r1545 - in branches/Onward: downloads temporary_system

robert at linuxfromscratch.org robert at linuxfromscratch.org
Sat Feb 20 12:27:44 PST 2010


Author: robert
Date: 2010-02-20 13:27:43 -0700 (Sat, 20 Feb 2010)
New Revision: 1545

Modified:
   branches/Onward/downloads/packages.txt
   branches/Onward/downloads/patches.txt
   branches/Onward/temporary_system/glibc.txt
Log:
Bump to Glibc-2.11.1.

Modified: branches/Onward/downloads/packages.txt
===================================================================
--- branches/Onward/downloads/packages.txt	2010-02-19 17:28:43 UTC (rev 1544)
+++ branches/Onward/downloads/packages.txt	2010-02-20 20:27:43 UTC (rev 1545)
@@ -51,9 +51,9 @@
 # http://ftp.gnu.org/gnu/gettext/gettext-0.17.tar.gz.sig
 http://ftp.gnu.org/gnu/gettext/gettext-0.17.tar.gz
 
-# Glibc-2.9 snapshot:
-# You may want to follow this symlink, and get the real file name.
-ftp://sources.redhat.com/pub/glibc/snapshots/glibc-2.9-latest.tar.bz2
+# Glibc:
+# http://ftp.gnu.org/gnu/glibc/glibc-2.11.1.tar.bz2.sig
+http://ftp.gnu.org/gnu/glibc/glibc-2.11.1.tar.bz2
 
 # GMP:
 # http://ftp.gnu.org/gnu/gmp/gmp-5.0.1.tar.bz2.sig

Modified: branches/Onward/downloads/patches.txt
===================================================================
--- branches/Onward/downloads/patches.txt	2010-02-19 17:28:43 UTC (rev 1544)
+++ branches/Onward/downloads/patches.txt	2010-02-20 20:27:43 UTC (rev 1545)
@@ -35,20 +35,27 @@
 # Gettext upstream fixes:
 http://www.linuxfromscratch.org/~robert/new/patches/gettext-0.17-upstream_fixes-2.diff
 
+# Glibc branch update patches:
+http://www.linuxfromscratch.org/~robert/new/patches/glibc-2.11.1-update-1.diff
+http://www.linuxfromscratch.org/~robert/new/patches/glibc-2.11.1-update-2.diff
+http://www.linuxfromscratch.org/~robert/new/patches/glibc-2.11.1-update-3.diff
+http://www.linuxfromscratch.org/~robert/new/patches/glibc-2.11.1-update-4.diff
+
 # Glibc localedef trampoline patch:
 http://www.linuxfromscratch.org/patches/downloads/glibc/glibc-2.5.1-localedef_trampoline-1.patch
 
 # Glibc random mk*temp() patch:
-http://www.linuxfromscratch.org/~robert/new/patches/glibc-2.8-mktemp_urandom.diff
+http://www.linuxfromscratch.org/~robert/new/patches/glibc-2.11.1-mktemp_urandom.diff
 
 # Glibc PT_PaX patch:
 http://www.linuxfromscratch.org/patches/downloads/glibc/glibc-2.5.1-pt_pax-1.patch
 
-# Glibc better res_randomid() patch:
-http://www.linuxfromscratch.org/~robert/new/patches/glibc-2.9-res_randomid.diff
+# Glibc res_randomid() patch:
+http://www.linuxfromscratch.org/~robert/new/patches/glibc-2.10.1-owl-alt-res_randomid.diff
 
 # Glibc sanitize environment patch:
-http://www.linuxfromscratch.org/~robert/new/patches/glibc-2.8-sanitize_env.diff
+# Broken - FIXME
+# http://www.linuxfromscratch.org/~robert/new/patches/glibc-2.8-sanitize_env.diff
 
 # Glibc strlcpy()/strlcat() patch:
 http://www.linuxfromscratch.org/~robert/new/patches/glibc-2.8-strlcpy_strlcat.diff

Modified: branches/Onward/temporary_system/glibc.txt
===================================================================
--- branches/Onward/temporary_system/glibc.txt	2010-02-19 17:28:43 UTC (rev 1544)
+++ branches/Onward/temporary_system/glibc.txt	2010-02-20 20:27:43 UTC (rev 1545)
@@ -1,8 +1,9 @@
 # Temporary tools - Glibc
 
-# Configure Glibc to usr /tools/etc, /tools/var, and /tools/bin/sh. This
+# Configure Glibc to use /tools/etc, /tools/var, and /tools/bin/sh. This
 # affects /etc/mtab and utmp/wtmp files in the rebooted system:
 
