linux-from-scratch/glfs
1
0
Fork 0
mirror of https://github.com/Zeckmathederg/glfs.git synced 2025-01-23 22:42:14 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Elogind: Added, along with... all the necessary packages... Fixes issue #20.

Browse Source 
Amount of packages added: 9.
This commit is contained in:
Zeckmathederg 2024-09-11 17:41:11 -06:00
parent 81f6fa0cfc
commit bec49eef92
19 changed files with 2933 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
introduction/welcome/changelog.xml
View File

@ -42,6 +42,13 @@
<listitem>
<para>September 11th, 2024</para>
<itemizedlist>
<listitem>
<para>
[Zeckmathederg] - Elogind: Added, along with... all the necessary
packages... Fixes issue
<ulink url="https://github.com/Zeckmathederg/glfs/issues/20">#20.</ulink>
</para>
</listitem>
<listitem>
<para>[Zeckmathederg] - Python: 3.12.4 -&gt; 3.12.6.</para>
</listitem>

8
introduction/welcome/rationale.xml
View File

@ -35,11 +35,7 @@
packages not being in the book is that the packages take a lot
of work to install and require jumping around. They can also require
a lot of choice or take up space or RAM for no real benefit for a
lot of users when there are more simple solutions, for example: a
logind variant being completely unnecessary as the regular user can
just be added to the <systemitem class='groupname'>audio</systemitem>,
<systemitem class='groupname'>video</systemitem>, and
<systemitem class='groupname'>input</systemitem> groups.
lot of users when there are more simple solutions.
</para>
</sect2>
@ -51,7 +47,7 @@
There are some optional dependencies that aren't listed, and the
main reason for this is that they just would take up unnecessary
space. If on the offchance you desire even more out of your system,
there are plenty more packages in BLFS and is more geared for
there are plenty more packages in BLFS and BLFS is more geared for
everyone, although this book focuses more on gaming.
</para>

2
kernel-config/Makefile
View File

@ -1,4 +1,4 @@
INPUT = $(wildcard */*.toml */*/*.toml */*/*/*.toml)
INPUT = $(wildcard */*.toml */*/*.toml */*/*/*.toml */*/*/*/*.toml)
OUTPUT = $(patsubst %.toml, ../%-kernel.xml, $(INPUT))
ifeq ($(KERNEL_TREE),)

4
kernel-config/shareddeps/dps/basicx/other/elogind.toml Normal file
View File

@ -0,0 +1,4 @@
INOTIFY_USER = '*'
# not really forced, but if you select DRM_I915 it will seem "forced"
TMPFS='*'
TMPFS_POSIX_ACL='*'

1
kernel-config/shareddeps/dps/basicx/other/linux-pam.toml Normal file
View File

@ -0,0 +1 @@
AUDIT='*'

10
packages.ent
View File

@ -102,6 +102,16 @@
<!ENTITY icu-patch "0">
<!ENTITY icu-version "&icu-major;.&icu-minor;">
<!ENTITY libxml2-version "2.13.3">
<!ENTITY linux-pam-version "1.6.1">
<!ENTITY linux-pam-docs-version "&linux-pam-version;">
<!ENTITY shadow-version "4.16.0">
<!ENTITY elogind-version "255.5">
<!ENTITY duktape-version "2.7.0">
<!ENTITY glib2-minor "2.82">
<!ENTITY glib2-version "&glib2-minor;.0">
<!ENTITY shared-mime-info-version "2.4">
<!ENTITY desktop-file-utils-version "0.27">
<!ENTITY polkit-version "125">
<!-- Wayland -->
<!ENTITY wayland-version "1.23.1">
<!ENTITY wayland-protocols-version "1.37">

230
shareddeps/dps/basicx/other/desktop-file-utils.xml Normal file
View File

@ -0,0 +1,230 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../../../general.ent">
%general-entities;
<!ENTITY desktop-file-utils-download-http
"https://www.freedesktop.org/software/desktop-file-utils/releases/desktop-file-utils-&desktop-file-utils-version;.tar.xz">
<!ENTITY desktop-file-utils-download-ftp " ">
]>
<sect1 id="desktop-file-utils" xreflabel="desktop-file-utils-&desktop-file-utils-version;">
<?dbhtml filename="desktop-file-utils.html"?>
<title>desktop-file-utils-&desktop-file-utils-version;</title>
<indexterm zone="desktop-file-utils">
<primary sortas="a-desktop-file-utils">desktop-file-utils</primary>
</indexterm>
<sect2 role="package">
<title>Introduction to Desktop File Utils</title>
<para>
The <application>Desktop File Utils</application> package contains
command line utilities for working with <ulink
url="https://standards.freedesktop.org/desktop-entry-spec/latest/">
Desktop entries</ulink>. These utilities are used by Desktop
Environments and other applications to manipulate the MIME-types
application databases and help adhere to the Desktop Entry
Specification.
</para>
&lfs121_checked;
<bridgehead renderas="sect3">Package Information</bridgehead>
<itemizedlist spacing="compact">
<listitem>
<para>
Download (HTTP): <ulink url="&desktop-file-utils-download-http;"/>
</para>
</listitem>
<listitem>
<para>
Download (FTP): <ulink url="&desktop-file-utils-download-ftp;"/>
</para>
</listitem>
</itemizedlist>
<bridgehead renderas="sect3">Desktop File Utils Dependencies</bridgehead>
<bridgehead renderas="sect4">Required</bridgehead>
<para role="required">
<xref linkend="glib2"/>
</para>
</sect2>
<sect2 role="installation">
<title>Installation of Desktop File Utils</title>
<warning>
<para>
If you are upgrading from a previous version of desktop-file-utils that
used the Autotools method of installing and configuring the package,
you must remove the desktop-file-edit symlink by using the following
commands.
</para>
<screen role="root"><userinput>rm -fv /usr/bin/desktop-file-edit</userinput></screen>
</warning>
<!-- Works around a bug in meson's symlink creation exposed by this package -->
<para>
Install <application>Desktop File Utils</application> by
running the following commands:
</para>
<screen><userinput>mkdir build &amp;&amp;
cd build &amp;&amp;
meson setup --prefix=/usr --buildtype=release .. &amp;&amp;
ninja</userinput></screen>
<para>
This package does not come with a test suite.
</para>
<para>
Now, as the <systemitem class="username">root</systemitem> user:
</para>
<screen role="root"><userinput>ninja install</userinput></screen>
</sect2>
<sect2 role="commands">
<title>Command Explanations</title>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../../../../xincludes/meson-buildtype-release.xml"/>
</sect2>
<sect2 role="configuration">
<title>Configuring Desktop File Utils</title>
<sect3>
<title>Configuration Information</title>
<para>
The <ulink
url="https://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html">XDG
Base Directory</ulink> specification defines the standard locations for
applications to place data and configuration files. These files can be
used, for instance, to define the menu structure and menu items in a
desktop environment.
</para>
<para>
The default location for configuration files to be installed
is <filename class="directory">/etc/xdg</filename>, and the default
locations for data files are <filename
class="directory">/usr/local/share</filename> and <filename
class="directory">/usr/share</filename>. These locations can be
extended with the environment variables <envar>XDG_CONFIG_DIRS</envar>
and <envar>XDG_DATA_DIRS</envar>, respectively. The
<application>GNOME</application>, <application>KDE</application> and
<application>XFCE</application> environments respect these
settings.
</para>
<para>
When a package installs a <filename>.desktop</filename> file
to a location in one of the base data directories, the database
that maps MIME-types to available applications can be updated. For
instance, the cache file at
<filename>/usr/share/applications/mimeinfo.cache</filename> can
be rebuilt by executing the following command as the <systemitem
class="username">root</systemitem> user:
</para>
<screen role="root"><userinput>install -vdm755 /usr/share/applications &amp;&amp;
update-desktop-database /usr/share/applications</userinput></screen>
</sect3>
</sect2>
<sect2 role="content">
<title>Contents</title>
<segmentedlist>
<segtitle>Installed Programs</segtitle>
<segtitle>Installed Libraries</segtitle>
<segtitle>Installed Directories</segtitle>
<seglistitem>
<seg>
desktop-file-edit, desktop-file-install,
desktop-file-validate and
update-desktop-database
</seg>
<seg>
None
</seg>
<seg>
None
</seg>
</seglistitem>
</segmentedlist>
<variablelist>
<bridgehead renderas="sect3">Short Descriptions</bridgehead>
<?dbfo list-presentation="list"?>
<?dbhtml list-presentation="table"?>
<varlistentry id="desktop-file-edit">
<term><command>desktop-file-edit</command></term>
<listitem>
<para>
is used to modify an existing desktop file entry
</para>
<indexterm zone="desktop-file-utils desktop-file-edit">
<primary sortas="b-desktop-file-edit">desktop-file-edit</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="desktop-file-install">
<term><command>desktop-file-install</command></term>
<listitem>
<para>
is used to install a new desktop file entry. It is
also used to rebuild or modify the MIME-types application
database
</para>
<indexterm zone="desktop-file-utils desktop-file-install">
<primary sortas="b-desktop-file-install">desktop-file-install</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="desktop-file-validate">
<term><command>desktop-file-validate</command></term>
<listitem>
<para>
is used to verify the integrity of a desktop file
</para>
<indexterm zone="desktop-file-utils desktop-file-validate">
<primary sortas="b-desktop-file-validate">desktop-file-validate</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="update-desktop-database">
<term><command>update-desktop-database</command></term>
<listitem>
<para>
is used to update the MIME-types application database
</para>
<indexterm zone="desktop-file-utils update-desktop-database">
<primary sortas="b-update-desktop-database">update-desktop-database</primary>
</indexterm>
</listitem>
</varlistentry>
</variablelist>
</sect2>
</sect1>

