Changeset 8558044 for postlfs/security

Timestamp:

09/06/2021 05:42:49 PM (3 years ago)

Author:

Pierre Labastie <pierre.labastie@…>

Branches:

11.1, 11.2, 11.3, 12.0, 12.1, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal

Children:

fef4473

Parents:

7999839

Message:

Remove spaces at the end of lines

I know it is somewhat useless, but I don't like them for
two reasons: first they cannot be seen, and I do not like things I
cannot see. Second, git highlights them, and this is disturbing...

Location:

postlfs/security

Files:

• cryptsetup.xml (modified) (6 diffs)
• gnupg2.xml (modified) (1 diff)
• gnutls.xml (modified) (1 diff)
• iptables.xml (modified) (4 diffs)
• libcap.xml (modified) (2 diffs)
• liboauth.xml (modified) (1 diff)
• libpwquality.xml (modified) (2 diffs)
• linux-pam.xml (modified) (2 diffs)
• make-ca.xml (modified) (1 diff)
• mitkrb.xml (modified) (4 diffs)
• nss.xml (modified) (4 diffs)
• openssh.xml (modified) (2 diffs)
• p11-kit.xml (modified) (1 diff)
• polkit.xml (modified) (3 diffs)
• shadow.xml (modified) (3 diffs)
• stunnel.xml (modified) (1 diff)
• sudo.xml (modified) (2 diffs)
• tripwire.xml (modified) (2 diffs)
• volume_key.xml (modified) (1 diff)

postlfs/security/cryptsetup.xml

@@ -31 +31 @@
     <para>
       cryptsetup is used to set up transparent encryption of block devices
-      using the kernel crypto API. 
+      using the kernel crypto API.
     </para>
 
@@ -112 +112 @@
     </para>
 
-<screen><literal>Device Drivers  ---&gt;          
+<screen><literal>Device Drivers  ---&gt;
   [*] Multiple devices driver support (RAID and LVM) ---&gt; [CONFIG_MD]
        &lt;*/M&gt; Device mapper support                        [CONFIG_BLK_DEV_DM]
        &lt;*/M&gt; Crypt target support                         [CONFIG_DM_CRYPT]
 
-Cryptographic API  ---&gt;                                    
+Cryptographic API  ---&gt;
   &lt;*/M&gt; XTS support                                       [CONFIG_CRYPTO_XTS]
   &lt;*/M&gt; SHA224 and SHA256 digest algorithm                [CONFIG_CRYPTO_SHA256]
@@ -137 +137 @@
 <!-- No longer needed with 2.3.2
     <para>
-      First, apply a patch to fix a build problem caused by API changes in 
+      First, apply a patch to fix a build problem caused by API changes in
       <xref role="nodep" linkend="json-c"/>:
     </para>
@@ -156 +156 @@
       class="username">root</systemitem> user: <command>make check</command>.
       Some tests will fail if appropriate kernel configuration options are not
-      set. Some additional options that may be needed for tests are: 
+      set. Some additional options that may be needed for tests are:
       CONFIG_SCSI_LOWLEVEL,
       CONFIG_SCSI_DEBUG,
@@ -174 +174 @@
       CONFIG_CRYPTO_SERPENT_AVX_X86_64,
       CONFIG_CRYPTO_SERPENT_AVX2_X86_64, and
-      CONFIG_CRYPTO_TWOFISH_X86_64.  
-      <!--I still had 5 of 19 tests fail after adding the above crypto options in the 
+      CONFIG_CRYPTO_TWOFISH_X86_64.
+      <!--I still had 5 of 19 tests fail after adding the above crypto options in the
       kernel.  bdubbs -->
     </para>
@@ -224 +224 @@
         </seg>
         <seg>
-          None          
+          None
         </seg>
       </seglistitem>