+ln -vs /bin/sh /tools/bin/sh &&
 cp -v sysdeps/unix/sysv/linux/paths.h{,.orig} &&
 sed -e 's@/etc@/tools&@' -e 's@/var@/tools&@' -e 's@/bin/sh@/tools&@' \
 	sysdeps/unix/sysv/linux/paths.h.orig > \
@@ -18,6 +19,14 @@
 cp -v elf/rtld.c{,.orig} &&
 sed 's@/etc/ld.so.preload@/tools&@' elf/rtld.c.orig > elf/rtld.c &&
 
+# Apply upstream patches from the 2.11 Glibc branch
+# (http://sourceware.org/git/?p=glibc.git;a=log;h=refs/heads/release/2.11/master):
+
+patch -p1 -i ../glibc-2.11.1-update-1.diff &&
+patch -p1 -i ../glibc-2.11.1-update-2.diff &&
+patch -p1 -i ../glibc-2.11.1-update-3.diff &&
+patch -p1 -i ../glibc-2.11.1-update-4.diff &&
+
 # The next patch modifies the localedef program so it does not use GCC
 # Trampoline code (http://gcc.gnu.org/onlinedocs/gccint/Trampolines.html),
 # which relies on an executable stack to run. Without this patch the localedef
@@ -33,7 +42,8 @@
 
 # This patch resticts the environment, particularly with setuid programs:
 
-patch -p1 -i ../glibc-2.8-sanitize_env.diff &&
+# FIXME: This has to be picked out of Alt-Linux Glibc git.
+#patch -p1 -i ../glibc-2.8-sanitize_env.diff &&
 
 # This patch adds the strlcpy(3) and strlcat(3) functions and manual pages to
 # Glibc. A paper written about these functions is available here:
@@ -65,14 +75,14 @@
 # of functions, to use /dev/urandom instead of hp-timing, gettimeofday(3), or
 # getpid(3):
 
-patch -p1 -i ../glibc-2.8-mktemp_urandom.diff &&
+patch -p1 -i ../glibc-2.11.1-mktemp_urandom.diff &&
 
 # The res_randomid(3) function is a pseudo-random number generator, using
 # getpid(3) for entropy. More information about this vulnerability is here:
 # http://www.openbsd.org/advisories/res_random.txt
 # This patch uses /dev/urandom instead:
 
-patch -p1 -i ../glibc-2.9-res_randomid.diff &&
+patch -p1 -i ../glibc-2.10.1-owl-alt-res_randomid.diff &&
 
 # We don't install pt_chown(1) on the final system, so why install it to
 # /tools:
@@ -91,74 +101,94 @@
 cp -v nscd/Makefile{,.orig} &&
 sed 's/fstack-protector/&-all/' nscd/Makefile.orig > nscd/Makefile &&
 
-# We don't need to set -march=i486 in confparams because GCC was built with
-# --with-arch=i486.
+# Optimize the linking of libraries and programs:
 
-# --sbindir=/tools/bin does not work... anyone want to fix this? We don't need
-# Glibc's sbin programs, but still.
+cp -v Makeconfig{,.orig} &&
+sed 's/-Wl,--hash-style=both/-Wl,--hash-style=gnu -Wl,-O1/' \
+	Makeconfig.orig > Makeconfig &&
 
-# --enable-kernel=2.6.0 is important for test suites. For unknown reasons,
-# setting this higher than 2.6.0 can cause test suites to fail. This option
-# causes code to be removed from Glibc when kernel functions are expected to
-# exist to replace Glibc code. This improves performance. Even when this
-# option is set to 2.6.0, the kernel system call will always be attempted
-# first, before using the Glibc library version. Using 2.6.0 is more robust
-# and provides Glibc with a backup that is known to be 100% compatible.
+# The above optimization will benefit everything that uses Glibc.
 
-# --enable-stackguard-randomization could be added here, but this is primarily
-# for attacks by local users, and we shouldn't have those in the rebooted
-# system. Adding this will empty the /dev/random entropy pool (via
-# /dev/urandom), unless the system is running a Random Number Gathering Daemon
-# (rngd). This version of Glibc uses high precision timing with SSP, so the
-# canary value changes at run-time. This is not as good as /dev/urandom, but
-# it's better than nothing and has very good performance. FIXME - Use erandom.
+# Configure Glibc:
 
 mkdir -v obj/ &&
 cd obj/ &&
-../configure --prefix=/tools \
-	--with-binutils=/tools/bin --with-headers=/tools/include \
-	--enable-kernel=2.6.0 --enable-bind-now --enable-add-ons \
-	--without-gd --disable-profile --without-selinux \
-	--libexecdir=/tools/lib/glibc \
-	--infodir=$(pwd)/DESTDIR --mandir=$(pwd)/DESTDIR &&
+../configure --prefix=/tools --with-binutils=/tools/bin \
+	--with-headers=/tools/include --libexecdir=/tools/lib/glibc \
+	--enable-add-ons --enable-bind-now --enable-kernel=2.6.18 \
+	--enable-omitfp --enable-stackguard-randomization --disable-profile \
+	--without-gd --without-selinux --infodir=$(pwd)/DESTDIR \
+	--mandir=$(pwd)/DESTDIR &&
 
-# Our GCC is already passing -fPIC, and that's all we want for the libraries.
-# LDFLAGS.so is appended to so we don't build shared libraries with
-# DT_TEXTREL (and to tell us if something goes wrong). For now we only build
-# the libraries, not the programs:
+# --sbindir=/tools/bin does not work... anyone want to fix this? We don't need
+# Glibc's sbin programs, but still.
 
