r1588 - in trunk/BOOK: . chapter01 chapter04 chapter05

robert at linuxfromscratch.org robert at linuxfromscratch.org
Sun Nov 14 20:23:16 PST 2010


Author: robert
Date: 2010-11-14 21:23:12 -0700 (Sun, 14 Nov 2010)
New Revision: 1588

Added:
   trunk/BOOK/chapter04/abouthlfs.xml
Removed:
   trunk/BOOK/chapter04/aboutlfs.xml
Modified:
   trunk/BOOK/chapter01/changelog.xml
   trunk/BOOK/chapter04/addinguser.xml
   trunk/BOOK/chapter04/chapter04.xml
   trunk/BOOK/chapter04/creatingtoolsdir.xml
   trunk/BOOK/chapter04/settingenviron.xml
   trunk/BOOK/chapter05/gcc-pass1.xml
   trunk/BOOK/chapter05/glibc.xml
   trunk/BOOK/general.ent
Log:
Substitute lfs for hlfs in chapter 4. Add -fPIC by default to gcc-pass1. Added SSP, _FORTIFY_SOURCE, and -fPIE to Glibc in chapter 5. Added gcc_cv_libc_provides_ssp=yes to GCC pass1 make command, so GCC does not configure itself to use libssp.so.

Modified: trunk/BOOK/chapter01/changelog.xml
===================================================================
--- trunk/BOOK/chapter01/changelog.xml	2010-11-07 04:48:39 UTC (rev 1587)
+++ trunk/BOOK/chapter01/changelog.xml	2010-11-15 04:23:12 UTC (rev 1588)
@@ -37,6 +37,19 @@
 
 -->
     <listitem>
+      <para>2010-11-14</para>
+      <itemizedlist>
+        <listitem>
+          <para>[robert] - Substitute lfs for hlfs in chapter 4. Add -fPIC by
+          default to gcc-pass1. Added SSP, _FORTIFY_SOURCE, and -fPIE to Glibc
+          in chapter 5. Added gcc_cv_libc_provides_ssp=yes to GCC pass1 make
+          command, so GCC does not configure itself to use libssp.so.
+          </para>
+        </listitem>
+      </itemizedlist>
+    </listitem>
+
+    <listitem>
       <para>2010-11-06</para>
       <itemizedlist>
         <listitem>

Copied: trunk/BOOK/chapter04/abouthlfs.xml (from rev 1587, trunk/BOOK/chapter04/aboutlfs.xml)
===================================================================
--- trunk/BOOK/chapter04/abouthlfs.xml	                        (rev 0)
+++ trunk/BOOK/chapter04/abouthlfs.xml	2010-11-15 04:23:12 UTC (rev 1588)
@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+  "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+  <!ENTITY % general-entities SYSTEM "../general.ent">
+  %general-entities;
+]>
+
+<sect1 id="prepare-abouthlfs">
+  <?dbhtml filename="abouthlfs.html"?>
+
+  <title>About $HLFS</title>
+
+  <para>Throughout this book, the environment variable <envar>HLFS</envar> will
+  be used. It is paramount that this variable is always defined.
+  It should be set to the mount point chosen for the HLFS partition.
+  Check that the <envar>HLFS</envar> variable is set up properly with:</para>
+
+<screen role="nodump"><userinput>echo $HLFS</userinput></screen>
+
+  <para>Make sure the output shows the path to the HLFS partition's mount
+  point, which is <filename class="directory">/mnt/hlfs</filename> if the
+  provided example was followed. If the output is incorrect, the
+  variable can be set with:</para>
+
+<screen role="nodump"><userinput>export HLFS=/mnt/hlfs</userinput></screen>
+
+  <para>Having this variable set is beneficial in that commands such as
+  <command>mkdir $HLFS/tools</command> can be typed literally. The shell
+  will automatically replace <quote>$HLFS</quote> with
+  <quote>/mnt/hlfs</quote> (or whatever the variable was set to) when it
+  processes the command line.</para>
+
+  <para>Do not forget to check that <envar>$HLFS</envar> is set whenever
+  you leave and reenter the current working environment (as when doing a
+  <command>su</command> to <systemitem class="username">root</systemitem>
+  or another user).</para>
+
+</sect1>
+

