r142 - in trunk/text: . chapter02 chapter06

robert at linuxfromscratch.org robert at linuxfromscratch.org
Thu Feb 3 10:17:58 PST 2005


Author: robert
Date: 2005-02-03 11:17:57 -0700 (Thu, 03 Feb 2005)
New Revision: 142

Modified:
   trunk/text/README.txt
   trunk/text/chapter02/06-pie.txt
   trunk/text/chapter06/14-coreutils.txt
   trunk/text/chapter06/16-mktemp.txt
   trunk/text/chapter06/18-findutils.txt
   trunk/text/chapter06/19-gawk.txt
   trunk/text/chapter06/20-ncurses.txt
   trunk/text/chapter06/22-vim.txt
   trunk/text/chapter06/23-m4.txt
   trunk/text/chapter06/24-bison.txt
   trunk/text/chapter06/25-less.txt
   trunk/text/chapter06/26-groff.txt
   trunk/text/chapter06/27-sed.txt
   trunk/text/chapter06/28-flex.txt
   trunk/text/chapter06/30-inetutils.txt
   trunk/text/chapter06/31-iproute2.txt
Log:
More fpie additions

Modified: trunk/text/README.txt
===================================================================
--- trunk/text/README.txt	2005-02-03 10:54:16 UTC (rev 141)
+++ trunk/text/README.txt	2005-02-03 18:17:57 UTC (rev 142)
@@ -1,5 +1,5 @@
-Hardened Linux From Scratch - 20050123
-January 23rd 2005
+Hardened Linux From Scratch - 20050203
+February 3rd, 2005
 
 - Who willed you? or whose will stands but mine?
   There's none protector of the realm but I.
@@ -39,6 +39,9 @@
 
 Syslog-ng is using privilege seperation now. Logs are owned by user 'syslog'.
 
+See chapter02/pie.txt for info about 'ld -pie' and 'gcc -fpie'. -fpie is
+added to most (or all) programs in the book.
+
 If you plan to use Iptables with Grsecurity go to:
 http://www.grsecurity.net/download.php
 and use the Iptables patch.

Modified: trunk/text/chapter02/06-pie.txt
===================================================================
--- trunk/text/chapter02/06-pie.txt	2005-02-03 10:54:16 UTC (rev 141)
+++ trunk/text/chapter02/06-pie.txt	2005-02-03 18:17:57 UTC (rev 142)
@@ -67,7 +67,7 @@
 with -fPIC. If you wish to use -fPIE to have greater optimization be sure
 to use 'readelf -d' to check for TEXTREL. If -fPIE is passed to one object in
 a library it will cause a TEXTREL section in that library, and it will not
-work correctly.
+work correctly. Libraries, private or otherwise, need to be compiled with -fPIC.
 
 On x86 systems -fPIC and -fpic are exactly the same. Ditto with -fPIE and -fpie.
  

Modified: trunk/text/chapter06/14-coreutils.txt
===================================================================
--- trunk/text/chapter06/14-coreutils.txt	2005-02-03 10:54:16 UTC (rev 141)
+++ trunk/text/chapter06/14-coreutils.txt	2005-02-03 18:17:57 UTC (rev 142)
@@ -7,7 +7,7 @@
 
 # Add -fpie to the programs.
 
-sed -e 's/^CFLAGS.*$/& -pie -fpie/' -i src/Makefile.in
+sed -e 's/^CFLAGS .*$/& -pie -fpie/' -i src/Makefile.in
 
 # Configure and make Coreutils.
 

Modified: trunk/text/chapter06/16-mktemp.txt
===================================================================
--- trunk/text/chapter06/16-mktemp.txt	2005-02-03 10:54:16 UTC (rev 141)
+++ trunk/text/chapter06/16-mktemp.txt	2005-02-03 18:17:57 UTC (rev 142)
@@ -2,7 +2,7 @@
 
 # Use /dev/erandom as for the random device.
 
-sed -e 's/^CFLAGS.*$/& -pie -fpie/' -i Makefile.in &&
+sed -e 's/^CFLAGS .*$/& -pie -fpie/' -i Makefile.in &&
 patch -Np1 -i ../mktemp-1.5-add_tempfile-1.patch &&
 ./configure --prefix=/usr --with-libc \
 	--with-random=/dev/erandom ${disable_nls} &&

Modified: trunk/text/chapter06/18-findutils.txt
===================================================================
--- trunk/text/chapter06/18-findutils.txt	2005-02-03 10:54:16 UTC (rev 141)
+++ trunk/text/chapter06/18-findutils.txt	2005-02-03 18:17:57 UTC (rev 142)
@@ -1,6 +1,6 @@
 - Chapter 6 - Installing Findutils 4.2.11
 
