Changeset 47274444
- Timestamp:
- 03/24/2020 07:19:44 PM (4 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- fa3edfef
- Parents:
- 914049f6
- Files:
-
- 39 edited
Legend:
- Unmodified
- Added
- Removed
-
general/genlib/enchant.xml
r914049f6 r47274444 74 74 75 75 <bridgehead renderas="sect4">Required</bridgehead> 76 <para role="required"><xref linkend="glib2"/></para> 76 <para role="required"> 77 <xref linkend="glib2"/> 78 </para> 77 79 78 80 <bridgehead renderas="sect4">Recommended</bridgehead> 79 <para role="recommended"><xref linkend="aspell"/></para> 81 <para role="recommended"> 82 <xref linkend="aspell"/> 83 </para> 80 84 81 85 <bridgehead renderas="sect4">Optional</bridgehead> 82 <para role="optional"><xref linkend="dbus-glib"/>, 83 <xref linkend="doxygen"/>, 84 <ulink url="http://hspell.ivrix.org.il/">Hspell</ulink>, 85 <ulink url="http://hunspell.github.io/">Hunspell</ulink>, 86 <ulink url="https://nuspell.github.io/">Nuspell</ulink>, 87 <ulink url="http://hunspell.github.io/">Voikko</ulink>, and 88 <ulink url="https://github.com/unittest-cpp/unittest-cpp/releases">unittest-cpp</ulink> (required for tests)</para> 86 <para role="optional"> 87 <xref linkend="dbus-glib"/>, 88 <xref linkend="doxygen"/>, 89 <ulink url="http://hspell.ivrix.org.il/">Hspell</ulink>, 90 <ulink url="http://hunspell.github.io/">Hunspell</ulink>, 91 <ulink url="https://nuspell.github.io/">Nuspell</ulink>, 92 <ulink url="http://hunspell.github.io/">Voikko</ulink>, and 93 <ulink url="https://github.com/unittest-cpp/unittest-cpp/releases"> 94 unittest-cpp</ulink> (required for tests) 95 </para> 89 96 90 97 <para condition="html" role="usernotes">User Notes: -
general/genlib/libunistring.xml
r914049f6 r47274444 75 75 76 76 <bridgehead renderas="sect4">Optional</bridgehead> 77 <para role="optional"><xref linkend="texlive"/> (or <xref linkend="tl-installer"/>) 78 (to rebuild the documentation)</para> 77 <para role="optional"> 78 <xref linkend="texlive"/> (or <xref linkend="tl-installer"/>) 79 (to rebuild the documentation) 80 </para> 79 81 80 82 <para condition="html" role="usernotes">User Notes: -
general/genutils/hd2u.xml
r914049f6 r47274444 74 74 75 75 <bridgehead renderas="sect4">Required</bridgehead> 76 <para role="required"><xref linkend="popt"/></para> 76 <para role="required"> 77 <xref linkend="popt"/> 78 </para> 77 79 78 80 <para condition="html" role="usernotes">User Notes: -
general/genutils/screen.xml
r914049f6 r47274444 80 80 81 81 <bridgehead renderas="sect4">Optional</bridgehead> 82 <para role="optional"><xref linkend="linux-pam"/></para> 82 <para role="optional"> 83 <xref linkend="linux-pam"/> 84 </para> 83 85 84 86 <para condition="html" role="usernotes">User Notes: -
general/prog/expect.xml
r914049f6 r47274444 81 81 82 82 <bridgehead renderas="sect4">Required</bridgehead> 83 <para role="required"><xref linkend="tcl"/></para> 83 <para role="required"> 84 <xref linkend="tcl"/> 85 </para> 84 86 85 87 <bridgehead renderas="sect4">Optional</bridgehead> 86 <para role="optional"><xref linkend="tk"/></para> 88 <para role="optional"> 89 <xref linkend="tk"/> 90 </para> 87 91 88 92 <para condition="html" role="usernotes">User Notes: -
kde/kf5/kf5-frameworks.xml
r914049f6 r47274444 161 161 162 162 <bridgehead renderas="sect4">Required dependencies for Prison</bridgehead> 163 <para role="optional"> <!-- Leaving as optional since these are external --> 163 <para role="optional"> 164 <!-- Leaving as optional since these are external --> 164 165 <ulink url="http://libdmtx.sourceforge.net/">Datamatrix</ulink> and 165 166 <ulink url="https://fukuchi.org/works/qrencode/">QRencode</ulink> -
multimedia/libdriv/liba52.xml
r914049f6 r47274444 74 74 75 75 <bridgehead renderas="sect4">Optional</bridgehead> 76 <para role="optional"><ulink 77 url="http://cr.yp.to/djbfft.html">djbfft</ulink></para> 76 <para role="optional"> 77 <ulink url="http://cr.yp.to/djbfft.html">djbfft</ulink> 78 </para> 78 79 79 80 <para condition="html" role="usernotes">User Notes: -
multimedia/libdriv/libtheora.xml
r914049f6 r47274444 75 75 76 76 <bridgehead renderas="sect4">Required</bridgehead> 77 <para role="required"><xref linkend="libogg"/></para> 77 <para role="required"> 78 <xref linkend="libogg"/> 79 </para> 78 80 79 81 <bridgehead renderas="sect4">Recommended</bridgehead> 80 <para role="recommended"><xref linkend="libvorbis"/></para> 82 <para role="recommended"> 83 <xref linkend="libvorbis"/> 84 </para> 81 85 82 86 <bridgehead renderas="sect4">Optional</bridgehead> -
multimedia/libdriv/xvid.xml
r914049f6 r47274444 73 73 74 74 <bridgehead renderas="sect4">Optional</bridgehead> 75 <para role="optional"><xref linkend="yasm"/></para> 75 <para role="optional"> 76 <xref linkend="yasm"/> 77 </para> 76 78 77 79 <para condition="html" role="usernotes">User Notes: -
postlfs/security/cracklib.xml
r914049f6 r47274444 36 36 <title>Introduction to CrackLib</title> 37 37 38 <para>The <application>CrackLib</application> package contains a 39 library used to enforce strong passwords by comparing user selected 40 passwords to words in chosen word lists.</para> 38 <para> 39 The <application>CrackLib</application> package contains a 40 library used to enforce strong passwords by comparing user selected 41 passwords to words in chosen word lists. 42 </para> 41 43 42 44 &lfs91_checked; … … 45 47 <itemizedlist spacing="compact"> 46 48 <listitem> 47 <para>Download (HTTP): <ulink url="&cracklib-download-http;"/></para> 48 </listitem> 49 <listitem> 50 <para>Download (FTP): <ulink url="&cracklib-download-ftp;"/></para> 51 </listitem> 52 <listitem> 53 <para>Download MD5 sum: &cracklib-md5sum;</para> 54 </listitem> 55 <listitem> 56 <para>Download size: &cracklib-size;</para> 57 </listitem> 58 <listitem> 59 <para>Estimated disk space required: &cracklib-buildsize;</para> 60 </listitem> 61 <listitem> 62 <para>Estimated build time: &cracklib-time;</para> 49 <para> 50 Download (HTTP): <ulink url="&cracklib-download-http;"/> 51 </para> 52 </listitem> 53 <listitem> 54 <para> 55 Download (FTP): <ulink url="&cracklib-download-ftp;"/> 56 </para> 57 </listitem> 58 <listitem> 59 <para> 60 Download MD5 sum: &cracklib-md5sum; 61 </para> 62 </listitem> 63 <listitem> 64 <para> 65 Download size: &cracklib-size; 66 </para> 67 </listitem> 68 <listitem> 69 <para> 70 Estimated disk space required: &cracklib-buildsize; 71 </para> 72 </listitem> 73 <listitem> 74 <para> 75 Estimated build time: &cracklib-time; 76 </para> 63 77 </listitem> 64 78 </itemizedlist> … … 67 81 <itemizedlist spacing="compact"> 68 82 <listitem> 69 <para>Recommended word list for English-speaking countries (size: 70 &crackdict-size;; md5sum: &crackdict-md5sum;): 71 <ulink url="&crackdict-download;"/></para> 83 <para> 84 Recommended word list for English-speaking countries (size: 85 &crackdict-size;; md5sum: &crackdict-md5sum;): 86 <ulink url="&crackdict-download;"/> 87 </para> 72 88 </listitem> 73 89 </itemizedlist> 74 90 75 <para>There are additional word lists available for download, e.g., from 76 <ulink url="http://www.cotse.com/tools/wordlists.htm"/>. 77 <application>CrackLib</application> can utilize as many, or as few word 78 lists you choose to install.</para> 91 <para> 92 There are additional word lists available for download, e.g., from 93 <ulink url="http://www.cotse.com/tools/wordlists.htm"/>. 94 <application>CrackLib</application> can utilize as many, or as few word 95 lists you choose to install. 96 </para> 79 97 80 98 <important> 81 <para>Users tend to base their passwords on regular words of the spoken 82 language, and crackers know that. <application>CrackLib</application> is 83 intended to filter out such bad passwords at the source using a 84 dictionary created from word lists. To accomplish this, the word list(s) 85 for use with <application>CrackLib</application> must be an exhaustive 86 list of words and word-based keystroke combinations likely to be chosen 87 by users of the system as (guessable) passwords.</para> 88 89 <para>The default word list recommended above for downloading mostly 90 satisfies this role in English-speaking countries. In other situations, 91 it may be necessary to download (or even create) additional word 92 lists.</para> 93 94 <para>Note that word lists suitable for spell-checking are not usable 95 as <application>CrackLib</application> word lists in countries with 96 non-Latin based alphabets, because of <quote>word-based keystroke 97 combinations</quote> that make bad passwords.</para> 99 <para> 100 Users tend to base their passwords on regular words of the spoken 101 language, and crackers know that. <application>CrackLib</application> 102 is intended to filter out such bad passwords at the source using a 103 dictionary created from word lists. To accomplish this, the word 104 list(s) for use with <application>CrackLib</application> must be an 105 exhaustive list of words and word-based keystroke combinations likely 106 to be chosen by users of the system as (guessable) passwords. 107 </para> 108 109 <para> 110 The default word list recommended above for downloading mostly 111 satisfies this role in English-speaking countries. In other situations, 112 it may be necessary to download (or even create) additional word lists. 113 </para> 114 115 <para> 116 Note that word lists suitable for spell-checking are not usable 117 as <application>CrackLib</application> word lists in countries with 118 non-Latin based alphabets, because of <quote>word-based keystroke 119 combinations</quote> that make bad passwords. 120 </para> 98 121 </important> 99 122 … … 113 136 <title>Installation of CrackLib</title> 114 137 115 <para>Install <application>CrackLib</application> by running the following 116 commands:</para> 138 <para> 139 Install <application>CrackLib</application> by running the following 140 commands: 141 </para> 117 142 118 143 <screen><userinput>sed -i '/skipping/d' util/packer.c && … … 123 148 make</userinput></screen> 124 149 125 <para>Now, as the <systemitem class="username">root</systemitem> user:</para> 150 <para> 151 Now, as the <systemitem class="username">root</systemitem> user: 152 </para> 126 153 127 154 <screen role="root"><userinput>make install && … … 129 156 ln -sfv ../../lib/$(readlink /usr/lib/libcrack.so) /usr/lib/libcrack.so</userinput></screen> 130 157 131 <para>Issue the following commands as the 132 <systemitem class="username">root</systemitem> user to install the 133 recommended word list and create the <application>CrackLib</application> 134 dictionary. Other word lists (text based, one word per line) can also be 135 used by simply installing them into 136 <filename class="directory">/usr/share/dict</filename> and adding them 137 to the <command>create-cracklib-dict</command> command.</para> 158 <para> 159 Issue the following commands as the 160 <systemitem class="username">root</systemitem> user to install the 161 recommended word list and create the <application>CrackLib</application> 162 dictionary. Other word lists (text based, one word per line) can also be 163 used by simply installing them into 164 <filename class="directory">/usr/share/dict</filename> and adding them 165 to the <command>create-cracklib-dict</command> command. 166 </para> 138 167 139 168 <screen role="root"><userinput>install -v -m644 -D ../cracklib-words-&cracklib-version;.bz2 \ … … 148 177 /usr/share/dict/cracklib-extra-words</userinput></screen> 149 178 150 <para>If desired, check the proper operation of the library as an 151 unprivileged user by issuing the following command:</para> 179 <para> 180 If desired, check the proper operation of the library as an 181 unprivileged user by issuing the following command: 182 </para> 152 183 153 184 <screen remap="test"><userinput>make test</userinput></screen> 154 185 155 186 <important> 156 <para>If you are installing <application>CrackLib</application> after 157 your LFS system has been completed and you have the 158 <application>Shadow</application> package installed, you must 159 reinstall <xref linkend="shadow"/> if you wish to provide strong 160 password support on your system. If you are now going to install the 161 <xref linkend="linux-pam"/> package, you may disregard this note as 162 <application>Shadow</application> will be reinstalled after the 163 <application>Linux-PAM</application> installation.</para> 187 <para> 188 If you are installing <application>CrackLib</application> after 189 your LFS system has been completed and you have the 190 <application>Shadow</application> package installed, you must 191 reinstall <xref linkend="shadow"/> if you wish to provide strong 192 password support on your system. If you are now going to install the 193 <xref linkend="linux-pam"/> package, you may disregard this note as 194 <application>Shadow</application> will be reinstalled after the 195 <application>Linux-PAM</application> installation. 196 </para> 164 197 </important> 165 198 … … 169 202 <title>Command Explanations</title> 170 203 171 <para><command>sed -i '/skipping/d' util/packer.c</command>: 172 Remove a meaningless warning.</para> 173 174 <para><parameter>--with-default-dict=/lib/cracklib/pw_dict</parameter>: 175 This parameter forces the installation of the 176 <application>CrackLib</application> dictionary to the 177 <filename class="directory">/lib</filename> hierarchy.</para> 204 <para> 205 <command>sed -i '/skipping/d' util/packer.c</command>: 206 Remove a meaningless warning. 207 </para> 208 209 <para> 210 <parameter>--with-default-dict=/lib/cracklib/pw_dict</parameter>: 211 This parameter forces the installation of the 212 <application>CrackLib</application> dictionary to the 213 <filename class="directory">/lib</filename> hierarchy. 214 </para> 178 215 179 216 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" 180 217 href="../../xincludes/static-libraries.xml"/> 181 218 182 <para><command>mv -v /usr/lib/libcrack.so.2* /lib</command> and 183 <command>ln -v -sf ../../lib/libcrack.so.2.9.0 ...</command>: These two 184 commands move the <filename class="libraryfile">libcrack.so.2.9.0</filename> 185 library and associated symlink from 186 <filename class="directory">/usr/lib</filename> to 187 <filename class="directory">/lib</filename>, then recreates the 188 <filename class="symlink">/usr/lib/libcrack.so</filename> symlink pointing 189 to the relocated file.</para> 190 191 <para><command>install -v -m644 -D ...</command>: This command creates the 192 <filename class="directory">/usr/share/dict</filename> directory (if it 193 doesn't already exist) and installs the compressed word list there.</para> 194 195 <para><command>ln -v -s cracklib-words /usr/share/dict/words</command>: The 196 word list is linked to <filename>/usr/share/dict/words</filename> as 197 historically, <filename>words</filename> is the primary word list in the 198 <filename class="directory">/usr/share/dict</filename> directory. Omit this 199 command if you already have a <filename>/usr/share/dict/words</filename> 200 file installed on your system.</para> 201 202 <para><command>echo $(hostname) >>...</command>: The value of 203 <command>hostname</command> is echoed to a file called 204 <filename>cracklib-extra-words</filename>. This extra file is intended to be 205 a site specific list which includes easy to guess passwords such as company 206 or department names, user names, product names, computer names, domain 207 names, etc.</para> 208 209 <para><command>create-cracklib-dict ...</command>: This command creates the 210 <application>CrackLib</application> dictionary from the word lists. Modify 211 the command to add any additional word lists you have installed.</para> 219 <para> 220 <command>mv -v /usr/lib/libcrack.so.2* /lib</command> and 221 <command>ln -v -sf ../../lib/libcrack.so.2.9.0 ...</command>: These two 222 commands move the <filename 223 class="libraryfile">libcrack.so.2.9.0</filename> 224 library and associated symlink from 225 <filename class="directory">/usr/lib</filename> to 226 <filename class="directory">/lib</filename>, then recreates the 227 <filename class="symlink">/usr/lib/libcrack.so</filename> symlink 228 pointing to the relocated file. 229 </para> 230 231 <para> 232 <command>install -v -m644 -D ...</command>: This command creates the 233 <filename class="directory">/usr/share/dict</filename> directory (if it 234 doesn't already exist) and installs the compressed word list there. 235 </para> 236 237 <para> 238 <command>ln -v -s cracklib-words /usr/share/dict/words</command>: The 239 word list is linked to <filename>/usr/share/dict/words</filename> as 240 historically, <filename>words</filename> is the primary word list in the 241 <filename class="directory">/usr/share/dict</filename> directory. Omit 242 this command if you already have a 243 <filename>/usr/share/dict/words</filename> file installed on your system. 244 </para> 245 246 <para> 247 <command>echo $(hostname) >>...</command>: The value of 248 <command>hostname</command> is echoed to a file called 249 <filename>cracklib-extra-words</filename>. This extra file is intended 250 to be a site specific list which includes easy to guess passwords such 251 as company or department names, user names, product names, computer 252 names, domain names, etc. 253 </para> 254 255 <para> 256 <command>create-cracklib-dict ...</command>: This command creates the 257 <application>CrackLib</application> dictionary from the word lists. 258 Modify the command to add any additional word lists you have installed. 259 </para> 212 260 213 261 </sect2> … … 240 288 <term><command>cracklib-check</command></term> 241 289 <listitem> 242 <para>is used to determine if a password is strong.</para> 290 <para> 291 is used to determine if a password is strong. 292 </para> 243 293 <indexterm zone="cracklib cracklib-check"> 244 294 <primary sortas="b-cracklib-check">cracklib-check</primary> … … 250 300 <term><command>cracklib-format</command></term> 251 301 <listitem> 252 <para>is used to format text files (lowercases all words, 253 removes control characters and sorts the lists).</para> 302 <para> 303 is used to format text files (lowercases all words, 304 removes control characters and sorts the lists). 305 </para> 254 306 <indexterm zone="cracklib cracklib-format"> 255 307 <primary sortas="b-cracklib-format">cracklib-format</primary> … … 261 313 <term><command>cracklib-packer</command></term> 262 314 <listitem> 263 <para>creates a database with words read from standard input.</para> 315 <para> 316 creates a database with words read from standard input. 317 </para> 264 318 <indexterm zone="cracklib cracklib-packer"> 265 319 <primary sortas="b-cracklib-packer">cracklib-packer</primary> … … 271 325 <term><command>cracklib-unpacker</command></term> 272 326 <listitem> 273 <para>displays on standard output the database specified.</para> 327 <para> 328 displays on standard output the database specified. 329 </para> 274 330 <indexterm zone="cracklib cracklib-packer"> 275 331 <primary sortas="b-cracklib-packer">cracklib-packer</primary> … … 281 337 <term><command>create-cracklib-dict</command></term> 282 338 <listitem> 283 <para>is used to create the <application>CrackLib</application> 284 dictionary from the given word list(s).</para> 339 <para> 340 is used to create the <application>CrackLib</application> 341 dictionary from the given word list(s). 342 </para> 285 343 <indexterm zone="cracklib create-cracklib-dict"> 286 344 <primary sortas="b-create-cracklib-dict">create-cracklib-dict</primary> … … 292 350 <term><filename class="libraryfile">libcrack.so</filename></term> 293 351 <listitem> 294 <para>provides a fast dictionary lookup method for strong 295 password enforcement.</para> 352 <para> 353 provides a fast dictionary lookup method for strong 354 password enforcement. 355 </para> 296 356 <indexterm zone="cracklib libcrack"> 297 357 <primary sortas="c-libcrack">libcrack.so</primary> -
postlfs/security/cryptsetup.xml
r914049f6 r47274444 141 141 </para> 142 142 143 <para>Now, as the <systemitem class="username">root</systemitem> user:</para> 143 <para> 144 Now, as the <systemitem class="username">root</systemitem> user: 145 </para> 144 146 145 147 <screen role="root"><userinput>make install</userinput></screen> -
postlfs/security/gnupg2.xml
