[blfs-book] r12536 - in trunk/BOOK: . introduction/welcome postlfs/security xsoft/other

fernando at higgs.linuxfromscratch.org fernando at higgs.linuxfromscratch.org
Wed Jan 8 09:56:18 PST 2014


Author: fernando
Date: Wed Jan  8 09:56:18 2014
New Revision: 12536

Log:
New package: ssh-askpass-6.4p1. Remove instructions to build it and rephrase pkexec and other parts of Gparted-0.17.0.

Added:
   trunk/BOOK/postlfs/security/ssh-askpass.xml
Modified:
   trunk/BOOK/general.ent
   trunk/BOOK/introduction/welcome/changelog.xml
   trunk/BOOK/postlfs/security/security.xml
   trunk/BOOK/xsoft/other/gparted.xml

Modified: trunk/BOOK/general.ent
==============================================================================
--- trunk/BOOK/general.ent	Wed Jan  8 04:47:31 2014	(r12535)
+++ trunk/BOOK/general.ent	Wed Jan  8 09:56:18 2014	(r12536)
@@ -160,6 +160,7 @@
 <!ENTITY p11-kit-version              "0.20.1">    <!-- Even minors only -->
 <!ENTITY polkit-version               "0.112">
 <!ENTITY shadow-version               "4.1.5.1">
+<!ENTITY ssh-askpass-version          "&openssh-version;">
 <!ENTITY stunnel-version              "4.56">
 <!ENTITY sudo-version                 "1.8.8">
 <!ENTITY tripwire-version             "2.4.2.2">

Modified: trunk/BOOK/introduction/welcome/changelog.xml
==============================================================================
--- trunk/BOOK/introduction/welcome/changelog.xml	Wed Jan  8 04:47:31 2014	(r12535)
+++ trunk/BOOK/introduction/welcome/changelog.xml	Wed Jan  8 09:56:18 2014	(r12536)
@@ -47,6 +47,13 @@
       <para>January 8th, 2014</para>
       <itemizedlist>
         <listitem>
+          <para>[fernando] - New package: ssh-askpass-6.4p1. Remove instructions
+          to build it and rephrase pkexec and other parts of Gparted-0.17.0.
+          Hopefully fix
+          <ulink url="&blfs-ticket-root;4524">#4524</ulink> and
+          <ulink url="&blfs-ticket-root;4454">#4454</ulink>.</para>
+        </listitem>
+        <listitem>
           <para>[fernando] - Update to lxappearance-0.5.5. Fixes
           <ulink url="&blfs-ticket-root;4537">#4537</ulink>.</para>
         </listitem>

Modified: trunk/BOOK/postlfs/security/security.xml
==============================================================================
--- trunk/BOOK/postlfs/security/security.xml	Wed Jan  8 04:47:31 2014	(r12535)
+++ trunk/BOOK/postlfs/security/security.xml	Wed Jan  8 09:56:18 2014	(r12536)
@@ -62,6 +62,7 @@
   <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="p11-kit.xml"/>
   <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="polkit.xml"/>
   <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="shadow.xml"/>
+  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="ssh-askpass.xml"/>
   <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="stunnel.xml"/>
   <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="sudo.xml"/>
   <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="tripwire.xml"/>

