r174 - in trunk/text: . chapter05 chapter06

robert at linuxfromscratch.org robert at linuxfromscratch.org
Sat Feb 12 13:37:54 PST 2005


Author: robert
Date: 2005-02-12 14:37:53 -0700 (Sat, 12 Feb 2005)
New Revision: 174

Modified:
   trunk/text/README.txt
   trunk/text/TODO
   trunk/text/chapter05/13-gawk.txt
   trunk/text/chapter05/14-coreutils.txt
   trunk/text/chapter05/15-diffutils.txt
   trunk/text/chapter05/16-findutils.txt
   trunk/text/chapter05/17-make.txt
   trunk/text/chapter05/18-grep.txt
   trunk/text/chapter05/19-sed.txt
   trunk/text/chapter05/20-gettext.txt
   trunk/text/chapter05/21-ncurses.txt
   trunk/text/chapter05/22-patch.txt
   trunk/text/chapter05/23-tar.txt
   trunk/text/chapter05/24-bzip2.txt
   trunk/text/chapter05/25-gzip.txt
   trunk/text/chapter05/26-texinfo.txt
   trunk/text/chapter05/27-bash.txt
   trunk/text/chapter05/28-m4.txt
   trunk/text/chapter05/29-bison.txt
   trunk/text/chapter05/30-flex.txt
   trunk/text/chapter05/31-util-linux.txt
   trunk/text/chapter06/23-m4.txt
   trunk/text/chapter06/29-gettext.txt
Log:
Added fpie cflags to chapter 5 packages

Modified: trunk/text/README.txt
===================================================================
--- trunk/text/README.txt	2005-02-12 20:42:34 UTC (rev 173)
+++ trunk/text/README.txt	2005-02-12 21:37:53 UTC (rev 174)
@@ -44,7 +44,7 @@
 
 See chapter02/pie.txt for info about 'ld -pie' and 'gcc -fpie'. -fpie is
 added to most (or all) programs in the book; this is not a replacement to
-the hardened-specs for gcc, it is in addition.
+the hardened-specs for gcc, it is in addition. Lots of neat regex examples too.
 
 If you plan to use Iptables with Grsecurity go to:
 http://www.grsecurity.net/download.php

Modified: trunk/text/TODO
===================================================================
--- trunk/text/TODO	2005-02-12 20:42:34 UTC (rev 173)
+++ trunk/text/TODO	2005-02-12 21:37:53 UTC (rev 174)
@@ -1,15 +1,18 @@
-- Most of this should be done before release 0.3.
 This may be added to, or taken away from. This is just a draft, brainstorming,
 list. Send requests to the mailing list.
 
-Add -fpie to Perl, Groff, and Udev. Those should be the only ones left in the
-base system.
+- For 0.3.
+
+Add -fpie to TCL, Perl, Groff, and Udev. Those should be the only ones left
+in the base system.
+
 Add -fpie to the packages in chapter 8 and 9.
 
-Add gradm for access controls.
-	- Default policy.
+Add gradm for access controls in chapter 7.
+Each package in chapter's 8 and 9 will need their own mini-policies.
 
 Make chaper 8 something like 'Development' stuff. Tendra, OpenSSL, etc.
+Strace will need a patch for sysctl erandom and urandom.
 Add uClibc to chapter 8.
 
 Make chapter 9 system and network services, but try not to make it too broad.

Modified: trunk/text/chapter05/13-gawk.txt
===================================================================
--- trunk/text/chapter05/13-gawk.txt	2005-02-12 20:42:34 UTC (rev 173)
+++ trunk/text/chapter05/13-gawk.txt	2005-02-12 21:37:53 UTC (rev 174)
@@ -1,6 +1,6 @@
 - Chapter 5 - Installing Gawk 3.1.4
 
-env CC="gcc -pie -fPIE" \
+sed -e 's/^CFLAGS .*$/& -pie -fpie/' -i Makefile.in &&
 ./configure --prefix=/tools ${disable_nls} &&
 make &&
 make install

Modified: trunk/text/chapter05/14-coreutils.txt
===================================================================
--- trunk/text/chapter05/14-coreutils.txt	2005-02-12 20:42:34 UTC (rev 173)
+++ trunk/text/chapter05/14-coreutils.txt	2005-02-12 21:37:53 UTC (rev 174)
@@ -1,5 +1,6 @@
 - Chapter 5 - Installing Coreutils 5.2.1
 
+sed -e 's/^CFLAGS .*$/& -pie -fpie/' -i src/Makefile.in &&
 env DEFAULT_POSIX2_VERSION=199209 \
 ./configure --prefix=/tools ${disable_nls} &&
 make &&

