[blfs-book] r10431 - in trunk/BOOK: . gnome/core introduction/welcome postlfs/security

krejzi at linuxfromscratch.org krejzi at linuxfromscratch.org
Fri Jul 20 08:52:45 PDT 2012


Author: krejzi
Date: 2012-07-20 09:52:34 -0600 (Fri, 20 Jul 2012)
New Revision: 10431

Modified:
   trunk/BOOK/general.ent
   trunk/BOOK/gnome/core/gnome-bluetooth.xml
   trunk/BOOK/introduction/welcome/changelog.xml
   trunk/BOOK/postlfs/security/consolekit.xml
Log:
Update to ConsoleKit 0.4.6 git snapshot in order to get udev-acl tool which was removed from udev 182+ and really fix it's behaviour.

Modified: trunk/BOOK/general.ent
===================================================================
--- trunk/BOOK/general.ent	2012-07-20 00:05:51 UTC (rev 10430)
+++ trunk/BOOK/general.ent	2012-07-20 15:52:34 UTC (rev 10431)
@@ -3,13 +3,13 @@
 $Date$
 -->
 
-<!ENTITY day          "19">                   <!-- Always 2 digits -->
+<!ENTITY day          "20">                   <!-- Always 2 digits -->
 <!ENTITY month        "07">                   <!-- Always 2 digits -->
 <!ENTITY year         "2012">
 <!ENTITY copyrightdate "2001-&year;">
 <!ENTITY copyholder   "The BLFS Development Team">
 <!ENTITY version      "&year;-&month;-&day;">
-<!ENTITY releasedate  "July 19th, &year;">
+<!ENTITY releasedate  "July 20th, &year;">
 <!-- <!ENTITY releasedate  "November &day;st, &year;"> -->
 <!ENTITY pubdate      "&year;-&month;-&day;"> <!-- metadata req. by TLDP -->
 <!ENTITY blfs-version "svn">                  <!-- svn|[release #] -->
@@ -120,7 +120,7 @@
 <!ENTITY accountsservice-version      "0.6.21">
 <!ENTITY acl-version                  "2.2.51">
 <!ENTITY attr-version                 "2.4.46">
-<!ENTITY consolekit-version           "0.4.5">
+<!ENTITY consolekit-version           "0.4.6">
 <!ENTITY cracklib-version             "2.8.19">
 <!ENTITY cyrus-sasl-version           "2.1.25">
 <!ENTITY gnupg-version                "1.4.12">

Modified: trunk/BOOK/gnome/core/gnome-bluetooth.xml
===================================================================
--- trunk/BOOK/gnome/core/gnome-bluetooth.xml	2012-07-20 00:05:51 UTC (rev 10430)
+++ trunk/BOOK/gnome/core/gnome-bluetooth.xml	2012-07-20 15:52:34 UTC (rev 10431)
@@ -127,6 +127,27 @@
 
 <screen role="root"><userinput>make install</userinput></screen>
 
+    <para>
+      Create <application>Udev</application> rule that will allow
+      normal users to write to <filename>/dev/rfkill</filename>
+      with the following command as the
+      <systemitem class="username">root</systemitem> user:
+    </para>
+
+<screen role="root"><userinput>cat > /lib/udev/rules.d/61-gnome-bluetooth.rules << "EOF"
+# Get access to /dev/rfkill for users
+# See https://bugzilla.redhat.com/show_bug.cgi?id=514798
+#
+# Updated for udev >= 154
+# http://bugs.debian.org/582188
+# https://bugzilla.redhat.com/show_bug.cgi?id=588660
+
+ENV{ACL_MANAGE}=="0", GOTO="gnome_bluetooth_end"
+ACTION!="add|change", GOTO="gnome_bluetooth_end"
+KERNEL=="rfkill", TAG+="udev-acl"
+LABEL="gnome_bluetooth_end"
+EOF</userinput></screen>
+
   </sect2>
 
