Pierre Labastie wrote:
On 05/01/2018 17:43, Bruce Dubbs wrote:
Pierre Labastie wrote:
Hi,
Happy New Year to the followers of this list.
I'm testing a new version of jhalfs for BLFS, and I've found that nothing
depends on shadow... This prompted me to investigate dependencies involving
shadow, cracklib, and Linux-PAM.
Here are some oddities I've found:
1) in the required dependencies for shadow, we have "Linux-PAM or cracklib".
Obviously none of those are required, since shadow can be built without them.
I suggest moving them to "recommended".
The only reason for shadow in BLFS is to add PAM/cracklib. The term
'Required' may be a little inconsistent, but we need something stronger than
'Recommended'.
Maybe remove any dep in shadow, since it'd be better to have it the other way
around, see below.
Well they are 'Dependencies' in that shadow uses them if found.
2) shadow is not mentioned as a dependency of Linux-PAM, but it is said that
shadow should be reinstalled after installing Linux-PAM. Actually, Linux-PAM
is pretty useless without recompiling shadow. I suggest moving shadow to
"required runtime" (with appropriate wording). Same for systemd in the systemd
book>
I'm OK with that, but I do add pam without rebuilding shadow in System V and
it seems to not cause any problems.
Does it mean you have PAM but you do not use it when running shadow apps
(there are quite a few of them)?
There are other apps that use PAM and they work. I did need to enable PAM
for shadow in systemd to get gnome to work.
I propose the following wording in
"recommended dependencies":
"shadow (should be rebuilt after this package)"
and in the systemd book
"systemd (should be rebuilt after this package)"
For PAM, yes, that seems appropriate.
3) shadow is not mentioned as a dependency of cracklib, but it is said that
shadow must be reinstalled after installing cracklib. I suggest moving shadow
to "required runtime" (with appropriate wording) for cracklib.
"Required runtime" does not seem to be the right wording to me. I admit that
cracklib is not very useful in BLFS without rebuilding shadow, but the issue
is merely wording.
IIRC, the program 'john the ripper' (http://www.openwall.com/john/) uses
cracklib also.
In the book, we have also libpwquality, which requires cracklib. But it also
recommends Linux-PAM.
I propose to following wording in recommended dependencies:
"Linux-PAM or shadow or both (build them after cracklib)"
IIRC cracklib and pam are independent in pwquality. Just change the pam
dependency to "Linux-PAM-1.3.0 (built with cracklib)"
-- Bruce
--
http://lists.linuxfromscratch.org/listinfo/blfs-dev
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
