Changeset bca744f

Timestamp:

02/15/2009 11:36:42 PM (15 years ago)

Author:

Randy McMurchy <randy@…>

Branches:

10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal

Children:

a270244

Parents:

903f671

Message:

Updated to Shadow-4.1.2.2

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@7765 af4574ff-66df-0310-9fd7-8a98e5e911e0

Files:

• general.ent (modified) (2 diffs)
• introduction/welcome/changelog.xml (modified) (1 diff)
• postlfs/security/shadow.xml (modified) (15 diffs)

general.ent

@@ -4 +4 @@
 -->
 
-<!ENTITY day          "15">                   <!-- Always 2 digits -->
+<!ENTITY day          "16">                   <!-- Always 2 digits -->
 <!ENTITY month        "02">                   <!-- Always 2 digits -->
 <!ENTITY year         "2009">
@@ -64 +64 @@
 <!ENTITY cracklib-version             "2.8.13">
 <!ENTITY linux-pam-version            "1.0.3">
-<!ENTITY shadow-version               "4.0.18.1">
+<!ENTITY shadow-version               "4.1.2.2">
 <!ENTITY iptables-version             "1.3.8">
 <!ENTITY gnupg-version                "1.4.9">

introduction/welcome/changelog.xml

@@ -43 +43 @@
 
     <listitem>
+      <para>February 16th, 2009</para>
+      <itemizedlist>
+        <listitem>
+          <para>[randy] - Updated to Shadow-4.1.2.2.</para>
+        </listitem>
+      </itemizedlist>
+    </listitem>
+
+    <listitem>
       <para>February 15th, 2009</para>
       <itemizedlist>

postlfs/security/shadow.xml

@@ -5 +5 @@
   %general-entities;
 
-  <!-- <!ENTITY shadow-download-http "http://ftp.pld.org.pl/software/shadow/old/shadow-&shadow-version;.tar.bz2"> -->
-  <!-- <!ENTITY shadow-download-ftp  "ftp://ftp.pld.org.pl/software/shadow/shadow-&shadow-version;.tar.bz2"> -->
-  <!-- <!ENTITY shadow-download-http "http://cross-lfs.org/files/packages/svn/shadow-&shadow-version;.tar.bz2"> -->
-  <!ENTITY shadow-download-http "http://anduin.linuxfromscratch.org/sources/LFS/lfs-packages/development/shadow-&shadow-version;.tar.bz2">
-  <!ENTITY shadow-download-ftp  " ">
-  <!ENTITY shadow-md5sum        "e7751d46ecf219c07ae0b028ab3335c6">
-  <!ENTITY shadow-size          "1.5 MB">
-  <!ENTITY shadow-buildsize     "18 MB">
+  <!ENTITY shadow-download-http " ">
+  <!ENTITY shadow-download-ftp  "ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-&shadow-version;.tar.bz2">
+  <!ENTITY shadow-md5sum        "3d26d990d4c3add1b7f8387eec1d1fde">
+  <!ENTITY shadow-size          "1.6 MB">
+  <!ENTITY shadow-buildsize     "22 MB">
   <!ENTITY shadow-time          "0.3 SBU">
 ]>
@@ -65 +62 @@
     </itemizedlist>
 
-    <bridgehead renderas="sect3">Additional Downloads</bridgehead>
+    <!-- <bridgehead renderas="sect3">Additional Downloads</bridgehead>
     <itemizedlist spacing='compact'>
       <listitem>
@@ -71 +68 @@
         url="&patch-root;/shadow-&shadow-version;-useradd_fix-2.patch"/></para>
       </listitem>
-    </itemizedlist>
+    </itemizedlist> -->
 
     <bridgehead renderas="sect3">Shadow Dependencies</bridgehead>
@@ -88 +85 @@
 
     <important>
-      <para>The installation shown below is for a situation where
+      <para>The installation commands shown below are for installations where
       <application>Linux-PAM</application> has been installed (with or
       without a <application>CrackLib</application> installation) and
       <application>Shadow</application> is being reinstalled to support the
-      <application>Linux-PAM</application> installation. If you are
-      reinstalling <application>Shadow</application> to provide strong
-      password support via the <application>CrackLib</application> library
-      and you have not installed <application>Linux-PAM</application>, ensure
-      you add the <parameter>--with-libcrack</parameter> parameter to the
-      <command>configure</command> script below.</para>
+      <application>Linux-PAM</application> installation.</para>
+
+      <para> If you are reinstalling <application>Shadow</application> to
+      provide strong password support using the
+      <application>CrackLib</application> library without using
+      <application>Linux-PAM</application>, ensure you add the
+      <parameter>--with-libcrack</parameter> parameter to the
+      <command>configure</command> script below and also issue the following
+      command:</para>
+
+<screen><userinput>sed -i 's@DICTPATH.*@DICTPATH\t/lib/cracklib/pw_dict@' etc/login.defs</userinput></screen>
     </important>
 
