From bec49eef92275a0d9b95c6f26e26418884f7fc9a Mon Sep 17 00:00:00 2001 From: Zeckmathederg Date: Wed, 11 Sep 2024 17:41:11 -0600 Subject: [PATCH] Elogind: Added, along with... all the necessary packages... Fixes issue #20. Amount of packages added: 9. --- introduction/welcome/changelog.xml | 7 + introduction/welcome/rationale.xml | 8 +- kernel-config/Makefile | 2 +- .../shareddeps/dps/basicx/other/elogind.toml | 4 + .../dps/basicx/other/linux-pam.toml | 1 + packages.ent | 10 + .../dps/basicx/other/desktop-file-utils.xml | 230 +++++++ shareddeps/dps/basicx/other/duktape.xml | 111 +++ .../dps/basicx/other/elogind-kernel.xml | 10 + shareddeps/dps/basicx/other/elogind.xml | 328 +++++++++ shareddeps/dps/basicx/other/glib2.xml | 637 ++++++++++++++++++ .../dps/basicx/other/linux-pam-kernel.xml | 7 + shareddeps/dps/basicx/other/linux-pam.xml | 517 ++++++++++++++ shareddeps/dps/basicx/other/polkit.xml | 316 +++++++++ shareddeps/dps/basicx/other/shadow.xml | 575 ++++++++++++++++ .../dps/basicx/other/shared-mime-info.xml | 166 +++++ shareddeps/dps/wl/seatd.xml | 10 +- shareddeps/dps/x/xorg-server.xml | 6 +- shareddeps/sdintro.xml | 8 + 19 files changed, 2933 insertions(+), 20 deletions(-) create mode 100644 kernel-config/shareddeps/dps/basicx/other/elogind.toml create mode 100644 kernel-config/shareddeps/dps/basicx/other/linux-pam.toml create mode 100644 shareddeps/dps/basicx/other/desktop-file-utils.xml create mode 100644 shareddeps/dps/basicx/other/duktape.xml create mode 100644 shareddeps/dps/basicx/other/elogind-kernel.xml create mode 100644 shareddeps/dps/basicx/other/elogind.xml create mode 100644 shareddeps/dps/basicx/other/glib2.xml create mode 100644 shareddeps/dps/basicx/other/linux-pam-kernel.xml create mode 100644 shareddeps/dps/basicx/other/linux-pam.xml create mode 100644 shareddeps/dps/basicx/other/polkit.xml create mode 100644 shareddeps/dps/basicx/other/shadow.xml create mode 100644 shareddeps/dps/basicx/other/shared-mime-info.xml diff --git a/introduction/welcome/changelog.xml b/introduction/welcome/changelog.xml index 4fd7d0cad1..cd3bc36ba2 100644 --- a/introduction/welcome/changelog.xml +++ b/introduction/welcome/changelog.xml @@ -42,6 +42,13 @@ September 11th, 2024 + + + [Zeckmathederg] - Elogind: Added, along with... all the necessary + packages... Fixes issue + #20. + + [Zeckmathederg] - Python: 3.12.4 -> 3.12.6. diff --git a/introduction/welcome/rationale.xml b/introduction/welcome/rationale.xml index 7d0c0185f1..b02f362852 100644 --- a/introduction/welcome/rationale.xml +++ b/introduction/welcome/rationale.xml @@ -35,11 +35,7 @@ packages not being in the book is that the packages take a lot of work to install and require jumping around. They can also require a lot of choice or take up space or RAM for no real benefit for a - lot of users when there are more simple solutions, for example: a - logind variant being completely unnecessary as the regular user can - just be added to the audio, - video, and - input groups. + lot of users when there are more simple solutions. @@ -51,7 +47,7 @@ There are some optional dependencies that aren't listed, and the main reason for this is that they just would take up unnecessary space. If on the offchance you desire even more out of your system, - there are plenty more packages in BLFS and is more geared for + there are plenty more packages in BLFS and BLFS is more geared for everyone, although this book focuses more on gaming. diff --git a/kernel-config/Makefile b/kernel-config/Makefile index d7d6e296d3..e5849f2b59 100644 --- a/kernel-config/Makefile +++ b/kernel-config/Makefile @@ -1,4 +1,4 @@ -INPUT = $(wildcard */*.toml */*/*.toml */*/*/*.toml) +INPUT = $(wildcard */*.toml */*/*.toml */*/*/*.toml */*/*/*/*.toml) OUTPUT = $(patsubst %.toml, ../%-kernel.xml, $(INPUT)) ifeq ($(KERNEL_TREE),) diff --git a/kernel-config/shareddeps/dps/basicx/other/elogind.toml b/kernel-config/shareddeps/dps/basicx/other/elogind.toml new file mode 100644 index 0000000000..39d49ac552 --- /dev/null +++ b/kernel-config/shareddeps/dps/basicx/other/elogind.toml @@ -0,0 +1,4 @@ +INOTIFY_USER = '*' +# not really forced, but if you select DRM_I915 it will seem "forced" +TMPFS='*' +TMPFS_POSIX_ACL='*' diff --git a/kernel-config/shareddeps/dps/basicx/other/linux-pam.toml b/kernel-config/shareddeps/dps/basicx/other/linux-pam.toml new file mode 100644 index 0000000000..03c5599428 --- /dev/null +++ b/kernel-config/shareddeps/dps/basicx/other/linux-pam.toml @@ -0,0 +1 @@ +AUDIT='*' diff --git a/packages.ent b/packages.ent index 98af2f350b..d351daf776 100644 --- a/packages.ent +++ b/packages.ent @@ -102,6 +102,16 @@ + + + + + + + + + + diff --git a/shareddeps/dps/basicx/other/desktop-file-utils.xml b/shareddeps/dps/basicx/other/desktop-file-utils.xml new file mode 100644 index 0000000000..dc756c2077 --- /dev/null +++ b/shareddeps/dps/basicx/other/desktop-file-utils.xml @@ -0,0 +1,230 @@ + + + %general-entities; + + + +]> + + + + + + desktop-file-utils-&desktop-file-utils-version; + + + desktop-file-utils + + + + Introduction to Desktop File Utils + + + The Desktop File Utils package contains + command line utilities for working with + Desktop entries. These utilities are used by Desktop + Environments and other applications to manipulate the MIME-types + application databases and help adhere to the Desktop Entry + Specification. + + + &lfs121_checked; + + Package Information + + + + Download (HTTP): + + + + + Download (FTP): + + + + + Desktop File Utils Dependencies + + Required + + + + + + + + Installation of Desktop File Utils + + + + If you are upgrading from a previous version of desktop-file-utils that + used the Autotools method of installing and configuring the package, + you must remove the desktop-file-edit symlink by using the following + commands. + +rm -fv /usr/bin/desktop-file-edit + + + + + Install Desktop File Utils by + running the following commands: + + +mkdir build && +cd build && + +meson setup --prefix=/usr --buildtype=release .. && +ninja + + + This package does not come with a test suite. + + + + Now, as the root user: + + +ninja install + + + + + Command Explanations + + + + + + Configuring Desktop File Utils + + + Configuration Information + + + The XDG + Base Directory specification defines the standard locations for + applications to place data and configuration files. These files can be + used, for instance, to define the menu structure and menu items in a + desktop environment. + + + + The default location for configuration files to be installed + is /etc/xdg, and the default + locations for data files are /usr/local/share and /usr/share. These locations can be + extended with the environment variables XDG_CONFIG_DIRS + and XDG_DATA_DIRS, respectively. The + GNOME, KDE and + XFCE environments respect these + settings. + + + + When a package installs a .desktop file + to a location in one of the base data directories, the database + that maps MIME-types to available applications can be updated. For + instance, the cache file at + /usr/share/applications/mimeinfo.cache can + be rebuilt by executing the following command as the root user: + + +install -vdm755 /usr/share/applications && +update-desktop-database /usr/share/applications + + + + + + + Contents + + + Installed Programs + Installed Libraries + Installed Directories + + + + desktop-file-edit, desktop-file-install, + desktop-file-validate and + update-desktop-database + + + None + + + None + + + + + + Short Descriptions + + + + + desktop-file-edit + + + is used to modify an existing desktop file entry + + + desktop-file-edit + + + + + + desktop-file-install + + + is used to install a new desktop file entry. It is + also used to rebuild or modify the MIME-types application + database + + + desktop-file-install + + + + + + desktop-file-validate + + + is used to verify the integrity of a desktop file + + + desktop-file-validate + + + + + + update-desktop-database + + + is used to update the MIME-types application database + + + update-desktop-database + + + + + + + + diff --git a/shareddeps/dps/basicx/other/duktape.xml b/shareddeps/dps/basicx/other/duktape.xml new file mode 100644 index 0000000000..8affed2cc8 --- /dev/null +++ b/shareddeps/dps/basicx/other/duktape.xml @@ -0,0 +1,111 @@ + + + %general-entities; + + + +]> + + + + + + duktape-&duktape-version; + + + duktape + + + + Introduction to duktape + + + duktape is an embeddable Javascript + engine, with a focus on portability and compact footprint. + + + + &lfs121_checked; + + Package Information + + + + Download (HTTP): + + + + + Download (FTP): + + + + + + + + + Installation of duktape + + + Install duktape by running the + following commands: + + +sed -i 's/-Os/-O2/' Makefile.sharedlibrary +make -f Makefile.sharedlibrary INSTALL_PREFIX=/usr + + + Now, as the root user: + + +make -f Makefile.sharedlibrary INSTALL_PREFIX=/usr install + + + + + Contents + + + Installed Programs + Installed Libraries + Installed Directories + + + + None + + + libduktape.so and libduktaped.so + + + None + + + + + + Short Descriptions + + + + + libduktape.so + + + is an embeddable Javascript engine + + + libduktape.so + + + + + + + + + diff --git a/shareddeps/dps/basicx/other/elogind-kernel.xml b/shareddeps/dps/basicx/other/elogind-kernel.xml new file mode 100644 index 0000000000..7b259e491d --- /dev/null +++ b/shareddeps/dps/basicx/other/elogind-kernel.xml @@ -0,0 +1,10 @@ + + + +File systems ---> + [*] Inotify support for userspace [INOTIFY_USER] + Pseudo filesystems ---> + [*] Tmpfs virtual memory file system support (former shm fs) [TMPFS] + [*] Tmpfs POSIX Access Control Lists [TMPFS_POSIX_ACL] diff --git a/shareddeps/dps/basicx/other/elogind.xml b/shareddeps/dps/basicx/other/elogind.xml new file mode 100644 index 0000000000..988acf0014 --- /dev/null +++ b/shareddeps/dps/basicx/other/elogind.xml @@ -0,0 +1,328 @@ + + + %general-entities; + + + +]> + + + + + + elogind-&elogind-version; + + + elogind + + + + Introduction to elogind + + + elogind is the + systemd project's "logind", extracted to + be a standalone daemon. It integrates with + to track all the users logged in to a system, and whether they + are logged in graphically, on the console, or remotely. + Elogind exposes this information via the + standard org.freedesktop.login1 D-Bus + interface, and also through the file system using systemd's standard + /run/systemd layout. + + + &lfs121_checked; + + Package Information + + + + Download (HTTP): + + + + + Download (FTP): + + + + + elogind Dependencies + + Recommended + + (runtime), + , and + (runtime) + + + + + + Kernel Configuration + + + Enable the following options in the kernel configuration and recompile the + kernel if necessary: + + + + + + elogind + + + + + Installation of elogind + + + Install elogind by running the following + commands: + + +mkdir build && +cd build && + +meson setup .. \ + --prefix=/usr \ + --buildtype=release \ + -D docdir=/usr/share/doc/elogind-&elogind-version; \ + -D cgroup-controller=elogind \ + -D dev-kvm-mode=0660 \ + -D dbuspolicydir=/etc/dbus-1/system.d && +ninja + + + Now, as the root user: + + +ninja install && +ln -sfv libelogind.pc /usr/lib/pkgconfig/libsystemd.pc && +ln -sfvn elogind /usr/include/systemd + + + + + Command Explanations + + + -D docdir=/usr/share/doc/elogind-&elogind-version;: + This is needed to install documentation in a versioned directory. + + + + -D cgroup-controller=elogind: This switch is + necessary to build this package when the kernel is not built with + enabled. Note that + elogind strictly needs + a kernel with enabled at runtime, + but this switch will allow building the package first. + + + + -D dbuspolicydir=/etc/dbus-1/system.d: This switch + sets the location of the D-Bus policy + directory. + + + + -D dev-kvm-mode=0660: The LFS udev rule sets the + mode of /dev/kvm to 0660. + This option ensures the elogind udev rules consistent with the LFS + configuration. + + + + : Determines whether + the processes of a user