Difference between pages "Creating Profiles" and "Package:OpenSSL"

From Funtoo
(Difference between pages)
Jump to navigation Jump to search
 
 
Line 1: Line 1:
Want to create your own custom profiles? Thought up a mix-in that's not currently in the Funtoo profiles? Have an overlay with profiles and want to make it easy for people to use them? Well you've come to the right place. This article will show you how to easily add you own profiles. No more ugly hacking of parent files and other nonsense. Once you follow this guide, not only will portage easily recognize your profiles, they will also show up in eselect right along with the ones from the main tree.
{{Ebuild
|Summary=Full-strength general purpose cryptography library (including SSL and TLS.)
|CatPkg=dev-libs/openssl
|Homepage=http://www.openssl.org
}}
{{PageNeedsUpdates}}
OpenSSL is a cryptography package used with {{Package|net-misc/openssh}}, web servers, and more.  ftps, https, smtps, imaps, etc use SSL/TLS.  SSL/TLS is used to prevent man in the middle attacks on plain text streams of data. As this is a security package it is frequently cycled from testing, & bug repairs.
{{note|ssl is old, tls is new.  If you have the option to run tls, run tls rather than ssl}}


== How to do it ==
=== Installation ===
=== Rules to follow ===
{{console|body=###i## emerge dev-libs/openssl}}
#You will need a version of [[Package:Eselect|eselect]] that supports Funtoo profiles (already integrated into Funtoo Linux.)
#Your overlay must have a profiles directory. It must include a repo_name file with the name of your overlay.
#Your profiles must be inside of the profiles directory
#You need a profiles.eselect.desc file inside the profiles directory. See profiles.eselect.example in your Funtoo Portage tree for instructions.
#If you're creating profiles of types arch, build, flavor, or mix-ins, your profile must be inside a directory with same name, such as <tt>profiles/my_profile/flavor/new_profile</tt>, <tt>profiles/my_profile/mix-ins/subdir/profile</tt>.
# Currently <tt>NoMix</tt> (see <tt>profiles.eselect.example</tt>) is only supported for profiles in the same tree.
# If you're not using a standard Funtoo tree, you must ensure that your main Portage tree has <tt>profile-formats = portage-2</tt> set in <tt>metadata/layout.conf</tt> in order for portage to interpret the <repo_name>:<profile> syntax.


=== Example of how to set up ===
=== Usage ===
For our example we will create a mix-ins profile called 'fake_pro' in a local overlay called 'local_overlay'. fake_pro will set the 'dummy' USE flag globally and also set the 'fake' USE flag on sys-apps/not-exist. We will then add the profile to eselect so it's visible when running 'eselect profile'.
ssl uses several certificates with differing coverage, and use cases.  Certificates are obtained by 3rd party sites.  go-daddy, namecheap, and verisign are popular ssl certificate providers, though several others exist.


==== Creating the profile ====
The general overview is buy certificate, send private files, send extra information if required, get files back, insert files into openssl configs, change program configs ports to S version of the protocol, (as in for web port 80, now listens to port 443, and i address the server as https instead of http now.) reorder the cert next year.
We will use ''<code>${OVERLAY_DIR}</code>'' as the path to local_overlay. These instructions assume the overlay exists.
If you haven't set a name for your overlay, do that first:
<console>
###i## echo "local_overlay" > ${OVERLAY_DIR}/profiles/repo_name
</console>


Next lets create a directory to store our profile. Since we're creating a 'mix-ins' profile we need to make sure our profile is inside a 'mix-ins' subdirectory. This is a requirement in order to ensure that the profile will show up in eselect. If your not planning on using eselect then there's no requirement to use 'mix-ins'
==== Self Signed Certificates ====
<console>
Free:
###i## install -d ${OVERLAY_DIR}/profiles/my_profiles/mix-ins/fake_pro
Self signed certificates are free, self made, quick, easy to setup, and insecure. They are great for lab experiments, and testing out new technologies that you're not familiar with.
</console>


Now that we have a directory for our profile, lets go ahead and add our settings. Global USE settings go in ''<code>make.defaults</code>'', package specific USE settings go in ''<code>package.use</code>'':
==== Free Certificates ====
<console>
Free: (with restrictions)
###i## cd ${OVERLAY_DIR}/profiles/my_profiles/mix-ins/fake_pro
You can get free certificates from places like StartSSL.com. The free certificates from them are not recommended if you are a company or doing E-Commerce as they only validate that you own the domain, not anything beyond that. However, for personal sites, you can't beat the cost.
###i## echo 'USE="$USE dummy"' >> make.defaults
###i## echo 'sys-apps/not-exist fake' >> package.use
</console>
Note that no matter if your using funtoo or gentoo, profile settings all work the same. For more information please check the portage man page.


