Author: fernando
Date: Wed Jan 8 09:56:18 2014
New Revision: 12536
Log:
New package: ssh-askpass-6.4p1. Remove instructions to build it and rephrase
pkexec and other parts of Gparted-0.17.0.
Added:
trunk/BOOK/postlfs/security/ssh-askpass.xml
Modified:
trunk/BOOK/general.ent
trunk/BOOK/introduction/welcome/changelog.xml
trunk/BOOK/postlfs/security/security.xml
trunk/BOOK/xsoft/other/gparted.xml
Modified: trunk/BOOK/general.ent
==============================================================================
--- trunk/BOOK/general.ent Wed Jan 8 04:47:31 2014 (r12535)
+++ trunk/BOOK/general.ent Wed Jan 8 09:56:18 2014 (r12536)
@@ -160,6 +160,7 @@
<!ENTITY p11-kit-version "0.20.1"> <!-- Even minors only -->
<!ENTITY polkit-version "0.112">
<!ENTITY shadow-version "4.1.5.1">
+<!ENTITY ssh-askpass-version "&openssh-version;">
<!ENTITY stunnel-version "4.56">
<!ENTITY sudo-version "1.8.8">
<!ENTITY tripwire-version "2.4.2.2">
Modified: trunk/BOOK/introduction/welcome/changelog.xml
==============================================================================
--- trunk/BOOK/introduction/welcome/changelog.xml Wed Jan 8 04:47:31
2014 (r12535)
+++ trunk/BOOK/introduction/welcome/changelog.xml Wed Jan 8 09:56:18
2014 (r12536)
@@ -47,6 +47,13 @@
<para>January 8th, 2014</para>
<itemizedlist>
<listitem>
+ <para>[fernando] - New package: ssh-askpass-6.4p1. Remove
instructions
+ to build it and rephrase pkexec and other parts of Gparted-0.17.0.
+ Hopefully fix
+ <ulink url="&blfs-ticket-root;4524">#4524</ulink> and
+ <ulink url="&blfs-ticket-root;4454">#4454</ulink>.</para>
+ </listitem>
+ <listitem>
<para>[fernando] - Update to lxappearance-0.5.5. Fixes
<ulink url="&blfs-ticket-root;4537">#4537</ulink>.</para>
</listitem>
Modified: trunk/BOOK/postlfs/security/security.xml
==============================================================================
--- trunk/BOOK/postlfs/security/security.xml Wed Jan 8 04:47:31 2014
(r12535)
+++ trunk/BOOK/postlfs/security/security.xml Wed Jan 8 09:56:18 2014
(r12536)
@@ -62,6 +62,7 @@
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"; href="p11-kit.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"; href="polkit.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"; href="shadow.xml"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude";
href="ssh-askpass.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"; href="stunnel.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"; href="sudo.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"; href="tripwire.xml"/>
Added: trunk/BOOK/postlfs/security/ssh-askpass.xml
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/BOOK/postlfs/security/ssh-askpass.xml Wed Jan 8 09:56:18 2014
(r12536)
@@ -0,0 +1,203 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"; [
+ <!ENTITY % general-entities SYSTEM "../../general.ent">
+ %general-entities;
+
+ <!ENTITY ssh-askpass-download-http
+
"http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-&ssh-askpass-version;.tar.gz";>
+ <!ENTITY ssh-askpass-download-ftp
+
"ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-&ssh-askpass-version;.tar.gz";>
+ <!ENTITY ssh-askpass-md5sum "a62b88b884df0b09b8a8c5789ac9e51b">
+ <!ENTITY ssh-askpass-size "1.2 MB">
+ <!ENTITY ssh-askpass-buildsize "6.0 MB">
+ <!ENTITY ssh-askpass-time "Less than 0.1 SBU">
+]>
+
+<sect1 id="ssh-askpass" xreflabel="ssh-askpass-&ssh-askpass-version;">
+ <?dbhtml filename="openssh.html"?>
+
+ <sect1info>
+ <othername>$LastChangedBy: fernando $</othername>
+ <date>$Date: 2013-11-08 18:23:05 -0300 (Fri, 08 Nov 2013) $</date>
+ </sect1info>
+
+ <title>ssh-askpass-&ssh-askpass-version;</title>
+
+ <indexterm zone="ssh-askpass">
+ <primary sortas="a-ssh-askpass">ssh-askpass</primary>
+ </indexterm>
+
+ <sect2 role="package">
+ <title>Introduction to ssh-askpass</title>
+
+ <para>
+ The <application>ssh-askpass</application> is a generic executable name for
+ many packages, with similar names, that provide a interactive X service to
+ grab password for packages requiring administrative privileges to be run.