Added: trunk/BOOK/postlfs/security/ssh-askpass.xml
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ trunk/BOOK/postlfs/security/ssh-askpass.xml	Wed Jan  8 09:56:18 2014	(r12536)
@@ -0,0 +1,203 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+   "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+  <!ENTITY % general-entities SYSTEM "../../general.ent">
+  %general-entities;
+
+  <!ENTITY ssh-askpass-download-http
+    "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-&ssh-askpass-version;.tar.gz">
+  <!ENTITY ssh-askpass-download-ftp
+    "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-&ssh-askpass-version;.tar.gz">
+  <!ENTITY ssh-askpass-md5sum        "a62b88b884df0b09b8a8c5789ac9e51b">
+  <!ENTITY ssh-askpass-size          "1.2 MB">
+  <!ENTITY ssh-askpass-buildsize     "6.0 MB">
+  <!ENTITY ssh-askpass-time          "Less than 0.1 SBU">
+]>
+
+<sect1 id="ssh-askpass" xreflabel="ssh-askpass-&ssh-askpass-version;">
+  <?dbhtml filename="openssh.html"?>
+
+  <sect1info>
+    <othername>$LastChangedBy: fernando $</othername>
+    <date>$Date: 2013-11-08 18:23:05 -0300 (Fri, 08 Nov 2013) $</date>
+  </sect1info>
+
+  <title>ssh-askpass-&ssh-askpass-version;</title>
+
+  <indexterm zone="ssh-askpass">
+    <primary sortas="a-ssh-askpass">ssh-askpass</primary>
+  </indexterm>
+
+  <sect2 role="package">
+    <title>Introduction to ssh-askpass</title>
+
+  <para>
+    The <application>ssh-askpass</application> is a generic executable name for
+    many packages, with similar names, that provide a interactive X service to
+    grab password for packages requiring administrative privileges to be run.
+    It prompts the user with a window box where the necessary password can be
+    inserted. Here, we choose Damien Miller's package distributed in the
+    <application>OpenSSH</application> tarball.</para>
+
+  &lfs74_checked;
+
+    <bridgehead renderas="sect3">Package Information</bridgehead>
+    <itemizedlist spacing="compact">
+      <listitem>
+        <para>
+          Download (HTTP): <ulink url="&ssh-askpass-download-http;"/>
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download (FTP): <ulink url="&ssh-askpass-download-ftp;"/>
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download MD5 sum: &ssh-askpass-md5sum;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Download size: &ssh-askpass-size;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Estimated disk space required: &ssh-askpass-buildsize;
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          Estimated build time: &ssh-askpass-time;
+        </para>
+      </listitem>
+    </itemizedlist>
+
+    <bridgehead renderas="sect3">ssh-askpass Dependencies</bridgehead>
+
+    <bridgehead renderas="sect4">Required</bridgehead>
+    <para role="required">
+    <xref linkend="gtk2"/>,
+    <xref linkend="openssh"/>,
+    <xref linkend="sudo"/> (runtime)
+    <xref linkend="x-lib"/>, and
+    <xref linkend="x-window-system"/> (runtime)</para>
+
+    <para condition="html" role="usernotes">
+        User Notes: <ulink url='&blfs-wiki;/ssh-askpass'/>
+    </para>
+  </sect2>
+
+  <sect2 role="installation">
+    <title>Installation of ssh-askpass</title>
+
+    <para>
+      Install <application>ssh-askpass</application> by running the following
+      commands:
+    </para>
+
+<screen><userinput>cd contrib &&
+make gnome-ssh-askpass2</userinput></screen>
+
+    <para>
+      Now, as the <systemitem class="username">root</systemitem> user:
+    </para>
+
+<screen role="root"><userinput>install -v -d -m755                  /usr/lib/openssh/contrib     &&
+install -v -m755  gnome-ssh-askpass2 /usr/lib/openssh/contrib     &&
+ln -sv -f contrib/gnome-ssh-askpass2 /usr/lib/openssh/ssh-askpass</userinput></screen>
+
+    <para>
+     The use of /usr/lib/openssh/contrib and a symlink are justified by the
+     eventual necessity of a different program for that service.
+    </para>
+
+  </sect2>
+
+  <sect2 role="configuration">
+    <title>Configuring ssh-askpass</title>
+
+        <para>
+          Now, as the <systemitem class="username">root</systemitem> user:
+        </para>
+
+    <sect3 id="ssh-askpass-config">
+      <title>Config File</title>
+
+        <para>
+          As the <systemitem class="username">root</systemitem> user, configure
+          <xref linkend="sudo"/> to use <application>ssh-askpass</application>:
+        </para>
+
+<screen role="root"><userinput>cat >> /etc/sudo.conf << "EOF" &&
+<literal># Path to askpass helper program
+Path askpass /usr/lib/openssh/ssh-askpass</literal>
+EOF
+chmod -v 0644 /etc/sudo.conf</userinput></screen>
+
+        <para>
+          If a given <application> requires administrative privileges, use
+          <command>sudo -A <application></command> from a x-terminal, from a Window Manager menu and/or replace "Exec=<application> ..." by "Exec=sudo -A <application>
+          ..." in the <application>.desktop file.</para>
+
+    </sect3>
+
+  </sect2>
+
+  <sect2 role="content">
+    <title>Contents</title>
+
+    <segmentedlist>
+      <segtitle>Installed Programs</segtitle>
+      <segtitle>Installed Libraries</segtitle>
+      <segtitle>Installed Directories</segtitle>
+
+      <seglistitem>
+        <seg>
+          ssh-askpass (symlink to gnome-ssh-askpass2) and gnome-ssh-askpass2
+        </seg>
+        <seg>
+          None
+        </seg>
+        <seg>
+          /usr/lib/openssh/contrib
+        </seg>
+      </seglistitem>
+    </segmentedlist>
+
+    <variablelist>
+      <bridgehead renderas="sect3">Short Descriptions</bridgehead>
+      <?dbfo list-presentation="list"?>
+      <?dbhtml list-presentation="table"?>
+
+      <varlistentry id="gnome-ssh-askpass2-prog">
+        <term><command>gnome-ssh-askpass2</command></term>
+        <listitem>
+          <para>
+            is the program helper agent used to grab a password.
+          </para>
+          <indexterm zone="ssh-askpass gnome-ssh-askpass2-prog">
+            <primary sortas="b-gnome-ssh-askpass2">scp</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry id="ssh-askpass-prog">
+        <term><command>ssh-askpass</command></term>
+        <listitem>
+          <para>
+            is a symlink to the program helper agent.
+          </para>
+          <indexterm zone="ssh-askpass ssh-askpass-prog">
+            <primary sortas="b-ssh-askpass">scp</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+
+    </variablelist>
+
+  </sect2>
+
+</sect1>

