- Timestamp:
- 10/28/2022 02:16:17 PM (19 months ago)
- Branches:
- 11.3, 12.0, 12.1, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, xry111/llvm18, xry111/xf86-video-removal
- Children:
- 3dc54fa
- Parents:
- 060dd59 (diff), a476c5de (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the(diff)
links above to see all the changes relative to each parent. - Location:
- postlfs/security
- Files:
-
- 6 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/security/gnupg2.xml
r060dd59 rf927d5b3 7 7 <!ENTITY gnupg2-download-http "&gnupg-http;/gnupg/gnupg-&gnupg2-version;.tar.bz2"> 8 8 <!ENTITY gnupg2-download-ftp "&gnupg-ftp;/gnupg/gnupg-&gnupg2-version;.tar.bz2"> 9 <!ENTITY gnupg2-md5sum " 1c6a6722b9cececcf10ca4e24106e34b">9 <!ENTITY gnupg2-md5sum "f9e9dfaf150d31abc77d09e509c6231b"> 10 10 <!ENTITY gnupg2-size "7.3 MB"> 11 <!ENTITY gnupg2-buildsize "1 61 MB (with all tests; add 25 MB for docs)">12 <!ENTITY gnupg2-time "0. 7 SBU (using parallelism=4; add 1.5SBU for tests)">11 <!ENTITY gnupg2-buildsize "128 MB (with tests)"> 12 <!ENTITY gnupg2-time "0.4 SBU (using parallelism=4; add 0.3 SBU for tests)"> 13 13 ]> 14 14 … … 127 127 -i tools/Makefile.in</userinput></screen> 128 128 --> 129 <!-- Seems to be resolved in 2.2.29 130 <para> 131 Fi x aissue causing build failure if129 130 <para> 131 First, fix an issue causing build failure if 132 132 <application>OpenLDAP</application> is not installed: 133 133 </para> 134 134 135 <screen><userinput>sed -e '737a #if USE_LDAP' \ 136 -e '760a #endif' \ 137 -i dirmngr/dirmngr.c</userinput></screen> 138 --> 135 <screen><userinput>sed -e '/ks_ldap_free_state/i #if USE_LDAP' \ 136 -e '/ks_get_state =/a #endif' \ 137 -i dirmngr/server.c</userinput></screen> 139 138 140 139 <para> -
postlfs/security/gpgme.xml
r060dd59 rf927d5b3 72 72 <para> 73 73 Estimated build time: &gpgme-time; 74 </para> 75 </listitem> 76 </itemizedlist> 77 78 <bridgehead renderas="sect3">Additional Downloads</bridgehead> 79 <itemizedlist spacing="compact"> 80 <listitem> 81 <para> 82 Recommended patch (required if SWIG is installed): 83 <ulink url="&patch-root;/gpgme-&gpgme-version;-gpg_error_1_46-1.patch"/> 74 84 </para> 75 85 </listitem> … … 106 116 107 117 <para> 108 First, fix an issue building with Python 3.10installed:109 </para> 110 111 <screen><userinput remap="pre">sed -e 's/3\.9/ 3.10/' \118 First, fix an issue building with Python &python3-majorver; installed: 119 </para> 120 121 <screen><userinput remap="pre">sed -e 's/3\.9/&python3-majorver;/' \ 112 122 -e 's/:3/:4/' \ 113 123 -i configure</userinput></screen> 124 125 <para> 126 Apply a patch to fix build failure with SWIG and libgpg-error-1.46 127 or later: 128 </para> 129 130 <screen><userinput remap="pre">patch -Np1 -i ../gpgme-&gpgme-version;-gpg_error_1_46-1.patch</userinput></screen> 114 131 115 132 <para> … … 157 174 <seglistitem> 158 175 <seg> 159 gpgme- config, gpgme-json, and gpgme-tool176 gpgme-json, and gpgme-tool 160 177 </seg> 161 178 <seg> … … 176 193 <?dbhtml list-presentation="table"?> 177 194 178 <varlistentry id="gpgme-config">179 <term><command>gpgme-config</command></term>180 <listitem>181 <para>182 is used to obtain <application>GPGME</application> compilation and183 linking information184 </para>185 <indexterm zone="gpgme gpgme-config">186 <primary sortas="b-gpgme-config">gpgme-config</primary>187 </indexterm>188 </listitem>189 </varlistentry>190 191 195 <varlistentry id="gpgme-json"> 192 196 <term><command>gpgme-json</command></term> -
postlfs/security/linux-pam.xml
r060dd59 rf927d5b3 38 38 <para> 39 39 The <application>Linux PAM</application> package contains 40 Pluggable Authentication Modules used to enablethe local41 system administrator to c hoose how applications authenticate40 Pluggable Authentication Modules used by the local 41 system administrator to control how application programs authenticate 42 42 users. 43 43 </para> … … 124 124 <xref role="runtime" linkend="shadow"/> 125 125 <phrase revision="systemd"> and <xref role="runtime" linkend="systemd"/> 126 need</phrase><phrase revision="sysv">needs</phrase> to be reinstalled 126 must</phrase><phrase revision="sysv">must</phrase> be reinstalled 127 and reconfigured 127 128 after installing and configuring <application>Linux PAM</application>. 128 129 </para> … … 130 131 <para role="recommended"> 131 132 With Linux-PAM-1.4.0 and higher, the pam_cracklib module is not 132 installed by default. To enforce strong passwords, it is recommended133 to use <xref role="runtime" linkend="libpwquality"/>.133 installed by default. Use <xref role="runtime" linkend="libpwquality"/> 134 to enforce strong passwords. 