Changes in / [82e98d0:38311c3]

Files:

• chapter04/creatingminlayout.xml (modified) (2 diffs)
• chapter07/creatingdirs.xml (modified) (1 diff)
• chapter08/gcc.xml (modified) (20 diffs)
• chapter08/shadow.xml (modified) (3 diffs)

chapter04/creatingminlayout.xml

@@ -9 +9 @@
   <?dbhtml filename="creatingminlayout.html"?>
 
-  <title>Creating a limited directory layout in LFS filesystem</title>
+  <title>Creating a Limited Directory Layout in the LFS Filesystem</title>
 
   <para>In this section, we begin populating the LFS filesystem with the
@@ -40 +40 @@
 <screen><userinput>mkdir -pv $LFS/tools</userinput></screen>
 
+  <note>
+    <para>
+      The LFS editors have deliberately decided not to use a
+      <filename class="directory">/usr/lib64</filename> directory.  Several
+      steps are taken to be sure the toolchain will not use it. If for any
+      reason this directory appears (either because you made an error in
+      following the instructions, or because you installed a binary package that
+      created it after finishing LFS), it may break your system.
+      You should always be sure this directory does not exist.
+    </para>
+  </note>
+
 </sect1>

chapter07/creatingdirs.xml

@@ -69 +69 @@
     directories, if you wish.  </para>
 
+  <warning>
+    <para>
+      The FHS does not mandate the existence of the directory
+      <filename class="directory">/usr/lib64</filename>, and the LFS editors
+      have decided not to use it. For the instructions in LFS and BLFS to work correctly,
+      it is imperative that this directory be non-existent. From time to time you should
+      verify that it does not exist, because it is easy to create it
+      inadvertently, and this will probably break your system.
+    </para>
+  </warning>
+
   </sect2>
 

chapter08/gcc.xml

@@ -81 +81 @@
              --with-system-zlib</userinput></screen>
 
-    <para>Note that for other programming languages there are some prerequisites that
-    are not yet available. See the
+    <para>GCC supports seven different computer languages, but the
+    prerequisites for most of them have not yet been installed. See the
     <ulink url="&blfs-book;general/gcc.html">BLFS Book GCC page</ulink>
     for instructions on how to build all of GCC's supported languages.</para>
@@ -92 +92 @@
         <term><parameter>LD=ld</parameter></term>
         <listitem>
-          <para>This parameter makes the configure script use the ld installed
-          by the binutils built earlier in this chapter, rather than
+          <para>This parameter makes the configure script use the ld program installed
+          by the Binutils package built earlier in this chapter, rather than
           the cross-built version which would otherwise be used.</para>
         </listitem>
@@ -102 +102 @@
         <listitem>
           <para>This switch tells GCC to link to the system installed copy of
-          the zlib library, rather than its own internal copy.</para>
+          the Zlib library, rather than its own internal copy.</para>
         </listitem>
       </varlistentry>
@@ -110 +110 @@
       <anchor id="pie-ssp-info" xreflabel="note on PIE and SSP"/>
       <para>
-        PIE (position-independent executable) is a technique to produce
+        PIE (position-independent executables) are
         binary programs that can be loaded anywhere in memory.  Without PIE,
         the security feature named ASLR (Address Space Layout Randomization)
-        can be applied for the shared libraries, but not the executable
-        itself.  Enabling PIE allows ASLR for the executables in addition to
+        can be applied for the shared libraries, but not for the executables
+        themselves.  Enabling PIE allows ASLR for the executables in addition to
         the shared libraries, and mitigates some attacks based on fixed
         addresses of sensitive code or data in the executables.
@@ -120 +120 @@
       <para>
         SSP (Stack Smashing Protection) is a technique to ensure
-        that the parameter stack is not corrupted. Stack corruption can
-        for example alter the return address of a subroutine,
-        which would allow transferring control to some dangerous code
+        that the parameter stack is not corrupted. Stack corruption can,
+        for example, alter the return address of a subroutine,
+        thus transferring control to some dangerous code
         (existing in the program or shared libraries, or injected by the
-        attacker somehow) instead of the original one.
+        attacker somehow).
       </para>
     </note>
@@ -134 +134 @@
     <important>
       <para>In this section, the test suite for GCC is considered
-      important, but it takes a long time. First time builders are
-      encouraged to not skip it.  The time to run the tests can be
-      reduced significantly by adding -jx to the make command below
-      where x is the number of cores on your system.</para>
+      important, but it takes a long time. First-time builders are
+      encouraged to run the test suite.  The time to run the tests can be
+      reduced significantly by adding -jx to the <command>make -k check</command> command below,
+      where x is the number of CPU cores on your system.</para>
     </important>
 
@@ -150 +150 @@
 su tester -c "PATH=$PATH make -k check"</userinput></screen>
 
-    <para>To receive a summary of the test suite results, run:</para>
+    <para>To extract a summary of the test suite results, run:</para>
 
 <screen><userinput remap="test">../contrib/test_summary</userinput></screen>
 
-    <para>For only the summaries, pipe the output through
+    <para>To filter out only the summaries, pipe the output through
     <userinput>grep -A7 Summ</userinput>.</para>
 
@@ -161 +161 @@
     <ulink url="https://gcc.gnu.org/ml/gcc-testresults/"/>.</para>
 
-    <para>In gcc, eleven tests, in the i386 test suite are known to FAIL.
+    <para>Eleven tests in the i386 test suite for the gcc compiler are known to FAIL.
     It's because the test files do not account for the
     <parameter>--enable-default-pie</parameter> option.</para>
 