   <sect2 role="commands">

Modified: trunk/BOOK/introduction/welcome/changelog.xml
===================================================================
--- trunk/BOOK/introduction/welcome/changelog.xml	2012-07-20 00:05:51 UTC (rev 10430)
+++ trunk/BOOK/introduction/welcome/changelog.xml	2012-07-20 15:52:34 UTC (rev 10431)
@@ -42,6 +42,15 @@
 
 -->
     <listitem>
+      <para>July 20th, 2012</para>
+      <itemizedlist>
+        <listitem>
+          <para>[krejzi] - Upgraded ConsoleKit to 0.4.6 (git snapshot).</para>
+        </listitem>
+      </itemizedlist>
+    </listitem>
+
+    <listitem>
       <para>July 19th, 2012</para>
       <itemizedlist>
         <listitem>

Modified: trunk/BOOK/postlfs/security/consolekit.xml
===================================================================
--- trunk/BOOK/postlfs/security/consolekit.xml	2012-07-20 00:05:51 UTC (rev 10430)
+++ trunk/BOOK/postlfs/security/consolekit.xml	2012-07-20 15:52:34 UTC (rev 10431)
@@ -4,11 +4,11 @@
   <!ENTITY % general-entities SYSTEM "../../general.ent">
   %general-entities;
 
-  <!ENTITY consolekit-download-http "http://www.freedesktop.org/software/ConsoleKit/dist/ConsoleKit-&consolekit-version;.tar.bz2">
+  <!ENTITY consolekit-download-http "http://www.linuxfromscratch.org/~krejzi/ConsoleKit-&consolekit-version;.tar.xz">
   <!ENTITY consolekit-download-ftp  " ">
-  <!ENTITY consolekit-md5sum        "f2657f93761206922d558471a936fbc3">
-  <!ENTITY consolekit-size          "416 KB">
-  <!ENTITY consolekit-buildsize     "8.1 MB">
+  <!ENTITY consolekit-md5sum        "6aaadf5627d2f7587aa116727e2fc1da">
+  <!ENTITY consolekit-size          "356 KB">
+  <!ENTITY consolekit-buildsize     "8.0 MB">
   <!ENTITY consolekit-time          "0.3 SBU">
 ]>
 
@@ -29,32 +29,46 @@
   <sect2 role="package">
     <title>Introduction to ConsoleKit</title>
 
-    <para>The <application>ConsoleKit</application> package is a framework for
-    keeping track of the various users, sessions, and seats present on a system.
-    It provides a mechanism for software to react to changes of any of these
-    items or of any of the metadata associated with them.</para>
+    <para>
+      The <application>ConsoleKit</application> package is a framework for
+      keeping track of the various users, sessions, and seats present on a system.
+      It provides a mechanism for software to react to changes of any of these
+      items or of any of the metadata associated with them.
+    </para>
 
-    &lfs70_checked;
+    &lfs71_checked;
 
     <bridgehead renderas="sect3">Package Information</bridgehead>
     <itemizedlist spacing="compact">
       <listitem>
-        <para>Download (HTTP): <ulink url="&consolekit-download-http;"/></para>
+        <para>
+          Download (HTTP): <ulink url="&consolekit-download-http;"/>
+        </para>
       </listitem>
       <listitem>
-        <para>Download (FTP): <ulink url="&consolekit-download-ftp;"/></para>
+        <para>
+          Download (FTP): <ulink url="&consolekit-download-ftp;"/>
+        </para>
       </listitem>
       <listitem>
-        <para>Download MD5 sum: &consolekit-md5sum;</para>
+        <para>
+          Download MD5 sum: &consolekit-md5sum;
+        </para>
       </listitem>
       <listitem>
-        <para>Download size: &consolekit-size;</para>
+        <para>
+          Download size: &consolekit-size;
+        </para>
       </listitem>
       <listitem>
-        <para>Estimated disk space required: &consolekit-buildsize;</para>
+        <para>
+          Estimated disk space required: &consolekit-buildsize;
+        </para>
       </listitem>
       <listitem>
-        <para>Estimated build time: &consolekit-time;</para>
+        <para>
+          Estimated build time: &consolekit-time;
+        </para>
       </listitem>
     </itemizedlist>
 