Modified: trunk/BOOK/xsoft/other/gparted.xml
==============================================================================
--- trunk/BOOK/xsoft/other/gparted.xml	Wed Jan  8 04:47:31 2014	(r12535)
+++ trunk/BOOK/xsoft/other/gparted.xml	Wed Jan  8 09:56:18 2014	(r12536)
@@ -164,55 +164,24 @@
       <ulink url="https://github.com/tarakbumba/xdg-su">xdg-su</ulink>.
       Other solution is to use <application>pkexec</application>, from
       <xref linkend="polkit"/>, but some configuration is necessary.
-      Another simple solution is the <application>GTK+</application> based
-      <application>ssh-askpass</application> (does not need
-      <application>GNOME</application>). Below, we describe these two
-      alternatives: "ssh-askpass" and "pkexec".
+      Another simple solution is <xref linkend="ssh-askpass"/>. Below, we
+      describe these two alternatives: "ssh-askpass" and "pkexec".
     </para>
 
     <sect3 role="ssh-askpass">
       <title>ssh-askpass</title>
         <para>
-          To optionally use <application>ssh-askpass</application>, you need
-          <xref linkend="sudo"/> and <xref linkend="openssh"/> to be installed.
-          Uncompress the <xref linkend="openssh"/> tarball and, inside the
-          source directory, install <application>ssh-askpass</application> by
-          running the following commands:
-        </para>
-
-<screen><userinput>cd contrib &&
-make gnome-ssh-askpass2</userinput></screen>
-
-        <para>
-          Now, as the <systemitem class="username">root</systemitem> user:
-        </para>
-
-<screen role="root"><userinput>install -v -d -m755                  /usr/lib/openssh/contrib     &&
-install -v -m755  gnome-ssh-askpass2 /usr/lib/openssh/contrib     &&
-ln -sv -f contrib/gnome-ssh-askpass2 /usr/lib/openssh/ssh-askpass</userinput></screen>
-
-        <para>
-          Still as the <systemitem class="username">root</systemitem> user,
-          configure <xref linkend="gparted"/> and <xref linkend="sudo"/> to
-          use <application>ssh-askpass</application>:
+          To optionally use <xref linkend="ssh-askpass"/> if it is installed in
+          your system, run the following commands as the
+          <systemitem class="username">root</systemitem> user:
         </para>
 
