r53 - in trunk/text: . chapter01 chapter05 chapter06 chapter06/10-libc

robert at linuxfromscratch.org robert at linuxfromscratch.org
Wed Jan 5 13:26:07 PST 2005


Author: robert
Date: 2005-01-05 14:26:06 -0700 (Wed, 05 Jan 2005)
New Revision: 53

Modified:
   trunk/text/README.txt
   trunk/text/chapter01/changelog.txt
   trunk/text/chapter05/01-set-env.txt
   trunk/text/chapter05/12-gcc-native.txt
   trunk/text/chapter05/14-coreutils.txt
   trunk/text/chapter05/16-findutils.txt
   trunk/text/chapter05/20-gettext.txt
   trunk/text/chapter06/05-createfiles.txt
   trunk/text/chapter06/10-libc/10-glibc.txt
   trunk/text/chapter06/11-adjusting.txt
   trunk/text/chapter06/12-binutils.txt
   trunk/text/chapter06/13-gcc.txt
   trunk/text/chapter06/14-coreutils.txt
   trunk/text/chapter06/16-mktemp.txt
   trunk/text/chapter06/18-findutils.txt
   trunk/text/chapter06/19-gawk.txt
   trunk/text/chapter06/20-ncurses.txt
   trunk/text/chapter06/22-vim.txt
   trunk/text/chapter06/23-m4.txt
   trunk/text/chapter06/24-bison.txt
   trunk/text/chapter06/25-less.txt
   trunk/text/chapter06/26-groff.txt
   trunk/text/chapter06/27-sed.txt
   trunk/text/chapter06/28-flex.txt
   trunk/text/chapter06/29-inetutils.txt
   trunk/text/chapter06/30-iproute2.txt
   trunk/text/chapter06/31-perl.txt
   trunk/text/chapter06/32-texinfo.txt
Log:
more fpie and nls fixups

Modified: trunk/text/README.txt
===================================================================
--- trunk/text/README.txt	2005-01-05 11:10:40 UTC (rev 52)
+++ trunk/text/README.txt	2005-01-05 21:26:06 UTC (rev 53)
@@ -1,6 +1,10 @@
 Hardened Linux From Scratch - SVN-20050105
 January 5th, 2005
 
+- Who willed you? or whose will stands but mine?
+  There's none protector of the realm but I.
+	(Gloucester - 1593)
+
 This is the snapshot release of HLFS featuring uClibc, Glibc, ProPolice Stack
 Protector, PaX, Grsecurity, Position Independent Executable (PIE) toolchain,
 and Frandom Random Number Suite.
@@ -21,10 +25,22 @@
 list of features. There are plans to add uClibc to a beyond-hlfs book so both
 libraries can be used on the same system.
 
+99.8% of libraries and 100% of executables build with -fstack-protector-all.
+The only exception is for libc.so, ld.so, and libraries that do not preload
+libc.so (like libbsd-compat). Even libgcc.so is guarded now. gcc -fPIE is
+manually added to packages which have no libraries, and to GCC because it
+supports seperate LIBCFLAGS. 99% of executables are linked with -pie, -z now,
+and -z relro. The exceptions are for Glibc's utilities because the have
+non-pic assembly code, aswell Glibc supports these features and uses them were
+they are suitable. Coreutils' uname(1), because of non-pic assembly code, and
+Grub are also exceptions.
+
 The instructions in this book only work for i386 so far.
 The instructions in this book we tested on an LFS-unstable host system.
 
 See chapter03/ for package and patch versions, and URL's.
+If you have trouble finding patches try looking in here:
+http://www.linuxfromscratch.org/~robert/hlfs/current/
 
 This book is based on Linux From Scratch Unstable. This book assumes you
 already have experience with Linux From Scratch and are comfortable using it.

Modified: trunk/text/chapter01/changelog.txt
===================================================================
--- trunk/text/chapter01/changelog.txt	2005-01-05 11:10:40 UTC (rev 52)
+++ trunk/text/chapter01/changelog.txt	2005-01-05 21:26:06 UTC (rev 53)
@@ -78,3 +78,6 @@
 patches, replaced with perl and echo commands. Up to automake-1.9.4. Up to
 udev-050.
 