r914049f6 r47274444 30 30 <title>Introduction to GnuPG</title> 31 31 32 <para>The <application>GnuPG</application> package is GNU's tool for 33 secure communication and data storage. It can be used to encrypt data and 34 to create digital signatures. It includes an advanced key management 35 facility and is compliant with the proposed OpenPGP Internet standard as 36 described in RFC2440 and the S/MIME standard as described by several RFCs. 37 GnuPG 2 is the stable version of GnuPG integrating support for OpenPGP and 38 S/MIME.</para> 32 <para> 33 The <application>GnuPG</application> package is GNU's tool for 34 secure communication and data storage. It can be used to encrypt data and 35 to create digital signatures. It includes an advanced key management 36 facility and is compliant with the proposed OpenPGP Internet standard as 37 described in RFC2440 and the S/MIME standard as described by several RFCs. 38 GnuPG 2 is the stable version of GnuPG integrating support for OpenPGP and 39 S/MIME. 40 </para> 39 41 40 42 &lfs91_checked; … … 43 45 <itemizedlist spacing="compact"> 44 46 <listitem> 45 <para>Download (HTTP): <ulink url="&gnupg2-download-http;"/></para> 46 </listitem> 47 <listitem> 48 <para>Download (FTP): <ulink url="&gnupg2-download-ftp;"/></para> 49 </listitem> 50 <listitem> 51 <para>Download MD5 sum: &gnupg2-md5sum;</para> 52 </listitem> 53 <listitem> 54 <para>Download size: &gnupg2-size;</para> 55 </listitem> 56 <listitem> 57 <para>Estimated disk space required: &gnupg2-buildsize;</para> 58 </listitem> 59 <listitem> 60 <para>Estimated build time: &gnupg2-time;</para> 47 <para> 48 Download (HTTP): <ulink url="&gnupg2-download-http;"/> 49 </para> 50 </listitem> 51 <listitem> 52 <para> 53 Download (FTP): <ulink url="&gnupg2-download-ftp;"/> 54 </para> 55 </listitem> 56 <listitem> 57 <para> 58 Download MD5 sum: &gnupg2-md5sum; 59 </para> 60 </listitem> 61 <listitem> 62 <para> 63 Download size: &gnupg2-size; 64 </para> 65 </listitem> 66 <listitem> 67 <para> 68 Estimated disk space required: &gnupg2-buildsize; 69 </para> 70 </listitem> 71 <listitem> 72 <para> 73 Estimated build time: &gnupg2-time; 74 </para> 61 75 </listitem> 62 76 </itemizedlist> … … 103 117 <sect2 role="installation"> 104 118 <title>Installation of GnuPG</title> 105 <!-- It's been well over three years. I think this can be commented for now. 106 <warning> 107 <para> 108 If you are upgrading from gnupg prior to version 2.1, upstream 109 developers recommend backing up 110 <filename class="directory">~/.gnupg</filename> because some additional 111 configuration will probably be necessary and you could lose your keys. 112 You can find instructions at 113 <ulink url="http://jo-ke.name/wp/?p=111"></ulink> and 114 <ulink url="https://wiki.archlinux.org/index.php/GnuPG#.22Lost.22_keys.2C_upgrading_to_gnupg_version_2.1"></ulink>. 115 </para> 116 </warning> 117 --> 118 119 <para>By default GnuPG doesn't install the deprecated gpg-zip script, 120 but it is still needed by some programs. Make GnuPG install it with: 119 120 <para> 121 By default GnuPG doesn't install the deprecated gpg-zip script, 122 but it is still needed by some programs. Make GnuPG install it with: 121 123 </para> 122 124 … … 124 126 -i tools/Makefile.in</userinput></screen> 125 127 126 <para>Install <application>GnuPG</application> by running the following 127 commands:</para> 128 <para> 129 Install <application>GnuPG</application> by running the following 130 commands: 131 </para> 128 132 129 133 <screen><userinput>./configure --prefix=/usr \ … … 137 141 make -C doc html</userinput></screen> 138 142 139 <para>If you have <xref linkend="texlive"/> 140 installed and you wish to create documentation in alternate formats, 141 issue the following commands 142 (<ulink url="http://mcj.sourceforge.net/">fig2dev</ulink> is needed for 143 the ps format):</para> 143 <para> 144 If you have <xref linkend="texlive"/> 145 installed and you wish to create documentation in alternate formats, 146 issue the following commands 147 (<ulink url="http://mcj.sourceforge.net/">fig2dev</ulink> is needed for 148 the ps format): 149 </para> 144 150 145 151 <screen remap="doc"><userinput>make -C doc pdf ps</userinput></screen> 146 152 147 <para>To test the results, issue: <command>make check</command>.</para> 148 149 <para>Note that if you have already installed 150 <application>GnuPG</application>, the instructions below will overwrite 151 <filename>/usr/share/man/man1/gpg-zip.1</filename>. Now, as the 152 <systemitem class="username">root</systemitem> user:</para> 153 <para> 154 To test the results, issue: <command>make check</command>. 155 </para> 156 157 <para> 158 Note that if you have already installed 159 <application>GnuPG</application>, the instructions below will overwrite 160 <filename>/usr/share/man/man1/gpg-zip.1</filename>. Now, as the 161 <systemitem class="username">root</systemitem> user: 162 </para> 153 163 154 164 <screen role="root"><userinput>make install && … … 161 171 install -v -m644 doc/gnupg.html/* \ 162 172 /usr/share/doc/gnupg-&gnupg2-version;/html</userinput></screen> 163 <para>If you created alternate formats of the documentation, install them 164 using the following command as the 165 <systemitem class="username">root</systemitem> user:</para> 173 <para> 174 If you created alternate formats of the documentation, install them 175 using the following command as the 176 <systemitem class="username">root</systemitem> user: 177 </para> 166 178 167 179 <screen role="root" … … 174 186 <title>Command Explanations</title> 175 187 176 <para><command>sed ... tools/Makefile.in</command>: 177 This command is needed to build the gpg-zip program.</para> 178 179 <para><parameter>--docdir=/usr/share/doc/gnupg-&gnupg2-version;</parameter>: 180 This switch changes the default docdir to <filename 181 class="directory">/usr/share/doc/gnupg-&gnupg2-version;</filename>.</para> 182 183 <para><parameter>--enable-symcryptrun</parameter>: This switch enables 184 building the symcryptrun program.</para> 188 <para> 189 <command>sed ... tools/Makefile.in</command>: 190 This command is needed to build the gpg-zip program. 191 </para> 192 193 <para> 194 <parameter>--docdir=/usr/share/doc/gnupg-&gnupg2-version;</parameter>: 195 This switch changes the default docdir to <filename 196 class="directory">/usr/share/doc/gnupg-&gnupg2-version;</filename>. 197 </para> 198 199 <para> 200 <parameter>--enable-symcryptrun</parameter>: This switch enables 201 building the symcryptrun program. 202 </para> 185 203 186 204 <para> … … 223 241 <term><command>addgnupghome</command></term> 224 242 <listitem> 225 <para>is used to create and populate a user's 226 <filename class='directory'>~/.gnupg</filename> directories</para> 243 <para> 244 is used to create and populate a user's 245 <filename class='directory'>~/.gnupg</filename> directories 246 </para> 227 247 <indexterm zone="gnupg2 addgnupghome"> 228 248 <primary sortas="b-addgnupghome">addgnupghome</primary> … … 234 254 <term><command>applygnupgdefaults</command></term> 235 255 <listitem> 236 <para>is a wrapper script used to run <command>gpgconf</command> 237 with the <parameter>--apply-defaults</parameter> parameter on all 238 user's GnuPG home directories.</para> 256 <para> 257 is a wrapper script used to run <command>gpgconf</command> 258 with the <parameter>--apply-defaults</parameter> parameter on all 259 user's GnuPG home directories. 260 </para> 239 261 <indexterm zone="gnupg2 applygnupgdefaults"> 240 262 <primary sortas="b-applygnupgdefaults">applygnupgdefaults</primary> … … 246 268 <term><command>dirmngr</command></term> 247 269 <listitem> 248 <para> is a tool that takes care of accessing the OpenPGP keyservers. 270 <para> 271 is a tool that takes care of accessing the OpenPGP keyservers. 249 272 </para> 250 273 <indexterm zone="gnupg2 dirmngr"> … … 257 280 <term><command>dirmngr-client</command></term> 258 281 <listitem> 259 <para> is a tool to contact a running dirmngr and test whether a 260 certificate has been revoked. </para> 282 <para> 283 is a tool to contact a running dirmngr and test whether a 284 certificate has been revoked. 285 </para> 261 286 <indexterm zone="gnupg2 dirmngr-client"> 262 287 <primary sortas="b-dirmngr-client">dirmngr-client</primary> … … 268 293 <term><command>g13</command></term> 269 294 <listitem> 270 <para>is a tool to create, mount or unmount an encrypted file system 271 container (optional).</para> 295 <para> 296 is a tool to create, mount or unmount an encrypted file system 297 container (optional). 298 </para> 272 299 <indexterm zone="gnupg2 g13"> 273 300 <primary sortas="b-g13">g13</primary> … … 279 306 <term><command>gpg-agent</command></term> 280 307 <listitem> 281 <para>is a daemon used to manage secret (private) keys independently 282 from any protocol. It is used as a backend for <command>gpg2</command> 283 and <command>gpgsm</command> as well as for a couple of other 284 utilities.</para> 308 <para> 309 is a daemon used to manage secret (private) keys independently 310 from any protocol. It is used as a backend for 311 <command>gpg2</command> and <command>gpgsm</command> as well as 312 for a couple of other utilities. 313 </para> 285 314 <indexterm zone="gnupg2 gpg-agent"> 286 315 <primary sortas="b-gpg-agent">gpg-agent</primary> … … 292 321 <term><command>gpg-connect-agent</command></term> 293 322 <listitem> 294 <para>is a utility used to communicate with a running 295 <command>gpg-agent</command>.</para> 323 <para> 324 is a utility used to communicate with a running 325 <command>gpg-agent</command>. 326 </para> 296 327 <indexterm zone="gnupg2 gpg-connect-agent"> 297 328 <primary sortas="b-gpg-connect-agent">gpg-connect-agent</primary> … … 303 334 <term><command>gpg</command></term> 304 335 <listitem> 305 <para>is the OpenPGP part of the GNU Privacy Guard (GnuPG). It is a 306 tool used to provide digital encryption and signing services using 307 the OpenPGP standard.</para> 336 <para> 337 is the OpenPGP part of the GNU Privacy Guard (GnuPG). It is a 338 tool used to provide digital encryption and signing services using 339 the OpenPGP standard. 340 </para> 308 341 <indexterm zone="gnupg2 gpg"> 309 342 <primary sortas="b-gpg">gpg</primary> … … 315 348 <term><command>gpgconf</command></term> 316 349 <listitem> 317 <para>is a utility used to automatically and reasonably safely 318 query and modify configuration files in the 319 <filename class='directory'>~/.gnupg</filename> home directory. It is 320 designed not to be invoked manually by the user, but automatically by 321 graphical user interfaces.</para> 350 <para> 351 is a utility used to automatically and reasonably safely 352 query and modify configuration files in the 353 <filename class='directory'>~/.gnupg</filename> home directory. It 354 is designed not to be invoked manually by the user, but 355 automatically by graphical user interfaces. 356 </para> 322 357 <indexterm zone="gnupg2 gpgconf"> 323 358 <primary sortas="b-gpgconf">gpgconf</primary> … … 329 364 <term><command>gpgparsemail</command></term> 330 365 <listitem> 331 <para>is a utility currently only useful for debugging. Run it with 332 <parameter>--help</parameter> for usage information.</para> 366 <para> 367 is a utility currently only useful for debugging. Run it with 368 <parameter>--help</parameter> for usage information. 369 </para> 333 370 <indexterm zone="gnupg2 gpgparsemail"> 334 371 <primary sortas="b-gpgparsemail">gpgparsemail</primary> … … 340 377 <term><command>gpgscm</command></term> 341 378 <listitem> 342 <para>executes the given scheme program or spawns an interactive 343 shell.</para> 379 <para> 380 executes the given scheme program or spawns an interactive shell. 381 </para> 344 382 <indexterm zone="gnupg2 gpgscm"> 345 383 <primary sortas="b-gpgscm">gpgscm</primary> … … 351 389 <term><command>gpgsm</command></term> 352 390 <listitem> 353 <para>is a tool similar to <command>gpg2</command> used to provide 354 digital encryption and signing services on X.509 certificates and the 355 CMS protocol. It is mainly used as a backend for S/MIME mail 356 processing.</para> 391 <para> 392 is a tool similar to <command>gpg2</command> used to provide 393 digital encryption and signing services on X.509 certificates and 394 the CMS protocol. It is mainly used as a backend for S/MIME mail 395 processing. 396 </para> 357 397 <indexterm zone="gnupg2 gpgsm"> 358 398 <primary sortas="b-gpgsm">gpgsm</primary> … … 364 404 <term><command>gpgtar</command></term> 365 405 <listitem> 366 <para> is a tool to encrypt or sign files into an archive.</para> 406 <para> 407 is a tool to encrypt or sign files into an archive. 408 </para> 367 409 <indexterm zone="gnupg2 gpgtar"> 368 410 <primary sortas="b-gpgtar">gpgtar</primary> … … 374 416 <term><command>gpgv</command></term> 375 417 <listitem> 376 <para>is a verify only version of <command>gpg2</command>.</para> 418 <para> 419 is a verify only version of <command>gpg2</command>. 420 </para> 377 421 <indexterm zone="gnupg2 gpgv"> 378 422 <primary sortas="b-gpgv">gpgv</primary> … … 384 428 <term><command>gpg-wks-server</command></term> 385 429 <listitem> 386 <para>provides a server for the 387 <application>Web Key Service</application> protocol.</para> 430 <para> 431 provides a server for the 432 <application>Web Key Service</application> protocol. 433 </para> 388 434 <indexterm zone="gnupg2 gpg-wks-server"> 389 435 <primary sortas="b-gpg-wks-server">gpg-wks-server</primary> … … 395 441 <term><command>gpg-zip</command></term> 396 442 <listitem> 397 <para>encrypts or signs files into an archive.</para> 443 <para> 444 encrypts or signs files into an archive. 445 </para> 398 446 <indexterm zone="gnupg2 gpg-zip"> 399 447 <primary sortas="b-gpg-zip">gpg-zip</primary> … … 405 453 <term><command>kbxutil</command></term> 406 454 <listitem> 407 <para>is used to list, export and import Keybox data.</para> 455 <para> 456 is used to list, export and import Keybox data. 457 </para> 408 458 <indexterm zone="gnupg2 kbxutil"> 409 459 <primary sortas="b-kbxutil">kbxutil</primary> … … 415 465 <term><command>symcryptrun</command></term> 416 466 <listitem> 417 <para>is a simple symmetric encryption tool.</para> 467 <para> 468 is a simple symmetric encryption tool. 469 </para> 418 470 <indexterm zone="gnupg2 symcryptrun"> 419 471 <primary sortas="b-symcryptrun">symcryptrun</primary> … … 425 477 <term><command>watchgnupg</command></term> 426 478 <listitem> 427 <para>is used to listen to a Unix Domain socket created by any of 428 the GnuPG tools.</para> 479 <para> 480 is used to listen to a Unix Domain socket created by any of 481 the GnuPG tools. 482 </para> 429 483 <indexterm zone="gnupg2 watchgnupg"> 430 484 <primary sortas="b-watchgnupg">watchgnupg</primary> -
postlfs/security/haveged.xml
r914049f6 r47274444 80 80 <title>Installation of Haveged</title> 81 81 82 <para>Install <application>Haveged</application> by running the following 83 commands:</para> 82 <para> 83 Install <application>Haveged</application> by running the following 84 commands: 85 </para> 84 86 85 87 <screen><userinput>./configure --prefix=/usr && -
postlfs/security/libcap.xml
r914049f6 r47274444 30 30 <title>Introduction to libcap with PAM</title> 31 31 32 <para>The <application>libcap</application> package was installed in 33 LFS, but if <application>Linux-PAM</application> support is desired, 34 the PAM module must be built (after installation of 35 <application>Linux-PAM</application>).</para> 32 <para> 33 The <application>libcap</application> package was installed in 34 LFS, but if <application>Linux-PAM</application> support is desired, 35 the PAM module must be built (after installation of 36 <application>Linux-PAM</application>). 37 </para> 36 38 37 39 &lfs91_checked; … … 40 42 <itemizedlist spacing="compact"> 41 43 <listitem> 42 <para>Download (HTTP): <ulink url="&libcap-download-http;"/></para> 44 <para> 45 Download (HTTP): <ulink url="&libcap-download-http;"/> 46 </para> 43 47 </listitem> 44 48 <listitem> 45 <para>Download (FTP): <ulink url="&libcap-download-ftp;"/></para> 49 <para> 50 Download (FTP): <ulink url="&libcap-download-ftp;"/> 51 </para> 46 52 </listitem> 47 53 <listitem> 48 <para>Download MD5 sum: &libcap-md5sum;</para> 54 <para> 55 Download MD5 sum: &libcap-md5sum; 56 </para> 49 57 </listitem> 50 58 <listitem> 51 <para>Download size: &libcap-size;</para> 59 <para> 60 Download size: &libcap-size; 61 </para> 52 62 </listitem> 53 63 <listitem> 54 <para>Estimated disk space required: &libcap-buildsize;</para> 64 <para> 65 Estimated disk space required: &libcap-buildsize; 66 </para> 55 67 </listitem> 56 68 <listitem> 57 <para>Estimated build time: &libcap-time;</para> 69 <para> 70 Estimated build time: &libcap-time; 71 </para> 58 72 </listitem> 59 73 </itemizedlist> … … 75 89 76 90 <note> 77 <para>If you are upgrading libcap from a previous version, use the 78 instructions in 79 <ulink url="../../../../lfs/view/development/chapter06/libcap.html">LFS libcap page</ulink> 80 to upgrade libcap. If the PAM module has been built, it will automatically 81 be picked up.</para> 91 <para> 92 If you are upgrading libcap from a previous version, use the 93 instructions in 94 <ulink url="../../../../lfs/view/development/chapter06/libcap.html"> 95 LFS libcap page 96 </ulink> to upgrade libcap. If <xref linkend="linux-pam"/> has been 97 built, the PAM module will automatically be built too. 98 </para> 82 99 </note> 83 100 84 <para>Install <application>libcap</application> by running the following 85 commands:</para> 101 <para> 102 Install <application>libcap</application> by running the following 103 commands: 104 </para> 86 105 87 106 <screen><userinput>make -C pam_cap</userinput></screen> 88 107 89 <para>This package does not come with a test suite.</para> 108 <para> 109 This package does not come with a test suite. 110 </para> 90 111 91 <para>Now, as the <systemitem class="username">root</systemitem> user:</para> 112 <para> 113 Now, as the <systemitem class="username">root</systemitem> user: 114 </para> 92 115 93 116 <screen role="root"><userinput>install -v -m755 pam_cap/pam_cap.so /lib/security && … … 99 122 <title>Configuring Libcap</title> 100 123 101 <para>In order to allow <application>Linux-PAM</application> to grant 102 privileges based on POSIX capabilites, you need to add the libcap module 103 to the begining of the <filename>/etc/pam.d/system-auth</filename> file. 104 Make the required edits with the following commands:</para> 124 <para> 125 In order to allow <application>Linux-PAM</application> to grant 126 privileges based on POSIX capabilites, you need to add the libcap module 127 to the begining of the <filename>/etc/pam.d/system-auth</filename> file. 128 Make the required edits with the following commands: 129 </para> 105 130 106 131 <screen role="root"><userinput>mv -v /etc/pam.d/system-auth{,.bak} && … … 112 137 tail -n +3 /etc/pam.d/system-auth.bak >> /etc/pam.d/system-auth</userinput></screen> 113 138 114 <para>Additonally, you'll need to modify the 115 <filename>/etc/security/capability.conf</filename> file to grant necessary 116 privileges to users, and utilize the <command>setcap</command> 117 utility to set capabilities on specific utilities as needed. See 118 <command>man 8 setcap</command> and <command>man 3 cap_from_text</command> 119 for additional information.</para> 139 <para> 140 Additonally, you'll need to modify the 141 <filename>/etc/security/capability.conf</filename> file to grant 142 necessary privileges to users, and utilize the <command>setcap</command> 143 utility to set capabilities on specific utilities as needed. See 144 <command>man 8 setcap</command> and 145 <command>man 3 cap_from_text</command> for additional information. 146 </para> 120 147 121 148 </sect2> -
postlfs/security/liboauth.xml
r914049f6 r47274444 77 77 <itemizedlist spacing="compact"> 78 78 <listitem> 79 <para>Required patch for use with openssl: <ulink 80 url="&patch-root;/liboauth-&liboauth-version;-openssl-1.1.0-3.patch"/> 79 <para> 80 Required patch for use with openssl: <ulink url= 81 "&patch-root;/liboauth-&liboauth-version;-openssl-1.1.0-3.patch"/> 81 82 </para> 82 83 </listitem> -
postlfs/security/linux-pam.xml
r914049f6 r47274444 304 304 # End /etc/pam.d/other</literal></screen> 305 305 306 <para>Now set up some generic files. As root:</para> 306 <para> 307 Now set up some generic files. As root: 308 </para> 307 309 308 310 <screen role="root"><userinput>install -vdm755 /etc/pam.d && … … 331 333 EOF</userinput></screen> 332 334 333 <para>The remaining generic file depends on whether <xref linkend="cracklib"/> 334 is installed. If it is installed, use:</para> 335 <para> 336 The remaining generic file depends on whether <xref 337 linkend="cracklib"/> is installed. If it is installed, use: 338 </para> 335 339 336 340 <screen role="root"><userinput>cat > /etc/pam.d/system-password << "EOF" … … 352 356 EOF</userinput></screen> 353 357 354 <note> 355 <para> 356 In its default configuration, pam_cracklib will 357 allow multiple case passwords as short as 6 characters, even with 358 the <parameter>minlen</parameter> value set to 11. You should review 359 the pam_cracklib(8) man page and determine if these default values 360 are acceptable for the security of your system. 361 </para> 362 </note> 363 364 <para>If <xref linkend="cracklib"/> is <emphasis>NOT</emphasis> installed, 365 use:</para> 358 <note> 359 <para> 360 In its default configuration, pam_cracklib will 361 allow multiple case passwords as short as 6 characters, even with 362 the <parameter>minlen</parameter> value set to 11. You should review 363 the pam_cracklib(8) man page and determine if these default values 364 are acceptable for the security of your system. 365 </para> 366 </note> 367 368 <para> 369 If <xref linkend="cracklib"/> is <emphasis>NOT</emphasis> installed, 370 use: 371 </para> 366 372 367 373 <screen role="nodump"><userinput>cat > /etc/pam.d/system-password << "EOF" … … 375 381 EOF</userinput></screen> 376 382 377 <para>Now add a restrictive <filename>/etc/pam.d/other</filename> 378 configuration file. With this file, programs that are PAM aware will not 379 run unless a configuration file specifically for that application is 380 created.</para> 383 <para> 384 Now add a restrictive <filename>/etc/pam.d/other</filename> 385 configuration file. With this file, programs that are PAM aware will 386 not run unless a configuration file specifically for that application 387 is created. 388 </para> 381 389 382 390 <screen role="root"><userinput>cat > /etc/pam.d/other << "EOF" … … 398 406 The <application>PAM</application> man page (<command>man 399 407 pam</command>) provides a good starting point for descriptions 400 of fields and allowable entries. The <ulink 401 url="http://www.linux-pam.org/Linux-PAM-html/Linux-PAM_SAG.html">Linux-PAM 402 System Administrators' Guide</ulink> is recommended for additional 403 information. 404 </para> 405 <!-- No longer there 406 <para> 407 Refer to <ulink url="&debian-pam-docs;/modules.html"/> for a list 408 of various third-party modules available. 409 </para> 410 --> 408 of fields and allowable entries. The 409 <ulink url="http://www.linux-pam.org/Linux-PAM-html/Linux-PAM_SAG.html"> 410 Linux-PAM System Administrators' Guide 411 </ulink> is recommended for additional information. 412 </para> 413 411 414 <important> 412 415 <para> -