Deleted: trunk/BOOK/chapter04/aboutlfs.xml
===================================================================
--- trunk/BOOK/chapter04/aboutlfs.xml	2010-11-07 04:48:39 UTC (rev 1587)
+++ trunk/BOOK/chapter04/aboutlfs.xml	2010-11-15 04:23:12 UTC (rev 1588)
@@ -1,39 +0,0 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>
-<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
-  "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
-  <!ENTITY % general-entities SYSTEM "../general.ent">
-  %general-entities;
-]>
-
-<sect1 id="prepare-aboutlfs">
-  <?dbhtml filename="aboutlfs.html"?>
-
-  <title>About $LFS</title>
-
-  <para>Throughout this book, the environment variable <envar>LFS</envar> will
-  be used. It is paramount that this variable is always defined.
-  It should be set to the mount point chosen for the LFS partition.
-  Check that the <envar>LFS</envar> variable is set up properly with:</para>
-
-<screen role="nodump"><userinput>echo $LFS</userinput></screen>
-
-  <para>Make sure the output shows the path to the LFS partition's mount
-  point, which is <filename class="directory">/mnt/lfs</filename> if the
-  provided example was followed. If the output is incorrect, the
-  variable can be set with:</para>
-
-<screen role="nodump"><userinput>export LFS=/mnt/lfs</userinput></screen>
-
-  <para>Having this variable set is beneficial in that commands such as
-  <command>mkdir $LFS/tools</command> can be typed literally. The shell
-  will automatically replace <quote>$LFS</quote> with
-  <quote>/mnt/lfs</quote> (or whatever the variable was set to) when it
-  processes the command line.</para>
-
-  <para>Do not forget to check that <envar>$LFS</envar> is set whenever
-  you leave and reenter the current working environment (as when doing a
-  <command>su</command> to <systemitem class="username">root</systemitem>
-  or another user).</para>
-
-</sect1>
-

Modified: trunk/BOOK/chapter04/addinguser.xml
===================================================================
--- trunk/BOOK/chapter04/addinguser.xml	2010-11-07 04:48:39 UTC (rev 1587)
+++ trunk/BOOK/chapter04/addinguser.xml	2010-11-15 04:23:12 UTC (rev 1588)
@@ -8,20 +8,20 @@
 <sect1 id="ch-tools-addinguser">
   <?dbhtml filename="addinguser.html"?>
 
-  <title>Adding the LFS User</title>
+  <title>Adding the HLFS User</title>
 
   <para>When logged in as user <systemitem class="username">root</systemitem>,
   making a single mistake can damage or destroy a system. Therefore, we
   recommend building the packages in this chapter as an unprivileged user.
   You could use your own user name, but to make it easier to set up a clean
   working environment, create a new user called <systemitem
-  class="username">lfs</systemitem> as a member of a new group (also named
-  <systemitem class="groupname">lfs</systemitem>) and use this user during
+  class="username">hlfs</systemitem> as a member of a new group (also named
+  <systemitem class="groupname">hlfs</systemitem>) and use this user during
   the installation process. As <systemitem class="username">root</systemitem>,
   issue the following commands to add the new user:</para>
 
-<screen><userinput>groupadd lfs
-useradd -s /bin/bash -g lfs -m -k /dev/null lfs</userinput></screen>
+<screen><userinput>groupadd hlfs
+useradd -s /bin/bash -g hlfs -m -k /dev/null hlfs</userinput></screen>
 
   <variablelist>
     <title>The meaning of the command line options:</title>
@@ -30,15 +30,15 @@
       <term><parameter>-s /bin/bash</parameter></term>
       <listitem>
         <para>This makes <command>bash</command> the default shell for user
-        <systemitem class="username">lfs</systemitem>.</para>
+        <systemitem class="username">hlfs</systemitem>.</para>
       </listitem>
     </varlistentry>
 
     <varlistentry>
-      <term><parameter>-g lfs</parameter></term>
+      <term><parameter>-g hlfs</parameter></term>
       <listitem>
-        <para>This option adds user <systemitem class="username">lfs</systemitem>
-        to group <systemitem class="groupname">lfs</systemitem>.</para>
+        <para>This option adds user <systemitem class="username">hlfs</systemitem>
+        to group <systemitem class="groupname">hlfs</systemitem>.</para>
       </listitem>
     </varlistentry>
 
@@ -46,7 +46,7 @@
       <term><parameter>-m</parameter></term>
       <listitem>
         <para>This creates a home directory for <systemitem
-        class="username">lfs</systemitem>.</para>
+        class="username">hlfs</systemitem>.</para>
       </listitem>
     </varlistentry>
 