+January 5th, 2005 [robert]
+libgcc.so in chapter 6 builds with -fstack-protector-all!!!
+

Modified: trunk/text/chapter05/01-set-env.txt
===================================================================
--- trunk/text/chapter05/01-set-env.txt	2005-01-05 11:10:40 UTC (rev 52)
+++ trunk/text/chapter05/01-set-env.txt	2005-01-05 21:26:06 UTC (rev 53)
@@ -15,7 +15,7 @@
 
 export target=$(uname -m)-tools-linux-uclibc &&
 export ldso=/tools/lib/ld-uClibc.so.0 &&
-export clocale=--disable-clocale &&
+export clocale="--disable-clocale --enable-sjlj-exceptions" &&
 export disable_nls=--disable-nls
 
 # The "-tools-" is used in the vendor field instead of the traditional "-pc-"
@@ -25,6 +25,8 @@
 # libc is being used.
 
 # The ${clocale} variable is used when building the native GCC.
+# The --enable-sjlj-exceptions is needed with uClibc for C++ exception
+# handling to work.
 
 # The ${disable_nls} variable is used for uClibc because native language
 # support is not complete and buggy. It will be used in configure arguments

Modified: trunk/text/chapter05/12-gcc-native.txt
===================================================================
--- trunk/text/chapter05/12-gcc-native.txt	2005-01-05 11:10:40 UTC (rev 52)
+++ trunk/text/chapter05/12-gcc-native.txt	2005-01-05 21:26:06 UTC (rev 53)
@@ -44,13 +44,19 @@
 ln -s gcc /tools/bin/cc
 
 # Adding hardened specs:
-# These commands depend on Perl. If you do not have Perl installed on your
-# host system then you can skip this, and testing, and return here after
-# Perl is installed later in this chapter.
+# This depend on Perl. If you do not have Perl installed on your host system
+# then you can skip this, and testing, and return here after Perl is installed
+# later in this chapter.
 #
-# These commands will add -fstack-protector-all to the default for gcc and
-# g++. The only filter is for -fno-stack-protector*.
+# We are going to need to repeat these commands later for Binutils tests in
+# chapter 6, and when gcc is reinstalled. Since these commands are ugly to
+# repeat it's best to dump them into a script, as it is done below.
+#
+# This will add -fstack-protector-all to the default for gcc and g++. The only
+# filter is for -fno-stack-protector*.
 
+cat > hardened-specs.sh << "EOF"
+#!/bin/sh
 perl -pi -e 's@\*cc1:\n@$_%(cc1_ssp) @;' \
 	$(gcc --print-file specs) &&
 perl -pi -e 's@\*cc1plus:\n@$_%(cc1_ssp) @;' \
@@ -58,6 +64,7 @@
 echo '*cc1_ssp:
 %{!fno-stack-protector*: -fstack-protector-all}
 ' >> $(gcc --print-file specs)
+EOF
 
 # These commands will make 'gcc -fPIC', 'ld -pie', and 'cpp -D__PIC__ -DPIC'
 # the default. The exact default behaviour for 'gcc -pie' will be preserved.
@@ -67,8 +74,10 @@
 # Read ../chapter02/06-pie.txt for more information on this.
 
 # The last echo command in this group must have its line pasted as a single
-# line, sorry. Make sure of this or else gcc will not work.
+# line, sorry. Make sure of this or else gcc will not work. We will append
+# to the file created above:
 
+cat >> hardened-specs.sh << "EOF"
 perl -pi -e 's@\*cc1:\n@$_%(cc1_pie) @;' \
         $(gcc --print-file specs) &&
 perl -pi -e 's@\*cc1plus:\n@$_%(cc1_pie) @;' \
@@ -84,9 +93,15 @@
 %{!static:%{!no-pie:%{!pie: -fPIC}}}
 ' >> $(gcc --print-file specs) &&
 echo '*link_pie:
-%{pie:-pie} %{!pie:%{!static:%{!Bstatic:%{!shared:%{!Bshareable:%{!i:%{!r:%{!no-pie: -pie -z now -z relro}}}}}}}}
+%{pie:-pie}%{!pie:%{!static:%{!Bstatic:%{!shared:%{!Bshareable:%{!i:%{!r:%{!no-pie: -pie -z now -z relro}}}}}}}}
 ' >> $(gcc --print-file specs)
+EOF
 
+# Now install and run this script.
+
+install hardened-specs.sh /tools/bin &&
+/tools/bin/hardened-specs.sh
+
 # You can restore the vanilla gcc specs at any time with
 # 'gcc -dumpspecs > $(gcc --print-file specs)'.
 