postlfs/security/make-ca.xml
r914049f6 r47274444 58 58 <itemizedlist spacing="compact"> 59 59 <listitem> 60 <para>Download (HTTP): <ulink url="&make-ca-download;"/></para> 61 </listitem> 62 <listitem> 63 <para>Download size: &make-ca-size;</para> 64 </listitem> 65 <listitem> 66 <para>Download MD5 Sum: &make-ca-md5sum;</para> 67 </listitem> 68 <listitem> 69 <para>Estimated disk space required: &make-ca-buildsize;</para> 70 </listitem> 71 <listitem> 72 <para>Estimated build time: &make-ca-time;</para> 60 <para> 61 Download (HTTP): <ulink url="&make-ca-download;"/> 62 </para> 63 </listitem> 64 <listitem> 65 <para> 66 Download size: &make-ca-size; 67 </para> 68 </listitem> 69 <listitem> 70 <para> 71 Download MD5 Sum: &make-ca-md5sum; 72 </para> 73 </listitem> 74 <listitem> 75 <para> 76 Estimated disk space required: &make-ca-buildsize; 77 </para> 78 </listitem> 79 <listitem> 80 <para> 81 Estimated build time: &make-ca-time; 82 </para> 73 83 </listitem> 74 84 </itemizedlist> … … 77 87 78 88 <bridgehead renderas="sect4">Required</bridgehead> 79 <para role="required"><xref linkend="p11-kit"/> (required at runtime to 80 generate certificate stores from trust anchors)</para> 89 <para role="required"> 90 <xref linkend="p11-kit"/> (required at runtime to 91 generate certificate stores from trust anchors) 92 </para> 81 93 <!-- /usr/bin/trust is needed to extract the certs to /etc/ssl/certs --> 82 94 … … 93 105 <title>Installation of make-ca</title> 94 106 95 <para>The <application>make-ca</application> script will download and 96 process the certificates included in the <filename>certdata.txt</filename> 97 file for use as trust anchors for the <xref linkend="p11-kit"/> trust 98 module. Additionally, it will generate system certificate stores used by 99 BLFS applications (if the recommended and optional applications are present 100 on the system). Any local certificates stored in 101 <filename>/etc/ssl/local</filename> will be imported to both the trust 102 anchors and the generated certificate stores (overriding Mozilla's 103 trust). Additionally, any modified trust values will be copied from the 104 trust anchors to <filename>/etc/ssl/local</filename> prior to any updates, 105 preserving custom trust values that differ from Mozilla when using the 106 <command>trust</command> utility from <application>p11-kit</application> 107 to operate on the trust store.</para> 108 109 <para>To install the various certificate stores, first install the 110 <application>make-ca</application> script into the correct location. 111 As the <systemitem class="username">root</systemitem> user:</para> 107 <para> 108 The <application>make-ca</application> script will download and process 109 the certificates included in the <filename>certdata.txt</filename> file 110 for use as trust anchors for the <xref linkend="p11-kit"/> trust module. 111 Additionally, it will generate system certificate stores used by BLFS 112 applications (if the recommended and optional applications are present 113 on the system). Any local certificates stored in 114 <filename>/etc/ssl/local</filename> will be imported to both the trust 115 anchors and the generated certificate stores (overriding Mozilla's 116 trust). Additionally, any modified trust values will be copied from the 117 trust anchors to <filename>/etc/ssl/local</filename> prior to any 118 updates, preserving custom trust values that differ from Mozilla when 119 using the <command>trust</command> utility from 120 <application>p11-kit</application> to operate on the trust store. 121 </para> 122 123 <para> 124 To install the various certificate stores, first install the 125 <application>make-ca</application> script into the correct location. 126 As the <systemitem class="username">root</systemitem> user: 127 </para> 112 128 113 129 <screen role="root"><userinput>make install && 114 130 install -vdm755 /etc/ssl/local</userinput></screen> 115 131 116 <para>As the <systemitem class="username">root</systemitem> user, after 117 installing <xref linkend="p11-kit"/>, download the certificate source and 118 prepare for system use with the following command:</para> 132 <para> 133 As the <systemitem class="username">root</systemitem> user, after 134 installing <xref linkend="p11-kit"/>, download the certificate source and 135 prepare for system use with the following command: 136 </para> 119 137 120 138 <note> 121 <para>If running the script a second time with the same version of 122 <filename>certdata.txt</filename>, for instance, to add additional stores 123 as the requisite software is installed, add the <parameter>-r</parameter> 124 switch to the command line. If packaging, run <command>make-ca 125 --help</command> to see all available command line options.</para> 139 <para> 140 If running the script a second time with the same version of 141 <filename>certdata.txt</filename>, for instance, to add additional 142 stores as the requisite software is installed, add the 143 <parameter>-r</parameter> switch to the command line. If packaging, 144 run <command>make-ca --help</command> to see all available command 145 line options. 146 </para> 126 147 </note> 127 148 128 149 <screen role="root"><userinput>/usr/sbin/make-ca -g</userinput></screen> 129 150 130 <!-- Remove at 8.5 or 9.0 --> 131 <!-- <para>Previous versions of BLFS used the path 132 <filename>/etc/ssl/ca-bundle.crt</filename> for the 133 <xref linkend="gnutls"/> certificate store. If software is still installed 134 that references this file, create a compatibility symlink for the old 135 location as the <systemitem class="username">root</systemitem> user:</para> 136 137 <screen role="nodump"><userinput>ln -sfv /etc/pki/tls/certs/ca-bundle.crt /etc/ssl/ca-bundle.crt</userinput></screen> 138 It's after 9.0 --> 139 140 <para>You should periodically update the store with the above command, 141 either manually, or via a <phrase revision="sysv">cron job.</phrase> 142 <phrase revision="systemd">systemd timer. A timer is installed at 143 <filename>/usr/lib/systemd/system/update-pki.timer</filename> that, if 144 enabled, will check for updates weekly. </phrase><phrase revision="sysv">If 145 you've installed <xref linkend="fcron"/> and completed the section on 146 periodic jobs, execute</phrase><phrase revision="systemd">Execute</phrase> 147 the following commands, as the 148 <systemitem class="username">root</systemitem> user, to 149 <phrase revision="sysv">create a weekly cron job:</phrase> 150 <phrase revision="systemd">enable the systemd timer:</phrase> 151 <para> 152 You should periodically update the store with the above command, 153 either manually, or via a <phrase revision="sysv">cron job.</phrase> 154 <phrase revision="systemd">systemd timer. A timer is installed at 155 <filename>/usr/lib/systemd/system/update-pki.timer</filename> that, if 156 enabled, will check for updates weekly.</phrase><phrase 157 revision="sysv">If you've installed <xref linkend="fcron"/> and 158 completed the section on periodic jobs, execute</phrase><phrase 159 revision="systemd">Execute</phrase> the following commands, as the 160 <systemitem class="username">root</systemitem> user, to <phrase 161 revision="sysv">create a weekly cron job:</phrase><phrase 162 revision="systemd">enable the systemd timer:</phrase> 151 163 </para> 152 164 … … 165 177 <title>Configuring make-ca</title> 166 178 167 <para>For most users, no additional configuration is necessary, however, 168 the default <filename>certdata.txt</filename> file provided by make-ca 169 is obtained from the mozilla-release branch, and is modified to provide a 170 Mercurial revision. This will be the correct version for most systems. 171 There are several other variants of the file available for use that might 172 be preferred for one reason or another, including the files shipped with 173 Mozilla products in this book. RedHat and OpenSUSE, for instance, use the 174 version included in <xref linkend="nss"/>. Additional upstream downloads 175 are available at the links included in 176 <filename>/etc/make-ca.conf.dist</filename>. Simply copy the file to 177 <filename>/etc/make-ca.conf</filename> and edit as appropriate.</para> 179 <para> 180 For most users, no additional configuration is necessary, however, 181 the default <filename>certdata.txt</filename> file provided by make-ca 182 is obtained from the mozilla-release branch, and is modified to provide a 183 Mercurial revision. This will be the correct version for most systems. 184 There are several other variants of the file available for use that might 185 be preferred for one reason or another, including the files shipped with 186 Mozilla products in this book. RedHat and OpenSUSE, for instance, use the 187 version included in <xref linkend="nss"/>. Additional upstream downloads 188 are available at the links included in 189 <filename>/etc/make-ca.conf.dist</filename>. Simply copy the file to 190 <filename>/etc/make-ca.conf</filename> and edit as appropriate. 191 </para> 178 192 179 193 <indexterm zone="make-ca make-ca-config"> … … 183 197 <bridgehead renderas="sect3">About Trust Arguments</bridgehead> 184 198 185 <para>There are three trust types that are recognized by the 186 <application>make-ca</application> script, SSL/TLS, S/Mime, and code 187 signing. For <application>OpenSSL</application>, these are 188 <parameter>serverAuth</parameter>, <parameter>emailProtection</parameter>, 189 and <parameter>codeSigning</parameter> respectively. If one of the three 190 trust arguments is omitted, the certificate is neither trusted, nor 191 rejected for that role. Clients that use <application>OpenSSL</application> 192 or <application>NSS</application> encountering this certificate will 193 present a warning to the user. Clients using 194 <application>GnuTLS</application> without 195 <application>p11-kit</application> support are not aware of trusted 196 certificates. To include this CA into the 197 <filename>ca-bundle.crt</filename>, 198 <filename>email-ca-bundle.crt</filename>, or 199 <filename>objsign-ca-bundle.crt</filename> files 200 (the <application>GnuTLS</application> legacy bundles), it must have the 201 appropriate trust arguments.</para> 199 <para> 200 There are three trust types that are recognized by the 201 <application>make-ca</application> script, SSL/TLS, S/Mime, and code 202 signing. For <application>OpenSSL</application>, these are 203 <parameter>serverAuth</parameter>, 204 <parameter>emailProtection</parameter>, and 205 <parameter>codeSigning</parameter> respectively. If one of the three 206 trust arguments is omitted, the certificate is neither trusted, nor 207 rejected for that role. Clients that use 208 <application>OpenSSL</application> or <application>NSS</application> 209 encountering this certificate will present a warning to the user. 210 Clients using 211 <application>GnuTLS</application> without 212 <application>p11-kit</application> support are not aware of trusted 213 certificates. To include this CA into the 214 <filename>ca-bundle.crt</filename>, 215 <filename>email-ca-bundle.crt</filename>, or 216 <filename>objsign-ca-bundle.crt</filename> files 217 (the <application>GnuTLS</application> legacy bundles), it must have the 218 appropriate trust arguments. 219 </para> 202 220 203 221 <bridgehead renderas="sect3">Adding Additional CA Certificates</bridgehead> 204 222 205 <para>The <filename class="directory">/etc/ssl/local</filename> directory 206 is available to add additional CA certificates to the system. For instance, 207 you might need to add an organization or government CA certificate. 208 Files in this directory must be in the <application>OpenSSL</application> 209 trusted certificate format. To create an <application>OpenSSL</application> 210 trusted certificate from a regular PEM encoded file, you need to add trust 211 arguments to the <command>openssl</command> command, and create a new 212 certificate. For example, using the 213 <ulink url="http://www.cacert.org/">CAcert</ulink> roots, if you want to 214 trust both for all three roles, the following commands will create 215 appropriate OpenSSL trusted certificates (run as the 216 <systemitem class="username">root</systemitem> user after 217 <xref linkend="wget"/> is installed):</para> 223 <para> 224 The <filename class="directory">/etc/ssl/local</filename> directory 225 is available to add additional CA certificates to the system. For 226 instance, you might need to add an organization or government CA 227 certificate. Files in this directory must be in the 228 <application>OpenSSL</application> trusted certificate format. To 229 create an <application>OpenSSL</application> trusted certificate from 230 a regular PEM encoded file, you need to add trust arguments to the 231 <command>openssl</command> command, and create a new certificate. For 232 example, using the <ulink url="http://www.cacert.org/">CAcert</ulink> 233 roots, if you want to trust both for all three roles, the following 234 commands will create appropriate OpenSSL trusted certificates (run as 235 the <systemitem class="username">root</systemitem> user after <xref 236 linkend="wget"/> is installed): 237 </para> 218 238 219 239 <screen role="nodump"><userinput>wget http://www.cacert.org/certs/root.crt && … … 229 249 <bridgehead renderas="sect3">Overriding Mozilla Trust</bridgehead> 230 250 231 <para>Occasionally, there may be instances where you don't agree with 232 Mozilla's inclusion of a particular certificate authority. If you'd like 233 to override the default trust of a particular CA, simply create a copy of 234 the existing certificate in 235 <filename class="directory">/etc/ssl/local</filename> with different trust 236 arguments. For example, if you'd like to distrust the "Makebelieve_CA_Root" 237 file, run the following commands:</para> 251 <para> 252 Occasionally, there may be instances where you don't agree with 253 Mozilla's inclusion of a particular certificate authority. If you'd like 254 to override the default trust of a particular CA, simply create a copy of 255 the existing certificate in <filename 256 class="directory">/etc/ssl/local</filename> with different trust 257 arguments. For example, if you'd like to distrust the 258 "Makebelieve_CA_Root" file, run the following commands: 259 </para> 238 260 239 261 <screen role="nodump"><userinput>openssl x509 -in /etc/ssl/certs/Makebelieve_CA_Root.pem \ … … 271 293 <term><command>make-ca</command></term> 272 294 <listitem> 273 <para>is a shell script that adapts a current version of 274 <filename>certdata.txt</filename>, and prepares it for use 275 as the system trust store.</para> 295 <para> 296 is a shell script that adapts a current version of 297 <filename>certdata.txt</filename>, and prepares it for use 298 as the system trust store. 299 </para> 276 300 <indexterm zone="make-ca make-ca"> 277 301 <primary sortas="b-make-ca">make-ca</primary> -
postlfs/security/mitkrb.xml
r914049f6 r47274444 469 469 470 470 <title>Contents</title> 471 <para></para>472 471 473 472 <segmentedlist> -
postlfs/security/nessus.xml
r914049f6 r47274444 1 1 <sect1 id="postlfs-security-nessus"> 2 <sect1info> 3 <othername>$LastChangedBy$</othername> 4 <date>$Date$</date> 5 </sect1info> 6 <?dbhtml filename="nessus.html"?> 7 <title>nessus</title> 2 <?dbhtml filename="nessus.html"?> 8 3 9 <para>TO BE WRITTEN - NEW</para> 4 <sect1info> 5 <othername>$LastChangedBy$</othername> 6 <date>$Date$</date> 7 </sect1info> 8 9 <title>nessus</title> 10 11 <para> 12 TO BE WRITTEN - NEW 13 </para> 10 14 11 15 </sect1> -
postlfs/security/nettle.xml
r914049f6 r47274444 86 86 <title>Installation of Nettle</title> 87 87 88 <para>Install <application>Nettle</application> by running the following 89 commands:</para> 88 <para> 89 Install <application>Nettle</application> by running the following 90 commands: 91 </para> 90 92 91 93 <screen><userinput>./configure --prefix=/usr --disable-static && -
postlfs/security/nss.xml
r914049f6 r47274444 213 213 <title>Configuring NSS</title> 214 214 215 <para>If <xref linkend="p11-kit"/> is installed, the 216 <application>p11-kit</application> trust module 217 (<filename>/usr/lib/pkcs11/p11-kit-trust.so</filename>) can be used as a 218 drop-in replacement for <filename>/usr/lib/libnssckbi.so</filename> to 219 transparently make the system CAs available to 220 <application>NSS</application> aware applications, rather than the static 221 list provided by <filename>/usr/lib/libnssckbi.so</filename>. As the 222 <systemitem class="username">root</systemitem> user, execute the following 223 commands:</para> 215 <para> 216 If <xref linkend="p11-kit"/> is installed, the 217 <application>p11-kit</application> trust module 218 (<filename>/usr/lib/pkcs11/p11-kit-trust.so</filename>) can be used as a 219 drop-in replacement for <filename>/usr/lib/libnssckbi.so</filename> to 220 transparently make the system CAs available to 221 <application>NSS</application> aware applications, rather than the static 222 list provided by <filename>/usr/lib/libnssckbi.so</filename>. As the 223 <systemitem class="username">root</systemitem> user, execute the following 224 commands: 225 </para> 224 226 225 227 <screen role="root"><userinput>ln -sfv ./pkcs11/p11-kit-trust.so /usr/lib/libnssckbi.so</userinput></screen> 226 228 227 <para>Additionally, for dependent applications that do not use the internal 228 database (<filename>/usr/lib/libnssckbi.so</filename>), the 229 <filename>/usr/sbin/make-ca</filename> script, included on the 230 <xref linkend="make-ca"/> page can generate a system wide NSS DB with the 231 <parameter>-n</parameter> switch, or by modifying the 232 <filename>/etc/make-ca.conf</filename> file.</para> 229 <para> 230 Additionally, for dependent applications that do not use the internal 231 database (<filename>/usr/lib/libnssckbi.so</filename>), the 232 <filename>/usr/sbin/make-ca</filename> script, included on the 233 <xref linkend="make-ca"/> page can generate a system wide NSS DB with the 234 <parameter>-n</parameter> switch, or by modifying the 235 <filename>/etc/make-ca.conf</filename> file. 236 </para> 233 237 234 238 </sect2> -
postlfs/security/p11-kit.xml
r914049f6 r47274444 96 96 <title>Installation of p11-kit</title> 97 97 98 <para>Prepare the distribution specific anchor hook:</para> 98 <para> 99 Prepare the distribution specific anchor hook: 100 </para> 99 101 100 102 <screen><userinput>sed '20,$ d' -i trust/trust-extract-compat.in && … … 158 160 <title>Configuring p11-kit</title> 159 161 160 <para>The <application>p11-kit</application> trust module 161 (<filename>/usr/lib/pkcs11/p11-kit-trust.so</filename>) can be used as a 162 drop-in replacement for <filename>/usr/lib/libnssckbi.so</filename> to 163 transparently make the system CAs available to 164 <application>NSS</application> aware applications, rather than the static 165 list provided by <filename>/usr/lib/libnssckbi.so</filename>. As the 166 <systemitem class="username">root</systemitem> user, execute the following 167 commands:</para> 162 <para> 163 The <application>p11-kit</application> trust module 164 (<filename>/usr/lib/pkcs11/p11-kit-trust.so</filename>) can be used as a 165 drop-in replacement for <filename>/usr/lib/libnssckbi.so</filename> to 166 transparently make the system CAs available to 167 <application>NSS</application> aware applications, rather than the static 168 list provided by <filename>/usr/lib/libnssckbi.so</filename>. As the 169 <systemitem class="username">root</systemitem> user, execute the 170 following commands: 171 </para> 168 172 169 173 <screen role="root"><userinput>ln -sfv ./pkcs11/p11-kit-trust.so /usr/lib/libnssckbi.so</userinput></screen> … … 207 211 <para> 208 212 is a command line tool that can be used to perform operations 209 213 on PKCS#11 modules configured on the system. 210 214 </para> 211 215 <indexterm zone="p11-kit p11-kit-prog"> … … 234 238 is a command line tool to both extract local certificates from an 235 239 updated anchor store, and regenerate all anchors and certificate 236 240 stores on the system. This is done unconditionally on BLFS using 237 241 the <parameter>--force</parameter> and <parameter>--get</parameter> 238 242 flags to <command>make-ca</command> and should likely not be used -
postlfs/security/security.xml
