your preferred locale, otherwise the ls command may not display correct filenames of downloaded files.

There is no need to run any Samba servers in this scenario, thus you don’t need to install the provided systemd units.

Scenario 2: Standalone File/Print Server

Choose this variant if you want to share your files and printers to Windows machines in your workgroup in addition to the capabilities described in Scenario 1.

In this case, the /etc/samba/smb.conf.default file may be a good template to start from. Also, you should add the “dos charset” and “unix charset” parameters to the “[global]” section as described in Scenario 1 in order to prevent filename corruption. For security reasons, you may wish to define path = /home/alice/shared-files, assuming your user name is alice and you only want to share the files in that directory, instead of your entire home. Then, replace homes by shared-files and change also the “comment” if used the configuration file below or the /etc/samba/smb.conf.default to create yours.

The following configuration file creates a separate share for each user’s home directory and also makes all printers available to Windows machines:

[global]
    workgroup = WORKGROUP
    dos charset = cp850
    unix charset = ISO-8859-1

[homes]
    comment = Home Directories
    browseable = no
    writable = yes

[printers]
    comment = All Printers
    path = /var/spool/samba
    browseable = no
    guest ok = no
    printable = yes

Other parameters you may wish to customize in the “[global]” section include:

server string =
security =
hosts allow =
load printers =
log file =
max log size =
socket options =
local master =

Reference the comments in the /etc/samba/smb.conf.default file for information regarding these parameters.

Since the smbd and nmbd daemons are needed in this case, install the samba systemd unit. Be sure to run smbpasswd (with the -a option to add users) to enable and set passwords for all accounts that need Samba access. Using the default Samba passdb backend, any user you attempt to add will also be required to exist in the /etc/passwd file.

Advanced Requirements

More complex scenarios involving domain control or membership are possible. Such setups are advanced topics and cannot be adequately covered in BLFS. Many complete books have been written on these topics alone. Note that in some domain membership scenarios, the winbindd daemon and the corresponding systemd unit are needed.

Guest account

The default Samba installation uses the nobody user for guest access to the server. This can be overridden by setting the guest account = parameter in the /etc/samba/smb.conf file. If you utilize the guest account = parameter, ensure this user exists in the /etc/passwd file.

Systemd Units

To start the Samba daemons at boot, install the systemd units from the blfs-systemd-units-20220720 package by running the following command as the root user:

make install-samba

To start the winbindd daemon at boot, install the systemd unit from the blfs-systemd-units-20220720 package by running the following command as the root user:

make install-winbindd

Note

This package comes with two types of units: A service file and a socket file. The service file will start the smbd daemon once at boot and it will keep running until the system shuts down. The socket file will make systemd listen on the smbd port (Default 445, needs to be edited for anything else) and will start the smbd daemon when something tries to connect to that port and stop the daemon when the connection is terminated. This is called socket activation and is analogous to using {,x}inetd on a SysVinit based system.

By default, the first method is used - the smbd daemon is started at boot and stopped at shutdown. If the socket method is desired, you need to run the following commands as the root user:

systemctl stop smbd &&
systemctl disable smbd &&
systemctl enable smbd.socket &&
systemctl start smbd.socket

Note that only the smbd daemon can be socket activated.

Contents

Installed Programs: cifsdd, dbwrap_tool, dumpmscat, eventlogadm, gentest, ldbadd, ldbdel, ldbedit, ldbmodify, ldbrename, ldbsearch, locktest, masktest, mdsearch, mvxattr, ndrdump, net, nmbd, nmblookup, ntlm_auth, oLschema2ldif, pdbedit, profiles, regdiff, regpatch, regshell, regtree, rpcclient, samba-gpupdate, samba-regedit, samba-tool, sharesec, smbcacls, smbclient, smbcontrol, smbcquotas, smbd, smbget, smbpasswd, smbspool, smbstatus, smbtar, smbtorture, smbtree, tdbbackup, tdbdump, tdbrestore, tdbtool, testparm, wbinfo, and winbindd