@@ -102,14 +117,14 @@
 #include <unistd.h>
 extern long __guard[];
 int overflow(char *test) {
-        char buffer[7];
-        sprintf(buffer, "12345678901234567890123456789012345678901234567890");
-        return(1234);
+	char buffer[7];
+	sprintf(buffer, "12345678901234567890123456789012345678901234567890");
+	return(1234);
 }
 int main(int argc, char **argv) {
-        printf("__guard\t=\t0x%08x;\n", __guard[0]);
-        overflow("test");
-        printf("This line should never get printed.\n");
+	printf("__guard\t=\t0x%08x;\n", __guard[0]);
+	overflow("test");
+	printf("This line should never get printed.\n");
 }
 EOF
 

Modified: trunk/text/chapter05/14-coreutils.txt
===================================================================
--- trunk/text/chapter05/14-coreutils.txt	2005-01-05 11:10:40 UTC (rev 52)
+++ trunk/text/chapter05/14-coreutils.txt	2005-01-05 21:26:06 UTC (rev 53)
@@ -1,6 +1,6 @@
 - Chapter 5 - Installing Coreutils 5.2.1
 
-env DEFAULT_POSIX2_VERSION=199209 CC="gcc -pie -fPIE" \
+env DEFAULT_POSIX2_VERSION=199209 \
 ./configure --prefix=/tools ${disable_nls} &&
 make &&
 make install

Modified: trunk/text/chapter05/16-findutils.txt
===================================================================
--- trunk/text/chapter05/16-findutils.txt	2005-01-05 11:10:40 UTC (rev 52)
+++ trunk/text/chapter05/16-findutils.txt	2005-01-05 21:26:06 UTC (rev 53)
@@ -1,6 +1,5 @@
 - Chapter 5 - Installing Findutils 4.2.10
 
-env CC="gcc -pie -fPIE" \
 ./configure --prefix=/tools ${disable_nls} &&
 make &&
 make install

Modified: trunk/text/chapter05/20-gettext.txt
===================================================================
--- trunk/text/chapter05/20-gettext.txt	2005-01-05 11:10:40 UTC (rev 52)
+++ trunk/text/chapter05/20-gettext.txt	2005-01-05 21:26:06 UTC (rev 53)
@@ -1,8 +1,7 @@
 - Chapter 5 - Gettext 0.14.1
 
 # If you are using 'disable_nls=--disable-nls' and/or uClibc then the Gettext
-# package can be skipped. Gettext includes several libraries, so -fPIE will
-# not be used.
+# package can be skipped.
 
 ./configure --prefix=/tools ${disable_nls} \
 	--disable-libasprintf --disable-csharp &&

Modified: trunk/text/chapter06/05-createfiles.txt
===================================================================
--- trunk/text/chapter06/05-createfiles.txt	2005-01-05 11:10:40 UTC (rev 52)
+++ trunk/text/chapter06/05-createfiles.txt	2005-01-05 21:26:06 UTC (rev 53)
@@ -5,3 +5,23 @@
 ln -s /tools/lib/libgcc_s.so{,.1} /usr/lib &&
 ln -s bash /bin/sh
 
+# Create an /etc/profile for setting a few variables. Using /etc/profile
+# ensures it will be re-sourced when Bash is reinstalled later. This file
+# will be overwritten in chapter 7, and/or you can remove it when chapter 6
+# is complete. If you are using Glibc use these commands:
+
+export target=$(uname -m)-pc-linux-gnu &&
+export ldso=/lib/ld-linux.so.2 &&
+export clocale=--enable-clocale=gnu
+
+# If you are using uClibc use these commands:
+
+export target=$(uname -m)-pc-linux-uclibc &&
+export ldso=/lib/ld-uClibc.so.0 &&
+export clocale="--disable-clocale --enable-sjlj-exceptions" &&
+export disable_nls=--disable-nls
+
+# Then source it.
+
+source /etc/profile
+

Modified: trunk/text/chapter06/10-libc/10-glibc.txt
===================================================================
--- trunk/text/chapter06/10-libc/10-glibc.txt	2005-01-05 11:10:40 UTC (rev 52)
+++ trunk/text/chapter06/10-libc/10-glibc.txt	2005-01-05 21:26:06 UTC (rev 53)
@@ -45,7 +45,7 @@
 # To install all the locales use "make localedata/install-locales". To install
 # just what the GCC tests need use the following commands.
 
