Changeset 47274444

general/genlib/enchant.xml

-              r914049f6
+              r47274444
     <bridgehead renderas="sect4">Required</bridgehead>
+    <para role="required"><xref linkend="glib2"/></para>
+    <para role="required">
+      <xref linkend="glib2"/>
+    </para>
     <bridgehead renderas="sect4">Recommended</bridgehead>
+    <para role="recommended"><xref linkend="aspell"/></para>
+    <para role="recommended">
+      <xref linkend="aspell"/>
+    </para>
     <bridgehead renderas="sect4">Optional</bridgehead>
+    <para role="optional"><xref linkend="dbus-glib"/>,
+    <xref linkend="doxygen"/>,
+    <ulink url="http://hspell.ivrix.org.il/">Hspell</ulink>,
+    <ulink url="http://hunspell.github.io/">Hunspell</ulink>,
+    <ulink url="https://nuspell.github.io/">Nuspell</ulink>,
+    <ulink url="http://hunspell.github.io/">Voikko</ulink>, and
+    <ulink url="https://github.com/unittest-cpp/unittest-cpp/releases">unittest-cpp</ulink> (required for tests)</para>
+    <para role="optional">
+      <xref linkend="dbus-glib"/>,
+      <xref linkend="doxygen"/>,
+      <ulink url="http://hspell.ivrix.org.il/">Hspell</ulink>,
+      <ulink url="http://hunspell.github.io/">Hunspell</ulink>,
+      <ulink url="https://nuspell.github.io/">Nuspell</ulink>,
+      <ulink url="http://hunspell.github.io/">Voikko</ulink>, and
+      <ulink url="https://github.com/unittest-cpp/unittest-cpp/releases">
+        unittest-cpp</ulink> (required for tests)
+    </para>
     <para condition="html" role="usernotes">User Notes:

general/genlib/libunistring.xml

-              r914049f6
+              r47274444
     <bridgehead renderas="sect4">Optional</bridgehead>
+    <para role="optional"><xref linkend="texlive"/> (or <xref linkend="tl-installer"/>)
+     (to rebuild the documentation)</para>
+    <para role="optional">
+      <xref linkend="texlive"/> (or <xref linkend="tl-installer"/>)
+      (to rebuild the documentation)
+    </para>
     <para condition="html" role="usernotes">User Notes:

general/genutils/hd2u.xml

-              r914049f6
+              r47274444
     <bridgehead renderas="sect4">Required</bridgehead>
+    <para role="required"><xref linkend="popt"/></para>
+    <para role="required">
+      <xref linkend="popt"/>
+    </para>
     <para condition="html" role="usernotes">User Notes:

general/genutils/screen.xml

-              r914049f6
+              r47274444
     <bridgehead renderas="sect4">Optional</bridgehead>
+    <para role="optional"><xref linkend="linux-pam"/></para>
+    <para role="optional">
+      <xref linkend="linux-pam"/>
+    </para>
     <para condition="html" role="usernotes">User Notes:

general/prog/expect.xml

-              r914049f6
+              r47274444
     <bridgehead renderas="sect4">Required</bridgehead>
+    <para role="required"><xref linkend="tcl"/></para>
+    <para role="required">
+      <xref linkend="tcl"/>
+    </para>
     <bridgehead renderas="sect4">Optional</bridgehead>
+    <para role="optional"><xref linkend="tk"/></para>
+    <para role="optional">
+      <xref linkend="tk"/>
+    </para>
     <para condition="html" role="usernotes">User Notes:

kde/kf5/kf5-frameworks.xml

-              r914049f6
+              r47274444
   <bridgehead renderas="sect4">Required dependencies for Prison</bridgehead>
+  <para role="optional"> <!-- Leaving as optional since these are external -->
+  <para role="optional">
+    <!-- Leaving as optional since these are external -->
     <ulink url="http://libdmtx.sourceforge.net/">Datamatrix</ulink> and
     <ulink url="https://fukuchi.org/works/qrencode/">QRencode</ulink>

multimedia/libdriv/liba52.xml

-              r914049f6
+              r47274444
     <bridgehead renderas="sect4">Optional</bridgehead>
+    <para role="optional"><ulink
+    url="http://cr.yp.to/djbfft.html">djbfft</ulink></para>
+    <para role="optional">
+      <ulink url="http://cr.yp.to/djbfft.html">djbfft</ulink>
+    </para>
     <para condition="html" role="usernotes">User Notes:

multimedia/libdriv/libtheora.xml

-              r914049f6
+              r47274444
     <bridgehead renderas="sect4">Required</bridgehead>
+    <para role="required"><xref linkend="libogg"/></para>
+    <para role="required">
+      <xref linkend="libogg"/>
+    </para>
     <bridgehead renderas="sect4">Recommended</bridgehead>
+    <para role="recommended"><xref linkend="libvorbis"/></para>
+    <para role="recommended">
+      <xref linkend="libvorbis"/>
+    </para>
     <bridgehead renderas="sect4">Optional</bridgehead>

multimedia/libdriv/xvid.xml

-              r914049f6
+              r47274444
     <bridgehead renderas="sect4">Optional</bridgehead>
+    <para role="optional"><xref linkend="yasm"/></para>
+    <para role="optional">
+      <xref linkend="yasm"/>
+    </para>
     <para condition="html" role="usernotes">User Notes:

postlfs/security/cracklib.xml

-              r914049f6
+              r47274444
     <title>Introduction to CrackLib</title>
+    <para>The <application>CrackLib</application> package contains a
+    library used to enforce strong passwords by comparing user selected
+    passwords to words in chosen word lists.</para>
+    <para>
+      The <application>CrackLib</application> package contains a
+      library used to enforce strong passwords by comparing user selected
+      passwords to words in chosen word lists.
+    </para>
     &lfs91_checked;
 …
     <itemizedlist spacing="compact">
       <listitem>
+        <para>Download (HTTP): <ulink url="&cracklib-download-http;"/></para>
+      </listitem>
+      <listitem>
+        <para>Download (FTP): <ulink url="&cracklib-download-ftp;"/></para>
+      </listitem>
+      <listitem>
+        <para>Download MD5 sum: &cracklib-md5sum;</para>
+      </listitem>
+      <listitem>
+        <para>Download size: &cracklib-size;</para>
+      </listitem>
+      <listitem>
+        <para>Estimated disk space required: &cracklib-buildsize;</para>
+      </listitem>
+      <listitem>
+        <para>Estimated build time: &cracklib-time;</para>
+        <para>
+          Download (HTTP): <ulink url="&cracklib-download-http;"/>
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download (FTP): <ulink url="&cracklib-download-ftp;"/>
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download MD5 sum: &cracklib-md5sum;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download size: &cracklib-size;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Estimated disk space required: &cracklib-buildsize;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Estimated build time: &cracklib-time;
+        </para>
       </listitem>
     </itemizedlist>
 …
     <itemizedlist spacing="compact">
       <listitem>
+        <para>Recommended word list for English-speaking countries (size:
+        &crackdict-size;; md5sum: &crackdict-md5sum;):
+        <ulink url="&crackdict-download;"/></para>
+        <para>
+          Recommended word list for English-speaking countries (size:
+          &crackdict-size;; md5sum: &crackdict-md5sum;):
+          <ulink url="&crackdict-download;"/>
+        </para>
       </listitem>
     </itemizedlist>
+    <para>There are additional word lists available for download, e.g., from
+    <ulink url="http://www.cotse.com/tools/wordlists.htm"/>.
+    <application>CrackLib</application> can utilize as many, or as few word
+    lists you choose to install.</para>
+    <para>
+      There are additional word lists available for download, e.g., from
+      <ulink url="http://www.cotse.com/tools/wordlists.htm"/>.
+      <application>CrackLib</application> can utilize as many, or as few word
+      lists you choose to install.
+    </para>
     <important>
+      <para>Users tend to base their passwords on regular words of the spoken
+      language, and crackers know that. <application>CrackLib</application> is
+      intended to filter out such bad passwords at the source using a
+      dictionary created from word lists. To accomplish this, the word list(s)
+      for use with <application>CrackLib</application> must be an exhaustive
+      list of words and word-based keystroke combinations likely to be chosen
+      by users of the system as (guessable) passwords.</para>
+      <para>The default word list recommended above for downloading mostly
+      satisfies this role in English-speaking countries. In other situations,
+      it may be necessary to download (or even create) additional word
+      lists.</para>
+      <para>Note that word lists suitable for spell-checking are not usable
+      as <application>CrackLib</application> word lists in countries with
+      non-Latin based alphabets, because of <quote>word-based keystroke
+      combinations</quote> that make bad passwords.</para>
+      <para>
+        Users tend to base their passwords on regular words of the spoken
+        language, and crackers know that. <application>CrackLib</application>
+        is intended to filter out such bad passwords at the source using a
+        dictionary created from word lists. To accomplish this, the word
+        list(s) for use with <application>CrackLib</application> must be an
+        exhaustive list of words and word-based keystroke combinations likely
+        to be chosen by users of the system as (guessable) passwords.
+      </para>
+      <para>
+        The default word list recommended above for downloading mostly
+        satisfies this role in English-speaking countries. In other situations,
+        it may be necessary to download (or even create) additional word lists.
+      </para>
+      <para>
+        Note that word lists suitable for spell-checking are not usable
+        as <application>CrackLib</application> word lists in countries with
+        non-Latin based alphabets, because of <quote>word-based keystroke
+        combinations</quote> that make bad passwords.
+      </para>
     </important>
 …
     <title>Installation of CrackLib</title>
+    <para>Install <application>CrackLib</application> by running the following
+    commands:</para>
+    <para>
+      Install <application>CrackLib</application> by running the following
+      commands:
+    </para>
 <screen><userinput>sed -i '/skipping/d' util/packer.c &amp;&amp;
 …
 make</userinput></screen>
+    <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
+    <para>
+      Now, as the <systemitem class="username">root</systemitem> user:
+    </para>
 <screen role="root"><userinput>make install                      &amp;&amp;
 …
 ln -sfv ../../lib/$(readlink /usr/lib/libcrack.so) /usr/lib/libcrack.so</userinput></screen>
+    <para>Issue the following commands as the
+    <systemitem class="username">root</systemitem> user to install the
+    recommended word list and create the <application>CrackLib</application>
+    dictionary. Other word lists (text based, one word per line) can also be
+    used by simply installing them into
+    <filename class="directory">/usr/share/dict</filename> and adding them
+    to the <command>create-cracklib-dict</command> command.</para>
+    <para>
+      Issue the following commands as the
+      <systemitem class="username">root</systemitem> user to install the
+      recommended word list and create the <application>CrackLib</application>
+      dictionary. Other word lists (text based, one word per line) can also be
+      used by simply installing them into
+      <filename class="directory">/usr/share/dict</filename> and adding them
+      to the <command>create-cracklib-dict</command> command.
+    </para>
 <screen role="root"><userinput>install -v -m644 -D    ../cracklib-words-&cracklib-version;.bz2 \
 …
                          /usr/share/dict/cracklib-extra-words</userinput></screen>
+    <para>If desired, check the proper operation of the library as an
+    unprivileged user by issuing the following command:</para>
+    <para>
+      If desired, check the proper operation of the library as an
+      unprivileged user by issuing the following command:
+    </para>
 <screen remap="test"><userinput>make test</userinput></screen>
     <important>
+      <para>If you are installing <application>CrackLib</application> after
+      your LFS system has been completed and you have the
+      <application>Shadow</application> package installed, you must
+      reinstall <xref linkend="shadow"/> if you wish to provide strong
+      password support on your system. If you are now going to install the
+      <xref linkend="linux-pam"/> package, you may disregard this note as
+      <application>Shadow</application> will be reinstalled after the
+      <application>Linux-PAM</application> installation.</para>
+      <para>
+        If you are installing <application>CrackLib</application> after
+        your LFS system has been completed and you have the
+        <application>Shadow</application> package installed, you must
+        reinstall <xref linkend="shadow"/> if you wish to provide strong
+        password support on your system. If you are now going to install the
+        <xref linkend="linux-pam"/> package, you may disregard this note as
+        <application>Shadow</application> will be reinstalled after the
+        <application>Linux-PAM</application> installation.
+      </para>
     </important>
 …
     <title>Command Explanations</title>
+    <para><command>sed -i '/skipping/d' util/packer.c</command>:
+    Remove a meaningless warning.</para>
+    <para><parameter>--with-default-dict=/lib/cracklib/pw_dict</parameter>:
+    This parameter forces the installation of the
+    <application>CrackLib</application> dictionary to the
+    <filename class="directory">/lib</filename> hierarchy.</para>
+    <para>
+      <command>sed -i '/skipping/d' util/packer.c</command>:
+      Remove a meaningless warning.
+    </para>
+    <para>
+      <parameter>--with-default-dict=/lib/cracklib/pw_dict</parameter>:
+      This parameter forces the installation of the
+      <application>CrackLib</application> dictionary to the
+      <filename class="directory">/lib</filename> hierarchy.
+    </para>
     <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
       href="../../xincludes/static-libraries.xml"/>
+    <para><command>mv -v /usr/lib/libcrack.so.2* /lib</command> and
+    <command>ln -v -sf ../../lib/libcrack.so.2.9.0 ...</command>: These two
+    commands move the <filename class="libraryfile">libcrack.so.2.9.0</filename>
+    library and associated symlink from
+    <filename class="directory">/usr/lib</filename> to
+    <filename class="directory">/lib</filename>, then recreates the
+    <filename class="symlink">/usr/lib/libcrack.so</filename> symlink pointing
+    to the relocated file.</para>
+    <para><command>install -v -m644 -D ...</command>: This command creates the
+    <filename class="directory">/usr/share/dict</filename> directory (if it
+    doesn't already exist) and installs the compressed word list there.</para>
+    <para><command>ln -v -s cracklib-words /usr/share/dict/words</command>: The
+    word list is linked to <filename>/usr/share/dict/words</filename> as
+    historically, <filename>words</filename> is the primary word list in the
+    <filename class="directory">/usr/share/dict</filename> directory. Omit this
+    command if you already have a <filename>/usr/share/dict/words</filename>
+    file installed on your system.</para>
+    <para><command>echo $(hostname) >>...</command>: The value of
+    <command>hostname</command> is echoed to a file called
+    <filename>cracklib-extra-words</filename>. This extra file is intended to be
+    a site specific list which includes easy to guess passwords such as company
+    or department names, user names, product names, computer names, domain
+    names, etc.</para>
+    <para><command>create-cracklib-dict ...</command>: This command creates the
+    <application>CrackLib</application> dictionary from the word lists. Modify
+    the command to add any additional word lists you have installed.</para>
+    <para>
+      <command>mv -v /usr/lib/libcrack.so.2* /lib</command> and
+      <command>ln -v -sf ../../lib/libcrack.so.2.9.0 ...</command>: These two
+      commands move the <filename
+      class="libraryfile">libcrack.so.2.9.0</filename>
+      library and associated symlink from
+      <filename class="directory">/usr/lib</filename> to
+      <filename class="directory">/lib</filename>, then recreates the
+      <filename class="symlink">/usr/lib/libcrack.so</filename> symlink
+      pointing to the relocated file.
+    </para>
+    <para>
+      <command>install -v -m644 -D ...</command>: This command creates the
+      <filename class="directory">/usr/share/dict</filename> directory (if it
+      doesn't already exist) and installs the compressed word list there.
+    </para>
+    <para>
+      <command>ln -v -s cracklib-words /usr/share/dict/words</command>: The
+      word list is linked to <filename>/usr/share/dict/words</filename> as
+      historically, <filename>words</filename> is the primary word list in the
+      <filename class="directory">/usr/share/dict</filename> directory. Omit
+      this command if you already have a
+      <filename>/usr/share/dict/words</filename> file installed on your system.
+    </para>
+    <para>
+      <command>echo $(hostname) >>...</command>: The value of
+      <command>hostname</command> is echoed to a file called
+      <filename>cracklib-extra-words</filename>. This extra file is intended
+      to be a site specific list which includes easy to guess passwords such
+      as company or department names, user names, product names, computer
+      names, domain names, etc.
+    </para>
+    <para>
+      <command>create-cracklib-dict ...</command>: This command creates the
+      <application>CrackLib</application> dictionary from the word lists.
+      Modify the command to add any additional word lists you have installed.
+    </para>
   </sect2>
 …
         <term><command>cracklib-check</command></term>
         <listitem>
+          <para>is used to determine if a password is strong.</para>
+          <para>
+            is used to determine if a password is strong.
+          </para>
           <indexterm zone="cracklib cracklib-check">
             <primary sortas="b-cracklib-check">cracklib-check</primary>
 …
         <term><command>cracklib-format</command></term>
         <listitem>
+          <para>is used to format text files (lowercases all words,
+          removes control characters and sorts the lists).</para>
+          <para>
+            is used to format text files (lowercases all words,
+            removes control characters and sorts the lists).
+          </para>
           <indexterm zone="cracklib cracklib-format">
             <primary sortas="b-cracklib-format">cracklib-format</primary>
 …
         <term><command>cracklib-packer</command></term>
         <listitem>
+          <para>creates a database with words read from standard input.</para>
+          <para>
+            creates a database with words read from standard input.
+          </para>
           <indexterm zone="cracklib cracklib-packer">
             <primary sortas="b-cracklib-packer">cracklib-packer</primary>
 …
         <term><command>cracklib-unpacker</command></term>
         <listitem>
+          <para>displays on standard output the database specified.</para>
+          <para>
+            displays on standard output the database specified.
+          </para>
           <indexterm zone="cracklib cracklib-packer">
             <primary sortas="b-cracklib-packer">cracklib-packer</primary>
 …
         <term><command>create-cracklib-dict</command></term>
         <listitem>
+          <para>is used to create the <application>CrackLib</application>
+          dictionary from the given word list(s).</para>
+          <para>
+            is used to create the <application>CrackLib</application>
+            dictionary from the given word list(s).
+          </para>
           <indexterm zone="cracklib create-cracklib-dict">
             <primary sortas="b-create-cracklib-dict">create-cracklib-dict</primary>
 …
         <term><filename class="libraryfile">libcrack.so</filename></term>
         <listitem>
+          <para>provides a fast dictionary lookup method for strong
+          password enforcement.</para>
+          <para>
+            provides a fast dictionary lookup method for strong
+            password enforcement.
+          </para>
           <indexterm zone="cracklib libcrack">
             <primary sortas="c-libcrack">libcrack.so</primary>

postlfs/security/cryptsetup.xml

-              r914049f6
+              r47274444
     </para>
+    <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
+    <para>
+      Now, as the <systemitem class="username">root</systemitem> user:
+    </para>
 <screen role="root"><userinput>make install</userinput></screen>