r914049f6 r47274444 16 16 <title>Security</title> 17 17 18 <para>Security takes many forms in a computing environment. After some 19 initial discussion, this chapter 20 gives examples of three different types of security: access, prevention 21 and detection.</para> 18 <para> 19 Security takes many forms in a computing environment. After some 20 initial discussion, this chapter 21 gives examples of three different types of security: access, prevention 22 and detection. 23 </para> 22 24 23 <para>Access for users is usually handled by <command>login</command> or an 24 application designed to handle the login function. In this chapter, we show 25 how to enhance <command>login</command> by setting policies with 26 <application>PAM</application> modules. Access via networks 27 can also be secured by policies set by <application>iptables</application>, 28 commonly referred to as a firewall. The Network Security Services (NSS) and 29 Netscape Portable Runtime (NSPR) libraries can be installed and shared among 30 the many applications requiring them. For applications that don't offer the 31 best security, you can use the <application>Stunnel</application> package to 32 wrap an application daemon inside an SSL tunnel.</para> 25 <para> 26 Access for users is usually handled by <command>login</command> or an 27 application designed to handle the login function. In this chapter, we show 28 how to enhance <command>login</command> by setting policies with 29 <application>PAM</application> modules. Access via networks can also be 30 secured by policies set by <application>iptables</application>, commonly 31 referred to as a firewall. The Network Security Services (NSS) and 32 Netscape Portable Runtime (NSPR) libraries can be installed and shared 33 among the many applications requiring them. For applications that don't 34 offer the best security, you can use the 35 <application>Stunnel</application> package to wrap an application daemon 36 inside an SSL tunnel. 37 </para> 33 38 34 <para>Prevention of breaches, like a trojan, are assisted by applications like 35 <application>GnuPG</application>, specifically the ability to confirm signed 36 packages, which recognizes modifications of the tarball 37 after the packager creates it.</para> 39 <para> 40 Prevention of breaches, like a trojan, are assisted by applications like 41 <application>GnuPG</application>, specifically the ability to confirm 42 signed packages, which recognizes modifications of the tarball 43 after the packager creates it. 44 </para> 38 45 39 <para> Finally, we touch on detection with a package that stores "signatures" 40 of critical files (defined by the administrator) and then regenerates those 41 "signatures" and compares for files that have been changed.</para> 46 <para> 47 Finally, we touch on detection with a package that stores "signatures" 48 of critical files (defined by the administrator) and then regenerates those 49 "signatures" and compares for files that have been changed. 50 </para> 42 51 43 52 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="vulnerabilities.xml"/> -
postlfs/security/shadow.xml
r914049f6 r47274444 474 474 done</userinput></screen> 475 475 476 <para revision="systemd">Because the installation of 477 <application>systemd</application> is not yet complete, you will need 478 to remove the <filename>/run/nologin</filename> file before testing the 479 installation. Execute the following command as the 480 <systemitem class="username">root</systemitem> user:</para> 476 <para revision="systemd"> 477 Because the installation of <application>systemd</application> is 478 not yet complete, you will need to remove the 479 <filename>/run/nologin</filename> file before testing the 480 installation. Execute the following command as the 481 <systemitem class="username">root</systemitem> user: 482 </para> 481 483 482 484 <screen role="root" revision="systemd"><userinput>rm -f /run/nologin</userinput></screen> -
postlfs/security/stunnel.xml
r914049f6 r47274444 33 33 <title>Introduction to stunnel</title> 34 34 35 <para>The <application>stunnel</application> package contains a program 36 that allows you to encrypt arbitrary TCP connections inside SSL (Secure 37 Sockets Layer) so you can easily communicate with clients over secure 38 channels. <application>stunnel</application> can be used to add SSL 39 functionality to commonly used <application>Inetd</application> daemons 40 such as POP-2, POP-3, and IMAP servers, along with standalone daemons such 41 as NNTP, SMTP, and HTTP. <application>stunnel</application> can also be 42 used to tunnel PPP over network sockets without changes to the server 43 package source code.</para> 35 <para> 36 The <application>stunnel</application> package contains a program 37 that allows you to encrypt arbitrary TCP connections inside SSL (Secure 38 Sockets Layer) so you can easily communicate with clients over secure 39 channels. <application>stunnel</application> can be used to add SSL 40 functionality to commonly used <application>Inetd</application> daemons 41 such as POP-2, POP-3, and IMAP servers, along with standalone daemons 42 such as NNTP, SMTP, and HTTP. <application>stunnel</application> can 43 also be used to tunnel PPP over network sockets without changes to the 44 server package source code. 45 </para> 44 46 45 47 &lfs91_checked; … … 48 50 <itemizedlist spacing="compact"> 49 51 <listitem> 50 <para>Download (HTTP): <ulink url="&stunnel-download-http;"/></para> 51 </listitem> 52 <listitem> 53 <para>Download (FTP): <ulink url="&stunnel-download-ftp;"/></para> 54 </listitem> 55 <listitem> 56 <para>Download MD5 sum: &stunnel-md5sum;</para> 57 </listitem> 58 <listitem> 59 <para>Download size: &stunnel-size;</para> 60 </listitem> 61 <listitem> 62 <para>Estimated disk space required: &stunnel-buildsize;</para> 63 </listitem> 64 <listitem> 65 <para>Estimated build time: &stunnel-time;</para> 52 <para> 53 Download (HTTP): <ulink url="&stunnel-download-http;"/> 54 </para> 55 </listitem> 56 <listitem> 57 <para> 58 Download (FTP): <ulink url="&stunnel-download-ftp;"/> 59 </para> 60 </listitem> 61 <listitem> 62 <para> 63 Download MD5 sum: &stunnel-md5sum; 64 </para> 65 </listitem> 66 <listitem> 67 <para> 68 Download size: &stunnel-size; 69 </para> 70 </listitem> 71 <listitem> 72 <para> 73 Estimated disk space required: &stunnel-buildsize; 74 </para> 75 </listitem> 76 <listitem> 77 <para> 78 Estimated build time: &stunnel-time; 79 </para> 66 80 </listitem> 67 81 </itemizedlist> … … 71 85 <bridgehead renderas="sect4">Optional</bridgehead> 72 86 <para role="optional"> 73 <ulink url="http://netcat.sourceforge.net/">netcat</ulink> (required for tests), 74 <ulink url="ftp://ftp.porcupine.org/pub/security/">tcpwrappers</ulink> and 87 <ulink url="http://netcat.sourceforge.net/">netcat</ulink> 88 (required for tests), 89 <ulink url="ftp://ftp.porcupine.org/pub/security/">tcpwrappers</ulink>, 90 and 75 91 <ulink url="https://dist.torproject.org/">TOR</ulink> 76 92 </para> … … 84 100 <title>Installation of stunnel</title> 85 101 86 <para>The <command>stunnel</command> daemon will be run in a 87 <command>chroot</command> jail by an unprivileged user. Create the 88 new user and group using the following commands as the 89 <systemitem class="username">root</systemitem> user:</para> 102 <para> 103 The <command>stunnel</command> daemon will be run in a 104 <command>chroot</command> jail by an unprivileged user. Create the 105 new user and group using the following commands as the 106 <systemitem class="username">root</systemitem> user: 107 </para> 90 108 91 109 <screen role="root"><userinput>groupadd -g 51 stunnel && … … 94 112 95 113 <note> 96 <para>A signed SSL Certificate and a Private Key is necessary to run the 97 <command>stunnel</command> daemon. After the package is installed, there 98 are instructions to generate them. However, if you own or have already 99 created a signed SSL Certificate you wish to use, copy it to 100 <filename>/etc/stunnel/stunnel.pem</filename> before starting the build 101 (ensure only <systemitem class="username">root</systemitem> has read and 102 write access). The <filename class="extension">.pem</filename> file must 103 be formatted as shown below:</para> 114 <para> 115 A signed SSL Certificate and a Private Key is necessary to run the 116 <command>stunnel</command> daemon. After the package is installed, 117 there are instructions to generate them. However, if you own or have 118 already created a signed SSL Certificate you wish to use, copy it to 119 <filename>/etc/stunnel/stunnel.pem</filename> before starting the 120 build (ensure only <systemitem class="username">root</systemitem> has 121 read and write access). The <filename class="extension">.pem</filename> 122 file must be formatted as shown below: 123 </para> 104 124 105 125 <screen><literal>-----BEGIN PRIVATE KEY----- … … 112 132 <replaceable><encrypted lines of dh parms></replaceable> 113 133 -----END DH PARAMETERS-----</literal></screen> 134 114 135 </note> 115 136 116 <para>Install <application>stunnel</application> by running the following 117 commands:</para> 137 <para> 138 Install <application>stunnel</application> by running the following 139 commands: 140 </para> 118 141 119 142 <note> 120 <para>For some systems with <application>binutils</application> 121 versions prior to 2.25, <command>configure</command> may fail. If 122 necessary, fix it either with:</para> 143 <para> 144 For some systems with <application>binutils</application> 145 versions prior to 2.25, <command>configure</command> may fail. If 146 necessary, fix it either with: 147 </para> 123 148 124 149 <screen><userinput>sed -i '/LDFLAGS.*static_flag/ s/^/#/' configure</userinput></screen> 125 150 126 <para>or, if <xref linkend="llvm"/> with Clang is installed, you can 127 replace <command>./configure ...</command> with <command>CC=clang 128 ./configure ...</command> in the first command below.</para> 151 <para> 152 or, if <xref linkend="llvm"/> with Clang is installed, you can 153 replace <command>./configure ...</command> with <command>CC=clang 154 ./configure ...</command> in the first command below. 155 </para> 129 156 </note> 130 157 … … 140 167 make</userinput></screen> 141 168 142 <para>If you have installed the optional netcat application, the 143 regression tests can be run with <command>make check</command>.</para> 144 145 <para>Now, as the <systemitem class="username">root</systemitem> user:</para> 169 <para> 170 If you have installed the optional netcat application, the 171 regression tests can be run with <command>make check</command>. 172 </para> 173 174 <para> 175 Now, as the <systemitem class="username">root</systemitem> user: 176 </para> 146 177 147 178 <screen role="root"><userinput>make docdir=/usr/share/doc/stunnel-&stunnel-version; install</userinput></screen> … … 154 185 <screen role="root" revision="systemd"><userinput>install -v -m644 tools/stunnel.service /lib/systemd/system</userinput></screen> 155 186 156 <para>If you do not already have a signed SSL Certificate and Private Key, 157 create the <filename>stunnel.pem</filename> file in the 158 <filename class="directory">/etc/stunnel</filename> directory using the 159 command below. You will be prompted to enter the necessary 160 information. Ensure you reply to the</para> 187 <para> 188 If you do not already have a signed SSL Certificate and Private Key, 189 create the <filename>stunnel.pem</filename> file in the 190 <filename class="directory">/etc/stunnel</filename> directory using the 191 command below. You will be prompted to enter the necessary 192 information. Ensure you reply to the 193 </para> 161 194 162 195 <screen><prompt>Common Name (FQDN of your server) [localhost]:</prompt></screen> 163 196 164 <para>prompt with the name or IP address you will be using 165 to access the service(s).</para> 166 167 <para>To generate a certificate, as the 168 <systemitem class="username">root</systemitem> user, issue:</para> 197 <para> 198 prompt with the name or IP address you will be using 199 to access the service(s). 200 </para> 201 202 <para> 203 To generate a certificate, as the 204 <systemitem class="username">root</systemitem> user, issue: 205 </para> 169 206 170 207 <screen role="root"><userinput>make cert</userinput></screen> … … 175 212 <title>Command Explanations</title> 176 213 177 <para revision="sysv"><parameter>--disable-systemd</parameter>: This switch 178 disables systemd socket activation support which is not available in 179 BLFS.</para> 180 181 <para><command>make docdir=... install</command>: This command installs the 182 package and changes the documentation installation directory to standard 183 naming conventions.</para> 214 <para revision="sysv"> 215 <parameter>--disable-systemd</parameter>: This switch disables systemd 216 socket activation support which is not available in BLFS. 217 </para> 218 219 <para> 220 <command>make docdir=... install</command>: This command installs the 221 package and changes the documentation installation directory to standard 222 naming conventions. 223 </para> 184 224 185 225 </sect2> … … 191 231 <title>Config Files</title> 192 232 193 <para><filename>/etc/stunnel/stunnel.conf</filename></para> 233 <para> 234 <filename>/etc/stunnel/stunnel.conf</filename> 235 </para> 194 236 195 237 <indexterm zone="stunnel stunnel-config"> … … 202 244 <title>Configuration Information</title> 203 245 204 <para>As the <systemitem class="username">root</systemitem> user, 205 create the directory used for the 206 <filename class="extension">.pid</filename> file created 207 when the <application>stunnel</application> daemon starts:</para> 246 <para> 247 As the <systemitem class="username">root</systemitem> user, 248 create the directory used for the 249 <filename class="extension">.pid</filename> file created 250 when the <application>stunnel</application> daemon starts: 251 </para> 208 252 209 253 <screen role="root"><userinput>install -v -m750 -o stunnel -g stunnel -d /var/lib/stunnel/run && 210 254 chown stunnel:stunnel /var/lib/stunnel</userinput></screen> 211 255 212 <para>Next, create a basic <filename>/etc/stunnel/stunnel.conf</filename> 213 configuration file using the following commands as the 214 <systemitem class="username">root</systemitem> user:</para> 256 <para> 257 Next, create a basic <filename>/etc/stunnel/stunnel.conf</filename> 258 configuration file using the following commands as the 259 <systemitem class="username">root</systemitem> user: 260 </para> 215 261 216 262 <screen role="root"><userinput>cat >/etc/stunnel/stunnel.conf << "EOF" … … 239 285 EOF</userinput></screen> 240 286 241 <para>Finally, add the service(s) you wish to encrypt to the 242 configuration file. The format is as follows:</para> 287 <para> 288 Finally, add the service(s) you wish to encrypt to the 289 configuration file. The format is as follows: 290 </para> 243 291 244 292 <screen><literal>[<replaceable><service></replaceable>] … … 246 294 connect = <replaceable><hostname:portnumber></replaceable></literal></screen> 247 295 248 <para>If you use <application>stunnel</application> to encrypt a daemon 249 started from <command>[x]inetd</command>, you may need to disable that 250 daemon in the <filename>/etc/[x]inetd.conf</filename> file and enable a 251 corresponding <replaceable><service></replaceable>_stunnel service. You 252 may have to add an appropriate entry in <filename>/etc/services</filename> 253 as well.</para> 254 255 <para>For a full explanation of the commands and syntax used in the 256 configuration file, issue <command>man stunnel</command>.</para> 296 <para> 297 If you use <application>stunnel</application> to encrypt a daemon 298 started from <command>[x]inetd</command>, you may need to disable that 299 daemon in the <filename>/etc/[x]inetd.conf</filename> file and enable a 300 corresponding <replaceable><service></replaceable>_stunnel 301 service. You may have to add an appropriate entry in 302 <filename>/etc/services</filename> as well. 303 </para> 304 305 <para> 306 For a full explanation of the commands and syntax used in the 307 configuration file, issue <command>man stunnel</command>. 308 </para> 257 309 258 310 </sect3> … … 262 314 <phrase revision="systemd">Systemd Unit</phrase></title> 263 315 264 <para revision="sysv">To automatically start the 265 <command>stunnel</command> daemon when the system is booted, install the 266 <filename>/etc/rc.d/init.d/stunnel</filename> bootscript from the 267 <xref linkend="bootscripts"/> package.</para> 268 269 <para revision="systemd">To start the <command>stunnel</command> 270 daemon at boot, enable the previously installed 271 <application>systemd</application> unit by running the following command 272 as the <systemitem class="username">root</systemitem> user:</para> 316 <para revision="sysv"> 317 To automatically start the <command>stunnel</command> daemon when the 318 system is booted, install the 319 <filename>/etc/rc.d/init.d/stunnel</filename> bootscript from the 320 <xref linkend="bootscripts"/> package. 321 </para> 322 323 <para revision="systemd"> 324 To start the <command>stunnel</command> 325 daemon at boot, enable the previously installed 326 <application>systemd</application> unit by running the following 327 command as the <systemitem class="username">root</systemitem> user: 328 </para> 273 329 274 330 <indexterm zone="stunnel stunnel-init"> … … 314 370 <term><command>stunnel</command></term> 315 371 <listitem> 316 <para> is a program designed to work as an SSL 317 encryption wrapper between remote clients and local 318 (<command>{x}inetd</command>-startable) or remote servers.</para> 372 <para> 373 is a program designed to work as an SSL 374 encryption wrapper between remote clients and local 375 (<command>{x}inetd</command>-startable) or remote servers. 376 </para> 319 377 <indexterm zone="stunnel stunnel-prog"> 320 378 <primary sortas="b-stunnel">stunnel</primary> … … 326 384 <term><command>stunnel3</command></term> 327 385 <listitem> 328 <para>is a <application>Perl</application> wrapper script to use 329 <command>stunnel</command> 3.x syntax with <command>stunnel</command> 330 >=4.05.</para> 386 <para> 387 is a <application>Perl</application> wrapper script to use 388 <command>stunnel</command> 3.x syntax with 389 <command>stunnel</command> 4.05 or later. 390 </para> 331 391 <indexterm zone="stunnel stunnel3"> 332 392 <primary sortas="b-stunnel3">stunnel3</primary> … … 338 398 <term><filename class='libraryfile'>libstunnel.so</filename></term> 339 399 <listitem> 340 <para> contains the API functions required by 341 <application>stunnel</application>.</para> 400 <para> 401 contains the API functions required by 402 <application>stunnel</application>. 403 </para> 342 404 <indexterm zone="stunnel libstunnel"> 343 405 <primary sortas="c-libstunnel">libstunnel.so</primary> -
postlfs/security/syslog.xml
r914049f6 r47274444 1 1 <sect1 id="postlfs-security-syslog"> 2 <sect1info> 3 <othername>$LastChangedBy$</othername> 4 <date>$Date$</date> 5 </sect1info> 6 <?dbhtml filename="syslog.html"?> 7 <title>Configuring syslog</title> 2 <?dbhtml filename="syslog.html"?> 3 <sect1info> 4 <othername>$LastChangedBy$</othername> 5 <date>$Date$</date> 6 </sect1info> 8 7 9 <para>TO BE WRITTEN - NEW</para> 8 <title>Configuring syslog</title> 9 10 <para> 11 TO BE WRITTEN - NEW 12 </para> 10 13 11 14 </sect1> -
postlfs/security/tripwire.xml