-install -d /tools/lib/locale &&
+install -d /usr/lib/locale &&
 localedef -i de_DE -f ISO-8859-1 de_DE &&
 localedef -i de_DE at euro -f ISO-8859-15 de_DE at euro &&
 localedef -i en_HK -f ISO-8859-1 en_HK &&
@@ -87,7 +87,7 @@
 
 tzselect
 
-# Create /etc/localtime.
+# Create /etc/localtime. Substitute the zoneinfo path for your location.
 
 cp --remove-destination /usr/share/zoneinfo/Canada/Eastern \
     /etc/localtime

Modified: trunk/text/chapter06/11-adjusting.txt
===================================================================
--- trunk/text/chapter06/11-adjusting.txt	2005-01-05 11:10:40 UTC (rev 52)
+++ trunk/text/chapter06/11-adjusting.txt	2005-01-05 21:26:06 UTC (rev 53)
@@ -6,14 +6,13 @@
 
 # Adjust GCC's linking spec.
 
-perl -pi -e 's@ /tools/lib/ld-uClibc.so.0@ /lib/ld-uClibc.so.0 at g;' \
-    -e 's@\*startfile_prefix_spec:\n@$_/usr/lib/@g;' \
-    `gcc --print-file specs`
+perl -pi -e 's: /tools${ldso}: ${ldso}:g;' \
+	-e 's@\*startfile_prefix_spec:\n@$_/usr/lib/@g;' \
+	$(gcc --print-file specs)
 
 # And test it.
 
-echo 'main(){}' > dummy.c &&
-cc dummy.c &&
+echo 'main(){}' | cc -x c - &&
 readelf -l a.out | grep ': /lib'
 
 # You should see "[Requesting program interpreter: /lib/ld-uClibc.so.0]"

Modified: trunk/text/chapter06/12-binutils.txt
===================================================================
--- trunk/text/chapter06/12-binutils.txt	2005-01-05 11:10:40 UTC (rev 52)
+++ trunk/text/chapter06/12-binutils.txt	2005-01-05 21:26:06 UTC (rev 53)
@@ -1,27 +1,39 @@
-- Chapter 6 - Installing Binutils 2.15.94.0.1
+- Chapter 6 - Installing Binutils 2.15.94.0.2
 
-patch -Np1 -i ../binutils-2.15.94.0.1-fix_strip-1.patch &&
-patch -Np1 -i ../binutils-2.15.94.0.1-uclibc_conf-1.patch &&
-patch -Np1 -i ../binutils-2.15.94.0.1-pt_pax-1.patch &&
-install -d ../binutils-build &&
+# This patch is for uClibc.
+
+patch -Np1 -i ../binutils-2.15.94.0.2-uclibc_conf-1.patch
+
+#
+
+patch -Np1 -i ../binutils-2.15.94.0.2-pt_pax-1.patch &&
+mkdir ../binutils-build &&
 cd ../binutils-build &&
-../binutils-2.15.94.0.1/configure --target=$(uname -m)-pc-linux-uclibc \
-    --host=$(uname -m)-pc-linux-uclibc --build=$(uname -m)-pc-linux-uclibc \
-    --prefix=/usr --enable-shared --disable-nls &&
+../binutils-2.15.94.0.2/configure --prefix=/usr \
+	--host=${target} --build=${target} --target=${target} \
+	--enable-shared ${disable_nls} &&
 make tooldir=/usr
 
-# Run the testsuite if you like. A few issues include:
-# ERROR: unresolved setup, status = fail
-# FAIL: vers4
-# FAIL: visibility ***
-# FAIL: ELF weak *
-# FAIL: shared *
-# unexpected failures        41
+# Run the testsuite if you like.
+#
+# The following is a bug in objcopy's test. It is not respecting a modified
+# CC, CXX, CFLAGS, or CXXFLAGS enviroment, and so 3 tests fail due to -fpic
+# and -fstack-protector. The tests can pass if we clear the specs file.
 
-make -k CFLAGS="-fno-stack-protector -no-pie" check
+gcc -dumpspecs > $(gcc --print-file specs) &&
+perl -pi -e 's: /tools${ldso}: ${ldso}:g;' \
+	-e 's@\*startfile_prefix_spec:\n@$_/usr/lib/@g;' \
+	$(gcc --print-file specs) &&
+make check
 
+# Then restore the hardened specs with the script we made in chapter 5.
+
+/tools/bin/hardened-specs.sh
+
 # Then install Binutils.
 
 make tooldir=/usr install &&
-install -m644 ../binutils-2.15.94.0.1/include/libiberty.h /usr/include
+install -m644 ../binutils-2.15.94.0.2/include/libiberty.h /usr/include
 
+# This is the final install of Binutils, this source can be removed.
+

Modified: trunk/text/chapter06/13-gcc.txt
===================================================================
--- trunk/text/chapter06/13-gcc.txt	2005-01-05 11:10:40 UTC (rev 52)
+++ trunk/text/chapter06/13-gcc.txt	2005-01-05 21:26:06 UTC (rev 53)
@@ -1,37 +1,46 @@
 - Chapter 6 - Installing GCC 3.4.3
 
-# We need to use the specs patch because GCC uses Glibc's ld.so by default.
-# We need to tell GCC the name of the new uClibc ld.so, but we do not
-# define NOSTDINC.
+# Apply these patches if you are using uClibc.
 