should be killed when the user logs out. The + default is true, but this defeats the traditional + use of screen or tmux. This can + also be changed in the configuration file (see below). + + + + ln -s ...: These commands install symlinks so that + software packages can find the systemd-compatible library and headers. + + + + + + Configuring elogind + + + Config File + + /etc/elogind/logind.conf + + + + /etc/elogind/logind.conf + + + + Configuration Information + + + The installed file /etc/elogind/logind.conf + contains all the possible options with their defaults, commented + out. You may wish to disable automatically killing user processes when the user logs + out, by running, as the root + user: + + +sed -e '/\[Login\]/a KillUserProcesses=no' \ + -i /etc/elogind/logind.conf + + + Each user will need to register a user session using + Linux-PAM at login. The + /etc/pam.d/system-session file needs to + be modified and a new file must be created in order for + elogind to work correctly. Run the following + commands as the root user: + + +cat >> /etc/pam.d/system-session << "EOF" && +# Begin elogind addition + +session required pam_loginuid.so +session optional pam_elogind.so + +# End elogind addition +EOF +cat > /etc/pam.d/elogind-user << "EOF" +# Begin /etc/pam.d/elogind-user + +account required pam_access.so +account include system-account + +session required pam_env.so +session required pam_limits.so +session required pam_unix.so +session required pam_loginuid.so +session optional pam_keyinit.so force revoke +session optional pam_elogind.so + +auth required pam_deny.so +password required pam_deny.so + +# End /etc/pam.d/elogind-user +EOF + + + After completion of elogind, + you should check that it functions properly. First ensure that + dbus is running. It may be easiest + to do this by rebooting the system. After logging in again, run + the command loginctl. The result should indicate + that a SESSION and a SEAT have been created. + + + + + + + Contents + + + Installed Programs + Installed Library + Installed Directories + + + + busctl, + elogind-inhibit, and + loginctl + + + libelogind.so + + + /usr/lib/elogind, + /etc/elogind, + /usr/include/elogind, and + /usr/share/doc/elogind-&elogind-version; + + + + + + Short Descriptions + + + + + busctl + + + is used to introspect and monitor the D-Bus bus + + + busctl + + + + + + elogind-inhibit + + + is used to execute a program with a shutdown, sleep or idle + inhibitor lock taken + + + elogind-inhibit + + + + + + loginctl + + + is used to introspect and control the state of the elogind Login + Manager + + + loginctl + + + + + + libelogind.so + + + is the main elogind utility library + + + libelogind.so + + + + + + + + + diff --git a/shareddeps/dps/basicx/other/glib2.xml b/shareddeps/dps/basicx/other/glib2.xml new file mode 100644 index 0000000000..8f3c0125cc --- /dev/null +++ b/shareddeps/dps/basicx/other/glib2.xml @@ -0,0 +1,637 @@ + + + %general-entities; + + + +]> + + + + + + GLib-&glib2-version; + + + GLib2 + + + + Introduction to GLib + + + The GLib package contains low-level + libraries useful for providing data structure handling for C, portability + wrappers and interfaces for runtime functionality such as an + event loop, threads, dynamic loading and an object system. + + + &lfs121_checked; + + Package Information + + + + Download (HTTP): + + + + + Download (FTP): + + + + + + Patch for Log Level Selection (Optional) + + + + + Optional patch: + + + + + + GLib Dependencies + + + Additional Runtime Dependencies + + and + + + + + + + Installation of GLib + + + + This installation disables building GObject Introspection support. + After you are done with GLFS, follow the installation instructions of + GLib and + Polkit in the + development version of BLFS to enable that support. + + + + + If desired, apply the optional patch. In many cases, applications that + use this library, either directly or indirectly via other libraries. + This patch enables the use of an environment variable, + GLIB_LOG_LEVEL, that suppresses unwanted messages. The + value of the variable is a digit that corresponds to: + + + + 1 Alert + 2 Critical + 3 Error + 4 Warning + 5 Notice + + + + For instance export GLIB_LOG_LEVEL=4 will skip + output of Warning and Notice messages (and Info/Debug messages if they + are turned on). If GLIB_LOG_LEVEL is not defined, normal + message output will not be affected. + + +patch -Np1 -i ../glib-skip_warnings-1.patch + + + + If a previous version of glib is installed, move the headers out of the + way so that later packages do not encounter conflicts: + + +if [ -e /usr/include/glib-2.0 ]; then + rm -rf /usr/include/glib-2.0.old && + mv -vf /usr/include/glib-2.0{,.old} +fi + + + + + Install GLib by running the following + commands: + + +mkdir build && +cd build && + +meson setup .. \ + --prefix=/usr \ + --buildtype=release \ + -D introspection=disabled \ + -D glib_debug=disabled \ + -D man-pages=disabled \ + -D sysprof=disabled && +ninja + + + As the root user, + install this package: + + + ninja install + + + You should now install and + . + + + + + + Command Explanations + + + + + -D man-pages=disabled: This switch causes the + build to create and install the package man pages. + + + + -D glib_debug=disabled: This switch causes the + build to not include some expensive checks for debugging in the built + programs and libraries. + + + + -D sysprof=disabled: This switch disables the + tracing support for sysprof. Remove this option if you want the + tracing support. Note that if sysprof is not installed, removing + this option will cause the build system to download a copy of sysprof + from the Internet. + + + + + + Contents + + GLib Contents + + + Installed Programs + Installed Libraries + Installed Directories + + + + gapplication, gdbus, gdbus-codegen, + gi-compile-repository, gi-decompile-typelib, gi-inspect-typelib + gio, gio-querymodules, + glib-compile-resources, glib-compile-schemas, + glib-genmarshal, glib-gettextize, + glib-mkenums, gobject-query, + gresource, gsettings, + gtester, and gtester-report + + + libgio-2.0.so, + libgirepository-2.0.so, + libglib-2.0.so, + libgmodule-2.0.so, + libgobject-2.0.so, and + libgthread-2.0.so + + + /usr/include/gio-unix-2.0, + /usr/include/glib-2.0, + /usr/lib/gio, + /usr/lib/glib-2.0, + /usr/share/glib-2.0, and + /usr/share/doc/glib-&glib2-version; (optional) + + + + + + Short Descriptions + + + + + gapplication + + + can be used to start applications and to send + messages to already-running instances of other applications + + + application + + + + + + gdbus + + + is a simple tool used for working with + D-Bus objects + + + gdbus + + + + + + gdbus-codegen + + + is used to generate code and/or documentation for one or + more D-Bus interfaces + + + gdbus-codegen + + + + + + gi-compile-repository + + + converts one or more GIR files into one or more typelib files + + + gi-compile-repository + + + + + + gi-decompile-typelib + + + is a GIR decompiler that uses the repository API + + + gi-decompile-typelib + + + + + + gi-inspect-typelib + + + is a utility that gives information about a GI typelib + + + gi-inspect-typelib + + + + + + gio + + + is a utility that makes many GIO + features available from the command line + + + gio + + + + + + gio-querymodules + + + is used to create a giomodule.cache file in + the listed directories. This file lists the implemented extension + points for each module that has been found + + + gio-querymodules + + + + + + glib-compile-resources + + + is used to read the resource description from a file and + the files that it references to create a binary resource + bundle that is suitable for use with the GResource API + + + glib-compile-resources + + + + + + glib-compile-schemas + + + is used to compile all the GSettings XML schema files + in a directory into a binary file with the name + gschemas.compiled that can be used by GSettings + + + glib-compile-schemas + + + + + + glib-genmarshal + + + is a C code marshaller generation utility for GLib closures + + + glib-genmarshal + + + + + + glib-gettextize + + + is a variant of the gettext + internationalization utility + + + glib-gettextize + + + + + + glib-mkenums + + + is a C language enum description generation utility + + + glib-mkenums + + + + + + gobject-query + + + is a small utility that draws a tree of types + + + gobject-query + + + + + + gresource + + + offers a simple command line interface to GResource + + + gresource + + + + + + gsettings + + + offers a simple command line interface to GSettings + + + gsettings + + + + + + gtester + + + is a test running utility + + + gtester + + + + + + gtester-report + + + is a test report formatting utility + + + gtester-report + + + + + + libgio-2.0.so + + + is a library providing useful classes for general purpose I/O, + networking, IPC, settings, and other high level application + functionality + + + libgio-2.0.so + + + + + + libgirepository-2.0.so + + + is a library providing access to typelibs and introspection data + which describes C APIs + + + libgirepository-2.0.so + + + + + + libglib-2.0.so + + + is a general-purpose, portable utility library, which provides + many useful data types, macros, type conversions, string + utilities, file utilities, a mainloop abstraction, and so on + + + libglib-2.0.so + + + + + + libgmodule-2.0.so + + + provides portable API for dynamically loading modules + + + libgmodule-2.0.so + + + + + + libgobject-2.0.so + + + provides the GLib base type system and object class + + + libgobject-2.0.so + + + + + + libgthread-2.0.so + + + is a skeleton library for backwards compatibility; it used to + be the GLib thread library but the functionalities has been + merged info libglib-2.0 + + + libgthread-2.0.so + + + + + + g-ir-annotation-tool + + + creates or extracts annotation data from GI typelibs + + + g-ir-annotation-tool + + + + + + g-ir-compiler + + + is a counterpart of gi-compile-repository + for the old + libgirepository-1.0 + API + + + g-ir-compiler + + + + + + g-ir-doc-tool + + + generates Mallard files that can be viewed with + yelp or rendered to HTML with + yelp-build from + yelp-tools + + + g-ir-doc-tool + + + + + + g-ir-inspect + + + is a counterpart of gi-inspect-typelib + for the old + libgirepository-1.0 + API + + + g-ir-inspect + + + + + + g-ir-generate + + + is a counterpart of gi-decompile-typelib + for the old + libgirepository-1.0 + API + + + g-ir-generate + + + + + + g-ir-scanner + + + is a tool which generates GIR XML files by parsing headers and + introspecting GObject based libraries + + + g-ir-scanner + + + + + + libgirepository-1.0.so + + + is a counterpart of + libgirepository-2.0 + with the old 1.0 API + + + libgirepository-1.0.so + + + + + + + + diff --git a/shareddeps/dps/basicx/other/linux-pam-kernel.xml b/shareddeps/dps/basicx/other/linux-pam-kernel.xml new file mode 100644 index 0000000000..7d0568d713 --- /dev/null +++ b/shareddeps/dps/basicx/other/linux-pam-kernel.xml @@ -0,0 +1,7 @@ + + + +General setup ---> + [*] Auditing support [AUDIT] diff --git a/shareddeps/dps/basicx/other/linux-pam.xml b/shareddeps/dps/basicx/other/linux-pam.xml new file mode 100644 index 0000000000..1263ff2ee7 --- /dev/null +++ b/shareddeps/dps/basicx/other/linux-pam.xml @@ -0,0 +1,517 @@ + + + %general-entities; + + + + + + +]> + + + + + + Linux-PAM-&linux-pam-version; + + + Linux-PAM + + + + Introduction to Linux PAM + + + The Linux PAM package contains + Pluggable Authentication Modules used by the local + system administrator to control how application programs authenticate + users. + + + &lfs121_checked; + + Package Information + + + + Download (HTTP): + + + + + Download (FTP): + + + + + Additional Downloads + + Optional Documentation + + + Download (HTTP): + + + + + + + + Kernel Configuration + + + For the PAM module pam_loginuid.so (referred by + the PAM configuration file system-session if + is built) to work, + a kernel configuration parameter need