 <screen role="root"><userinput>cp -v /usr/share/applications/gparted.desktop /usr/share/applications/gparted.desktop.back &&
-sed -i 's/Exec=/Exec=sudo -A /'               /usr/share/applications/gparted.desktop      &&
-
-cat >> /etc/sudo.conf << "EOF" &&
-# Path to askpass helper program
-Path askpass /usr/lib/openssh/ssh-askpass
-EOF
-chmod -v 0644 /etc/sudo.conf</userinput></screen>
+sed -i 's/Exec=/Exec=sudo -A /'               /usr/share/applications/gparted.desktop      &&</userinput></screen>
 
         <para>
          Now, clicking in the menu item for Gparted, a dialog appears in the
-         screen, asking for the administrator password. Any graphical program
-         requiring root privileges can be run using "sudo -A <program>",
-         e.g. from a terminal, from a desktop launcher, or including it in the
-         desktop file.
-        </para>
+         screen, asking for the administrator password.</para>
 
     </sect3>
 
@@ -220,7 +189,6 @@
       <title>pkexec</title>
         <para>
           To optionally use <application>pkexec</application>, you need
-          <xref linkend="which"/> (for the script),
           <xref linkend="polkit-gnome"/> or <xref linkend="lxpolkit"/>, and
           <xref linkend="consolekit"/> installed with support to
           <xref linkend="linux-pam"/> and <xref linkend="polkit"/>. As the
@@ -235,12 +203,9 @@
                                      /usr/share/applications/gparted.desktop      &&
 
 cat > /usr/sbin/gparted_polkit << "EOF" &&
-#!/bin/bash
-if [ $(which pkexec) ]; then
-    pkexec --disable-internal-agent "/usr/sbin/gparted" "$@"
-else
-    /usr/sbin/gparted "$@"
-fi
+<literal>#!/bin/bash
+
+pkexec /usr/sbin/gparted $@</literal>
 EOF
 chmod -v 0755 /usr/sbin/gparted_polkit</userinput></screen>
 
@@ -250,8 +215,8 @@
           use <application>pkexec</application>:
         </para>
 
-<screen role="root"><userinput>cat > /usr/share/polkit-1/actions/org.freedesktop.policykit.pkexec.policy << "EOF"
-<?xml version="1.0" encoding="UTF-8"?>
+<screen role="root"><userinput>cat > /usr/share/polkit-1/actions/org.gnome.gparted.policy << "EOF"
+<literal><?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE policyconfig PUBLIC
  "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
  "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
@@ -269,17 +234,13 @@
     <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
   </action>
 
-</policyconfig>
+</policyconfig></literal>
 EOF
-chmod -v 0644 /usr/share/polkit-1/actions/org.freedesktop.policykit.pkexec.policy</userinput></screen>
+chmod -v 0644 /usr/share/polkit-1/actions/org.gnome.gparted.policy</userinput></screen>
 
         <para>
          Now, clicking in the menu item for Gparted, a dialog appears in the
-         screen, asking for the administrator password. Any graphical program
-         requiring root privileges can be run using "pkexec <program>",
-         e.g. from a terminal, from a desktop launcher, or including it in the
-         desktop file.
-        </para>
+         screen, asking for the administrator password.</para>
 
     </sect3>
 
@@ -295,7 +256,7 @@
 
       <seglistitem>
         <seg>
-          gparted and gpartedbin
+          gparted, gpartedbin and gparted_polkit (optional)
         </seg>
         <seg>
           None
@@ -336,6 +297,19 @@
           </indexterm>
         </listitem>
       </varlistentry>
+
+      <varlistentry id="gparted_polkit">
+        <term><command>gparted_polkit</command></term>
+        <listitem>
+          <para>
+            is an optional script which can be used to run gparted with polkit,
+            from a menu.
+          </para>
+          <indexterm zone="gparted gparted_polkit">
+            <primary sortas="b-gparted_polkit">gparted_polkit</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
 
     </variablelist>
 



More information about the blfs-book mailing list