Changeset f927d5b3 for postlfs

Timestamp:

10/28/2022 02:16:17 PM (19 months ago)

Author:

Pierre Labastie <pierre.labastie@…>

Branches:

11.3, 12.0, 12.1, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, xry111/llvm18, xry111/xf86-video-removal

Children:

3dc54fa

Parents:

060dd59 (diff), a476c5de (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.

Message:

Merge branch 'trunk' into plabs/python-mods

Location:

postlfs/security

Files:

• gnupg2.xml (modified) (2 diffs)
• gpgme.xml (modified) (4 diffs)
• linux-pam.xml (modified) (19 diffs)
• nss.xml (modified) (1 diff)
• sudo.xml (modified) (1 diff)
• volume_key.xml (modified) (4 diffs)

postlfs/security/gnupg2.xml

@@ -7 +7 @@
   <!ENTITY gnupg2-download-http "&gnupg-http;/gnupg/gnupg-&gnupg2-version;.tar.bz2">
   <!ENTITY gnupg2-download-ftp  "&gnupg-ftp;/gnupg/gnupg-&gnupg2-version;.tar.bz2">
-  <!ENTITY gnupg2-md5sum        "1c6a6722b9cececcf10ca4e24106e34b">
+  <!ENTITY gnupg2-md5sum        "f9e9dfaf150d31abc77d09e509c6231b">
   <!ENTITY gnupg2-size          "7.3 MB">
-  <!ENTITY gnupg2-buildsize     "161 MB (with all tests; add 25 MB for docs)">
-  <!ENTITY gnupg2-time          "0.7 SBU (using parallelism=4; add 1.5 SBU for tests)">
+  <!ENTITY gnupg2-buildsize     "128 MB (with tests)">
+  <!ENTITY gnupg2-time          "0.4 SBU (using parallelism=4; add 0.3 SBU for tests)">
 ]>
 
@@ -127 +127 @@
     -i tools/Makefile.in</userinput></screen>
 -->
-<!-- Seems to be resolved in 2.2.29
-    <para>
-      Fix a issue causing build failure if
+
+    <para>
+      First, fix an issue causing build failure if
       <application>OpenLDAP</application> is not installed:
     </para>
 
-<screen><userinput>sed -e '737a #if USE_LDAP' \
-    -e '760a #endif' \
-    -i dirmngr/dirmngr.c</userinput></screen>
--->
+<screen><userinput>sed -e '/ks_ldap_free_state/i #if USE_LDAP' \
+    -e '/ks_get_state =/a #endif'           \
+    -i dirmngr/server.c</userinput></screen>
 
     <para>

postlfs/security/gpgme.xml

@@ -72 +72 @@
         <para>
           Estimated build time: &gpgme-time;
+        </para>
+      </listitem>
+    </itemizedlist>
+
+    <bridgehead renderas="sect3">Additional Downloads</bridgehead>
+    <itemizedlist spacing="compact">
+      <listitem>
+        <para>
+          Recommended patch (required if SWIG is installed):
+          <ulink url="&patch-root;/gpgme-&gpgme-version;-gpg_error_1_46-1.patch"/>
         </para>
       </listitem>
@@ -106 +116 @@
 
     <para>
-      First, fix an issue building with Python 3.10 installed:
-    </para>
-
-<screen><userinput remap="pre">sed -e 's/3\.9/3.10/'                    \
+      First, fix an issue building with Python &python3-majorver; installed:
+    </para>
+
+<screen><userinput remap="pre">sed -e 's/3\.9/&python3-majorver;/'                    \
     -e 's/:3/:4/'                        \
     -i configure</userinput></screen>
+
+    <para>
+      Apply a patch to fix build failure with SWIG and libgpg-error-1.46
+      or later:
+    </para>
+
+<screen><userinput remap="pre">patch -Np1 -i ../gpgme-&gpgme-version;-gpg_error_1_46-1.patch</userinput></screen>
 
     <para>
@@ -157 +174 @@
       <seglistitem>
         <seg>
-          gpgme-config, gpgme-json, and gpgme-tool
+          gpgme-json, and gpgme-tool
         </seg>
         <seg>
@@ -176 +193 @@
       <?dbhtml list-presentation="table"?>
 
-      <varlistentry id="gpgme-config">
-        <term><command>gpgme-config</command></term>
-        <listitem>
-          <para>
-            is used to obtain <application>GPGME</application> compilation and
-            linking information
-          </para>
-          <indexterm zone="gpgme gpgme-config">
-            <primary sortas="b-gpgme-config">gpgme-config</primary>
-          </indexterm>
-        </listitem>
-      </varlistentry>
-
       <varlistentry id="gpgme-json">
         <term><command>gpgme-json</command></term>