Modified: trunk/text/chapter05/15-diffutils.txt
===================================================================
--- trunk/text/chapter05/15-diffutils.txt	2005-02-12 20:42:34 UTC (rev 173)
+++ trunk/text/chapter05/15-diffutils.txt	2005-02-12 21:37:53 UTC (rev 174)
@@ -1,5 +1,6 @@
 - Chapter 5 - Installing Diffutils 2.8.1
 
+sed -e 's/^CFLAGS .*$/& -pie -fpie/' -i src/Makefile.in &&
 ./configure --prefix=/tools ${disable_nls} &&
 make &&
 make install

Modified: trunk/text/chapter05/16-findutils.txt
===================================================================
--- trunk/text/chapter05/16-findutils.txt	2005-02-12 20:42:34 UTC (rev 173)
+++ trunk/text/chapter05/16-findutils.txt	2005-02-12 21:37:53 UTC (rev 174)
@@ -1,5 +1,6 @@
 - Chapter 5 - Installing Findutils 4.2.11
 
+sed -e 's/^CFLAGS .*$/& -pie -fpie/' -i {find,locate,xargs}/Makefile.in &&
 ./configure --prefix=/tools ${disable_nls} &&
 make &&
 make install

Modified: trunk/text/chapter05/17-make.txt
===================================================================
--- trunk/text/chapter05/17-make.txt	2005-02-12 20:42:34 UTC (rev 173)
+++ trunk/text/chapter05/17-make.txt	2005-02-12 21:37:53 UTC (rev 174)
@@ -1,6 +1,6 @@
 - Chapter 5 - Installing Make 3.80
 
-env CC="gcc -pie -fPIE" \
+sed -e 's/^CFLAGS .*$/& -pie -fpie/' -i Makefile.in &&
 ./configure --prefix=/tools ${disable_nls} &&
 make &&
 make install

Modified: trunk/text/chapter05/18-grep.txt
===================================================================
--- trunk/text/chapter05/18-grep.txt	2005-02-12 20:42:34 UTC (rev 173)
+++ trunk/text/chapter05/18-grep.txt	2005-02-12 21:37:53 UTC (rev 174)
@@ -1,5 +1,6 @@
 - Chapter 5 - Installing Grep 2.5.1a
 
+sed -e 's/^CFLAGS .*$/& -pie -fpie/' -i src/Makefile.in &&
 ./configure --prefix=/tools ${disable_nls} \
 	--disable-perl-regexp --with-included-regex &&
 make &&

Modified: trunk/text/chapter05/19-sed.txt
===================================================================
--- trunk/text/chapter05/19-sed.txt	2005-02-12 20:42:34 UTC (rev 173)
+++ trunk/text/chapter05/19-sed.txt	2005-02-12 21:37:53 UTC (rev 174)
@@ -1,6 +1,6 @@
 - Chapter 5 - Installing Sed 4.1.2
 
-env CC="gcc -pie -fPIE" \
+sed -e 's/^CFLAGS .*$/& -pie -fpie/' -i sed/Makefile.in &&
 ./configure --prefix=/tools ${disable_nls} &&
 make &&
 make install

Modified: trunk/text/chapter05/20-gettext.txt
===================================================================
--- trunk/text/chapter05/20-gettext.txt	2005-02-12 20:42:34 UTC (rev 173)
+++ trunk/text/chapter05/20-gettext.txt	2005-02-12 21:37:53 UTC (rev 174)
@@ -3,7 +3,15 @@
 # If you are using 'disable_nls=--disable-nls' and/or uClibc then the Gettext
 # package can be skipped.
 
-./configure --prefix=/tools ${disable_nls} \
+# We're lucky Gettext already has specific CFLAGS for the programs in
+# gettext-tools/. This saves us a patch because there are also libraries in
+# that directory, but the sed might not work forever.
+
+sed -e 's/^C\(XX\)\?FLAGS .*$/& -pie -fpie/' -i \
+	gettext-runtime/src/Makefile.in &&
+sed -e 's/.*_CFLAGS = .*$/& -pie -fpie/' -i \
+	gettext-tools/src/Makefile.in &&
+./configure --prefix=/tools ${disable_nls} --disable-static \
 	--disable-libasprintf --disable-csharp &&
 make &&
 make install

Modified: trunk/text/chapter05/21-ncurses.txt
===================================================================
--- trunk/text/chapter05/21-ncurses.txt	2005-02-12 20:42:34 UTC (rev 173)
+++ trunk/text/chapter05/21-ncurses.txt	2005-02-12 21:37:53 UTC (rev 174)
@@ -1,5 +1,6 @@
 - Chapter 5 - Installing Ncurses 5.4
 