@@ -103 +105 @@
     commands:</para>
 
-<screen><userinput>patch -Np1 -i ../shadow-&shadow-version;-useradd_fix-2.patch &amp;&amp;
-
-./configure --libdir=/lib \
-            --sysconfdir=/etc \
-            --enable-shared \
-            --without-selinux &amp;&amp;
-
-sed -i 's/groups$(EXEEXT) //' src/Makefile &amp;&amp;
-find man -name Makefile -exec sed -i 's/groups\.1 / /' {} \; &amp;&amp;
-sed -i -e 's/ ko//' -e 's/ zh_CN zh_TW//' man/Makefile &amp;&amp;
+<screen><userinput>sed -i 's/groups$(EXEEXT) //' src/Makefile.in                   &amp;&amp;
+find man -name Makefile.in -exec sed -i 's/groups\.1 / /' {} \; &amp;&amp;
+sed -i -e 's/ ko//' -e 's/ zh_CN zh_TW//' man/Makefile.in       &amp;&amp;
 
 for i in de es fi fr id it pt_BR; do
     convert-mans UTF-8 ISO-8859-1 man/${i}/*.?
-done &amp;&amp;
+done                                                            &amp;&amp;
 
 for i in cs hu pl; do
     convert-mans UTF-8 ISO-8859-2 man/${i}/*.?
-done &amp;&amp;
-
-convert-mans UTF-8 EUC-JP man/ja/*.? &amp;&amp;
-convert-mans UTF-8 KOI8-R man/ru/*.? &amp;&amp;
-convert-mans UTF-8 ISO-8859-9 man/tr/*.? &amp;&amp;
-
+done                                                            &amp;&amp;
+
+convert-mans UTF-8 EUC-JP man/ja/*.?                            &amp;&amp;
+convert-mans UTF-8 KOI8-R man/ru/*.?                            &amp;&amp;
+convert-mans UTF-8 ISO-8859-9 man/tr/*.?                        &amp;&amp;
+
+sed -i -e 's@#ENCRYPT_METHOD DES@ENCRYPT_METHOD MD5@' \
+       -e 's@/var/spool/mail@/var/mail@' etc/login.defs         &amp;&amp;
+
+./configure --sysconfdir=/etc                                   &amp;&amp;
 make</userinput></screen>
 
@@ -133 +132 @@
 
 <screen role="root"><userinput>make install &amp;&amp;
-mv -v /usr/bin/passwd /bin &amp;&amp;
-mv -v /lib/libshadow.*a /usr/lib &amp;&amp;
-rm -v /lib/libshadow.so &amp;&amp;
-ln -v -sf ../../lib/libshadow.so.0 /usr/lib/libshadow.so</userinput></screen>
+mv -v /usr/bin/passwd /bin</userinput></screen>
 
   </sect2>
@@ -143 +139 @@
     <title>Command Explanations</title>
 
-    <!-- Removed the -with-libpam and -without-libcrack options from the
-         default as these are the defaults. Pam will automatically be picked
-         up if it is installed, and CrackLib won't be used unless specifically
-         requested via -with-libcrack
-    <para><parameter>-without-libcrack</parameter>: This switch tells
-    <application>Shadow</application> not to use
-    <filename class='libraryfile'>libcrack</filename>. This is desired as
-    <application>Linux-PAM</application> will provide
-    <filename class='libraryfile'>libcrack</filename> functionality.</para>
-    -->
-
-    <para><parameter>--without-selinux</parameter>: Support for selinux is
-    enabled by default, but selinux is not built in a base LFS system. The
-    <command>configure</command> script will fail if this option is not
-    used.</para>
-
-    <para><command>sed -i 's/groups$(EXEEXT) //' src/Makefile</command>: This
-    command is used to suppress the installation of the
+    <para><command>sed -i 's/groups$(EXEEXT) //' src/Makefile.in</command>:
+    This command is used to suppress the installation of the
     <command>groups</command> program as the version from the
     <application>Coreutils</application> package installed during LFS is
     preferred.</para>
 
-    <para><command>find man -name Makefile -exec ... {} \;</command>: This
+    <para><command>find man -name Makefile.in -exec ... {} \;</command>: This
     command is used to suppress the installation of the
     <command>groups</command> man pages so the existing ones installed from
     the <application>Coreutils</application> package are not replaced.</para>
 
-    <para><command>sed -i -e '...' -e '...' man/Makefile</command>: This
+    <para><command>sed -i -e '...' -e '...' man/Makefile.in</command>: This
     command disables the installation of Chinese and Korean manual pages, since
     <application>Man-DB</application> cannot format them properly.</para>
@@ -177 +157 @@
     convert some of the man pages so that <application>Man-DB</application>
     will display them in the expected encodings.</para>
+
+    <para><command>sed -i -e 's@#ENCRYPT_METHOD DES@ENCRYPT_METHOD MD5@'
+    -e 's@/var/spool/mail@/var/mail@' etc/login.defs</command>:
+    Instead of using the default 'crypt' method, this command modifies the
+    installation to use the more secure 'MD5' method of password encryption,
+    which also allows passwords longer than eight characters. It also changes
+    the obsolete <filename class="directory">/var/spool/mail</filename>
+    location for user mailboxes that <application>Shadow</application> uses by
+    default to the <filename class="directory">/var/mail</filename>
+    location.</para>
 