+ It prompts the user with a window box where the necessary password can be
+ inserted. Here, we choose Damien Miller's package distributed in the
+ <application>OpenSSH</application> tarball.</para>
+
+ &lfs74_checked;
+
+ <bridgehead renderas="sect3">Package Information</bridgehead>
+ <itemizedlist spacing="compact">
+ <listitem>
+ <para>
+ Download (HTTP): <ulink url="&ssh-askpass-download-http;"/>
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Download (FTP): <ulink url="&ssh-askpass-download-ftp;"/>
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Download MD5 sum: &ssh-askpass-md5sum;
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Download size: &ssh-askpass-size;
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Estimated disk space required: &ssh-askpass-buildsize;
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Estimated build time: &ssh-askpass-time;
+ </para>
+ </listitem>
+ </itemizedlist>
+
+ <bridgehead renderas="sect3">ssh-askpass Dependencies</bridgehead>
+
+ <bridgehead renderas="sect4">Required</bridgehead>
+ <para role="required">
+ <xref linkend="gtk2"/>,
+ <xref linkend="openssh"/>,
+ <xref linkend="sudo"/> (runtime)
+ <xref linkend="x-lib"/>, and
+ <xref linkend="x-window-system"/> (runtime)</para>
+
+ <para condition="html" role="usernotes">
+ User Notes: <ulink url='&blfs-wiki;/ssh-askpass'/>
+ </para>
+ </sect2>
+
+ <sect2 role="installation">
+ <title>Installation of ssh-askpass</title>
+
+ <para>
+ Install <application>ssh-askpass</application> by running the following
+ commands:
+ </para>
+
+<screen><userinput>cd contrib &&
+make gnome-ssh-askpass2</userinput></screen>
+
+ <para>
+ Now, as the <systemitem class="username">root</systemitem> user:
+ </para>
+
+<screen role="root"><userinput>install -v -d -m755
/usr/lib/openssh/contrib &&
+install -v -m755 gnome-ssh-askpass2 /usr/lib/openssh/contrib &&
+ln -sv -f contrib/gnome-ssh-askpass2
/usr/lib/openssh/ssh-askpass</userinput></screen>
+
+ <para>
+ The use of /usr/lib/openssh/contrib and a symlink are justified by the
+ eventual necessity of a different program for that service.
