r55 - trunk/text/chapter07

robert at linuxfromscratch.org robert at linuxfromscratch.org
Fri Jan 7 01:47:23 PST 2005


Author: robert
Date: 2005-01-07 02:47:22 -0700 (Fri, 07 Jan 2005)
New Revision: 55

Modified:
   trunk/text/chapter07/01-suid.txt
   trunk/text/chapter07/02-bootscripts.txt
   trunk/text/chapter07/05-profile.txt
   trunk/text/chapter07/09-fstab.txt
   trunk/text/chapter07/10-kernel.txt
Log:
finished the glibc side of updates

Modified: trunk/text/chapter07/01-suid.txt
===================================================================
--- trunk/text/chapter07/01-suid.txt	2005-01-06 07:34:29 UTC (rev 54)
+++ trunk/text/chapter07/01-suid.txt	2005-01-07 09:47:22 UTC (rev 55)
@@ -19,10 +19,7 @@
 # only a suggestion. These programs can have the suid bit removed and most
 # people won't miss it.
 
-chmod -s /bin/{mount,umount}
-
-# These I'm not completely sure about.
-
+chmod -s /bin/{mount,umount} &&
 chmod -s /usr/bin/{rcp,rsh,rlogin}
 
 # Some people use these, some people don't.

Modified: trunk/text/chapter07/02-bootscripts.txt
===================================================================
--- trunk/text/chapter07/02-bootscripts.txt	2005-01-06 07:34:29 UTC (rev 54)
+++ trunk/text/chapter07/02-bootscripts.txt	2005-01-07 09:47:22 UTC (rev 55)
@@ -1,22 +1,26 @@
-- Chapter 7 - Installing Bootscripts
+- Chapter 7 - Installing Bootscripts 3.1.0
 
 # First install lfs-bootscripts. Hotplug and syslog-ng are installed
 # by default with the new version of lfs-bootscripts.
 
 make install
 
-# Then unpack blfs-bootscripts and patch it for frandom. This patch
-# will create the /dev/{frandom,erandom} devices on boot, and seed
-# frandom.
+# The erandom and frandom devices are not found by udev, so we need to
+# create them on boot. The createfiles script will do that for us.
 
-patch -Np1 -i ../blfs-bootscripts-frandom-1.patch &&
-make install-random &&
-make install-frandom
+echo "/dev/frandom dev 0755 root root char 235 11
+/dev/erandom dev 0755 root root char 235 12" >> /etc/sysconfig/createfiles
 
+# Then unpack blfs-bootscripts. The patch adds frandom to random's start
+# command. Then install the random seed script.
+
+patch -Np1 -i ../blfs-bootscripts-frandom-2.patch &&
+make install-random
+
 # This is also a good time to create a random-seed file so it is
 # available the first time you boot. This file should be read only
 # by root.
 
 install -m0600 /dev/null /var/tmp/random-seed &&
-dd if=/dev/urandom of=/var/tmp/random-seed count=1
+/bin/dd if=/dev/urandom of=/var/tmp/random-seed count=1
 

Modified: trunk/text/chapter07/05-profile.txt
===================================================================
--- trunk/text/chapter07/05-profile.txt	2005-01-06 07:34:29 UTC (rev 54)
+++ trunk/text/chapter07/05-profile.txt	2005-01-07 09:47:22 UTC (rev 55)
@@ -3,7 +3,8 @@
 # We have no locale or native language support, so it does not need to be
 # set up.
 
-# Here we create a very basic profile file.
+# Here we create a very basic profile file. This will overwrite the one
+# made at the begining of chapter 6.
 
 cat > /tmp/profile.new << "EOF"
 # Begin /etc/profile

Modified: trunk/text/chapter07/09-fstab.txt
===================================================================
--- trunk/text/chapter07/09-fstab.txt	2005-01-06 07:34:29 UTC (rev 54)
+++ trunk/text/chapter07/09-fstab.txt	2005-01-07 09:47:22 UTC (rev 55)
@@ -13,7 +13,7 @@
 
 # file system  mount-point  fs-type  options         dump  fsck-order
 
-/dev/hdb3      /            reiserfs defaults        1     1
+/dev/hdb3      /            ext3     defaults        1     1
 /dev/hdb2      swap         swap     pri=1           0     0
 /dev/hdb1      /boot        ext2     noauto          1     2
 proc           /proc        proc     rw,noexec,nosuid,nodev 0 0