Installed Libraries: libdcerpc-binding.so, libdcerpc-samr.so, libdcerpc-server-core.so, libdcerpc.so, libndr-krb5pac.so, libndr-nbt.so, libndr.so, libndr-standard.so, libnetapi.so, libnss_winbind.so, libnss_wins.so, libsamba-credentials.so, libsamba-errors.so, libsamba-hostconfig.so, libsamba-passdb.so, libsamba-policy.cpython-310-x86_64-linux-gnu.so, libsamba-util.so, libsamdb.so, libsmbclient.so, libsmbconf.so, libsmbldap.so, libtevent-util.so, libwbclient.so, and filesystem and support modules under /usr/lib/{python3.11,samba}

Installed Directories: /etc/samba, /run/samba, /usr/include/samba-4.0, /usr/lib/python3.11/site-packages/samba, /usr/{lib,libexec,share}/samba, and /var/{cache,lib,lock,log,run}/samba

Short Descriptions

cifsdd is the dd command for SMB

dbwrap_tool is used to read and manipulate TDB/CTDB databases using the dbwrap interface

dumpmscat dumps the content of MS catalog files

eventlogadm is used to write records to eventlogs from STDIN, add the specified source and DLL eventlog registry entries and display the active eventlog names (from smb.conf)

gentest is used to run random generic SMB operations against two SMB servers and show the differences in behavior

ldbadd is a command-line utility for adding records to an LDB database

ldbdel is a command-line utility for deleting LDB database records

ldbedit allows you to edit LDB databases using your preferred editor

ldbmodify allows you to modify records in an LDB database

ldbrename allows you to rename LDB databases

ldbsearch searches an LDB database for records matching a specified expression

locktest is used to find differences in locking between two SMB servers

masktest is used to find differences in wildcard matching between Samba’s implementation and that of a remote server

mdsearch runs Spotlight searches against a SMB server

mvxattr is used to recursively rename extended attributes

ndrdump is a DCE/RPC Packet Parser and Dumper

net is a tool for administration of Samba and remote CIFS servers, similar to the net utility for DOS/Windows

nmbd is the Samba NetBIOS name server

nmblookup is used to query NetBIOS names and map them to IP addresses

ntlm_auth is a tool to allow external access to Winbind’s NTLM authentication function

oLschema2ldif converts LDAP schema’s to LDB-compatible LDIF

pdbedit is a tool used to manage the SAM database

profiles is a utility that reports and changes SIDs in Windows registry files

regdiff is a Diff program for Windows registry files

regpatch applies registry patches to registry files

regshell is a Windows registry file browser using readline

regtree is a text-mode registry viewer

rpcclient is used to execute MS-RPC client side functions

samba-gpupdate allows you to edit Microsoft Group Policy Objects (GPOs)

samba-regedit is a ncurses based tool to manage the Samba registry

samba-tool is the main Samba administration tool

sharesec manipulates share ACL permissions on SMB file shares

smbcacls is used to manipulate Windows NT access control lists

smbclient is a SMB/CIFS access utility, similar to FTP

smbcontrol is used to control running smbd, nmbd and winbindd daemons

smbcquotas is used to manipulate Windows NT quotas on SMB file shares

smbd is the main Samba daemon which provides SMB/CIFS services to clients

smbget is a simple utility with wget-like semantics, that can download files from SMB servers. You can specify the files you would like to download on the command-line

smbpasswd changes a user’s Samba password

smbspool sends a print job to a SMB printer

smbstatus reports current Samba connections

smbtar is a shell script used for backing up SMB/CIFS shares directly to Linux tape drives or to a file

smbtorture is a test suite that runs several tests against a SMB server

smbtree is a text-based SMB network browser

tdbbackup is a tool for backing up or validating the integrity of Samba .tdb files

tdbdump is a tool used to print the contents of a Samba .tdb file

tdbrestore is a tool for creating a Samba .tdb file out of a ntdbdump

tdbtool is a tool which allows simple database manipulation from the command line

testparm checks a smb.conf file for proper syntax

wbinfo queries a running winbindd daemon

winbindd resolves names from Windows NT servers

libnss_winbind.so provides Name Service Switch API functions for resolving names from NT servers

libnss_wins.so provides API functions for Samba’s implementation of the Windows Internet Naming Service

libnetapi.so provides API functions for the administration tools used for Samba and remote CIFS servers

libsmbclient.so provides API functions for the Samba SMB client tools

libwbclient.so provides API functions for Windows domain client services.