111
shareddeps/dps/basicx/other/duktape.xml Normal file
View File

@ -0,0 +1,111 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../../../general.ent">
%general-entities;
<!ENTITY duktape-download-http "https://duktape.org/duktape-&duktape-version;.tar.xz">
<!ENTITY duktape-download-ftp " ">
]>
<sect1 id="duktape" xreflabel="duktape-&duktape-version;">
<?dbhtml filename="duktape.html"?>
<title>duktape-&duktape-version;</title>
<indexterm zone="duktape">
<primary sortas="a-duktape">duktape</primary>
</indexterm>
<sect2 role="package">
<title>Introduction to duktape</title>
<para>
<application>duktape</application> is an embeddable Javascript
engine, with a focus on portability and compact footprint.
</para>
<!-- To editors: make sure polkit works with duktape before
tagging duktape. -->
&lfs121_checked;
<bridgehead renderas="sect3">Package Information</bridgehead>
<itemizedlist spacing="compact">
<listitem>
<para>
Download (HTTP): <ulink url="&duktape-download-http;"/>
</para>
</listitem>
<listitem>
<para>
Download (FTP): <ulink url="&duktape-download-ftp;"/>
</para>
</listitem>
</itemizedlist>
</sect2>
<sect2 role="installation">
<title>Installation of duktape</title>
<para>
Install <application>duktape</application> by running the
following commands:
</para>
<screen><userinput>sed -i 's/-Os/-O2/' Makefile.sharedlibrary
make -f Makefile.sharedlibrary INSTALL_PREFIX=/usr</userinput></screen>
<para>
Now, as the <systemitem class="username">root</systemitem> user:
</para>
<screen role="root"><userinput>make -f Makefile.sharedlibrary INSTALL_PREFIX=/usr install</userinput></screen>
</sect2>
<sect2 role="content">
<title>Contents</title>
<segmentedlist>
<segtitle>Installed Programs</segtitle>
<segtitle>Installed Libraries</segtitle>
<segtitle>Installed Directories</segtitle>
<seglistitem>
<seg>
None
</seg>
<seg>
libduktape.so and libduktaped.so
</seg>
<seg>
None
</seg>
</seglistitem>
</segmentedlist>
<variablelist>
<bridgehead renderas="sect3">Short Descriptions</bridgehead>
<?dbfo list-presentation="list"?>
<?dbhtml list-presentation="table"?>
<varlistentry id="libduktape.so">
<term><filename class="libraryfile">libduktape.so</filename></term>
<listitem>
<para>
is an embeddable Javascript engine
</para>
<indexterm zone="duktape">
<primary sortas="c-duktape">libduktape.so</primary>
</indexterm>
</listitem>
</varlistentry>
</variablelist>
</sect2>
</sect1>

10
shareddeps/dps/basicx/other/elogind-kernel.xml Normal file
View File

@ -0,0 +1,10 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE note PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
<!-- Automatically generated by kernel-config.py
DO NOT EDIT! -->
<screen><emphasis role='blue'>F</emphasis>ile systems ---&gt;
[*] <emphasis role='blue'>I</emphasis>notify support for userspace [INOTIFY_USER]
<emphasis role='blue'>P</emphasis>seudo filesystems ---&gt;
[*] <emphasis role='blue'>T</emphasis>mpfs virtual memory file system support (former shm fs) [TMPFS]
[*] <emphasis role='blue'>T</emphasis>mpfs POSIX Access Control Lists [TMPFS_POSIX_ACL]</screen>

328
shareddeps/dps/basicx/other/elogind.xml Normal file
View File

@ -0,0 +1,328 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../../../general.ent">
%general-entities;
<!ENTITY elogind-download-http "https://github.com/elogind/elogind/archive/v&elogind-version;/elogind-&elogind-version;.tar.gz">
<!ENTITY elogind-download-ftp " ">
]>
<sect1 id="elogind" revision="sysv" xreflabel="elogind-&elogind-version;">
<?dbhtml filename="elogind.html"?>
<title>elogind-&elogind-version;</title>
<indexterm zone="elogind">
<primary sortas="a-elogind">elogind</primary>
</indexterm>
<sect2 role="package">
<title>Introduction to elogind</title>
<para>
<application>elogind</application> is the
<application>systemd</application> project's "logind", extracted to
be a standalone daemon. It integrates with <xref linkend="linux-pam"/>
to track all the users logged in to a system, and whether they
are logged in graphically, on the console, or remotely.
<application>Elogind</application> exposes this information via the
standard org.freedesktop.login1 <application>D-Bus</application>
interface, and also through the file system using systemd's standard
<filename class="directory">/run/systemd</filename> layout.
</para>
&lfs121_checked;
<bridgehead renderas="sect3">Package Information</bridgehead>
<itemizedlist spacing="compact">
<listitem>
<para>
Download (HTTP): <ulink url="&elogind-download-http;"/>
</para>
</listitem>
<listitem>
<para>
Download (FTP): <ulink url="&elogind-download-ftp;"/>
</para>
</listitem>
</itemizedlist>
<bridgehead renderas="sect3">elogind Dependencies</bridgehead>
<bridgehead renderas="sect4">Recommended</bridgehead>
<para role="recommended">
<xref role="runtime" linkend="dbus"/> (runtime),
<xref linkend="linux-pam"/>, and
<xref role="runtime" linkend="polkit"/> (runtime)
</para>
</sect2>
<sect2 role="kernel" id="elogind-kernel">
<title>Kernel Configuration</title>
<para>
Enable the following options in the kernel configuration and recompile the
kernel if necessary:
</para>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="elogind-kernel.xml"/>
<indexterm zone="elogind elogind-kernel">
<primary sortas="d-elogind">elogind</primary>
</indexterm>
</sect2>
<sect2 role="installation">
<title>Installation of elogind</title>
<para>
Install <application>elogind</application> by running the following
commands:
</para>
<screen><userinput>mkdir build &amp;&amp;
cd build &amp;&amp;
meson setup .. \
--prefix=/usr \
--buildtype=release \
-D docdir=/usr/share/doc/elogind-&elogind-version; \
-D cgroup-controller=elogind \
-D dev-kvm-mode=0660 \
-D dbuspolicydir=/etc/dbus-1/system.d &amp;&amp;
ninja</userinput></screen>
<para>
Now, as the <systemitem class="username">root</systemitem> user:
</para>
<screen role="root"><userinput>ninja install &amp;&amp;
ln -sfv libelogind.pc /usr/lib/pkgconfig/libsystemd.pc &amp;&amp;
ln -sfvn elogind /usr/include/systemd</userinput></screen>
</sect2>
<sect2 role="commands">
<title>Command Explanations</title>
<!--
<para>
<command>sed ... meson.build</command>: This change allows the
package to be built without polkit being installed (it is still a
runtime dependency) but able to use polkit after that package is
installed.
</para>
<para>
<command>sed ... src/login/logind.c</command>: This change allows the
elogind daemon to exit when it is disconnected from dbus (for example
when dbus is killed).
</para>
-->
<para>
<parameter>-D docdir=/usr/share/doc/elogind-&elogind-version;</parameter>:
This is needed to install documentation in a versioned directory.
</para>
<para>
<parameter>-D cgroup-controller=elogind</parameter>: This switch is
necessary to build this package when the kernel is not built with
<option>CONFIG_CGROUPS</option> enabled. Note that
<application>elogind</application> strictly needs
a kernel with <option>CONFIG_CGROUPS</option> enabled at runtime,
but this switch will allow building the package first.
</para>
<para>
<parameter>-D dbuspolicydir=/etc/dbus-1/system.d</parameter>: This switch
sets the location of the <application>D-Bus</application> policy
directory.
</para>
<para>
<parameter>-D dev-kvm-mode=0660</parameter>: The LFS udev rule sets the
mode of <filename class='devicefile'>/dev/kvm</filename> to 0660.
This option ensures the elogind udev rules consistent with the LFS
configuration.
</para>
<para>
<option>-D default-kill-user-processes=false</option>: Determines whether
the processes of a user should be killed when the user logs out. The
default is <emphasis>true</emphasis>, but this defeats the traditional
use of <command>screen</command> or <command>tmux</command>. This can
also be changed in the configuration file (see below).
</para>
<para>
<command>ln -s ...</command>: These commands install symlinks so that
software packages can find the systemd-compatible library and headers.
</para>
</sect2>
<sect2 role="configuration">
<title>Configuring elogind</title>
<sect3 id="elogind-config">
<title>Config File</title>
<para>
<filename>/etc/elogind/logind.conf</filename>
</para>
<indexterm zone="elogind elogind-config">
<primary
sortas="e-etc-elogind-logind.conf">/etc/elogind/logind.conf</primary>
</indexterm>
</sect3>
<sect3><title>Configuration Information</title>
<para>
The installed file <filename>/etc/elogind/logind.conf</filename>
contains all the possible options with their defaults, commented
out. You may wish to disable automatically killing user processes when the user logs
out, by running, as the <systemitem class="username">root</systemitem>
user:
</para>
<screen role="root"><userinput>sed -e '/\[Login\]/a KillUserProcesses=no' \
-i /etc/elogind/logind.conf</userinput></screen>
<para>
Each user will need to register a user session using
<application>Linux-PAM</application> at login. The
<filename>/etc/pam.d/system-session</filename> file needs to
be modified and a new file must be created in order for
<command>elogind</command> to work correctly. Run the following
commands as the <systemitem class="username">root</systemitem> user:
</para>
<screen role="root"><userinput>cat &gt;&gt; /etc/pam.d/system-session &lt;&lt; "EOF" &amp;&amp;
<literal># Begin elogind addition
session required pam_loginuid.so
session optional pam_elogind.so
# End elogind addition</literal>
EOF
cat &gt; /etc/pam.d/elogind-user &lt;&lt; "EOF"
<literal># Begin /etc/pam.d/elogind-user
account required pam_access.so
account include system-account
session required pam_env.so
session required pam_limits.so
session required pam_unix.so
session required pam_loginuid.so
session optional pam_keyinit.so force revoke
session optional pam_elogind.so
auth required pam_deny.so
password required pam_deny.so
# End /etc/pam.d/elogind-user</literal>
EOF</userinput></screen>
<note>
<para>After completion of <application>elogind</application>,
you should check that it functions properly. First ensure that
<application>dbus</application> is running. It may be easiest
to do this by rebooting the system. After logging in again, run
the command <command>loginctl</command>. The result should indicate
that a SESSION and a SEAT have been created.</para>
</note>
</sect3>
</sect2>
<sect2 role="content" revision="sysv">
<title>Contents</title>
<segmentedlist>
<segtitle>Installed Programs</segtitle>
<segtitle>Installed Library</segtitle>
<segtitle>Installed Directories</segtitle>
<seglistitem>
<seg>
busctl,
elogind-inhibit, and
loginctl
</seg>
<seg>
libelogind.so
</seg>
<seg>
/usr/lib/elogind,
/etc/elogind,
/usr/include/elogind, and
/usr/share/doc/elogind-&elogind-version;
</seg>
</seglistitem>
</segmentedlist>
<variablelist>
<bridgehead renderas="sect3">Short Descriptions</bridgehead>
<?dbfo list-presentation="list"?>
<?dbhtml list-presentation="table"?>
<varlistentry id="busctl">
<term><command>busctl</command></term>
<listitem>
<para>
is used to introspect and monitor the D-Bus bus
</para>
<indexterm zone="elogind busctl">
<primary sortas="b-busctl">busctl</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="elogind-inhibit">
<term><command>elogind-inhibit</command></term>
<listitem>
<para>
is used to execute a program with a shutdown, sleep or idle
inhibitor lock taken
</para>
<indexterm zone="elogind elogind-inhibit">
<primary sortas="b-elogind-inhibit">elogind-inhibit</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="loginctl">
<term><command>loginctl</command></term>
<listitem>
<para>
is used to introspect and control the state of the elogind Login
Manager
</para>
<indexterm zone="elogind loginctl">
<primary sortas="b-loginctl">loginctl</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="libelogind">
<term><filename class="libraryfile">libelogind.so</filename></term>
<listitem>
<para>
is the main elogind utility library
</para>
<indexterm zone="elogind libelogind">
<primary sortas="c-libelogind">libelogind.so</primary>
</indexterm>
</listitem>
</varlistentry>
</variablelist>
</sect2>
</sect1>