+# --enable-bind-now will add -Wl,-z,now, which in addition to -Wl,-z,relro will
+# causes the Global Offset Table to be read-only.
+
+# --enable-kernel=2.6.18 is known to work and not cause test failures in this
+# Glibc release. This allows Glibc to remove built-in library functions that are
+# provided by the kernel.
+
+# --enable-omitfp adds optimizations for better performance.
+
+# --enable-stackguard-randomization randomizes the SSP guard value with
+# /dev/urandom. FIXME - Use erandom.
+
+# --enable-kernel=2.6.18 is known to work and not cause test failures in this
+# Glibc release. This allows Glibc to remove built-in library functions that are
+# provided by the kernel.
+
+# Preprare the 'configparms' file to build the Glibc libraries:
+
 cat > configparms << "EOF" &&
 build-programs=no
+CC = gcc -fPIC
+CXX = g++ -fPIC
 LDFLAGS.so += -Wl,--warn-shared-textrel,--fatal-warnings
 EOF
-make &&
 
-# Then build the programs with hardening, so everything possible in /tools is
-# hardened:
+# -fPIC is being passed by default by GCC, but is added here for clarity.
 
+# -Wl,--warn-shared-textrel -Wl,--fatal-warnings are added to indicate a problem
+# with the build.
+
+# Build the libraries:
+
+env -u MAKEFLAGS make PARALLELMAKEFLAGS="$MAKEFLAGS" &&
+
+# The MAKEFLAGS and PARALLELMAKEFLAGS variables are used to build Glibc in
+# parallel. The above command is still safe to use if you're not building in
+# parallel.
+
+# Next prepare to build the Glibc utilities:
+
 cat > configparms << "EOF" &&
 CC = gcc -fPIE -fstack-protector-all -D_FORTIFY_SOURCE=2
 CXX = g++ -fPIE -fstack-protector-all -D_FORTIFY_SOURCE=2
 CFLAGS-sln.c += -fno-PIC -fno-PIE
-+link = $(CC) -nostdlib -nostartfiles -fPIE -pie -o $@ \
- $(sysdep-LDFLAGS) $(config-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \
- -Wl,-z,combreloc -Wl,-z,relro -Wl,-z,now $(hashstyle-LDFLAGS) \
- -Wl,--warn-shared-textrel,--fatal-warnings \
- $(addprefix $(csu-objpfx),S$(start-installed-name)) \
- $(+preinit) `$(CC) --print-file-name=crtbeginS.o` \
- $(filter-out $(addprefix $(csu-objpfx),start.o \
-  $(start-installed-name))\
- $(+preinit) $(link-extra-libs) \
- $(common-objpfx)libc% $(+postinit),$^) \
- $(link-extra-libs) $(link-libc) `$(CC) --print-file-name=crtendS.o` $(+postinit)
++link = $(CC) -pie -Wl,-O1 -nostdlib -nostartfiles -o $@ \
+	$(sysdep-LDFLAGS) $(config-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \
+	$(combreloc-LDFLAGS) $(relro-LDFLAGS) $(hashstyle-LDFLAGS) \
+	-Wl,-z,now -Wl,--warn-shared-textrel,--fatal-warnings \
+	$(addprefix $(csu-objpfx),S$(start-installed-name)) \
+	$(+preinit) $(+prectorS) \
+	$(filter-out $(addprefix $(csu-objpfx),start.o \
+	S$(start-installed-name))\
+	$(+preinit) $(link-extra-libs) \
+	$(common-objpfx)libc% $(+postinit),$^) \
+	$(link-extra-libs) $(link-libc) $(+postctorS) $(+postinit)
 EOF
-make &&
 
-# And install:
+# Build the Glibc utilities:
 
+env -u MAKEFLAGS make PARALLELMAKEFLAGS="$MAKEFLAGS" &&
+
+# Install Glibc:
+
 install -v -d /tools/etc &&
 touch /tools/etc/ld.so.conf &&
-make install &&
+env -u MAKEFLAGS make PARALLELMAKEFLAGS="$MAKEFLAGS" install &&
 
 # This package has a lot of issues with read-only sources.
 
@@ -174,4 +204,3 @@
 touch /tools/var/run/utmp &&
 touch /tools/var/log/wtmp
 
-




More information about the hlfs-book mailing list