postlfs/security/gnupg2.xml

-              r914049f6
+              r47274444
     <title>Introduction to GnuPG</title>
+    <para>The <application>GnuPG</application> package is GNU's tool for
+    secure communication and data storage. It can be used to encrypt data and
+    to create digital signatures. It includes an advanced key management
+    facility and is compliant with the proposed OpenPGP Internet standard as
+    described in RFC2440 and the S/MIME standard as described by several RFCs.
+    GnuPG 2 is the stable version of GnuPG integrating support for OpenPGP and
+    S/MIME.</para>
+    <para>
+      The <application>GnuPG</application> package is GNU's tool for
+      secure communication and data storage. It can be used to encrypt data and
+      to create digital signatures. It includes an advanced key management
+      facility and is compliant with the proposed OpenPGP Internet standard as
+      described in RFC2440 and the S/MIME standard as described by several RFCs.
+      GnuPG 2 is the stable version of GnuPG integrating support for OpenPGP and
+      S/MIME.
+    </para>
     &lfs91_checked;
 …
     <itemizedlist spacing="compact">
       <listitem>
+        <para>Download (HTTP): <ulink url="&gnupg2-download-http;"/></para>
+      </listitem>
+      <listitem>
+        <para>Download (FTP): <ulink url="&gnupg2-download-ftp;"/></para>
+      </listitem>
+      <listitem>
+        <para>Download MD5 sum: &gnupg2-md5sum;</para>
+      </listitem>
+      <listitem>
+        <para>Download size: &gnupg2-size;</para>
+      </listitem>
+      <listitem>
+        <para>Estimated disk space required: &gnupg2-buildsize;</para>
+      </listitem>
+      <listitem>
+        <para>Estimated build time: &gnupg2-time;</para>
+        <para>
+          Download (HTTP): <ulink url="&gnupg2-download-http;"/>
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download (FTP): <ulink url="&gnupg2-download-ftp;"/>
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download MD5 sum: &gnupg2-md5sum;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download size: &gnupg2-size;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Estimated disk space required: &gnupg2-buildsize;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Estimated build time: &gnupg2-time;
+        </para>
       </listitem>
     </itemizedlist>
 …
   <sect2 role="installation">
     <title>Installation of GnuPG</title>
+    <!-- It's been well over three years. I think this can be commented for now.
+    <warning>
+      <para>
+        If you are upgrading from gnupg prior to version 2.1, upstream
+        developers recommend backing up
+        <filename class="directory">~/.gnupg</filename> because some additional
+        configuration will probably be necessary and you could lose your keys.
+        You can find instructions at
+        <ulink url="http://jo-ke.name/wp/?p=111"></ulink> and
+        <ulink url="https://wiki.archlinux.org/index.php/GnuPG#.22Lost.22_keys.2C_upgrading_to_gnupg_version_2.1"></ulink>.
+      </para>
+    </warning>
+    -->
+    <para>By default GnuPG doesn't install the deprecated gpg-zip script,
+    but it is still needed by some programs.  Make GnuPG install it with:
+    <para>
+      By default GnuPG doesn't install the deprecated gpg-zip script,
+      but it is still needed by some programs.  Make GnuPG install it with:
     </para>
 …
     -i tools/Makefile.in</userinput></screen>
+    <para>Install <application>GnuPG</application> by running the following
+    commands:</para>
+    <para>
+      Install <application>GnuPG</application> by running the following
+      commands:
+    </para>
 <screen><userinput>./configure --prefix=/usr            \
 …
 make -C doc html</userinput></screen>
+    <para>If you have <xref linkend="texlive"/>
+    installed and you wish to create documentation in alternate formats,
+    issue the following commands
+    (<ulink url="http://mcj.sourceforge.net/">fig2dev</ulink> is needed for
+    the ps format):</para>
+    <para>
+      If you have <xref linkend="texlive"/>
+      installed and you wish to create documentation in alternate formats,
+      issue the following commands
+      (<ulink url="http://mcj.sourceforge.net/">fig2dev</ulink> is needed for
+      the ps format):
+    </para>
 <screen remap="doc"><userinput>make -C doc pdf ps</userinput></screen>
+    <para>To test the results, issue: <command>make check</command>.</para>
+    <para>Note that if you have already installed
+    <application>GnuPG</application>, the instructions below will overwrite
+    <filename>/usr/share/man/man1/gpg-zip.1</filename>. Now, as the
+    <systemitem class="username">root</systemitem> user:</para>
+    <para>
+      To test the results, issue: <command>make check</command>.
+    </para>
+    <para>
+      Note that if you have already installed
+      <application>GnuPG</application>, the instructions below will overwrite
+      <filename>/usr/share/man/man1/gpg-zip.1</filename>. Now, as the
+      <systemitem class="username">root</systemitem> user:
+    </para>
 <screen role="root"><userinput>make install &amp;&amp;
 …
 install -v -m644    doc/gnupg.html/* \
                     /usr/share/doc/gnupg-&gnupg2-version;/html</userinput></screen>
+    <para>If you created alternate formats of the documentation, install them
+    using the following command as the
+    <systemitem class="username">root</systemitem> user:</para>
+    <para>
+      If you created alternate formats of the documentation, install them
+      using the following command as the
+      <systemitem class="username">root</systemitem> user:
+    </para>
 <screen role="root"
 …
     <title>Command Explanations</title>
+    <para><command>sed ... tools/Makefile.in</command>:
+    This command is needed to build the gpg-zip program.</para>
+    <para><parameter>--docdir=/usr/share/doc/gnupg-&gnupg2-version;</parameter>:
+    This switch changes the default docdir to <filename
+    class="directory">/usr/share/doc/gnupg-&gnupg2-version;</filename>.</para>
+    <para><parameter>--enable-symcryptrun</parameter>: This switch enables
+    building the symcryptrun program.</para>
+    <para>
+      <command>sed ... tools/Makefile.in</command>:
+      This command is needed to build the gpg-zip program.
+    </para>
+    <para>
+      <parameter>--docdir=/usr/share/doc/gnupg-&gnupg2-version;</parameter>:
+      This switch changes the default docdir to <filename
+      class="directory">/usr/share/doc/gnupg-&gnupg2-version;</filename>.
+    </para>
+    <para>
+      <parameter>--enable-symcryptrun</parameter>: This switch enables
+      building the symcryptrun program.
+    </para>
     <para>
 …
         <term><command>addgnupghome</command></term>
         <listitem>
+          <para>is used to create and populate a user's
+          <filename class='directory'>~/.gnupg</filename> directories</para>
+          <para>
+            is used to create and populate a user's
+            <filename class='directory'>~/.gnupg</filename> directories
+          </para>
           <indexterm zone="gnupg2 addgnupghome">
             <primary sortas="b-addgnupghome">addgnupghome</primary>
 …
         <term><command>applygnupgdefaults</command></term>
         <listitem>
+          <para>is a wrapper script used to run <command>gpgconf</command>
+          with the <parameter>--apply-defaults</parameter> parameter on all
+          user's GnuPG home directories.</para>
+          <para>
+            is a wrapper script used to run <command>gpgconf</command>
+            with the <parameter>--apply-defaults</parameter> parameter on all
+            user's GnuPG home directories.
+          </para>
           <indexterm zone="gnupg2 applygnupgdefaults">
             <primary sortas="b-applygnupgdefaults">applygnupgdefaults</primary>
 …
         <term><command>dirmngr</command></term>
         <listitem>
+          <para> is a tool that takes care of accessing the OpenPGP keyservers.
+          <para>
+            is a tool that takes care of accessing the OpenPGP keyservers.
           </para>
           <indexterm zone="gnupg2 dirmngr">
 …
         <term><command>dirmngr-client</command></term>
         <listitem>
+          <para> is a tool to contact a running dirmngr and test whether a
+          certificate has been revoked. </para>
+          <para>
+            is a tool to contact a running dirmngr and test whether a
+            certificate has been revoked.
+          </para>
           <indexterm zone="gnupg2 dirmngr-client">
             <primary sortas="b-dirmngr-client">dirmngr-client</primary>
 …
         <term><command>g13</command></term>
         <listitem>
+          <para>is a tool to create, mount or unmount an encrypted file system
+          container (optional).</para>
+          <para>
+            is a tool to create, mount or unmount an encrypted file system
+            container (optional).
+          </para>
           <indexterm zone="gnupg2 g13">
             <primary sortas="b-g13">g13</primary>
 …
         <term><command>gpg-agent</command></term>
         <listitem>
+          <para>is a daemon used to manage secret (private) keys independently
+          from any protocol. It is used as a backend for <command>gpg2</command>
+          and <command>gpgsm</command> as well as for a couple of other
+          utilities.</para>
+          <para>
+            is a daemon used to manage secret (private) keys independently
+            from any protocol. It is used as a backend for
+            <command>gpg2</command> and <command>gpgsm</command> as well as
+            for a couple of other utilities.
+          </para>
           <indexterm zone="gnupg2 gpg-agent">
             <primary sortas="b-gpg-agent">gpg-agent</primary>
 …
         <term><command>gpg-connect-agent</command></term>
         <listitem>
+          <para>is a utility used to communicate with a running
+          <command>gpg-agent</command>.</para>
+          <para>
+            is a utility used to communicate with a running
+            <command>gpg-agent</command>.
+          </para>
           <indexterm zone="gnupg2 gpg-connect-agent">
             <primary sortas="b-gpg-connect-agent">gpg-connect-agent</primary>
 …
         <term><command>gpg</command></term>
         <listitem>
+          <para>is the OpenPGP part of the GNU Privacy Guard (GnuPG). It is a
+          tool used to provide digital encryption and signing services using
+          the OpenPGP standard.</para>
+          <para>
+            is the OpenPGP part of the GNU Privacy Guard (GnuPG). It is a
+            tool used to provide digital encryption and signing services using
+            the OpenPGP standard.
+          </para>
           <indexterm zone="gnupg2 gpg">
             <primary sortas="b-gpg">gpg</primary>
 …
         <term><command>gpgconf</command></term>
         <listitem>
+          <para>is a utility used to automatically and reasonably safely
+          query and modify configuration files in the
+          <filename class='directory'>~/.gnupg</filename> home directory. It is
+          designed not to be invoked manually by the user, but automatically by
+          graphical user interfaces.</para>
+          <para>
+            is a utility used to automatically and reasonably safely
+            query and modify configuration files in the
+            <filename class='directory'>~/.gnupg</filename> home directory. It
+            is designed not to be invoked manually by the user, but
+            automatically by graphical user interfaces.
+          </para>
           <indexterm zone="gnupg2 gpgconf">
             <primary sortas="b-gpgconf">gpgconf</primary>
 …
         <term><command>gpgparsemail</command></term>
         <listitem>
+          <para>is a utility currently only useful for debugging. Run it with
+          <parameter>--help</parameter> for usage information.</para>
+          <para>
+            is a utility currently only useful for debugging. Run it with
+            <parameter>--help</parameter> for usage information.
+          </para>
           <indexterm zone="gnupg2 gpgparsemail">
             <primary sortas="b-gpgparsemail">gpgparsemail</primary>
 …
         <term><command>gpgscm</command></term>
         <listitem>
+          <para>executes the given scheme program or spawns an interactive
+          shell.</para>
+          <para>
+            executes the given scheme program or spawns an interactive shell.
+          </para>
           <indexterm zone="gnupg2 gpgscm">
             <primary sortas="b-gpgscm">gpgscm</primary>
 …
         <term><command>gpgsm</command></term>
         <listitem>
+          <para>is a tool similar to <command>gpg2</command> used to provide
+          digital encryption and signing services on X.509 certificates and the
+          CMS protocol. It is mainly used as a backend for S/MIME mail
+          processing.</para>
+          <para>
+            is a tool similar to <command>gpg2</command> used to provide
+            digital encryption and signing services on X.509 certificates and
+            the CMS protocol. It is mainly used as a backend for S/MIME mail
+            processing.
+          </para>
           <indexterm zone="gnupg2 gpgsm">
             <primary sortas="b-gpgsm">gpgsm</primary>
 …
         <term><command>gpgtar</command></term>
         <listitem>
+          <para> is a tool to encrypt or sign files into an archive.</para>
+          <para>
+            is a tool to encrypt or sign files into an archive.
+          </para>
           <indexterm zone="gnupg2 gpgtar">
             <primary sortas="b-gpgtar">gpgtar</primary>
 …
         <term><command>gpgv</command></term>
         <listitem>
+          <para>is a verify only version of <command>gpg2</command>.</para>
+          <para>
+            is a verify only version of <command>gpg2</command>.
+          </para>
           <indexterm zone="gnupg2 gpgv">
             <primary sortas="b-gpgv">gpgv</primary>
 …
         <term><command>gpg-wks-server</command></term>
         <listitem>
+          <para>provides a server for the
+          <application>Web Key Service</application> protocol.</para>
+          <para>
+            provides a server for the
+            <application>Web Key Service</application> protocol.
+          </para>
           <indexterm zone="gnupg2 gpg-wks-server">
             <primary sortas="b-gpg-wks-server">gpg-wks-server</primary>
 …
         <term><command>gpg-zip</command></term>
         <listitem>
+          <para>encrypts or signs files into an archive.</para>
+          <para>
+            encrypts or signs files into an archive.
+          </para>
           <indexterm zone="gnupg2 gpg-zip">
             <primary sortas="b-gpg-zip">gpg-zip</primary>
 …
         <term><command>kbxutil</command></term>
         <listitem>
+          <para>is used to list, export and import Keybox data.</para>
+          <para>
+            is used to list, export and import Keybox data.
+          </para>
           <indexterm zone="gnupg2 kbxutil">
             <primary sortas="b-kbxutil">kbxutil</primary>
 …
         <term><command>symcryptrun</command></term>
         <listitem>
+          <para>is a simple symmetric encryption tool.</para>
+          <para>
+            is a simple symmetric encryption tool.
+          </para>
           <indexterm zone="gnupg2 symcryptrun">
             <primary sortas="b-symcryptrun">symcryptrun</primary>
 …
         <term><command>watchgnupg</command></term>
         <listitem>
+          <para>is used to listen to a Unix Domain socket created by any of
+          the GnuPG tools.</para>
+          <para>
+            is used to listen to a Unix Domain socket created by any of
+            the GnuPG tools.
+          </para>
           <indexterm zone="gnupg2 watchgnupg">
             <primary sortas="b-watchgnupg">watchgnupg</primary>

postlfs/security/haveged.xml

-              r914049f6
+              r47274444
     <title>Installation of Haveged</title>
+    <para>Install <application>Haveged</application> by running the following
+    commands:</para>
+    <para>
+      Install <application>Haveged</application> by running the following
+      commands:
+    </para>
 <screen><userinput>./configure --prefix=/usr &amp;&amp;

postlfs/security/libcap.xml

-              r914049f6
+              r47274444
     <title>Introduction to libcap with PAM</title>
+    <para>The <application>libcap</application> package was installed in
+    LFS, but if <application>Linux-PAM</application> support is desired,
+    the PAM module must be built (after installation of
+    <application>Linux-PAM</application>).</para>
+    <para>
+      The <application>libcap</application> package was installed in
+      LFS, but if <application>Linux-PAM</application> support is desired,
+      the PAM module must be built (after installation of
+      <application>Linux-PAM</application>).
+    </para>
     &lfs91_checked;
 …
     <itemizedlist spacing="compact">
       <listitem>
+        <para>Download (HTTP): <ulink url="&libcap-download-http;"/></para>
+        <para>
+          Download (HTTP): <ulink url="&libcap-download-http;"/>
+        </para>
       </listitem>
       <listitem>
+        <para>Download (FTP): <ulink url="&libcap-download-ftp;"/></para>
+        <para>
+          Download (FTP): <ulink url="&libcap-download-ftp;"/>
+        </para>
       </listitem>
       <listitem>
+        <para>Download MD5 sum: &libcap-md5sum;</para>
+        <para>
+          Download MD5 sum: &libcap-md5sum;
+        </para>
       </listitem>
       <listitem>
+        <para>Download size: &libcap-size;</para>
+        <para>
+          Download size: &libcap-size;
+        </para>
       </listitem>
       <listitem>
+        <para>Estimated disk space required: &libcap-buildsize;</para>
+        <para>
+          Estimated disk space required: &libcap-buildsize;
+        </para>
       </listitem>
       <listitem>
+        <para>Estimated build time: &libcap-time;</para>
+        <para>
+          Estimated build time: &libcap-time;
+        </para>
       </listitem>
     </itemizedlist>
 …
     <note>
+      <para>If you are upgrading libcap from a previous version, use the
+      instructions in
+      <ulink url="../../../../lfs/view/development/chapter06/libcap.html">LFS libcap page</ulink>
+      to upgrade libcap. If the PAM module has been built, it will automatically
+      be picked up.</para>
+      <para>
+        If you are upgrading libcap from a previous version, use the
+        instructions in
+        <ulink url="../../../../lfs/view/development/chapter06/libcap.html">
+          LFS libcap page
+        </ulink> to upgrade libcap. If <xref linkend="linux-pam"/> has been
+        built, the PAM module will automatically be built too.
+      </para>
     </note>
+    <para>Install <application>libcap</application> by running the following
+    commands:</para>
+    <para>
+      Install <application>libcap</application> by running the following
+      commands:
+    </para>
 <screen><userinput>make -C pam_cap</userinput></screen>
+    <para>This package does not come with a test suite.</para>
+    <para>
+      This package does not come with a test suite.
+    </para>
+    <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
+    <para>
+      Now, as the <systemitem class="username">root</systemitem> user:
+    </para>
 <screen role="root"><userinput>install -v -m755 pam_cap/pam_cap.so /lib/security &amp;&amp;
 …
     <title>Configuring Libcap</title>
+    <para>In order to allow <application>Linux-PAM</application> to grant
+    privileges based on POSIX capabilites, you need to add the libcap module
+    to the begining of the <filename>/etc/pam.d/system-auth</filename> file.
+    Make the required edits with the following commands:</para>
+    <para>
+      In order to allow <application>Linux-PAM</application> to grant
+      privileges based on POSIX capabilites, you need to add the libcap module
+      to the begining of the <filename>/etc/pam.d/system-auth</filename> file.
+      Make the required edits with the following commands:
+    </para>
 <screen role="root"><userinput>mv -v /etc/pam.d/system-auth{,.bak} &amp;&amp;
 …
 tail -n +3 /etc/pam.d/system-auth.bak &gt;&gt; /etc/pam.d/system-auth</userinput></screen>
+    <para>Additonally, you'll need to modify the
+    <filename>/etc/security/capability.conf</filename> file to grant necessary
+    privileges to users, and utilize the <command>setcap</command>
+    utility to set capabilities on specific utilities as needed. See
+    <command>man 8 setcap</command> and <command>man 3 cap_from_text</command>
+    for additional information.</para>
+    <para>
+      Additonally, you'll need to modify the
+      <filename>/etc/security/capability.conf</filename> file to grant
+      necessary privileges to users, and utilize the <command>setcap</command>
+      utility to set capabilities on specific utilities as needed. See
+      <command>man 8 setcap</command> and
+      <command>man 3 cap_from_text</command> for additional information.
+    </para>
   </sect2>

postlfs/security/liboauth.xml

-              r914049f6
+              r47274444
     <itemizedlist spacing="compact">
       <listitem>
+        <para>Required patch for use with openssl: <ulink
+        url="&patch-root;/liboauth-&liboauth-version;-openssl-1.1.0-3.patch"/>
+        <para>
+          Required patch for use with openssl: <ulink url=
+            "&patch-root;/liboauth-&liboauth-version;-openssl-1.1.0-3.patch"/>
         </para>
       </listitem>

postlfs/security/linux-pam.xml

-              r914049f6
+              r47274444
 # End /etc/pam.d/other</literal></screen>
+      <para>Now set up some generic files.  As root:</para>
+      <para>
+        Now set up some generic files.  As root:
+      </para>
 <screen role="root"><userinput>install -vdm755 /etc/pam.d &amp;&amp;
 …
 EOF</userinput></screen>
+    <para>The remaining generic file depends on whether <xref linkend="cracklib"/>
+    is installed.  If it is installed, use:</para>
+      <para>
+        The remaining generic file depends on whether <xref
+        linkend="cracklib"/> is installed.  If it is installed, use:
+      </para>
 <screen role="root"><userinput>cat &gt; /etc/pam.d/system-password &lt;&lt; "EOF"
 …
 EOF</userinput></screen>
+        <note>
+          <para>
+            In its default configuration, pam_cracklib will
+            allow multiple case passwords as short as 6 characters, even with
+            the <parameter>minlen</parameter> value set to 11. You should review
+            the pam_cracklib(8) man page and determine if these default values
+            are acceptable for the security of your system.
+          </para>
+        </note>
+   <para>If <xref linkend="cracklib"/> is <emphasis>NOT</emphasis> installed,
+   use:</para>
+      <note>
+        <para>
+          In its default configuration, pam_cracklib will
+          allow multiple case passwords as short as 6 characters, even with
+          the <parameter>minlen</parameter> value set to 11. You should review
+          the pam_cracklib(8) man page and determine if these default values
+          are acceptable for the security of your system.
+        </para>
+      </note>
+      <para>
+        If <xref linkend="cracklib"/> is <emphasis>NOT</emphasis> installed,
+        use:
+      </para>
 <screen role="nodump"><userinput>cat &gt; /etc/pam.d/system-password &lt;&lt; "EOF"
 …
 EOF</userinput></screen>
+      <para>Now add a restrictive <filename>/etc/pam.d/other</filename>
+      configuration file.  With this file, programs that are PAM aware will not
+      run unless a configuration file specifically for that application is
+      created.</para>
+      <para>
+        Now add a restrictive <filename>/etc/pam.d/other</filename>
+        configuration file.  With this file, programs that are PAM aware will
+        not run unless a configuration file specifically for that application
+        is created.
+      </para>
 <screen role="root"><userinput>cat &gt; /etc/pam.d/other &lt;&lt; "EOF"
 …
         The <application>PAM</application> man page (<command>man
         pam</command>) provides a good starting point for descriptions
+        of fields and allowable entries. The <ulink
+        url="http://www.linux-pam.org/Linux-PAM-html/Linux-PAM_SAG.html">Linux-PAM
+        System Administrators' Guide</ulink> is recommended for additional
+        information.
+      </para>
+<!-- No longer there
+      <para>
+        Refer to <ulink url="&debian-pam-docs;/modules.html"/> for a list
+        of various third-party modules available.
+      </para>
+-->
+        of fields and allowable entries. The
+        <ulink url="http://www.linux-pam.org/Linux-PAM-html/Linux-PAM_SAG.html">
+          Linux-PAM System Administrators' Guide
+        </ulink> is recommended for additional information.
+      </para>
       <important>
         <para>