134 135 </para> 135 136 </note> … … 144 145 145 146 <para revision="sysv"> 146 First prevent the installation of an unneeded systemd file:147 First, prevent the installation of an unneeded systemd file: 147 148 </para> 148 149 … … 159 160 160 161 <para> 161 If you instead want to regenerate the documentation, fix the162 <command>configure</command> script so that it detects lynx if installed:162 If you want to regenerate the documentation yourself, fix the 163 <command>configure</command> script so it will detect lynx: 163 164 </para> 164 165 … … 168 169 169 170 <para> 170 Install<application>Linux PAM</application> by171 Compile and link <application>Linux PAM</application> by 171 172 running the following commands: 172 173 </para> … … 186 187 187 188 <caution> 188 <title>Reinstallation or upgrade of Linux PAM</title>189 <title>Reinstallation or Upgrade of Linux PAM</title> 189 190 <para> 190 191 If you have a system with Linux PAM installed and working, be careful … … 193 194 may become totally unusable. If you want to run the tests, you do not 194 195 need to create another <filename>/etc/pam.d/other</filename> file. The 195 installed one can be used for that purpose.196 existing file can be used for the tests. 196 197 </para> 197 198 … … 200 201 overwrites the configuration files in 201 202 <filename class="directory">/etc/security</filename> as well as 202 <filename>/etc/environment</filename>. I n caseyou203 <filename>/etc/environment</filename>. If you 203 204 have modified those files, be sure to back them up. 204 205 </para> … … 206 207 207 208 <para> 208 For a first installation, create theconfiguration file by issuing the209 For a first-time installation, create a configuration file by issuing the 209 210 following commands as the <systemitem class="username">root</systemitem> 210 211 user: … … 222 223 <para> 223 224 Now run the tests by issuing <command>make check</command>. 224 Ensure there are no errors produced by the tests before continuing the225 installation. Note that the checks are quite long. It may be useful to226 redirect the output to a log file in order toinspect it thoroughly.227 </para> 228 229 <para> 230 Only in case of a firstinstallation, remove the configuration file225 Be sure the tests produced no errors before continuing the 226 installation. Note that the tests are very long. 227 Redirect the output to a log file, so you can inspect it thoroughly. 228 </para> 229 230 <para> 231 For a first-time installation, remove the configuration file 231 232 created earlier by issuing the following command as the 232 233 <systemitem class="username">root</systemitem> user: … … 259 260 linkend="libxslt"/>, and <xref linkend="lynx"/> or <ulink 260 261 url="&w3m-url;">W3m</ulink>) are installed, the manual pages, and the 261 html and text documentation s are (re)generated and installed.262 html and text documentation files, are generated and installed. 262 263 Furthermore, if <xref linkend="fop"/> is installed, the PDF 263 264 documentation is generated and installed. Use this switch if you do not … … 267 268 <para> 268 269 <command>chmod -v 4755 /usr/sbin/unix_chkpwd</command>: 269 The <command>unix_chkpwd</command> helper program must be setuid270 so that non-<systemitem class="username">root</systemitem>270 The setuid bit for the <command>unix_chkpwd</command> helper program must be 271 turned on, so that non-<systemitem class="username">root</systemitem> 271 272 processes can access the shadow file. 272 273 </para> … … 278 279 279 280 <sect3 id="pam-config"> 280 <title>Config Files</title>281 <title>Configuration Files</title> 281 282 282 283 <para> … … 301 302 Configuration information is placed in 302 303 <filename class="directory">/etc/pam.d/</filename>. 303 Below is an example file:304 Here is a sample file: 304 305 </para> 305 306 … … 314 315 315 316 <para> 316 Now set up some genericfiles. As the317 Now create some generic configuration files. As the 317 318 <systemitem class="username">root</systemitem> user: 318 319 </para> … … 356 357 If you wish to enable strong password support, install 357 358 <xref linkend="libpwquality"/>, and follow the 358 instructions in that page to configure the pam_pwquality359 instructions on that page to configure the pam_pwquality 359 360 PAM module with strong password support. 