-patch -Np1 -i ../gcc-3.4.3-specs_x86-1.patch &&
 patch -Np1 -i ../gcc-3.4.3-uclibc_conf-1.patch &&
 patch -Np1 -i ../gcc-3.4.3-uclibc_libstdc++-1.patch &&
-patch -Np1 -i ../gcc-3.4.3-uclibc_locale-1.patch &&
+patch -Np1 -i ../gcc-3.4.3-uclibc_locale-1.patch
+
+#
+
+patch -Np1 -i ../gcc-3.4.3-specs_x86-1.patch &&
 patch -Np1 -i ../gcc-3.4.3-no_fixincludes-1.patch &&
 patch -Np1 -i ../gcc-3.4.3-ssp-3.patch &&
-patch -Np1 -i ../gcc-3.4.3-sspspecs-3.patch &&
-patch -Np1 -i ../gcc-3.4.3-piespecs_x86-2.patch &&
 patch -Np1 -i ../gcc-3.4.3-linkonce-1.patch &&
-sed -i 's/install_to_$(INSTALL_DEST) //' libiberty/Makefile.in &&
+sed -e 's/install_to_$(INSTALL_DEST) //' -i libiberty/Makefile.in &&
 sed -e 's at gcc.gnu.org/bugs.html at bugs.linuxfromscratch.org/@' \
-	-e 's/3.4.3/3.4.3 ssp - pie/' -i gcc/version.c &&
+	-e 's/3.4.3/3.4.3 (ssp)/' -i gcc/version.c &&
 install -d ../gcc-build &&
 cd ../gcc-build &&
-../gcc-3.4.3/configure --target=$(uname -m)-pc-linux-uclibc \
-    --host=$(uname -m)-pc-linux-uclibc --build=$(uname -m)-pc-linux-uclibc \
-    --disable-nls --prefix=/usr --libexecdir=/usr/lib \
-    --enable-shared --enable-threads=posix --disable-__cxa_atexit \
-    --with-dynamic-linker=/lib/ld-uClibc.so.0 \
-    --with-gnu-ld --enable-languages=c,c++ &&
-make
+../gcc-3.4.3/configure --prefix=/usr \
+	--host=${target} --build=${target} --target=${target} \
+	--libexecdir=/usr/lib --enable-threads=posix \
+	--enable-shared --enable-__cxa_atexit \
+	--with-dynamic-linker=${ldso} ${disable_nls} ${clocale} \
+	--enable-languages=c,c++
 
-# Run the testsuite if you like. There may be many failures.
-# GCC's 'make check' often returns 1, so using '&&' doesn't always work.
+# The -fstack-protector in CFLAGS isn't actually needed since it is the
+# default on the host's gcc. The -fstack-protector in CXXFLAGS is needed
+# because the new g++ is built with the new gcc. Fortunetly GCC allows us
+# to specify seperate CFLAGS for libgcc, so we take advantage of that to
+# use -fPIE on the executables.
 
+make CFLAGS="-pie -fPIE -fstack-protector-all -O2" \
+	CXXFLAGS="-pie -fPIE -fstack-protector-all -O2" \
+	LIBCFLAGS="-fstack-protector-all -O2"
+
+# Run the testsuite if you like. The results should be identical to results
+# you would typically get from an LFS build. There is an SSP tests in
+# gcc.misc-tests/ which should pass.
+
 make -k check
 
-# Then review the test results.
+# Review the test results if you like.
 
 ../gcc-3.4.3/contrib/test_summary
 
@@ -41,3 +50,7 @@
 ln -s ../usr/bin/cpp /lib &&
 ln -s gcc /usr/bin/cc
 
+# And restore the hardened specs.
+
+/tools/bin/hardened-specs.sh
+

Modified: trunk/text/chapter06/14-coreutils.txt
===================================================================
--- trunk/text/chapter06/14-coreutils.txt	2005-01-05 11:10:40 UTC (rev 52)
+++ trunk/text/chapter06/14-coreutils.txt	2005-01-05 21:26:06 UTC (rev 53)
@@ -7,8 +7,8 @@
 # mind that uname is static incase you upgrade libc in the future.
 