postlfs/security/make-ca.xml

-              r914049f6
+              r47274444
     <itemizedlist spacing="compact">
       <listitem>
+        <para>Download (HTTP): <ulink url="&make-ca-download;"/></para>
+      </listitem>
+      <listitem>
+        <para>Download size: &make-ca-size;</para>
+      </listitem>
+      <listitem>
+        <para>Download MD5 Sum: &make-ca-md5sum;</para>
+      </listitem>
+      <listitem>
+        <para>Estimated disk space required: &make-ca-buildsize;</para>
+      </listitem>
+      <listitem>
+        <para>Estimated build time: &make-ca-time;</para>
+        <para>
+          Download (HTTP): <ulink url="&make-ca-download;"/>
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download size: &make-ca-size;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download MD5 Sum: &make-ca-md5sum;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Estimated disk space required: &make-ca-buildsize;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Estimated build time: &make-ca-time;
+        </para>
       </listitem>
     </itemizedlist>
 …
     <bridgehead renderas="sect4">Required</bridgehead>
+    <para role="required"><xref linkend="p11-kit"/> (required at runtime to
+    generate certificate stores from trust anchors)</para>
+    <para role="required">
+      <xref linkend="p11-kit"/> (required at runtime to
+      generate certificate stores from trust anchors)
+    </para>
     <!-- /usr/bin/trust is needed to extract the certs to /etc/ssl/certs -->
 …
     <title>Installation of make-ca</title>
+    <para>The <application>make-ca</application> script will download and
+    process the certificates included in the <filename>certdata.txt</filename>
+    file for use as trust anchors for the <xref linkend="p11-kit"/> trust
+    module. Additionally, it will generate system certificate stores used by
+    BLFS applications (if the recommended and optional applications are present
+    on the system). Any local certificates stored in
+    <filename>/etc/ssl/local</filename> will be imported to both the trust
+    anchors and the generated certificate stores (overriding Mozilla's
+    trust). Additionally, any modified trust values will be copied from the
+    trust anchors to <filename>/etc/ssl/local</filename> prior to any updates,
+    preserving custom trust values that differ from Mozilla when using the
+    <command>trust</command> utility from <application>p11-kit</application>
+    to operate on the trust store.</para>
+    <para>To install the various certificate stores, first install the
+    <application>make-ca</application> script into the correct location.
+    As the <systemitem class="username">root</systemitem> user:</para>
+    <para>
+      The <application>make-ca</application> script will download and process
+      the certificates included in the <filename>certdata.txt</filename> file
+      for use as trust anchors for the <xref linkend="p11-kit"/> trust module.
+      Additionally, it will generate system certificate stores used by BLFS
+      applications (if the recommended and optional applications are present
+      on the system). Any local certificates stored in
+      <filename>/etc/ssl/local</filename> will be imported to both the trust
+      anchors and the generated certificate stores (overriding Mozilla's
+      trust). Additionally, any modified trust values will be copied from the
+      trust anchors to <filename>/etc/ssl/local</filename> prior to any
+      updates, preserving custom trust values that differ from Mozilla when
+      using the <command>trust</command> utility from
+      <application>p11-kit</application> to operate on the trust store.
+    </para>
+    <para>
+      To install the various certificate stores, first install the
+      <application>make-ca</application> script into the correct location.
+      As the <systemitem class="username">root</systemitem> user:
+    </para>
 <screen role="root"><userinput>make install &amp;&amp;
 install -vdm755 /etc/ssl/local</userinput></screen>
+   <para>As the <systemitem class="username">root</systemitem> user, after
+   installing <xref linkend="p11-kit"/>, download the certificate source and
+   prepare for system use with the following command:</para>
+   <para>
+     As the <systemitem class="username">root</systemitem> user, after
+     installing <xref linkend="p11-kit"/>, download the certificate source and
+     prepare for system use with the following command:
+   </para>
     <note>
+      <para>If running the script a second time with the same version of
+      <filename>certdata.txt</filename>, for instance, to add additional stores
+      as the requisite software is installed, add the <parameter>-r</parameter>
+      switch to the command line. If packaging, run <command>make-ca
+      --help</command> to see all available command line options.</para>
+      <para>
+        If running the script a second time with the same version of
+        <filename>certdata.txt</filename>, for instance, to add additional
+        stores as the requisite software is installed, add the
+        <parameter>-r</parameter> switch to the command line. If packaging,
+        run <command>make-ca --help</command> to see all available command
+        line options.
+      </para>
     </note>
 <screen role="root"><userinput>/usr/sbin/make-ca -g</userinput></screen>
+    <!-- Remove at 8.5 or 9.0 -->
+<!--    <para>Previous versions of BLFS used the path
+    <filename>/etc/ssl/ca-bundle.crt</filename> for the
+    <xref linkend="gnutls"/> certificate store. If software is still installed
+    that references this file, create a compatibility symlink for the old
+    location as the <systemitem class="username">root</systemitem> user:</para>
+<screen role="nodump"><userinput>ln -sfv /etc/pki/tls/certs/ca-bundle.crt /etc/ssl/ca-bundle.crt</userinput></screen>
+   It's after 9.0 -->
+    <para>You should periodically update the store with the above command,
+    either manually, or via a <phrase revision="sysv">cron job.</phrase>
+    <phrase revision="systemd">systemd timer. A timer is installed at
+    <filename>/usr/lib/systemd/system/update-pki.timer</filename> that, if
+    enabled, will check for updates weekly. </phrase><phrase revision="sysv">If
+    you've installed <xref linkend="fcron"/> and completed the section on
+    periodic jobs, execute</phrase><phrase revision="systemd">Execute</phrase>
+    the following commands, as the
+    <systemitem class="username">root</systemitem> user, to
+    <phrase revision="sysv">create a weekly cron job:</phrase>
+    <phrase revision="systemd">enable the systemd timer:</phrase>
+    <para>
+      You should periodically update the store with the above command,
+      either manually, or via a <phrase revision="sysv">cron job.</phrase>
+      <phrase revision="systemd">systemd timer. A timer is installed at
+      <filename>/usr/lib/systemd/system/update-pki.timer</filename> that, if
+      enabled, will check for updates weekly.</phrase><phrase
+      revision="sysv">If you've installed <xref linkend="fcron"/> and
+      completed the section on periodic jobs, execute</phrase><phrase
+      revision="systemd">Execute</phrase> the following commands, as the
+      <systemitem class="username">root</systemitem> user, to <phrase
+      revision="sysv">create a weekly cron job:</phrase><phrase
+      revision="systemd">enable the systemd timer:</phrase>
     </para>
 …
     <title>Configuring make-ca</title>
+    <para>For most users, no additional configuration is necessary, however,
+    the default <filename>certdata.txt</filename> file provided by make-ca
+    is obtained from the mozilla-release branch, and is modified to provide a
+    Mercurial revision. This will be the correct version for most systems.
+    There are several other variants of the file available for use that might
+    be preferred for one reason or another, including the files shipped with
+    Mozilla products in this book. RedHat and OpenSUSE, for instance, use the
+    version included in <xref linkend="nss"/>. Additional upstream downloads
+    are available at the links included in
+    <filename>/etc/make-ca.conf.dist</filename>. Simply copy the file to
+    <filename>/etc/make-ca.conf</filename> and edit as appropriate.</para>
+    <para>
+      For most users, no additional configuration is necessary, however,
+      the default <filename>certdata.txt</filename> file provided by make-ca
+      is obtained from the mozilla-release branch, and is modified to provide a
+      Mercurial revision. This will be the correct version for most systems.
+      There are several other variants of the file available for use that might
+      be preferred for one reason or another, including the files shipped with
+      Mozilla products in this book. RedHat and OpenSUSE, for instance, use the
+      version included in <xref linkend="nss"/>. Additional upstream downloads
+      are available at the links included in
+      <filename>/etc/make-ca.conf.dist</filename>. Simply copy the file to
+      <filename>/etc/make-ca.conf</filename> and edit as appropriate.
+    </para>
     <indexterm zone="make-ca make-ca-config">
 …
     <bridgehead renderas="sect3">About Trust Arguments</bridgehead>
+    <para>There are three trust types that are recognized by the
+    <application>make-ca</application> script, SSL/TLS, S/Mime, and code
+    signing. For <application>OpenSSL</application>, these are
+    <parameter>serverAuth</parameter>, <parameter>emailProtection</parameter>,
+    and <parameter>codeSigning</parameter> respectively. If one of the three
+    trust arguments is omitted, the certificate is neither trusted, nor
+    rejected for that role. Clients that use <application>OpenSSL</application>
+    or <application>NSS</application> encountering this certificate will
+    present a warning to the user. Clients using
+    <application>GnuTLS</application> without
+    <application>p11-kit</application> support are not aware of trusted
+    certificates. To include this CA into the
+    <filename>ca-bundle.crt</filename>,
+    <filename>email-ca-bundle.crt</filename>, or
+    <filename>objsign-ca-bundle.crt</filename> files
+    (the <application>GnuTLS</application> legacy bundles), it must have the
+    appropriate trust arguments.</para>
+    <para>
+      There are three trust types that are recognized by the
+      <application>make-ca</application> script, SSL/TLS, S/Mime, and code
+      signing. For <application>OpenSSL</application>, these are
+      <parameter>serverAuth</parameter>,
+      <parameter>emailProtection</parameter>, and
+      <parameter>codeSigning</parameter> respectively. If one of the three
+      trust arguments is omitted, the certificate is neither trusted, nor
+      rejected for that role. Clients that use
+      <application>OpenSSL</application> or <application>NSS</application>
+      encountering this certificate will present a warning to the user.
+      Clients using
+      <application>GnuTLS</application> without
+      <application>p11-kit</application> support are not aware of trusted
+      certificates. To include this CA into the
+      <filename>ca-bundle.crt</filename>,
+      <filename>email-ca-bundle.crt</filename>, or
+      <filename>objsign-ca-bundle.crt</filename> files
+      (the <application>GnuTLS</application> legacy bundles), it must have the
+      appropriate trust arguments.
+    </para>
     <bridgehead renderas="sect3">Adding Additional CA Certificates</bridgehead>
+    <para>The <filename class="directory">/etc/ssl/local</filename> directory
+    is available to add additional CA certificates to the system. For instance,
+    you might need to add an organization or government CA certificate.
+    Files in this directory must be in the <application>OpenSSL</application>
+    trusted certificate format. To create an <application>OpenSSL</application>
+    trusted certificate from a regular PEM encoded file, you need to add trust
+    arguments to the <command>openssl</command> command, and create a new
+    certificate. For example, using the
+    <ulink url="http://www.cacert.org/">CAcert</ulink> roots, if you want to
+    trust both for all three roles, the following commands will create
+    appropriate OpenSSL trusted certificates (run as the
+    <systemitem class="username">root</systemitem> user after
+    <xref linkend="wget"/> is installed):</para>
+    <para>
+      The <filename class="directory">/etc/ssl/local</filename> directory
+      is available to add additional CA certificates to the system. For
+      instance, you might need to add an organization or government CA
+      certificate. Files in this directory must be in the
+      <application>OpenSSL</application> trusted certificate format. To
+      create an <application>OpenSSL</application> trusted certificate from
+      a regular PEM encoded file, you need to add trust arguments to the
+      <command>openssl</command> command, and create a new certificate. For
+      example, using the <ulink url="http://www.cacert.org/">CAcert</ulink>
+      roots, if you want to trust both for all three roles, the following
+      commands will create appropriate OpenSSL trusted certificates (run as
+      the <systemitem class="username">root</systemitem> user after <xref
+      linkend="wget"/> is installed):
+    </para>
 <screen role="nodump"><userinput>wget http://www.cacert.org/certs/root.crt &amp;&amp;
 …
     <bridgehead renderas="sect3">Overriding Mozilla Trust</bridgehead>
+    <para>Occasionally, there may be instances where you don't agree with
+    Mozilla's inclusion of a particular certificate authority. If you'd like
+    to override the default trust of a particular CA, simply create a copy of
+    the existing certificate in
+    <filename class="directory">/etc/ssl/local</filename> with different trust
+    arguments. For example, if you'd like to distrust the "Makebelieve_CA_Root"
+    file, run the following commands:</para>
+    <para>
+      Occasionally, there may be instances where you don't agree with
+      Mozilla's inclusion of a particular certificate authority. If you'd like
+      to override the default trust of a particular CA, simply create a copy of
+      the existing certificate in <filename
+      class="directory">/etc/ssl/local</filename> with different trust
+      arguments. For example, if you'd like to distrust the
+      "Makebelieve_CA_Root" file, run the following commands:
+    </para>
 <screen role="nodump"><userinput>openssl x509 -in /etc/ssl/certs/Makebelieve_CA_Root.pem \
 …
         <term><command>make-ca</command></term>
         <listitem>
+          <para>is a shell script that adapts a current version of
+          <filename>certdata.txt</filename>, and prepares it for use
+          as the system trust store.</para>
+          <para>
+            is a shell script that adapts a current version of
+            <filename>certdata.txt</filename>, and prepares it for use
+            as the system trust store.
+          </para>
           <indexterm zone="make-ca make-ca">
             <primary sortas="b-make-ca">make-ca</primary>

postlfs/security/mitkrb.xml

r914049f6	r47274444
469	469
470	470	<title>Contents</title>
471		~~<para></para>~~
472	471
473	472	<segmentedlist>

postlfs/security/nessus.xml

-              r914049f6
+              r47274444
 <sect1 id="postlfs-security-nessus">
+<sect1info>
+<othername>$LastChangedBy$</othername>
+<date>$Date$</date>
+</sect1info>
+<?dbhtml filename="nessus.html"?>
+<title>nessus</title>
+  <?dbhtml filename="nessus.html"?>
+<para>TO BE WRITTEN - NEW</para>
+  <sect1info>
+    <othername>$LastChangedBy$</othername>
+    <date>$Date$</date>
+  </sect1info>
+  <title>nessus</title>
+  <para>
+    TO BE WRITTEN - NEW
+  </para>
 </sect1>

postlfs/security/nettle.xml

-              r914049f6
+              r47274444
     <title>Installation of Nettle</title>
+    <para>Install <application>Nettle</application> by running the following
+    commands:</para>
+    <para>
+      Install <application>Nettle</application> by running the following
+      commands:
+    </para>
 <screen><userinput>./configure --prefix=/usr --disable-static &amp;&amp;

postlfs/security/nss.xml

-              r914049f6
+              r47274444
     <title>Configuring NSS</title>
+    <para>If <xref linkend="p11-kit"/> is installed, the
+    <application>p11-kit</application> trust module
+    (<filename>/usr/lib/pkcs11/p11-kit-trust.so</filename>) can be used as a
+    drop-in replacement for <filename>/usr/lib/libnssckbi.so</filename> to
+    transparently make the system CAs available to
+    <application>NSS</application> aware applications, rather than the static
+    list provided by <filename>/usr/lib/libnssckbi.so</filename>. As the
+    <systemitem class="username">root</systemitem> user, execute the following
+    commands:</para>
+    <para>
+      If <xref linkend="p11-kit"/> is installed, the
+      <application>p11-kit</application> trust module
+      (<filename>/usr/lib/pkcs11/p11-kit-trust.so</filename>) can be used as a
+      drop-in replacement for <filename>/usr/lib/libnssckbi.so</filename> to
+      transparently make the system CAs available to
+      <application>NSS</application> aware applications, rather than the static
+      list provided by <filename>/usr/lib/libnssckbi.so</filename>. As the
+      <systemitem class="username">root</systemitem> user, execute the following
+      commands:
+    </para>
 <screen role="root"><userinput>ln -sfv ./pkcs11/p11-kit-trust.so /usr/lib/libnssckbi.so</userinput></screen>
+    <para>Additionally, for dependent applications that do not use the internal
+    database (<filename>/usr/lib/libnssckbi.so</filename>), the
+    <filename>/usr/sbin/make-ca</filename> script, included on the
+    <xref linkend="make-ca"/> page can generate a system wide NSS DB with the
+    <parameter>-n</parameter> switch, or by modifying the
+    <filename>/etc/make-ca.conf</filename> file.</para>
+    <para>
+      Additionally, for dependent applications that do not use the internal
+      database (<filename>/usr/lib/libnssckbi.so</filename>), the
+      <filename>/usr/sbin/make-ca</filename> script, included on the
+      <xref linkend="make-ca"/> page can generate a system wide NSS DB with the
+      <parameter>-n</parameter> switch, or by modifying the
+      <filename>/etc/make-ca.conf</filename> file.
+    </para>
   </sect2>

postlfs/security/p11-kit.xml

-              r914049f6
+              r47274444
     <title>Installation of p11-kit</title>
+    <para>Prepare the distribution specific anchor hook:</para>
+    <para>
+      Prepare the distribution specific anchor hook:
+    </para>
 <screen><userinput>sed '20,$ d' -i trust/trust-extract-compat.in &amp;&amp;
 …
     <title>Configuring p11-kit</title>
+    <para>The <application>p11-kit</application> trust module
+    (<filename>/usr/lib/pkcs11/p11-kit-trust.so</filename>) can be used as a
+    drop-in replacement for <filename>/usr/lib/libnssckbi.so</filename> to
+    transparently make the system CAs available to
+    <application>NSS</application> aware applications, rather than the static
+    list provided by <filename>/usr/lib/libnssckbi.so</filename>. As the
+    <systemitem class="username">root</systemitem> user, execute the following
+    commands:</para>
+    <para>
+      The <application>p11-kit</application> trust module
+      (<filename>/usr/lib/pkcs11/p11-kit-trust.so</filename>) can be used as a
+      drop-in replacement for <filename>/usr/lib/libnssckbi.so</filename> to
+      transparently make the system CAs available to
+      <application>NSS</application> aware applications, rather than the static
+      list provided by <filename>/usr/lib/libnssckbi.so</filename>. As the
+      <systemitem class="username">root</systemitem> user, execute the
+      following commands:
+    </para>
 <screen role="root"><userinput>ln -sfv ./pkcs11/p11-kit-trust.so /usr/lib/libnssckbi.so</userinput></screen>
 …
           <para>
             is a command line tool that can be used to perform operations
              on PKCS#11 modules configured on the system.
+            on PKCS#11 modules configured on the system.
           </para>
           <indexterm zone="p11-kit p11-kit-prog">
 …
             is a command line tool to both extract local certificates from an
             updated anchor store, and regenerate all anchors and certificate
                  stores on the system. This is done unconditionally on BLFS using
+            stores on the system. This is done unconditionally on BLFS using
             the <parameter>--force</parameter> and <parameter>--get</parameter>
             flags to <command>make-ca</command> and should likely not be used