to be set or the module will + just do nothing: + + + + + + Linux-PAM + + + + + + Installation of Linux PAM + + + First, prevent the installation of an unneeded systemd file: + + +sed -e /service_DATA/d \ + -i modules/pam_namespace/Makefile.am + + + + The shipped libtool.m4 file has a configuration + inconsistent with LFS /usr + hierarchy. This issue would cause + libpam_misc.so linked with + an rpath flag which may sometimes cause troubles or even security + issues. Regenerate the building system to fix the inconsistency: + + +autoreconf -fi + + + If you downloaded the documentation, unpack the tarball by issuing + the following command. + + +tar -xf ../Linux-PAM-&linux-pam-docs-version;-docs.tar.xz --strip-components=1 + + + Compile and link Linux PAM by + running the following commands: + + +./configure --prefix=/usr \ + --sbindir=/usr/sbin \ + --sysconfdir=/etc \ + --libdir=/usr/lib \ + --enable-securedir=/usr/lib/security \ + --docdir=/usr/share/doc/Linux-PAM-&linux-pam-version; && +make + + + To test the results, a suitable /etc/pam.d/other + configuration file must exist. + + + + Reinstallation or Upgrade of Linux PAM + + If you have a system with Linux PAM installed and working, be careful + when modifying the files in + /etc/pam.d, since your system + may become totally unusable. If you want to run the tests, you do not + need to create another /etc/pam.d/other file. The + existing file can be used for the tests. + + + + You should also be aware that make install + overwrites the configuration files in + /etc/security as well as + /etc/environment. If you + have modified those files, be sure to back them up. + + + + + For a first-time installation, create a configuration file by issuing the + following commands as the root + user: + + +install -v -m755 -d /etc/pam.d && + +cat > /etc/pam.d/other << "EOF" +auth required pam_deny.so +account required pam_deny.so +password required pam_deny.so +session required pam_deny.so +EOF + + + Now run the tests by issuing make check. + Be sure the tests produced no errors before continuing the + installation. Note that the tests are very long. + Redirect the output to a log file, so you can inspect it thoroughly. + + + + For a first-time installation, remove the configuration file + created earlier by issuing the following command as the + root user: + + +rm -fv /etc/pam.d/other + + + Now, as the root + user: + + +make install && +chmod -v 4755 /usr/sbin/unix_chkpwd + + + + + Command Explanations + + + --enable-securedir=/usr/lib/security: + This switch sets the installation location for the + PAM modules. + + + + chmod -v 4755 /usr/sbin/unix_chkpwd: + The setuid bit for the unix_chkpwd helper program must be + turned on, so that non-root + processes can access the shadow file. + + + + + + Configuring Linux-PAM + + + Configuration Files + + + /etc/security/* and + /etc/pam.d/* + + + + /etc/security/* + + + + /etc/pam.d/* + + + + + + Configuration Information + + + Configuration information is placed in + /etc/pam.d/. + Here is a sample file: + + +# Begin /etc/pam.d/other + +auth required pam_unix.so nullok +account required pam_unix.so +session required pam_unix.so +password required pam_unix.so nullok + +# End /etc/pam.d/other + + + Now create some generic configuration files. As the + root user: + + +install -vdm755 /etc/pam.d && +cat > /etc/pam.d/system-account << "EOF" && +# Begin /etc/pam.d/system-account + +account required pam_unix.so + +# End /etc/pam.d/system-account +EOF + +cat > /etc/pam.d/system-auth << "EOF" && +# Begin /etc/pam.d/system-auth + +auth required pam_unix.so + +# End /etc/pam.d/system-auth +EOF + +cat > /etc/pam.d/system-session << "EOF" && +# Begin /etc/pam.d/system-session + +session required pam_unix.so + +# End /etc/pam.d/system-session +EOF + +cat > /etc/pam.d/system-password << "EOF" +# Begin /etc/pam.d/system-password + +# use yescrypt hash for encryption, use shadow, and try to use any +# previously defined authentication token (chosen password) set by any +# prior module. +password required pam_unix.so yescrypt shadow try_first_pass + +# End /etc/pam.d/system-password +EOF + + + + Next, add a restrictive /etc/pam.d/other + configuration file. With this file, programs that are PAM aware will + not run unless a configuration file specifically for that application + exists. + + +cat > /etc/pam.d/other << "EOF" +# Begin /etc/pam.d/other + +auth required pam_warn.so +auth required pam_deny.so +account required pam_warn.so +account required pam_deny.so +password required pam_warn.so +password required pam_deny.so +session required pam_warn.so +session required pam_deny.so + +# End /etc/pam.d/other +EOF + + + The PAM man page (man + pam) provides a good starting point to learn + about the several fields, and allowable entries. + + + The + + Linux-PAM System Administrators' Guide + is recommended for additional information. + + + + + You should now reinstall the + package. + + + + + + + + + Contents + + + Installed Program + Installed Libraries + Installed Directories + + + + faillock, mkhomedir_helper, pam_namespace_helper, + pam_timestamp_check, pwhistory_helper, unix_chkpwd and + unix_update + + + libpam.so, libpamc.so and libpam_misc.so + + + /etc/security, + /usr/lib/security, + /usr/include/security and + /usr/share/doc/Linux-PAM-&linux-pam-version; + + + + + + Short Descriptions + + + + + faillock + + + displays and modifies the authentication failure record files + + + faillock + + + + + + mkhomedir_helper + + + is a helper binary that creates home directories + + + mkhomedir_helper + + + + + + pam_namespace_helper + + + is a helper program used to configure a private namespace for a + user session + + + pam_namespace_helper + + + + + + pwhistory_helper + + + is a helper program that transfers password hashes from passwd or + shadow to opasswd + + + pwhistory_helper + + + + + + + pam_timestamp_check + + + is used to check if the default timestamp is valid + + + pam_timestamp_check + + + + + + unix_chkpwd + + + is a helper binary that verifies the password of the current user + + + unix_chkpwd + + + + + + unix_update + + + is a helper binary that updates the password of a given user + + + unix_update + + + + + + libpam.so + + + provides the interfaces between applications and the + PAM modules + + + libpam.so + + + + + + + + + diff --git a/shareddeps/dps/basicx/other/polkit.xml b/shareddeps/dps/basicx/other/polkit.xml new file mode 100644 index 0000000000..9eaa5dc095 --- /dev/null +++ b/shareddeps/dps/basicx/other/polkit.xml @@ -0,0 +1,316 @@ + + + %general-entities; + + + +]> + + + + + + Polkit-&polkit-version; + + + Polkit + + + + Introduction to Polkit + + + Polkit is a toolkit for defining and handling + authorizations. It is used for allowing unprivileged processes to + communicate with privileged processes. + + + &lfs121_checked; + + Package Information + + + + Download (HTTP): + + + + + Download (FTP): + + + + + + + Polkit Dependencies + + Required + + and + + + + Recommended + + and + + + + + Since elogind + uses PAM to register user sessions, it is a good idea to build + Polkit with PAM support so + elogind + can track Polkit sessions. + + + + + Optional Runtime Dependencies + + + One polkit authentication agent for using polkit in the graphical + environment; this will greatly depend on what desktop you are running... + + + + + + Installation of Polkit + + + There should be a dedicated user and group to take control + of the polkitd daemon after it is + started. Issue the following commands as the + root user: + + +groupadd -fg 27 polkitd && +useradd -c "PolicyKit Daemon Owner" -d /etc/polkit-1 -u 27 \ + -g polkitd -s /bin/false polkitd + + + First fix a build problem for sysV based systems: + + +sed -i '/systemd_sysusers_dir/s/^/#/' meson.build + + + Install Polkit by running the following + commands: + + +mkdir build && +cd build && + +meson setup .. \ + --prefix=/usr \ + --buildtype=release \ + -D man=false \ + -D session_tracking=elogind \ + -D introspection=false \ + -D tests=false + + + Build the package: + + +ninja + + + Now, as the root user: + + +ninja install + + + + + Command Explanations + + + + + : Use this switch if you did not create + the /etc/lfs-release file or distribution auto + detection will fail and you will be unable to use + Polkit. + + + + : This switch enables the + package to use the Shadow rather than the + Linux PAM Authentication framework. Use it + if you have not installed Linux PAM. + + + + : This option disables GObject + Introspection support as it was not enabled in . + + + + : This option disables generating and + installing manual pages. + + + + + + Contents + + + Installed Programs + Installed Libraries + Installed Directories + + + + pkaction, pkcheck, pkexec, + pkttyagent, and polkitd + + + libpolkit-agent-1.so and + libpolkit-gobject-1.so + + + /etc/polkit-1, + /usr/include/polkit-1, + /usr/lib/polkit-1, + /usr/share/gtk-doc/html/polkit-1, and + /usr/share/polkit-1 + + + + + + Short Descriptions + + + + + pkaction + + + is used to obtain information about registered PolicyKit actions + + + pkaction + + + + + + pkcheck + + + is used to check whether a process is authorized for action + + + pkcheck + + + + + + + + pkexec + + + allows an authorized user to execute a command as another user + + + pkexec + + + + + + pkttyagent + + + is used to start a textual authentication agent for the subject + + + pkttyagent + + + + + + polkitd + + + provides the org.freedesktop.PolicyKit1 D-Bus + service on the system message bus + + + polkitd + + + + + + libpolkit-agent-1.so + + + contains the Polkit authentication + agent API functions + + + libpolkit-agent-1.so + + + + + + libpolkit-gobject-1.so + + + contains the Polkit authorization API functions + + + libpolkit-gobject-1.so + + + + + + + + + diff --git a/shareddeps/dps/basicx/other/shadow.xml b/shareddeps/dps/basicx/other/shadow.xml new file mode 100644 index 0000000000..d0b8b32a72 --- /dev/null +++ b/shareddeps/dps/basicx/other/shadow.xml @@ -0,0 +1,575 @@ + + + %general-entities; + + + +]> + + + + + + Shadow-&shadow-version; + + + Shadow + + + + Introduction to Shadow + + + Shadow was indeed installed in LFS and there is + no reason to reinstall it unless you installed + Linux-PAM after your LFS system was completed. + If you have installed Linux-PAM, + reinstalling Shadow will allow programs such as + login and su to utilize PAM. + + + &lfs121_checked; + + Package Information + + + + Download (HTTP): + + + + + Download (FTP): + + + + + Shadow Dependencies + + Required + + + + + + + + Installation of Shadow + + + + The installation commands shown below are for installations where + Linux-PAM has been installed and + Shadow is being reinstalled to support the + Linux-PAM installation. + + + + + + If reinstalling shadow for a version update, be sure to + reaccomplish the Linux-PAM configuration below. The installation + of shadow overwrites many of the files in + /etc/pam.d/. + + + + + Reinstall Shadow by running the following + commands: + + +sed -i 's/groups$(EXEEXT) //' src/Makefile.in && + +find man -name Makefile.in -exec sed -i 's/groups\.1 / /' {} \; && +find man -name Makefile.in -exec sed -i 's/getspnam\.3 / /' {} \; && +find man -name Makefile.in -exec sed -i 's/passwd\.5 / /' {} \; && + +sed -e 's@#ENCRYPT_METHOD DES@ENCRYPT_METHOD YESCRYPT@' \ + -e 's@/var/spool/mail@/var/mail@' \ + -e '/PATH=/{s@/sbin:@@;s@/bin:@@}' \ + -i etc/login.defs && + +./configure --sysconfdir=/etc \ + --disable-static \ + --without-libbsd \ + --with-{b,yes}crypt && +make + + + This package does not come with a test suite. + + + + Now, as the root user: + + +make exec_prefix=/usr pamddir= install + + + The man pages were installed in LFS, but if reinstallation is + desired, run (as the root user): + + +make -C man install-man + + + + + Command Explanations + + + sed -i 's/groups$(EXEEXT) //' src/Makefile.in: This sed + is used to suppress the installation of the groups + program as the version from the Coreutils + package installed during LFS is preferred. + + + + find man -name Makefile.in -exec ... {} \;: The + first command is used to suppress the installation of the + groups man pages so the existing ones installed from + the Coreutils package are not replaced. + The two other commands prevent installation of manual pages that + are already installed by Man-pages in LFS. + + + + sed -e 's@#ENCRYPT_METHOD DES@ENCRYPT_METHOD YESCRYPT@' -e + 's@/var/spool/mail@/var/mail@' -e '/PATH=/{s@/sbin:@@;s@/bin:@@}' + -i etc/login.defs: Instead of using the default 'DES' + method, this command modifies the installation to use the much more + secure 'YESCRYPT' method of hashing passwords, which also allows + passwords longer than eight characters. The command also changes the + obsolete /var/spool/mail location + for user mailboxes that Shadow uses by + default to the /var/mail + location. It also changes the default path to be consistent with that + set in LFS. + + + + --without-libbsd: Prevents looking for the + readpassphrase function, which can be found only in + libbsd, which is not in GLFS. + An internal implementation of readpassphrase is used + instead. + + + + pamddir=: Prevents installation of the shipped + PAM configuration files into + /etc/pam.d. The shipped + configuration does not work with the BLFS PAM configuration and we + will create these configuration files explicitly. + + + + + + + + + Configuring Linux-PAM to Work with Shadow + + + Config Files + + + /etc/pam.d/* or alternatively + /etc/pam.conf, + /etc/login.defs and + /etc/security/* + + + + /etc/pam.d/* + + + + /etc/pam.conf + + + + /etc/login.defs + + + + /etc/security/* + + + + + Configuration Information + + + Configuring your system to use Linux-PAM can + be a complex task. The information below will provide a basic setup so + that Shadow's login and password + functionality will work effectively with + Linux-PAM. Review the information and links + on the page for further configuration + information. For information specific to integrating + Shadow, Linux-PAM + and libpwquality, you can visit the + following link: + + + + + + + + + + + + + Configuring /etc/login.defs + + + The login program currently performs many functions + which Linux-PAM modules should now handle. + The following sed command will comment out the + appropriate lines in /etc/login.defs, and stop + login from performing these functions (a backup + file named /etc/login.defs.orig is also created + to preserve the original file's contents). Issue the following + commands as the root user: + + + + /etc/login.defs + + +install -v -m644 /etc/login.defs /etc/login.defs.orig && +for FUNCTION in FAIL_DELAY \ + FAILLOG_ENAB \ + LASTLOG_ENAB \ + MAIL_CHECK_ENAB \ + OBSCURE_CHECKS_ENAB \ + PORTTIME_CHECKS_ENAB \ + QUOTAS_ENAB \ + CONSOLE MOTD_FILE \ + FTMP_FILE NOLOGINS_FILE \ + ENV_HZ PASS_MIN_LEN \ + SU_WHEEL_ONLY \ + CRACKLIB_DICTPATH \ + PASS_CHANGE_TRIES \ + PASS_ALWAYS_WARN \ + CHFN_AUTH ENCRYPT_METHOD \ + ENVIRON_FILE +do + sed -i "s/^${FUNCTION}/# &/" /etc/login.defs +done + + + + Configuring the /etc/pam.d/ Files + + + As mentioned previously in the Linux-PAM + instructions, Linux-PAM has two supported + methods for configuration. The commands below assume that you've + chosen to use a directory based configuration, where each program has + its own configuration file. You can optionally use a single + /etc/pam.conf configuration file by using the + text from the files below, and supplying the program name as an + additional first field for each line. + + + + As the root user, create + the following Linux-PAM configuration files + in the /etc/pam.d/ directory + (or add the contents to the /etc/pam.conf file) + using the following commands: + + + + + 'login' + +cat > /etc/pam.d/login << "EOF" +# Begin /etc/pam.d/login + +# Set failure delay before next prompt to 3 seconds +auth optional pam_faildelay.so delay=3000000 + +# Check to make sure that the user is allowed to login +auth requisite pam_nologin.so + +# Check to make sure that root is allowed to login +# Disabled by default. You will need to create /etc/securetty +# file for this module to function. See man 5 securetty. +#auth required pam_securetty.so + +# Additional group memberships - disabled by default +#auth optional pam_group.so + +# include system auth settings +auth include system-auth + +# check access for the user +account required pam_access.so + +# include system account settings +account include system-account + +# Set default environment variables for the user +session required pam_env.so + +# Set resource limits for the user +session required pam_limits.so + +# Display the message of the day - Disabled by default +#session optional pam_motd.so + +# Check user's mail - Disabled by default +#session optional pam_mail.so standard quiet + +# include system session and password settings +session include system-session +password include system-password + +# End /etc/pam.d/login +EOF + + + + 'passwd' + +cat > /etc/pam.d/passwd << "EOF" +# Begin /etc/pam.d/passwd + +password include system-password + +# End /etc/pam.d/passwd +EOF + + + + 'su' + +cat > /etc/pam.d/su << "EOF" +# Begin /etc/pam.d/su + +# always allow root +auth sufficient pam_rootok.so + +# Allow users in the wheel group to execute su without a password +# disabled by default +#auth sufficient pam_wheel.so trust use_uid + +# include system auth settings +auth include system-auth + +# limit su to users in the wheel group +# disabled by default +#auth required pam_wheel.so use_uid + +# include system account settings +account include system-account + +# Set default environment variables for the service user +session required pam_env.so + +# include system session settings +session include system-session + +# End /etc/pam.d/su +EOF + + + + 'chpasswd' and 'newusers' + +cat > /etc/pam.d/chpasswd << "EOF" +# Begin /etc/pam.d/chpasswd + +# always allow root +auth sufficient