Modified: trunk/text/chapter07/10-kernel.txt
===================================================================
--- trunk/text/chapter07/10-kernel.txt	2005-01-06 07:34:29 UTC (rev 54)
+++ trunk/text/chapter07/10-kernel.txt	2005-01-07 09:47:22 UTC (rev 55)
@@ -1,55 +1,54 @@
-- Chapter 7 - Installing the Linux kernel 2.6.7
+- Chapter 7 - Installing the Linux kernel 2.6.10
 
 # Most development systems (systems which compile packages) will leave
 # the kernel source installed durring normal operation. The traditional
-# place to have kernel sources installed is /usr/src. We will follow this
-# convention, although you don't nessesarily have to.
+# place to have kernel sources installed is /usr/src/linux. Here we will
+# follow the convention, although you do not nessesarily have to.
 
-# You may have to adjust the path to the Linux source tarball.
+# You may have to adjust the path to the Linux source tarball. The
+# "--no-same-owner --no-same-permissions" options will extract the kernel
+# sources without preserving ownership or permissions. Preserving the
+# id's and group write permission shipped with the kernel is not suggested.
 
 cd /usr/src &&
-tar jxf /sources/hlfs-packages/linux-2.6.7.tar.bz2
+tar --no-same-owner --no-same-permissions -jxf \
+	/sources/hlfs-packages/linux-2.6.10.tar.bz2
 
-# Next regularize the permissions.
-
-chown -R 0:0 /usr/src/linux-2.6.7/ &&
-chmod -R go-w /usr/src/linux-2.6.7/
-
 # And create a symlink to /usr/src/linux.
 
-ln -s linux-2.6.7 /usr/src/linux
+ln -s linux-2.6.10 /usr/src/linux
 
 # Install any patches for the Linux kernel to /usr/src so you can remember
-# which patches and versions are being used.
+# which patches and versions are being used. Remember this Grsecurity patch
+# is a prerelease version.
 
-install -m444 /sources/hlfs-packages/linux-2.6.7-frandom-2.patch /usr/src &&
-install -m444 /sources/hlfs-packages/grsecurity-2.0.1-2.6.7.patch /usr/src
+install -m 444 /sources/hlfs-packages/linux-2.6.10-security_fix-1.patch \
+	/usr/src &&
+install -m444 /sources/hlfs-packages/linux-2.6.10-frandom-1.patch /usr/src &&
+install -m444 \
+	/sources/hlfs-packages/grsecurity-2.1.0-2.6.10-200501051431.patch \
+	/usr/src
 
 # Then change to the Linux source directory and apply the patch.
 
 cd /usr/src/linux &&
-patch -Np1 -i ../linux-2.6.7-frandom-2.patch &&
-patch -Np1 -i ../grsecurity-2.0.1-2.6.7.patch
+patch -Np1 -i ../linux-2.6.10-security_fix-1.patch &&
+patch -Np1 -i ../linux-2.6.10-frandom-1.patch
 
-# The linux-libc-headers-2.6.7.0 package is missing unaligned.h. Future
-# versions of this package have unaligned.h. This header may be needed
-# to compile other packages, such as reiserfsprogs. This command installs
-# unaligned.h from our kernel source, which will work perfectly fine.
-
-install -m644 include/asm-i386/unaligned.h /usr/include/asm/unaligned.h
-
 # And begin building the kernel. Configuring the kernel with menuconfig is
 # another doccument. All the Grsec and PaX options can be enabled.
 # Sysctl is needed to use Frandom properly with SSP.
 
 make mrproper &&
-sed -i 's@/sbin/hotplug@/bin/true@' kernel/kmod.c &&
 make menuconfig
 
-# After you have configured which drivers will be included then build the
-# kernel.
+# After you have configured which drivers will be included, then build the
+# kernel. The kernel is not PIC, so -no-pie must be used. The kernel comes
+# with its own stack overflow detection which supersedes SSP. There is a
+# patch available to build the kernel with fstack-protector-all but it has
+# no effect on overflows which happen in the kernel.
 
-make
+make CC="gcc -no-pie -fno-stack-protector-all"
 
 # Then install any modules you selected.
 




More information about the hlfs-dev mailing list