637
shareddeps/dps/basicx/other/glib2.xml Normal file
View File

@ -0,0 +1,637 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../../../general.ent">
%general-entities;
<!ENTITY glib2-download-http "&gnome-download-http;/glib/&glib2-minor;/glib-&glib2-version;.tar.xz">
<!ENTITY glib2-download-ftp " ">
]>
<sect1 id="glib2" xreflabel="GLib-&glib2-version;">
<?dbhtml filename="glib2.html"?>
<title>GLib-&glib2-version;</title>
<indexterm zone="glib2">
<primary sortas="a-GLib2">GLib2</primary>
</indexterm>
<sect2 role="package">
<title>Introduction to GLib</title>
<para>
The <application>GLib</application> package contains low-level
libraries useful for providing data structure handling for C, portability
wrappers and interfaces for runtime functionality such as an
event loop, threads, dynamic loading and an object system.
</para>
&lfs121_checked;
<bridgehead renderas="sect3">Package Information</bridgehead>
<itemizedlist spacing="compact">
<listitem>
<para>
Download (HTTP): <ulink url="&glib2-download-http;"/>
</para>
</listitem>
<listitem>
<para>
Download (FTP): <ulink url="&glib2-download-ftp;"/>
</para>
</listitem>
</itemizedlist>
<para>
<emphasis role="strong">Patch for Log Level Selection (Optional)</emphasis>
</para>
<itemizedlist spacing="compact">
<listitem>
<para>
Optional patch:
<ulink url="&patch-root;/glib-skip_warnings-1.patch"/>
</para>
</listitem>
</itemizedlist>
<bridgehead renderas="sect3">GLib Dependencies</bridgehead>
<!--
<bridgehead renderas="sect4">Required</bridgehead>
<para role="required">
<xref linkend='packaging'/>
</para>
-->
<bridgehead renderas="sect4">Additional Runtime Dependencies</bridgehead>
<para role="recommended">
<xref role="runtime" linkend="shared-mime-info"/> and
<xref role="runtime" linkend="desktop-file-utils"/>
</para>
</sect2>
<sect2 role="installation">
<title>Installation of GLib</title>
<important>
<para>
This installation disables building GObject Introspection support.
After you are done with GLFS, follow the installation instructions of
<ulink url="&blfs-svn;/general/glib2.html">GLib</ulink> and
<ulink url="&blfs-svn;/postlfs/polkit.html">Polkit</ulink> in the
development version of BLFS to enable that support.
</para>
</important>
<para>
If desired, apply the optional patch. In many cases, applications that
use this library, either directly or indirectly via other libraries.
This patch enables the use of an environment variable,
<envar>GLIB_LOG_LEVEL</envar>, that suppresses unwanted messages. The
value of the variable is a digit that corresponds to:
</para>
<simplelist>
<member>1 Alert</member>
<member>2 Critical</member>
<member>3 Error</member>
<member>4 Warning</member>
<member>5 Notice</member>
</simplelist>
<para>
For instance <userinput>export GLIB_LOG_LEVEL=4</userinput> will skip
output of Warning and Notice messages (and Info/Debug messages if they
are turned on). If <envar>GLIB_LOG_LEVEL</envar> is not defined, normal
message output will not be affected.
</para>
<screen><userinput>patch -Np1 -i ../glib-skip_warnings-1.patch</userinput></screen>
<warning>
<para>
If a previous version of glib is installed, move the headers out of the
way so that later packages do not encounter conflicts:
</para>
<screen role="root"><userinput remap="pre">if [ -e /usr/include/glib-2.0 ]; then
rm -rf /usr/include/glib-2.0.old &amp;&amp;
mv -vf /usr/include/glib-2.0{,.old}
fi</userinput></screen>
</warning>
<para>
Install <application>GLib</application> by running the following
commands:
</para>
<screen><userinput>mkdir build &amp;&amp;
cd build &amp;&amp;
meson setup .. \
--prefix=/usr \
--buildtype=release \
-D introspection=disabled \
-D glib_debug=disabled \
-D man-pages=disabled \
-D sysprof=disabled &amp;&amp;
ninja</userinput></screen>
<para>
As the <systemitem class="username">root</systemitem> user,
install this package:
</para>
<screen role="root"><userinput>ninja install</userinput></screen>
<para>
You should now install <xref linkend="desktop-file-utils"/> and
<xref linkend="shared-mime-info"/>.
</para>
</sect2>
<sect2 role="commands">
<title>Command Explanations</title>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../../../../xincludes/meson-buildtype-release.xml"/>
<para>
<parameter>-D man-pages=disabled</parameter>: This switch causes the
build to create and install the package man pages.
</para>
<para>
<parameter>-D glib_debug=disabled</parameter>: This switch causes the
build to not include some expensive checks for debugging in the built
programs and libraries.
</para>
<para>
<parameter>-D sysprof=disabled</parameter>: This switch disables the
tracing support for sysprof. Remove this option if you want the
tracing support. Note that if sysprof is not installed, removing
this option will cause the build system to download a copy of sysprof
from the Internet.
</para>
</sect2>
<sect2 role="content">
<title>Contents</title>
<bridgehead renderas="sect3">GLib Contents</bridgehead>
<segmentedlist>
<segtitle>Installed Programs</segtitle>
<segtitle>Installed Libraries</segtitle>
<segtitle>Installed Directories</segtitle>
<seglistitem>
<seg>
gapplication, gdbus, gdbus-codegen,
gi-compile-repository, gi-decompile-typelib, gi-inspect-typelib
gio, gio-querymodules,
glib-compile-resources, glib-compile-schemas,
glib-genmarshal, glib-gettextize,
glib-mkenums, gobject-query,
gresource, gsettings,
gtester, and gtester-report
</seg>
<seg>
libgio-2.0.so,
libgirepository-2.0.so,
libglib-2.0.so,
libgmodule-2.0.so,
libgobject-2.0.so, and
libgthread-2.0.so
</seg>
<seg>
/usr/include/gio-unix-2.0,
/usr/include/glib-2.0,
/usr/lib/gio,
/usr/lib/glib-2.0,
/usr/share/glib-2.0, and
/usr/share/doc/glib-&glib2-version; (optional)
</seg>
</seglistitem>
</segmentedlist>
<variablelist>
<bridgehead renderas="sect3">Short Descriptions</bridgehead>
<?dbfo list-presentation="list"?>
<?dbhtml list-presentation="table"?>
<varlistentry id="gapplication">
<term><command>gapplication</command></term>
<listitem>
<para>
can be used to start applications and to send
messages to already-running instances of other applications
</para>
<indexterm zone="glib2 gapplication">
<primary sortas="b-gapplication">application</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="gdbus">
<term><command>gdbus</command></term>
<listitem>
<para>
is a simple tool used for working with
<application>D-Bus</application> objects
</para>
<indexterm zone="glib2 gdbus">
<primary sortas="b-gdbus">gdbus</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="gdbus-codegen">
<term><command>gdbus-codegen</command></term>
<listitem>
<para>
is used to generate code and/or documentation for one or
more <application>D-Bus</application> interfaces
</para>
<indexterm zone="glib2 gdbus-codegen">
<primary sortas="b-gdbus-codegen">gdbus-codegen</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="gi-compile-repository">
<term><command>gi-compile-repository</command></term>
<listitem>
<para>
converts one or more GIR files into one or more typelib files
</para>
<indexterm zone="glib2 gi-compile-repository">
<primary sortas="b-gi-compile-repository">gi-compile-repository</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="gi-decompile-typelib">
<term><command>gi-decompile-typelib</command></term>
<listitem>
<para>
is a GIR decompiler that uses the repository API
</para>
<indexterm zone="glib2 gi-decompile-typelib">
<primary sortas="b-gi-decompile-typelib">gi-decompile-typelib</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="gi-inspect-typelib">
<term><command>gi-inspect-typelib</command></term>
<listitem>
<para>
is a utility that gives information about a GI typelib
</para>
<indexterm zone="glib2 gi-inspect-typelib">
<primary sortas="b-gi-inspect-typelib">gi-inspect-typelib</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="gio">
<term><command>gio</command></term>
<listitem>
<para>
is a utility that makes many <application>GIO</application>
features available from the command line
</para>
<indexterm zone="glib2 gio">
<primary sortas="b-gio">gio</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="gio-querymodules">
<term><command>gio-querymodules</command></term>
<listitem>
<para>
is used to create a <filename>giomodule.cache</filename> file in
the listed directories. This file lists the implemented extension
points for each module that has been found
</para>
<indexterm zone="glib2 gio-querymodules">
<primary sortas="b-gio-querymodules">gio-querymodules</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="glib-compile-resources">
<term><command>glib-compile-resources</command></term>
<listitem>
<para>
is used to read the resource description from a file and
the files that it references to create a binary resource
bundle that is suitable for use with the GResource API
</para>
<indexterm zone="glib2 glib-compile-resources">
<primary sortas="b-glib-compile-resources">glib-compile-resources</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="glib-compile-schemas">
<term><command>glib-compile-schemas</command></term>
<listitem>
<para>
is used to compile all the GSettings XML schema files
in a directory into a binary file with the name
<filename>gschemas.compiled</filename> that can be used by GSettings
</para>
<indexterm zone="glib2 glib-compile-schemas">
<primary sortas="b-glib-compile-resources">glib-compile-schemas</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="glib-genmarshal">
<term><command>glib-genmarshal</command></term>
<listitem>
<para>
is a C code marshaller generation utility for GLib closures
</para>
<indexterm zone="glib2 glib-genmarshal">
<primary sortas="b-glib-genmarshal">glib-genmarshal</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="glib-gettextize">
<term><command>glib-gettextize</command></term>
<listitem>
<para>
is a variant of the <application>gettext</application>
internationalization utility
</para>
<indexterm zone="glib2 glib-gettextize">
<primary sortas="b-glib-gettextize">glib-gettextize</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="glib-mkenums">
<term><command>glib-mkenums</command></term>
<listitem>
<para>
is a C language enum description generation utility
</para>
<indexterm zone="glib2 glib-mkenums">
<primary sortas="b-glib-mkenums">glib-mkenums</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="gobject-query">
<term><command>gobject-query</command></term>
<listitem>
<para>
is a small utility that draws a tree of types
</para>
<indexterm zone="glib2 gobject-query">
<primary sortas="b-gobject-query">gobject-query</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="gresource">
<term><command>gresource</command></term>
<listitem>
<para>
offers a simple command line interface to GResource
</para>
<indexterm zone="glib2 gresource">
<primary sortas="b-gresource">gresource</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="gsettings">
<term><command>gsettings</command></term>
<listitem>
<para>
offers a simple command line interface to GSettings
</para>
<indexterm zone="glib2 gsettings">
<primary sortas="b-gsettings">gsettings</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="gtester">
<term><command>gtester</command></term>
<listitem>
<para>
is a test running utility
</para>
<indexterm zone="glib2 gtester">
<primary sortas="b-gtester">gtester</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="gtester-report">
<term><command>gtester-report</command></term>
<listitem>
<para>
is a test report formatting utility
</para>
<indexterm zone="glib2 gtester-report">
<primary sortas="b-gtester-report">gtester-report</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="libgio">
<term><filename class='libraryfile'>libgio-2.0.so</filename></term>
<listitem>
<para>
is a library providing useful classes for general purpose I/O,
networking, IPC, settings, and other high level application
functionality
</para>
<indexterm zone="glib2 libgio">
<primary sortas="c-libgio">libgio-2.0.so</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="libgirepository">
<term><filename class='libraryfile'>libgirepository-2.0.so</filename></term>
<listitem>
<para>
is a library providing access to typelibs and introspection data
which describes C APIs
</para>
<indexterm zone="glib2 libgirepository">
<primary sortas="c-libgirepository2">libgirepository-2.0.so</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="libglib">
<term><filename class='libraryfile'>libglib-2.0.so</filename></term>
<listitem>
<para>
is a general-purpose, portable utility library, which provides
many useful data types, macros, type conversions, string
utilities, file utilities, a mainloop abstraction, and so on
</para>
<indexterm zone="glib2 libglib">
<primary sortas="c-libglib">libglib-2.0.so</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="libgmodule">
<term><filename class='libraryfile'>libgmodule-2.0.so</filename></term>
<listitem>
<para>
provides portable API for dynamically loading modules
</para>
<indexterm zone="glib2 libgmodule">
<primary sortas="c-libgmodule">libgmodule-2.0.so</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="libgobject">
<term><filename class='libraryfile'>libgobject-2.0.so</filename></term>
<listitem>
<para>
provides the GLib base type system and object class
</para>
<indexterm zone="glib2 libgobject">
<primary sortas="c-libgobject">libgobject-2.0.so</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="libgthread">
<term><filename class='libraryfile'>libgthread-2.0.so</filename></term>
<listitem>
<para>
is a skeleton library for backwards compatibility; it used to
be the GLib thread library but the functionalities has been
merged info <systemitem class='library'>libglib-2.0</systemitem>
</para>
<indexterm zone="glib2 libgthread">
<primary sortas="c-libgthread">libgthread-2.0.so</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="g-ir-annotation-tool">
<term><command>g-ir-annotation-tool</command></term>
<listitem>
<para>
creates or extracts annotation data from GI typelibs
</para>
<indexterm zone="glib2 g-ir-annotation-tool">
<primary sortas="b-g-ir-annotation-tool">g-ir-annotation-tool</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="g-ir-compiler">
<term><command>g-ir-compiler</command></term>
<listitem>
<para>
is a counterpart of <command>gi-compile-repository</command>
for the old
<systemitem class='library'>libgirepository-1.0</systemitem>
API
</para>
<indexterm zone="glib2 g-ir-compiler">
<primary sortas="b-g-ir-compiler">g-ir-compiler</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="g-ir-doc-tool">
<term><command>g-ir-doc-tool</command></term>
<listitem>
<para>
generates Mallard files that can be viewed with
<command>yelp</command> or rendered to HTML with
<command>yelp-build</command> from
<ulink url="&gnome-download-http;/yelp-tools">yelp-tools</ulink>
</para>
<indexterm zone="glib2 g-ir-doc-tool">
<primary sortas="b-g-ir-doc-tool">g-ir-doc-tool</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="g-ir-inspect">
<term><command>g-ir-inspect</command></term>
<listitem>
<para>
is a counterpart of <command>gi-inspect-typelib</command>
for the old
<systemitem class='library'>libgirepository-1.0</systemitem>
API
</para>
<indexterm zone="glib2 g-ir-inspect">
<primary sortas="b-g-ir-inspect">g-ir-inspect</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="g-ir-generate">
<term><command>g-ir-generate</command></term>
<listitem>
<para>
is a counterpart of <command>gi-decompile-typelib</command>
for the old
<systemitem class='library'>libgirepository-1.0</systemitem>
API
</para>
<indexterm zone="glib2 g-ir-generate">
<primary sortas="b-g-ir-generate">g-ir-generate</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="g-ir-scanner">
<term><command>g-ir-scanner</command></term>
<listitem>
<para>
is a tool which generates GIR XML files by parsing headers and
introspecting GObject based libraries
</para>
<indexterm zone="glib2 g-ir-scanner">
<primary sortas="b-g-ir-scanner">g-ir-scanner</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="libgirepository-1.0">
<term><filename class='libraryfile'>libgirepository-1.0.so</filename></term>
<listitem>
<para>
is a counterpart of
<systemitem class='library'>libgirepository-2.0</systemitem>
with the old 1.0 API
</para>
<indexterm zone="glib2 libgirepository-1.0">
<primary sortas="c-libgirepository1">libgirepository-1.0.so</primary>
</indexterm>
</listitem>
</varlistentry>
</variablelist>
</sect2>
</sect1>