pam_rootok.so + +# include system auth and account settings +auth include system-auth +account include system-account +password include system-password + +# End /etc/pam.d/chpasswd +EOF + +sed -e s/chpasswd/newusers/ /etc/pam.d/chpasswd >/etc/pam.d/newusers + + + + 'chage' + +cat > /etc/pam.d/chage << "EOF" +# Begin /etc/pam.d/chage + +# always allow root +auth sufficient pam_rootok.so + +# include system auth and account settings +auth include system-auth +account include system-account + +# End /etc/pam.d/chage +EOF + + + + Other shadow utilities + +for PROGRAM in chfn chgpasswd chsh groupadd groupdel \ + groupmems groupmod useradd userdel usermod +do + install -v -m644 /etc/pam.d/chage /etc/pam.d/${PROGRAM} + sed -i "s/chage/$PROGRAM/" /etc/pam.d/${PROGRAM} +done + + + + At this point, you should do a simple test to see if + Shadow is working as expected. Open + another terminal and log in as + root, and then run + login and login as another user. If you do + not see any errors, then all is well and you should proceed with + the rest of the configuration. If you did receive errors, stop + now and double check the above configuration files manually. + Any error is the sign of an error in the above procedure. + You can also run the + test suite from the Linux-PAM package + to assist you in determining the problem. If you cannot find and + fix the error, you should recompile + Shadow adding the + switch to the + configure command in the above instructions + (also move the /etc/login.defs.orig backup + file to /etc/login.defs). If you fail to do + this and the errors remain, you will be unable to log into your + system. + + + + + + Configuring Login Access + + + Instead of using the /etc/login.access file for + controlling access to the system, Linux-PAM + uses the pam_access.so module + along with the /etc/security/access.conf file. + Rename the /etc/login.access file using the + following command: + + + + /etc/security/access.conf + + +if [ -f /etc/login.access ]; then mv -v /etc/login.access{,.NOUSE}; fi + + + + Configuring Resource Limits + + + Instead of using the /etc/limits file for + limiting usage of system resources, + Linux-PAM uses the + pam_limits.so module along + with the /etc/security/limits.conf file. Rename + the /etc/limits file using the following command: + + + + /etc/security/limits.conf + + +if [ -f /etc/limits ]; then mv -v /etc/limits{,.NOUSE}; fi + + + + Be sure to test the login capabilities of the system before logging + out. Errors in the configuration can cause a permanent + lockout requiring a boot from an external source to correct the + problem. + + + + + + + + + + Contents + + + A list of the installed files, along with their short descriptions can be + found at + . + + + + + diff --git a/shareddeps/dps/basicx/other/shared-mime-info.xml b/shareddeps/dps/basicx/other/shared-mime-info.xml new file mode 100644 index 0000000000..9024e3bb93 --- /dev/null +++ b/shareddeps/dps/basicx/other/shared-mime-info.xml @@ -0,0 +1,166 @@ + + + %general-entities; + + + + +]> + + + + + + shared-mime-info-&shared-mime-info-version; + + + shared-mime-info + + + + Introduction to Shared Mime Info + + + The Shared Mime Info package contains a + MIME database. This allows central updates of MIME information for all + supporting applications. + + + &lfs121_checked; + + Package Information + + + + Download (HTTP): + + + + + Download (FTP): + + + + + Additional Downloads + + + + Optional download, required to run the test suite: + + + + + + Shared Mime Info Dependencies + + Required + + and + + + + + + + Installation of Shared Mime Info + + + Install Shared Mime Info by running the + following commands: + + + + If you wish to run the test suite, you must first extract the + xdgmime tarball into the current directory, + and compile it so that meson can find it: + + +tar -xf ../xdgmime.tar.xz && +make -C xdgmime + + + Now build the package: + + +mkdir build && +cd build && + +meson setup --prefix=/usr --buildtype=release -D update-mimedb=true .. && +ninja + + + If you have followed the instructions above to build + xdgmime, to test the result issue + ninja test. + + + + Now, as the root user: + + +ninja install + + + + + Command Explanations + + + + + -D update-mimedb=true: This parameter tells + the build system to run update-mime-database during + installation. Otherwise, this must be done manually in order to be + able to use the MIME database. + + + + + Contents + + + Installed Program + Installed Library + Installed Directory + + + + update-mime-database + + + None + + + /usr/share/mime + + + + + + Short Descriptions + + + + + update-mime-database + + + assists in adding MIME data to the database + + + update-mime-database + + + + + + + + + diff --git a/shareddeps/dps/wl/seatd.xml b/shareddeps/dps/wl/seatd.xml index da8aaf8bb2..9ef38acd9e 100644 --- a/shareddeps/dps/wl/seatd.xml +++ b/shareddeps/dps/wl/seatd.xml @@ -46,14 +46,8 @@ Recommended - elogind - (this package needs a backend to properly create a seat, - elogind being a suitable one. - elogind is not in this book due to the amount - of transient dependencies, however. First compile this package without - the backend support, then when you get to , - compile elogind and recompile this package - afterwards) + (this package needs a backend to properly + create a seat, elogind being a suitable one) diff --git a/shareddeps/dps/x/xorg-server.xml b/shareddeps/dps/x/xorg-server.xml index 02572018ed..c94a32f610 100644 --- a/shareddeps/dps/x/xorg-server.xml +++ b/shareddeps/dps/x/xorg-server.xml @@ -76,17 +76,13 @@ Recommended , - - elogind (runtime; + (runtime; libelogind also referred at build time but it's not really useful), (needed for glamor), and (runtime) - If you don't want to install the recommended dependency elogind, diff --git a/shareddeps/sdintro.xml b/shareddeps/sdintro.xml index a42c6d3051..da8a460453 100644 --- a/shareddeps/sdintro.xml +++ b/shareddeps/sdintro.xml @@ -70,6 +70,14 @@ + + + + + + + +