postlfs/security/security.xml

-              r914049f6
+              r47274444
   <title>Security</title>
+  <para>Security takes many forms in a computing environment. After some
+  initial discussion, this chapter
+  gives examples of three different types of security: access, prevention
+  and detection.</para>
+  <para>
+    Security takes many forms in a computing environment. After some
+    initial discussion, this chapter
+    gives examples of three different types of security: access, prevention
+    and detection.
+  </para>
+  <para>Access for users is usually handled by <command>login</command> or an
+  application designed to handle the login function.  In this chapter, we show
+  how to enhance <command>login</command> by setting policies with
+  <application>PAM</application> modules.  Access via networks
+  can also be secured by policies set by <application>iptables</application>,
+  commonly referred to as a firewall. The Network Security Services (NSS) and
+  Netscape Portable Runtime (NSPR) libraries can be installed and shared among
+  the many applications requiring them. For applications that don't offer the
+  best security, you can use the <application>Stunnel</application> package to
+  wrap an application daemon inside an SSL tunnel.</para>
+  <para>
+    Access for users is usually handled by <command>login</command> or an
+    application designed to handle the login function. In this chapter, we show
+    how to enhance <command>login</command> by setting policies with
+    <application>PAM</application> modules.  Access via networks can also be
+    secured by policies set by <application>iptables</application>, commonly
+    referred to as a firewall. The Network Security Services (NSS) and
+    Netscape Portable Runtime (NSPR) libraries can be installed and shared
+    among the many applications requiring them. For applications that don't
+    offer the best security, you can use the
+    <application>Stunnel</application> package to wrap an application daemon
+    inside an SSL tunnel.
+  </para>
+  <para>Prevention of breaches, like a trojan, are assisted by applications like
+  <application>GnuPG</application>, specifically the ability to confirm signed
+  packages, which recognizes modifications of the tarball
+  after the packager creates it.</para>
+  <para>
+    Prevention of breaches, like a trojan, are assisted by applications like
+    <application>GnuPG</application>, specifically the ability to confirm
+    signed packages, which recognizes modifications of the tarball
+    after the packager creates it.
+  </para>
+  <para> Finally, we touch on detection with a package that stores "signatures"
+  of critical files (defined by the administrator) and then regenerates those
+  "signatures" and compares for files that have been changed.</para>
+  <para>
+    Finally, we touch on detection with a package that stores "signatures"
+    of critical files (defined by the administrator) and then regenerates those
+    "signatures" and compares for files that have been changed.
+  </para>
   <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="vulnerabilities.xml"/>

postlfs/security/shadow.xml

-              r914049f6
+              r47274444
 done</userinput></screen>
+        <para revision="systemd">Because the installation of
+        <application>systemd</application> is not yet complete, you will need
+        to remove the <filename>/run/nologin</filename> file before testing the
+        installation. Execute the following command as the
+        <systemitem class="username">root</systemitem> user:</para>
+        <para revision="systemd">
+          Because the installation of <application>systemd</application> is
+          not yet complete, you will need to remove the
+          <filename>/run/nologin</filename> file before testing the
+          installation. Execute the following command as the
+          <systemitem class="username">root</systemitem> user:
+        </para>
 <screen role="root" revision="systemd"><userinput>rm -f /run/nologin</userinput></screen>

postlfs/security/stunnel.xml

-              r914049f6
+              r47274444
     <title>Introduction to stunnel</title>
+    <para>The <application>stunnel</application> package contains a program
+    that allows you to encrypt arbitrary TCP connections inside SSL (Secure
+    Sockets Layer) so you can easily communicate with clients over secure
+    channels. <application>stunnel</application> can be used to add SSL
+    functionality to commonly used <application>Inetd</application> daemons
+    such as POP-2, POP-3, and IMAP servers, along with standalone daemons such
+    as NNTP, SMTP, and HTTP. <application>stunnel</application> can also be
+    used to tunnel PPP over network sockets without changes to the server
+    package source code.</para>
+    <para>
+      The <application>stunnel</application> package contains a program
+      that allows you to encrypt arbitrary TCP connections inside SSL (Secure
+      Sockets Layer) so you can easily communicate with clients over secure
+      channels. <application>stunnel</application> can be used to add SSL
+      functionality to commonly used <application>Inetd</application> daemons
+      such as POP-2, POP-3, and IMAP servers, along with standalone daemons
+      such as NNTP, SMTP, and HTTP. <application>stunnel</application> can
+      also be used to tunnel PPP over network sockets without changes to the
+      server package source code.
+    </para>
     &lfs91_checked;
 …
     <itemizedlist spacing="compact">
       <listitem>
+        <para>Download (HTTP): <ulink url="&stunnel-download-http;"/></para>
+      </listitem>
+      <listitem>
+        <para>Download (FTP): <ulink url="&stunnel-download-ftp;"/></para>
+      </listitem>
+      <listitem>
+        <para>Download MD5 sum: &stunnel-md5sum;</para>
+      </listitem>
+      <listitem>
+        <para>Download size: &stunnel-size;</para>
+      </listitem>
+      <listitem>
+        <para>Estimated disk space required: &stunnel-buildsize;</para>
+      </listitem>
+      <listitem>
+        <para>Estimated build time: &stunnel-time;</para>
+        <para>
+          Download (HTTP): <ulink url="&stunnel-download-http;"/>
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download (FTP): <ulink url="&stunnel-download-ftp;"/>
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download MD5 sum: &stunnel-md5sum;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download size: &stunnel-size;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Estimated disk space required: &stunnel-buildsize;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Estimated build time: &stunnel-time;
+        </para>
       </listitem>
     </itemizedlist>
 …
     <bridgehead renderas="sect4">Optional</bridgehead>
     <para role="optional">
+      <ulink url="http://netcat.sourceforge.net/">netcat</ulink> (required for tests),
+      <ulink url="ftp://ftp.porcupine.org/pub/security/">tcpwrappers</ulink> and
+      <ulink url="http://netcat.sourceforge.net/">netcat</ulink>
+      (required for tests),
+      <ulink url="ftp://ftp.porcupine.org/pub/security/">tcpwrappers</ulink>,
+      and
       <ulink url="https://dist.torproject.org/">TOR</ulink>
     </para>
 …
     <title>Installation of stunnel</title>
+    <para>The <command>stunnel</command> daemon will be run in a
+    <command>chroot</command> jail by an unprivileged user. Create the
+    new user and group using the following commands as the
+    <systemitem class="username">root</systemitem> user:</para>
+    <para>
+      The <command>stunnel</command> daemon will be run in a
+      <command>chroot</command> jail by an unprivileged user. Create the
+      new user and group using the following commands as the
+      <systemitem class="username">root</systemitem> user:
+    </para>
 <screen role="root"><userinput>groupadd -g 51 stunnel &amp;&amp;
 …
     <note>
+      <para>A signed SSL Certificate and a Private Key is necessary to run the
+      <command>stunnel</command> daemon. After the package is installed, there
+      are instructions to generate them. However, if you own or have already
+      created a signed SSL Certificate you wish to use, copy it to
+      <filename>/etc/stunnel/stunnel.pem</filename> before starting the build
+      (ensure only <systemitem class="username">root</systemitem> has read and
+      write access).  The <filename class="extension">.pem</filename> file must
+      be formatted as shown below:</para>
+      <para>
+        A signed SSL Certificate and a Private Key is necessary to run the
+        <command>stunnel</command> daemon. After the package is installed,
+        there are instructions to generate them. However, if you own or have
+        already created a signed SSL Certificate you wish to use, copy it to
+        <filename>/etc/stunnel/stunnel.pem</filename> before starting the
+        build (ensure only <systemitem class="username">root</systemitem> has
+        read and write access). The <filename class="extension">.pem</filename>
+        file must be formatted as shown below:
+      </para>
 <screen><literal>-----BEGIN PRIVATE KEY-----
 …
 <replaceable>&lt;encrypted lines of dh parms&gt;</replaceable>
 -----END DH PARAMETERS-----</literal></screen>
     </note>
+    <para>Install <application>stunnel</application> by running the following
+    commands:</para>
+    <para>
+      Install <application>stunnel</application> by running the following
+      commands:
+    </para>
     <note>
+      <para>For some systems with <application>binutils</application>
+      versions prior to 2.25, <command>configure</command> may fail.  If
+      necessary, fix it either with:</para>
+      <para>
+        For some systems with <application>binutils</application>
+        versions prior to 2.25, <command>configure</command> may fail.  If
+        necessary, fix it either with:
+      </para>
 <screen><userinput>sed -i '/LDFLAGS.*static_flag/ s/^/#/' configure</userinput></screen>
+      <para>or, if <xref linkend="llvm"/> with Clang is installed, you can
+      replace <command>./configure ...</command> with <command>CC=clang
+      ./configure ...</command> in the first command below.</para>
+      <para>
+        or, if <xref linkend="llvm"/> with Clang is installed, you can
+        replace <command>./configure ...</command> with <command>CC=clang
+        ./configure ...</command> in the first command below.
+      </para>
     </note>
 …
 make</userinput></screen>
+    <para>If you have installed the optional netcat application, the
+    regression tests can be run with <command>make check</command>.</para>
+    <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
+    <para>
+      If you have installed the optional netcat application, the
+      regression tests can be run with <command>make check</command>.
+    </para>
+    <para>
+      Now, as the <systemitem class="username">root</systemitem> user:
+    </para>
 <screen role="root"><userinput>make docdir=/usr/share/doc/stunnel-&stunnel-version; install</userinput></screen>
 …
 <screen role="root" revision="systemd"><userinput>install -v -m644 tools/stunnel.service /lib/systemd/system</userinput></screen>
+    <para>If you do not already have a signed SSL Certificate and Private Key,
+    create the <filename>stunnel.pem</filename> file in the
+    <filename class="directory">/etc/stunnel</filename> directory using the
+    command below. You will be prompted to enter the necessary
+    information. Ensure you reply to the</para>
+    <para>
+      If you do not already have a signed SSL Certificate and Private Key,
+      create the <filename>stunnel.pem</filename> file in the
+      <filename class="directory">/etc/stunnel</filename> directory using the
+      command below. You will be prompted to enter the necessary
+      information. Ensure you reply to the
+    </para>
 <screen><prompt>Common Name (FQDN of your server) [localhost]:</prompt></screen>
+    <para>prompt with the name or IP address you will be using
+    to access the service(s).</para>
+    <para>To generate a certificate, as the
+    <systemitem class="username">root</systemitem> user, issue:</para>
+    <para>
+      prompt with the name or IP address you will be using
+      to access the service(s).
+    </para>
+    <para>
+      To generate a certificate, as the
+      <systemitem class="username">root</systemitem> user, issue:
+    </para>
 <screen role="root"><userinput>make cert</userinput></screen>
 …
     <title>Command Explanations</title>
+    <para revision="sysv"><parameter>--disable-systemd</parameter>: This switch
+    disables systemd socket activation support which is not available in
+    BLFS.</para>
+    <para><command>make docdir=... install</command>: This command installs the
+    package and changes the documentation installation directory to standard
+    naming conventions.</para>
+    <para revision="sysv">
+      <parameter>--disable-systemd</parameter>: This switch disables systemd
+      socket activation support which is not available in BLFS.
+    </para>
+    <para>
+      <command>make docdir=... install</command>: This command installs the
+      package and changes the documentation installation directory to standard
+      naming conventions.
+    </para>
   </sect2>
 …
       <title>Config Files</title>
+      <para><filename>/etc/stunnel/stunnel.conf</filename></para>
+      <para>
+        <filename>/etc/stunnel/stunnel.conf</filename>
+      </para>
       <indexterm zone="stunnel stunnel-config">
 …
       <title>Configuration Information</title>
+      <para>As the <systemitem class="username">root</systemitem> user,
+      create the directory used for the
+      <filename class="extension">.pid</filename> file created
+      when the <application>stunnel</application> daemon starts:</para>
+      <para>
+        As the <systemitem class="username">root</systemitem> user,
+        create the directory used for the
+        <filename class="extension">.pid</filename> file created
+        when the <application>stunnel</application> daemon starts:
+      </para>
 <screen role="root"><userinput>install -v -m750 -o stunnel -g stunnel -d /var/lib/stunnel/run &amp;&amp;
 chown stunnel:stunnel /var/lib/stunnel</userinput></screen>
+      <para>Next, create a basic <filename>/etc/stunnel/stunnel.conf</filename>
+      configuration file using the following commands as the
+      <systemitem class="username">root</systemitem> user:</para>
+      <para>
+        Next, create a basic <filename>/etc/stunnel/stunnel.conf</filename>
+        configuration file using the following commands as the
+        <systemitem class="username">root</systemitem> user:
+      </para>
 <screen role="root"><userinput>cat &gt;/etc/stunnel/stunnel.conf &lt;&lt; "EOF"
 …
 EOF</userinput></screen>
+      <para>Finally, add the service(s) you wish to encrypt to the
+      configuration file. The format is as follows:</para>
+      <para>
+        Finally, add the service(s) you wish to encrypt to the
+        configuration file. The format is as follows:
+      </para>
 <screen><literal>[<replaceable>&lt;service&gt;</replaceable>]
 …
 connect = <replaceable>&lt;hostname:portnumber&gt;</replaceable></literal></screen>
+      <para>If you use <application>stunnel</application> to encrypt a daemon
+      started from <command>[x]inetd</command>, you may need to disable that
+      daemon in the <filename>/etc/[x]inetd.conf</filename> file and enable a
+      corresponding <replaceable>&lt;service&gt;</replaceable>_stunnel service. You
+      may have to add an appropriate entry in <filename>/etc/services</filename>
+      as well.</para>
+      <para>For a full explanation of the commands and syntax used in the
+      configuration file, issue <command>man stunnel</command>.</para>
+      <para>
+        If you use <application>stunnel</application> to encrypt a daemon
+        started from <command>[x]inetd</command>, you may need to disable that
+        daemon in the <filename>/etc/[x]inetd.conf</filename> file and enable a
+        corresponding <replaceable>&lt;service&gt;</replaceable>_stunnel
+        service. You may have to add an appropriate entry in
+        <filename>/etc/services</filename> as well.
+      </para>
+      <para>
+        For a full explanation of the commands and syntax used in the
+        configuration file, issue <command>man stunnel</command>.
+      </para>
     </sect3>
 …
              <phrase revision="systemd">Systemd Unit</phrase></title>
+      <para revision="sysv">To automatically start the
+      <command>stunnel</command> daemon when the system is booted, install the
+      <filename>/etc/rc.d/init.d/stunnel</filename> bootscript from the
+      <xref linkend="bootscripts"/> package.</para>
+      <para revision="systemd">To start the <command>stunnel</command>
+      daemon at boot, enable the previously installed
+      <application>systemd</application> unit by running the following command
+     as the <systemitem class="username">root</systemitem> user:</para>
+      <para revision="sysv">
+        To automatically start the <command>stunnel</command> daemon when the
+        system is booted, install the
+        <filename>/etc/rc.d/init.d/stunnel</filename> bootscript from the
+        <xref linkend="bootscripts"/> package.
+      </para>
+      <para revision="systemd">
+        To start the <command>stunnel</command>
+        daemon at boot, enable the previously installed
+        <application>systemd</application> unit by running the following
+        command as the <systemitem class="username">root</systemitem> user:
+      </para>
       <indexterm zone="stunnel stunnel-init">
 …
         <term><command>stunnel</command></term>
         <listitem>
+          <para> is a program designed to work as an SSL
+          encryption wrapper between remote clients and local
+          (<command>{x}inetd</command>-startable) or remote servers.</para>
+          <para>
+            is a program designed to work as an SSL
+            encryption wrapper between remote clients and local
+            (<command>{x}inetd</command>-startable) or remote servers.
+          </para>
           <indexterm zone="stunnel stunnel-prog">
             <primary sortas="b-stunnel">stunnel</primary>
 …
         <term><command>stunnel3</command></term>
         <listitem>
+          <para>is a <application>Perl</application> wrapper script to use
+          <command>stunnel</command> 3.x syntax with <command>stunnel</command>
+          >=4.05.</para>
+          <para>
+            is a <application>Perl</application> wrapper script to use
+            <command>stunnel</command> 3.x syntax with
+            <command>stunnel</command> 4.05 or later.
+          </para>
           <indexterm zone="stunnel stunnel3">
             <primary sortas="b-stunnel3">stunnel3</primary>
 …
         <term><filename class='libraryfile'>libstunnel.so</filename></term>
         <listitem>
+          <para> contains the API functions required by
+          <application>stunnel</application>.</para>
+          <para>
+            contains the API functions required by
+            <application>stunnel</application>.
+          </para>
           <indexterm zone="stunnel libstunnel">
             <primary sortas="c-libstunnel">libstunnel.so</primary>

postlfs/security/syslog.xml

-              r914049f6
+              r47274444
 <sect1 id="postlfs-security-syslog">
+<sect1info>
+<othername>$LastChangedBy$</othername>
+<date>$Date$</date>
+</sect1info>
+<?dbhtml filename="syslog.html"?>
+<title>Configuring syslog</title>
+  <?dbhtml filename="syslog.html"?>
+  <sect1info>
+    <othername>$LastChangedBy$</othername>
+    <date>$Date$</date>
+  </sect1info>
+<para>TO BE WRITTEN - NEW</para>
+  <title>Configuring syslog</title>
+  <para>
+    TO BE WRITTEN - NEW
+  </para>
 </sect1>