-    <para>In g++, four tests related to PR100400 are known to be reported
-    as both XPASS and FAIL.  It's because the test file for this known issue
+    <para>Four tests related to PR100400 may be reported
+    as both XPASS and FAIL when testing the g++ compiler; the test file
     is not well written.</para>
 
@@ -188 +188 @@
 
     <para>The GCC build directory is owned by <systemitem class="username">
-    tester</systemitem> now and the ownership of the installed header
-    directory (and its content) will be incorrect.  Change the ownership to
+    tester</systemitem> now, and the ownership of the installed header
+    directory (and its content) is incorrect.  Change the ownership to the
     <systemitem class="username">root</systemitem> user and group:</para>
 
@@ -226 +226 @@
 <screen><computeroutput>[Requesting program interpreter: /lib64/ld-linux-x86-64.so.2]</computeroutput></screen>
 
-  <para>Now make sure that we're setup to use the correct start files:</para>
+  <para>Now make sure that we're set up to use the correct start files:</para>
 
 <screen><userinput>grep -E -o '/usr/lib.*/S?crt[1in].*succeeded' dummy.log</userinput></screen>
@@ -275 +275 @@
 SEARCH_DIR("/usr/lib");</computeroutput></screen>
 
-   <para>A 32-bit system may see a few different directories. For example, here
+   <para>A 32-bit system may use a few other directories. For example, here
    is the output from an i686 machine:</para>
 
@@ -308 +308 @@
   steps to find out where the problem is and correct it. <!--The most likely
   reason is that something went wrong with the specs file adjustment.--> Any
-  issues will need to be resolved before continuing with the process.</para>
+  issues should be resolved before continuing with the process.</para>
 
   <para>Once everything is working correctly, clean up the test files:</para>
@@ -375 +375 @@
         <listitem>
           <para>The C preprocessor; it is used by the compiler to expand the
-          #include, #define, and similar statements in the source files</para>
+          #include, #define, and similar directives in the source files</para>
           <indexterm zone="ch-system-gcc cpp">
             <primary sortas="b-cpp">cpp</primary>
@@ -408 +408 @@
           plugin to the command line. This program is only used
           to add "link time optimization" and is not useful with the
-          default build options</para>
+          default build options.</para>
           <indexterm zone="ch-system-gcc gcc-ar">
             <primary sortas="b-gcc-ar">gc-ar</primary>
@@ -421 +421 @@
           plugin to the command line. This program is only used
           to add "link time optimization" and is not useful with the
-          default build options</para>
+          default build options.</para>
           <indexterm zone="ch-system-gcc gcc-nm">
             <primary sortas="b-gcc-nm">gc-nm</primary>
@@ -434 +434 @@
           plugin to the command line. This program is only used
           to add "link time optimization" and is not useful with the
-          default build options</para>
+          default build options.</para>
           <indexterm zone="ch-system-gcc gcc-ranlib">
             <primary sortas="b-gcc-ranlib">gc-ranlib</primary>
@@ -445 +445 @@
         <listitem>
           <para>A coverage testing tool; it is used to analyze programs to
-          determine where optimizations will have the most effect</para>
+          determine where optimizations will have the greatest effect</para>
           <indexterm zone="ch-system-gcc gcov">
             <primary sortas="b-gcov">gcov</primary>
@@ -526 +526 @@
         <term><filename class="libraryfile">libgcov</filename></term>
         <listitem>
-          <para>This library is linked in to a program when GCC is instructed
+          <para>This library is linked into a program when GCC is instructed
           to enable profiling</para>
           <indexterm zone="ch-system-gcc libgcov">
@@ -568 +568 @@
         <term><filename class="libraryfile">liblto_plugin</filename></term>
         <listitem>
-          <para>GCC's LTO plugin allows binutils to process object files
+          <para>GCC's LTO plugin allows Binutils to process object files
           produced by GCC with LTO enabled</para>
           <indexterm zone="ch-system-gcc liblto_plugin">
@@ -590 +590 @@
         <listitem>
           <para>Contains routines supporting GCC's stack-smashing protection
-          functionality.  Normally it's unused because glibc also provides
-          those routines</para>
+          functionality.  Normally it is not used, because Glibc also provides
+          those routines.</para>
           <indexterm zone="ch-system-gcc libssp">
             <primary sortas="c-libssp">libssp</primary>

chapter08/shadow.xml

@@ -63 +63 @@
     <emphasis>crypt</emphasis> method, use the more secure
     <emphasis>SHA-512</emphasis> method of password encryption, which also
-    allows passwords longer than 8 characters. It is also necessary to change
+    allows passwords longer than 8 characters. In addition, set the number of
+    rounds to 500,000 instead of the default 5000, which is much too low to
+    prevent brute force password attacks. It is also necessary to change
     the obsolete <filename class="directory">/var/spool/mail</filename> location
     for user mailboxes that Shadow uses by default to the <filename
@@ -81 +83 @@
 
 <screen><userinput remap="pre">sed -e 's:#ENCRYPT_METHOD DES:ENCRYPT_METHOD SHA512:' \
+    -e 's@#\(SHA_CRYPT_..._ROUNDS 5000\)@\100@'       \
     -e 's:/var/spool/mail:/var/mail:'                 \
     -e '/PATH=/{s@/sbin:@@;s@/bin:@@}'                \
@@ -204 +207 @@
           an ID equal to this number on your system, then the first time you use
           <command>useradd</command> without the <parameter>-g</parameter>
-          parameter, an error message will be generated &mdash; <computeroutput>useradd:
+          parameter, an error message will be generated&mdash;<computeroutput>useradd:
           unknown GID 999</computeroutput>,
           even though the account has been created correctly. That is why we