@@ -73,10 +87,12 @@
     </para>
 
     <warning>
-      <para>If you intend <emphasis role="strong">NOT</emphasis> to install
-      <application>polkit</application>, you will need to manually edit the
-      ConsoleKit.conf file to lock down the service. Failure to do so may be a
-      huge SECURITY HOLE.</para>
+      <para>
+        If you intend <emphasis role="strong">NOT</emphasis> to install
+        <application>polkit</application>, you will need to manually edit the
+        ConsoleKit.conf file to lock down the service. Failure to do so may be a
+        huge SECURITY HOLE.
+      </para>
     </warning>
 
     <bridgehead renderas="sect4">Optional</bridgehead>
@@ -85,24 +101,33 @@
     </para>
 
     <para condition="html" role="usernotes">User Notes:
-    <ulink url="&blfs-wiki;/consolekit"/></para>
-
+      <ulink url="&blfs-wiki;/consolekit"/>
+    </para>
   </sect2>
 
   <sect2 role="installation">
     <title>Installation of ConsoleKit</title>
 
-    <para>Install <application>ConsoleKit</application> by running the following
-    commands:</para>
+    <para>
+      Install <application>ConsoleKit</application> by running the following
+      commands:
+    </para>
 
-<screen><userinput>./configure --prefix=/usr --sysconfdir=/etc \
-            --localstatedir=/var --libexecdir=/usr/lib/ConsoleKit \
+<screen><userinput>./configure --prefix=/usr \
+            --sysconfdir=/etc \
+            --localstatedir=/var \
+            --libexecdir=/usr/lib/ConsoleKit \
+            --enable-udev-acl \
             --enable-pam-module &&
 make</userinput></screen>
 
-    <para>This package does not come with a test suite.</para>
+    <para>
+      This package does not come with a test suite.
+    </para>
 
-    <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
+    <para>
+      Now, as the <systemitem class="username">root</systemitem> user:
+    </para>
 
 <screen role="root"><userinput>make install</userinput></screen>
 
@@ -111,37 +136,43 @@
   <sect2 role="commands">
     <title>Command Explanations</title>
 
-    <para><parameter>--enable-pam-module</parameter>: This switch enables
-    <application>ConsoleKit</application> to use
-    <application>Linux-PAM</application> authentication. Remove this option if
-    <application>Linux-PAM</application> is
-    <emphasis role="strong">NOT</emphasis> installed.</para>
+    <para>
+      <option>--enable-udev-acl</option>: This switch enables building of the
+      <command>udev-acl</command> tool which is used to allow normal users
+      to access device nodes which can be accessed by
+      <systemitem class="username">root</systemitem> user only.
+    </para>
 
-    <para><option>--enable-docbook-docs</option>: Use this parameter if
-    <application>xmlto</application> is installed and you wish to build the API
-    documentation.</para>
+    <para>
+      <option>--enable-pam-module</option>: This switch enables building of the
+      <application>ConsoleKit</application> <application>PAM</application>
+      module which is needed for <application>ConsoleKit</application> to
+      work correctly. Remove if <application>Linux PAM</application> is
+      <emphasis role="strong">NOT</emphasis> installed.
+    </para>
 
+    <para>
+      <option>--enable-docbook-docs</option>: Use this parameter if
+      <application>xmlto</application> is installed and you wish to
+      build the API documentation.
+    </para>
+
   </sect2>
 
   <sect2 role="configuration">
     <title>Configuring ConsoleKit</title>
 
-    <sect3 id="ConsoleKit-config">
-      <title>Config Files</title>
-      <para><filename>/etc/dbus-1/system.d/ConsoleKit.conf</filename></para>
-
-      <indexterm zone="consolekit ConsoleKit-config">
-        <primary sortas="e-etc-ConsoleKit-ConsoleKit.conf">/etc/dbus-1/system.d/ConsoleKit.conf</primary>
-      </indexterm>
-    </sect3>
-
-    <sect3><title>Configuration Information</title>
+    <sect3>
+      <title>PAM Module Configuration</title>
     