-sed -e 's/^CFLAGS.*$/& -pie -fpie/' -i {find,locate,xargs}/Makefile.in &&
+sed -e 's/^CFLAGS .*$/& -pie -fpie/' -i {find,locate,xargs}/Makefile.in &&
 ./configure --prefix=/usr --libexecdir=/usr/lib/locate \
 	--localstatedir=/var/lib/locate ${disable_nls} &&
 make

Modified: trunk/text/chapter06/19-gawk.txt
===================================================================
--- trunk/text/chapter06/19-gawk.txt	2005-02-03 10:54:16 UTC (rev 141)
+++ trunk/text/chapter06/19-gawk.txt	2005-02-03 18:17:57 UTC (rev 142)
@@ -1,6 +1,6 @@
 - Chapter 6 - Installing Gawk 3.1.4
 
-sed -e 's/^CFLAGS.*$/& -pie -fpie/' -i Makefile.in &&
+sed -e 's/^CFLAGS .*$/& -pie -fpie/' -i Makefile.in &&
 ./configure --prefix=/usr --libexecdir=/usr/lib \
 	${disable_nls} &&
 make

Modified: trunk/text/chapter06/20-ncurses.txt
===================================================================
--- trunk/text/chapter06/20-ncurses.txt	2005-02-03 10:54:16 UTC (rev 141)
+++ trunk/text/chapter06/20-ncurses.txt	2005-02-03 18:17:57 UTC (rev 142)
@@ -1,6 +1,6 @@
 - Chapter 6 - Installing Ncurses 5.4
 
-sed -e 's/^CFLAGS.*$/& -pie -fpie/' -i {progs,tack}/Makefile.in &&
+sed -e 's/^CFLAGS .*$/& -pie -fpie/' -i {progs,tack}/Makefile.in &&
 ./configure --prefix=/usr --with-shared --without-debug \
 	--without-normal ${disable_nls} &&
 make &&

Modified: trunk/text/chapter06/22-vim.txt
===================================================================
--- trunk/text/chapter06/22-vim.txt	2005-02-03 10:54:16 UTC (rev 141)
+++ trunk/text/chapter06/22-vim.txt	2005-02-03 18:17:57 UTC (rev 142)
@@ -13,7 +13,7 @@
 
 # Configure and make Vim.
 
-sed -e 's/^CFLAGS.*$/& -pie -fpie/' -i src/config.mk.in &&
+sed -e 's/^CFLAGS .*$/& -pie -fpie/' -i src/config.mk.in &&
 ./configure --prefix=/usr --enable-multibyte \
 	${disable_nls} &&
 make

Modified: trunk/text/chapter06/23-m4.txt
===================================================================
--- trunk/text/chapter06/23-m4.txt	2005-02-03 10:54:16 UTC (rev 141)
+++ trunk/text/chapter06/23-m4.txt	2005-02-03 18:17:57 UTC (rev 142)
@@ -1,6 +1,12 @@
 - Chapter 6 - Installing m4 1.4.2
 
-env CC="gcc -pie -fPIE" \
+# M4 wants to pass CFLAGS down from the top makefile with the MDEFINES
+# variable. This first sed command will prevent that, so sub-directory
+# makefile's can use their own cflags. The second sed command adds -fpie to
+# the cflags in the src/ directory.
+
+sed -e "s/^\(MDEFINES.*\)CFLAGS='\$(CFLAGS)' /\1/" -i Makefile.in &&
+sed -e 's/^CFLAGS .*$/& -pie -fpie/' -i src/Makefile.in &&
 ./configure --prefix=/usr ${disable_nls} &&
 make
 

Modified: trunk/text/chapter06/24-bison.txt
===================================================================
--- trunk/text/chapter06/24-bison.txt	2005-02-03 10:54:16 UTC (rev 141)
+++ trunk/text/chapter06/24-bison.txt	2005-02-03 18:17:57 UTC (rev 142)
@@ -1,5 +1,6 @@
 - Chapter 6 - Installing Bison 2.0
 
+sed -e 's/^CFLAGS .*$/& -pie -fpie/' -i src/Makefile.in &&
 ./configure --prefix=/usr ${disable_nls} &&
 make
 

Modified: trunk/text/chapter06/25-less.txt
===================================================================
--- trunk/text/chapter06/25-less.txt	2005-02-03 10:54:16 UTC (rev 141)
+++ trunk/text/chapter06/25-less.txt	2005-02-03 18:17:57 UTC (rev 142)
@@ -1,6 +1,6 @@
 - Chapter 6 - Installing Less 382
 