 patch -Np1 -i ../coreutils-5.2.1-uname-2.patch &&
-patch -Np1 -i ../coreutils-5.2.1-suppress_uptime_kill_su-1.patch &&
-patch -Np1 -i ../coreutils-5.2.1-static_uname-1.patch
+patch -Np1 -i ../coreutils-5.2.1-static_uname-1.patch &&
+patch -Np1 -i ../coreutils-5.2.1-suppress_uptime_kill_su-1.patch
 
 # We have two options here. Install Coreutils statically linked or
 # dynamically linked. See chapter02/07-static-vs-shared.txt for more
@@ -18,18 +18,37 @@
 # To build Coreutils with static linking use this command.
 
 env LDFLAGS=-static DEFAULT_POSIX2_VERSION=199209 \
-./configure --prefix=/usr --disable-nls
+./configure --prefix=/usr ${disable_nls}
 
-# To build Coreutils with dynamic linking use this command.
+# To build Coreutils with shared linking use this command.
 
 env DEFAULT_POSIX2_VERSION=199209 \
-./configure --prefix=/usr --disable-nls
+./configure --prefix=/usr ${disable_nls}
 
-# Then build and install Coreutils. Developers might want to run
-# the testsuite. There are a lot of failures so I don't see the point
-# of adding the commands here yet.
+# Then build Coreutils.
 
-make &&
+make
+
+# To run the tests we need to add a dummy user and two groups.
+
+echo "dummy1:x:1000:" >> /etc/group &&
+echo "dummy2:x:1001:dummy" >> /etc/group &&
+echo "dummy:x:1000:1000:::/bin/bash" >> /etc/passwd
+
+# Run the root tests after adding the dummy user and groups.
+
+make NON_ROOT_USERNAME=dummy check-root
+
+# Then the user tests.
+
+src/su dummy -c "make RUN_EXPENSIVE_TESTS=yes check"
+
+# Remove the dummy user and groups.
+
+sed -i '/dummy/d' /etc/passwd /etc/group
+
+# Then install Coreutils.
+
 make install &&
 mv /usr/bin/{[,basename,cat,chgrp,chmod,chown,cp,dd,df} /bin &&
 mv /usr/bin/{date,echo,false,head,install,ln,ls} /bin &&

Modified: trunk/text/chapter06/16-mktemp.txt
===================================================================
--- trunk/text/chapter06/16-mktemp.txt	2005-01-05 11:10:40 UTC (rev 52)
+++ trunk/text/chapter06/16-mktemp.txt	2005-01-05 21:26:06 UTC (rev 53)
@@ -1,7 +1,8 @@
 - Chapter 6 - Installing Mktemp 1.5
 
 patch -Np1 -i ../mktemp-1.5-add_tempfile-1.patch &&
-./configure --prefix=/usr --with-libc --disable-nls &&
+./configure --prefix=/usr --with-libc \
+	${disable_nls} &&
 make &&
 make install &&
 make install-tempfile

Modified: trunk/text/chapter06/18-findutils.txt
===================================================================
--- trunk/text/chapter06/18-findutils.txt	2005-01-05 11:10:40 UTC (rev 52)
+++ trunk/text/chapter06/18-findutils.txt	2005-01-05 21:26:06 UTC (rev 53)
@@ -1,7 +1,7 @@
 - Chapter 6 - Installing Findutils 4.2.10
 
 ./configure --prefix=/usr --libexecdir=/usr/lib/locate \
-    --localstatedir=/var/lib/locate --disable-nls &&
+	--localstatedir=/var/lib/locate ${disable_nls} &&
 make
 
 # Run the testsuite if you want. It should all pass.

Modified: trunk/text/chapter06/19-gawk.txt
===================================================================
--- trunk/text/chapter06/19-gawk.txt	2005-01-05 11:10:40 UTC (rev 52)
+++ trunk/text/chapter06/19-gawk.txt	2005-01-05 21:26:06 UTC (rev 53)
@@ -1,10 +1,11 @@
 - Chapter 6 - Installing Gawk 3.1.4
 
-./configure --prefix=/usr --libexecdir=/usr/lib --disable-nls &&
+env CC="gcc -pie -fPIE" \
+./configure --prefix=/usr --libexecdir=/usr/lib \
+	${disable_nls} &&
 make
 
-# Run the testsuite if you like. The "rstest5" test may fail, the
-# rest should all pass.
+# Run the testsuite if you like.
 
 make check
 

Modified: trunk/text/chapter06/20-ncurses.txt
===================================================================
--- trunk/text/chapter06/20-ncurses.txt	2005-01-05 11:10:40 UTC (rev 52)
+++ trunk/text/chapter06/20-ncurses.txt	2005-01-05 21:26:06 UTC (rev 53)
@@ -1,7 +1,7 @@
 - Chapter 6 - Installing Ncurses 5.4
 