7
shareddeps/dps/basicx/other/linux-pam-kernel.xml Normal file
View File

@ -0,0 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE note PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
<!-- Automatically generated by kernel-config.py
DO NOT EDIT! -->
<screen><emphasis role='blue'>G</emphasis>eneral setup ---&gt;
[*] <emphasis role='blue'>A</emphasis>uditing support [AUDIT]</screen>

517
shareddeps/dps/basicx/other/linux-pam.xml Normal file
View File

@ -0,0 +1,517 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../../../general.ent">
%general-entities;
<!ENTITY linux-pam-download-http "https://github.com/linux-pam/linux-pam/releases/download/v&linux-pam-version;/Linux-PAM-&linux-pam-version;.tar.xz">
<!ENTITY linux-pam-download-ftp " ">
<!ENTITY linux-pam-docs-download "https://github.com/linux-pam/linux-pam/releases/download/v&linux-pam-version;/Linux-PAM-&linux-pam-docs-version;-docs.tar.xz">
<!--
<!ENTITY debian-pam-docs "http://debian.securedservers.com/kernel/pub/linux/libs/pam">
-->
]>
<sect1 id="linux-pam" xreflabel="Linux-PAM-&linux-pam-version;">
<?dbhtml filename="linux-pam.html"?>
<title>Linux-PAM-&linux-pam-version;</title>
<indexterm zone="linux-pam">
<primary sortas="a-Linux-PAM">Linux-PAM</primary>
</indexterm>
<sect2 role="package">
<title>Introduction to Linux PAM</title>
<para>
The <application>Linux PAM</application> package contains
Pluggable Authentication Modules used by the local
system administrator to control how application programs authenticate
users.
</para>
&lfs121_checked;
<bridgehead renderas="sect3">Package Information</bridgehead>
<itemizedlist spacing="compact">
<listitem>
<para>
Download (HTTP): <ulink url="&linux-pam-download-http;"/>
</para>
</listitem>
<listitem>
<para>
Download (FTP): <ulink url="&linux-pam-download-ftp;"/>
</para>
</listitem>
</itemizedlist>
<bridgehead renderas="sect3">Additional Downloads</bridgehead>
<itemizedlist spacing="compact">
<title>Optional Documentation</title>
<listitem>
<para>
Download (HTTP): <ulink url="&linux-pam-docs-download;"/>
</para>
</listitem>
</itemizedlist>
</sect2>
<sect2 role="kernel" id="linux-pam-kernel">
<title>Kernel Configuration</title>
<para>
For the PAM module <filename
class='libraryfile'>pam_loginuid.so</filename> (referred by
the PAM configuration file <filename>system-session</filename> if
<xref linkend='elogind'/> is built) to work,
a kernel configuration parameter need to be set or the module will
just do nothing:
</para>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="linux-pam-kernel.xml"/>
<indexterm zone="linux-pam linux-pam-kernel">
<primary sortas="d-linux-pam">Linux-PAM</primary>
</indexterm>
</sect2>
<sect2 role="installation">
<title>Installation of Linux PAM</title>
<para>
First, prevent the installation of an unneeded systemd file:
</para>
<screen><userinput>sed -e /service_DATA/d \
-i modules/pam_namespace/Makefile.am</userinput></screen>
<!-- https://github.com/linux-pam/linux-pam/issues/809 -->
<para>
The shipped <filename>libtool.m4</filename> file has a configuration
inconsistent with LFS <filename class='directory'>/usr</filename>
hierarchy. This issue would cause
<filename class='libraryfile'>libpam_misc.so</filename> linked with
an rpath flag which may sometimes cause troubles or even security
issues. Regenerate the building system to fix the inconsistency:
</para>
<screen><userinput>autoreconf -fi</userinput></screen>
<para>
If you downloaded the documentation, unpack the tarball by issuing
the following command.
</para>
<screen><userinput>tar -xf ../Linux-PAM-&linux-pam-docs-version;-docs.tar.xz --strip-components=1</userinput></screen>
<!--
<para>
If you want to regenerate the documentation yourself, fix the
<command>configure</command> script so it will detect lynx:
</para>
<screen><userinput>sed -e 's/dummy elinks/dummy lynx/' \
-e 's/-no-numbering -no-references/-force-html -nonumbers -stdin/' \
-i configure</userinput></screen>
-->
<para>
Compile and link <application>Linux PAM</application> by
running the following commands:
</para>
<screen><userinput>./configure --prefix=/usr \
--sbindir=/usr/sbin \
--sysconfdir=/etc \
--libdir=/usr/lib \
--enable-securedir=/usr/lib/security \
--docdir=/usr/share/doc/Linux-PAM-&linux-pam-version; &amp;&amp;
make</userinput></screen>
<para>
To test the results, a suitable <filename>/etc/pam.d/other</filename>
configuration file must exist.
</para>
<caution>
<title>Reinstallation or Upgrade of Linux PAM</title>
<para>
If you have a system with Linux PAM installed and working, be careful
when modifying the files in
<filename class="directory">/etc/pam.d</filename>, since your system
may become totally unusable. If you want to run the tests, you do not
need to create another <filename>/etc/pam.d/other</filename> file. The
existing file can be used for the tests.
</para>
<para>
You should also be aware that <command>make install</command>
overwrites the configuration files in
<filename class="directory">/etc/security</filename> as well as
<filename>/etc/environment</filename>. If you
have modified those files, be sure to back them up.
</para>
</caution>
<para>
For a first-time installation, create a configuration file by issuing the
following commands as the <systemitem class="username">root</systemitem>
user:
</para>
<screen role="root"><userinput>install -v -m755 -d /etc/pam.d &amp;&amp;
cat &gt; /etc/pam.d/other &lt;&lt; "EOF"
<literal>auth required pam_deny.so
account required pam_deny.so
password required pam_deny.so
session required pam_deny.so</literal>
EOF</userinput></screen>
<para>
Now run the tests by issuing <command>make check</command>.
Be sure the tests produced no errors before continuing the
installation. Note that the tests are very long.
Redirect the output to a log file, so you can inspect it thoroughly.
</para>
<para>
For a first-time installation, remove the configuration file
created earlier by issuing the following command as the
<systemitem class="username">root</systemitem> user:
</para>
<screen role="root"><userinput>rm -fv /etc/pam.d/other</userinput></screen>
<para>
Now, as the <systemitem class="username">root</systemitem>
user:
</para>
<screen role="root"><userinput>make install &amp;&amp;
chmod -v 4755 /usr/sbin/unix_chkpwd</userinput></screen>
</sect2>
<sect2 role="commands">
<title>Command Explanations</title>
<para>
<parameter>--enable-securedir=/usr/lib/security</parameter>:
This switch sets the installation location for the
<application>PAM</application> modules.
</para>
<!--
<para>
<option>- -disable-regenerate-docu</option> : If the needed dependencies
(<xref linkend="DocBook"/>, <xref linkend="docbook-xsl"/>, <xref
linkend="libxslt"/>, and <xref linkend="lynx"/> or <ulink
url="&w3m-url;">W3m</ulink>) are installed, the manual pages, and the
html and text documentation files, are generated and installed.
Furthermore, if <xref linkend="fop"/> is installed, the PDF
documentation is generated and installed. Use this switch if you do not
want to rebuild the documentation.
</para>
-->
<para>
<command>chmod -v 4755 /usr/sbin/unix_chkpwd</command>:
The setuid bit for the <command>unix_chkpwd</command> helper program must be
turned on, so that non-<systemitem class="username">root</systemitem>
processes can access the shadow file.
</para>
</sect2>
<sect2 role="configuration">
<title>Configuring Linux-PAM</title>
<sect3 id="pam-config">
<title>Configuration Files</title>
<para>
<filename>/etc/security/*</filename> and
<filename>/etc/pam.d/*</filename>
</para>
<indexterm zone="linux-pam pam-config">
<primary sortas="e-etc-security">/etc/security/*</primary>
</indexterm>
<indexterm zone="linux-pam pam-config">
<primary sortas="e-etc-pam.d">/etc/pam.d/*</primary>
</indexterm>
</sect3>
<sect3>
<title>Configuration Information</title>
<para>
Configuration information is placed in
<filename class="directory">/etc/pam.d/</filename>.
Here is a sample file:
</para>
<screen><literal># Begin /etc/pam.d/other
auth required pam_unix.so nullok
account required pam_unix.so
session required pam_unix.so
password required pam_unix.so nullok
# End /etc/pam.d/other</literal></screen>
<para>
Now create some generic configuration files. As the
<systemitem class="username">root</systemitem> user:
</para>
<screen role="root"><userinput>install -vdm755 /etc/pam.d &amp;&amp;
cat &gt; /etc/pam.d/system-account &lt;&lt; "EOF" &amp;&amp;
<literal># Begin /etc/pam.d/system-account
account required pam_unix.so
# End /etc/pam.d/system-account</literal>
EOF
cat &gt; /etc/pam.d/system-auth &lt;&lt; "EOF" &amp;&amp;
<literal># Begin /etc/pam.d/system-auth
auth required pam_unix.so
# End /etc/pam.d/system-auth</literal>
EOF
cat &gt; /etc/pam.d/system-session &lt;&lt; "EOF" &amp;&amp;
<literal># Begin /etc/pam.d/system-session
session required pam_unix.so
# End /etc/pam.d/system-session</literal>
EOF
cat &gt; /etc/pam.d/system-password &lt;&lt; "EOF"
<literal># Begin /etc/pam.d/system-password
# use yescrypt hash for encryption, use shadow, and try to use any
# previously defined authentication token (chosen password) set by any
# prior module.
password required pam_unix.so yescrypt shadow try_first_pass
# End /etc/pam.d/system-password</literal>
EOF
</userinput></screen>
<para>
Next, add a restrictive <filename>/etc/pam.d/other</filename>
configuration file. With this file, programs that are PAM aware will
not run unless a configuration file specifically for that application
exists.
</para>
<screen role="root"><userinput>cat &gt; /etc/pam.d/other &lt;&lt; "EOF"
<literal># Begin /etc/pam.d/other
auth required pam_warn.so
auth required pam_deny.so
account required pam_warn.so
account required pam_deny.so
password required pam_warn.so
password required pam_deny.so
session required pam_warn.so
session required pam_deny.so
# End /etc/pam.d/other</literal>
EOF</userinput></screen>
<para>
The <application>PAM</application> man page (<command>man
pam</command>) provides a good starting point to learn
about the several fields, and allowable entries.
<!-- not accessible 2022-09-08 -->
<!-- it's available at a different address 2022-10-23-->
The
<ulink url="https://www.docs4dev.com/docs/en/linux-pam/1.1.2/reference/Linux-PAM_SAG.html">
Linux-PAM System Administrators' Guide
</ulink> is recommended for additional information.
</para>
<important>
<para>
You should now reinstall the <xref linkend="shadow"/>
package.
</para>
</important>
</sect3>
</sect2>
<sect2 role="content">
<title>Contents</title>
<segmentedlist>
<segtitle>Installed Program</segtitle>
<segtitle>Installed Libraries</segtitle>
<segtitle>Installed Directories</segtitle>
<seglistitem>
<seg>
faillock, mkhomedir_helper, pam_namespace_helper,
pam_timestamp_check, pwhistory_helper, unix_chkpwd and
unix_update
</seg>
<seg>
libpam.so, libpamc.so and libpam_misc.so
</seg>
<seg>
/etc/security,
/usr/lib/security,
/usr/include/security and
/usr/share/doc/Linux-PAM-&linux-pam-version;
</seg>
</seglistitem>
</segmentedlist>
<variablelist>
<bridgehead renderas="sect3">Short Descriptions</bridgehead>
<?dbfo list-presentation="list"?>
<?dbhtml list-presentation="table"?>
<varlistentry id="faillock">
<term><command>faillock</command></term>
<listitem>
<para>
displays and modifies the authentication failure record files
</para>
<indexterm zone="linux-pam faillock">
<primary sortas="b-faillock">faillock</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="mkhomedir_helper">
<term><command>mkhomedir_helper</command></term>
<listitem>
<para>
is a helper binary that creates home directories
</para>
<indexterm zone="linux-pam mkhomedir_helper">
<primary sortas="b-mkhomedir_helper">mkhomedir_helper</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="pam_namespace_helper">
<term><command>pam_namespace_helper</command></term>
<listitem>
<para>
is a helper program used to configure a private namespace for a
user session
</para>
<indexterm zone="linux-pam pam_namespace_helper">
<primary sortas="b-pam_namespace_helper">pam_namespace_helper</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="pwhistory_helper">
<term><command>pwhistory_helper</command></term>
<listitem>
<para>
is a helper program that transfers password hashes from passwd or
shadow to opasswd
</para>
<indexterm zone="linux-pam pwhistory_helper">
<primary sortas="b-pwhistory_helper">pwhistory_helper</primary>
</indexterm>
</listitem>
</varlistentry>
<!-- Removed with the removal of the pam_tally{,2} module
<varlistentry id="pam_tally">
<term><command>pam_tally</command></term>
<listitem>
<para>
is used to interrogate and manipulate the login counter file.
</para>
<indexterm zone="linux-pam pam_tally">
<primary sortas="b-pam_tally">pam_tally</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="pam_tally2">
<term><command>pam_tally2</command></term>
<listitem>
<para>
is used to interrogate and manipulate the login counter file, but
does not have some limitations that <command>pam_tally</command>
does.
</para>
<indexterm zone="linux-pam pam_tally2">
<primary sortas="b-pam_tally2">pam_tally2</primary>
</indexterm>
</listitem>
</varlistentry>
-->
<varlistentry id="pam_timestamp_check">
<term><command>pam_timestamp_check</command></term>
<listitem>
<para>
is used to check if the default timestamp is valid
</para>
<indexterm zone="linux-pam pam_timestamp_check">
<primary sortas="b-pam_timestamp_check">pam_timestamp_check</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="unix_chkpwd">
<term><command>unix_chkpwd</command></term>
<listitem>
<para>
is a helper binary that verifies the password of the current user
</para>
<indexterm zone="linux-pam unix_chkpwd">
<primary sortas="b-unix_chkpwd">unix_chkpwd</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="unix_update">
<term><command>unix_update</command></term>
<listitem>
<para>
is a helper binary that updates the password of a given user
</para>
<indexterm zone="linux-pam unix_update">
<primary sortas="b-unix_update">unix_update</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="libpam">
<term><filename class="libraryfile">libpam.so</filename></term>
<listitem>
<para>
provides the interfaces between applications and the
PAM modules
</para>
<indexterm zone="linux-pam libpam">
<primary sortas="c-libpam">libpam.so</primary>
</indexterm>
</listitem>
</varlistentry>
</variablelist>
</sect2>
</sect1>

