SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
This should be discussed in a new thread, but in short:
texlive is far too big, everything needed to build the package would have to be shipped, too(several GBs). The chance i see(to late for 14.2 i assume) is, to build a custom texlive with about 50mb(tetex has about 37mb). This is not possible with the provided schemes(texlive-tetex-scheme has several hundred mbs), but with single packages provided by texlive(with drawbacks, e.g. cbfonts(greek) has nearly 70mb alone and can't be added as is comes).
The singel-packages have a corresponding source- and doc-packages, so the full texlive sourcetree wouldn't have to be shipped.
Yeah, TexLive, even if you grabbed the prebuilt online download is HUGE as a package. I've built TexLive on other distributions and packaged it on my own, and it's massive in size if you want coverage that works for packages. You could trim it maybe, but you're removing a lot of functionality equally.
libcaca-0.99-beta19 will fix creating empty directories for /usr/lib64/jni and /usr/share/java even if java has been disabled. The package included in -current includes these empty directories which could be removed. The development version has some more fixes, have a look here.
Any chance /etc/asound.conf can be removed from alsa-lib and moved to the pulseaudio package? As far as I am aware its only needed if pulseaudio is used and not including it in alsalib would be quite considerate to those few who do not use pulseaudio so that they do not need to keep an empty version of the file or manually remove it from the alsa-lib slackbuild. Thanks!
minimal-lxc.template within /usr/share/lxc/templates/lxc-slackware lists "logrotate", but not "dcron". Logrotate is mostly useless without dcron, so i suggest to add dcron or remove logrotate from minimal-lxc.template.
Any chance /etc/asound.conf can be removed from alsa-lib and moved to the pulseaudio package? As far as I am aware its only needed if pulseaudio is used and not including it in alsalib would be quite considerate to those few who do not use pulseaudio so that they do not need to keep an empty version of the file or manually remove it from the alsa-lib slackbuild. Thanks!
You're going to need the pulseaudio package for libpulse anyway... unless you're recompiling all those things. In which case you should be able to handle keeping an empty asound.conf.
Distribution: Slackware64 14.2 and current, SlackwareARM current
Posts: 1,644
Rep:
The files README_CRYPT.TXT and README_LVM.TXT on the Slackware DVD contain info about setting up encrypted partitions. The given example might give a problem with newer cryptsetup (>=1.6.0) as far as I understand it. The standard encryption cypher has changed with that version from aes-cbc-essiv to aes-xts-plain64.
Quote:
From version 1.6.0 of cryptsetup onwards, aes-xts-plain64 is the default for LUKS
As far as I understand it, the key size is handled differently if you use xts - to get the desired key size you have to double it, so that a key size of 512 should mean the aes part gets 256 bit and the xts gets 256 bit, too. Using the old example lines I fear it would result in an 128 bit encryption.
Quote:
For key-size, you can use 128 bit (e.g. AES-128 with CBC), 256 bit (e.g. AES-256 with CBC) or 512 bit (e.g. AES-256 with XTS mode). You can do 64 bit (e.g. blowfish-64 with CBC), but anything below 128 bit has to be considered insecure today.
By default a 256 bit key-size is used. Note however that XTS splits the supplied key in half, so to use AES-256 instead of AES-128 you have to set the XTS key-size to 512.
The files README_CRYPT.TXT and README_LVM.TXT on the Slackware DVD contain info about setting up encrypted partitions. The given example might give a problem with newer cryptsetup (>=1.6.0) as far as I understand it. The standard encryption cypher has changed with that version from aes-cbc-essiv to aes-xts-plain64.
As far as I understand it, the key size is handled differently if you use xts - to get the desired key size you have to double it, so that a key size of 512 should mean the aes part gets 256 bit and the xts gets 256 bit, too. Using the old example lines I fear it would result in an 128 bit encryption.
It would be nice if someone more familiar with this could take a look, if the instructions have to be reworked.
The instructions do need to be reworked, but the default cipher now used by cryptsetup (aes-xts-plain64 with a 256-bit key) should be fine. Attacks on AES, even AES-128, are still only theoretical (and are a long way from being practical in the foreseeable future), and although it's now a matter of public record that state actors are trying to find a realistic cryptographic attack could be mounted against AES, there's no evidence that any of them have.
Unless you work in a US government department and are trying to keep TS material safe, worrying about AES key lengths is ill-considered: if someone wanted to decrypt your disk, there are much easier ways of doing it than attempting to mount a complex cryptographic attack against a FIPS 140-2-approved cipher (they could attempt to insert a backdoor into cryptsetup, for instance, or hit you until you tell them your passphrase).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.