+sed -e 's/^CFLAGS .*$/& -pie -fpie/' -i {progs,tack}/Makefile.in &&
 ./configure --prefix=/tools ${disable_nls} --with-shared \
 	--without-debug --without-ada --enable-overwrite &&
 make &&

Modified: trunk/text/chapter05/22-patch.txt
===================================================================
--- trunk/text/chapter05/22-patch.txt	2005-02-12 20:42:34 UTC (rev 173)
+++ trunk/text/chapter05/22-patch.txt	2005-02-12 21:37:53 UTC (rev 174)
@@ -1,6 +1,6 @@
 - Chapter 5 - Installing Patch 2.5.9
 
-env CC="gcc -pie -fPIE" \
+sed -e 's/^CFLAGS .*$/& -pie -fpie/' -i Makefile.in &&
 ./configure --prefix=/tools ${disable_nls} &&
 make &&
 make install

Modified: trunk/text/chapter05/23-tar.txt
===================================================================
--- trunk/text/chapter05/23-tar.txt	2005-02-12 20:42:34 UTC (rev 173)
+++ trunk/text/chapter05/23-tar.txt	2005-02-12 21:37:53 UTC (rev 174)
@@ -1,6 +1,6 @@
 - Chapter 5 - Installing Tar 1.15.1
 
-env CC="gcc -pie -fPIE" \
+sed -e 's/^CFLAGS .*$/& -pie -fpie/' -i {rmt,src}/Makefile.in &&
 ./configure --prefix=/tools ${disable_nls} &&
 make &&
 make install

Modified: trunk/text/chapter05/24-bzip2.txt
===================================================================
--- trunk/text/chapter05/24-bzip2.txt	2005-02-12 20:42:34 UTC (rev 173)
+++ trunk/text/chapter05/24-bzip2.txt	2005-02-12 21:37:53 UTC (rev 174)
@@ -3,6 +3,7 @@
 # This is installed late to work around the uClibc bug in Tar-1.14* which may
 # exist on the host system.
 
-make CC="gcc -pie -fPIE" &&
+patch -Np1 -i ../bzip2-1.0.2-hardened_cflags-1.patch &&
+make &&
 make PREFIX=/tools install
 

Modified: trunk/text/chapter05/25-gzip.txt
===================================================================
--- trunk/text/chapter05/25-gzip.txt	2005-02-12 20:42:34 UTC (rev 173)
+++ trunk/text/chapter05/25-gzip.txt	2005-02-12 21:37:53 UTC (rev 174)
@@ -5,7 +5,8 @@
 # is disallowed by options in PaX/Grsec kernels. To use only C code instead we
 # set the DEFS environment variable.
 
-env DEFS=NO_ASM CC="gcc -pie -fPIE" \
+sed -e 's/^CFLAGS .*$/& -pie -fpie/' -i Makefile.in &&
+env DEFS=NO_ASM \
 ./configure --prefix=/tools ${disable_nls} &&
 make &&
 make install

Modified: trunk/text/chapter05/26-texinfo.txt
===================================================================
--- trunk/text/chapter05/26-texinfo.txt	2005-02-12 20:42:34 UTC (rev 173)
+++ trunk/text/chapter05/26-texinfo.txt	2005-02-12 21:37:53 UTC (rev 174)
@@ -1,6 +1,7 @@
 - Chapter 5 - Installing Texinfo 4.8
 
-env CC="gcc -pie -fPIE" \
+sed -e 's/^CFLAGS .*$/& -pie -fpie/' \
+	-i {info,makeinfo,util}/Makefile.in &&
 ./configure --prefix=/tools ${disable_nls} &&
 make &&
 make install

Modified: trunk/text/chapter05/27-bash.txt
===================================================================
--- trunk/text/chapter05/27-bash.txt	2005-02-12 20:42:34 UTC (rev 173)
+++ trunk/text/chapter05/27-bash.txt	2005-02-12 21:37:53 UTC (rev 174)
@@ -6,6 +6,7 @@
 
 # Then build and install Bash.
 
+sed -e 's/^CFLAGS.*$/& -pie -fpie/' -i {.,builtins}/Makefile.in &&
 ./configure --prefix=/tools ${disable_nls} \
 	--without-bash-malloc &&
 make &&