316
shareddeps/dps/basicx/other/polkit.xml Normal file
View File

@ -0,0 +1,316 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../../../general.ent">
%general-entities;
<!ENTITY polkit-download-http "https://github.com/polkit-org/polkit/archive/&polkit-version;/polkit-&polkit-version;.tar.gz">
<!ENTITY polkit-download-ftp " ">
]>
<sect1 id="polkit" xreflabel="Polkit-&polkit-version;">
<?dbhtml filename="polkit.html"?>
<title>Polkit-&polkit-version;</title>
<indexterm zone="polkit">
<primary sortas="a-Polkit">Polkit</primary>
</indexterm>
<sect2 role="package">
<title>Introduction to Polkit</title>
<para>
<application>Polkit</application> is a toolkit for defining and handling
authorizations. It is used for allowing unprivileged processes to
communicate with privileged processes.
</para>
&lfs121_checked;
<bridgehead renderas="sect3">Package Information</bridgehead>
<itemizedlist spacing="compact">
<listitem>
<para>
Download (HTTP): <ulink url="&polkit-download-http;"/>
</para>
</listitem>
<listitem>
<para>
Download (FTP): <ulink url="&polkit-download-ftp;"/>
</para>
</listitem>
</itemizedlist>
<!--
<bridgehead renderas="sect3">Additional Downloads</bridgehead>
<itemizedlist spacing="compact">
<listitem>
<para>
Required patch:
<ulink url="&patch-root;/polkit-&polkit-version;-security_fixes-1.patch"/>
</para>
</listitem>
<listitem>
<para>
Required patch:
<ulink url="&patch-root;/polkit-&polkit-version;-js91-1.patch"/>
</para>
</listitem>
</itemizedlist>
-->
<bridgehead renderas="sect3">Polkit Dependencies</bridgehead>
<bridgehead renderas="sect4">Required</bridgehead>
<para role="required">
<xref linkend="duktape"/> and
<xref linkend="glib2"/>
</para>
<bridgehead renderas="sect4">Recommended</bridgehead>
<para role="recommended">
<xref linkend="linux-pam"/> and <xref linkend="elogind"/>
</para>
<note>
<para>
Since <command>elogind</command>
uses PAM to register user sessions, it is a good idea to build
<application>Polkit</application> with PAM support so
<command>elogind</command>
can track <application>Polkit</application> sessions.
</para>
</note>
<bridgehead renderas="sect4" id="polkit-agent" xreflabel="Polkit Authentication Agent">
Optional Runtime Dependencies
</bridgehead>
<para role="optional">
One polkit authentication agent for using polkit in the graphical
environment; this will greatly depend on what desktop you are running...
</para>
</sect2>
<sect2 role="installation">
<title>Installation of Polkit</title>
<para>
There should be a dedicated user and group to take control
of the <command>polkitd</command> daemon after it is
started. Issue the following commands as the
<systemitem class="username">root</systemitem> user:
</para>
<screen role="root"><userinput>groupadd -fg 27 polkitd &amp;&amp;
useradd -c "PolicyKit Daemon Owner" -d /etc/polkit-1 -u 27 \
-g polkitd -s /bin/false polkitd</userinput></screen>
<para>
First fix a build problem for sysV based systems:
</para>
<screen><userinput>sed -i '/systemd_sysusers_dir/s/^/#/' meson.build</userinput></screen>
<para>
Install <application>Polkit</application> by running the following
commands:
</para>
<screen><userinput>mkdir build &amp;&amp;
cd build &amp;&amp;
meson setup .. \
--prefix=/usr \
--buildtype=release \
-D man=false \
-D session_tracking=elogind \
-D introspection=false \
-D tests=false</userinput></screen>
<para>
Build the package:
</para>
<screen><userinput>ninja</userinput></screen>
<para>
Now, as the <systemitem class="username">root</systemitem> user:
</para>
<screen role="root"><userinput>ninja install</userinput></screen>
</sect2>
<sect2 role="commands">
<title>Command Explanations</title>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../../../../xincludes/meson-buildtype-release.xml"/>
<para>
<option>-D os_type=lfs</option>: Use this switch if you did not create
the <filename>/etc/lfs-release</filename> file or distribution auto
detection will fail and you will be unable to use
<application>Polkit</application>.
</para>
<para>
<option>-D authfw=shadow</option>: This switch enables the
package to use the <application>Shadow</application> rather than the
<application>Linux PAM</application> Authentication framework. Use it
if you have not installed <application>Linux PAM</application>.
</para>
<para>
<option>-D introspection=false</option>: This option disables GObject
Introspection support as it was not enabled in <xref linkend='glib2'/>.
</para>
<para>
<option>-D man=false</option>: This option disables generating and
installing manual pages.
</para>
</sect2>
<sect2 role="content">
<title>Contents</title>
<segmentedlist>
<segtitle>Installed Programs</segtitle>
<segtitle>Installed Libraries</segtitle>
<segtitle>Installed Directories</segtitle>
<seglistitem>
<seg>
pkaction, pkcheck, <!--pk-example-frobnicate,--> pkexec,
pkttyagent, and polkitd
</seg>
<seg>
libpolkit-agent-1.so and
libpolkit-gobject-1.so
</seg>
<seg>
/etc/polkit-1,
/usr/include/polkit-1,
/usr/lib/polkit-1,
/usr/share/gtk-doc/html/polkit-1, and
/usr/share/polkit-1
</seg>
</seglistitem>
</segmentedlist>
<variablelist>
<bridgehead renderas="sect3">Short Descriptions</bridgehead>
<?dbfo list-presentation="list"?>
<?dbhtml list-presentation="table"?>
<varlistentry id="pkaction">
<term><command>pkaction</command></term>
<listitem>
<para>
is used to obtain information about registered PolicyKit actions
</para>
<indexterm zone="polkit pkaction">
<primary sortas="b-pkaction">pkaction</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="pkcheck">
<term><command>pkcheck</command></term>
<listitem>
<para>
is used to check whether a process is authorized for action
</para>
<indexterm zone="polkit pkcheck">
<primary sortas="b-pkcheck">pkcheck</primary>
</indexterm>
</listitem>
</varlistentry>
<!--
<varlistentry id="pk-example-frobnicate">
<term><command>pk-example-frobnicate</command></term>
<listitem>
<para>
is an example program to test the <command>pkexec</command>
command
</para>
<indexterm zone="polkit pk-example-frobnicate">
<primary sortas="b-pk-example-frobnicate">pk-example-frobnicate</primary>
</indexterm>
</listitem>
</varlistentry>
-->
<varlistentry id="pkexec">
<term><command>pkexec</command></term>
<listitem>
<para>
allows an authorized user to execute a command as another user
</para>
<indexterm zone="polkit pkexec">
<primary sortas="b-pkexec">pkexec</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="pkttyagent">
<term><command>pkttyagent</command></term>
<listitem>
<para>
is used to start a textual authentication agent for the subject
</para>
<indexterm zone="polkit pkttyagent">
<primary sortas="b-pkttyagent">pkttyagent</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="polkitd">
<term><command>polkitd</command></term>
<listitem>
<para>
provides the org.freedesktop.PolicyKit1 <application>D-Bus</application>
service on the system message bus
</para>
<indexterm zone="polkit polkitd">
<primary sortas="b-polkitd">polkitd</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="libpolkit-agent-1">
<term><filename class="libraryfile">libpolkit-agent-1.so</filename></term>
<listitem>
<para>
contains the <application>Polkit</application> authentication
agent API functions
</para>
<indexterm zone="polkit libpolkit-agent-1">
<primary sortas="c-libpolkit-agent-1">libpolkit-agent-1.so</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="libpolkit-gobject-1">
<term><filename class="libraryfile">libpolkit-gobject-1.so</filename></term>
<listitem>
<para>
contains the <application>Polkit</application> authorization API functions
</para>
<indexterm zone="polkit libpolkit-gobject-1">
<primary sortas="c-libpolkit-gobject-1">libpolkit-gobject-1.so</primary>
</indexterm>
</listitem>
</varlistentry>
</variablelist>
</sect2>
</sect1>