r914049f6 r47274444 30 30 <title>Introduction to Tripwire</title> 31 31 32 <para>The <application>Tripwire</application> package contains programs 33 used to verify the integrity of the files on a given system.</para> 32 <para> 33 The <application>Tripwire</application> package contains programs 34 used to verify the integrity of the files on a given system. 35 </para> 34 36 35 37 &lfs91_checked; … … 38 40 <itemizedlist spacing="compact"> 39 41 <listitem> 40 <para>Download (HTTP): <ulink url="&tripwire-download-http;"/></para> 41 </listitem> 42 <listitem> 43 <para>Download (FTP): <ulink url="&tripwire-download-ftp;"/></para> 44 </listitem> 45 <listitem> 46 <para>Download MD5 sum: &tripwire-md5sum;</para> 47 </listitem> 48 <listitem> 49 <para>Download size: &tripwire-size;</para> 50 </listitem> 51 <listitem> 52 <para>Estimated disk space required: &tripwire-buildsize;</para> 53 </listitem> 54 <listitem> 55 <para>Estimated build time: &tripwire-time;</para> 42 <para> 43 Download (HTTP): <ulink url="&tripwire-download-http;"/> 44 </para> 45 </listitem> 46 <listitem> 47 <para> 48 Download (FTP): <ulink url="&tripwire-download-ftp;"/> 49 </para> 50 </listitem> 51 <listitem> 52 <para> 53 Download MD5 sum: &tripwire-md5sum; 54 </para> 55 </listitem> 56 <listitem> 57 <para> 58 Download size: &tripwire-size; 59 </para> 60 </listitem> 61 <listitem> 62 <para> 63 Estimated disk space required: &tripwire-buildsize; 64 </para> 65 </listitem> 66 <listitem> 67 <para> 68 Estimated build time: &tripwire-time; 69 </para> 56 70 </listitem> 57 71 </itemizedlist> 58 <!-- 59 <note> 60 <para> 61 The <application>tripwire</application> source tarball shown above 62 downloads with the correct name, tripwire-open-source-&tripwire-version;.tar.gz, 63 if using a browser such as Firefox. If you prefer to use a command line 64 program such as wget, you normally would obtain 65 &tripwire-version;.tar.gz. To obtain this package with the proper 66 filename, run: 67 68 <screen><userinput>wget -c https://github.com/Tripwire/tripwire-open-source/archive/&tripwire-version;.tar.gz \ 69 -O tripwire-open-source-&tripwire-version;.tar.gz</userinput></screen>. 70 </para> 71 </note> 72 --> 72 73 73 <bridgehead renderas="sect3">Tripwire Dependencies</bridgehead> 74 74 <!-- 75 75 <bridgehead renderas="sect4">Recommended</bridgehead> 76 <para role="recommended"><xref linkend="openssl"/></para> 76 <para role="recommended"> 77 <xref linkend="openssl"/> 78 </para> 77 79 --> 78 80 79 81 <bridgehead renderas="sect4">Optional</bridgehead> 80 <para role="optional">An <xref linkend="server-mail"/></para> 82 <para role="optional"> 83 An <xref linkend="server-mail"/> 84 </para> 81 85 82 86 <para condition="html" role="usernotes">User Notes: … … 88 92 <title>Installation of Tripwire</title> 89 93 90 <para>Compile <application>Tripwire</application> by running the following 91 commands:</para> 94 <para> 95 Compile <application>Tripwire</application> by running the following 96 commands: 97 </para> 92 98 93 99 <screen><userinput>sed -e '/^CLOBBER/s/false/true/' \ … … 106 112 make</userinput></screen> 107 113 108 <note><para>The default configuration is to use a local MTA. If 109 you don't have an MTA installed and have no wish to install 110 one, modify <filename>install/install.cfg</filename> to use an SMTP 111 server instead. Otherwise the install will fail.</para></note> 112 113 <para>This package does not come with a test suite.</para> 114 115 <para>Now, as the <systemitem class="username">root</systemitem> user:</para> 114 <note> 115 <para> 116 The default configuration is to use a local MTA. If 117 you don't have an MTA installed and have no wish to install 118 one, modify <filename>install/install.cfg</filename> to use an SMTP 119 server instead. Otherwise the install will fail. 120 </para> 121 </note> 122 123 <para> 124 This package does not come with a test suite. 125 </para> 126 127 <para> 128 Now, as the <systemitem class="username">root</systemitem> user: 129 </para> 116 130 117 131 <screen role="root"><userinput>make install && … … 183 197 <title>Config Files</title> 184 198 185 <para><filename>/etc/tripwire/*</filename></para> 199 <para> 200 <filename>/etc/tripwire/*</filename> 201 </para> 186 202 187 203 <indexterm zone="tripwire tripwire-config"> … … 194 210 <title>Configuration Information</title> 195 211 196 <para><application>Tripwire</application> uses a policy file to 197 determine which files are integrity checked. The default policy 198 file (<filename>/etc/tripwire/twpol.txt</filename>) is for a 199 default installation and will need to be updated for your 200 system.</para> 201 202 <para>Policy files should be tailored to each individual distribution 203 and/or installation. Some example policy files can be found in <filename 204 class="directory">/usr/share/doc/tripwire/</filename>.</para> 205 206 <para>If desired, copy the policy file you'd like to try into <filename 207 class="directory">/etc/tripwire/</filename> instead of using the default 208 policy file, <filename>twpol.txt</filename>. It is, however, recommended 209 that you edit your policy file. Get ideas from the examples above and 210 read <filename>/usr/share/doc/tripwire/policyguide.txt</filename> for 211 additional information. <filename>twpol.txt</filename> is a good policy 212 file for learning about <application>Tripwire</application> as it will 213 note any changes to the file system and can even be used as an annoying 214 way of keeping track of changes for uninstallation of software.</para> 215 216 <para>After your policy file has been edited to your satisfaction you may 217 begin the configuration steps (perform as the <systemitem 218 class='username'>root</systemitem>) user:</para> 212 <para> 213 <application>Tripwire</application> uses a policy file to 214 determine which files are integrity checked. The default policy 215 file (<filename>/etc/tripwire/twpol.txt</filename>) is for a 216 default installation and will need to be updated for your 217 system. 218 </para> 219 220 <para> 221 Policy files should be tailored to each individual distribution and/or 222 installation. Some example policy files can be found in <filename 223 class="directory">/usr/share/doc/tripwire/</filename>. 224 </para> 225 226 <para> 227 If desired, copy the policy file you'd like to try into <filename 228 class="directory">/etc/tripwire/</filename> instead of using the 229 default policy file, <filename>twpol.txt</filename>. It is, however, 230 recommended that you edit your policy file. Get ideas from the 231 examples above and read 232 <filename>/usr/share/doc/tripwire/policyguide.txt</filename> for 233 additional information. <filename>twpol.txt</filename> is a good 234 policy file for learning about <application>Tripwire</application> 235 as it will note any changes to the file system and can even be used 236 as an annoying way of keeping track of changes for uninstallation of 237 software. 238 </para> 239 240 <para> 241 After your policy file has been edited to your satisfaction you may 242 begin the configuration steps (perform as the <systemitem 243 class='username'>root</systemitem>) user: 244 </para> 219 245 220 246 <screen role="root"><userinput>twadmin --create-polfile --site-keyfile /etc/tripwire/site.key \ … … 222 248 tripwire --init</userinput></screen> 223 249 224 <para>Depending on your system and the contents of the policy file, the 225 initialization phase above can take a relatively long time.</para> 250 <para> 251 Depending on your system and the contents of the policy file, the 252 initialization phase above can take a relatively long time. 253 </para> 226 254 227 255 </sect3> … … 230 258 <title>Usage Information</title> 231 259 232 <para><application>Tripwire</application> will identify file changes in 233 the critical system files specified in the policy file. Using 234 <application>Tripwire</application> while making frequent changes to 235 these directories will flag all these changes. It is most useful after a 236 system has reached a configuration that the user considers stable.</para> 237 238 <para>To use <application>Tripwire</application> after creating a policy 239 file to run a report, use the following command:</para> 260 <para> 261 <application>Tripwire</application> will identify file changes in 262 the critical system files specified in the policy file. Using 263 <application>Tripwire</application> while making frequent changes to 264 these directories will flag all these changes. It is most useful 265 after a system has reached a configuration that the user considers 266 stable. 267 </para> 268 269 <para> 270 To use <application>Tripwire</application> after creating a policy 271 file to run a report, use the following command: 272 </para> 240 273 241 274 <screen role="root"><userinput>tripwire --check > /etc/tripwire/report.txt</userinput></screen> 242 275 243 <para>View the output to check the integrity of your files. An automatic 244 integrity report can be produced by using a cron facility to schedule the 245 runs.</para> 246 247 <para>Reports are stored in binary and, if desired, encrypted. View reports, 248 as the <systemitem class="username">root</systemitem> user, with:</para> 249 250 <screen role="root"><userinput>twprint --print-report -r /var/lib/tripwire/report/<replaceable><report-name.twr></replaceable></userinput></screen> 251 252 <para>After you run an integrity check, you should examine the 253 report (or email) and then modify the <application>Tripwire</application> 254 database to reflect the changed files on your system. This is so that 255 <application>Tripwire</application> will not continually notify you that 256 files you intentionally changed are a security violation. To do this you 257 must first <command>ls -l /var/lib/tripwire/report/</command> and note 258 the name of the newest file which starts with your system name as 259 presented by the command <userinput>uname -n</userinput> 260 and ends in <filename>.twr</filename>. These files were created 261 during report creation and the most current one is needed to update the 262 <application>Tripwire</application> database of your system. As the 263 <systemitem class='username'>root</systemitem> user, type in the 264 following command making the appropriate report name:</para> 265 266 <screen role="root"><userinput>tripwire --update --twrfile /var/lib/tripwire/report/<replaceable><report-name.twr></replaceable></userinput></screen> 267 268 <para>You will be placed into <application>Vim</application> with a copy 269 of the report in front of you. If all the changes were good, then just 270 type <command>:wq</command> and after entering your local key, the database 271 will be updated. If there are files which you still want to be warned 272 about, remove the 'x' before the filename in the report and type 273 <command>:wq</command>.</para> 274 275 <!-- 10-12-2013 bad URL and no good URL found 276 <para>A good summary of tripwire operations can be found at 277 <ulink url="http://va-holladays.no-ip.info:2200/tools/security-docs/tripwire-v1.0.pdf"/>.</para> 278 --> 276 <para> 277 View the output to check the integrity of your files. An automatic 278 integrity report can be produced by using a cron facility to schedule 279 the runs. 280 </para> 281 282 <para> 283 Reports are stored in binary and, if desired, encrypted. View reports, 284 as the <systemitem class="username">root</systemitem> user, with: 285 </para> 286 287 <screen role="nodump"><userinput>twprint --print-report -r /var/lib/tripwire/report/<replaceable><report-name.twr></replaceable></userinput></screen> 288 289 <para> 290 After you run an integrity check, you should examine the report (or 291 email) and then modify the <application>Tripwire</application> database 292 to reflect the changed files on your system. This is so that 293 <application>Tripwire</application> will not continually notify you 294 hat files you intentionally changed are a security violation. To do 295 this you must first <command>ls -l /var/lib/tripwire/report/</command> 296 and note the name of the newest file which starts with your system 297 name as presented by the command <userinput>uname -n</userinput> and 298 ends in <filename>.twr</filename>. These files were created during 299 report creation and the most current one is needed to update the 300 <application>Tripwire</application> database of your system. As the 301 <systemitem class='username'>root</systemitem> user, type in the 302 following command making the appropriate report name: 303 </para> 304 305 <screen role="nodump"><userinput>tripwire --update --twrfile /var/lib/tripwire/report/<replaceable><report-name.twr></replaceable></userinput></screen> 306 307 <para> 308 You will be placed into <application>Vim</application> with a copy 309 of the report in front of you. If all the changes were good, then just 310 type <command>:wq</command> and after entering your local key, the 311 database will be updated. If there are files which you still want to 312 be warned about, remove the 'x' before the filename in the report and 313 type <command>:wq</command>. 314 </para> 315 279 316 </sect3> 280 317 … … 282 319 <title>Changing the Policy File</title> 283 320 284 <para>If you are unhappy with your policy file and would like to modify 285 it or use a new one, modify the policy file and then execute the following 286 commands as the <systemitem class='username'>root</systemitem> user:</para> 287 288 <screen role="root"><userinput>twadmin --create-polfile /etc/tripwire/twpol.txt && 321 <para> 322 If you are unhappy with your policy file and would like to modify it 323 or use a new one, modify the policy file and then execute the following 324 commands as the <systemitem class='username'>root</systemitem> user: 325 </para> 326 327 <screen role="nodump"><userinput>twadmin --create-polfile /etc/tripwire/twpol.txt && 289 328 tripwire --init</userinput></screen> 290 329 … … 317 356 <term><command>siggen</command></term> 318 357 <listitem> 319 <para>is a signature gathering utility that displays 320 the hash function values for the specified files.</para> 358 <para> 359 is a signature gathering utility that displays 360 the hash function values for the specified files. 361 </para> 321 362 <indexterm zone="tripwire siggen"> 322 363 <primary sortas="b-siggen">siggen</primary> … … 328 369 <term><command>tripwire</command></term> 329 370 <listitem> 330 <para>is the main file integrity checking program.</para> 371 <para> 372 is the main file integrity checking program. 373 </para> 331 374 <indexterm zone="tripwire tripwire"> 332 375 <primary sortas="b-tripwire">tripwire</primary> … … 338 381 <term><command>twadmin</command></term> 339 382 <listitem> 340 <para>administrative and utility tool used to perform 341 certain administrative functions related to 342 <application>Tripwire</application> files and configuration 343 options.</para> 383 <para> 384 administrative and utility tool used to perform 385 certain administrative functions related to 386 <application>Tripwire</application> files and configuration 387 options. 388 </para> 344 389 <indexterm zone="tripwire twadmin"> 345 390 <primary sortas="b-twadmin">twadmin</primary> … … 351 396 <term><command>twprint</command></term> 352 397 <listitem> 353 <para>prints <application>Tripwire</application> 354 database and report files in clear text format.</para> 398 <para> 399 prints <application>Tripwire</application> 400 database and report files in clear text format. 401 </para> 355 402 <indexterm zone="tripwire twprint"> 356 403 <primary sortas="b-twprint">twprint</primary> -
postlfs/security/volume_key.xml
r914049f6 r47274444 106 106 107 107 <note> 108 <para>This package expands to the directory 109 volume_key-volume_key-&volume_key-version;. 108 <para> 109 This package expands to the directory 110 volume_key-volume_key-&volume_key-version;. 110 111 </para> 111 112 </note> -
postlfs/security/vulnerabilities.xml
r914049f6 r47274444 24 24 <title>About vulnerabilities</title> 25 25 26 <para>All software has bugs. Sometimes, a bug can be exploited, for example 27 to allow users to gain enhanced privileges (perhaps gaining a root shell, or 28 simply accessing or deleting other user's files), or to allow a remote 29 site to crash an application (denial of service), or for theft of data. These 30 bugs are labelled as vulnerabilities.</para> 31 32 <para>The main place where vulnerabilities get logged is 33 <ulink url="http://cve.mitre.org">cve.mitre.org</ulink>. 34 Unfortunately, many vulnerability numbers (CVE-yyyy-nnnn) are initially only 35 labelled as "reserved" when distributions start issuing fixes. Also, some 36 vulnerabilities apply to particular combinations of 37 <command>configure</command> options, or only apply to old versions of 38 packages which have long since been updated in BLFS.</para> 39 40 <para>BLFS differs from distributions - there is no BLFS security team, and 41 the editors only become aware of vulnerabilities after they are public 42 knowledge. Sometimes, a package with a vulnerability will not be updated in 43 the book for a long time. Issues can be logged in the Trac system, which 44 might speed up resolution.</para> 45 46 <para>The normal way for BLFS to fix a vulnerability is, ideally, to update 47 the book to a new fixed release of the package. Sometimes that happens even 48 before the vulnerability is public knowledge, so there is no guarantee that 49 it will be shown as a vulnerability fix in the Changelog. Alternatively, a 50 <command>sed</command> command, or a patch taken from a distribution, may be 51 appropriate.</para> 52 53 <para>The bottom line is that you are responsible for your own security, and 54 for assessing the potential impact of any problems.</para> 55 56 <para>To keep track of what is being discovered, you may wish to follow the 57 security announcements of one or more distributions. For example, Debian has 58 <ulink url="http://www.debian.org/security">Debian security</ulink>. 59 Fedora's links on security are at 60 <ulink url="http://fedoraproject.org/wiki/Security">the Fedora wiki</ulink>. 61 Details of Gentoo linux security announcements are discussed at 62 <ulink url="https://security.gentoo.org">Gentoo security</ulink>. 63 Finally, the Slackware archives of security announcements are at 64 <ulink url="http://slackware.com/security">Slackware security</ulink>. 26 <para> 27 All software has bugs. Sometimes, a bug can be exploited, for example to 28 allow users to gain enhanced privileges (perhaps gaining a root shell, 29 or simply accessing or deleting other user's files), or to allow a 30 remote site to crash an application (denial of service), or for theft of 31 data. These bugs are labelled as vulnerabilities. 65 32 </para> 66 33 67 <para>The most general English source is perhaps 68 <ulink url="http://seclists.org/fulldisclosure">the Full Disclosure Mailing 69 List</ulink>, but please read the comment on that page. If you use other 70 languages you may prefer other sites such as http://www.heise.de/security 71 <ulink url="http://www.heise.de/security">heise.de</ulink> (German) or 72 <ulink url="http://www.cert.hr">cert.hr</ulink> (Croatian). These are not 73 linux-specific. There is also a daily update at lwn.net for subscribers 74 (free access to the data after 2 weeks, but their vulnerabilities database at 75 <ulink url="http://lwn.net/Vulnerabilities/">lwn.net/Vulnerabilities</ulink> 76 is unrestricted).</para> 34 <para> 35 The main place where vulnerabilities get logged is 36 <ulink url="http://cve.mitre.org">cve.mitre.org</ulink>. Unfortunately, 37 many vulnerability numbers (CVE-yyyy-nnnn) are initially only labelled 38 as "reserved" when distributions start issuing fixes. Also, some 39 vulnerabilities apply to particular combinations of 40 <command>configure</command> options, or only apply to old versions of 41 packages which have long since been updated in BLFS. 42 </para> 77 43 78 <para>For some packages, subscribing to their 'announce' lists 79 will provide prompt news of newer versions.</para> 44 <para> 45 BLFS differs from distributions—there is no BLFS security team, and 46 the editors only become aware of vulnerabilities after they are public 47 knowledge. Sometimes, a package with a vulnerability will not be updated 48 in the book for a long time. Issues can be logged in the Trac system, 49 which might speed up resolution. 50 </para> 51 52 <para> 53 The normal way for BLFS to fix a vulnerability is, ideally, to update 54 the book to a new fixed release of the package. Sometimes that happens 55 even before the vulnerability is public knowledge, so there is no 56 guarantee that it will be shown as a vulnerability fix in the Changelog. 57 Alternatively, a <command>sed</command> command, or a patch taken from 58 a distribution, may be appropriate. 59 </para> 60 61 <para> 62 The bottom line is that you are responsible for your own security, and 63 for assessing the potential impact of any problems. 64 </para> 65 66 <para> 67 To keep track of what is being discovered, you may wish to follow the 68 security announcements of one or more distributions. For example, Debian 69 has <ulink url="http://www.debian.org/security">Debian security</ulink>. 70 Fedora's links on security are at <ulink 71 url="http://fedoraproject.org/wiki/Security">the Fedora wiki</ulink>. 72 Details of Gentoo linux security announcements are discussed at 73 <ulink url="https://security.gentoo.org">Gentoo security</ulink>. 74 Finally, the Slackware archives of security announcements are at 75 <ulink url="http://slackware.com/security">Slackware security</ulink>. 76 </para> 77 78 <para> 79 The most general English source is perhaps 80 <ulink url="http://seclists.org/fulldisclosure">the Full Disclosure 81 Mailing List</ulink>, but please read the comment on that page. If you 82 use other languages you may prefer other sites such as <ulink 83 url="http://www.heise.de/security">heise.de</ulink> (German) or <ulink 84 url="http://www.cert.hr">cert.hr</ulink> (Croatian). These are not 85 linux-specific. There is also a daily update at lwn.net for subscribers 86 (free access to the data after 2 weeks, but their vulnerabilities 87 database at <ulink 88 url="http://lwn.net/Vulnerabilities/">lwn.net/Vulnerabilities</ulink> 89 is unrestricted). 90 </para> 91 92 <para> 93 For some packages, subscribing to their 'announce' lists 94 will provide prompt news of newer versions. 95 </para> 80 96 81 97 <para condition="html" role="usernotes">User Notes: -
postlfs/shells/dash.xml