postlfs/security/tripwire.xml

-              r914049f6
+              r47274444
     <title>Introduction to Tripwire</title>
+    <para>The <application>Tripwire</application> package contains programs
+    used to verify the integrity of the files on a given system.</para>
+    <para>
+      The <application>Tripwire</application> package contains programs
+      used to verify the integrity of the files on a given system.
+    </para>
     &lfs91_checked;
 …
     <itemizedlist spacing="compact">
       <listitem>
+        <para>Download (HTTP): <ulink url="&tripwire-download-http;"/></para>
+      </listitem>
+      <listitem>
+        <para>Download (FTP): <ulink url="&tripwire-download-ftp;"/></para>
+      </listitem>
+      <listitem>
+        <para>Download MD5 sum: &tripwire-md5sum;</para>
+      </listitem>
+      <listitem>
+        <para>Download size: &tripwire-size;</para>
+      </listitem>
+      <listitem>
+        <para>Estimated disk space required: &tripwire-buildsize;</para>
+      </listitem>
+      <listitem>
+        <para>Estimated build time: &tripwire-time;</para>
+        <para>
+          Download (HTTP): <ulink url="&tripwire-download-http;"/>
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download (FTP): <ulink url="&tripwire-download-ftp;"/>
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download MD5 sum: &tripwire-md5sum;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download size: &tripwire-size;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Estimated disk space required: &tripwire-buildsize;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Estimated build time: &tripwire-time;
+        </para>
       </listitem>
     </itemizedlist>
+<!--
+    <note>
+      <para>
+        The <application>tripwire</application> source tarball shown above
+        downloads with the correct name, tripwire-open-source-&tripwire-version;.tar.gz,
+        if using a browser such as Firefox. If you prefer to use a command line
+        program such as wget, you normally would obtain
+        &tripwire-version;.tar.gz. To obtain this package with the proper
+        filename, run:
+<screen><userinput>wget -c https://github.com/Tripwire/tripwire-open-source/archive/&tripwire-version;.tar.gz \
+     -O tripwire-open-source-&tripwire-version;.tar.gz</userinput></screen>.
+      </para>
+    </note>
+-->
     <bridgehead renderas="sect3">Tripwire Dependencies</bridgehead>
 <!--
     <bridgehead renderas="sect4">Recommended</bridgehead>
+    <para role="recommended"><xref linkend="openssl"/></para>
+    <para role="recommended">
+      <xref linkend="openssl"/>
+    </para>
 -->
     <bridgehead renderas="sect4">Optional</bridgehead>
+    <para role="optional">An <xref linkend="server-mail"/></para>
+    <para role="optional">
+      An <xref linkend="server-mail"/>
+    </para>
     <para condition="html" role="usernotes">User Notes:
 …
     <title>Installation of Tripwire</title>
+    <para>Compile <application>Tripwire</application> by running the following
+    commands:</para>
+    <para>
+      Compile <application>Tripwire</application> by running the following
+      commands:
+    </para>
 <screen><userinput>sed -e '/^CLOBBER/s/false/true/'         \
 …
 make</userinput></screen>
+    <note><para>The default configuration is to use a local MTA. If
+    you don't have an MTA installed and have no wish to install
+    one, modify <filename>install/install.cfg</filename> to use an SMTP
+    server instead.  Otherwise the install will fail.</para></note>
+    <para>This package does not come with a test suite.</para>
+    <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
+    <note>
+      <para>
+        The default configuration is to use a local MTA. If
+        you don't have an MTA installed and have no wish to install
+        one, modify <filename>install/install.cfg</filename> to use an SMTP
+        server instead.  Otherwise the install will fail.
+      </para>
+    </note>
+    <para>
+      This package does not come with a test suite.
+    </para>
+    <para>
+      Now, as the <systemitem class="username">root</systemitem> user:
+    </para>
 <screen role="root"><userinput>make install &amp;&amp;
 …
       <title>Config Files</title>
+      <para><filename>/etc/tripwire/*</filename></para>
+      <para>
+        <filename>/etc/tripwire/*</filename>
+      </para>
       <indexterm zone="tripwire tripwire-config">
 …
       <title>Configuration Information</title>
+      <para><application>Tripwire</application> uses a policy file to
+      determine which files are integrity checked. The default policy
+      file (<filename>/etc/tripwire/twpol.txt</filename>) is for a
+      default installation and will need to be updated for your
+      system.</para>
+      <para>Policy files should be tailored to each individual distribution
+      and/or installation. Some example policy files can be found in <filename
+      class="directory">/usr/share/doc/tripwire/</filename>.</para>
+      <para>If desired, copy the policy file you'd like to try into <filename
+      class="directory">/etc/tripwire/</filename> instead of using the default
+      policy file, <filename>twpol.txt</filename>.  It is, however, recommended
+      that you edit your policy file. Get ideas from the examples above and
+      read <filename>/usr/share/doc/tripwire/policyguide.txt</filename> for
+      additional information. <filename>twpol.txt</filename> is a good policy
+      file for learning about <application>Tripwire</application> as it will
+      note any changes to the file system and can even be used as an annoying
+      way of keeping track of changes for uninstallation of software.</para>
+      <para>After your policy file has been edited to your satisfaction you may
+      begin the configuration steps (perform as the <systemitem
+      class='username'>root</systemitem>) user:</para>
+      <para>
+        <application>Tripwire</application> uses a policy file to
+        determine which files are integrity checked. The default policy
+        file (<filename>/etc/tripwire/twpol.txt</filename>) is for a
+        default installation and will need to be updated for your
+        system.
+      </para>
+      <para>
+        Policy files should be tailored to each individual distribution and/or
+        installation. Some example policy files can be found in <filename
+        class="directory">/usr/share/doc/tripwire/</filename>.
+      </para>
+      <para>
+        If desired, copy the policy file you'd like to try into <filename
+        class="directory">/etc/tripwire/</filename> instead of using the
+        default policy file, <filename>twpol.txt</filename>.  It is, however,
+        recommended that you edit your policy file. Get ideas from the
+        examples above and read
+        <filename>/usr/share/doc/tripwire/policyguide.txt</filename> for
+        additional information. <filename>twpol.txt</filename> is a good
+        policy file for learning about <application>Tripwire</application>
+        as it will note any changes to the file system and can even be used
+        as an annoying way of keeping track of changes for uninstallation of
+        software.
+      </para>
+      <para>
+        After your policy file has been edited to your satisfaction you may
+        begin the configuration steps (perform as the <systemitem
+        class='username'>root</systemitem>) user:
+      </para>
 <screen role="root"><userinput>twadmin --create-polfile --site-keyfile /etc/tripwire/site.key \
 …
 tripwire --init</userinput></screen>
+    <para>Depending on your system and the contents of the policy file, the
+    initialization phase above can take a relatively long time.</para>
+      <para>
+        Depending on your system and the contents of the policy file, the
+        initialization phase above can take a relatively long time.
+      </para>
     </sect3>
 …
       <title>Usage Information</title>
+      <para><application>Tripwire</application> will identify file changes in
+      the critical system files specified in the policy file.  Using
+      <application>Tripwire</application> while making frequent changes to
+      these directories will flag all these changes.  It is most useful after a
+      system has reached a configuration that the user considers stable.</para>
+      <para>To use <application>Tripwire</application> after creating a policy
+      file to run a report, use the following command:</para>
+      <para>
+        <application>Tripwire</application> will identify file changes in
+        the critical system files specified in the policy file.  Using
+        <application>Tripwire</application> while making frequent changes to
+        these directories will flag all these changes.  It is most useful
+        after a system has reached a configuration that the user considers
+        stable.
+      </para>
+      <para>
+        To use <application>Tripwire</application> after creating a policy
+        file to run a report, use the following command:
+      </para>
 <screen role="root"><userinput>tripwire --check &gt; /etc/tripwire/report.txt</userinput></screen>
+      <para>View the output to check the integrity of your files. An automatic
+      integrity report can be produced by using a cron facility to schedule the
+      runs.</para>
+      <para>Reports are stored in binary and, if desired, encrypted.  View reports,
+      as the <systemitem class="username">root</systemitem> user, with:</para>
+<screen role="root"><userinput>twprint --print-report -r /var/lib/tripwire/report/<replaceable>&lt;report-name.twr&gt;</replaceable></userinput></screen>
+      <para>After you run an integrity check, you should examine the
+      report (or email) and then modify the <application>Tripwire</application>
+      database to reflect the changed files on your system. This is so that
+      <application>Tripwire</application> will not continually notify you that
+      files you intentionally changed are a security violation. To do this you
+      must first <command>ls -l /var/lib/tripwire/report/</command> and note
+      the name of the newest file which starts with your system name as
+      presented by the command <userinput>uname -n</userinput>
+      and ends in <filename>.twr</filename>. These files were created
+      during report creation and the most current one is needed to update the
+      <application>Tripwire</application> database of your system. As the
+      <systemitem class='username'>root</systemitem> user, type in the
+      following command making the appropriate report name:</para>
+<screen role="root"><userinput>tripwire --update --twrfile /var/lib/tripwire/report/<replaceable>&lt;report-name.twr&gt;</replaceable></userinput></screen>
+      <para>You will be placed into <application>Vim</application> with a copy
+      of the report in front of you. If all the changes were good, then just
+      type <command>:wq</command> and after entering your local key, the database
+      will be updated. If there are files which you still want to be warned
+      about, remove the 'x' before the filename in the report and type
+      <command>:wq</command>.</para>
+     <!-- 10-12-2013 bad URL and no good URL found
+      <para>A good summary of tripwire operations can be found at
+      <ulink url="http://va-holladays.no-ip.info:2200/tools/security-docs/tripwire-v1.0.pdf"/>.</para>
+     -->
+      <para>
+        View the output to check the integrity of your files. An automatic
+        integrity report can be produced by using a cron facility to schedule
+        the runs.
+      </para>
+      <para>
+        Reports are stored in binary and, if desired, encrypted.  View reports,
+        as the <systemitem class="username">root</systemitem> user, with:
+      </para>
+<screen role="nodump"><userinput>twprint --print-report -r /var/lib/tripwire/report/<replaceable>&lt;report-name.twr&gt;</replaceable></userinput></screen>
+      <para>
+        After you run an integrity check, you should examine the report (or
+        email) and then modify the <application>Tripwire</application> database
+        to reflect the changed files on your system. This is so that
+        <application>Tripwire</application> will not continually notify you
+        hat files you intentionally changed are a security violation. To do
+        this you must first <command>ls -l /var/lib/tripwire/report/</command>
+        and note the name of the newest file which starts with your system
+        name as presented by the command <userinput>uname -n</userinput> and
+        ends in <filename>.twr</filename>. These files were created during
+        report creation and the most current one is needed to update the
+        <application>Tripwire</application> database of your system. As the
+        <systemitem class='username'>root</systemitem> user, type in the
+        following command making the appropriate report name:
+      </para>
+<screen role="nodump"><userinput>tripwire --update --twrfile /var/lib/tripwire/report/<replaceable>&lt;report-name.twr&gt;</replaceable></userinput></screen>
+      <para>
+        You will be placed into <application>Vim</application> with a copy
+        of the report in front of you. If all the changes were good, then just
+        type <command>:wq</command> and after entering your local key, the
+        database will be updated. If there are files which you still want to
+        be warned about, remove the 'x' before the filename in the report and
+        type <command>:wq</command>.
+      </para>
     </sect3>
 …
       <title>Changing the Policy File</title>
+      <para>If you are unhappy with your policy file and would like to modify
+      it or use a new one, modify the policy file and then execute the following
+      commands as the <systemitem class='username'>root</systemitem> user:</para>
+<screen role="root"><userinput>twadmin --create-polfile /etc/tripwire/twpol.txt &amp;&amp;
+      <para>
+        If you are unhappy with your policy file and would like to modify it
+        or use a new one, modify the policy file and then execute the following
+        commands as the <systemitem class='username'>root</systemitem> user:
+      </para>
+<screen role="nodump"><userinput>twadmin --create-polfile /etc/tripwire/twpol.txt &amp;&amp;
 tripwire --init</userinput></screen>
 …
         <term><command>siggen</command></term>
         <listitem>
+          <para>is a signature gathering utility that displays
+          the hash function values for the specified files.</para>
+          <para>
+            is a signature gathering utility that displays
+            the hash function values for the specified files.
+          </para>
           <indexterm zone="tripwire siggen">
             <primary sortas="b-siggen">siggen</primary>
 …
         <term><command>tripwire</command></term>
         <listitem>
+          <para>is the main file integrity checking program.</para>
+          <para>
+            is the main file integrity checking program.
+          </para>
           <indexterm zone="tripwire tripwire">
             <primary sortas="b-tripwire">tripwire</primary>
 …
         <term><command>twadmin</command></term>
         <listitem>
+          <para>administrative and utility tool used to perform
+          certain administrative functions related to
+          <application>Tripwire</application> files and configuration
+          options.</para>
+          <para>
+            administrative and utility tool used to perform
+            certain administrative functions related to
+            <application>Tripwire</application> files and configuration
+            options.
+          </para>
           <indexterm zone="tripwire twadmin">
             <primary sortas="b-twadmin">twadmin</primary>
 …
         <term><command>twprint</command></term>
         <listitem>
+          <para>prints <application>Tripwire</application>
+          database and report files in clear text format.</para>
+          <para>
+            prints <application>Tripwire</application>
+            database and report files in clear text format.
+          </para>
           <indexterm zone="tripwire twprint">
             <primary sortas="b-twprint">twprint</primary>

postlfs/security/volume_key.xml

-              r914049f6
+              r47274444
     <note>
+      <para>This package expands to the directory
+            volume_key-volume_key-&volume_key-version;.
+      <para>
+        This package expands to the directory
+        volume_key-volume_key-&volume_key-version;.
       </para>
     </note>

postlfs/security/vulnerabilities.xml

-              r914049f6
+              r47274444
     <title>About vulnerabilities</title>
+    <para>All software has bugs. Sometimes, a bug can be exploited, for example
+    to allow users to gain enhanced privileges (perhaps gaining a root shell, or
+    simply accessing or deleting other user&apos;s files), or to allow a remote
+    site to crash an application (denial of service), or for theft of data. These
+    bugs are labelled as vulnerabilities.</para>
+    <para>The main place where vulnerabilities get logged is
+    <ulink url="http://cve.mitre.org">cve.mitre.org</ulink>.
+    Unfortunately, many vulnerability numbers (CVE-yyyy-nnnn) are initially only
+    labelled as "reserved" when distributions start issuing fixes.  Also, some
+    vulnerabilities apply to particular combinations of
+    <command>configure</command> options, or only apply to old versions of
+    packages which have long since been updated in BLFS.</para>
+    <para>BLFS differs from distributions - there is no BLFS security team, and
+    the editors only become aware of vulnerabilities after they are public
+    knowledge. Sometimes, a package with a vulnerability will not be updated in
+    the book for a long time.  Issues can be logged in the Trac system, which
+    might speed up resolution.</para>
+    <para>The normal way for BLFS to fix a vulnerability is, ideally, to update
+    the book to a new fixed release of the package.  Sometimes that happens even
+    before the vulnerability is public knowledge, so there is no guarantee that
+    it will be shown as a vulnerability fix in the Changelog. Alternatively, a
+    <command>sed</command> command, or a patch taken from a distribution, may be
+    appropriate.</para>
+    <para>The bottom line is that you are responsible for your own security, and
+    for assessing the potential impact of any problems.</para>
+    <para>To keep track of what is being discovered, you may wish to follow the
+    security announcements of one or more distributions.  For example, Debian has
+    <ulink url="http://www.debian.org/security">Debian security</ulink>.
+    Fedora's links on security are at
+    <ulink url="http://fedoraproject.org/wiki/Security">the Fedora wiki</ulink>.
+    Details of Gentoo linux security announcements are discussed at
+    <ulink url="https://security.gentoo.org">Gentoo security</ulink>.
+    Finally, the Slackware archives of security announcements are at
+    <ulink url="http://slackware.com/security">Slackware security</ulink>.
+    <para>
+      All software has bugs. Sometimes, a bug can be exploited, for example to
+      allow users to gain enhanced privileges (perhaps gaining a root shell,
+      or simply accessing or deleting other user&apos;s files), or to allow a
+      remote site to crash an application (denial of service), or for theft of
+      data. These bugs are labelled as vulnerabilities.
     </para>
+    <para>The most general English source is perhaps
+    <ulink url="http://seclists.org/fulldisclosure">the Full Disclosure Mailing
+    List</ulink>, but please read the comment on that page. If you use other
+    languages you may prefer other sites such as http://www.heise.de/security
+    <ulink url="http://www.heise.de/security">heise.de</ulink> (German) or
+    <ulink url="http://www.cert.hr">cert.hr</ulink> (Croatian). These are not
+    linux-specific. There is also a daily update at lwn.net for subscribers
+    (free access to the data after 2 weeks, but their vulnerabilities database at
+    <ulink url="http://lwn.net/Vulnerabilities/">lwn.net/Vulnerabilities</ulink>
+    is unrestricted).</para>
+    <para>
+      The main place where vulnerabilities get logged is
+      <ulink url="http://cve.mitre.org">cve.mitre.org</ulink>. Unfortunately,
+      many vulnerability numbers (CVE-yyyy-nnnn) are initially only labelled
+      as "reserved" when distributions start issuing fixes.  Also, some
+      vulnerabilities apply to particular combinations of
+      <command>configure</command> options, or only apply to old versions of
+      packages which have long since been updated in BLFS.
+    </para>
+    <para>For some packages, subscribing to their &apos;announce&apos; lists
+    will provide prompt news of newer versions.</para>
+    <para>
+      BLFS differs from distributions&mdash;there is no BLFS security team, and
+      the editors only become aware of vulnerabilities after they are public
+      knowledge. Sometimes, a package with a vulnerability will not be updated
+      in the book for a long time.  Issues can be logged in the Trac system,
+      which might speed up resolution.
+    </para>
+    <para>
+      The normal way for BLFS to fix a vulnerability is, ideally, to update
+      the book to a new fixed release of the package.  Sometimes that happens
+      even before the vulnerability is public knowledge, so there is no
+      guarantee that it will be shown as a vulnerability fix in the Changelog.
+      Alternatively, a <command>sed</command> command, or a patch taken from
+      a distribution, may be appropriate.
+    </para>
+    <para>
+      The bottom line is that you are responsible for your own security, and
+      for assessing the potential impact of any problems.
+    </para>
+    <para>
+      To keep track of what is being discovered, you may wish to follow the
+      security announcements of one or more distributions. For example, Debian
+      has <ulink url="http://www.debian.org/security">Debian security</ulink>.
+      Fedora's links on security are at <ulink
+        url="http://fedoraproject.org/wiki/Security">the Fedora wiki</ulink>.
+      Details of Gentoo linux security announcements are discussed at
+      <ulink url="https://security.gentoo.org">Gentoo security</ulink>.
+      Finally, the Slackware archives of security announcements are at
+      <ulink url="http://slackware.com/security">Slackware security</ulink>.
+    </para>
+    <para>
+      The most general English source is perhaps
+      <ulink url="http://seclists.org/fulldisclosure">the Full Disclosure
+      Mailing List</ulink>, but please read the comment on that page. If you
+      use other languages you may prefer other sites such as <ulink
+        url="http://www.heise.de/security">heise.de</ulink> (German) or <ulink
+        url="http://www.cert.hr">cert.hr</ulink> (Croatian). These are not
+      linux-specific. There is also a daily update at lwn.net for subscribers
+      (free access to the data after 2 weeks, but their vulnerabilities
+      database at <ulink
+        url="http://lwn.net/Vulnerabilities/">lwn.net/Vulnerabilities</ulink>
+      is unrestricted).
+    </para>
+    <para>
+      For some packages, subscribing to their &apos;announce&apos; lists
+      will provide prompt news of newer versions.
+    </para>
     <para condition="html" role="usernotes">User Notes:

postlfs/shells/dash.xml

-              r914049f6
+              r47274444
     <title>Introduction to Dash</title>
+    <para><application>Dash</application> is a POSIX compliant shell. It can be
+    installed as /bin/sh or as the default shell for either <systemitem
+    class="username">root</systemitem> or a second user with a userid of 0. It
+    depends on fewer libraries than the <application>Bash</application> shell
+    and is therefore less likely to be affected by an upgrade problem or disk
+    failure. <application>Dash</application> is also useful for checking that
+    a script is completely compatible with POSIX syntax.</para>
+    <para>
+      <application>Dash</application> is a POSIX compliant shell. It can be
+      installed as /bin/sh or as the default shell for either <systemitem
+      class="username">root</systemitem> or a second user with a userid of 0.
+      It depends on fewer libraries than the <application>Bash</application>
+      shell and is therefore less likely to be affected by an upgrade problem
+      or disk failure. <application>Dash</application> is also useful for
+      checking that a script is completely compatible with POSIX syntax.
+    </para>
     &lfs91_checked;
 …
     <itemizedlist spacing="compact">
       <listitem>
+        <para>Download (HTTP): <ulink url="&dash-download-http;"/></para>
+      </listitem>
+      <listitem>
+        <para>Download (FTP): <ulink url="&dash-download-ftp;"/></para>
+      </listitem>
+      <listitem>
+        <para>Download MD5 sum: &dash-md5sum;</para>
+      </listitem>
+      <listitem>
+        <para>Download size: &dash-size;</para>
+      </listitem>
+      <listitem>
+        <para>Estimated disk space required: &dash-buildsize;</para>
+      </listitem>
+      <listitem>
+        <para>Estimated build time: &dash-time;</para>
+        <para>
+          Download (HTTP): <ulink url="&dash-download-http;"/>
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download (FTP): <ulink url="&dash-download-ftp;"/>
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download MD5 sum: &dash-md5sum;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download size: &dash-size;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Estimated disk space required: &dash-buildsize;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Estimated build time: &dash-time;
+        </para>
       </listitem>
     </itemizedlist>
 …
     <bridgehead renderas="sect4">Optional</bridgehead>
+    <para role="optional"><ulink url="http://www.thrysoee.dk/editline/">libedit</ulink>
+    (command line editor library)</para>
+    <para role="optional">
+      <ulink url="http://www.thrysoee.dk/editline/">libedit</ulink>
+      (command line editor library)
+    </para>
     <para condition="html" role="usernotes">User Notes:
 …
     <title>Installation of Dash</title>
+    <para>Install <application>Dash</application> by running the following
+    commands:</para>
+    <para>
+      Install <application>Dash</application> by running the following
+      commands:
+    </para>
 <screen><userinput>./configure --bindir=/bin --mandir=/usr/share/man &amp;&amp;
 make</userinput></screen>
+    <para>This package does not come with a test suite.</para>
+    <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
+    <para>
+      This package does not come with a test suite.
+    </para>
+    <para>
+      Now, as the <systemitem class="username">root</systemitem> user:
+    </para>
 <screen role="root"><userinput>make install</userinput></screen>
+    <para>If you would like to make <command>dash</command> the default
+    <command>sh</command>, recreate the <filename>/bin/sh</filename>
+    symlink as the <systemitem class="username">root</systemitem> user:</para>
+    <note><para>If you create the symbolic link from <command>dash</command>
+    to  <command>sh</command>, you will need to reset the link to
+    <command>bash</command> to build LFS.  </para></note>
+    <para>
+      If you would like to make <command>dash</command> the default
+      <command>sh</command>, recreate the <filename>/bin/sh</filename>
+      symlink as the <systemitem class="username">root</systemitem> user:
+    </para>
+    <note>
+      <para>
+        If you create the symbolic link from <command>dash</command>
+        to  <command>sh</command>, you will need to reset the link to
+        <command>bash</command> to build LFS.
+      </para>
+    </note>
 <screen role="nodump"><userinput>ln -svf dash /bin/sh</userinput></screen>
 …
     <title>Command Explanations</title>
+    <para><parameter>--bindir=/bin</parameter>: This parameter places the
+    <command>dash</command> binary into the root filesystem.</para>
+    <para><option>--with-libedit</option>: To compile <application>Dash</application>
+    with libedit support.</para>
+    <para>
+      <parameter>--bindir=/bin</parameter>: This parameter places the
+      <command>dash</command> binary into the root filesystem.
+    </para>
+    <para>
+      <option>--with-libedit</option>: To compile
+      <application>Dash</application> with libedit support.
+    </para>
   </sect2>
 …
       <title>Config Files</title>
+      <para><application>Dash</application> sources
+      <filename>/etc/profile</filename> and
+      <filename>~/.profile</filename></para>
+      <para>
+        <application>Dash</application> sources
+        <filename>/etc/profile</filename> and
+        <filename>~/.profile</filename>
+      </para>
       <indexterm zone="dash dash-config">
 …
       <title>Configuration Information</title>
+      <para>Update <filename>/etc/shells</filename> to include the
+      <application>Dash</application> shell by issuing the following command
+      as the <systemitem class="username">root</systemitem> user:</para>
+      <para>
+        Update <filename>/etc/shells</filename> to include the
+        <application>Dash</application> shell by issuing the following command
+        as the <systemitem class="username">root</systemitem> user:
+      </para>
 <screen role="root"><userinput>cat &gt;&gt; /etc/shells &lt;&lt; "EOF"
 …
         <term><command>dash</command></term>
         <listitem>
+          <para>is a POSIX compliant shell.</para>
+          <para>
+            is a POSIX compliant shell.
+          </para>
           <indexterm zone="dash dash-prog">
             <primary sortas="b-dash">dash</primary>