==== Adding to eselect ====
==== Single Domain Certificates ====
eselect reads from the file ''<code>profiles.eselect.desc</code>'' in your profiles/ directory. Format is "Type Name Status NoMix" space-separated. For more information look in ''<code>/usr/portage/profiles/profiles.eselect.example</code>'':
Generally $10/yr:
<console>
Single domain certificates are probably the cheapest ssl certificate you will find on the web. This certificate does not cover subdomains.
###i## echo 'mix-ins my_profiles/mix-ins/fake_pro testing' >> ${OVERLAY_DIR}/profiles/profiles.eselect.desc
</console>
Watch the result:
<console>
###i## eselect profile list
</console>


[[Category:Portage]]
==== Unified Communications Certificate ====
[[Category:Labs]]
Generally $300/yr
[[Category:HOWTO]]
This certificate is meant for small businesses.  This type of certificate will generally cover 20-30 domains, sites, or subdomains.
[[Category:Featured]]
 
==== Wildcard Certificates ====
Generally $300/yr
Wildcard certificates are expensive, however they cover every subdomain name you add.
 
==== Other Misc Certs ====
*domain validated SSL Certificates
*organization validated SSL Certificates
*Extended Validation SSL Certificates
 
=== Using SSL With Nginx or Tengine ===
See this page:  [[HOWTO:WebServer_SSL]]
 
=== External Resources ===
https://wiki.archlinux.org/index.php/OpenSSL
{{EbuildFooter}}

Latest revision as of 05:58, July 9, 2015

OpenSSL

   Tip

We welcome improvements to this page. To edit this page, Create a Funtoo account. Then log in and then click here to edit this page. See our editing guidelines to becoming a wiki-editing pro.

OpenSSL is a cryptography package used with net-misc/openssh, web servers, and more. ftps, https, smtps, imaps, etc use SSL/TLS. SSL/TLS is used to prevent man in the middle attacks on plain text streams of data. As this is a security package it is frequently cycled from testing, & bug repairs.

   Note

ssl is old, tls is new. If you have the option to run tls, run tls rather than ssl

Installation

root # emerge dev-libs/openssl

Usage

ssl uses several certificates with differing coverage, and use cases. Certificates are obtained by 3rd party sites. go-daddy, namecheap, and verisign are popular ssl certificate providers, though several others exist.

The general overview is buy certificate, send private files, send extra information if required, get files back, insert files into openssl configs, change program configs ports to S version of the protocol, (as in for web port 80, now listens to port 443, and i address the server as https instead of http now.) reorder the cert next year.

Self Signed Certificates

Free: Self signed certificates are free, self made, quick, easy to setup, and insecure. They are great for lab experiments, and testing out new technologies that you're not familiar with.

Free Certificates

Free: (with restrictions) You can get free certificates from places like StartSSL.com. The free certificates from them are not recommended if you are a company or doing E-Commerce as they only validate that you own the domain, not anything beyond that. However, for personal sites, you can't beat the cost.

Single Domain Certificates

Generally $10/yr: Single domain certificates are probably the cheapest ssl certificate you will find on the web. This certificate does not cover subdomains.

Unified Communications Certificate

Generally $300/yr This certificate is meant for small businesses. This type of certificate will generally cover 20-30 domains, sites, or subdomains.

Wildcard Certificates

Generally $300/yr Wildcard certificates are expensive, however they cover every subdomain name you add.

Other Misc Certs

  • domain validated SSL Certificates
  • organization validated SSL Certificates
  • Extended Validation SSL Certificates

Using SSL With Nginx or Tengine

See this page: HOWTO:WebServer_SSL

External Resources

https://wiki.archlinux.org/index.php/OpenSSL