r914049f6 r47274444 30 30 <title>Introduction to Dash</title> 31 31 32 <para><application>Dash</application> is a POSIX compliant shell. It can be 33 installed as /bin/sh or as the default shell for either <systemitem 34 class="username">root</systemitem> or a second user with a userid of 0. It 35 depends on fewer libraries than the <application>Bash</application> shell 36 and is therefore less likely to be affected by an upgrade problem or disk 37 failure. <application>Dash</application> is also useful for checking that 38 a script is completely compatible with POSIX syntax.</para> 32 <para> 33 <application>Dash</application> is a POSIX compliant shell. It can be 34 installed as /bin/sh or as the default shell for either <systemitem 35 class="username">root</systemitem> or a second user with a userid of 0. 36 It depends on fewer libraries than the <application>Bash</application> 37 shell and is therefore less likely to be affected by an upgrade problem 38 or disk failure. <application>Dash</application> is also useful for 39 checking that a script is completely compatible with POSIX syntax. 40 </para> 39 41 40 42 &lfs91_checked; … … 43 45 <itemizedlist spacing="compact"> 44 46 <listitem> 45 <para>Download (HTTP): <ulink url="&dash-download-http;"/></para> 46 </listitem> 47 <listitem> 48 <para>Download (FTP): <ulink url="&dash-download-ftp;"/></para> 49 </listitem> 50 <listitem> 51 <para>Download MD5 sum: &dash-md5sum;</para> 52 </listitem> 53 <listitem> 54 <para>Download size: &dash-size;</para> 55 </listitem> 56 <listitem> 57 <para>Estimated disk space required: &dash-buildsize;</para> 58 </listitem> 59 <listitem> 60 <para>Estimated build time: &dash-time;</para> 47 <para> 48 Download (HTTP): <ulink url="&dash-download-http;"/> 49 </para> 50 </listitem> 51 <listitem> 52 <para> 53 Download (FTP): <ulink url="&dash-download-ftp;"/> 54 </para> 55 </listitem> 56 <listitem> 57 <para> 58 Download MD5 sum: &dash-md5sum; 59 </para> 60 </listitem> 61 <listitem> 62 <para> 63 Download size: &dash-size; 64 </para> 65 </listitem> 66 <listitem> 67 <para> 68 Estimated disk space required: &dash-buildsize; 69 </para> 70 </listitem> 71 <listitem> 72 <para> 73 Estimated build time: &dash-time; 74 </para> 61 75 </listitem> 62 76 </itemizedlist> … … 65 79 66 80 <bridgehead renderas="sect4">Optional</bridgehead> 67 <para role="optional"><ulink url="http://www.thrysoee.dk/editline/">libedit</ulink> 68 (command line editor library)</para> 81 <para role="optional"> 82 <ulink url="http://www.thrysoee.dk/editline/">libedit</ulink> 83 (command line editor library) 84 </para> 69 85 70 86 <para condition="html" role="usernotes">User Notes: … … 76 92 <title>Installation of Dash</title> 77 93 78 <para>Install <application>Dash</application> by running the following 79 commands:</para> 94 <para> 95 Install <application>Dash</application> by running the following 96 commands: 97 </para> 80 98 81 99 <screen><userinput>./configure --bindir=/bin --mandir=/usr/share/man && 82 100 make</userinput></screen> 83 101 84 <para>This package does not come with a test suite.</para> 85 86 <para>Now, as the <systemitem class="username">root</systemitem> user:</para> 102 <para> 103 This package does not come with a test suite. 104 </para> 105 106 <para> 107 Now, as the <systemitem class="username">root</systemitem> user: 108 </para> 87 109 88 110 <screen role="root"><userinput>make install</userinput></screen> 89 111 90 <para>If you would like to make <command>dash</command> the default 91 <command>sh</command>, recreate the <filename>/bin/sh</filename> 92 symlink as the <systemitem class="username">root</systemitem> user:</para> 93 94 <note><para>If you create the symbolic link from <command>dash</command> 95 to <command>sh</command>, you will need to reset the link to 96 <command>bash</command> to build LFS. </para></note> 112 <para> 113 If you would like to make <command>dash</command> the default 114 <command>sh</command>, recreate the <filename>/bin/sh</filename> 115 symlink as the <systemitem class="username">root</systemitem> user: 116 </para> 117 118 <note> 119 <para> 120 If you create the symbolic link from <command>dash</command> 121 to <command>sh</command>, you will need to reset the link to 122 <command>bash</command> to build LFS. 123 </para> 124 </note> 97 125 98 126 <screen role="nodump"><userinput>ln -svf dash /bin/sh</userinput></screen> … … 103 131 <title>Command Explanations</title> 104 132 105 <para><parameter>--bindir=/bin</parameter>: This parameter places the 106 <command>dash</command> binary into the root filesystem.</para> 107 108 <para><option>--with-libedit</option>: To compile <application>Dash</application> 109 with libedit support.</para> 133 <para> 134 <parameter>--bindir=/bin</parameter>: This parameter places the 135 <command>dash</command> binary into the root filesystem. 136 </para> 137 138 <para> 139 <option>--with-libedit</option>: To compile 140 <application>Dash</application> with libedit support. 141 </para> 110 142 111 143 </sect2> … … 117 149 <title>Config Files</title> 118 150 119 <para><application>Dash</application> sources 120 <filename>/etc/profile</filename> and 121 <filename>~/.profile</filename></para> 151 <para> 152 <application>Dash</application> sources 153 <filename>/etc/profile</filename> and 154 <filename>~/.profile</filename> 155 </para> 122 156 123 157 <indexterm zone="dash dash-config"> … … 134 168 <title>Configuration Information</title> 135 169 136 <para>Update <filename>/etc/shells</filename> to include the 137 <application>Dash</application> shell by issuing the following command 138 as the <systemitem class="username">root</systemitem> user:</para> 170 <para> 171 Update <filename>/etc/shells</filename> to include the 172 <application>Dash</application> shell by issuing the following command 173 as the <systemitem class="username">root</systemitem> user: 174 </para> 139 175 140 176 <screen role="root"><userinput>cat >> /etc/shells << "EOF" … … 169 205 <term><command>dash</command></term> 170 206 <listitem> 171 <para>is a POSIX compliant shell.</para> 207 <para> 208 is a POSIX compliant shell. 209 </para> 172 210 <indexterm zone="dash dash-prog"> 173 211 <primary sortas="b-dash">dash</primary> -
postlfs/virtualization/qemu.xml
r914049f6 r47274444 30 30 <title>Introduction to qemu</title> 31 31 32 <para><application>qemu</application> is a full virtualization solution 33 for Linux on x86 hardware containing virtualization extensions (Intel VT or 34 AMD-V).</para> 32 <para> 33 <application>qemu</application> is a full virtualization solution for 34 Linux on x86 hardware containing virtualization extensions (Intel VT or 35 AMD-V). 36 </para> 35 37 36 38 &lfs91_checked; … … 39 41 <itemizedlist spacing="compact"> 40 42 <listitem> 41 <para>Download (HTTP): <ulink url="&qemu-download-http;"/></para> 43 <para> 44 Download (HTTP): <ulink url="&qemu-download-http;"/> 45 </para> 42 46 </listitem> 43 47 <listitem> 44 <para>Download (FTP): <ulink url="&qemu-download-ftp;"/></para> 48 <para> 49 Download (FTP): <ulink url="&qemu-download-ftp;"/> 50 </para> 45 51 </listitem> 46 52 <listitem> 47 <para>Download MD5 sum: &qemu-md5sum;</para> 53 <para> 54 Download MD5 sum: &qemu-md5sum; 55 </para> 48 56 </listitem> 49 57 <listitem> 50 <para>Download size: &qemu-size;</para> 58 <para> 59 Download size: &qemu-size; 60 </para> 51 61 </listitem> 52 62 <listitem> 53 <para>Estimated disk space required: &qemu-buildsize;</para> 63 <para> 64 Estimated disk space required: &qemu-buildsize; 65 </para> 54 66 </listitem> 55 67 <listitem> 56 <para>Estimated build time: &qemu-time;</para> 68 <para> 69 Estimated build time: &qemu-time; 70 </para> 57 71 </listitem> 58 72 </itemizedlist> … … 110 124 <title>KVM Prerequisites</title> 111 125 112 <para>Before building <application>qemu</application>, check to see if 113 your processor supports Virtualization Technology (VT):</para> 126 <para> 127 Before building <application>qemu</application>, check to see if 128 your processor supports Virtualization Technology (VT): 129 </para> 114 130 115 131 <screen><userinput>egrep '^flags.*(vmx|svm)' /proc/cpuinfo</userinput></screen> 116 132 117 <para>If you get any output, you have VT technology (vmx for Intel 118 processors and svm for AMD processors). You then need to go into your 119 system BIOS and ensure it is enabled. After enabing, reboot back to your 120 LFS instance.</para> 133 <para> 134 If you get any output, you have VT technology (vmx for Intel 135 processors and svm for AMD processors). You then need to go into your 136 system BIOS and ensure it is enabled. After enabing, reboot back to your 137 LFS instance. 138 </para> 121 139 122 140 </sect2> … … 125 143 <title>Kernel Configuration</title> 126 144 127 <para>Enable the following options in the kernel configuration and 128 recompile the kernel if necessary:</para> 145 <para> 146 Enable the following options in the kernel configuration and 147 recompile the kernel if necessary: 148 </para> 129 149 130 150 <screen><literal>[*] Virtualization: ---> [CONFIG_VIRTUALIZATION] … … 137 157 </indexterm> 138 158 139 <para>The Intel or AMD settings are not both required, but the one matching 140 your system processor is required.</para> 159 <para> 160 The Intel or AMD settings are not both required, but the one matching 161 your system processor is required. 162 </para> 141 163 142 164 <para> … … 173 195 <screen role="root"><userinput>usermod -a -G kvm <replaceable><username></replaceable></userinput></screen> 174 196 175 <para>Install <application>qemu</application> by running the following 176 commands:</para> 177 178 <note><para>Qemu is capable of running many targets. The build process 179 is also capable of building multiple targets at one time in a 180 comma delimited list assigned to <option>--target-list</option>. Run 181 <command>./configure --help</command> to get a complete list of 182 available targets.</para></note> 197 <para> 198 Install <application>qemu</application> by running the following 199 commands: 200 </para> 201 202 <note> 203 <para> 204 Qemu is capable of running many targets. The build process 205 is also capable of building multiple targets at one time in a 206 comma delimited list assigned to <option>--target-list</option>. Run 207 <command>./configure --help</command> to get a complete list of 208 available targets. 209 </para> 210 </note> 183 211 184 212 … … 231 259 232 260 <note> 233 <para>For convenience you may want to create a symbolic link to run 234 the installed program. For instance:</para> 261 <para> 262 For convenience you may want to create a symbolic link to run 263 the installed program. For instance: 264 </para> 235 265 236 266 <screen role="root"><userinput>ln -sv qemu-system-`uname -m` /usr/bin/qemu</userinput></screen> … … 500 530 added as needed when qemu is started. 501 531 </para> 502 <!-- Place holder for systemd: bridgeutils page does not have configuration 503 information for systemd: 532 504 533 <para revision="systemd"> 505 TODO 506 </para>--> 507 508 <para revision="systemd"><!-- On SYS-V, IP_FORWARD is enabled by the 509 bridge script. --> 534 <!-- On SYS-V, IP_FORWARD is enabled by the bridge script. --> 510 535 Allow the host to forward IP packets: 511 536 </para> … … 575 600 <term><command>ivshmem-client</command></term> 576 601 <listitem> 577 <para>is a standalone client for using the ivshmem device.</para> 602 <para> 603 is a standalone client for using the ivshmem device. 604 </para> 578 605 <indexterm zone="qemu ivshmem-client"> 579 606 <primary sortas="b-ivshmem-client">ivshmem-client</primary> … … 585 612 <term><command>ivshmem-server</command></term> 586 613 <listitem> 587 <para>is an example server for the ivshmem device.</para> 614 <para> 615 is an example server for the ivshmem device. 616 </para> 588 617 <indexterm zone="qemu ivshmem-server"> 589 618 <primary sortas="b-ivshmem-server">ivshmem-server</primary> … … 595 624 <term><command>qemu-edid</command></term> 596 625 <listitem> 597 <para>is a test tool for the qemu EDID generator.</para> 626 <para> 627 is a test tool for the qemu EDID generator. 628 </para> 598 629 <indexterm zone="qemu qemu-edid"> 599 630 <primary sortas="b-qemu-edid">qemu-edid</primary> … … 605 636 <term><command>qemu-ga</command></term> 606 637 <listitem> 607 <para>implements support for QMP (QEMU Monitor Protocol) commands and 608 events that terminate and originate respectively within the guest 609 using an agent built as part of QEMU.</para> 638 <para> 639 implements support for QMP (QEMU Monitor Protocol) commands and 640 events that terminate and originate respectively within the guest 641 using an agent built as part of QEMU. 642 </para> 610 643 <indexterm zone="qemu qemu-ga"> 611 644 <primary sortas="b-qemu-ga">qemu-ga</primary> … … 617 650 <term><command>qemu-img</command></term> 618 651 <listitem> 619 <para>provides commands to manage QEMU disk images.</para> 652 <para> 653 provides commands to manage QEMU disk images. 654 </para> 620 655 <indexterm zone="qemu qemu-img"> 621 656 <primary sortas="b-qemu-img">qemu-img</primary> … … 627 662 <term><command>qemu-io</command></term> 628 663 <listitem> 629 <para>is a diagnostic and manipulation program for (virtual) memory 630 media. It is still at an early stage of development.</para> 664 <para> 665 is a diagnostic and manipulation program for (virtual) memory 666 media. It is still at an early stage of development. 667 </para> 631 668 <indexterm zone="qemu qemu-io"> 632 669 <primary sortas="b-qemu-io">qemu-io</primary> … … 638 675 <term><command>qemu-nbd</command></term> 639 676 <listitem> 640 <para>exports Qemu disk images using the QEMU Disk Network Block 641 Device (NBD) protocol.</para> 677 <para> 678 exports Qemu disk images using the QEMU Disk Network Block 679 Device (NBD) protocol. 680 </para> 642 681 <indexterm zone="qemu qemu-nbd"> 643 682 <primary sortas="b-qemu-nbd">qemu-nbd</primary> … … 649 688 <term><command>qemu-system-x86_64</command></term> 650 689 <listitem> 651 <para>is the QEMU PC System emulator.</para> 690 <para> 691 is the QEMU PC System emulator. 692 </para> 652 693 <indexterm zone="qemu qemu-system"> 653 694 <primary sortas="b-qemu-system">qemu-system-x86_64</primary> … … 659 700 <term><command>virtfs-proxy-helper</command></term> 660 701 <listitem> 661 <para>creates a socket pair or a named socket. QEMU and proxy helper 662 communicate using this socket. QEMU proxy fs driver sends 663 filesystem request to proxy helper and receives the response 664 from it.</para> 702 <para> 703 creates a socket pair or a named socket. QEMU and proxy helper 704 communicate using this socket. QEMU proxy fs driver sends 705 filesystem request to proxy helper and receives the response 706 from it. 707 </para> 665 708 <indexterm zone="qemu virtfs-proxy-helper"> 666 709 <primary sortas="b-virtfs-proxy-helper">virtfs-proxy-helper</primary> -
pst/ps/paps.xml
r914049f6 r47274444 30 30 <title>Introduction to paps</title> 31 31 32 <para><application>paps</application> is a text to PostScript converter 33 that works through <application>Pango</application>. Its input is a UTF-8 34 encoded text file and it outputs vectorized PostScript. It may be used for 35 printing any complex script supported by <application>Pango</application>. 32 <para> 33 <application>paps</application> is a text to PostScript converter that 34 works through <application>Pango</application>. Its input is a UTF-8 35 encoded text file and it outputs vectorized PostScript. It may be used 36 for printing any complex script supported by 37 <application>Pango</application>. 36 38 </para> 37 39 … … 41 43 <itemizedlist spacing="compact"> 42 44 <listitem> 43 <para>Download (HTTP): <ulink url="&paps-download-http;"/></para> 45 <para> 46 Download (HTTP): <ulink url="&paps-download-http;"/> 47 </para> 44 48 </listitem> 45 49 <listitem> 46 <para>Download (FTP): <ulink url="&paps-download-ftp;"/></para> 50 <para> 51 Download (FTP): <ulink url="&paps-download-ftp;"/> 52 </para> 47 53 </listitem> 48 54 <listitem> 49 <para>Download MD5 sum: &paps-md5sum;</para> 55 <para> 56 Download MD5 sum: &paps-md5sum; 57 </para> 50 58 </listitem> 51 59 <listitem> 52 <para>Download size: &paps-size;</para> 60 <para> 61 Download size: &paps-size; 62 </para> 53 63 </listitem> 54 64 <listitem> 55 <para>Estimated disk space required: &paps-buildsize;</para> 65 <para> 66 Estimated disk space required: &paps-buildsize; 67 </para> 56 68 </listitem> 57 69 <listitem> 58 <para>Estimated build time: &paps-time;</para> 70 <para> 71 Estimated build time: &paps-time; 72 </para> 59 73 </listitem> 60 74 </itemizedlist> … … 62 76 <bridgehead renderas="sect3">paps Dependencies</bridgehead> 63 77 <bridgehead renderas="sect4">Required</bridgehead> 64 <para role="required"><xref linkend="pango"/></para> 78 <para role="required"> 79 <xref linkend="pango"/> 80 </para> 65 81 66 82 <bridgehead renderas="sect4">Optional</bridgehead> 67 <para role="optional"><xref linkend="doxygen"/></para> 83 <para role="optional"> 84 <xref linkend="doxygen"/> 85 </para> 68 86 69 87 <para condition="html" role="usernotes">User Notes: … … 75 93 <title>Installation of paps</title> 76 94 77 <para>Install <application>paps</application> by running the following 78 commands:</para> 95 <para> 96 Install <application>paps</application> by running the following 97 commands: 98 </para> 79 99 80 100 <screen><userinput>./configure --prefix=/usr --mandir=/usr/share/man && 81 101 make</userinput></screen> 82 102 83 <para>This package does not come with a test suite.</para> 103 <para> 104 This package does not come with a test suite. 105 </para> 84 106 85 <para>Now, as the <systemitem class="username">root</systemitem> user:</para> 107 <para> 108 Now, as the <systemitem class="username">root</systemitem> user: 109 </para> 86 110 87 111 <screen role="root"><userinput>make install</userinput></screen> … … 112 136 <term><command>paps</command></term> 113 137 <listitem> 114 <para>is a text to PostScript converter that supports UTF-8 115 character encoding.</para> 138 <para> 139 is a text to PostScript converter that supports UTF-8 140 character encoding. 141 </para> 116 142 <indexterm zone="paps paps-prog"> 117 143 <primary sortas="b-paps">paps</primary> -
pst/sgml/docbook-dsssl.xml
r914049f6 r47274444 4 4 <!ENTITY % general-entities SYSTEM "../../general.ent"> 5 5 %general-entities; 6 7 <!-- Inserted as a reminder to do this. The mention of a test suite8 is usually right before the root user installation commands. Please9 delete these 12 (including one blank) lines after you are done.-->10 11 <!-- Use one of the two mentions below about a test suite,12 delete the line that is not applicable. Of course, if the13 test suite uses syntax other than "make check", revise the14 line to reflect the actual syntax to run the test suite -->15 16 <!-- <para>This package does not come with a test suite.</para> -->17 <!-- <para>To test the results, issue: <command>make check</command>.</para> -->18 6 19 7 <!ENTITY docbook-dsssl-download-http "&sourceforge-dl;/docbook/docbook-dsssl-&docbook-dsssl-version;.tar.bz2"> … … 48 36 <title>Introduction to DocBook DSSSL Stylesheets</title> 49 37 50 <para>The <application>DocBook DSSSL Stylesheets</application> package 51 contains DSSSL stylesheets. These are used by 52 <application>OpenJade</application> or other tools to transform SGML 53 and XML DocBook files.</para> 38 <para> 39 The <application>DocBook DSSSL Stylesheets</application> package 40 contains DSSSL stylesheets. These are used by 41 <application>OpenJade</application> or other tools to transform SGML 42 and XML DocBook files. 43 </para> 54 44 55 45 &lfs91_checked; … … 58 48 <itemizedlist spacing="compact"> 59 49 <listitem> 60 <para>Download (HTTP): <ulink url="&docbook-dsssl-download-http;"/></para> 61 </listitem> 62 <listitem> 63 <para>Download (FTP): <ulink url="&docbook-dsssl-download-ftp;"/></para> 64 </listitem> 65 <listitem> 66 <para>Download MD5 sum: &docbook-dsssl-md5sum;</para> 67 </listitem> 68 <listitem> 69 <para>Download size: &docbook-dsssl-size;</para> 70 </listitem> 71 <listitem> 72 <para>Estimated disk space required: &docbook-dsssl-buildsize;</para> 73 </listitem> 74 <listitem> 75 <para>Estimated build time: &docbook-dsssl-time;</para> 50 <para> 51 Download (HTTP): <ulink url="&docbook-dsssl-download-http;"/> 52 </para> 53 </listitem> 54 <listitem> 55 <para> 56 Download (FTP): <ulink url="&docbook-dsssl-download-ftp;"/> 57 </para> 58 </listitem> 59 <listitem> 60 <para> 61 Download MD5 sum: &docbook-dsssl-md5sum; 62 </para> 63 </listitem> 64 <listitem> 65 <para> 66 Download size: &docbook-dsssl-size; 67 </para> 68 </listitem> 69 <listitem> 70 <para> 71 Estimated disk space required: &docbook-dsssl-buildsize; 72 </para> 73 </listitem> 74 <listitem> 75 <para> 76 Estimated build time: &docbook-dsssl-time; 77 </para> 76 78 </listitem> 77 79 </itemizedlist> … … 82 84 83 85 <listitem> 84 <para>Download (HTTP): 85 <ulink url="&docbook-dsssl-doc-download-http;"/></para></listitem> 86 <listitem> 87 <para>Download MD5 sum: &docbook-dsssl-doc-md5sum;</para> 88 </listitem> 89 <listitem> 90 <para>Download size: &docbook-dsssl-doc-size;</para> 86 <para> 87 Download (HTTP): 88 <ulink url="&docbook-dsssl-doc-download-http;"/> 89 </para> 90 </listitem> 91 <listitem> 92 <para> 93 Download MD5 sum: &docbook-dsssl-doc-md5sum; 94 </para> 95 </listitem> 96 <listitem> 97 <para> 98 Download size: &docbook-dsssl-doc-size; 99 </para> 91 100 </listitem> 92 101 </itemizedlist> … … 96 105 97 106 <bridgehead renderas="sect4">Required</bridgehead> 98 <para role="required"><xref linkend="sgml-common"/></para> 107 <para role="required"> 108 <xref linkend="sgml-common"/> 109 </para> 99 110 100 111 <bridgehead renderas="sect4">Required (to Test the DocBook SGML 101 Toolchain)</bridgehead> 102 <para role="required"><xref linkend="sgml-dtd-3"/>, 103 <xref linkend="sgml-dtd"/>, 104 <xref linkend="opensp"/> and 105 <xref linkend="openjade"/></para> 112 Toolchain)</bridgehead> 113 <para role="required"> 114 <xref linkend="sgml-dtd-3"/>, 115 <xref linkend="sgml-dtd"/>, 116 <xref linkend="opensp"/>, and 117 <xref linkend="openjade"/> 118 </para> 106 119 107 120 <para condition="html" role="usernotes">User Notes: … … 113 126 <title>Installation of DocBook DSSSL Stylesheets</title> 114 127 115 <para>If you downloaded the documentation, run:</para> 128 <para> 129 If you downloaded the documentation, run: 130 </para> 116 131 117 132 <screen><userinput>tar -xf ../docbook-dsssl-doc-1.79.tar.bz2 --strip-components=1</userinput></screen> 118 133 119 <para>Install <application>DocBook DSSSL Stylesheets</application> by running 120 the following commands as the <systemitem class="username">root</systemitem> 121 user:</para> 134 <para> 135 Install <application>DocBook DSSSL Stylesheets</application> by running 136 the following commands as the <systemitem 137 class="username">root</systemitem> user: 138 </para> 122 139 123 140 <screen role="root"><userinput>install -v -m755 bin/collateindex.pl /usr/bin && … … 140 157 <title>Command Explanations</title> 141 158 142 <para>The above commands create an installation script for this 143 package.</para> 159 <para> 160 The above commands create an installation script for this package. 161 </para> 144 162 145 163 </sect2> … … 148 166 <title>Testing the DocBook SGML Toolchain (Optional)</title> 149 167 150 <para>The following commands will perform the necessary tests to confirm 151 that your installed DocBook SGML toolchain will produce desired results. 152 You must have the <xref linkend="sgml-dtd-3"/>, <xref linkend="sgml-dtd"/>, 153 <xref linkend="opensp"/> and <xref linkend="openjade"/> packages installed 154 and perform the tests as the 155 <systemitem class="username">root</systemitem> user.