575
shareddeps/dps/basicx/other/shadow.xml Normal file
View File

@ -0,0 +1,575 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../../../general.ent">
%general-entities;
<!ENTITY shadow-download-http "https://github.com/shadow-maint/shadow/releases/download/&shadow-version;/shadow-&shadow-version;.tar.xz">
<!ENTITY shadow-download-ftp " ">
]>
<sect1 id="shadow" xreflabel="Shadow-&shadow-version;">
<?dbhtml filename="shadow.html"?>
<title>Shadow-&shadow-version;</title>
<indexterm zone="shadow">
<primary sortas="a-Shadow">Shadow</primary>
</indexterm>
<sect2 role="package">
<title>Introduction to Shadow</title>
<para>
<application>Shadow</application> was indeed installed in LFS and there is
no reason to reinstall it unless you installed
<application>Linux-PAM</application> after your LFS system was completed.
If you have installed <application>Linux-PAM</application>,
reinstalling <application>Shadow</application> will allow programs such as
<command>login</command> and <command>su</command> to utilize PAM.
</para>
&lfs121_checked;
<bridgehead renderas="sect3">Package Information</bridgehead>
<itemizedlist spacing="compact">
<listitem>
<para>
Download (HTTP): <ulink url="&shadow-download-http;"/>
</para>
</listitem>
<listitem>
<para>
Download (FTP): <ulink url="&shadow-download-ftp;"/>
</para>
</listitem>
</itemizedlist>
<!--
<bridgehead renderas="sect3">Additional Downloads</bridgehead>
<itemizedlist spacing="compact">
<listitem>
<para>
Required patch:
<ulink url="&patch-root;/shadow-&shadow-version;-useradd_segfault-1.patch"/>
</para>
</listitem>
</itemizedlist>
-->
<bridgehead renderas="sect3">Shadow Dependencies</bridgehead>
<bridgehead renderas="sect4">Required</bridgehead>
<para role="required">
<xref linkend="linux-pam"/>
</para>
</sect2>
<sect2 role="installation">
<title>Installation of Shadow</title>
<important>
<para>
The installation commands shown below are for installations where
<application>Linux-PAM</application> has been installed and
<application>Shadow</application> is being reinstalled to support the
<application>Linux-PAM</application> installation.
</para>
</important>
<warning>
<para>
If reinstalling shadow for a version update, be sure to
reaccomplish the Linux-PAM configuration below. The installation
of shadow overwrites many of the files in
<filename class="directory">/etc/pam.d/</filename>.
</para>
</warning>
<para>
Reinstall <application>Shadow</application> by running the following
commands:
</para>
<!--
<screen><userinput>patch -Np1 -i ../shadow-4.10-useradd_segfault-1.patch &amp;&amp;
-->
<screen><userinput>sed -i 's/groups$(EXEEXT) //' src/Makefile.in &amp;&amp;
find man -name Makefile.in -exec sed -i 's/groups\.1 / /' {} \; &amp;&amp;
find man -name Makefile.in -exec sed -i 's/getspnam\.3 / /' {} \; &amp;&amp;
find man -name Makefile.in -exec sed -i 's/passwd\.5 / /' {} \; &amp;&amp;
sed -e 's@#ENCRYPT_METHOD DES@ENCRYPT_METHOD YESCRYPT@' \
-e 's@/var/spool/mail@/var/mail@' \
-e '/PATH=/{s@/sbin:@@;s@/bin:@@}' \
-i etc/login.defs &amp;&amp;
./configure --sysconfdir=/etc \
--disable-static \
--without-libbsd \
--with-{b,yes}crypt &amp;&amp;<!--
This is the default: - -with-group-name-max-length=32 &amp;&amp;-->
make</userinput></screen>
<para>
This package does not come with a test suite.
</para>
<para>
Now, as the <systemitem class="username">root</systemitem> user:
</para>
<screen role="root"><userinput>make exec_prefix=/usr pamddir= install</userinput></screen>
<para>
The man pages were installed in LFS, but if reinstallation is
desired, run (as the <systemitem class="username">root</systemitem> user):
</para>
<screen role="root"><userinput>make -C man install-man</userinput></screen>
</sect2>
<sect2 role="commands">
<title>Command Explanations</title>
<para>
<command>sed -i 's/groups$(EXEEXT) //' src/Makefile.in</command>: This sed
is used to suppress the installation of the <command>groups</command>
program as the version from the <application>Coreutils</application>
package installed during LFS is preferred.
</para>
<para>
<command>find man -name Makefile.in -exec ... {} \;</command>: The
first command is used to suppress the installation of the
<command>groups</command> man pages so the existing ones installed from
the <application>Coreutils</application> package are not replaced.
The two other commands prevent installation of manual pages that
are already installed by <application>Man-pages</application> in LFS.
</para>
<para>
<command>sed -e 's@#ENCRYPT_METHOD DES@ENCRYPT_METHOD YESCRYPT@' -e
's@/var/spool/mail@/var/mail@' -e '/PATH=/{s@/sbin:@@;s@/bin:@@}'
-i etc/login.defs</command>: Instead of using the default 'DES'
method, this command modifies the installation to use the much more
secure 'YESCRYPT' method of hashing passwords, which also allows
passwords longer than eight characters. The command also changes the
obsolete <filename class="directory">/var/spool/mail</filename> location
for user mailboxes that <application>Shadow</application> uses by
default to the <filename class="directory">/var/mail</filename>
location. It also changes the default path to be consistent with that
set in LFS.
</para>
<para>
<parameter>--without-libbsd</parameter>: Prevents looking for the
<command>readpassphrase</command> function, which can be found only in
<filename class="libraryfile">libbsd</filename>, which is not in GLFS.
An internal implementation of <command>readpassphrase</command> is used
instead.
</para>
<para>
<parameter>pamddir=</parameter>: Prevents installation of the shipped
PAM configuration files into
<filename class='directory'>/etc/pam.d</filename>. The shipped
configuration does not work with the BLFS PAM configuration and we
will create these configuration files explicitly.
</para>
<!-- This is the default
<para>
<parameter>-\-with-group-name-max-length=32</parameter>: The maximum
user name is 32 characters. Make the maximum group name the same.
</para>
-->
<!--
<para>
<parameter>-\-without-su</parameter>: Don't reinstall
<command>su</command> because upstream recommends using the
<command>su</command> command from <xref linkend='util-linux'/>
when <application>Linux-PAM</application> is available.
</para>
-->
</sect2>
<!-- Now, /etc/default/useradd is not reinstalled anymore, and this
configuration has been done in lfs
<sect2 role="configuration">
<title>Configuring Shadow</title>
<para>
<application>Shadow</application>'s stock configuration for the
<command>useradd</command> utility may not be desirable for your
installation. One default parameter causes <command>useradd</command> to
create a mailbox file for any newly created user.
<command>useradd</command> will make the group ownership of this file to
the <systemitem class="groupname">mail</systemitem> group with 0660
permissions. If you would prefer that these mailbox files are not created
by <command>useradd</command>, issue the following command as the
<systemitem class="username">root</systemitem> user:
</para>
<screen role="root"><userinput>sed -i 's/yes/no/' /etc/default/useradd</userinput></screen>
</sect2>
-->
<sect2 role="configuration">
<title>Configuring Linux-PAM to Work with Shadow</title>
<sect3 id="pam.d">
<title>Config Files</title>
<para>
<filename>/etc/pam.d/*</filename> or alternatively
<filename>/etc/pam.conf</filename>,
<filename>/etc/login.defs</filename> and
<filename>/etc/security/*</filename>
</para>
<indexterm zone="shadow pam.d">
<primary sortas="e-etc-pam.d">/etc/pam.d/*</primary>
</indexterm>
<indexterm zone="shadow pam.d">
<primary sortas="e-etc-pam.conf">/etc/pam.conf</primary>
</indexterm>
<indexterm zone="shadow pam.d">
<primary sortas="e-etc-login.defs">/etc/login.defs</primary>
</indexterm>
<indexterm zone="shadow pam.d">
<primary sortas="e-etc-security">/etc/security/*</primary>
</indexterm>
</sect3>
<sect3>
<title>Configuration Information</title>
<para>
Configuring your system to use <application>Linux-PAM</application> can
be a complex task. The information below will provide a basic setup so
that <application>Shadow</application>'s login and password
functionality will work effectively with
<application>Linux-PAM</application>. Review the information and links
on the <xref linkend="linux-pam"/> page for further configuration
information. For information specific to integrating
<application>Shadow</application>, <application>Linux-PAM</application>
and <application>libpwquality</application>, you can visit the
following link:
</para>
<itemizedlist spacing="compact">
<listitem>
<!-- Old URL redirects to here. -->
<para>
<ulink url="https://deer-run.com/users/hal/linux_passwords_pam.html"/>
</para>
</listitem>
</itemizedlist>
<sect4 id="pam-login-defs">
<title>Configuring /etc/login.defs</title>
<para>
The <command>login</command> program currently performs many functions