360 361 </para> 361 362 362 363 <!-- With the removal of the pam_cracklib module, we're supposed to be using 363 libpwquality. That already includes instructions in it 's configuration364 libpwquality. That already includes instructions in its configuration 364 365 information page, so we'll use those instead. 365 366 … … 417 418 --> 418 419 <para> 419 N owadd a restrictive <filename>/etc/pam.d/other</filename>420 Next, add a restrictive <filename>/etc/pam.d/other</filename> 420 421 configuration file. With this file, programs that are PAM aware will 421 422 not run unless a configuration file specifically for that application 422 is created.423 exists. 423 424 </para> 424 425 … … 440 441 <para> 441 442 The <application>PAM</application> man page (<command>man 442 pam</command>) provides a good starting point for descriptions 443 of fields and allowable entries. 444 <!-- not accessible 2022-09-08 443 pam</command>) provides a good starting point to learn 444 about the several fields, and allowable entries. 445 <!-- not accessible 2022-09-08 --> 446 <!-- it's available at a different address 2022-10-23--> 445 447 The 446 <ulink url="http ://www.linux-pam.org/Linux-PAM-html/Linux-PAM_SAG.html">448 <ulink url="https://www.docs4dev.com/docs/en/linux-pam/1.1.2/reference/Linux-PAM_SAG.html"> 447 449 Linux-PAM System Administrators' Guide 448 </ulink> is recommended for additional information. -->450 </ulink> is recommended for additional information. 449 451 </para> 450 452 -
postlfs/security/nss.xml
r060dd59 rf927d5b3 12 12 13 13 <!-- no micro versions --> 14 <!ENTITY nss-download-http "https://&nss-url;/NSS_&nss-dir;_RTM/src/nss-&nss-version;.tar.gz"> 15 14 <!ENTITY nss-download-http "https://&nss-url;/NSS_&nss-dir;_RTM/src/nss-&nss-version;.tar.gz"> 16 15 <!ENTITY nss-download-ftp " "> 17 <!ENTITY nss-md5sum " 4a5a8c42772e202e4e94c261f6a5324c">16 <!ENTITY nss-md5sum "5f784b9cad172d6df9c24e0673bd5ecd"> 18 17 <!ENTITY nss-size "81 MB"> 19 <!ENTITY nss-buildsize "3 32MB (add 288 MB for tests)">20 <!ENTITY nss-time " 4.4SBU (with parallelism=4, add 60 SBU for tests)">18 <!ENTITY nss-buildsize "324 MB (add 288 MB for tests)"> 19 <!ENTITY nss-time "2.3 SBU (with parallelism=4, add 60 SBU for tests)"> 21 20 <!-- On my system, I got 64.2 SBU, but Bruce gets 18 SBU. -renodr --> 22 21 <!-- On my system, I got 63 SBU, but Xi gets ~18 SBU. -pierre (for 3.78) --> -
postlfs/security/sudo.xml
r060dd59 rf927d5b3 7 7 <!ENTITY sudo-download-http "https://www.sudo.ws/dist/sudo-&sudo-version;.tar.gz"> 8 8 <!ENTITY sudo-download-ftp "ftp://ftp.sudo.ws/pub/sudo/sudo-&sudo-version;.tar.gz"> 9 <!ENTITY sudo-md5sum " 07e95c947129d8820c78caa1fc79c7fd">10 <!ENTITY sudo-size "4. 6MB">11 <!ENTITY sudo-buildsize "4 8 MB (add 15MB for tests)">9 <!ENTITY sudo-md5sum "82187207e0d037861bc5acb54bc5090f"> 10 <!ENTITY sudo-size "4.7 MB"> 11 <!ENTITY sudo-buildsize "49 MB (add 16 MB for tests)"> 12 12 <!ENTITY sudo-time "0.4 SBU (add 0.1 SBU for tests)"> 13 13 ]> -
postlfs/security/volume_key.xml
r060dd59 rf927d5b3 77 77 <xref linkend="cryptsetup"/>, 78 78 <xref linkend="glib2"/>, 79 <!-- To editors: if GnuPG is not installed, a wrong path to gpg will 80 be hard-coded into the library. Even if GnuPG is installed, we 81 still need the 's/gpg2/gpg/' sed below. I can't find an elegant 82 way to specify the path manually (so I can't make it a runtime 83 dependency). --> 84 <xref linkend="gnupg2"/>, 79 85 <xref linkend="gpgme"/>, and 80 86 <xref linkend="nss"/> … … 98 104 <sect2 role="installation"> 99 105 <title>Installation of volume_key</title> 100 101 <para>102 Install <application>volume_key</application> by running the following103 commands:104 </para>105 106 106 107 <note> … … 111 112 </note> 112 113 114 <para> 115 Tell the building system how to locate GPGME and GnuPG correctly: 116 </para> 117 118 <screen><userinput remap='pre'>sed -e '/AM_PATH_GPGME/iAM_PATH_GPG_ERROR' \ 119 -e 's/gpg2/gpg/' -i configure.ac</userinput></screen> 120 121 <para> 122 Install <application>volume_key</application> by running the following 123 commands: 124 </para> 125 113 126 <screen><userinput>autoreconf -fiv && 114 127 ./configure --prefix=/usr \ … … 117 130 118 131 <para> 119 T his package does not come with a functioning test suite.132 To test the results, issue: <command>make check</command>. 120 133 </para> 121 134
Note:
See TracChangeset
for help on using the changeset viewer.