+ </para>
+
+ </sect2>
+
+ <sect2 role="configuration">
+ <title>Configuring ssh-askpass</title>
+
+ <para>
+ Now, as the <systemitem class="username">root</systemitem> user:
+ </para>
+
+ <sect3 id="ssh-askpass-config">
+ <title>Config File</title>
+
+ <para>
+ As the <systemitem class="username">root</systemitem> user, configure
+ <xref linkend="sudo"/> to use <application>ssh-askpass</application>:
+ </para>
+
+<screen role="root"><userinput>cat >> /etc/sudo.conf << "EOF"
&&
+<literal># Path to askpass helper program
+Path askpass /usr/lib/openssh/ssh-askpass</literal>
+EOF
+chmod -v 0644 /etc/sudo.conf</userinput></screen>
+
+ <para>
+ If a given <application> requires administrative privileges,
use
+ <command>sudo -A <application></command> from a x-terminal,
from a Window Manager menu and/or replace "Exec=<application> ..." by
"Exec=sudo -A <application>
+ ..." in the <application>.desktop file.</para>
+
+ </sect3>
+
+ </sect2>
+
+ <sect2 role="content">
+ <title>Contents</title>
+
+ <segmentedlist>
+ <segtitle>Installed Programs</segtitle>
+ <segtitle>Installed Libraries</segtitle>
+ <segtitle>Installed Directories</segtitle>
+
+ <seglistitem>
+ <seg>
+ ssh-askpass (symlink to gnome-ssh-askpass2) and gnome-ssh-askpass2
+ </seg>
+ <seg>
+ None
+ </seg>
+ <seg>
+ /usr/lib/openssh/contrib
+ </seg>
+ </seglistitem>
+ </segmentedlist>
+
+ <variablelist>
+ <bridgehead renderas="sect3">Short Descriptions</bridgehead>
+ <?dbfo list-presentation="list"?>
+ <?dbhtml list-presentation="table"?>
+
+ <varlistentry id="gnome-ssh-askpass2-prog">
+ <term><command>gnome-ssh-askpass2</command></term>
+ <listitem>
+ <para>
+ is the program helper agent used to grab a password.
+ </para>
+ <indexterm zone="ssh-askpass gnome-ssh-askpass2-prog">
+ <primary sortas="b-gnome-ssh-askpass2">scp</primary>
+ </indexterm>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry id="ssh-askpass-prog">
+ <term><command>ssh-askpass</command></term>
+ <listitem>
+ <para>
+ is a symlink to the program helper agent.
+ </para>
+ <indexterm zone="ssh-askpass ssh-askpass-prog">
+ <primary sortas="b-ssh-askpass">scp</primary>
+ </indexterm>
+ </listitem>
+ </varlistentry>
+
+ </variablelist>
+
+ </sect2>
+
+</sect1>
Modified: trunk/BOOK/xsoft/other/gparted.xml
==============================================================================
--- trunk/BOOK/xsoft/other/gparted.xml Wed Jan 8 04:47:31 2014 (r12535)
+++ trunk/BOOK/xsoft/other/gparted.xml Wed Jan 8 09:56:18 2014 (r12536)
@@ -164,55 +164,24 @@
<ulink url="https://github.com/tarakbumba/xdg-su";>xdg-su</ulink>.
Other solution is to use <application>pkexec</application>, from
<xref linkend="polkit"/>, but some configuration is necessary.
- Another simple solution is the <application>GTK+</application> based
- <application>ssh-askpass</application> (does not need
- <application>GNOME</application>). Below, we describe these two
- alternatives: "ssh-askpass" and "pkexec".
+ Another simple solution is <xref linkend="ssh-askpass"/>. Below, we
+ describe these two alternatives: "ssh-askpass" and "pkexec".
</para>
<sect3 role="ssh-askpass">
<title>ssh-askpass</title>
<para>
- To optionally use <application>ssh-askpass</application>, you need
- <xref linkend="sudo"/> and <xref linkend="openssh"/> to be installed.
- Uncompress the <xref linkend="openssh"/> tarball and, inside the
- source directory, install <application>ssh-askpass</application> by
- running the following commands:
- </para>
-
-<screen><userinput>cd contrib &&
-make gnome-ssh-askpass2</userinput></screen>
-
- <para>
- Now, as the <systemitem class="username">root</systemitem> user:
- </para>
-
-<screen role="root"><userinput>install -v -d -m755
/usr/lib/openssh/contrib &&
-install -v -m755 gnome-ssh-askpass2 /usr/lib/openssh/contrib &&
-ln -sv -f contrib/gnome-ssh-askpass2
/usr/lib/openssh/ssh-askpass</userinput></screen>
-
- <para>
- Still as the <systemitem class="username">root</systemitem> user,
- configure <xref linkend="gparted"/> and <xref linkend="sudo"/> to
- use <application>ssh-askpass</application>:
+ To optionally use <xref linkend="ssh-askpass"/> if it is installed in
+ your system, run the following commands as the
+ <systemitem class="username">root</systemitem> user:
</para>
<screen role="root"><userinput>cp -v /usr/share/applications/gparted.desktop
/usr/share/applications/gparted.desktop.back &&
-sed -i 's/Exec=/Exec=sudo -A /'
/usr/share/applications/gparted.desktop &&
-
-cat >> /etc/sudo.conf << "EOF" &&
-# Path to askpass helper program
-Path askpass /usr/lib/openssh/ssh-askpass
-EOF
-chmod -v 0644 /etc/sudo.conf</userinput></screen>
+sed -i 's/Exec=/Exec=sudo -A /'
/usr/share/applications/gparted.desktop &&</userinput></screen>
<para>
Now, clicking in the menu item for Gparted, a dialog appears in the
- screen, asking for the administrator password. Any graphical program
- requiring root privileges can be run using "sudo -A <program>",
- e.g. from a terminal, from a desktop launcher, or including it in the
- desktop file.