</para> 156 157 <para>All tests will be performed from the <filename class='directory'> 158 /usr/share/sgml/docbook/dsssl-stylesheets-&docbook-dsssl-version;/doc/testdata</filename> 159 directory as the <systemitem class="username">root</systemitem> user:</para> 168 <para> 169 The following commands will perform the necessary tests to confirm 170 that your installed DocBook SGML toolchain will produce desired results. 171 You must have the <xref linkend="sgml-dtd-3"/>, 172 <xref linkend="sgml-dtd"/>, <xref linkend="opensp"/>, 173 and <xref linkend="openjade"/> packages installed, 174 and perform the tests as the 175 <systemitem class="username">root</systemitem> user. 176 </para> 177 178 <para> 179 All tests will be performed from the <filename class='directory'> 180 /usr/share/sgml/docbook/dsssl-stylesheets-&docbook-dsssl-version;/doc/testdata 181 </filename> 182 directory as the <systemitem class="username">root</systemitem> user: 183 </para> 160 184 161 185 <screen role="root"><userinput>cd /usr/share/sgml/docbook/dsssl-stylesheets-&docbook-dsssl-version;/doc/testdata</userinput></screen> 162 186 163 <para>The first test should produce no output to stdout (your screen) and 164 create a file named <filename>jtest.rtf</filename> in the current 165 directory:</para> 187 <para> 188 The first test should produce no output to stdout (your screen) and 189 create a file named <filename>jtest.rtf</filename> in the current 190 directory: 191 </para> 166 192 167 193 <screen role="root"><userinput>openjade -t rtf -d jtest.dsl jtest.sgm</userinput></screen> 168 194 169 <para>The next test should return only the following line to stdout: 170 <computeroutput>onsgmls:I: "OpenSP" version "&opensp-version;"</computeroutput></para> 195 <para> 196 The next test should return only the following line to stdout: 197 <computeroutput>onsgmls:I: "OpenSP" version "&opensp-version;"</computeroutput> 198 </para> 171 199 172 200 <screen role="root"><userinput>onsgmls -sv test.sgm</userinput></screen> 173 201 174 <para>The next test should produce no output to stdout and create a file 175 named <filename>test.rtf</filename> in the current directory:</para> 202 <para> 203 The next test should produce no output to stdout and create a file 204 named <filename>test.rtf</filename> in the current directory: 205 </para> 176 206 177 207 <screen role="root"><userinput>openjade -t rtf \ … … 179 209 test.sgm</userinput></screen> 180 210 181 <para>The last test should produce no output to stdout and create a file 182 named <filename>c1.htm</filename> in the current directory:</para> 211 <para> 212 The last test should produce no output to stdout and create a file 213 named <filename>c1.htm</filename> in the current directory: 214 </para> 183 215 184 216 <screen role="root"><userinput>openjade -t sgml \ … … 186 218 test.sgm</userinput></screen> 187 219 188 <para>Finally, clean up:</para> 220 <para> 221 Finally, clean up: 222 </para> 189 223 190 224 <screen role="root"><userinput>rm jtest.rtf test.rtf c1.htm</userinput></screen> … … 217 251 <term><command>collateindex.pl</command></term> 218 252 <listitem> 219 <para>is a <application>Perl</application> script that creates a 220 DocBook index from raw index data.</para> 253 <para> 254 is a <application>Perl</application> script that creates a 255 DocBook index from raw index data. 256 </para> 221 257 <indexterm zone="docbook-dsssl collateindex.pl"> 222 258 <primary sortas="b-collateindex.pl">collateindex.pl</primary> -
pst/sgml/openjade.xml
r914049f6 r47274444 30 30 <title>Introduction to OpenJade</title> 31 31 32 <para>The <application>OpenJade</application> package contains a 33 DSSSL engine. This is useful for SGML and XML transformations into 34 RTF, TeX, SGML and XML.</para> 32 <para> 33 The <application>OpenJade</application> package contains a 34 DSSSL engine. This is useful for SGML and XML transformations into 35 RTF, TeX, SGML and XML. 36 </para> 35 37 36 38 &lfs91_checked; … … 39 41 <itemizedlist spacing="compact"> 40 42 <listitem> 41 <para>Download (HTTP): <ulink url="&openjade-download-http;"/></para> 42 </listitem> 43 <listitem> 44 <para>Download (FTP): <ulink url="&openjade-download-ftp;"/></para> 45 </listitem> 46 <listitem> 47 <para>Download MD5 sum: &openjade-md5sum;</para> 48 </listitem> 49 <listitem> 50 <para>Download size: &openjade-size;</para> 51 </listitem> 52 <listitem> 53 <para>Estimated disk space required: &openjade-buildsize;</para> 54 </listitem> 55 <listitem> 56 <para>Estimated build time: &openjade-time;</para> 43 <para> 44 Download (HTTP): <ulink url="&openjade-download-http;"/> 45 </para> 46 </listitem> 47 <listitem> 48 <para> 49 Download (FTP): <ulink url="&openjade-download-ftp;"/> 50 </para> 51 </listitem> 52 <listitem> 53 <para> 54 Download MD5 sum: &openjade-md5sum; 55 </para> 56 </listitem> 57 <listitem> 58 <para> 59 Download size: &openjade-size; 60 </para> 61 </listitem> 62 <listitem> 63 <para> 64 Estimated disk space required: &openjade-buildsize; 65 </para> 66 </listitem> 67 <listitem> 68 <para> 69 Estimated build time: &openjade-time; 70 </para> 57 71 </listitem> 58 72 </itemizedlist> … … 62 76 <listitem> 63 77 <para> 64 Required patch: 65 <ulinkurl="&patch-root;/openjade-&openjade-version;-upstream-1.patch"/>78 Required patch: <ulink 79 url="&patch-root;/openjade-&openjade-version;-upstream-1.patch"/> 66 80 </para> 67 81 </listitem> … … 71 85 72 86 <bridgehead renderas="sect4">Required</bridgehead> 73 <para role="required"><xref linkend="opensp"/></para> 87 <para role="required"> 88 <xref linkend="opensp"/> 89 </para> 74 90 75 91 <para condition="html" role="usernotes">User Notes: … … 81 97 <title>Installation of OpenJade</title> 82 98 83 <para>First fix problems when building with newer compilers:</para> 99 <para> 100 First fix problems when building with newer compilers: 101 </para> 84 102 85 103 <screen><userinput>patch -Np1 -i ../openjade-&openjade-version;-upstream-1.patch</userinput></screen> 86 104 87 <para>Now fix a compilation problem with perl-5.16 and later:</para> 105 <para> 106 Now fix a compilation problem with perl-5.16 and later: 107 </para> 88 108 89 109 <screen><userinput>sed -i -e '/getopts/{N;s#&G#g#;s#do .getopts.pl.;##;}' \ 90 110 -e '/use POSIX/ause Getopt::Std;' msggen.pl</userinput></screen> 91 111 92 <para>Install <application>OpenJade</application> by running the following 93 commands:</para> 112 <para> 113 Install <application>OpenJade</application> by running the following 114 commands: 115 </para> 94 116 95 117 <screen><userinput>export CXXFLAGS="$CXXFLAGS -fno-lifetime-dse" && … … 103 125 make</userinput></screen> 104 126 105 <para>This package does not come with a test suite.</para> 106 107 <para>Now, as the <systemitem class="username">root</systemitem> user:</para> 127 <para> 128 This package does not come with a test suite. 129 </para> 130 131 <para> 132 Now, as the <systemitem class="username">root</systemitem> user: 133 </para> 108 134 109 135 <!-- Be careful of spacing here --> … … 131 157 <title>Command Explanations</title> 132 158 133 <para><command>export CXXFLAGS=...</command>: This command prevents 134 segmentation faults when the package is compiled with 135 <application>gcc-6.1</application>.</para> 136 137 <para><command>make install-man</command>: This command installs the 138 <command>openjade</command> man page.</para> 139 140 <para><parameter>--disable-static</parameter>: This switch prevents 141 the building of the static library.</para> 142 143 <para><parameter>--enable-http</parameter>: This switch adds support 144 for HTTP.</para> 145 146 <para><parameter>--enable-default-catalog=/etc/sgml/catalog</parameter>: This 147 switch sets the path to the centralized catalog.</para> 148 149 <para><parameter>--enable-default-search-path</parameter>: This switch 150 sets the default value of <envar>SGML_SEARCH_PATH</envar>.</para> 151 152 <para> 153 <parameter>--datadir=/usr/share/sgml/openjade-&openjade-version;</parameter>: 154 This switch puts data files in 155 <filename>/usr/share/sgml/openjade-&openjade-version;</filename> instead of 156 <filename class="directory">/usr/share</filename>.</para> 157 158 <para><command>ln -v -sf ...</command>: These commands create the 159 <application>Jade</application> equivalents of 160 <application>OpenJade</application> executables and libraries.</para> 159 <para> 160 <command>export CXXFLAGS=...</command>: This command prevents 161 segmentation faults when the package is compiled with 162 <application>gcc-6.1</application>. 163 </para> 164 165 <para> 166 <command>make install-man</command>: This command installs the 167 <command>openjade</command> man page. 168 </para> 169 170 <para> 171 <parameter>--disable-static</parameter>: This switch prevents 172 the building of the static library. 173 </para> 174 175 <para> 176 <parameter>--enable-http</parameter>: This switch adds support 177 for HTTP. 178 </para> 179 180 <para> 181 <parameter>--enable-default-catalog=/etc/sgml/catalog</parameter>: This 182 switch sets the path to the centralized catalog. 183 </para> 184 185 <para> 186 <parameter>--enable-default-search-path</parameter>: This switch 187 sets the default value of <envar>SGML_SEARCH_PATH</envar>. 188 </para> 189 190 <para> 191 <parameter> 192 --datadir=/usr/share/sgml/openjade-&openjade-version;</parameter>: 193 This switch puts data files in 194 <filename>/usr/share/sgml/openjade-&openjade-version;</filename> instead 195 of <filename class="directory">/usr/share</filename>. 196 </para> 197 198 <para> 199 <command>ln -v -sf ...</command>: These commands create the 200 <application>Jade</application> equivalents of 201 <application>OpenJade</application> executables and libraries. 202 </para> 161 203 162 204 </sect2> … … 168 210 <title>Configuration Information</title> 169 211 170 <para>As the <systemitem class="username">root</systemitem> user:</para> 212 <para> 213 As the <systemitem class="username">root</systemitem> user: 214 </para> 171 215 172 216 <screen role="root"><userinput>echo "SYSTEM \"http://www.oasis-open.org/docbook/xml/&DocBook-version;/docbookx.dtd\" \ … … 174 218 /usr/share/sgml/openjade-&openjade-version;/catalog</userinput></screen> 175 219 176 <para>This configuration is only necessary if you intend to use 177 <application>OpenJade</application> to process the BLFS XML files through 178 DSSSL Stylesheets.</para> 220 <para> 221 This configuration is only necessary if you intend to use 222 <application>OpenJade</application> to process the BLFS XML files 223 through DSSSL Stylesheets. 224 </para> 179 225 180 226 </sect3> … … 208 254 <term><command>openjade</command></term> 209 255 <listitem> 210 <para>is a DSSSL engine used for transformations.</para> 256 <para> 257 is a DSSSL engine used for transformations. 258 </para> 211 259 <indexterm zone="openjade openjade-prog"> 212 260 <primary sortas="b-openjade">openjade</primary> … … 218 266 <term><command>jade</command></term> 219 267 <listitem> 220 <para>is a symlink to <command>openjade</command>.</para> 268 <para> 269 is a symlink to <command>openjade</command>. 270 </para> 221 271 <indexterm zone="openjade jade"> 222 272 <primary sortas="b-jade">jade</primary> -
pst/sgml/opensp.xml
r914049f6 r47274444 30 30 <title>Introduction to OpenSP</title> 31 31 32 <para>The <application>OpenSP</application> package contains a 33 <application>C++</application> library for using SGML/XML files. 34 This is useful for validating, parsing and manipulating SGML and XML 35 documents.</para> 32 <para> 33 The <application>OpenSP</application> package contains a 34 <application>C++</application> library for using SGML/XML files. 35 This is useful for validating, parsing and manipulating SGML and XML 36 documents. 37 </para> 36 38 37 39 &lfs91_checked; … … 40 42 <itemizedlist spacing="compact"> 41 43 <listitem> 42 <para>Download (HTTP): <ulink url="&opensp-download-http;"/></para> 43 </listitem> 44 <listitem> 45 <para>Download (FTP): <ulink url="&opensp-download-ftp;"/></para> 46 </listitem> 47 <listitem> 48 <para>Download MD5 sum: &opensp-md5sum;</para> 49 </listitem> 50 <listitem> 51 <para>Download size: &opensp-size;</para> 52 </listitem> 53 <listitem> 54 <para>Estimated disk space required: &opensp-buildsize;</para> 55 </listitem> 56 <listitem> 57 <para>Estimated build time: &opensp-time;</para> 44 <para> 45 Download (HTTP): <ulink url="&opensp-download-http;"/> 46 </para> 47 </listitem> 48 <listitem> 49 <para> 50 Download (FTP): <ulink url="&opensp-download-ftp;"/> 51 </para> 52 </listitem> 53 <listitem> 54 <para> 55 Download MD5 sum: &opensp-md5sum; 56 </para> 57 </listitem> 58 <listitem> 59 <para> 60 Download size: &opensp-size; 61 </para> 62 </listitem> 63 <listitem> 64 <para> 65 Estimated disk space required: &opensp-buildsize; 66 </para> 67 </listitem> 68 <listitem> 69 <para> 70 Estimated build time: &opensp-time; 71 </para> 58 72 </listitem> 59 73 </itemizedlist> … … 62 76 63 77 <bridgehead renderas="sect4">Required</bridgehead> 64 <para role="required"><xref linkend="sgml-common"/></para> 78 <para role="required"> 79 <xref linkend="sgml-common"/> 80 </para> 65 81 66 82 <bridgehead renderas="sect4">Optional</bridgehead> 67 <para role="optional"><xref linkend="xmlto"/></para> 83 <para role="optional"> 84 <xref linkend="xmlto"/> 85 </para> 68 86 69 87 <para condition="html" role="usernotes">User Notes: … … 75 93 <title>Installation of OpenSP</title> 76 94 77 <para>Install <application>OpenSP</application> by running the following 78 commands:</para> 95 <para> 96 Install <application>OpenSP</application> by running the following 97 commands: 98 </para> 79 99 80 100 <screen><userinput>sed -i 's/32,/253,/' lib/Syntax.cxx && … … 91 111 make pkgdatadir=/usr/share/sgml/OpenSP-&opensp-version;</userinput></screen> 92 112 93 <para>To test the results, issue: <command>make check</command>. As many as 94 nine of the 23 tests may fail. Do not be alarmed.</para> 95 96 <para>Now, as the <systemitem class="username">root</systemitem> user:</para> 113 <para> 114 To test the results, issue: <command>make check</command>. As many as 115 nine of the 23 tests may fail. Do not be alarmed. 116 </para> 117 118 <para> 119 Now, as the <systemitem class="username">root</systemitem> user: 120 </para> 97 121 98 122 <screen role="root"><userinput>make pkgdatadir=/usr/share/sgml/OpenSP-&opensp-version; \ … … 114 138 <title>Command Explanations</title> 115 139 116 <para><command>sed -i 's/32,/253,/...unicode.syn}</command>: 117 These seds prevent some annoying messages that may otherwise appear 118 while running <command>openjade</command>.</para> 140 <para> 141 <command>sed -i 's/32,/253,/...unicode.syn}</command>: 142 These seds prevent some annoying messages that may otherwise appear 143 while running <command>openjade</command>. 144 </para> 119 145 120 146 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" 121 147 href="../../xincludes/static-libraries.xml"/> 122 148 123 <para><parameter>--enable-http</parameter>: This switch adds support 124 for HTTP.</para> 125 126 <para><parameter>--disable-doc-build</parameter>: This switch prevents the 127 <command>configure</command> script checking if you have 128 <application>xmlto</application> installed. If you have 129 <application>xmlto</application>, you can remove this option.</para> 130 131 <para><parameter>--enable-default-catalog=/etc/sgml/catalog</parameter>: 132 This switch sets the path to the centralized catalog.</para> 133 134 <para><parameter>--enable-default-search-path</parameter>: This switch 135 sets the default value of <envar>SGML_SEARCH_PATH</envar>.</para> 136 137 <para><option>--enable-xml-messages</option>: This switch adds 138 support for XML Formatted Messages.</para> 139 140 <para><command>make 141 pkgdatadir=/usr/share/sgml/OpenSP-&opensp-version;</command>: This sets the 142 pkgdatadir variable in the <filename>Makefile</filename> from 143 <filename class="directory">/usr/share/OpenSP</filename> to <filename 144 class="directory">/usr/share/sgml/OpenSP-&opensp-version;</filename>.</para> 145 146 <para><command>ln -v -sf ...</command>: These commands create the 147 <application>SP</application> equivalents of 148 <application>OpenSP</application> executables and libraries.</para> 149 <para> 150 <parameter>--enable-http</parameter>: This switch adds support 151 for HTTP. 152 </para> 153 154 <para> 155 <parameter>--disable-doc-build</parameter>: This switch prevents the 156 <command>configure</command> script checking if you have 157 <application>xmlto</application> installed. If you have 158 <application>xmlto</application>, you can remove this option. 159 </para> 160 161 <para> 162 <parameter>--enable-default-catalog=/etc/sgml/catalog</parameter>: 163 This switch sets the path to the centralized catalog. 164 </para> 165 166 <para> 167 <parameter>--enable-default-search-path</parameter>: This switch 168 sets the default value of <envar>SGML_SEARCH_PATH</envar>. 169 </para> 170 171 <para> 172 <option>--enable-xml-messages</option>: This switch adds 173 support for XML Formatted Messages. 174 </para> 175 176 <para> 177 <command> 178 make pkgdatadir=/usr/share/sgml/OpenSP-&opensp-version; 179 </command>: This sets the 180 pkgdatadir variable in the <filename>Makefile</filename> from 181 <filename class="directory">/usr/share/OpenSP</filename> to <filename 182 class="directory">/usr/share/sgml/OpenSP-&opensp-version;</filename>. 183 </para> 184 185 <para> 186 <command>ln -v -sf ...</command>: These commands create the 187 <application>SP</application> equivalents of 188 <application>OpenSP</application> executables and libraries. 189 </para> 149 190 150 191 </sect2> … … 177 218 <term><command>onsgmls</command></term> 178 219 <listitem> 179 <para>is used to process SGML files.</para> 220 <para> 221 is used to process SGML files. 222 </para> 180 223 <indexterm zone="opensp onsgmls"> 181 224 <primary sortas="b-onsgmls">onsgmls</primary> … … 187 230 <term><command>osgmlnorm</command></term> 188 231 <listitem> 189 <para>prints on the standard output a normalized document instance 190 for the SGML document contained in the concatenation of the entities 191 with system identifiers .nf and .fi.</para> 232 <para> 233 prints on the standard output a normalized document instance for 234 the SGML document contained in the concatenation of the entities 235 with system identifiers .nf and .fi. 236 </para> 192 237 <indexterm zone="opensp osgmlnorm"> 193 238 <primary sortas="b-osgmlnorm">osgmlnorm</primary> … … 199 244 <term><command>ospam</command></term> 200 245 <listitem> 201 <para>is a markup stream editor.</para> 246 <para> 247 is a markup stream editor. 248 </para> 202 249 <indexterm zone="opensp ospam"> 203 250 <primary sortas="b-ospam">ospam</primary> … … 209 256 <term><command>ospcat</command></term> 210 257 <listitem> 211 <para>prints effective system identifiers found in the catalogs.</para> 258 <para> 259 prints effective system identifiers found in the catalogs. 260 </para> 212 261 <indexterm zone="opensp ospcat"> 213 262 <primary sortas="b-ospcat">ospcat</primary> … … 219 268 <term><command>ospent</command></term> 220 269 <listitem> 221 <para>provides access to <application>OpenSP</application>'s 222 entity manager.</para> 270 <para> 271 provides access to <application>OpenSP</application>'s 272 entity manager. 273 </para> 223 274 <indexterm zone="opensp ospent"> 224 275 <primary sortas="b-ospent">ospent</primary> … … 230 281 <term><command>osx</command></term> 231 282 <listitem> 232 <para>is an SGML normalizer or used to convert 233 SGML files to XML files.</para> 283 <para> 284 is an SGML normalizer or used to convert 285 SGML files to XML files. 286 </para> 234 287 <indexterm zone="opensp osx"> 235 288 <primary sortas="b-osx">osx</primary> … … 241 294 <term><command>nsgmls</command></term> 242 295 <listitem> 243 <para>is a symlink to <command>onsgmls</command>.</para> 296 <para> 297 is a symlink to <command>onsgmls</command>. 298 </para> 244 299 <indexterm zone="opensp nsgmls"> 245 300 <primary sortas="b-nsgmls">nsgmls</primary> … … 251 306 <term><command>sgml2xml</command></term> 252 307 <listitem> 253 <para>is a symlink to <command>osx</command>.</para> 308 <para> 309 is a symlink to <command>osx</command>. 310 </para> 254 311 <indexterm zone="opensp sgml2xml"> 255 312 <primary sortas="b-sgml2xml">sgml2xml</primary> … … 261 318 <term><command>sgmlnorm</command></term> 262 319 <listitem> 263 <para>is a symlink to <command>osgmlnorm</command>.</para> 320 <para> 321 is a symlink to <command>osgmlnorm</command>. 322 </para> 264 323 <indexterm zone="opensp sgmlnorm"> 265 324 <primary sortas="b-sgmlnorm">sgmlnorm</primary> … … 271 330 <term><command>spam</command></term> 272 331 <listitem> 273 <para>is a symlink to <command>ospam</command>.</para> 332 <para> 333 is a symlink to <command>ospam</command>. 334 </para> 274 335 <indexterm zone="opensp spam"> 275 336 <primary sortas="b-spam">spam</primary> … … 281 342 <term><command>spcat</command></term> 282 343 <listitem> 283 <para>is a symlink to <command>ospcat</command>.</para> 344 <para> 345 is a symlink to <command>ospcat</command>. 346 </para> 284 347 <indexterm zone="opensp spcat"> 285 348 <primary sortas="b-spcat">spcat</primary> … … 291 354 <term><command>spent</command></term> 292 355 <listitem> 293 <para>is a symlink to <command>ospent</command>.</para> 356 <para> 357 is a symlink to <command>ospent</command>. 358 </para> 294 359 <indexterm zone="opensp spent"> 295 360 <primary sortas="b-spent">spent</primary> … … 301 366 <term><command>sx</command></term> 302 367 <listitem> 303 <para>is a symlink to <command>osx</command>.</para> 368 <para> 369 is a symlink to <command>osx</command>. 370 </para> 304 371 <indexterm zone="opensp sx"> 305 372 <primary sortas="b-sx">sx</primary> … … 311 378 <term><filename class='libraryfile'>libosp.so</filename></term> 312 379 <listitem> 313 <para>contains functions required by the 314 <application>OpenSP</application> programs to parse, validate and 315 manipulate SGML and XML files.</para> 380 <para> 381 contains functions required by the 382 <application>OpenSP</application> programs to parse, validate and 383 manipulate SGML and XML files. 384 </para> 316 385 <indexterm zone="opensp libosp"> 317 386 <primary sortas="c-libosp">libosp.so</primary> … … 323 392 <term><filename class='libraryfile'>libsp.so</filename></term> 324 393 <listitem> 325 <para>is a symlink to 326 <filename class='libraryfile'>libosp.so</filename>.</para> 394 <para> 395 is a symlink to 396 <filename class='libraryfile'>libosp.so</filename>. 397 </para> 327 398 <indexterm zone="opensp libsp"> 328 399 <primary sortas="c-libsp">libsp.so</primary> -