-env CC="gcc -pie -fPIE" \
+sed -e 's/^CFLAGS .*$/& -pie -fpie/' -i Makefile.in &&
 ./configure --prefix=/usr --bindir=/bin \
 	--sysconfdir=/etc ${disable_nls} &&
 make &&

Modified: trunk/text/chapter06/26-groff.txt
===================================================================
--- trunk/text/chapter06/26-groff.txt	2005-02-03 10:54:16 UTC (rev 141)
+++ trunk/text/chapter06/26-groff.txt	2005-02-03 18:17:57 UTC (rev 142)
@@ -1,5 +1,8 @@
 - Chapter 6 - Installing Groff 1.19.1
 
+# Groff has a very bizzare Makefile structure. Don't use -fpie here for now;
+# this will need a patch to use it.
+
 env PAGE=letter \
 ./configure --prefix=/usr ${disable_nls} &&
 make &&

Modified: trunk/text/chapter06/27-sed.txt
===================================================================
--- trunk/text/chapter06/27-sed.txt	2005-02-03 10:54:16 UTC (rev 141)
+++ trunk/text/chapter06/27-sed.txt	2005-02-03 18:17:57 UTC (rev 142)
@@ -1,6 +1,6 @@
 - Chapter 6 - Installing Sed 4.1.2
 
-env CC="gcc -pie -fPIE" \
+sed -e 's/^CFLAGS .*$/& -pie -fpie/' -i sed/Makefile.in &&
 ./configure --prefix=/usr --bindir=/bin \
 	${disable_nls} &&
 make

Modified: trunk/text/chapter06/28-flex.txt
===================================================================
--- trunk/text/chapter06/28-flex.txt	2005-02-03 10:54:16 UTC (rev 141)
+++ trunk/text/chapter06/28-flex.txt	2005-02-03 18:17:57 UTC (rev 142)
@@ -1,5 +1,6 @@
 - Chapter 6 - Installing Flex 2.5.31
 
+patch -Np1 -i ../flex-2.5.31-hardened_cflags-1.patch &&
 patch -Np1 -i ../flex-2.5.31-debian_fixes-2.patch &&
 touch doc/flex.1 &&
 ./configure --prefix=/usr ${disable_nls} &&
@@ -9,7 +10,7 @@
 
 make check
 
-# Then install Flex. Some programs, like Syslog-ng, need the static versions
+# Then install Flex. Some programs, like Syslog-ng, need the static version
 # of libflex.
 
 make install &&

Modified: trunk/text/chapter06/30-inetutils.txt
===================================================================
--- trunk/text/chapter06/30-inetutils.txt	2005-02-03 10:54:16 UTC (rev 141)
+++ trunk/text/chapter06/30-inetutils.txt	2005-02-03 18:17:57 UTC (rev 142)
@@ -1,5 +1,7 @@
 - Chapter 6 - Inetutils 1.4.2
 
+sed -e 's/^CFLAGS .*$/& -pie -fpie/' -i \
+	{ftp,ping,rcp,rlogin,rsh,talk,telnet,tftp}/Makefile.in &&
 patch -Np1 -i ../inetutils-1.4.2-kernel_headers-1.patch &&
 patch -Np1 -i ../inetutils-1.4.2-no_server_man_pages-1.patch &&
 ./configure --prefix=/usr --libexecdir=/usr/sbin \

Modified: trunk/text/chapter06/31-iproute2.txt
===================================================================
--- trunk/text/chapter06/31-iproute2.txt	2005-02-03 10:54:16 UTC (rev 141)
+++ trunk/text/chapter06/31-iproute2.txt	2005-02-03 18:17:57 UTC (rev 142)
@@ -1,8 +1,15 @@
 - Chapter 6 - Iproute2 2.6.9_ss040831
 
-# The sed command stops countless warnings from using the wrong header.
+# This sed command stops countless warnings caused by using the wrong header.
 
-sed -e 's at linux/socket.h at sys/socket.h@' -i include/linux/netlink.h &&
+sed -e 's at linux/socket.h at sys/socket.h@' -i include/linux/netlink.h
+
+# This sed adds a CFLAGS variable, and -fpie, to first line of two Makefiles.
+
+sed -e '1,0s/^/CFLAGS+=-pie -fpie\n&/' -i {ip,misc}/Makefile
+
+# Then patch, configure, and make.
+
 patch -Np1 -i ../iproute2-2.6.9_ss040831-find_update-1.patch &&
 patch -Np1 -i ../iproute2-2.6.9_ss040831-remove_db-1.patch &&
 ./configure &&




More information about the hlfs-dev mailing list