@@ -68,31 +68,31 @@
 
   </variablelist>
 
-  <para>To log in as <systemitem class="username">lfs</systemitem> (as opposed
-  to switching to user <systemitem class="username">lfs</systemitem> when logged
+  <para>To log in as <systemitem class="username">hlfs</systemitem> (as opposed
+  to switching to user <systemitem class="username">hlfs</systemitem> when logged
   in as <systemitem class="username">root</systemitem>, which does not require
-  the <systemitem class="username">lfs</systemitem> user to have a password),
-  give <systemitem class="username">lfs</systemitem> a password:</para>
+  the <systemitem class="username">hlfs</systemitem> user to have a password),
+  give <systemitem class="username">hlfs</systemitem> a password:</para>
 
-<screen role="nodump"><userinput>passwd lfs</userinput></screen>
+<screen role="nodump"><userinput>passwd hlfs</userinput></screen>
 
-  <para>Grant <systemitem class="username">lfs</systemitem> full access to
-  <filename class="directory">$LFS/tools</filename> by making
-  <systemitem class="username">lfs</systemitem> the directory owner:</para>
+  <para>Grant <systemitem class="username">hlfs</systemitem> full access to
+  <filename class="directory">$HLFS/tools</filename> by making
+  <systemitem class="username">hlfs</systemitem> the directory owner:</para>
 
-<screen><userinput>chown -v lfs $LFS/tools</userinput></screen>
+<screen><userinput>chown -v hlfs $HLFS/tools</userinput></screen>
 
   <para>If a separate working directory was created as suggested, give
-  user <systemitem class="username">lfs</systemitem> ownership of this
+  user <systemitem class="username">hlfs</systemitem> ownership of this
   directory:</para>
 
-<screen><userinput>chown -v lfs $LFS/sources</userinput></screen>
+<screen><userinput>chown -v hlfs $HLFS/sources</userinput></screen>
 
-  <para>Next, login as user <systemitem class="username">lfs</systemitem>.
+  <para>Next, login as user <systemitem class="username">hlfs</systemitem>.
   This can be done via a virtual console, through a display manager, or with
   the following substitute user command:</para>
 
-<screen role="nodump"><userinput>su - lfs</userinput></screen>
+<screen role="nodump"><userinput>su - hlfs</userinput></screen>
 
   <para>The <quote><parameter>-</parameter></quote> instructs
   <command>su</command> to start a login shell as opposed to a non-login shell.

Modified: trunk/BOOK/chapter04/chapter04.xml
===================================================================
--- trunk/BOOK/chapter04/chapter04.xml	2010-11-07 04:48:39 UTC (rev 1587)
+++ trunk/BOOK/chapter04/chapter04.xml	2010-11-15 04:23:12 UTC (rev 1588)
@@ -11,7 +11,7 @@
 
   <title>Final Preparations</title>
 
-  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="aboutlfs.xml"/>
+  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="abouthlfs.xml"/>
   <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="creatingtoolsdir.xml"/>
   <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="addinguser.xml"/>
   <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="settingenviron.xml"/>

Modified: trunk/BOOK/chapter04/creatingtoolsdir.xml
===================================================================
--- trunk/BOOK/chapter04/creatingtoolsdir.xml	2010-11-07 04:48:39 UTC (rev 1587)
+++ trunk/BOOK/chapter04/creatingtoolsdir.xml	2010-11-15 04:23:12 UTC (rev 1588)
@@ -8,10 +8,10 @@
 <sect1 id="ch-tools-creatingtoolsdir">
   <?dbhtml filename="creatingtoolsdir.html"?>
 
-  <title>Creating the $LFS/tools Directory</title>
+  <title>Creating the $HLFS/tools Directory</title>
 
   <para>All programs compiled in <xref linkend="chapter-temporary-tools"/>
-  will be installed under <filename class="directory">$LFS/tools</filename>
+  will be installed under <filename class="directory">$HLFS/tools</filename>
   to keep them separate from the programs compiled in <xref
   linkend="chapter-building-system"/>. The programs compiled here are
   temporary tools and will not be a part of the final LFS system. By keeping
@@ -23,14 +23,14 @@
   <para>Create the required directory by running the following as
   <systemitem class="username">root</systemitem>:</para>
 
-<screen><userinput>mkdir -v $LFS/tools</userinput></screen>
+<screen><userinput>mkdir -v $HLFS/tools</userinput></screen>
 
   <para>The next step is to create a <filename class="symlink">/tools</filename>
   symlink on the host system. This will point to the newly-created directory on
-  the LFS partition. Run this command as <systemitem
+  the HLFS partition. Run this command as <systemitem
   class="username">root</systemitem> as well:</para>
 
-<screen><userinput>ln -sv $LFS/tools /</userinput></screen>
+<screen><userinput>ln -sv $HLFS/tools /</userinput></screen>
 