15.11 Wget-1.21.3

Introduction to Wget

The Wget package contains a utility useful for non-interactive downloading of files from the Web.

This package is known to build and work properly using an LFS 11.3 platform.

Package Information

Wget Dependencies

make-ca-1.12 (runtime)

Optional

GnuTLS-3.8.0, HTTP-Daemon-6.15 (for the test suite), IO-Socket-SSL-2.081 (for the test suite), libidn2-2.3.4, libpsl-0.21.2, PCRE-8.45 or pcre2-10.42, and Valgrind-3.20.0 (for the test suite)

User Notes: https://wiki.linuxfromscratch.org/blfs/wiki/wget

Installation of Wget

Install Wget by running the following commands:

./configure --prefix=/usr      \
            --sysconfdir=/etc  \
            --with-ssl=openssl &&
make

To test the results, issue: make check.

Some tests may fail when Valgrind tests are enabled.

Now, as the root user:

make install

Command Explanations

--sysconfdir=/etc: This relocates the configuration file from /usr/etc to /etc.

--with-ssl=openssl: This allows the program to use openssl instead of GnuTLS-3.8.0.

--enable-valgrind-tests: This allows the tests to be run under valgrind.

Configuring Wget

Config Files

/etc/wgetrc and ~/.wgetrc

Contents

Installed Program: wget

Installed Libraries: None

Installed Directories: None

Short Descriptions

wget retrieves files from the Web using the HTTP, HTTPS and FTP protocols. It is designed to be non-interactive, for background or unattended operations.

15.12 Wireless Tools-29

Introduction to Wireless Tools

The Wireless Extension (WE) is a generic API in the Linux kernel allowing a driver to expose configuration and statistics specific to common Wireless LANs to userspace. A single set of tools can support all the variations of Wireless LANs, regardless of their type, as long as the driver supports Wireless Extensions. WE parameters may also be changed on the fly without restarting the driver (or Linux).

The Wireless Tools (WT) package is a set of tools allowing manipulation of the Wireless Extensions. They use a textual interface to support the full Wireless Extension.

This package is known to build and work properly using an LFS 11.3 platform.

Package Information

Additional Downloads

User Notes: https://wiki.linuxfromscratch.org/blfs/wiki/WirelessTools

Kernel Configuration

To use Wireless Tools, the kernel must have the appropriate drivers and other support available. The appropriate bus must also be available. For many laptops, the PCMCIA bus (CONFIG_PCCARD) needs to be built. In some cases, this bus support will also need to be built for embedded wireless cards. The appropriate bridge support also needs to be built. For many modern laptops, the CardBus host bridge (CONFIG_YENTA) will be needed.

In addition to the bus, the actual driver for the specific wireless card must also be available. There are many wireless cards and they don’t all work with Linux. The first place to look for card support is the kernel. The drivers are located in Device Drivers → Network Device Support → Wireless LAN (non-hamradio). There are also external drivers available for some very common cards. For more information, look at the user notes.

After the correct drivers are loaded, the interface will appear in /proc/net/wireless.

Installation of Wireless Tools

First, apply a patch that fixes a problem when numerous networks are available:

patch -Np1 -i ../wireless_tools-29-fix_iwlist_scanning-1.patch

To install Wireless Tools, use the following commands:

make

This package does not come with a test suite.

Now, as the root user:

make PREFIX=/usr INSTALL_MAN=/usr/share/man install

Command Explanations

INSTALL_MAN=/usr/share/man: Install manual pages in /usr/share/man instead of /usr/man.

Contents

Installed Programs: ifrename, iwconfig, iwevent, iwgetid, iwlist, iwpriv, and iwspy

Installed Library: libiw.so

Installed Directories: None

Short Descriptions

ifrename renames network interfaces based on various static criteria

iwconfig configures a wireless network interface

iwevent displays wireless events generated by drivers and setting changes

iwgetid reports ESSID, NWID or AP/Cell Address of wireless networks

iwlist gets detailed wireless information from a wireless interface

iwpriv configures optional (private) parameters of a wireless network interface

iwspy gets wireless statistics from specific node

libiw.so contains functions required by the wireless programs and provides an API for other programs.

