From a61cf5161d09eefbbdf05cb8d361471e69344f8a Mon Sep 17 00:00:00 2001
From: Bruce Dubbs <bdubbs@linuxfromscratch.org>
Date: Thu, 6 Sep 2012 23:18:54 +0000
Subject: [PATCH] Add info on verifying MIT Kerberos signing key. Update
 instructions for library mode.

Tag dejagnu for 7.2.


git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@10638 af4574ff-66df-0310-9fd7-8a98e5e911e0
---
 general/prog/dejagnu.xml    |  2 +-
 postlfs/security/mitkrb.xml | 24 +++++++++++++++++++-----
 2 files changed, 20 insertions(+), 6 deletions(-)

diff --git a/general/prog/dejagnu.xml b/general/prog/dejagnu.xml
index 51b173f334..66ff4b312e 100644
--- a/general/prog/dejagnu.xml
+++ b/general/prog/dejagnu.xml
@@ -36,7 +36,7 @@
     by LFS in the temprary /tools directory.  These instructions install it
     permanently.</para>
 
-    &lfs71_checked;
+    &lfs72_checked;
 
     <bridgehead renderas="sect3">Package Information</bridgehead>
     <itemizedlist spacing="compact">
diff --git a/postlfs/security/mitkrb.xml b/postlfs/security/mitkrb.xml
index 0e93238919..66f0ab7718 100644
--- a/postlfs/security/mitkrb.xml
+++ b/postlfs/security/mitkrb.xml
@@ -112,10 +112,25 @@
     <para>
       After unpacking the distribution tarball and if you have
       <xref linkend="gnupg"/> installed, you can
-      authenticate the package with the following command:
+      authenticate the package.  First, check the contents of the file
+      <filename>krb5-1.10.3.tar.gz.asc</filename>.
     </para>
 
-<screen><userinput>gpg - -verify krb5-&mitkrb-version;.tar.gz.asc</userinput></screen>
+<screen><userinput>gpg --verify krb5-&mitkrb-version;.tar.gz.asc krb5-&mitkrb-version;.tar.gz</userinput></screen>
+
+    <para>You will probably see output similar to:</para>
+
+<screen>gpg: Signature made Wed Aug  8 22:29:58 2012 GMT using RSA key ID F376813D
+gpg: Can't check signature: public key not found</screen>
+
+    <para>You can import the public key with:</para>
+
+<screen><userinput>gpg gpg --keyserver pgp.mit.edu --recv-keys 0xF376813D</userinput></screen>
+
+    <para>Now re-verify the package with the first command above.  You should 
+    get a indication of a good signature, but the key will still not be certified 
+    with a trusted signature.  Trusting the downloaded key is a separate operation
+    but it is up to you to determine the level of trust.</para>
 
     <para>
       Build <application>MIT Kerberos V5</application> by running the
@@ -143,9 +158,8 @@ make</userinput></screen>
 
 <screen role="root"><userinput>make install &amp;&amp;
 
-for LIBRARY in gssapi_krb5 gssrpc k5crypto kadm5clnt_mit \
-               kadm5clnt kadm5srv_mit kadm5srv kdb5 krb5 \
-               krb5support verto-k5ev verto ; do
+for LIBRARY in gssapi_krb5 gssrpc k5crypto kadm5clnt_mit kadm5srv_mit 
+               kdb5 krb5 krb5support verto-k5ev verto ; do
     chmod -v 755 /usr/lib/lib$LIBRARY.so.*.*
 done &amp;&amp;