 ./configure --prefix=/usr --with-shared --without-debug \
-    --disable-nls &&
+	${disable_nls} &&
 make &&
 make install
 

Modified: trunk/text/chapter06/22-vim.txt
===================================================================
--- trunk/text/chapter06/22-vim.txt	2005-01-05 11:10:40 UTC (rev 52)
+++ trunk/text/chapter06/22-vim.txt	2005-01-05 21:26:06 UTC (rev 53)
@@ -7,6 +7,10 @@
 echo '#define SYS_VIMRC_FILE "/etc/vimrc"' >> src/feature.h &&
 echo '#define SYS_GVIMRC_FILE "/etc/gvimrc"' >> src/feature.h
 
+# This is a security fix from upstream.
+
+patch -Np1 -i ../vim-6.3-security_fix-1.patch
+
 # You may wish to install Vim statically linked. Though Vim is not
 # critical in recovering a system it can be very usefull in some
 # emergancy situations.
@@ -14,11 +18,12 @@
 # If you would like to compile Vim statically linked use this command.
 
 env LDFLAGS=-static \
-./configure --prefix=/usr --enable-multibyte --disable-nls
+./configure --prefix=/usr --enable-multibyte ${disable_nls}
 
-# If you would like to compile Vim with dynamic linking use this command.
+# If you would like to compile Vim with shared linking use this command.
 
-./configure --prefix=/usr --enable-multibyte --disable-nls
+env CC="gcc -pie -fPIE" \
+./configure --prefix=/usr --enable-multibyte ${disable_nls}
 
 # Then compile and install Vim.
 

Modified: trunk/text/chapter06/23-m4.txt
===================================================================
--- trunk/text/chapter06/23-m4.txt	2005-01-05 11:10:40 UTC (rev 52)
+++ trunk/text/chapter06/23-m4.txt	2005-01-05 21:26:06 UTC (rev 53)
@@ -1,6 +1,7 @@
 - Chapter 6 - Installing m4 1.4.2
 
-./configure --prefix=/usr --disable-nls &&
+env CC="gcc -pie -fPIE" \
+./configure --prefix=/usr ${disable_nls} &&
 make
 
 # Run the testsuite if you like. All tests should pass.

Modified: trunk/text/chapter06/24-bison.txt
===================================================================
--- trunk/text/chapter06/24-bison.txt	2005-01-05 11:10:40 UTC (rev 52)
+++ trunk/text/chapter06/24-bison.txt	2005-01-05 21:26:06 UTC (rev 53)
@@ -1,6 +1,6 @@
 - Chapter 6 - Installing Bison 2.0
 
-./configure --prefix=/usr --disable-nls &&
+./configure --prefix=/usr ${disable_nls} &&
 make
 
 # Run the testsuite if you like. All the tests should pass.

Modified: trunk/text/chapter06/25-less.txt
===================================================================
--- trunk/text/chapter06/25-less.txt	2005-01-05 11:10:40 UTC (rev 52)
+++ trunk/text/chapter06/25-less.txt	2005-01-05 21:26:06 UTC (rev 53)
@@ -1,7 +1,8 @@
 - Chapter 6 - Installing Less 382
 
-./configure --prefix=/usr --bindir=/bin --disable-nls \
-    --sysconfdir=/etc &&
+env CC="gcc -pie -fPIE" \
+./configure --prefix=/usr --bindir=/bin \
+	--sysconfdir=/etc ${disable_nls} &&
 make &&
 make install
 

Modified: trunk/text/chapter06/26-groff.txt
===================================================================
--- trunk/text/chapter06/26-groff.txt	2005-01-05 11:10:40 UTC (rev 52)
+++ trunk/text/chapter06/26-groff.txt	2005-01-05 21:26:06 UTC (rev 53)
@@ -1,7 +1,7 @@
 - Chapter 6 - Installing Groff 1.19.1
 
 env PAGE=letter \
-./configure --prefix=/usr --disable-nls &&
+./configure --prefix=/usr ${disable_nls} &&
 make &&
 make install &&
 ln -s soelim /usr/bin/zsoelim &&

Modified: trunk/text/chapter06/27-sed.txt
===================================================================
--- trunk/text/chapter06/27-sed.txt	2005-01-05 11:10:40 UTC (rev 52)
+++ trunk/text/chapter06/27-sed.txt	2005-01-05 21:26:06 UTC (rev 53)
@@ -1,6 +1,8 @@
 - Chapter 6 - Installing Sed 4.1.2
 