pst/sgml/sgml-dtd-3.xml
r914049f6 r47274444 31 31 <title>Introduction to DocBook SGML DTD</title> 32 32 33 <para>The <application>DocBook SGML DTD</application> package contains 34 document type definitions for verification of SGML data files against 35 the DocBook rule set. These are useful for structuring books and software 36 documentation to a standard allowing you to utilize transformations 37 already written for that standard.</para> 33 <para> 34 The <application>DocBook SGML DTD</application> package contains 35 document type definitions for verification of SGML data files against 36 the DocBook rule set. These are useful for structuring books and software 37 documentation to a standard allowing you to utilize transformations 38 already written for that standard. 39 </para> 38 40 39 41 &lfs91_checked; … … 42 44 <itemizedlist spacing="compact"> 43 45 <listitem> 44 <para>Download (HTTP): <ulink url="&sgml-dtd-3-download-http;"/></para> 45 </listitem> 46 <listitem> 47 <para>Download (FTP): <ulink url="&sgml-dtd-3-download-ftp;"/></para> 48 </listitem> 49 <listitem> 50 <para>Download MD5 sum: &sgml-dtd-3-md5sum;</para> 51 </listitem> 52 <listitem> 53 <para>Download size: &sgml-dtd-3-size;</para> 54 </listitem> 55 <listitem> 56 <para>Estimated disk space required: &sgml-dtd-3-buildsize;</para> 57 </listitem> 58 <listitem> 59 <para>Estimated build time: &sgml-dtd-3-time;</para> 46 <para> 47 Download (HTTP): <ulink url="&sgml-dtd-3-download-http;"/> 48 </para> 49 </listitem> 50 <listitem> 51 <para> 52 Download (FTP): <ulink url="&sgml-dtd-3-download-ftp;"/> 53 </para> 54 </listitem> 55 <listitem> 56 <para> 57 Download MD5 sum: &sgml-dtd-3-md5sum; 58 </para> 59 </listitem> 60 <listitem> 61 <para> 62 Download size: &sgml-dtd-3-size; 63 </para> 64 </listitem> 65 <listitem> 66 <para> 67 Estimated disk space required: &sgml-dtd-3-buildsize; 68 </para> 69 </listitem> 70 <listitem> 71 <para> 72 Estimated build time: &sgml-dtd-3-time; 73 </para> 60 74 </listitem> 61 75 </itemizedlist> … … 64 78 65 79 <bridgehead renderas="sect4">Required</bridgehead> 66 <para role="required"><xref linkend="sgml-common"/> and 67 <xref linkend="unzip"/></para> 80 <para role="required"> 81 <xref linkend="sgml-common"/> and 82 <xref linkend="unzip"/> 83 </para> 68 84 69 85 <para condition="html" role="usernotes">User Notes: … … 78 94 href="../../xincludes/use-unzip.xml"/> 79 95 80 <para>Install <application>DocBook SGML DTD</application> by running 81 the following commands:</para> 96 <para> 97 Install <application>DocBook SGML DTD</application> by running 98 the following commands: 99 </para> 82 100 83 101 <screen><userinput>sed -i -e '/ISO 8879/d' \ … … 85 103 docbook.cat</userinput></screen> 86 104 87 <para>This package does not come with a test suite.</para> 88 89 <para>Now, as the <systemitem class="username">root</systemitem> user:</para> 105 <para> 106 This package does not come with a test suite. 107 </para> 108 109 <para> 110 Now, as the <systemitem class="username">root</systemitem> user: 111 </para> 90 112 91 113 <screen role="root"><userinput>install -v -d -m755 /usr/share/sgml/docbook/sgml-dtd-&sgml-dtd-3-version; && … … 105 127 <title>Command Explanations</title> 106 128 107 <para><command>sed -i -e '/ISO 8879/d' docbook.cat</command>: This command 108 removes the ENT definitions from the catalog file.</para> 109 110 <para><command>sed -i -e 's|DTDDECL 111 "-//OASIS//DTD Docbook V&sgml-dtd-3-version;//EN"|SGMLDECL|g' 112 docbook.cat</command>: This command replaces the DTDDECL catalog entry, 113 which is not supported by Linux SGML tools, with the SGMLDECL catalog 114 entry.</para> 129 <para> 130 <command>sed -i -e '/ISO 8879/d' docbook.cat</command>: This command 131 removes the ENT definitions from the catalog file. 132 </para> 133 134 <para> 135 <command>sed -i -e 's|DTDDECL 136 "-//OASIS//DTD Docbook V&sgml-dtd-3-version;//EN"|SGMLDECL|g' 137 docbook.cat</command>: This command replaces the DTDDECL catalog entry, 138 which is not supported by Linux SGML tools, with the SGMLDECL catalog 139 entry. 140 </para> 115 141 116 142 </sect2> … … 122 148 <title>Config Files</title> 123 149 124 <para><filename>/etc/sgml/catalog</filename></para> 150 <para> 151 <filename>/etc/sgml/catalog</filename> 152 </para> 125 153 126 154 <indexterm zone="sgml-dtd-3 sgml-dtd-3-config"> … … 133 161 <title>Configuration Information</title> 134 162 135 <para>The above installation script updates the catalog.</para> 136 137 <para>Using only the most current 3.x version of <application>DocBook 138 SGML DTD</application> requires the following (perform as the 139 <systemitem class="username">root</systemitem> user):</para> 163 <para> 164 The above installation script updates the catalog. 165 </para> 166 167 <para> 168 Using only the most current 3.x version of <application>DocBook 169 SGML DTD</application> requires the following (perform as the 170 <systemitem class="username">root</systemitem> user): 171 </para> 140 172 141 173 <screen role="root"><userinput>cat >> /usr/share/sgml/docbook/sgml-dtd-&sgml-dtd-3-version;/catalog << "EOF" … … 176 208 <term><filename>SGML DTD files</filename></term> 177 209 <listitem> 178 <para>contain a document type definition which defines the element 179 types and the attribute lists that can be used in the corresponding 180 SGML files.</para> 210 <para> 211 contains a document type definition which defines the element 212 types and the attribute lists that can be used in the corresponding 213 SGML files. 214 </para> 181 215 <indexterm zone="sgml-dtd-3 SGML-DTD-files"> 182 216 <primary sortas="g-SGML-DTD-files">SGML DTD files</primary> … … 188 222 <term><filename>SGML MOD files</filename></term> 189 223 <listitem> 190 <para>contain components of the document type definition that are 191 sourced into the <filename>DTD</filename> files.</para> 224 <para> 225 contains components of the document type definition that are 226 sourced into the <filename>DTD</filename> files. 227 </para> 192 228 <indexterm zone="sgml-dtd-3 SGML-MOD-files"> 193 229 <primary sortas="g-SGML-MOD-files">SGML MOD files</primary> -
pst/sgml/sgml-dtd.xml
r914049f6 r47274444 31 31 <title>Introduction to DocBook SGML DTD</title> 32 32 33 <para>The <application>DocBook SGML DTD</application> package contains 34 document type definitions for verification of SGML data files against the 35 DocBook rule set. These are useful for structuring books and software 36 documentation to a standard allowing you to utilize transformations 37 already written for that standard.</para> 33 <para> 34 The <application>DocBook SGML DTD</application> package contains 35 document type definitions for verification of SGML data files against the 36 DocBook rule set. These are useful for structuring books and software 37 documentation to a standard allowing you to utilize transformations 38 already written for that standard. 39 </para> 38 40 39 41 &lfs91_checked; … … 42 44 <itemizedlist spacing="compact"> 43 45 <listitem> 44 <para>Download (HTTP): <ulink url="&sgml-dtd-download-http;"/></para> 45 </listitem> 46 <listitem> 47 <para>Download (FTP): <ulink url="&sgml-dtd-download-ftp;"/></para> 48 </listitem> 49 <listitem> 50 <para>Download MD5 sum: &sgml-dtd-md5sum;</para> 51 </listitem> 52 <listitem> 53 <para>Download size: &sgml-dtd-size;</para> 54 </listitem> 55 <listitem> 56 <para>Estimated disk space required: &sgml-dtd-buildsize;</para> 57 </listitem> 58 <listitem> 59 <para>Estimated build time: &sgml-dtd-time;</para> 46 <para> 47 Download (HTTP): <ulink url="&sgml-dtd-download-http;"/> 48 </para> 49 </listitem> 50 <listitem> 51 <para> 52 Download (FTP): <ulink url="&sgml-dtd-download-ftp;"/> 53 </para> 54 </listitem> 55 <listitem> 56 <para> 57 Download MD5 sum: &sgml-dtd-md5sum; 58 </para> 59 </listitem> 60 <listitem> 61 <para> 62 Download size: &sgml-dtd-size; 63 </para> 64 </listitem> 65 <listitem> 66 <para> 67 Estimated disk space required: &sgml-dtd-buildsize; 68 </para> 69 </listitem> 70 <listitem> 71 <para> 72 Estimated build time: &sgml-dtd-time; 73 </para> 60 74 </listitem> 61 75 </itemizedlist> … … 64 78 65 79 <bridgehead renderas="sect4">Required</bridgehead> 66 <para role="required"><xref linkend="sgml-common"/> and 67 <xref linkend="unzip"/></para> 80 <para role="required"> 81 <xref linkend="sgml-common"/> and 82 <xref linkend="unzip"/> 83 </para> 68 84 69 85 <para condition="html" role="usernotes">User Notes: … … 78 94 href="../../xincludes/use-unzip.xml"/> 79 95 80 <para>Install <application>DocBook SGML DTD</application> by running 81 the following commands:</para> 96 <para> 97 Install <application>DocBook SGML DTD</application> by running 98 the following commands: 99 </para> 82 100 83 101 <screen><userinput>sed -i -e '/ISO 8879/d' \ 84 102 -e '/gml/d' docbook.cat</userinput></screen> 85 103 86 <para>This package does not come with a test suite.</para> 87 88 <para>Now, as the <systemitem class="username">root</systemitem> user:</para> 104 <para> 105 This package does not come with a test suite. 106 </para> 107 108 <para> 109 Now, as the <systemitem class="username">root</systemitem> user: 110 </para> 89 111 90 112 <screen role="root"><userinput>install -v -d /usr/share/sgml/docbook/sgml-dtd-&sgml-dtd-version; && … … 105 127 <title>Command Explanations</title> 106 128 107 <para><command>sed -i -e '/ISO 8879/d' -e '/gml/d' docbook.cat</command>: 108 This command removes the ENT definitions from the catalog file.</para> 129 <para> 130 <command>sed -i -e '/ISO 8879/d' -e '/gml/d' docbook.cat</command>: 131 This command removes the ENT definitions from the catalog file. 132 </para> 109 133 110 134 </sect2> … … 116 140 <title>Config Files</title> 117 141 118 <para><filename>/etc/sgml/catalog</filename></para> 142 <para> 143 <filename>/etc/sgml/catalog</filename> 144 </para> 119 145 120 146 <indexterm zone="sgml-dtd sgml-dtd-config"> … … 127 153 <title>Configuration Information</title> 128 154 129 <para>The above installation script updates the catalog.</para> 130 131 <para>Using only the most current 4.x version of <application>DocBook 132 SGML DTD</application> requires the following (perform as the 133 <systemitem class="username">root</systemitem> user):</para> 155 <para> 156 The above installation script updates the catalog. 157 </para> 158 159 <para> 160 Using only the most current 4.x version of <application>DocBook 161 SGML DTD</application> requires the following (perform as the 162 <systemitem class="username">root</systemitem> user): 163 </para> 134 164 135 165 <screen role="root"><userinput>cat >> /usr/share/sgml/docbook/sgml-dtd-&sgml-dtd-version;/catalog << "EOF" … … 174 204 <term><filename>SGML DTD files</filename></term> 175 205 <listitem> 176 <para>contain a document type definition which defines the element 177 types and the attribute lists that can be used in the corresponding 178 SGML files.</para> 206 <para> 207 contains a document type definition which defines the element 208 types and the attribute lists that can be used in the corresponding 209 SGML files. 210 </para> 179 211 <indexterm zone="sgml-dtd SGML-DTD-files-4"> 180 212 <primary sortas="g-SGML-DTD-files">SGML DTD files</primary> … … 186 218 <term><filename>SGML MOD files</filename></term> 187 219 <listitem> 188 <para>contain components of the document type definition that are 189 sourced into the <filename>DTD</filename> files.</para> 220 <para> 221 contains components of the document type definition that are 222 sourced into the <filename>DTD</filename> files. 223 </para> 190 224 <indexterm zone="sgml-dtd SGML-MOD-files-4"> 191 225 <primary sortas="g-SGML-MOD-files">SGML MOD files</primary> -
pst/xml/docbook-xsl.xml
r914049f6 r47274444 38 38 <title>Introduction to DocBook XSL Stylesheets</title> 39 39 40 <para>The <application>DocBook XSL Stylesheets</application> 41 package contains XSL stylesheets. These are useful for 42 performing transformations on XML DocBook files.</para> 40 <para> 41 The <application>DocBook XSL Stylesheets</application> 42 package contains XSL stylesheets. These are useful for 43 performing transformations on XML DocBook files. 44 </para> 43 45 44 46 &lfs91_checked; … … 47 49 <itemizedlist spacing="compact"> 48 50 <listitem> 49 <para>Download (HTTP): <ulink url="&docbook-xsl-download-http;"/></para> 50 </listitem> 51 <listitem> 52 <para>Download (FTP): <ulink url="&docbook-xsl-download-ftp;"/></para> 53 </listitem> 54 <listitem> 55 <para>Download MD5 sum: &docbook-xsl-md5sum;</para> 56 </listitem> 57 <listitem> 58 <para>Download size: &docbook-xsl-size;</para> 59 </listitem> 60 <listitem> 61 <para>Estimated disk space required: &docbook-xsl-buildsize;</para> 62 </listitem> 63 <listitem> 64 <para>Estimated build time: &docbook-xsl-time;</para> 51 <para> 52 Download (HTTP): <ulink url="&docbook-xsl-download-http;"/> 53 </para> 54 </listitem> 55 <listitem> 56 <para> 57 Download (FTP): <ulink url="&docbook-xsl-download-ftp;"/> 58 </para> 59 </listitem> 60 <listitem> 61 <para> 62 Download MD5 sum: &docbook-xsl-md5sum; 63 </para> 64 </listitem> 65 <listitem> 66 <para> 67 Download size: &docbook-xsl-size; 68 </para> 69 </listitem> 70 <listitem> 71 <para> 72 Estimated disk space required: &docbook-xsl-buildsize; 73 </para> 74 </listitem> 75 <listitem> 76 <para> 77 Estimated build time: &docbook-xsl-time; 78 </para> 65 79 </listitem> 66 80 </itemizedlist> … … 69 83 <itemizedlist spacing='compact'> 70 84 <listitem> 71 <para>Required patch: <ulink 72 url="&patch-root;/docbook-xsl-nons-&docbook-xsl-version;-stack_fix-1.patch"/> 73 </para> 85 <para> 86 Required patch: <ulink url= 87 "&patch-root;/docbook-xsl-nons-&docbook-xsl-version;-stack_fix-1.patch"/> 88 </para> 74 89 </listitem> 75 90 </itemizedlist> … … 78 93 <title>Optional documentation</title> 79 94 <listitem> 80 <para>Download (HTTP): <ulink url="&docbook-xsl-doc-download;"/></para> 81 </listitem> 82 <listitem> 83 <para>Download MD5 sum: &docbook-xsl-doc-md5sum;</para> 84 </listitem> 85 <listitem> 86 <para>Download size: &docbook-xsl-doc-size;</para> 95 <para> 96 Download (HTTP): <ulink url="&docbook-xsl-doc-download;"/> 97 </para> 98 </listitem> 99 <listitem> 100 <para> 101 Download MD5 sum: &docbook-xsl-doc-md5sum; 102 </para> 103 </listitem> 104 <listitem> 105 <para> 106 Download size: &docbook-xsl-doc-size; 107 </para> 87 108 </listitem> 88 109 </itemizedlist> … … 91 112 92 113 <bridgehead renderas="sect4">Recommended (at runtime)</bridgehead> 93 <para role="recommended"><xref role="runtime" linkend="libxml2"/></para> 114 <para role="recommended"> 115 <xref role="runtime" linkend="libxml2"/> 116 </para> 94 117 95 118 <bridgehead renderas="sect4">Optional (all used at runtime)</bridgehead> … … 122 145 <title>Installation of DocBook XSL Stylesheets</title> 123 146 124 <para>First, fix a problem that causes stack overflows when doing recursion:</para> 147 <para> 148 First, fix a problem that causes stack overflows when doing recursion: 149 </para> 125 150 126 151 <screen><userinput>patch -Np1 -i ../docbook-xsl-nons-&docbook-xsl-version;-stack_fix-1.patch</userinput></screen> 127 152 128 <para>If you downloaded the optional documentation tarball, unpack it 129 with the following command:</para> 153 <para> 154 If you downloaded the optional documentation tarball, unpack it 155 with the following command: 156 </para> 130 157 131 158 <screen><userinput>tar -xf ../docbook-xsl-doc-&docbook-xsl-version;.tar.bz2 --strip-components=1</userinput></screen> 132 159 133 <para>BLFS does not install the required packages to run the test suite 134 and provide meaningful results.</para> 135 136 <para>Install <application>DocBook XSL Stylesheets</application> 137 by running the following commands as the 138 <systemitem class="username">root</systemitem> user:</para> 160 <para> 161 BLFS does not install the required packages to run the test suite 162 and provide meaningful results. 163 </para> 164 165 <para> 166 Install <application>DocBook XSL Stylesheets</application> 167 by running the following commands as the 168 <systemitem class="username">root</systemitem> user: 169 </para> 139 170 140 171 <screen role="root"><userinput>install -v -m755 -d /usr/share/xml/docbook/xsl-stylesheets-nons-&docbook-xsl-version; && … … 153 184 /usr/share/doc/docbook-xsl-nons-&docbook-xsl-version;</userinput></screen> 154 185 155 <para>If you downloaded the optional documentation tarball, install the 156 documentation by issuing the following command as the 157 <systemitem class="username">root</systemitem> user:</para> 186 <para> 187 If you downloaded the optional documentation tarball, install the 188 documentation by issuing the following command as the 189 <systemitem class="username">root</systemitem> user: 190 </para> 158 191 159 192 <screen role="root"><userinput>cp -v -R doc/* /usr/share/doc/docbook-xsl-nons-&docbook-xsl-version;</userinput></screen> … … 167 200 <title>Config Files</title> 168 201 169 <para><filename>/etc/xml/catalog</filename></para> 202 <para> 203 <filename>/etc/xml/catalog</filename> 204 </para> 170 205 171 206 <indexterm zone="docbook-xsl docbook-xsl-config"> … … 179 214 180 215 <note> 181 <para>If you are installing the current version of docbook-xsl-nons 182 over a previous version of docbook-xsl, then remove the old 183 rewrite entries in the catalog as the <systemitem 184 class="username">root</systemitem> user:</para> 216 <para> 217 If you are installing the current version of docbook-xsl-nons 218 over a previous version of docbook-xsl, then remove the old 219 rewrite entries in the catalog as the <systemitem 220 class="username">root</systemitem> user: 221 </para> 185 222 186 223 <screen role="nodump"><userinput>sed -i '/rewrite/d' /etc/xml/catalog</userinput></screen> 187 224 </note> 188 225 189 <para>Create (or append) and populate the XML catalog file using the 190 following commands as the <systemitem class="username">root</systemitem> 191 user:</para> 226 <para> 227 Create (or append) and populate the XML catalog file using the 228 following commands as the <systemitem 229 class="username">root</systemitem> user: 230 </para> 192 231 193 232 <screen role="root"><userinput>if [ ! -d /etc/xml ]; then install -v -m755 -d /etc/xml; fi && … … 226 265 /etc/xml/catalog</userinput></screen> 227 266 228 <para>Occasionally, you may find the need to install other versions of 229 the XSL stylesheets as some projects reference a specific version. One 230 example is BLFS-6.0, which required the 1.67.2 version. In these instances 231 you should install any other required version in its own versioned 232 directory and create catalog entries as follows (substitute the desired 233 version number for <replaceable><version></replaceable>):</para> 267 <para> 268 Occasionally, you may find the need to install other versions of the 269 XSL stylesheets as some projects reference a specific version. One 270 example is BLFS-6.0, which required the 1.67.2 version. In these 271 instances you should install any other required version in its own 272 versioned directory and create catalog entries as follows (substitute 273 the desired version number for 274 <replaceable><version></replaceable>): 275 </para> 234 276 235 277 <screen role="nodump"><userinput>xmlcatalog --noout --add "rewriteSystem" \ -
server/mail/dovecot.xml
r914049f6 r47274444 287 287 <phrase revision="systemd">Systemd Unit</phrase></title> 288 288 289 <para revision="sysv">If you want the <application>Dovecot</application> 290 server to start automatically when the system is booted, install the 291 <filename>/etc/rc.d/init.d/dovecot</filename> init script included in the 292 <xref linkend="bootscripts"/> package.</para> 293 294 <para revision="systemd">To start the <command>dovecot</command> 295 daemon at boot, enable the previously installed systemd unit with the 296 following command:</para> 289 <para revision="sysv"> 290 If you want the <application>Dovecot</application> 291 server to start automatically when the system is booted, install the 292 <filename>/etc/rc.d/init.d/dovecot</filename> init script included in 293 the <xref linkend="bootscripts"/> package. 294 </para> 295 296 <para revision="systemd"> 297 To start the <command>dovecot</command> 298 daemon at boot, enable the previously installed systemd unit with the 299 following command: 300 </para> 297 301 298 302 <indexterm zone="dovecot dovecot-init">
Note:
See TracChangeset
for help on using the changeset viewer.