openbsd-ports/net/icecast/pkg
gonzalo 31f09f54a6 Update for Icecast to 2.3.3:
* Improved HTTPS cipher handling and added support for chained certificates.
* Allow the source password to be undefined. There was a corner case,
  where a default password would have taken effect. It would require the
  admin to remove the 'source-password' from the icecast config to take
  effect. Default configs ship with the password set, so this
  vulnerability doesn't trigger there.
* Prevent error log injection of control characters by substituting
  non-alphanumeric characters with a '.' (CVE-2011-4612). Injection
  attempts can be identified via access.log, as that stores URL encoded
  requests. Investigation if further logging code needs to have
  sanitized output is ongoing.

Tested on amd64.

Reads fine aja@
2012-09-01 17:35:54 +00:00
..
DESCR
icecast.rc Simplify after recent rc.subr change. 2010-12-27 14:50:22 +00:00
MESSAGE remove reference to README in MESSAGE as requested by ajacoutot@ 2010-11-11 11:15:26 +00:00
PLIST Update for Icecast to 2.3.3: 2012-09-01 17:35:54 +00:00
README rc_scripts -> pkg_scripts 2011-07-08 02:14:58 +00:00

$OpenBSD: README,v 1.3 2011/07/08 02:14:58 ajacoutot Exp $

+-----------------------------------------------------------------------
| Running ${FULLPKGNAME} on OpenBSD
+-----------------------------------------------------------------------

Icecast v2 is very versatile and can be used in many different
environments.  A streaming service provider has different requirements
than someone who wants to set up a jukebox at home.

To get a better understanding of streaming with Icecast,
http://liveice.sourceforge.net/understanding.html may be of use.

This is a small step-by-step guide to get Icecast v2 running in a basic
setup, using its chrooting feature, dropping privileges to an
unprivileged account.

  1. Complete the chroot environment with additional system files.
     While this is optional, it allows YP directory listings (DNS
     lookups are required for those) to work and the log files to
     contain correct timestamps.

     # cp -p /etc/{hosts,localtime,resolv.conf} /var/icecast/etc

  2. Adjust /var/icecast/icecast.xml.  Consult the documentation and
     comments about the various options.

     * CHANGE THE DEFAULT PASSWORDS FOR SOURCE CLIENTS, RELAYS AND
       THE ADMIN INTERFACE.

     Mode 600 is highly recommended, for icecast.xml contains plain-text
     passwords.

  3. Start Icecast and monitor the logs in /var/icecast/log and resolve
     any errors.

     # icecast -c /var/icecast/icecast.xml

     Add the command line parameter `-b' to daemonize.

  4. Test your server.  Use a source client to create a stream and
     listen to it with your favourite player that supports streaming.

     Also test Icecast's web interface.  Be aware that Icecast sends
     everything located in <webroot> to those who request it like a
     regular (basic) web server.  You can restrict this behaviour to
     serve only .xsl files by setting <fileserve> to 0 in your
     icecast.xml; however, you should definitely take a closer look at
     what you actually want to show the world here.  There is no reason
     for paranoia, it's all safe, but you should spend some time
     thinking about it.  Note that disabling <fileserve> will also
     prevent CSS stylesheets and images from being sent, making the web
     interface less pleasant to look at.

  5. Make Icecast start at boot.

     Add 'icecast' to pkg_scripts in /etc/rc.conf.local. Eg:
     pkg_scripts="icecast"

Random hints:

   * Remember to give your mount point a proper name -- MP3 streams
     should use no extension, Ogg Vorbis streams should use .ogg, so
     that dumb or broken players can send the stream to the appropriate
     decoder.

   * The default "bind to any address" only opens an IPv6 socket. 
     Specify a specific address or use 0.0.0.0 to accept any IPv4 address.