postlfs/security/gnupg2.xml

@@ -236 +236 @@
       <seglistitem>
         <seg>addgnupghome, applygnupgdefaults, dirmngr, dirmngr-client, g13
-        (optional), gpg-agent, gpg-connect-agent, gpg, gpgconf, gpgparsemail, 
-        gpgscm, gpgsm, gpgsplit, gpgtar, gpgv, gpg-wks-server, gpg-zip, kbxutil, 
+        (optional), gpg-agent, gpg-connect-agent, gpg, gpgconf, gpgparsemail,
+        gpgscm, gpgsm, gpgsplit, gpgtar, gpgv, gpg-wks-server, gpg-zip, kbxutil,
         <!--symcryptrun,--> and watchgnupg</seg>
         <seg>None</seg>

postlfs/security/gnutls.xml

@@ -110 +110 @@
       <xref linkend="gtk-doc"/>,
       <xref linkend="guile"/>,
-      <xref linkend="libidn"/> or 
+      <xref linkend="libidn"/> or
       <xref linkend="libidn2"/>,
       <xref linkend="libseccomp"/>,

postlfs/security/iptables.xml

@@ -81 +81 @@
       (required for connlabel support),
       <ulink url="https://netfilter.org/projects/libnetfilter_conntrack/">libnetfilter_conntrack</ulink>
-      (required for connlabel support), and 
+      (required for connlabel support), and
       <ulink url="https://netfilter.org/projects/nftables/">nftables</ulink>
     </para>
@@ -638 +638 @@
 
     </sect3>
- 
+
     <sect3 id="fw-busybox-ipt" xreflabel="Creating a BusyBox With iptables">
       <title>BusyBox</title>
@@ -853 +853 @@
       <seglistitem>
         <seg>
-          ip6tables, 
+          ip6tables,
           ip6tables-apply,
           ip6tables-legacy,
           ip6tables-legacy-restore,
           ip6tables-legacy-save,
-          ip6tables-restore, 
-          ip6tables-save, 
-          iptables, 
+          ip6tables-restore,
+          ip6tables-save,
+          iptables,
           iptables-apply,
           iptables-legacy,
@@ -866 +866 @@
           iptables-legacy-apply,
           iptables-restore,
-          iptables-save, 
-          iptables-xml, 
+          iptables-save,
+          iptables-xml,
           nfsynproxy (optional),
           and xtables-multi
         </seg>
         <seg>
-          libip4tc.so, 
-          libip6tc.so, 
-          libipq.so, 
+          libip4tc.so,
+          libip6tc.so,
+          libipq.so,
           libiptc.so,
           and libxtables.so
         </seg>
         <seg>
-          /lib/xtables and 
+          /lib/xtables and
           /usr/include/libiptc
         </seg>

postlfs/security/libcap.xml

@@ -30 +30 @@
 
     <para>
-      The <application>libcap</application> package was installed in 
+      The <application>libcap</application> package was installed in
       LFS, but if <application>Linux-PAM</application> support is desired,
       the PAM module must be built (after installation of
@@ -144 +144 @@
       <command>man 3 cap_from_text</command> for additional information.
     </para>
- 
+
   </sect2>
 

postlfs/security/liboauth.xml

@@ -87 +87 @@
     <bridgehead renderas="sect4">Required</bridgehead>
     <para role="required">
-      <xref linkend="curl"/> 
+      <xref linkend="curl"/>
     </para>
 

postlfs/security/libpwquality.xml

@@ -115 +115 @@
       Now, as the <systemitem class="username">root</systemitem> user:
     </para>
-    
+
 <screen role="root"><userinput>make install</userinput></screen>
 
@@ -177 +177 @@
 
   </sect2>
-    
+
   <sect2 role="content">
     <title>Contents</title>

postlfs/security/linux-pam.xml

@@ -105 +105 @@
       <xref linkend="db"/>,
       <xref linkend="libnsl"/>,
-      <xref linkend="libtirpc"/>, 
+      <xref linkend="libtirpc"/>,
       <ulink url="https://github.com/linux-audit/audit-userspace">libaudit</ulink>, and
       <ulink url="http://www.prelude-siem.org">Prelude</ulink>
@@ -313 +313 @@
 