   <note>
     <para>The above command is correct. The <command>ln</command> command
@@ -43,6 +43,6 @@
   always refers to <filename class="directory">/tools</filename>, meaning
   that the compiler, assembler, and linker will work both in this chapter
   (when we are still using some tools from the host) and in the next (when
-  we are <quote>chrooted</quote> to the LFS partition).</para>
+  we are <quote>chrooted</quote> to the HLFS partition).</para>
 
 </sect1>

Modified: trunk/BOOK/chapter04/settingenviron.xml
===================================================================
--- trunk/BOOK/chapter04/settingenviron.xml	2010-11-07 04:48:39 UTC (rev 1587)
+++ trunk/BOOK/chapter04/settingenviron.xml	2010-11-15 04:23:12 UTC (rev 1588)
@@ -12,14 +12,14 @@
 
   <para>Set up a good working environment by creating two new startup files
   for the <command>bash</command> shell. While logged in as user
-  <systemitem class="username">lfs</systemitem>, issue the following command
+  <systemitem class="username">hlfs</systemitem>, issue the following command
   to create a new <filename>.bash_profile</filename>:</para>
 
 <screen><userinput>cat > ~/.bash_profile << "EOF"
 <literal>exec env -i HOME=$HOME TERM=$TERM PS1='\u:\w\$ ' /bin/bash</literal>
 EOF</userinput></screen>
 
-  <para>When logged on as user <systemitem class="username">lfs</systemitem>,
+  <para>When logged on as user <systemitem class="username">hlfs</systemitem>,
   the initial shell is usually a <emphasis>login</emphasis> shell which reads
   the <filename>/etc/profile</filename> of the host (probably containing some
   settings and environment variables) and then <filename>.bash_profile</filename>.
@@ -40,7 +40,7 @@
 <screen><userinput>cat > ~/.bashrc << "EOF"
 <literal>set +h
 umask 022
-LFS=/mnt/lfs
+HLFS=/mnt/hlfs
 LC_ALL=POSIX
 LFS_TGT=$(uname -m)-lfs-linux-gnu
 PATH=/tools/bin:/bin:/usr/bin
@@ -55,7 +55,7 @@
   be used as soon as they are installed. By switching off the hash function,
   the shell will always search the <envar>PATH</envar> when a program is to
   be run. As such, the shell will find the newly compiled tools in
-  <filename class="directory">$LFS/tools</filename> as soon as they are
+  <filename class="directory">$HLFS/tools</filename> as soon as they are
   available without remembering a previous version of the same program in a
   different location.</para>
 

Modified: trunk/BOOK/chapter05/gcc-pass1.xml
===================================================================
--- trunk/BOOK/chapter05/gcc-pass1.xml	2010-11-07 04:48:39 UTC (rev 1587)
+++ trunk/BOOK/chapter05/gcc-pass1.xml	2010-11-15 04:23:12 UTC (rev 1588)
@@ -54,6 +54,20 @@
 tar -zxf ../mpc-&mpc-version;.tar.gz
 mv -v mpc-&mpc-version; mpc</userinput></screen>
 
+    <para>The <parameter>-fPIC</parameter> needs to be enabled by default at
+    this stage so that Glibc will detect a PIC compiler later in this chapter.
+    Glibc will enable different code depending on whether the compiler is PIC
+    or not.</para>
+ 
+    <para>Modify GCC to make <parameter>-fPIC</parameter> the default:</para>
+
+<screen><userinput remap="pre">cp -v gcc/config/i386/linux.h{,.orig}
+sed 's/^\(#define CC1_SPEC.*\)\("\)$/\1 %{fno-pic|fno-PIC|fpic|fPIC:;:-fPIC}\2/' \
+    gcc/config/i386/linux.h.orig > gcc/config/i386/linux.h
+cp -v gcc/config/i386/x86-64.h{,.orig}
+sed 's/^\(#define CC1_SPEC.*\)\("\)$/\1 %{fno-pic|fno-PIC|fpic|fPIC:;:-fPIC}\2/' \
+    gcc/config/i386/x86-64.h.orig > gcc/config/i386/x86-64.h</userinput></screen>
+
     <para>The GCC documentation recommends building GCC outside of the
     source directory in a dedicated build directory:</para>
 
@@ -136,8 +150,12 @@
 
     <para>Compile GCC by running:</para>
 
-<screen><userinput remap="make">make</userinput></screen>
+<screen><userinput remap="make">make gcc_cv_libc_provides_ssp=yes</userinput></screen>
 
