3 files changed, 151 insertions, 11 deletions

diff --git a/chapter08/chapter08.xml b/chapter08/chapter08.xml
index 605d26782..e97ae7057 100644
--- a/chapter08/chapter08.xml
+++ b/chapter08/chapter08.xml
@@ -36,6 +36,7 @@
   <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="attr.xml"/>
   <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="acl.xml"/>
   <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="libcap.xml"/>
+  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="libxcrypt.xml"/>
   <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="shadow.xml"/>
   <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="gcc.xml"/>
   <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pkgconf.xml"/>
diff --git a/chapter08/glibc.xml b/chapter08/glibc.xml
index a44e285c9..4245b0ff4 100644
--- a/chapter08/glibc.xml
+++ b/chapter08/glibc.xml
@@ -79,6 +79,7 @@ cd       build</userinput></screen>
              --enable-kernel=&min-kernel;                     \
              --enable-stack-protector=strong          \
              --with-headers=/usr/include              \
+             --disable-crypt                          \
              libc_cv_slibdir=/usr/lib</userinput></screen>
 
     <variablelist>
@@ -489,7 +490,7 @@ mkdir -pv /etc/ld.so.conf.d</userinput></screen>
         <seg>ld-linux-x86-64.so.2, ld-linux.so.2,
         libBrokenLocale.{a,so}, libanl.{a,so},
         libc.{a,so}, libc_nonshared.a, libc_malloc_debug.so,
-        libcrypt.{a,so}, libdl.{a,so.2}, libg.a, libm.{a,so},
+        libdl.{a,so.2}, libg.a, libm.{a,so},
         libmcheck.a, libmemusage.so, libmvec.{a,so}, libnsl.so.1,
         libnss_compat.so, libnss_dns.so, libnss_files.so, libnss_hesiod.so,
         libpcprofile.so, libpthread.{a,so.0},
@@ -795,16 +796,6 @@ mkdir -pv /etc/ld.so.conf.d</userinput></screen>
         </listitem>
       </varlistentry>
 
-      <varlistentry id="libcrypt">
-        <term><filename class="libraryfile">libcrypt</filename></term>
-        <listitem>
-          <para>The cryptography library</para>
-          <indexterm zone="ch-system-glibc libcrypt">
-            <primary sortas="c-libcrypt">libcrypt</primary>
-          </indexterm>
-        </listitem>
-      </varlistentry>
-
       <varlistentry id="libdl">
         <term><filename class="libraryfile">libdl</filename></term>
         <listitem>
diff --git a/chapter08/libxcrypt.xml b/chapter08/libxcrypt.xml
new file mode 100644
index 000000000..c65d7db29
--- /dev/null
+++ b/chapter08/libxcrypt.xml
@@ -0,0 +1,148 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+  "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+  <!ENTITY % general-entities SYSTEM "../general.ent">
+  %general-entities;
+]>
+
+<sect1 id="ch-system-libxcrypt" role="wrap">
+  <?dbhtml filename="libxcrypt.html"?>
+
+  <sect1info condition="script">
+    <productname>libxcrypt</productname>
+    <productnumber>&libxcrypt-version;</productnumber>
+    <address>&libxcrypt-url;</address>
+  </sect1info>
+
+  <title>Libxcrypt-&libxcrypt-version;</title>
+
+  <indexterm zone="ch-system-libxcrypt">
+    <primary sortas="a-Libxcrypt">Libxcrypt</primary>
+  </indexterm>
+
+  <sect2 role="package">
+    <title/>
+
+    <para>The Libxcrypt package contains a modern library for one-way
+    hashing of passwords.</para>
+
+    <segmentedlist>
+      <segtitle>&buildtime;</segtitle>
+      <segtitle>&diskspace;</segtitle>
+
+      <seglistitem>
+        <seg>&libxcrypt-fin-sbu;</seg>
+        <seg>&libxcrypt-fin-du;</seg>
+      </seglistitem>
+    </segmentedlist>
+
+  </sect2>
+
+  <sect2 role="installation">
+    <title>Installation of Libxcrypt</title>
+
+    <para>Prepare Libxcrypt for compilation:</para>
+
+<screen><userinput remap="configure">./configure --prefix=/usr                \
+            --enable-hashes=strong,glibc \
+            --enable-obsolete-api=no     \
+            --disable-static             \
+            --disable-failure-tokens</userinput></screen>
+
+    <variablelist>
+      <title>The meaning of the new configure options:</title>
+
+      <varlistentry>
+        <term><parameter>--enable-hashes=strong,glibc</parameter></term>
+        <listitem>
+          <para>Build strong hash algorithms recommended for security use
+          cases, and the hash algorithms provided by traditional Glibc
+          <systemitem class='library'>libcrypt</systemitem> for
+          compatibility.</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><parameter>--enable-obsolete-api=no</parameter></term>
+        <listitem>
+          <para>Disable obsolete API functions.  They are not needed for
+          a modern Linux system built from source.</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><parameter>--disable-failure-tokens</parameter></term>
+        <listitem>
+          <para>Disable failure token feature.  It's needed for
+          compatibility with the traditional hash libraries of some
+          platforms, but a Linux system based on Glibc does not need
+          it.</para>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+
+    <para>Compile the package:</para>
+
+<screen><userinput remap="make">make</userinput></screen>
+
+    <para>To test the results, issue:</para>
+
+<screen><userinput remap="test">make check</userinput></screen>
+
+    <para>Install the package:</para>
+
+<screen><userinput remap="install">make install</userinput></screen>
+
+    <note>
+
+      <para>The instructions above disabled obsolete API functions since
+      no package installed by compiling from sources would link against
+      them at runtime. However, the only known binary-only applications
+      that link against these functions require ABI version 1.  If you must
+      have such libraries because of some binary-only application or to be
+      to be compliant with LSB, build the package again with the following
+      commands:</para>
+
+<screen><userinput remap="nodump">make distclean
+./configure --prefix=/usr                \
+            --enable-hashes=strong,glibc \
+            --enable-obsolete-api=glibc  \
+            --disable-static             \
+            --disable-failure-tokens
+make
+cp -av .libs/libcrypt.so.1* /usr/lib</userinput></screen>
+    </note>
+
+  </sect2>
+
+  <sect2 id="contents-libxcrypt" role="content">
+    <title>Contents of Libxcrypt</title>
+
+    <segmentedlist>
+      <segtitle>Installed libraries</segtitle>
+
+      <seglistitem>
+        <seg>libcrypt.so</seg>
+      </seglistitem>
+    </segmentedlist>
+
+    <variablelist>
+      <bridgehead renderas="sect3">Short Descriptions</bridgehead>
+      <?dbfo list-presentation="list"?>
+      <?dbhtml list-presentation="table"?>
+
+      <varlistentry id="libcrypt">
+        <term><filename class="libraryfile">libcrypt</filename></term>
+        <listitem>
+          <para>Contains functions to hash passwords</para>
+          <indexterm zone="ch-system-libxcrypt libcrypt">
+            <primary sortas="c-libcrypt">libcrypt</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+
+    </variablelist>
+
+  </sect2>
+
+</sect1>