       <para>
-        Now set up some generic files.  As the 
+        Now set up some generic files.  As the
         <systemitem class="username">root</systemitem> user:
       </para>

postlfs/security/make-ca.xml

@@ -39 +39 @@
       Certificate Authority (CA) that is trusted by the local machine.
     </para>
-  
+
     <para>
       Establishing trust with a CA involves validating things like company

postlfs/security/mitkrb.xml

@@ -159 +159 @@
 
     <para>
-      The first <command>sed</command> increases the width of the virtual 
+      The first <command>sed</command> increases the width of the virtual
       terminal used for some tests to prevent some spurious text in the output
       which is taken as a failure. The second <command>sed</command> removes a
@@ -212 +212 @@
     <!-- FIXME: Removed due to merged-/usr setup
     <para>
-      <command>mv -v /usr/lib/libk... /lib </command> and 
-      <command>ln -v -sf ../../lib/libk... /usr/lib/libk...</command>: 
+      <command>mv -v /usr/lib/libk... /lib </command> and
+      <command>ln -v -sf ../../lib/libk... /usr/lib/libk...</command>:
       Move critical libraries to the
       <filename class="directory">/lib</filename> directory so that they are
@@ -221 +221 @@
 
     <para>
-      <command>find /usr/lib -type f -name "lib$f*.so*" -exec chmod -v 755 {} \;</command>: 
-      This command changes the permisison of installed libraries.  
+      <command>find /usr/lib -type f -name "lib$f*.so*" -exec chmod -v 755 {} \;</command>:
+      This command changes the permisison of installed libraries.
     </para>
 
@@ -498 +498 @@
           /usr/lib/krb5,
           /usr/share/{doc/krb5-&mitkrb-version;,examples/krb5},
-          /var/lib/krb5kdc, and 
-          /run/krb5kdc 
+          /var/lib/krb5kdc, and
+          /run/krb5kdc
         </seg>
       </seglistitem>

postlfs/security/nss.xml

@@ -150 +150 @@
 HOST=localhost DOMSUF=localdomain ./all.sh
 cd ../</userinput></screen>
-    
-    <note>  
+
+    <note>
       <para>Some information about the tests:</para>
       <itemizedlist spacing="compact">
       <listitem>
         <para>
-           HOST=localhost and DOMSUF=localdomain are required 
+           HOST=localhost and DOMSUF=localdomain are required
            Without these variables, a FQDN is
            required to specified and this generic way should work for
@@ -165 +165 @@
         <para>
            The tests take an extremely long time to run. If desired there is
-           information in the all.sh script about running subsets of the 
+           information in the all.sh script about running subsets of the
            total test suite.
         </para>
@@ -179 +179 @@
       <listitem>
         <para>
-           Test suite results (in HTML format!) can be found at 
+           Test suite results (in HTML format!) can be found at
            ../../test_results/security/localhost.1/results.html
         </para>
@@ -302 +302 @@
           libcrmf.a, libfreebl3.so, libfreeblpriv3.so,
           libnss3.so, libnssckbi.so, libnssckbi-testlib.so,
-          libnssdbm3.so, libnsssysinit.so, libnssutil3.so, 
-          libpkcs11testmodule.so, libsmime3.so, libsoftokn3.so, 
+          libnssdbm3.so, libnsssysinit.so, libnssutil3.so,
+          libpkcs11testmodule.so, libsmime3.so, libsoftokn3.so,
           and libssl3.so
         </seg>

postlfs/security/openssh.xml

@@ -13 +13 @@
   <!ENTITY openssh-size          "1.7 MB">
   <!ENTITY openssh-buildsize     "48 MB (add 18 MB for tests)">
-  <!ENTITY openssh-time          "0.3 SBU (Using parallelism=4; 
+  <!ENTITY openssh-time          "0.3 SBU (Using parallelism=4;
                                   running the tests takes 20+ minutes,
                                   irrespective of processor speed)">
@@ -143 +143 @@
 
 <screen><userinput remap="pre">patch -Np1 -i ../openssh-&openssh-version;-glibc_2.31_fix-1.patch</userinput></screen>
--->    
+-->
 