+    <para>The <parameter>gcc_cv_libc_provides_ssp=yes</parameter> variable is
+    needed on some host systems to ensure that the SSP function from Glibc is
+    used, instead of from <filename>libssp.so</filename>.</para>
+
     <para>Compilation is now complete. At this point, the test suite would
     normally be run, but, as mentioned before, the test suite framework is
     not in place yet. The benefits of running the tests at this point

Modified: trunk/BOOK/chapter05/glibc.xml
===================================================================
--- trunk/BOOK/chapter05/glibc.xml	2010-11-07 04:48:39 UTC (rev 1587)
+++ trunk/BOOK/chapter05/glibc.xml	2010-11-15 04:23:12 UTC (rev 1588)
@@ -163,10 +163,61 @@
     generally harmless. This <command>msgfmt</command> program is part of the
     Gettext package which the host distribution should provide.</para>
 
-    <para>Compile the package:</para>
+    <para>The Glibc package is compiled in two stages. In the first stage only
+    the libraries are compiled with our <parameter>-fPIC</parameter> enabled
+    GCC. In the second stage the programs are compiled with additional
+    hardening.</para>
 
+    <para>Preprare the <filename>configparms</filename> file to build the Glibc
+    libraries:</para>
+
+<screen><userinput remap="configure">cat >> configparms << "EOF"
+<literal>build-programs=no
+LDFLAGS.so += -Wl,--warn-shared-textrel,--fatal-warnings</literal>
+EOF</userinput></screen>
+
+    <para>Compile the libraries:</para>
+
 <screen><userinput remap="make">make</userinput></screen>
 
+    <para>In this next stage hardening options are added to the compiler
+    options. The <command>sln</command> program is statically linked, so the
+    <parameter>-fPIE</parameter> option is reversed with the
+    <parameter>-fno-PIE</parameter> option. The <parameter>+link</parameter>
+    variable is redefined to link the programs with
+    <parameter>-pie</parameter>, and essentially behaves like
+    <parameter>+link-pie</parameter> found in the
+    <filename>Makeconfig</filename> file, but with the addition of
+    <parameter>--warn-shared-textrel --fatal-warnings</parameter> to warn us if
+    the programs were not properly compiled.</para>
+
+    <para>Prepare the <filename>configparms</filename> file to build the Glibc
+    programs:</para>
+
+<screen><userinput remap="configure">cat > configparms << "EOF"
+<literal>CC += -fPIE -fstack-protector-all -D_FORTIFY_SOURCE=2
+CXX += -fPIE -fstack-protector-all -D_FORTIFY_SOURCE=2
+CFLAGS-sln.c += -fno-PIC -fno-PIE
++link = $(CC) -pie -Wl,-O1 -nostdlib -nostartfiles -o $@ \
+    $(sysdep-LDFLAGS) $(config-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \
+    $(combreloc-LDFLAGS) $(relro-LDFLAGS) $(hashstyle-LDFLAGS) \
+    -Wl,-z,now -Wl,--warn-shared-textrel,--fatal-warnings
+    $(addprefix $(csu-objpfx),S$(start-installed-name)) \
+    $(+preinit) $(+prectorS) \
+    $(filter-out $(addprefix $(csu-objpfx),start.o \
+    S$(start-installed-name))\
+    $(+preinit) $(link-extra-libs) \
+    $(common-objpfx)libc% $(+postinit),$^) \
+    $(link-extra-libs) $(link-libc) $(+postctorS) $(+postinit)</literal>
+EOF
+case `uname -m` in
+  i?86) echo "CFLAGS += -march=i486 -mtune=native" >> configparms ;;
+esac</userinput></screen>
+
+    <para>Compile the programs:</para>
+
+<screen><userinput remap="make">make</userinput></screen>
+
     <para>This package does come with a test suite, however, it cannot be
     run at this time because we do not have a C++ compiler yet.</para>
 

Modified: trunk/BOOK/general.ent
===================================================================
--- trunk/BOOK/general.ent	2010-11-07 04:48:39 UTC (rev 1587)
+++ trunk/BOOK/general.ent	2010-11-15 04:23:12 UTC (rev 1588)
@@ -1,5 +1,5 @@
-<!ENTITY version "SVN-20101106">
-<!ENTITY releasedate "November 06, 2010">
+<!ENTITY version "SVN-20101114">
+<!ENTITY releasedate "November 14, 2010">
 <!ENTITY copyrightdate "1999-2010"><!-- jhalfs needs a literal dash, not – -->
 <!ENTITY milestone "1.0">
 <!ENTITY generic-version "development"> <!-- Use "development", "testing", or "x.y[-pre{x}]" -->




More information about the hlfs-book mailing list