which <application>Linux-PAM</application> modules should now handle.
The following <command>sed</command> command will comment out the
appropriate lines in <filename>/etc/login.defs</filename>, and stop
<command>login</command> from performing these functions (a backup
file named <filename>/etc/login.defs.orig</filename> is also created
to preserve the original file's contents). Issue the following
commands as the <systemitem class="username">root</systemitem> user:
</para>
<indexterm zone="shadow pam-login-defs">
<primary sortas="e-etc-login.defs">/etc/login.defs</primary>
</indexterm>
<screen role="root"><userinput>install -v -m644 /etc/login.defs /etc/login.defs.orig &amp;&amp;
for FUNCTION in FAIL_DELAY \
FAILLOG_ENAB \
LASTLOG_ENAB \
MAIL_CHECK_ENAB \
OBSCURE_CHECKS_ENAB \
PORTTIME_CHECKS_ENAB \
QUOTAS_ENAB \
CONSOLE MOTD_FILE \
FTMP_FILE NOLOGINS_FILE \
ENV_HZ PASS_MIN_LEN \
SU_WHEEL_ONLY \
CRACKLIB_DICTPATH \
PASS_CHANGE_TRIES \
PASS_ALWAYS_WARN \
CHFN_AUTH ENCRYPT_METHOD \
ENVIRON_FILE
do
sed -i "s/^${FUNCTION}/# &amp;/" /etc/login.defs
done</userinput></screen>
</sect4>
<sect4>
<title>Configuring the /etc/pam.d/ Files</title>
<para>
As mentioned previously in the <application>Linux-PAM</application>
instructions, <application>Linux-PAM</application> has two supported
methods for configuration. The commands below assume that you've
chosen to use a directory based configuration, where each program has
its own configuration file. You can optionally use a single
<filename>/etc/pam.conf</filename> configuration file by using the
text from the files below, and supplying the program name as an
additional first field for each line.
</para>
<para>
As the <systemitem class="username">root</systemitem> user, create
the following <application>Linux-PAM</application> configuration files
in the <filename class="directory">/etc/pam.d/</filename> directory
(or add the contents to the <filename>/etc/pam.conf</filename> file)
using the following commands:
</para>
</sect4>
<sect4>
<title>'login'</title>
<screen role="root"><userinput>cat &gt; /etc/pam.d/login &lt;&lt; "EOF"
<literal># Begin /etc/pam.d/login
# Set failure delay before next prompt to 3 seconds
auth optional pam_faildelay.so delay=3000000
# Check to make sure that the user is allowed to login
auth requisite pam_nologin.so
# Check to make sure that root is allowed to login
# Disabled by default. You will need to create /etc/securetty
# file for this module to function. See man 5 securetty.
#auth required pam_securetty.so
# Additional group memberships - disabled by default
#auth optional pam_group.so
# include system auth settings
auth include system-auth
# check access for the user
account required pam_access.so
# include system account settings
account include system-account
# Set default environment variables for the user
session required pam_env.so
# Set resource limits for the user
session required pam_limits.so
# Display the message of the day - Disabled by default
#session optional pam_motd.so
# Check user's mail - Disabled by default
#session optional pam_mail.so standard quiet
# include system session and password settings
session include system-session
password include system-password
# End /etc/pam.d/login</literal>
EOF</userinput></screen>
</sect4>
<sect4>
<title>'passwd'</title>
<screen role="root"><userinput>cat &gt; /etc/pam.d/passwd &lt;&lt; "EOF"
<literal># Begin /etc/pam.d/passwd
password include system-password
# End /etc/pam.d/passwd</literal>
EOF</userinput></screen>
</sect4>
<sect4>
<title>'su'</title>
<screen role="root"><userinput>cat &gt; /etc/pam.d/su &lt;&lt; "EOF"
<literal># Begin /etc/pam.d/su
# always allow root
auth sufficient pam_rootok.so
# Allow users in the wheel group to execute su without a password
# disabled by default
#auth sufficient pam_wheel.so trust use_uid
# include system auth settings
auth include system-auth
# limit su to users in the wheel group
# disabled by default
#auth required pam_wheel.so use_uid
# include system account settings
account include system-account
# Set default environment variables for the service user
session required pam_env.so
# include system session settings
session include system-session
# End /etc/pam.d/su</literal>
EOF</userinput></screen>
</sect4>
<sect4>
<title>'chpasswd' and 'newusers'</title>
<screen role="root"><userinput>cat &gt; /etc/pam.d/chpasswd &lt;&lt; "EOF"
<literal># Begin /etc/pam.d/chpasswd
# always allow root
auth sufficient pam_rootok.so
# include system auth and account settings
auth include system-auth
account include system-account
password include system-password
# End /etc/pam.d/chpasswd</literal>
EOF
sed -e s/chpasswd/newusers/ /etc/pam.d/chpasswd >/etc/pam.d/newusers</userinput></screen>
</sect4>
<sect4>
<title>'chage'</title>
<screen role="root"><userinput>cat &gt; /etc/pam.d/chage &lt;&lt; "EOF"
<literal># Begin /etc/pam.d/chage
# always allow root
auth sufficient pam_rootok.so
# include system auth and account settings
auth include system-auth
account include system-account
# End /etc/pam.d/chage</literal>
EOF</userinput></screen>
</sect4>
<sect4>
<title>Other shadow utilities</title>
<screen role="root"><userinput>for PROGRAM in chfn chgpasswd chsh groupadd groupdel \
groupmems groupmod useradd userdel usermod
do
install -v -m644 /etc/pam.d/chage /etc/pam.d/${PROGRAM}
sed -i "s/chage/$PROGRAM/" /etc/pam.d/${PROGRAM}
done</userinput></screen>
<warning>
<para>
At this point, you should do a simple test to see if
<application>Shadow</application> is working as expected. Open
another terminal and log in as
<systemitem class="username">root</systemitem>, and then run
<command>login</command> and login as another user. If you do
not see any errors, then all is well and you should proceed with
the rest of the configuration. If you did receive errors, stop
now and double check the above configuration files manually.
Any error is the sign of an error in the above procedure.
You can also run the
test suite from the <application>Linux-PAM</application> package
to assist you in determining the problem. If you cannot find and
fix the error, you should recompile
<application>Shadow</application> adding the
<option>--without-libpam</option> switch to the
<command>configure</command> command in the above instructions
(also move the <filename>/etc/login.defs.orig</filename> backup
file to <filename>/etc/login.defs</filename>). If you fail to do
this and the errors remain, you will be unable to log into your
system.
</para>
</warning>
</sect4>
<sect4 id="pam-access">
<title>Configuring Login Access</title>
<para>
Instead of using the <filename>/etc/login.access</filename> file for
controlling access to the system, <application>Linux-PAM</application>
uses the <filename class='libraryfile'>pam_access.so</filename> module
along with the <filename>/etc/security/access.conf</filename> file.
Rename the <filename>/etc/login.access</filename> file using the
following command:
</para>
<indexterm zone="shadow pam-access">
<primary sortas="e-etc-security-access.conf">/etc/security/access.conf</primary>
</indexterm>
<!-- to editors: it is a common belief that:
if <condition>; then <command>; fi
is equivalent to:
<condition> && <command>
This is not true in bash; try:
([ 0 = 1 ] && echo not reachable); echo $? # echoes 1
vs
(if [ 0 = 1 ]; then echo not reachable; fi); echo $? # echoes 0
So in scripts that may call subshells (for example through sudo) and
that need error reporting, the outcome _is_ different. In all
cases, for bash, the "if" form should be preferred.-->
<screen role="root"><userinput>if [ -f /etc/login.access ]; then mv -v /etc/login.access{,.NOUSE}; fi</userinput></screen>
</sect4>
<sect4 id="pam-limits">
<title>Configuring Resource Limits</title>
<para>
Instead of using the <filename>/etc/limits</filename> file for
limiting usage of system resources,
<application>Linux-PAM</application> uses the
<filename class='libraryfile'>pam_limits.so</filename> module along
with the <filename>/etc/security/limits.conf</filename> file. Rename
the <filename>/etc/limits</filename> file using the following command:
</para>
<indexterm zone="shadow pam-limits">
<primary sortas="e-etc-security-limits.conf">/etc/security/limits.conf</primary>
</indexterm>
<screen role="root"><userinput>if [ -f /etc/limits ]; then mv -v /etc/limits{,.NOUSE}; fi</userinput></screen>
<caution>
<para>
Be sure to test the login capabilities of the system before logging
out. Errors in the configuration can cause a permanent
lockout requiring a boot from an external source to correct the
problem.
</para>
</caution>
</sect4>
</sect3>
</sect2>
<sect2 role="content">
<title>Contents</title>
<para>
A list of the installed files, along with their short descriptions can be
found at
<ulink url="&lfs-root;/chapter08/shadow.html#contents-shadow"/>.
</para>
</sect2>
</sect1>

