security

bdubbs Thu, 06 Sep 2012 16:19:07 -0700

Author: bdubbs
Date: 2012-09-06 17:18:54 -0600 (Thu, 06 Sep 2012)
New Revision: 10638


Modified:
   trunk/BOOK/general/prog/dejagnu.xml
   trunk/BOOK/postlfs/security/mitkrb.xml
Log:
Add info on verifying MIT Kerberos signing key.
Update instructions for library mode.

Tag dejagnu for 7.2.


Modified: trunk/BOOK/general/prog/dejagnu.xml
===================================================================
--- trunk/BOOK/general/prog/dejagnu.xml 2012-09-06 22:00:53 UTC (rev 10637)
+++ trunk/BOOK/general/prog/dejagnu.xml 2012-09-06 23:18:54 UTC (rev 10638)
@@ -36,7 +36,7 @@
     by LFS in the temprary /tools directory.  These instructions install it
     permanently.</para>
 
-    &lfs71_checked;
+    &lfs72_checked;
 
     <bridgehead renderas="sect3">Package Information</bridgehead>
     <itemizedlist spacing="compact">

Modified: trunk/BOOK/postlfs/security/mitkrb.xml
===================================================================
--- trunk/BOOK/postlfs/security/mitkrb.xml      2012-09-06 22:00:53 UTC (rev 
10637)
+++ trunk/BOOK/postlfs/security/mitkrb.xml      2012-09-06 23:18:54 UTC (rev 
10638)
@@ -112,11 +112,26 @@
     <para>
       After unpacking the distribution tarball and if you have
       <xref linkend="gnupg"/> installed, you can
-      authenticate the package with the following command:
+      authenticate the package.  First, check the contents of the file
+      <filename>krb5-1.10.3.tar.gz.asc</filename>.
     </para>
 
-<screen><userinput>gpg - -verify 
krb5-&mitkrb-version;.tar.gz.asc</userinput></screen>
+<screen><userinput>gpg --verify krb5-&mitkrb-version;.tar.gz.asc 
krb5-&mitkrb-version;.tar.gz</userinput></screen>
 
+    <para>You will probably see output similar to:</para>
+
+<screen>gpg: Signature made Wed Aug  8 22:29:58 2012 GMT using RSA key ID 
F376813D
+gpg: Can't check signature: public key not found</screen>
+
+    <para>You can import the public key with:</para>
+
+<screen><userinput>gpg gpg --keyserver pgp.mit.edu --recv-keys 
0xF376813D</userinput></screen>
+
+    <para>Now re-verify the package with the first command above.  You should 
+    get a indication of a good signature, but the key will still not be 
certified 
+    with a trusted signature.  Trusting the downloaded key is a separate 
operation
+    but it is up to you to determine the level of trust.</para>
+
     <para>
       Build <application>MIT Kerberos V5</application> by running the
       following commands:
@@ -143,9 +158,8 @@
 
 <screen role="root"><userinput>make install &amp;&amp;
 
-for LIBRARY in gssapi_krb5 gssrpc k5crypto kadm5clnt_mit \
-               kadm5clnt kadm5srv_mit kadm5srv kdb5 krb5 \
-               krb5support verto-k5ev verto ; do
+for LIBRARY in gssapi_krb5 gssrpc k5crypto kadm5clnt_mit kadm5srv_mit 
+               kdb5 krb5 krb5support verto-k5ev verto ; do
     chmod -v 755 /usr/lib/lib$LIBRARY.so.*.*
 done &amp;&amp;
 

-- 
http://linuxfromscratch.org/mailman/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

[blfs-book] r10638 - in trunk/BOOK: general/prog postlfs/security

Reply via email to