Merge branch 'trunk' into xry111/loongarch

2025-03-10 07:59:38 +00:00 · 2023-07-13 03:54:16 +08:00 · 2023-07-13 03:54:16 +08:00 · 1309e0eadf
commit 1309e0eadf
parent 6167e6b632 f976691d53
5 changed files with 28 additions and 15 deletions
--- a/appendices/dependencies.xml
+++ b/appendices/dependencies.xml
@ -1892,7 +1892,7 @@
        <segtitle>&dependencies;</segtitle>
        <seglistitem>
          <seg>Bash, Binutils, Coreutils, Diffutils, Gawk, GCC, Glibc, Grep,
-          Make, and Sed</seg>
+          Make, Perl, and Sed</seg>
        </seglistitem>
      </segmentedlist>

--- a/chapter08/libxcrypt.xml
+++ b/chapter08/libxcrypt.xml
@ -99,7 +99,7 @@
      no package installed by compiling from sources would link against
      them at runtime. However, the only known binary-only applications
      that link against these functions require ABI version 1.  If you must
-      have such libraries because of some binary-only application or to be
+      have such functions because of some binary-only application or to be
      to be compliant with LSB, build the package again with the following
      commands:</para>

--- a/chapter08/shadow.xml
+++ b/chapter08/shadow.xml
@ -60,11 +60,10 @@ find man -name Makefile.in -exec sed -i 's/getspnam\.3 / /' {} \;
 find man -name Makefile.in -exec sed -i 's/passwd\.5 / /'   {} \;</userinput></screen>

    <para id="shadow-login_defs">Instead of using the default
-    <emphasis>crypt</emphasis> method, use the more secure
-    <emphasis>SHA-512</emphasis> method of password encryption, which also
-    allows passwords longer than 8 characters. In addition, set the number of
-    rounds to 500,000 instead of the default 5000, which is much too low to
-    prevent brute force password attacks. It is also necessary to change
+    <emphasis>crypt</emphasis> method, use the much more secure
+    <emphasis>YESCRYPT</emphasis> method of password encryption, which also
+    allows passwords longer than 8 characters.
+    It is also necessary to change
    the obsolete <filename class="directory">/var/spool/mail</filename> location
    for user mailboxes that Shadow uses by default to the <filename
    class="directory">/var/mail</filename> location used currently. And,
@ -81,8 +80,7 @@ find man -name Makefile.in -exec sed -i 's/passwd\.5 / /'   {} \;</userinput></s
      built.</para>
    </note>

-<screen><userinput remap="pre">sed -e 's:#ENCRYPT_METHOD DES:ENCRYPT_METHOD SHA512:' \
-    -e 's@#\(SHA_CRYPT_..._ROUNDS 5000\)@\100@'       \
+<screen><userinput remap="pre">sed -e 's:#ENCRYPT_METHOD DES:ENCRYPT_METHOD YESCRYPT:' \
    -e 's:/var/spool/mail:/var/mail:'                   \
    -e '/PATH=/{s@/sbin:@@;s@/bin:@@}'                  \
    -i etc/login.defs</userinput></screen>
@ -108,6 +106,7 @@ find man -name Makefile.in -exec sed -i 's/passwd\.5 / /'   {} \;</userinput></s
 <screen><userinput remap="configure">touch /usr/bin/passwd
 ./configure --sysconfdir=/etc   \
            --disable-static    \
+            --with-{b,yes}crypt \
            --with-group-name-max-length=32</userinput></screen>

    <variablelist>
@ -122,6 +121,21 @@ find man -name Makefile.in -exec sed -i 's/passwd\.5 / /'   {} \;</userinput></s
          create it in the wrong place.</para>
        </listitem>
      </varlistentry>
+
+      <varlistentry>
+        <term><parameter>--with-{b,yes}crypt</parameter></term>
+        <listitem>
+          <para>The shell expands this to two switches,
+          <parameter>--with-bcrypt</parameter> and
+          <parameter>--with-yescrypt</parameter>.  They allow shadow to use
+          the Bcrypt and Yescrypt algorithms implemented by
+          <application>Libxcrypt</application> for hashing passwords.
+          These algorithms are more secure (in particular, much more
+          resistant to GPU-based attacks) than the traditional SHA
+          algorithms.</para>
+        </listitem>
+      </varlistentry>
+
      <varlistentry>
        <term><parameter>--with-group-name-max-length=32</parameter></term>
        <listitem>
--- a/chapter10/kernel.xml
+++ b/chapter10/kernel.xml
@ -166,7 +166,6 @@ General setup ---&gt;
   &lt; &gt; Enable kernel headers through /sys/kernel/kheaders.tar.xz [CONFIG_IKHEADERS]
   [*] Control Group support [CONFIG_CGROUPS]   ---&gt;
      [*] Memory controller [CONFIG_MEMCG]
-   [ ] Enable deprecated sysfs features to support old userspace tools [CONFIG_SYSFS_DEPRECATED]
   [ ] Configure standard kernel features (expert users) [CONFIG_EXPERT]
 General architecture-dependent options  ---&gt;
   [*] Enable seccomp to safely compute untrusted bytecode [CONFIG_SECCOMP]
--- a/packages.ent
+++ b/packages.ent
@ -432,7 +432,7 @@

 <!ENTITY libxcrypt-version "4.4.35">
 <!ENTITY libxcrypt-size "612 KB">
-<!ENTITY libxcrypt-url "&github;/besser82/libxcrypt/releases/download/&libxcrypt-version;/libxcrypt-&libxcrypt-version;.tar.xz">
+<!ENTITY libxcrypt-url "&github;/besser82/libxcrypt/releases/download/v&libxcrypt-version;/libxcrypt-&libxcrypt-version;.tar.xz">
 <!ENTITY libxcrypt-md5 "1d8487dfc43ee8e31a858456b868f836">
 <!ENTITY libxcrypt-home "&github;/besser82/libxcrypt/">
 <!ENTITY libxcrypt-fin-du "16 MB">