166
shareddeps/dps/basicx/other/shared-mime-info.xml Normal file
View File

@ -0,0 +1,166 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../../../general.ent">
%general-entities;
<!ENTITY shared-mime-info-download-http
"https://gitlab.freedesktop.org/xdg/shared-mime-info/-/archive/&shared-mime-info-version;/shared-mime-info-&shared-mime-info-version;.tar.gz">
<!ENTITY shared-mime-info-download-ftp " ">
<!ENTITY xdgmime-download-http "&sources-anduin-http;/xdgmime/xdgmime.tar.xz">
]>
<sect1 id="shared-mime-info"
xreflabel="shared-mime-info-&shared-mime-info-version;">
<?dbhtml filename="shared-mime-info.html" ?>
<title>shared-mime-info-&shared-mime-info-version;</title>
<indexterm zone="shared-mime-info">
<primary sortas="a-shared-mime-info">shared-mime-info</primary>
</indexterm>
<sect2 role="package">
<title>Introduction to Shared Mime Info</title>
<para>
The <application>Shared Mime Info</application> package contains a
MIME database. This allows central updates of MIME information for all
supporting applications.
</para>
&lfs121_checked;
<bridgehead renderas="sect3">Package Information</bridgehead>
<itemizedlist spacing="compact">
<listitem>
<para>
Download (HTTP): <ulink url="&shared-mime-info-download-http;"/>
</para>
</listitem>
<listitem>
<para>
Download (FTP): <ulink url="&shared-mime-info-download-ftp;"/>
</para>
</listitem>
</itemizedlist>
<bridgehead renderas="sect3">Additional Downloads</bridgehead>
<itemizedlist spacing="compact">
<listitem>
<para>
Optional download, required to run the test suite:
<ulink url="&xdgmime-download-http;"/>
</para>
</listitem>
</itemizedlist>
<bridgehead renderas="sect3">Shared Mime Info Dependencies</bridgehead>
<bridgehead renderas="sect4">Required</bridgehead>
<para role="required">
<xref linkend="glib2"/> and
<xref linkend="libxml2"/>
</para>
</sect2>
<sect2 role="installation">
<title>Installation of Shared Mime Info</title>
<para>
Install <application>Shared Mime Info</application> by running the
following commands:
</para>
<para>
If you wish to run the test suite, you must first extract the
<filename>xdgmime</filename> tarball into the current directory,
and compile it so that <command>meson</command> can find it:
</para>
<screen remap="test"><userinput>tar -xf ../xdgmime.tar.xz &amp;&amp;
make -C xdgmime</userinput></screen>
<para>
Now build the package:
</para>
<screen><userinput>mkdir build &amp;&amp;
cd build &amp;&amp;
meson setup --prefix=/usr --buildtype=release -D update-mimedb=true .. &amp;&amp;
ninja</userinput></screen>
<para role="optional">
If you have followed the instructions above to build
<application>xdgmime</application>, to test the result issue
<command>ninja test</command>.
</para>
<para>
Now, as the <systemitem class="username">root</systemitem> user:
</para>
<screen role="root"><userinput>ninja install</userinput></screen>
</sect2>
<sect2 role="commands">
<title>Command Explanations</title>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
href="../../../../xincludes/meson-buildtype-release.xml"/>
<para>
<parameter>-D update-mimedb=true</parameter>: This parameter tells
the build system to run <command>update-mime-database</command> during
installation. Otherwise, this must be done manually in order to be
able to use the MIME database.
</para>
</sect2>
<sect2 role="content">
<title>Contents</title>
<segmentedlist>
<segtitle>Installed Program</segtitle>
<segtitle>Installed Library</segtitle>
<segtitle>Installed Directory</segtitle>
<seglistitem>
<seg>
update-mime-database
</seg>
<seg>
None
</seg>
<seg>
/usr/share/mime
</seg>
</seglistitem>
</segmentedlist>
<variablelist>
<bridgehead renderas="sect3">Short Descriptions</bridgehead>
<?dbfo list-presentation="list"?>
<?dbhtml list-presentation="table"?>
<varlistentry id="update-mime-database">
<term><command>update-mime-database</command></term>
<listitem>
<para>
assists in adding MIME data to the database
</para>
<indexterm zone="shared-mime-info update-mime-database">
<primary sortas="b-update-mime-database">update-mime-database</primary>
</indexterm>
</listitem>
</varlistentry>
</variablelist>
</sect2>
</sect1>

10
shareddeps/dps/wl/seatd.xml
View File

@ -46,14 +46,8 @@
<bridgehead renderas="sect4">Recommended</bridgehead>
<para role="recommended">
<ulink url="&blfs-svn;/general/elogind.html">elogind</ulink>
(this package needs a backend to properly create a seat,
<application>elogind</application> being a suitable one.
<application>elogind</application> is not in this book due to the amount
of transient dependencies, however. First compile this package without
the backend support, then when you get to <xref linkend="whatnow"/>,
compile <application>elogind</application> and recompile this package
afterwards)
<xref linkend="elogind"/> (this package needs a backend to properly
create a seat, <application>elogind</application> being a suitable one)
</para>
</sect2>

6
shareddeps/dps/x/xorg-server.xml
View File

@ -76,17 +76,13 @@
<bridgehead renderas="sect4">Recommended</bridgehead>
<para role="recommended">
<xref linkend='dbus'/>,
<ulink role="runtime" url="&blfs-svn;/general/elogind.html">
elogind</ulink> (runtime;
<xref role="runtime" linkend="elogind"/> (runtime;
<systemitem class='library'>libelogind</systemitem> also referred
at build time but it's not really useful),
<xref linkend="libepoxy"/> (needed for glamor),
and <xref role='runtime' linkend='xorg-libinput-driver'/> (runtime)
</para>
<!-- TODO: Add -Dsystemd_logind=yes explicitly (like -Dglamor=true) to
make this more clear for BLFS 12.2. Now (Feb 16 2024) this package
is already under 12.1 freeze. -->
<note>
<para>
If you don't want to install the recommended dependency elogind,

8
shareddeps/sdintro.xml
View File

@ -70,6 +70,14 @@
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="dps/basicx/other/pixman.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="dps/basicx/other/icu.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="dps/basicx/other/libxml2.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="dps/basicx/other/linux-pam.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="dps/basicx/other/shadow.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="dps/basicx/other/elogind.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="dps/basicx/other/duktape.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="dps/basicx/other/glib2.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="dps/basicx/other/shared-mime-info.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="dps/basicx/other/desktop-file-utils.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="dps/basicx/other/polkit.xml"/>
<!-- WAYLAND -->
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="dps/wl/wldummy.xml"/>