postlfs/security/linux-pam.xml

@@ -38 +38 @@
     <para>
       The <application>Linux PAM</application> package contains
-      Pluggable Authentication Modules used to enable the local
-      system administrator to choose how applications authenticate
+      Pluggable Authentication Modules used by the local
+      system administrator to control how application programs authenticate
       users.
     </para>
@@ -124 +124 @@
         <xref role="runtime" linkend="shadow"/>
         <phrase revision="systemd"> and <xref role="runtime" linkend="systemd"/>
-        need</phrase><phrase revision="sysv">needs</phrase> to be reinstalled
+        must</phrase><phrase revision="sysv">must</phrase> be reinstalled
+        and reconfigured
         after installing and configuring <application>Linux PAM</application>.
       </para>
@@ -130 +131 @@
       <para role="recommended">
          With Linux-PAM-1.4.0 and higher, the pam_cracklib module is not
-         installed by default. To enforce strong passwords, it is recommended
-         to use <xref role="runtime" linkend="libpwquality"/>.
+         installed by default. Use <xref role="runtime" linkend="libpwquality"/>
+         to enforce strong passwords.
       </para>
     </note>
@@ -144 +145 @@
 
     <para revision="sysv">
-      First prevent the installation of an unneeded systemd file:
+      First, prevent the installation of an unneeded systemd file:
     </para>
 
@@ -159 +160 @@
 
     <para>
-      If you instead want to regenerate the documentation, fix the
-      <command>configure</command> script so that it detects lynx if installed:
+      If you want to regenerate the documentation yourself, fix the
+      <command>configure</command> script so it will detect lynx:
     </para>
 
@@ -168 +169 @@
 
     <para>
-      Install <application>Linux PAM</application> by
+      Compile and link <application>Linux PAM</application> by
       running the following commands:
     </para>
@@ -186 +187 @@
 
     <caution>
-      <title>Reinstallation or upgrade of Linux PAM</title>
+      <title>Reinstallation or Upgrade of Linux PAM</title>
       <para>
         If you have a system with Linux PAM installed and working, be careful
@@ -193 +194 @@
         may become totally unusable. If you want to run the tests, you do not
         need to create another <filename>/etc/pam.d/other</filename> file. The
-        installed one can be used for that purpose.
+        existing file can be used for the tests.
       </para>
 
@@ -200 +201 @@
          overwrites the configuration files in
          <filename class="directory">/etc/security</filename> as well as
-         <filename>/etc/environment</filename>. In case you
+         <filename>/etc/environment</filename>. If you
          have modified those files, be sure to back them up.
       </para>
@@ -206 +207 @@
 
     <para>
-      For a first installation, create the configuration file by issuing the
+      For a first-time installation, create a configuration file by issuing the
       following commands as the <systemitem class="username">root</systemitem>
       user:
@@ -222 +223 @@
     <para>
       Now run the tests by issuing <command>make check</command>.
-      Ensure there are no errors produced by the tests before continuing the
-      installation. Note that the checks are quite long.  It may be useful to
-      redirect the output to a log file in order to inspect it thoroughly.
-    </para>
-
-    <para>
-      Only in case of a first installation, remove the configuration file
+      Be sure the tests produced no errors before continuing the
+      installation. Note that the tests are very long.
+      Redirect the output to a log file, so you can inspect it thoroughly.
+    </para>
+
+    <para>
+      For a first-time installation, remove the configuration file
       created earlier by issuing the following command as the
       <systemitem class="username">root</systemitem> user:
@@ -259 +260 @@
       linkend="libxslt"/>, and <xref linkend="lynx"/> or <ulink
       url="&w3m-url;">W3m</ulink>) are installed, the manual pages, and the
-      html and text documentations are (re)generated and installed.
+      html and text documentation files, are generated and installed.
       Furthermore, if <xref linkend="fop"/> is installed, the PDF
       documentation is generated and installed. Use this switch if you do not
@@ -267 +268 @@
     <para>
       <command>chmod -v 4755 /usr/sbin/unix_chkpwd</command>:
-      The <command>unix_chkpwd</command> helper program must be setuid
-      so that non-<systemitem class="username">root</systemitem>
+      The setuid bit for the <command>unix_chkpwd</command> helper program must be 
+      turned on, so that non-<systemitem class="username">root</systemitem>
       processes can access the shadow file.
     </para>
@@ -278 +279 @@
 
     <sect3 id="pam-config">
-      <title>Config Files</title>
+      <title>Configuration Files</title>
 
       <para>
@@ -301 +302 @@
         Configuration information is placed in
         <filename class="directory">/etc/pam.d/</filename>.
-        Below is an example file:
+        Here is a sample file:
       </para>
 
@@ -314 +315 @@
 
       <para>
-        Now set up some generic files.  As the
+        Now create some generic configuration files.  As the
         <systemitem class="username">root</systemitem> user:
       </para>
@@ -356 +357 @@
        If you wish to enable strong password support, install
        <xref linkend="libpwquality"/>, and follow the
-       instructions in that page to configure the pam_pwquality
+       instructions on that page to configure the pam_pwquality
        PAM module with strong password support.
      </para>
 
 <!-- With the removal of the pam_cracklib module, we're supposed to be using
-     libpwquality. That already includes instructions in it's configuration
+     libpwquality. That already includes instructions in its configuration
      information page, so we'll use those instead.
 