     <para><command>mv -v /usr/bin/passwd /bin</command>: The
@@ -183 +173 @@
     it is moved into the root partition.</para>
 
-    <para><command>mv -v ...; rm -v ...; ln -v ...</command>: These commands
-    are used to move the <filename class='libraryfile'>libshadow</filename>
-    library to the root partition to support the moving of the
-    <command>passwd</command> program earlier.</para>
-
   </sect2>
 
@@ -194 +179 @@
 
     <para><application>Shadow</application>'s stock configuration for the
-    <command>useradd</command> utility is not suitable for LFS systems. Use the
-    following commands as the <systemitem class="username">root</systemitem>
-    user to change the default home directory for new users and prevent the
-    creation of mail spool files:</para>
-
-<screen role="root"><userinput>useradd -D -b /home &amp;&amp;
-sed -i 's/yes/no/' /etc/default/useradd</userinput></screen>
+    <command>useradd</command> utility may not be desireable for your
+    installation. One default parameter causes <command>useradd</command> to
+    create a mailbox file for any newly created user.
+    <command>useradd</command> will make the group ownership of this file to
+    the <systemitem class="groupname">mail</systemitem> group with 0660
+    permissions. If you would prefer that these mailbox files are not created
+    by <command>useradd</command>, issue the
+    following command as the <systemitem class="username">root</systemitem> user:</para>
+
+<screen role="root"><userinput>sed -i 's/yes/no/' /etc/default/useradd</userinput></screen>
 
   </sect2>
@@ -221 +209 @@
 
       <para><filename>/etc/pam.d/*</filename> or alternatively
-      <filename>/etc/pam.conf, /etc/login.defs and
+      <filename>/etc/pam.conf, /etc/login.defs, and
       /etc/security/*</filename></para>
 
@@ -298 +286 @@
 done</userinput></screen>
 
-        <!-- Moved the commenting of these four parameters into the section
-        above. If PAM is installed, it complains if these are not commented
-        regardless if CrackLib is installed.
-
-        <para>If you have <application>CrackLib</application> installed,
-        also comment out four more lines using the following command as the
-        <systemitem class="username">root</systemitem> user:</para>
-
-<screen role="root"><userinput>for FUNCTION in OBSCURE_CHECKS_ENAB CRACKLIB_DICTPATH \
-                PASS_CHANGE_TRIES PASS_ALWAYS_WARN
-do
-    sed -i "s/^$FUNCTION/# &amp;/" /etc/login.defs
-done</userinput></screen>
-
-        -->
-
       </sect4>
 
@@ -330 +302 @@
 
         <para>As the <systemitem class="username">root</systemitem> user,
-        create the <filename class="directory">/etc/pam.d</filename>
-        directory with the following command:</para>
-
-        <screen role="root"><userinput>install -v -d -m755 /etc/pam.d</userinput></screen>
-
-        <para>While still the <systemitem class="username">root</systemitem>
-        user, add the following <application>Linux-PAM</application>
-        configuration files to the
+        replace the following <application>Linux-PAM</application>
+        configuration files in the
         <filename class="directory">/etc/pam.d/</filename> directory (or
-        add the contents to the <filename>/etc/pam.conf</filename> file) with
+        add the contents to the <filename>/etc/pam.conf</filename> file) using
         the following commands:</para>
 
@@ -468 +434 @@
 
       <sect4>
-        <title>'chpasswd', 'chgpasswd', 'groupadd', 'groupdel', 'groupmems',
-        'groupmod', 'newusers', 'useradd', 'userdel', and 'usermod'</title>
-
-<screen role="root"><userinput>for PROGRAM in chpasswd chgpasswd groupadd groupdel groupmems \
-               groupmod newusers useradd userdel usermod
+        <title>'chfn', 'chgpasswd', 'chgpasswd', 'chsh', 'groupadd',
+        'groupdel', 'groupmems', 'groupmod', 'newusers', 'useradd', 'userdel'
+        and 'usermod'</title>
+
+<screen role="root"><userinput>for PROGRAM in chfn chgpasswd chpasswd chsh groupadd groupdel \
+               groupmems groupmod newusers useradd userdel usermod
 do
     install -v -m644 /etc/pam.d/chage /etc/pam.d/$PROGRAM
@@ -515 +482 @@
 auth        required        pam_warn.so
 account     required        pam_deny.so
-session     required        pam_deny.so
+account     required        pam_warn.so
 password    required        pam_deny.so
 password    required        pam_warn.so
+session     required        pam_deny.so
+session     required        pam_warn.so
 
 # End /etc/pam.d/other</literal>
 EOF</userinput></screen>
-
-      <para>If you preserved the source tree from the
-      <application>Linux-PAM</application> package (or you feel like unpacking
-      that tarball, then running <command>configure</command> and
-      <command>make</command>), now would be a good time to run the test
-      suite from this package. This test suite will use the configuration you
-      just finished during the tests. All the tests should pass.</para>
 
       </sect4>