15.13 wpa_supplicant-2.10

Introduction to WPA Supplicant

WPA Supplicant is a Wi-Fi Protected Access (WPA) client and IEEE 802.1X supplicant. It implements WPA key negotiation with a WPA Authenticator and Extensible Authentication Protocol (EAP) authentication with an Authentication Server. In addition, it controls the roaming and IEEE 802.11 authentication/association of the wireless LAN driver. This is useful for connecting to a password protected wireless access point.

This package is known to build and work properly using an LFS 11.3 platform.

Package Information

WPA Supplicant Dependencies

desktop-file-utils-0.26 (for running update-desktop-database) and libnl-3.7.0

Optional

libxml2-2.10.3, and Qt-5.15.8

User Notes: https://wiki.linuxfromscratch.org/blfs/wiki/wpa_supplicant

Kernel Configuration

Enable the following options in the kernel configuration as well as specific device drivers for your hardware and recompile the kernel if necessary:

[*] Networking support  --->                                    [CONFIG_NET]
    [*] Wireless  --->                                          [CONFIG_WIRELESS]
        <*/M> cfg80211 - wireless configuration API             [CONFIG_CFG80211]
        [*]     cfg80211 wireless extensions compatibility      [CONFIG_CFG80211_WEXT]
        <*/M> Generic IEEE 802.11 Networking Stack (mac80211)   [CONFIG_MAC80211]
Device Drivers  --->
    [*] Network device support  --->                            [CONFIG_NETDEVICES]
        [*] Wireless LAN  --->                                  [CONFIG_WLAN]

Open the submenu and select the options that support your hardware: lspci from pciutils-3.9.0 can be used to view your hardware configuration.

Installation of WPA Supplicant

First you will need to create an initial configuration file for the build process. You can read wpa_supplicant/README and wpa_supplicant/defconfig for the explanation of the following options as well as other options that can be used. Create a build configuration file that should work for standard WiFi setups by running the following command:

cat > wpa_supplicant/.config << "EOF"
CONFIG_BACKEND=file
CONFIG_CTRL_IFACE=y
CONFIG_DEBUG_FILE=y
CONFIG_DEBUG_SYSLOG=y
CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
CONFIG_DRIVER_NL80211=y
CONFIG_DRIVER_WEXT=y
CONFIG_DRIVER_WIRED=y
CONFIG_EAP_GTC=y
CONFIG_EAP_LEAP=y
CONFIG_EAP_MD5=y
CONFIG_EAP_MSCHAPV2=y
CONFIG_EAP_OTP=y
CONFIG_EAP_PEAP=y
CONFIG_EAP_TLS=y
CONFIG_EAP_TTLS=y
CONFIG_IEEE8021X_EAPOL=y
CONFIG_IPV6=y
CONFIG_LIBNL32=y
CONFIG_PEERKEY=y
CONFIG_PKCS12=y
CONFIG_READLINE=y
CONFIG_SMARTCARD=y
CONFIG_WPS=y
CFLAGS += -I/usr/include/libnl3
EOF

If you wish to use WPA Supplicant with NetworkManager-1.42.0, make sure that you have installed dbus-1.14.6 and libxml2-2.10.3, then add the following options to the WPA Supplicant build configuration file by running the following command:

cat >> wpa_supplicant/.config << "EOF"
CONFIG_CTRL_IFACE_DBUS=y
CONFIG_CTRL_IFACE_DBUS_NEW=y
CONFIG_CTRL_IFACE_DBUS_INTRO=y
EOF

cd wpa_supplicant &&
make BINDIR=/usr/sbin LIBDIR=/usr/lib

If you have installed Qt-5.15.8 and wish to build the WPA Supplicant GUI program, run the following commands:

Note

The following directory name is labelled qt4, but is compatible with Qt-5.15.8.

pushd wpa_gui-qt4 &&
qmake wpa_gui.pro &&
make &&
popd

This package does not come with a test suite.