Modified: trunk/text/chapter05/28-m4.txt
===================================================================
--- trunk/text/chapter05/28-m4.txt	2005-02-12 20:42:34 UTC (rev 173)
+++ trunk/text/chapter05/28-m4.txt	2005-02-12 21:37:53 UTC (rev 174)
@@ -1,6 +1,12 @@
 - Chapter 5 - Installing M4 1.4.2
 
-env CC="gcc -pie -fPIE" \
+# M4 wants to pass CFLAGS down from the top makefile with the MDEFINES
+# variable. This first sed command will prevent that, so sub-directory
+# makefile's can use their own cflags. The second sed command adds -fpie to
+# the cflags in the src/ directory.
+
+sed -e "s/^\(MDEFINES.*\)CFLAGS='\$(CFLAGS)' /\1/" -i Makefile.in &&
+sed -e 's/^CFLAGS .*$/& -pie -fpie/' -i src/Makefile.in &&
 ./configure --prefix=/tools ${disable_nls} &&
 make &&
 make install

Modified: trunk/text/chapter05/29-bison.txt
===================================================================
--- trunk/text/chapter05/29-bison.txt	2005-02-12 20:42:34 UTC (rev 173)
+++ trunk/text/chapter05/29-bison.txt	2005-02-12 21:37:53 UTC (rev 174)
@@ -1,5 +1,6 @@
 - Chapter 5 - Installing Bison 2.0
 
+sed -e 's/^CFLAGS .*$/& -pie -fpie/' -i src/Makefile.in &&
 ./configure --prefix=/tools ${disable_nls} &&
 make &&
 make install

Modified: trunk/text/chapter05/30-flex.txt
===================================================================
--- trunk/text/chapter05/30-flex.txt	2005-02-12 20:42:34 UTC (rev 173)
+++ trunk/text/chapter05/30-flex.txt	2005-02-12 21:37:53 UTC (rev 174)
@@ -1,5 +1,6 @@
 - Chapter 5 - Installing Flex 2.5.31
 
+patch -Np1 -i ../flex-2.5.31-hardened_cflags-1.patch &&
 patch -Np1 -i ../flex-2.5.31-debian_fixes-2.patch &&
 touch doc/flex.1 &&
 ./configure --prefix=/tools ${disable_nls} &&

Modified: trunk/text/chapter05/31-util-linux.txt
===================================================================
--- trunk/text/chapter05/31-util-linux.txt	2005-02-12 20:42:34 UTC (rev 173)
+++ trunk/text/chapter05/31-util-linux.txt	2005-02-12 21:37:53 UTC (rev 174)
@@ -3,6 +3,7 @@
 # Util-linux needs a patch to compile with -fpic/fpie.
 
 patch -Np1 -i ../util-linux-2.12q-fPIC-1.patch &&
+patch -Np1 -i ../util-linux-2.12q-hardened_cflags-1.patch &&
 sed -i 's@/usr/include@/tools/include at g' configure &&
 ./configure &&
 make -C lib &&

Modified: trunk/text/chapter06/23-m4.txt
===================================================================
--- trunk/text/chapter06/23-m4.txt	2005-02-12 20:42:34 UTC (rev 173)
+++ trunk/text/chapter06/23-m4.txt	2005-02-12 21:37:53 UTC (rev 174)
@@ -1,10 +1,5 @@
 - Chapter 6 - Installing m4 1.4.2
 
-# M4 wants to pass CFLAGS down from the top makefile with the MDEFINES
-# variable. This first sed command will prevent that, so sub-directory
-# makefile's can use their own cflags. The second sed command adds -fpie to
-# the cflags in the src/ directory.
-
 sed -e "s/^\(MDEFINES.*\)CFLAGS='\$(CFLAGS)' /\1/" -i Makefile.in &&
 sed -e 's/^CFLAGS .*$/& -pie -fpie/' -i src/Makefile.in &&
 ./configure --prefix=/usr ${disable_nls} &&

Modified: trunk/text/chapter06/29-gettext.txt
===================================================================
--- trunk/text/chapter06/29-gettext.txt	2005-02-12 20:42:34 UTC (rev 173)
+++ trunk/text/chapter06/29-gettext.txt	2005-02-12 21:37:53 UTC (rev 174)
@@ -2,6 +2,10 @@
 
 # Remember for uClibc or disable-nls this package can be skipped.
 
+sed -e 's/^C\(XX\)\?FLAGS .*$/& -pie -fpie/' -i \
+        gettext-runtime/src/Makefile.in &&
+sed -e 's/.*_CFLAGS = .*$/& -pie -fpie/' -i \
+        gettext-tools/src/Makefile.in &&
 ./configure --prefix=/usr ${disable_nls} \
 	--disable-static &&
 make




More information about the hlfs-dev mailing list