postlfs/virtualization/qemu.xml

-              r914049f6
+              r47274444
     <title>Introduction to qemu</title>
+    <para><application>qemu</application> is a full virtualization solution
+    for Linux on x86 hardware containing virtualization extensions (Intel VT or
+    AMD-V).</para>
+    <para>
+      <application>qemu</application> is a full virtualization solution for
+      Linux on x86 hardware containing virtualization extensions (Intel VT or
+      AMD-V).
+    </para>
     &lfs91_checked;
 …
     <itemizedlist spacing="compact">
       <listitem>
+        <para>Download (HTTP): <ulink url="&qemu-download-http;"/></para>
+        <para>
+          Download (HTTP): <ulink url="&qemu-download-http;"/>
+        </para>
       </listitem>
       <listitem>
+        <para>Download (FTP): <ulink url="&qemu-download-ftp;"/></para>
+        <para>
+          Download (FTP): <ulink url="&qemu-download-ftp;"/>
+        </para>
       </listitem>
       <listitem>
+        <para>Download MD5 sum: &qemu-md5sum;</para>
+        <para>
+          Download MD5 sum: &qemu-md5sum;
+        </para>
       </listitem>
       <listitem>
+        <para>Download size: &qemu-size;</para>
+        <para>
+          Download size: &qemu-size;
+        </para>
       </listitem>
       <listitem>
+        <para>Estimated disk space required: &qemu-buildsize;</para>
+        <para>
+          Estimated disk space required: &qemu-buildsize;
+        </para>
       </listitem>
       <listitem>
+        <para>Estimated build time: &qemu-time;</para>
+        <para>
+          Estimated build time: &qemu-time;
+        </para>
       </listitem>
     </itemizedlist>
 …
     <title>KVM Prerequisites</title>
+    <para>Before building <application>qemu</application>, check to see if
+    your processor supports Virtualization Technology (VT):</para>
+    <para>
+      Before building <application>qemu</application>, check to see if
+      your processor supports Virtualization Technology (VT):
+    </para>
     <screen><userinput>egrep '^flags.*(vmx|svm)' /proc/cpuinfo</userinput></screen>
+    <para>If you get any output, you have VT technology (vmx for Intel
+    processors and svm for AMD processors).  You then need to go into your
+    system BIOS and ensure it is enabled.  After enabing, reboot back to your
+    LFS instance.</para>
+    <para>
+      If you get any output, you have VT technology (vmx for Intel
+      processors and svm for AMD processors).  You then need to go into your
+      system BIOS and ensure it is enabled.  After enabing, reboot back to your
+      LFS instance.
+    </para>
   </sect2>
 …
     <title>Kernel Configuration</title>
+    <para>Enable the following options in the kernel configuration and
+    recompile the kernel if necessary:</para>
+    <para>
+      Enable the following options in the kernel configuration and
+      recompile the kernel if necessary:
+    </para>
 <screen><literal>[*] Virtualization:  ---&gt;                            [CONFIG_VIRTUALIZATION]
 …
     </indexterm>
+    <para>The Intel or AMD settings are not both required, but the one matching
+    your system processor is required.</para>
+    <para>
+      The Intel or AMD settings are not both required, but the one matching
+      your system processor is required.
+    </para>
     <para>
 …
 <screen role="root"><userinput>usermod -a -G kvm <replaceable>&lt;username&gt;</replaceable></userinput></screen>
+    <para>Install <application>qemu</application> by running the following
+    commands:</para>
+    <note><para>Qemu is capable of running many targets.  The build process
+    is also capable of building multiple targets at one time in a
+    comma delimited list assigned to <option>--target-list</option>. Run
+    <command>./configure --help</command> to get a complete list of
+    available targets.</para></note>
+    <para>
+      Install <application>qemu</application> by running the following
+      commands:
+    </para>
+    <note>
+      <para>
+        Qemu is capable of running many targets.  The build process
+        is also capable of building multiple targets at one time in a
+        comma delimited list assigned to <option>--target-list</option>. Run
+        <command>./configure --help</command> to get a complete list of
+        available targets.
+      </para>
+    </note>
 …
     <note>
+      <para>For convenience you may want to create a symbolic link to run
+      the installed program. For instance:</para>
+      <para>
+      For convenience you may want to create a symbolic link to run
+      the installed program. For instance:
+    </para>
 <screen role="root"><userinput>ln -sv qemu-system-`uname -m` /usr/bin/qemu</userinput></screen>
 …
       added as needed when qemu is started.
     </para>
+<!-- Place holder for systemd: bridgeutils page does not have configuration
+     information for systemd:
     <para revision="systemd">
+      TODO
+    </para>-->
+    <para revision="systemd"><!-- On SYS-V, IP_FORWARD is enabled by the
+                                  bridge script. -->
+      <!-- On SYS-V, IP_FORWARD is enabled by the bridge script. -->
       Allow the host to forward IP packets:
     </para>
 …
         <term><command>ivshmem-client</command></term>
         <listitem>
+          <para>is a standalone client for using the ivshmem device.</para>
+          <para>
+            is a standalone client for using the ivshmem device.
+          </para>
           <indexterm zone="qemu ivshmem-client">
             <primary sortas="b-ivshmem-client">ivshmem-client</primary>
 …
         <term><command>ivshmem-server</command></term>
         <listitem>
+          <para>is an example server for the ivshmem device.</para>
+          <para>
+            is an example server for the ivshmem device.
+          </para>
           <indexterm zone="qemu ivshmem-server">
             <primary sortas="b-ivshmem-server">ivshmem-server</primary>
 …
         <term><command>qemu-edid</command></term>
         <listitem>
+          <para>is a test tool for the qemu EDID generator.</para>
+          <para>
+            is a test tool for the qemu EDID generator.
+          </para>
           <indexterm zone="qemu qemu-edid">
             <primary sortas="b-qemu-edid">qemu-edid</primary>
 …
         <term><command>qemu-ga</command></term>
         <listitem>
+          <para>implements support for QMP (QEMU Monitor Protocol) commands and
+          events that terminate and originate respectively within the guest
+          using an agent built as part of QEMU.</para>
+          <para>
+            implements support for QMP (QEMU Monitor Protocol) commands and
+            events that terminate and originate respectively within the guest
+            using an agent built as part of QEMU.
+          </para>
           <indexterm zone="qemu qemu-ga">
             <primary sortas="b-qemu-ga">qemu-ga</primary>
 …
         <term><command>qemu-img</command></term>
         <listitem>
+          <para>provides commands to manage QEMU disk images.</para>
+          <para>
+            provides commands to manage QEMU disk images.
+          </para>
           <indexterm zone="qemu qemu-img">
             <primary sortas="b-qemu-img">qemu-img</primary>
 …
         <term><command>qemu-io</command></term>
         <listitem>
+          <para>is a diagnostic and manipulation program for (virtual) memory
+          media.  It is still at an early stage of development.</para>
+          <para>
+            is a diagnostic and manipulation program for (virtual) memory
+            media.  It is still at an early stage of development.
+          </para>
           <indexterm zone="qemu qemu-io">
             <primary sortas="b-qemu-io">qemu-io</primary>
 …
         <term><command>qemu-nbd</command></term>
         <listitem>
+          <para>exports Qemu disk images using the QEMU Disk Network Block
+          Device (NBD) protocol.</para>
+          <para>
+            exports Qemu disk images using the QEMU Disk Network Block
+            Device (NBD) protocol.
+          </para>
           <indexterm zone="qemu qemu-nbd">
             <primary sortas="b-qemu-nbd">qemu-nbd</primary>
 …
         <term><command>qemu-system-x86_64</command></term>
         <listitem>
+          <para>is the QEMU PC System emulator.</para>
+          <para>
+            is the QEMU PC System emulator.
+          </para>
           <indexterm zone="qemu qemu-system">
             <primary sortas="b-qemu-system">qemu-system-x86_64</primary>
 …
         <term><command>virtfs-proxy-helper</command></term>
         <listitem>
+          <para>creates a socket pair or a named socket. QEMU and proxy helper
+           communicate using this socket. QEMU proxy fs driver sends
+           filesystem request to proxy helper and receives the response
+           from it.</para>
+          <para>
+            creates a socket pair or a named socket. QEMU and proxy helper
+            communicate using this socket. QEMU proxy fs driver sends
+            filesystem request to proxy helper and receives the response
+            from it.
+          </para>
           <indexterm zone="qemu virtfs-proxy-helper">
             <primary sortas="b-virtfs-proxy-helper">virtfs-proxy-helper</primary>

pst/ps/paps.xml

-              r914049f6
+              r47274444
     <title>Introduction to paps</title>
+    <para><application>paps</application> is a text to PostScript converter
+    that works through <application>Pango</application>. Its input is a UTF-8
+    encoded text file and it outputs vectorized PostScript. It may be used for
+    printing any complex script supported by <application>Pango</application>.
+    <para>
+      <application>paps</application> is a text to PostScript converter that
+      works through <application>Pango</application>. Its input is a UTF-8
+      encoded text file and it outputs vectorized PostScript. It may be used
+      for printing any complex script supported by
+      <application>Pango</application>.
     </para>
 …
     <itemizedlist spacing="compact">
       <listitem>
+        <para>Download (HTTP): <ulink url="&paps-download-http;"/></para>
+        <para>
+          Download (HTTP): <ulink url="&paps-download-http;"/>
+        </para>
       </listitem>
       <listitem>
+        <para>Download (FTP): <ulink url="&paps-download-ftp;"/></para>
+        <para>
+          Download (FTP): <ulink url="&paps-download-ftp;"/>
+        </para>
       </listitem>
       <listitem>
+        <para>Download MD5 sum: &paps-md5sum;</para>
+        <para>
+          Download MD5 sum: &paps-md5sum;
+        </para>
       </listitem>
       <listitem>
+        <para>Download size: &paps-size;</para>
+        <para>
+          Download size: &paps-size;
+        </para>
       </listitem>
       <listitem>
+        <para>Estimated disk space required: &paps-buildsize;</para>
+        <para>
+          Estimated disk space required: &paps-buildsize;
+        </para>
       </listitem>
       <listitem>
+        <para>Estimated build time: &paps-time;</para>
+        <para>
+          Estimated build time: &paps-time;
+        </para>
       </listitem>
     </itemizedlist>
 …
     <bridgehead renderas="sect3">paps Dependencies</bridgehead>
     <bridgehead renderas="sect4">Required</bridgehead>
+    <para role="required"><xref linkend="pango"/></para>
+    <para role="required">
+      <xref linkend="pango"/>
+    </para>
     <bridgehead renderas="sect4">Optional</bridgehead>
+    <para role="optional"><xref linkend="doxygen"/></para>
+    <para role="optional">
+      <xref linkend="doxygen"/>
+    </para>
     <para condition="html" role="usernotes">User Notes:
 …
     <title>Installation of paps</title>
+    <para>Install <application>paps</application> by running the following
+    commands:</para>
+    <para>
+      Install <application>paps</application> by running the following
+      commands:
+    </para>
 <screen><userinput>./configure --prefix=/usr --mandir=/usr/share/man &amp;&amp;
 make</userinput></screen>
+    <para>This package does not come with a test suite.</para>
+    <para>
+      This package does not come with a test suite.
+    </para>
+    <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
+    <para>
+      Now, as the <systemitem class="username">root</systemitem> user:
+    </para>
 <screen role="root"><userinput>make install</userinput></screen>
 …
         <term><command>paps</command></term>
         <listitem>
+          <para>is a text to PostScript converter that supports UTF-8
+          character encoding.</para>
+          <para>
+            is a text to PostScript converter that supports UTF-8
+            character encoding.
+          </para>
           <indexterm zone="paps paps-prog">
             <primary sortas="b-paps">paps</primary>

pst/sgml/docbook-dsssl.xml

-              r914049f6
+              r47274444
   <!ENTITY % general-entities SYSTEM "../../general.ent">
   %general-entities;
-    <!-- Inserted as a reminder to do this. The mention of a test suite
-         is usually right before the root user installation commands. Please
-         delete these 12 (including one blank) lines after you are done.-->
-    <!-- Use one of the two mentions below about a test suite,
-         delete the line that is not applicable. Of course, if the
-         test suite uses syntax other than "make check", revise the
-         line to reflect the actual syntax to run the test suite -->
-    <!-- <para>This package does not come with a test suite.</para> -->
-    <!-- <para>To test the results, issue: <command>make check</command>.</para> -->
   <!ENTITY docbook-dsssl-download-http "&sourceforge-dl;/docbook/docbook-dsssl-&docbook-dsssl-version;.tar.bz2">
 …
     <title>Introduction to DocBook DSSSL Stylesheets</title>
+    <para>The <application>DocBook DSSSL Stylesheets</application> package
+    contains DSSSL stylesheets. These are used by
+    <application>OpenJade</application> or other tools to transform SGML
+    and XML DocBook files.</para>
+    <para>
+      The <application>DocBook DSSSL Stylesheets</application> package
+      contains DSSSL stylesheets. These are used by
+      <application>OpenJade</application> or other tools to transform SGML
+      and XML DocBook files.
+    </para>
     &lfs91_checked;
 …
     <itemizedlist spacing="compact">
       <listitem>
+        <para>Download (HTTP): <ulink url="&docbook-dsssl-download-http;"/></para>
+      </listitem>
+      <listitem>
+        <para>Download (FTP): <ulink url="&docbook-dsssl-download-ftp;"/></para>
+      </listitem>
+      <listitem>
+        <para>Download MD5 sum: &docbook-dsssl-md5sum;</para>
+      </listitem>
+      <listitem>
+        <para>Download size: &docbook-dsssl-size;</para>
+      </listitem>
+      <listitem>
+        <para>Estimated disk space required: &docbook-dsssl-buildsize;</para>
+      </listitem>
+      <listitem>
+        <para>Estimated build time: &docbook-dsssl-time;</para>
+        <para>
+          Download (HTTP): <ulink url="&docbook-dsssl-download-http;"/>
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download (FTP): <ulink url="&docbook-dsssl-download-ftp;"/>
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download MD5 sum: &docbook-dsssl-md5sum;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download size: &docbook-dsssl-size;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Estimated disk space required: &docbook-dsssl-buildsize;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Estimated build time: &docbook-dsssl-time;
+        </para>
       </listitem>
     </itemizedlist>
 …
       <listitem>
+        <para>Download (HTTP):
+        <ulink url="&docbook-dsssl-doc-download-http;"/></para></listitem>
+      <listitem>
+        <para>Download MD5 sum: &docbook-dsssl-doc-md5sum;</para>
+      </listitem>
+      <listitem>
+        <para>Download size: &docbook-dsssl-doc-size;</para>
+        <para>
+          Download (HTTP):
+          <ulink url="&docbook-dsssl-doc-download-http;"/>
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download MD5 sum: &docbook-dsssl-doc-md5sum;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download size: &docbook-dsssl-doc-size;
+        </para>
       </listitem>
     </itemizedlist>
 …
     <bridgehead renderas="sect4">Required</bridgehead>
+    <para role="required"><xref linkend="sgml-common"/></para>
+    <para role="required">
+      <xref linkend="sgml-common"/>
+    </para>
     <bridgehead renderas="sect4">Required (to Test the DocBook SGML
+    Toolchain)</bridgehead>
+    <para role="required"><xref linkend="sgml-dtd-3"/>,
+    <xref linkend="sgml-dtd"/>,
+    <xref linkend="opensp"/> and
+    <xref linkend="openjade"/></para>
+      Toolchain)</bridgehead>
+    <para role="required">
+      <xref linkend="sgml-dtd-3"/>,
+      <xref linkend="sgml-dtd"/>,
+      <xref linkend="opensp"/>, and
+      <xref linkend="openjade"/>
+    </para>
     <para condition="html" role="usernotes">User Notes:
 …
     <title>Installation of DocBook DSSSL Stylesheets</title>
+    <para>If you downloaded the documentation, run:</para>
+    <para>
+      If you downloaded the documentation, run:
+    </para>
 <screen><userinput>tar -xf ../docbook-dsssl-doc-1.79.tar.bz2 --strip-components=1</userinput></screen>
+    <para>Install <application>DocBook DSSSL Stylesheets</application> by running
+    the following commands as the <systemitem class="username">root</systemitem>
+    user:</para>
+    <para>
+      Install <application>DocBook DSSSL Stylesheets</application> by running
+      the following commands as the <systemitem
+      class="username">root</systemitem> user:
+    </para>
 <screen role="root"><userinput>install -v -m755 bin/collateindex.pl /usr/bin                      &amp;&amp;
 …
     <title>Command Explanations</title>
+    <para>The above commands create an installation script for this
+    package.</para>
+    <para>
+      The above commands create an installation script for this package.
+    </para>
   </sect2>
 …
     <title>Testing the DocBook SGML Toolchain (Optional)</title>
+    <para>The following commands will perform the necessary tests to confirm
+    that your installed DocBook SGML toolchain will produce desired results.
+    You must have the <xref linkend="sgml-dtd-3"/>, <xref linkend="sgml-dtd"/>,
+    <xref linkend="opensp"/> and <xref linkend="openjade"/> packages installed
+    and perform the tests as the
+    <systemitem class="username">root</systemitem> user.</para>
+    <para>All tests will be performed from the <filename class='directory'>
+    /usr/share/sgml/docbook/dsssl-stylesheets-&docbook-dsssl-version;/doc/testdata</filename>
+    directory as the <systemitem class="username">root</systemitem> user:</para>
+    <para>
+      The following commands will perform the necessary tests to confirm
+      that your installed DocBook SGML toolchain will produce desired results.
+      You must have the <xref linkend="sgml-dtd-3"/>,
+      <xref linkend="sgml-dtd"/>, <xref linkend="opensp"/>,
+      and <xref linkend="openjade"/> packages installed,
+      and perform the tests as the
+      <systemitem class="username">root</systemitem> user.
+    </para>
+    <para>
+      All tests will be performed from the <filename class='directory'>
+      /usr/share/sgml/docbook/dsssl-stylesheets-&docbook-dsssl-version;/doc/testdata
+      </filename>
+      directory as the <systemitem class="username">root</systemitem> user:
+    </para>
 <screen role="root"><userinput>cd /usr/share/sgml/docbook/dsssl-stylesheets-&docbook-dsssl-version;/doc/testdata</userinput></screen>
+    <para>The first test should produce no output to stdout (your screen) and
+    create a file named <filename>jtest.rtf</filename> in the current
+    directory:</para>
+    <para>
+      The first test should produce no output to stdout (your screen) and
+      create a file named <filename>jtest.rtf</filename> in the current
+      directory:
+    </para>
 <screen role="root"><userinput>openjade -t rtf -d jtest.dsl jtest.sgm</userinput></screen>
+    <para>The next test should return only the following line to stdout:
+    <computeroutput>onsgmls:I: "OpenSP" version "&opensp-version;"</computeroutput></para>
+    <para>
+      The next test should return only the following line to stdout:
+      <computeroutput>onsgmls:I: "OpenSP" version "&opensp-version;"</computeroutput>
+    </para>
 <screen role="root"><userinput>onsgmls -sv test.sgm</userinput></screen>
+    <para>The next test should produce no output to stdout and create a file
+    named <filename>test.rtf</filename> in the current directory:</para>
+    <para>
+      The next test should produce no output to stdout and create a file
+      named <filename>test.rtf</filename> in the current directory:
+    </para>
 <screen role="root"><userinput>openjade -t rtf \
 …
     test.sgm</userinput></screen>
+    <para>The last test should produce no output to stdout and create a file
+    named <filename>c1.htm</filename> in the current directory:</para>
+    <para>
+      The last test should produce no output to stdout and create a file
+      named <filename>c1.htm</filename> in the current directory:
+    </para>
 <screen role="root"><userinput>openjade -t sgml \
 …
     test.sgm</userinput></screen>
+    <para>Finally, clean up:</para>
+    <para>
+      Finally, clean up:
+    </para>
 <screen role="root"><userinput>rm jtest.rtf test.rtf c1.htm</userinput></screen>
 …
         <term><command>collateindex.pl</command></term>
         <listitem>
+          <para>is a <application>Perl</application> script that creates a
+          DocBook index from raw index data.</para>
+          <para>
+            is a <application>Perl</application> script that creates a
+            DocBook index from raw index data.
+          </para>
           <indexterm zone="docbook-dsssl collateindex.pl">
             <primary sortas="b-collateindex.pl">collateindex.pl</primary>