- </para>
+ screen, asking for the administrator password.</para>
</sect3>
@@ -220,7 +189,6 @@
<title>pkexec</title>
<para>
To optionally use <application>pkexec</application>, you need
- <xref linkend="which"/> (for the script),
<xref linkend="polkit-gnome"/> or <xref linkend="lxpolkit"/>, and
<xref linkend="consolekit"/> installed with support to
<xref linkend="linux-pam"/> and <xref linkend="polkit"/>. As the
@@ -235,12 +203,9 @@
/usr/share/applications/gparted.desktop
&&
cat > /usr/sbin/gparted_polkit << "EOF" &&
-#!/bin/bash
-if [ $(which pkexec) ]; then
- pkexec --disable-internal-agent "/usr/sbin/gparted" "$@"
-else
- /usr/sbin/gparted "$@"
-fi
+<literal>#!/bin/bash
+
+pkexec /usr/sbin/gparted $@</literal>
EOF
chmod -v 0755 /usr/sbin/gparted_polkit</userinput></screen>
@@ -250,8 +215,8 @@
use <application>pkexec</application>:
</para>
-<screen role="root"><userinput>cat >
/usr/share/polkit-1/actions/org.freedesktop.policykit.pkexec.policy <<
"EOF"
-<?xml version="1.0" encoding="UTF-8"?>
+<screen role="root"><userinput>cat >
/usr/share/polkit-1/actions/org.gnome.gparted.policy << "EOF"
+<literal><?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policyconfig PUBLIC
"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
@@ -269,17 +234,13 @@
<annotate
key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
</action>
-</policyconfig>
+</policyconfig></literal>
EOF
-chmod -v 0644
/usr/share/polkit-1/actions/org.freedesktop.policykit.pkexec.policy</userinput></screen>
+chmod -v 0644
/usr/share/polkit-1/actions/org.gnome.gparted.policy</userinput></screen>
<para>
Now, clicking in the menu item for Gparted, a dialog appears in the
- screen, asking for the administrator password. Any graphical program
- requiring root privileges can be run using "pkexec <program>",
- e.g. from a terminal, from a desktop launcher, or including it in the
- desktop file.
- </para>
+ screen, asking for the administrator password.</para>
</sect3>
@@ -295,7 +256,7 @@
<seglistitem>
<seg>
- gparted and gpartedbin
+ gparted, gpartedbin and gparted_polkit (optional)
</seg>
<seg>
None
@@ -336,6 +297,19 @@
</indexterm>
</listitem>
</varlistentry>
+
+ <varlistentry id="gparted_polkit">
+ <term><command>gparted_polkit</command></term>
+ <listitem>
+ <para>
+ is an optional script which can be used to run gparted with polkit,
+ from a menu.
+ </para>
+ <indexterm zone="gparted gparted_polkit">
+ <primary sortas="b-gparted_polkit">gparted_polkit</primary>
+ </indexterm>
+ </listitem>
+ </varlistentry>
</variablelist>
--
http://linuxfromscratch.org/mailman/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