@@ -417 +418 @@
 -->
       <para>
-        Now add a restrictive <filename>/etc/pam.d/other</filename>
+        Next, add a restrictive <filename>/etc/pam.d/other</filename>
         configuration file.  With this file, programs that are PAM aware will
         not run unless a configuration file specifically for that application
-        is created.
+        exists.
       </para>
 
@@ -440 +441 @@
       <para>
         The <application>PAM</application> man page (<command>man
-        pam</command>) provides a good starting point for descriptions
-        of fields and allowable entries.
-        <!-- not accessible 2022-09-08
+        pam</command>) provides a good starting point to learn
+        about the several fields, and allowable entries.
+        <!-- not accessible 2022-09-08 -->
+        <!-- it's available at a different address 2022-10-23-->
         The
-        <ulink url="http://www.linux-pam.org/Linux-PAM-html/Linux-PAM_SAG.html">
+        <ulink url="https://www.docs4dev.com/docs/en/linux-pam/1.1.2/reference/Linux-PAM_SAG.html">
           Linux-PAM System Administrators' Guide
-        </ulink> is recommended for additional information.-->
+        </ulink> is recommended for additional information.
       </para>
 

postlfs/security/nss.xml

@@ -12 +12 @@
 
 <!-- no micro versions -->
-<!ENTITY nss-download-http "https://&nss-url;/NSS_&nss-dir;_RTM/src/nss-&nss-version;.tar.gz">
-
+  <!ENTITY nss-download-http "https://&nss-url;/NSS_&nss-dir;_RTM/src/nss-&nss-version;.tar.gz">
   <!ENTITY nss-download-ftp  " ">
-  <!ENTITY nss-md5sum        "4a5a8c42772e202e4e94c261f6a5324c">
+  <!ENTITY nss-md5sum        "5f784b9cad172d6df9c24e0673bd5ecd">
   <!ENTITY nss-size          "81 MB">
-  <!ENTITY nss-buildsize     "332 MB (add 288 MB for tests)">
-  <!ENTITY nss-time          "4.4 SBU (with parallelism=4, add 60 SBU for tests)">
+  <!ENTITY nss-buildsize     "324 MB (add 288 MB for tests)">
+  <!ENTITY nss-time          "2.3 SBU (with parallelism=4, add 60 SBU for tests)">
   <!-- On my system, I got 64.2 SBU, but Bruce gets 18 SBU. -renodr -->
   <!-- On my system, I got 63 SBU, but Xi gets ~18 SBU. -pierre (for 3.78) -->

postlfs/security/sudo.xml

@@ -7 +7 @@
   <!ENTITY sudo-download-http "https://www.sudo.ws/dist/sudo-&sudo-version;.tar.gz">
   <!ENTITY sudo-download-ftp  "ftp://ftp.sudo.ws/pub/sudo/sudo-&sudo-version;.tar.gz">
-  <!ENTITY sudo-md5sum        "07e95c947129d8820c78caa1fc79c7fd">
-  <!ENTITY sudo-size          "4.6 MB">
-  <!ENTITY sudo-buildsize     "48 MB (add 15 MB for tests)">
+  <!ENTITY sudo-md5sum        "82187207e0d037861bc5acb54bc5090f">
+  <!ENTITY sudo-size          "4.7 MB">
+  <!ENTITY sudo-buildsize     "49 MB (add 16 MB for tests)">
   <!ENTITY sudo-time          "0.4 SBU (add 0.1 SBU for tests)">
 ]>

postlfs/security/volume_key.xml

@@ -77 +77 @@
       <xref linkend="cryptsetup"/>,
       <xref linkend="glib2"/>,
+      <!-- To editors: if GnuPG is not installed, a wrong path to gpg will
+           be hard-coded into the library.  Even if GnuPG is installed, we
+           still need the 's/gpg2/gpg/' sed below.  I can't find an elegant
+           way to specify the path manually (so I can't make it a runtime
+           dependency).  -->
+          <xref linkend="gnupg2"/>,
       <xref linkend="gpgme"/>, and
       <xref linkend="nss"/>
@@ -98 +104 @@
   <sect2 role="installation">
     <title>Installation of volume_key</title>
-
-    <para>
-      Install <application>volume_key</application> by running the following
-      commands:
-    </para>
 
     <note>
@@ -111 +112 @@
     </note>
 
+    <para>
+      Tell the building system how to locate GPGME and GnuPG correctly:
+    </para>
+
+<screen><userinput remap='pre'>sed -e '/AM_PATH_GPGME/iAM_PATH_GPG_ERROR' \
+    -e 's/gpg2/gpg/' -i configure.ac</userinput></screen>
+
+    <para>
+      Install <application>volume_key</application> by running the following
+      commands:
+    </para>
+
 <screen><userinput>autoreconf -fiv              &amp;&amp;
 ./configure --prefix=/usr    \
@@ -117 +130 @@
 
     <para>
-      This package does not come with a functioning test suite.
+      To test the results, issue: <command>make check</command>.
     </para>