Now, as the root user:

install -v -m755 wpa_{cli,passphrase,supplicant} /usr/sbin/ &&
install -v -m644 doc/docbook/wpa_supplicant.conf.5 /usr/share/man/man5/ &&
install -v -m644 doc/docbook/wpa_{cli,passphrase,supplicant}.8 /usr/share/man/man8/

Install the systemd support files by running the following command as the root user:

install -v -m644 systemd/*.service /usr/lib/systemd/system/

If you have built WPA Supplicant with D-Bus support, you will need to install D-Bus configuration files. Install them by running the following commands as the root user:

install -v -m644 dbus/fi.w1.wpa_supplicant1.service \
                 /usr/share/dbus-1/system-services/ &&
install -v -d -m755 /etc/dbus-1/system.d &&
install -v -m644 dbus/dbus-wpa_supplicant.conf \
                 /etc/dbus-1/system.d/wpa_supplicant.conf

Additionally, enable the wpa_supplicant.service so that systemd can properly activate the D-Bus service. Note that the per-connection service and the D-Bus service cannot be enabled at the same time. Run the following command as the root user:

systemctl enable wpa_supplicant

If you have built the WPA Supplicant GUI program, install it by running the following commands as the root user:

install -v -m755 wpa_gui-qt4/wpa_gui /usr/bin/ &&
install -v -m644 doc/docbook/wpa_gui.8 /usr/share/man/man8/ &&
install -v -m644 wpa_gui-qt4/wpa_gui.desktop /usr/share/applications/ &&
install -v -m644 wpa_gui-qt4/icons/wpa_gui.svg /usr/share/pixmaps/

Note

You will need to restart the system D-Bus daemon before you can use the WPA Supplicant D-Bus interface.

Note

This package installs desktop files into the /usr/share/applications hierarchy and you can improve system performance and memory usage by updating /usr/share/applications/mimeinfo.cache. To perform the update you must have desktop-file-utils-0.26 installed and issue the following command as the root user:

update-desktop-database -q

Configuring wpa_supplicant

Config File

/etc/wpa_supplicant/wpa_supplicant-*.conf

Configuration Information

To connect to an access point that uses a password, you need to put the pre-shared key in /etc/wpa_supplicant/wpa_supplicant-`wifi0`.conf. SSID is the string that the access point/router transmits to identify itself. Run the following command as the root user:

install -v -dm755 /etc/wpa_supplicant &&
wpa_passphrase SSID SECRET_PASSWORD > /etc/wpa_supplicant/wpa_supplicant-wifi0.conf

/etc/wpa_supplicant/wpa_supplicant-`wifi0`.conf can hold the details of several access points. When wpa_supplicant is started, it will scan for the SSIDs it can see and choose the appropriate password to connect.

If you want to connect to an access point that isn’t password protected, put an entry like this in /etc/wpa_supplicant/wpa_supplicant-`wifi0`.conf. Replace “Some-SSID” with the SSID of the access point/router.

network={
  ssid="Some-SSID"
  key_mgmt=NONE
}

Connecting to a new access point that is not in the configuration file can be accomplished manually via the command line or GUI, but it must be done via a privileged user. To do that, add the following to the configuration file:

          ctrl_interface=DIR=/run/wpa_supplicant GROUP=<privileged group>
update_config=1

Replace the above with a system group where members have the ability to connect to a wireless access point.

There are many options that you could use to tweak how you connect to each access point. They are described in some detail in the wpa_supplicant/wpa_supplicant.conf file in the source tree.

Connecting to an Access Point

There are 3 types of systemd units that were installed:

The only difference between 3 of them is what driver is used for connecting (-D option). The first one uses the default driver, the second one uses the nl80211 driver and the third one uses the wired driver.

You can connect to the wireless access point by running the following command as the root user:

systemctl start wpa_supplicant@wlan0

To connect to the wireless access point at boot, simply enable the appropriate wpa_supplicant service by running the following command as the root user:

systemctl enable wpa_supplicant@wlan0

Depending on your setup, you can replace the wpa_supplicant@.service with any other listed above.

To assign a network address to your wireless interface, consult the General Network Configuration page in LFS.

Contents

Installed Programs: wpa_gui, wpa_supplicant, wpa_passphrase and wpa_cli

Installed Libraries: None

Installed Directories: None

Short Descriptions

wpa_gui is a graphical frontend program for interacting with wpa_supplicant

wpa_supplicant is a daemon that can connect to a password protected wireless access point

wpa_passphrase takes an SSID and a password and generates a simple configuration that wpa_supplicant can understand

wpa_cli is a command line interface used to control a running wpa_supplicant daemon.