-./configure --prefix=/usr --bindir=/bin --disable-nls &&
+env CC="gcc -pie -fPIE" \
+./configure --prefix=/usr --bindir=/bin \
+	${disable_nls} &&
 make
 
 # Run the testsuite if you like. All the tests should pass.

Modified: trunk/text/chapter06/28-flex.txt
===================================================================
--- trunk/text/chapter06/28-flex.txt	2005-01-05 11:10:40 UTC (rev 52)
+++ trunk/text/chapter06/28-flex.txt	2005-01-05 21:26:06 UTC (rev 53)
@@ -2,7 +2,7 @@
 
 patch -Np1 -i ../flex-2.5.31-debian_fixes-2.patch &&
 touch doc/flex.1 &&
-./configure --prefix=/usr --disable-nls &&
+./configure --prefix=/usr ${disable_nls} &&
 make
 
 # Run the testsuite if you like. All the tests should pass.

Modified: trunk/text/chapter06/29-inetutils.txt
===================================================================
--- trunk/text/chapter06/29-inetutils.txt	2005-01-05 11:10:40 UTC (rev 52)
+++ trunk/text/chapter06/29-inetutils.txt	2005-01-05 21:26:06 UTC (rev 53)
@@ -3,9 +3,9 @@
 patch -Np1 -i ../inetutils-1.4.2-kernel_headers-1.patch &&
 patch -Np1 -i ../inetutils-1.4.2-no_server_man_pages-1.patch &&
 ./configure --prefix=/usr --libexecdir=/usr/sbin \
-    --sysconfdir=/etc --localstatedir=/var \
-    --disable-logger --disable-syslogd \
-    --disable-whois --disable-servers --disable-nls &&
+	--sysconfdir=/etc --localstatedir=/var \
+	--disable-logger --disable-syslogd \
+	--disable-whois --disable-servers ${disable_nls} &&
 make &&
 make install &&
 mv /usr/bin/ping /bin

Modified: trunk/text/chapter06/30-iproute2.txt
===================================================================
--- trunk/text/chapter06/30-iproute2.txt	2005-01-05 11:10:40 UTC (rev 52)
+++ trunk/text/chapter06/30-iproute2.txt	2005-01-05 21:26:06 UTC (rev 53)
@@ -1,8 +1,8 @@
 - Chapter 6 - Iproute2 2.6.9-ss040831
 
-# Not all versions of Iproute compile on uClibc well. We are using this
+# Not all versions of Iproute compile with uClibc well. We are using this
 # version because it works. The remove_db patch removes a dependency to
-# Berkley DB. The find_update patch resorts some make install commands
+# Berkley DB. The find_update patch re-sorts some make install commands
 # so the new version of Find doesn't complain.
 
 patch -Np1 -i ../iproute2-2.6.9_ss040831-remove_db-1.patch &&

Modified: trunk/text/chapter06/31-perl.txt
===================================================================
--- trunk/text/chapter06/31-perl.txt	2005-01-05 11:10:40 UTC (rev 52)
+++ trunk/text/chapter06/31-perl.txt	2005-01-05 21:26:06 UTC (rev 53)
@@ -1,11 +1,16 @@
 - Chapter 6 - Perl 5.8.6
 
-patch -Np1 -i ../perl-5.8.6-uclibc-1.patch &&
+# If you are using uClibc then you will need to apply this patch.
+
+patch -Np1 -i ../perl-5.8.6-uclibc-1.patch
+
+# Configure and make Perl with these commands.
+
 ./configure.gnu --prefix=/usr -Dpager="/bin/less -isR" &&
 make
 
 # /etc/hosts is needed for the testsuite. Run this even if you do
-# not run the tests, upcomming instructions may depend on it.
+# not run the tests, upcomming packages may depend on it.
 
 echo "127.0.0.1 localhost $(hostname)" > /etc/hosts
 

Modified: trunk/text/chapter06/32-texinfo.txt
===================================================================
--- trunk/text/chapter06/32-texinfo.txt	2005-01-05 11:10:40 UTC (rev 52)
+++ trunk/text/chapter06/32-texinfo.txt	2005-01-05 21:26:06 UTC (rev 53)
@@ -1,7 +1,8 @@
 - Chapter 6 - Texinfo 4.7
 
 patch -Np1 -i ../texinfo-4.7-segfault-1.patch &&
-./configure --prefix=/usr --disable-nls &&
+env CC="gcc -pie -fPIE" \
+./configure --prefix=/usr ${disable_nls} &&
 make
 
 # Run the testsuite if you like. All the tests should pass.




More information about the hlfs-dev mailing list