-      <para>If you use <application>PAM</application> you need to configure 
-      <application>PAM</application> to activate <application>ConsoleKit
-      </application> upon user login. This can be achieved by editing the 
-      <filename>/etc/pam.d/system-session</filename> file as the 
-      <systemitem class="username">root</systemitem> user:</para>
+      <para>
+        If you use <application>Linux PAM</application> you need to
+        configure <application>Linux PAM</application> to activate
+        <application>ConsoleKit</application> upon user login.
+        This can be achieved by editing the 
+        <filename>/etc/pam.d/system-session</filename> file as the 
+        <systemitem class="username">root</systemitem> user:
+      </para>
    
 <screen role="root"><userinput>cat >> /etc/pam.d/system-session << "EOF"
 # Begin ConsoleKit addition
@@ -151,10 +182,42 @@
 
 # End ConsoleKit addition
 EOF</userinput></screen>
-   
-      <para>See /usr/share/doc/ConsoleKit/spec/ConsoleKit.html for more
-      configuration.</para>
 
+      <para>
+        You will also need a helper script that will create a file in
+        <filename class="directory">/var/run/console</filename>
+        named as username that is logged in that contains
+        <application>D-Bus</application> address of the session. Create
+        such script by running the following commands as the
+        <systemitem class="username">root</systemitem> user:
+      </para>
+
+<screen role="root"><userinput>cat > /usr/lib/ConsoleKit/run-session.d/pam-foreground-compat.ck << "EOF"
+#!/bin/sh
+TAGDIR=/var/run/console
+
+[ -n "$CK_SESSION_USER_UID" ] || exit 1
+[ "$CK_SESSION_IS_LOCAL" = "true" ] || exit 0
+
+TAGFILE="$TAGDIR/`getent passwd $CK_SESSION_USER_UID | cut -f 1 -d:`"
+
+if [ "$1" = "session_added" ]; then
+    mkdir -p "$TAGDIR"
+    echo "$CK_SESSION_ID" >> "$TAGFILE"
+fi
+
+if [ "$1" = "session_removed" ] && [ -e "$TAGFILE" ]; then
+    sed -i "\%^$CK_SESSION_ID\$%d" "$TAGFILE"
+    [ -s "$TAGFILE" ] || rm -f "$TAGFILE"
+fi
+EOF
+chmod 0755 /usr/lib/ConsoleKit/run-session.d/pam-foreground-compat.ck</userinput></screen>
+
+      <para>
+        See /usr/share/doc/ConsoleKit/spec/ConsoleKit.html for more
+        configuration.
+      </para>
+
     </sect3>
 
   </sect2>
@@ -168,14 +231,21 @@
       <segtitle>Installed Directories</segtitle>
 
       <seglistitem>
-        <seg>ck-history, ck-launch-session, ck-list-sessions,
-        ck-log-system-restart, ck-log-system-start, ck-log-system-stop,
-        console-kit-daemon, ck-collect-session-info, ck-get-x11-display-device,
-        ck-get-x11-server-pid, ck-system-restart, and ck-system-stop</seg>
-        <seg>libck-connector.so and pam_ck_connector.so</seg>
-        <seg>/etc/ConsoleKit/{run-seat.d,run-session.d,seats.d},
-        /usr/{include/ConsoleKit/ck-connector,lib/ConsoleKit/{run-seat.d,
-        run-session.d,scripts},share/doc/ConsoleKit/spec}</seg>
+        <seg>
+          ck-history, ck-launch-session, ck-list-sessions,
+          ck-log-system-restart, ck-log-system-start,
+          ck-log-system-stop and console-kit-daemon
+        </seg>
+        <seg>
+          libck-connector.so and pam_ck_connector.so
+        </seg>
+        <seg>
+          /etc/ConsoleKit,
+          /usr/include/ConsoleKit,
+          /usr/lib/ConsoleKit,
+          /usr/share/doc/ConsoleKit and
+          /var/log/ConsoleKit
+        </seg>
       </seglistitem>
     </segmentedlist>
 




More information about the blfs-book mailing list