pst/sgml/openjade.xml

-              r914049f6
+              r47274444
     <title>Introduction to OpenJade</title>
+    <para>The <application>OpenJade</application> package contains a
+    DSSSL engine. This is useful for SGML and XML transformations into
+    RTF, TeX, SGML and XML.</para>
+    <para>
+      The <application>OpenJade</application> package contains a
+      DSSSL engine. This is useful for SGML and XML transformations into
+      RTF, TeX, SGML and XML.
+    </para>
     &lfs91_checked;
 …
     <itemizedlist spacing="compact">
       <listitem>
+        <para>Download (HTTP): <ulink url="&openjade-download-http;"/></para>
+      </listitem>
+      <listitem>
+        <para>Download (FTP): <ulink url="&openjade-download-ftp;"/></para>
+      </listitem>
+      <listitem>
+        <para>Download MD5 sum: &openjade-md5sum;</para>
+      </listitem>
+      <listitem>
+        <para>Download size: &openjade-size;</para>
+      </listitem>
+      <listitem>
+        <para>Estimated disk space required: &openjade-buildsize;</para>
+      </listitem>
+      <listitem>
+        <para>Estimated build time: &openjade-time;</para>
+        <para>
+          Download (HTTP): <ulink url="&openjade-download-http;"/>
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download (FTP): <ulink url="&openjade-download-ftp;"/>
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download MD5 sum: &openjade-md5sum;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download size: &openjade-size;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Estimated disk space required: &openjade-buildsize;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Estimated build time: &openjade-time;
+        </para>
       </listitem>
     </itemizedlist>
 …
       <listitem>
         <para>
           Required patch:
           <ulink url="&patch-root;/openjade-&openjade-version;-upstream-1.patch"/>
+          Required patch: <ulink
+            url="&patch-root;/openjade-&openjade-version;-upstream-1.patch"/>
         </para>
       </listitem>
 …
     <bridgehead renderas="sect4">Required</bridgehead>
+    <para role="required"><xref linkend="opensp"/></para>
+    <para role="required">
+      <xref linkend="opensp"/>
+    </para>
     <para condition="html" role="usernotes">User Notes:
 …
     <title>Installation of OpenJade</title>
+    <para>First fix problems when building with newer compilers:</para>
+    <para>
+      First fix problems when building with newer compilers:
+    </para>
 <screen><userinput>patch -Np1 -i ../openjade-&openjade-version;-upstream-1.patch</userinput></screen>
+    <para>Now fix a compilation problem with perl-5.16 and later:</para>
+    <para>
+      Now fix a compilation problem with perl-5.16 and later:
+    </para>
 <screen><userinput>sed -i -e '/getopts/{N;s#&amp;G#g#;s#do .getopts.pl.;##;}' \
        -e '/use POSIX/ause Getopt::Std;' msggen.pl</userinput></screen>
+    <para>Install <application>OpenJade</application> by running the following
+    commands:</para>
+    <para>
+      Install <application>OpenJade</application> by running the following
+      commands:
+    </para>
 <screen><userinput>export CXXFLAGS="$CXXFLAGS -fno-lifetime-dse"            &amp;&amp;
 …
 make</userinput></screen>
+    <para>This package does not come with a test suite.</para>
+    <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
+    <para>
+      This package does not come with a test suite.
+    </para>
+    <para>
+      Now, as the <systemitem class="username">root</systemitem> user:
+    </para>
 <!-- Be careful of spacing here -->
 …
     <title>Command Explanations</title>
+    <para><command>export CXXFLAGS=...</command>: This command prevents
+    segmentation faults when the package is compiled with
+    <application>gcc-6.1</application>.</para>
+    <para><command>make install-man</command>: This command installs the
+    <command>openjade</command> man page.</para>
+    <para><parameter>--disable-static</parameter>: This switch prevents
+    the building of the static library.</para>
+    <para><parameter>--enable-http</parameter>: This switch adds support
+    for HTTP.</para>
+    <para><parameter>--enable-default-catalog=/etc/sgml/catalog</parameter>: This
+    switch sets the path to the centralized catalog.</para>
+    <para><parameter>--enable-default-search-path</parameter>: This switch
+    sets the default value of <envar>SGML_SEARCH_PATH</envar>.</para>
+    <para>
+    <parameter>--datadir=/usr/share/sgml/openjade-&openjade-version;</parameter>:
+    This switch puts data files in
+    <filename>/usr/share/sgml/openjade-&openjade-version;</filename> instead of
+    <filename class="directory">/usr/share</filename>.</para>
+    <para><command>ln -v -sf ...</command>: These commands create the
+    <application>Jade</application> equivalents of
+    <application>OpenJade</application> executables and libraries.</para>
+    <para>
+      <command>export CXXFLAGS=...</command>: This command prevents
+      segmentation faults when the package is compiled with
+      <application>gcc-6.1</application>.
+    </para>
+    <para>
+      <command>make install-man</command>: This command installs the
+      <command>openjade</command> man page.
+    </para>
+    <para>
+      <parameter>--disable-static</parameter>: This switch prevents
+      the building of the static library.
+    </para>
+    <para>
+      <parameter>--enable-http</parameter>: This switch adds support
+      for HTTP.
+    </para>
+    <para>
+      <parameter>--enable-default-catalog=/etc/sgml/catalog</parameter>: This
+      switch sets the path to the centralized catalog.
+    </para>
+    <para>
+      <parameter>--enable-default-search-path</parameter>: This switch
+      sets the default value of <envar>SGML_SEARCH_PATH</envar>.
+    </para>
+    <para>
+      <parameter>
+        --datadir=/usr/share/sgml/openjade-&openjade-version;</parameter>:
+      This switch puts data files in
+      <filename>/usr/share/sgml/openjade-&openjade-version;</filename> instead
+      of <filename class="directory">/usr/share</filename>.
+    </para>
+    <para>
+      <command>ln -v -sf ...</command>: These commands create the
+      <application>Jade</application> equivalents of
+      <application>OpenJade</application> executables and libraries.
+    </para>
   </sect2>
 …
       <title>Configuration Information</title>
+      <para>As the <systemitem class="username">root</systemitem> user:</para>
+      <para>
+        As the <systemitem class="username">root</systemitem> user:
+      </para>
 <screen role="root"><userinput>echo "SYSTEM \"http://www.oasis-open.org/docbook/xml/&DocBook-version;/docbookx.dtd\" \
 …
     /usr/share/sgml/openjade-&openjade-version;/catalog</userinput></screen>
+      <para>This configuration is only necessary if you intend to use
+      <application>OpenJade</application> to process the BLFS XML files through
+      DSSSL Stylesheets.</para>
+      <para>
+        This configuration is only necessary if you intend to use
+        <application>OpenJade</application> to process the BLFS XML files
+        through DSSSL Stylesheets.
+      </para>
     </sect3>
 …
         <term><command>openjade</command></term>
         <listitem>
+          <para>is a DSSSL engine used for transformations.</para>
+          <para>
+            is a DSSSL engine used for transformations.
+          </para>
           <indexterm zone="openjade openjade-prog">
             <primary sortas="b-openjade">openjade</primary>
 …
         <term><command>jade</command></term>
         <listitem>
+          <para>is a symlink to <command>openjade</command>.</para>
+          <para>
+            is a symlink to <command>openjade</command>.
+          </para>
           <indexterm zone="openjade jade">
             <primary sortas="b-jade">jade</primary>

pst/sgml/opensp.xml

-              r914049f6
+              r47274444
     <title>Introduction to OpenSP</title>
+    <para>The <application>OpenSP</application> package contains a
+    <application>C++</application> library for using SGML/XML files.
+    This is useful for validating, parsing and manipulating SGML and XML
+    documents.</para>
+    <para>
+      The <application>OpenSP</application> package contains a
+      <application>C++</application> library for using SGML/XML files.
+      This is useful for validating, parsing and manipulating SGML and XML
+      documents.
+    </para>
     &lfs91_checked;
 …
     <itemizedlist spacing="compact">
       <listitem>
+        <para>Download (HTTP): <ulink url="&opensp-download-http;"/></para>
+      </listitem>
+      <listitem>
+        <para>Download (FTP): <ulink url="&opensp-download-ftp;"/></para>
+      </listitem>
+      <listitem>
+        <para>Download MD5 sum: &opensp-md5sum;</para>
+      </listitem>
+      <listitem>
+        <para>Download size: &opensp-size;</para>
+      </listitem>
+      <listitem>
+        <para>Estimated disk space required: &opensp-buildsize;</para>
+      </listitem>
+      <listitem>
+        <para>Estimated build time: &opensp-time;</para>
+        <para>
+          Download (HTTP): <ulink url="&opensp-download-http;"/>
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download (FTP): <ulink url="&opensp-download-ftp;"/>
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download MD5 sum: &opensp-md5sum;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download size: &opensp-size;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Estimated disk space required: &opensp-buildsize;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Estimated build time: &opensp-time;
+        </para>
       </listitem>
     </itemizedlist>
 …
     <bridgehead renderas="sect4">Required</bridgehead>
+    <para role="required"><xref linkend="sgml-common"/></para>
+    <para role="required">
+      <xref linkend="sgml-common"/>
+    </para>
     <bridgehead renderas="sect4">Optional</bridgehead>
+    <para role="optional"><xref linkend="xmlto"/></para>
+    <para role="optional">
+      <xref linkend="xmlto"/>
+    </para>
     <para condition="html" role="usernotes">User Notes:
 …
     <title>Installation of OpenSP</title>
+    <para>Install <application>OpenSP</application> by running the following
+    commands:</para>
+    <para>
+      Install <application>OpenSP</application> by running the following
+      commands:
+    </para>
 <screen><userinput>sed -i 's/32,/253,/' lib/Syntax.cxx &amp;&amp;
 …
 make pkgdatadir=/usr/share/sgml/OpenSP-&opensp-version;</userinput></screen>
+    <para>To test the results, issue: <command>make check</command>. As many as
+    nine of the 23 tests may fail. Do not be alarmed.</para>
+    <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
+    <para>
+      To test the results, issue: <command>make check</command>. As many as
+      nine of the 23 tests may fail. Do not be alarmed.
+    </para>
+    <para>
+      Now, as the <systemitem class="username">root</systemitem> user:
+    </para>
 <screen role="root"><userinput>make pkgdatadir=/usr/share/sgml/OpenSP-&opensp-version; \
 …
     <title>Command Explanations</title>
+    <para><command>sed -i 's/32,/253,/...unicode.syn}</command>:
+    These seds prevent some annoying messages that may otherwise appear
+    while running <command>openjade</command>.</para>
+    <para>
+      <command>sed -i 's/32,/253,/...unicode.syn}</command>:
+      These seds prevent some annoying messages that may otherwise appear
+      while running <command>openjade</command>.
+    </para>
     <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
       href="../../xincludes/static-libraries.xml"/>
+    <para><parameter>--enable-http</parameter>: This switch adds support
+    for HTTP.</para>
+    <para><parameter>--disable-doc-build</parameter>: This switch prevents the
+    <command>configure</command> script checking if you have
+    <application>xmlto</application> installed. If you have
+    <application>xmlto</application>, you can remove this option.</para>
+    <para><parameter>--enable-default-catalog=/etc/sgml/catalog</parameter>:
+    This switch sets the path to the centralized catalog.</para>
+    <para><parameter>--enable-default-search-path</parameter>: This switch
+    sets the default value of <envar>SGML_SEARCH_PATH</envar>.</para>
+    <para><option>--enable-xml-messages</option>: This switch adds
+    support for XML Formatted Messages.</para>
+    <para><command>make
+    pkgdatadir=/usr/share/sgml/OpenSP-&opensp-version;</command>: This sets the
+    pkgdatadir variable in the <filename>Makefile</filename> from
+    <filename class="directory">/usr/share/OpenSP</filename> to <filename
+    class="directory">/usr/share/sgml/OpenSP-&opensp-version;</filename>.</para>
+    <para><command>ln -v -sf ...</command>: These commands create the
+    <application>SP</application> equivalents of
+    <application>OpenSP</application> executables and libraries.</para>
+    <para>
+      <parameter>--enable-http</parameter>: This switch adds support
+      for HTTP.
+    </para>
+    <para>
+      <parameter>--disable-doc-build</parameter>: This switch prevents the
+      <command>configure</command> script checking if you have
+      <application>xmlto</application> installed. If you have
+      <application>xmlto</application>, you can remove this option.
+    </para>
+    <para>
+      <parameter>--enable-default-catalog=/etc/sgml/catalog</parameter>:
+      This switch sets the path to the centralized catalog.
+    </para>
+    <para>
+      <parameter>--enable-default-search-path</parameter>: This switch
+      sets the default value of <envar>SGML_SEARCH_PATH</envar>.
+    </para>
+    <para>
+      <option>--enable-xml-messages</option>: This switch adds
+      support for XML Formatted Messages.
+    </para>
+    <para>
+      <command>
+        make pkgdatadir=/usr/share/sgml/OpenSP-&opensp-version;
+      </command>: This sets the
+      pkgdatadir variable in the <filename>Makefile</filename> from
+      <filename class="directory">/usr/share/OpenSP</filename> to <filename
+      class="directory">/usr/share/sgml/OpenSP-&opensp-version;</filename>.
+    </para>
+    <para>
+      <command>ln -v -sf ...</command>: These commands create the
+      <application>SP</application> equivalents of
+      <application>OpenSP</application> executables and libraries.
+    </para>
   </sect2>
 …
         <term><command>onsgmls</command></term>
         <listitem>
+          <para>is used to process SGML files.</para>
+          <para>
+            is used to process SGML files.
+          </para>
           <indexterm zone="opensp onsgmls">
             <primary sortas="b-onsgmls">onsgmls</primary>
 …
         <term><command>osgmlnorm</command></term>
         <listitem>
+          <para>prints on the standard output a normalized document instance
+          for the SGML document contained in the concatenation of the entities
+          with system identifiers .nf and .fi.</para>
+          <para>
+            prints on the standard output a normalized document instance for
+            the SGML document contained in the concatenation of the entities
+            with system identifiers .nf and .fi.
+          </para>
           <indexterm zone="opensp osgmlnorm">
             <primary sortas="b-osgmlnorm">osgmlnorm</primary>
 …
         <term><command>ospam</command></term>
         <listitem>
+          <para>is a markup stream editor.</para>
+          <para>
+            is a markup stream editor.
+          </para>
           <indexterm zone="opensp ospam">
             <primary sortas="b-ospam">ospam</primary>
 …
         <term><command>ospcat</command></term>
         <listitem>
+          <para>prints effective system identifiers found in the catalogs.</para>
+          <para>
+            prints effective system identifiers found in the catalogs.
+          </para>
           <indexterm zone="opensp ospcat">
             <primary sortas="b-ospcat">ospcat</primary>
 …
         <term><command>ospent</command></term>
         <listitem>
+          <para>provides access to <application>OpenSP</application>'s
+          entity manager.</para>
+          <para>
+            provides access to <application>OpenSP</application>'s
+            entity manager.
+          </para>
           <indexterm zone="opensp ospent">
             <primary sortas="b-ospent">ospent</primary>
 …
         <term><command>osx</command></term>
         <listitem>
+          <para>is an SGML normalizer or used to convert
+          SGML files to XML files.</para>
+          <para>
+            is an SGML normalizer or used to convert
+            SGML files to XML files.
+          </para>
           <indexterm zone="opensp osx">
             <primary sortas="b-osx">osx</primary>
 …
         <term><command>nsgmls</command></term>
         <listitem>
+          <para>is a symlink to <command>onsgmls</command>.</para>
+          <para>
+            is a symlink to <command>onsgmls</command>.
+          </para>
           <indexterm zone="opensp nsgmls">
             <primary sortas="b-nsgmls">nsgmls</primary>
 …
         <term><command>sgml2xml</command></term>
         <listitem>
+          <para>is a symlink to <command>osx</command>.</para>
+          <para>
+            is a symlink to <command>osx</command>.
+          </para>
           <indexterm zone="opensp sgml2xml">
             <primary sortas="b-sgml2xml">sgml2xml</primary>
 …
         <term><command>sgmlnorm</command></term>
         <listitem>
+          <para>is a symlink to <command>osgmlnorm</command>.</para>
+          <para>
+            is a symlink to <command>osgmlnorm</command>.
+          </para>
           <indexterm zone="opensp sgmlnorm">
             <primary sortas="b-sgmlnorm">sgmlnorm</primary>
 …
         <term><command>spam</command></term>
         <listitem>
+          <para>is a symlink to <command>ospam</command>.</para>
+          <para>
+            is a symlink to <command>ospam</command>.
+          </para>
           <indexterm zone="opensp spam">
             <primary sortas="b-spam">spam</primary>
 …
         <term><command>spcat</command></term>
         <listitem>
+          <para>is a symlink to <command>ospcat</command>.</para>
+          <para>
+            is a symlink to <command>ospcat</command>.
+          </para>
           <indexterm zone="opensp spcat">
             <primary sortas="b-spcat">spcat</primary>
 …
         <term><command>spent</command></term>
         <listitem>
+          <para>is a symlink to <command>ospent</command>.</para>
+          <para>
+            is a symlink to <command>ospent</command>.
+          </para>
           <indexterm zone="opensp spent">
             <primary sortas="b-spent">spent</primary>
 …
         <term><command>sx</command></term>
         <listitem>
+          <para>is a symlink to <command>osx</command>.</para>
+          <para>
+            is a symlink to <command>osx</command>.
+          </para>
           <indexterm zone="opensp sx">
             <primary sortas="b-sx">sx</primary>
 …
         <term><filename class='libraryfile'>libosp.so</filename></term>
         <listitem>
+          <para>contains functions required by the
+          <application>OpenSP</application> programs to parse, validate and
+          manipulate SGML and XML files.</para>
+          <para>
+            contains functions required by the
+            <application>OpenSP</application> programs to parse, validate and
+            manipulate SGML and XML files.
+          </para>
           <indexterm zone="opensp libosp">
             <primary sortas="c-libosp">libosp.so</primary>
 …
         <term><filename class='libraryfile'>libsp.so</filename></term>
         <listitem>
+          <para>is a symlink to
+          <filename class='libraryfile'>libosp.so</filename>.</para>
+          <para>
+            is a symlink to
+            <filename class='libraryfile'>libosp.so</filename>.
+          </para>
           <indexterm zone="opensp libsp">
             <primary sortas="c-libsp">libsp.so</primary>