 <!-- Applied in 8.5p1

postlfs/security/p11-kit.xml

@@ -122 +122 @@
 
     <para>
-      To test the results, issue: <command>ninja test</command>. 
+      To test the results, issue: <command>ninja test</command>.
     </para>
 

postlfs/security/polkit.xml

@@ -94 +94 @@
       <xref linkend="linux-pam"/>
       <phrase revision="sysv">
-        and <xref role="first" linkend="elogind"/> 
+        and <xref role="first" linkend="elogind"/>
       </phrase>
     </para>
@@ -118 +118 @@
     <bridgehead renderas="sect4">Optional</bridgehead>
     <para role="optional">
-      <xref linkend="dbus-python"/> and 
+      <xref linkend="dbus-python"/> and
       <xref linkend="python-dbusmock"/> (for tests),
       <xref linkend="DocBook"/>,
@@ -220 +220 @@
 
     <para>
-      To test the results, first ensure that the system 
+      To test the results, first ensure that the system
       <application>D-Bus</application> daemon is running.
       Then run <command>make check</command>.

postlfs/security/shadow.xml

@@ -146 +146 @@
 
 <screen role="root"><userinput>make exec_prefix=/usr install</userinput></screen>
-       
+
   </sect2>
 
@@ -168 +168 @@
     <para>
       <command>sed -e 's@#ENCRYPT_METHOD DES@ENCRYPT_METHOD SHA512@' -e
-      's@/var/spool/mail@/var/mail@' -e '/PATH=/{s@/sbin:@@;s@/bin:@@}' 
+      's@/var/spool/mail@/var/mail@' -e '/PATH=/{s@/sbin:@@;s@/bin:@@}'
       -i etc/login.defs</command>: Instead of using
       the default 'DES' method, this command modifies the installation to use
@@ -180 +180 @@
 
     <para>
-      <command>sed ... libmisc/salt.c</command> and 
+      <command>sed ... libmisc/salt.c</command> and
       <command>sed ... libsubid/Makefile.am</command>: Fix a couple of errors
       that were found after the package was released.

postlfs/security/stunnel.xml

@@ -261 +261 @@
       </para>
 
-<screen role="root"><userinput>cat &gt; /etc/stunnel/stunnel.conf &lt;&lt; "EOF" 
+<screen role="root"><userinput>cat &gt; /etc/stunnel/stunnel.conf &lt;&lt; "EOF"
 <literal>; File: /etc/stunnel/stunnel.conf
 

postlfs/security/sudo.xml

@@ -111 +111 @@
       To test the results, issue: <command>env LC_ALL=C make check 2&gt;&amp;1
       | tee make-check.log</command>. Check the results with <command>grep
-      failed make-check.log</command>. 
+      failed make-check.log</command>.
     </para>
 
@@ -220 +220 @@
 %wheel ALL=(ALL) ALL</literal>
 EOF</userinput></screen>
-      
+
       <para>
         For details, see <command>man sudoers</command>.

postlfs/security/tripwire.xml

@@ -176 +176 @@
     <para>
       <option>CPPFLAGS=-std=c++11</option>: Setting the C++ preprocessor
-      flags to version 11 is necessary to prevent a confict with the 
+      flags to version 11 is necessary to prevent a confict with the
       default version which is c++17 in recent version of gcc.
     </para>
@@ -296 +296 @@
         email) and then modify the <application>Tripwire</application> database
         to reflect the changed files on your system. This is so that
-        <application>Tripwire</application> will not continually notify you 
+        <application>Tripwire</application> will not continually notify you
         hat files you intentionally changed are a security violation. To do
         this you must first <command>ls -l /var/lib/tripwire/report/</command>

postlfs/security/volume_key.xml

@@ -30 +30 @@
 
     <para>
-      The <application>volume_key</application> package provides 
-      a library for manipulating storage volume encryption keys and storing 
+      The <application>volume_key</application> package provides
+      a library for manipulating storage volume encryption keys and storing
       them separately from volumes to handle forgotten passphrases.
     </para>