pst/sgml/sgml-dtd-3.xml

-              r914049f6
+              r47274444
     <title>Introduction to DocBook SGML DTD</title>
+    <para>The <application>DocBook SGML DTD</application> package contains
+    document type definitions for verification of SGML data files against
+    the DocBook rule set. These are useful for structuring books and software
+    documentation to a standard allowing you to utilize transformations
+    already written for that standard.</para>
+    <para>
+      The <application>DocBook SGML DTD</application> package contains
+      document type definitions for verification of SGML data files against
+      the DocBook rule set. These are useful for structuring books and software
+      documentation to a standard allowing you to utilize transformations
+      already written for that standard.
+    </para>
     &lfs91_checked;
 …
     <itemizedlist spacing="compact">
       <listitem>
+        <para>Download (HTTP): <ulink url="&sgml-dtd-3-download-http;"/></para>
+      </listitem>
+      <listitem>
+        <para>Download (FTP): <ulink url="&sgml-dtd-3-download-ftp;"/></para>
+      </listitem>
+      <listitem>
+        <para>Download MD5 sum: &sgml-dtd-3-md5sum;</para>
+      </listitem>
+      <listitem>
+        <para>Download size: &sgml-dtd-3-size;</para>
+      </listitem>
+      <listitem>
+        <para>Estimated disk space required: &sgml-dtd-3-buildsize;</para>
+      </listitem>
+      <listitem>
+        <para>Estimated build time: &sgml-dtd-3-time;</para>
+        <para>
+          Download (HTTP): <ulink url="&sgml-dtd-3-download-http;"/>
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download (FTP): <ulink url="&sgml-dtd-3-download-ftp;"/>
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download MD5 sum: &sgml-dtd-3-md5sum;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download size: &sgml-dtd-3-size;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Estimated disk space required: &sgml-dtd-3-buildsize;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Estimated build time: &sgml-dtd-3-time;
+        </para>
       </listitem>
     </itemizedlist>
 …
     <bridgehead renderas="sect4">Required</bridgehead>
+    <para role="required"><xref linkend="sgml-common"/> and
+    <xref linkend="unzip"/></para>
+    <para role="required">
+      <xref linkend="sgml-common"/> and
+      <xref linkend="unzip"/>
+    </para>
     <para condition="html" role="usernotes">User Notes:
 …
     href="../../xincludes/use-unzip.xml"/>
+    <para>Install <application>DocBook SGML DTD</application> by running
+    the following commands:</para>
+    <para>
+      Install <application>DocBook SGML DTD</application> by running
+      the following commands:
+    </para>
 <screen><userinput>sed -i -e '/ISO 8879/d' \
 …
        docbook.cat</userinput></screen>
+    <para>This package does not come with a test suite.</para>
+    <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
+    <para>
+      This package does not come with a test suite.
+    </para>
+    <para>
+      Now, as the <systemitem class="username">root</systemitem> user:
+    </para>
 <screen role="root"><userinput>install -v -d -m755 /usr/share/sgml/docbook/sgml-dtd-&sgml-dtd-3-version; &amp;&amp;
 …
     <title>Command Explanations</title>
+    <para><command>sed -i -e '/ISO 8879/d' docbook.cat</command>: This command
+    removes the ENT definitions from the catalog file.</para>
+    <para><command>sed -i -e 's|DTDDECL
+    "-//OASIS//DTD Docbook V&sgml-dtd-3-version;//EN"|SGMLDECL|g'
+    docbook.cat</command>: This command replaces the DTDDECL catalog entry,
+    which is not supported by Linux SGML tools, with the SGMLDECL catalog
+    entry.</para>
+    <para>
+      <command>sed -i -e '/ISO 8879/d' docbook.cat</command>: This command
+      removes the ENT definitions from the catalog file.
+    </para>
+    <para>
+      <command>sed -i -e 's|DTDDECL
+      "-//OASIS//DTD Docbook V&sgml-dtd-3-version;//EN"|SGMLDECL|g'
+      docbook.cat</command>: This command replaces the DTDDECL catalog entry,
+      which is not supported by Linux SGML tools, with the SGMLDECL catalog
+      entry.
+    </para>
   </sect2>
 …
       <title>Config Files</title>
+      <para><filename>/etc/sgml/catalog</filename></para>
+      <para>
+        <filename>/etc/sgml/catalog</filename>
+      </para>
       <indexterm zone="sgml-dtd-3 sgml-dtd-3-config">
 …
       <title>Configuration Information</title>
+      <para>The above installation script updates the catalog.</para>
+      <para>Using only the most current 3.x version of <application>DocBook
+      SGML DTD</application> requires the following (perform as the
+      <systemitem class="username">root</systemitem> user):</para>
+      <para>
+        The above installation script updates the catalog.
+      </para>
+      <para>
+        Using only the most current 3.x version of <application>DocBook
+        SGML DTD</application> requires the following (perform as the
+        <systemitem class="username">root</systemitem> user):
+      </para>
 <screen role="root"><userinput>cat &gt;&gt; /usr/share/sgml/docbook/sgml-dtd-&sgml-dtd-3-version;/catalog &lt;&lt; "EOF"
 …
         <term><filename>SGML DTD files</filename></term>
         <listitem>
+          <para>contain a document type definition which defines the element
+          types and the attribute lists that can be used in the corresponding
+          SGML files.</para>
+          <para>
+            contains a document type definition which defines the element
+            types and the attribute lists that can be used in the corresponding
+            SGML files.
+          </para>
           <indexterm zone="sgml-dtd-3 SGML-DTD-files">
             <primary sortas="g-SGML-DTD-files">SGML DTD files</primary>
 …
         <term><filename>SGML MOD files</filename></term>
         <listitem>
+          <para>contain components of the document type definition that are
+          sourced into the <filename>DTD</filename> files.</para>
+          <para>
+            contains components of the document type definition that are
+            sourced into the <filename>DTD</filename> files.
+          </para>
           <indexterm zone="sgml-dtd-3 SGML-MOD-files">
             <primary sortas="g-SGML-MOD-files">SGML MOD files</primary>

pst/sgml/sgml-dtd.xml

-              r914049f6
+              r47274444
     <title>Introduction to DocBook SGML DTD</title>
+    <para>The <application>DocBook SGML DTD</application> package contains
+    document type definitions for verification of SGML data files against the
+    DocBook rule set. These are useful for structuring books and software
+    documentation to a standard allowing you to utilize transformations
+    already written for that standard.</para>
+    <para>
+      The <application>DocBook SGML DTD</application> package contains
+      document type definitions for verification of SGML data files against the
+      DocBook rule set. These are useful for structuring books and software
+      documentation to a standard allowing you to utilize transformations
+      already written for that standard.
+    </para>
     &lfs91_checked;
 …
     <itemizedlist spacing="compact">
       <listitem>
+        <para>Download (HTTP): <ulink url="&sgml-dtd-download-http;"/></para>
+      </listitem>
+      <listitem>
+        <para>Download (FTP): <ulink url="&sgml-dtd-download-ftp;"/></para>
+      </listitem>
+      <listitem>
+        <para>Download MD5 sum: &sgml-dtd-md5sum;</para>
+      </listitem>
+      <listitem>
+        <para>Download size: &sgml-dtd-size;</para>
+      </listitem>
+      <listitem>
+        <para>Estimated disk space required: &sgml-dtd-buildsize;</para>
+      </listitem>
+      <listitem>
+        <para>Estimated build time: &sgml-dtd-time;</para>
+        <para>
+          Download (HTTP): <ulink url="&sgml-dtd-download-http;"/>
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download (FTP): <ulink url="&sgml-dtd-download-ftp;"/>
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download MD5 sum: &sgml-dtd-md5sum;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download size: &sgml-dtd-size;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Estimated disk space required: &sgml-dtd-buildsize;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Estimated build time: &sgml-dtd-time;
+        </para>
       </listitem>
     </itemizedlist>
 …
     <bridgehead renderas="sect4">Required</bridgehead>
+    <para role="required"><xref linkend="sgml-common"/> and
+    <xref linkend="unzip"/></para>
+    <para role="required">
+      <xref linkend="sgml-common"/> and
+      <xref linkend="unzip"/>
+    </para>
     <para condition="html" role="usernotes">User Notes:
 …
     href="../../xincludes/use-unzip.xml"/>
+    <para>Install <application>DocBook SGML DTD</application> by running
+    the following commands:</para>
+    <para>
+      Install <application>DocBook SGML DTD</application> by running
+      the following commands:
+    </para>
 <screen><userinput>sed -i -e '/ISO 8879/d' \
        -e '/gml/d' docbook.cat</userinput></screen>
+    <para>This package does not come with a test suite.</para>
+    <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
+    <para>
+      This package does not come with a test suite.
+    </para>
+    <para>
+      Now, as the <systemitem class="username">root</systemitem> user:
+    </para>
 <screen role="root"><userinput>install -v -d /usr/share/sgml/docbook/sgml-dtd-&sgml-dtd-version; &amp;&amp;
 …
     <title>Command Explanations</title>
+    <para><command>sed -i -e '/ISO 8879/d' -e '/gml/d' docbook.cat</command>:
+    This command removes the ENT definitions from the catalog file.</para>
+    <para>
+      <command>sed -i -e '/ISO 8879/d' -e '/gml/d' docbook.cat</command>:
+      This command removes the ENT definitions from the catalog file.
+    </para>
   </sect2>
 …
       <title>Config Files</title>
+      <para><filename>/etc/sgml/catalog</filename></para>
+      <para>
+        <filename>/etc/sgml/catalog</filename>
+      </para>
       <indexterm zone="sgml-dtd sgml-dtd-config">
 …
       <title>Configuration Information</title>
+      <para>The above installation script updates the catalog.</para>
+      <para>Using only the most current 4.x version of <application>DocBook
+      SGML DTD</application> requires the following (perform as the
+      <systemitem class="username">root</systemitem> user):</para>
+      <para>
+        The above installation script updates the catalog.
+      </para>
+      <para>
+        Using only the most current 4.x version of <application>DocBook
+        SGML DTD</application> requires the following (perform as the
+        <systemitem class="username">root</systemitem> user):
+      </para>
 <screen role="root"><userinput>cat &gt;&gt; /usr/share/sgml/docbook/sgml-dtd-&sgml-dtd-version;/catalog &lt;&lt; "EOF"
 …
         <term><filename>SGML DTD files</filename></term>
         <listitem>
+          <para>contain a document type definition which defines the element
+          types and the attribute lists that can be used in the corresponding
+          SGML files.</para>
+          <para>
+            contains a document type definition which defines the element
+            types and the attribute lists that can be used in the corresponding
+            SGML files.
+          </para>
           <indexterm zone="sgml-dtd SGML-DTD-files-4">
             <primary sortas="g-SGML-DTD-files">SGML DTD files</primary>
 …
         <term><filename>SGML MOD files</filename></term>
         <listitem>
+          <para>contain components of the document type definition that are
+          sourced into the <filename>DTD</filename> files.</para>
+          <para>
+            contains components of the document type definition that are
+            sourced into the <filename>DTD</filename> files.
+          </para>
           <indexterm zone="sgml-dtd SGML-MOD-files-4">
             <primary sortas="g-SGML-MOD-files">SGML MOD files</primary>

pst/xml/docbook-xsl.xml

-              r914049f6
+              r47274444
     <title>Introduction to DocBook XSL Stylesheets</title>
+    <para>The <application>DocBook XSL Stylesheets</application>
+    package contains XSL stylesheets. These are useful for
+    performing transformations on XML DocBook files.</para>
+    <para>
+      The <application>DocBook XSL Stylesheets</application>
+      package contains XSL stylesheets. These are useful for
+      performing transformations on XML DocBook files.
+    </para>
     &lfs91_checked;
 …
     <itemizedlist spacing="compact">
       <listitem>
+        <para>Download (HTTP): <ulink url="&docbook-xsl-download-http;"/></para>
+      </listitem>
+      <listitem>
+        <para>Download (FTP): <ulink url="&docbook-xsl-download-ftp;"/></para>
+      </listitem>
+      <listitem>
+        <para>Download MD5 sum: &docbook-xsl-md5sum;</para>
+      </listitem>
+      <listitem>
+        <para>Download size: &docbook-xsl-size;</para>
+      </listitem>
+      <listitem>
+        <para>Estimated disk space required: &docbook-xsl-buildsize;</para>
+      </listitem>
+      <listitem>
+        <para>Estimated build time: &docbook-xsl-time;</para>
+        <para>
+          Download (HTTP): <ulink url="&docbook-xsl-download-http;"/>
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download (FTP): <ulink url="&docbook-xsl-download-ftp;"/>
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download MD5 sum: &docbook-xsl-md5sum;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download size: &docbook-xsl-size;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Estimated disk space required: &docbook-xsl-buildsize;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Estimated build time: &docbook-xsl-time;
+        </para>
       </listitem>
     </itemizedlist>
 …
     <itemizedlist spacing='compact'>
       <listitem>
+          <para>Required patch: <ulink
+            url="&patch-root;/docbook-xsl-nons-&docbook-xsl-version;-stack_fix-1.patch"/>
+         </para>
+        <para>
+          Required patch: <ulink url=
+            "&patch-root;/docbook-xsl-nons-&docbook-xsl-version;-stack_fix-1.patch"/>
+        </para>
       </listitem>
     </itemizedlist>
 …
       <title>Optional documentation</title>
       <listitem>
+        <para>Download (HTTP): <ulink url="&docbook-xsl-doc-download;"/></para>
+      </listitem>
+      <listitem>
+        <para>Download MD5 sum: &docbook-xsl-doc-md5sum;</para>
+      </listitem>
+      <listitem>
+        <para>Download size: &docbook-xsl-doc-size;</para>
+        <para>
+          Download (HTTP): <ulink url="&docbook-xsl-doc-download;"/>
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download MD5 sum: &docbook-xsl-doc-md5sum;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download size: &docbook-xsl-doc-size;
+        </para>
       </listitem>
     </itemizedlist>
 …
     <bridgehead renderas="sect4">Recommended (at runtime)</bridgehead>
+    <para role="recommended"><xref role="runtime" linkend="libxml2"/></para>
+    <para role="recommended">
+      <xref role="runtime" linkend="libxml2"/>
+    </para>
     <bridgehead renderas="sect4">Optional (all used at runtime)</bridgehead>
 …
     <title>Installation of DocBook XSL Stylesheets</title>
+    <para>First, fix a problem that causes stack overflows when doing recursion:</para>
+    <para>
+      First, fix a problem that causes stack overflows when doing recursion:
+    </para>
 <screen><userinput>patch -Np1 -i ../docbook-xsl-nons-&docbook-xsl-version;-stack_fix-1.patch</userinput></screen>
+    <para>If you downloaded the optional documentation tarball, unpack it
+    with the following command:</para>
+    <para>
+      If you downloaded the optional documentation tarball, unpack it
+      with the following command:
+    </para>
 <screen><userinput>tar -xf ../docbook-xsl-doc-&docbook-xsl-version;.tar.bz2 --strip-components=1</userinput></screen>
+    <para>BLFS does not install the required packages to run the test suite
+    and provide meaningful results.</para>
+    <para>Install <application>DocBook XSL Stylesheets</application>
+    by running the following commands as the
+    <systemitem class="username">root</systemitem> user:</para>
+    <para>
+      BLFS does not install the required packages to run the test suite
+      and provide meaningful results.
+    </para>
+    <para>
+      Install <application>DocBook XSL Stylesheets</application>
+      by running the following commands as the
+      <systemitem class="username">root</systemitem> user:
+    </para>
 <screen role="root"><userinput>install -v -m755 -d /usr/share/xml/docbook/xsl-stylesheets-nons-&docbook-xsl-version; &amp;&amp;
 …
                     /usr/share/doc/docbook-xsl-nons-&docbook-xsl-version;</userinput></screen>
+    <para>If you downloaded the optional documentation tarball, install the
+    documentation by issuing the following command as the
+    <systemitem class="username">root</systemitem> user:</para>
+    <para>
+      If you downloaded the optional documentation tarball, install the
+      documentation by issuing the following command as the
+      <systemitem class="username">root</systemitem> user:
+    </para>
 <screen role="root"><userinput>cp -v -R doc/* /usr/share/doc/docbook-xsl-nons-&docbook-xsl-version;</userinput></screen>
 …
       <title>Config Files</title>
+      <para><filename>/etc/xml/catalog</filename></para>
+      <para>
+        <filename>/etc/xml/catalog</filename>
+      </para>
       <indexterm zone="docbook-xsl docbook-xsl-config">
 …
       <note>
+        <para>If you are installing the current version of docbook-xsl-nons
+        over a previous version of docbook-xsl, then remove the old
+        rewrite entries in the catalog as the <systemitem
+        class="username">root</systemitem> user:</para>
+        <para>
+          If you are installing the current version of docbook-xsl-nons
+          over a previous version of docbook-xsl, then remove the old
+          rewrite entries in the catalog as the <systemitem
+          class="username">root</systemitem> user:
+        </para>
 <screen role="nodump"><userinput>sed -i '/rewrite/d' /etc/xml/catalog</userinput></screen>
       </note>
+      <para>Create (or append) and populate the XML catalog file using the
+      following commands as the <systemitem class="username">root</systemitem>
+      user:</para>
+      <para>
+        Create (or append) and populate the XML catalog file using the
+        following commands as the <systemitem
+        class="username">root</systemitem> user:
+      </para>
 <screen role="root"><userinput>if [ ! -d /etc/xml ]; then install -v -m755 -d /etc/xml; fi &amp;&amp;
 …
     /etc/xml/catalog</userinput></screen>
+      <para>Occasionally, you may find the need to install other versions of
+      the XSL stylesheets as some projects reference a specific version. One
+      example is BLFS-6.0, which required the 1.67.2 version. In these instances
+      you should install any other required version in its own versioned
+      directory and create catalog entries as follows (substitute the desired
+      version number for <replaceable>&lt;version&gt;</replaceable>):</para>
+      <para>
+        Occasionally, you may find the need to install other versions of the
+        XSL stylesheets as some projects reference a specific version. One
+        example is BLFS-6.0, which required the 1.67.2 version. In these
+        instances you should install any other required version in its own
+        versioned directory and create catalog entries as follows (substitute
+        the desired version number for
+        <replaceable>&lt;version&gt;</replaceable>):
+      </para>
 <screen role="nodump"><userinput>xmlcatalog --noout --add "rewriteSystem" \

server/mail/dovecot.xml

-              r914049f6
+              r47274444
              <phrase revision="systemd">Systemd Unit</phrase></title>
+      <para revision="sysv">If you want the <application>Dovecot</application>
+      server to start automatically when the system is booted, install the
+      <filename>/etc/rc.d/init.d/dovecot</filename> init script included in the
+      <xref linkend="bootscripts"/> package.</para>
+      <para revision="systemd">To start the <command>dovecot</command>
+      daemon at boot, enable the previously installed systemd unit with the
+      following command:</para>
+      <para revision="sysv">
+        If you want the <application>Dovecot</application>
+        server to start automatically when the system is booted, install the
+        <filename>/etc/rc.d/init.d/dovecot</filename> init script included in
+        the <xref linkend="bootscripts"/> package.
+      </para>
+      <para revision="systemd">
+        To start the <command>dovecot</command>
+        daemon at boot, enable the previously installed systemd unit with the
+        following command:
+      </para>
       <indexterm zone="dovecot dovecot-init">

Context Navigation

Legend:

Download in other formats: