r60 - in trunk/text: . chapter01 chapter03 chapter05 chapter06 chapter06/10-libc chapter07

robert at linuxfromscratch.org robert at linuxfromscratch.org
Sat Jan 8 07:34:43 PST 2005


Author: robert
Date: 2005-01-08 08:34:41 -0700 (Sat, 08 Jan 2005)
New Revision: 60

Modified:
   trunk/text/README.txt
   trunk/text/chapter01/changelog.txt
   trunk/text/chapter03/patches.txt
   trunk/text/chapter05/12-gcc-native.txt
   trunk/text/chapter05/31-util-linux.txt
   trunk/text/chapter06/02-chroot.txt
   trunk/text/chapter06/04-creatingdirs.txt
   trunk/text/chapter06/05-createfiles.txt
   trunk/text/chapter06/10-libc/10-uclibc.txt
   trunk/text/chapter06/13-gcc.txt
   trunk/text/chapter06/14-coreutils.txt
   trunk/text/chapter06/22-vim.txt
   trunk/text/chapter06/33-texinfo.txt
   trunk/text/chapter06/36-bash.txt
   trunk/text/chapter06/43-grep.txt
   trunk/text/chapter06/57-tar.txt
   trunk/text/chapter07/10-kernel.txt
Log:
last updates for uclibc/glibc conversion

Modified: trunk/text/README.txt
===================================================================
--- trunk/text/README.txt	2005-01-07 22:59:30 UTC (rev 59)
+++ trunk/text/README.txt	2005-01-08 15:34:41 UTC (rev 60)
@@ -1,5 +1,5 @@
-Hardened Linux From Scratch - SVN-20050107
-January 7th, 2005
+Hardened Linux From Scratch - SVN-20050108
+January 8th, 2005
 
 - Who willed you? or whose will stands but mine?
   There's none protector of the realm but I.
@@ -35,6 +35,10 @@
 they are suitable. Coreutils' uname(1), because of non-pic assembly code, and
 Grub are also exceptions.
 
+If you plan to use Iptables with Grsecurity then go to:
+http://www.grsecurity.net/download.php
+and use the Iptables patch.
+
 The instructions in this book only work for i386 so far.
 The instructions in this book we tested on an LFS-unstable host system.
 

Modified: trunk/text/chapter01/changelog.txt
===================================================================
--- trunk/text/chapter01/changelog.txt	2005-01-07 22:59:30 UTC (rev 59)
+++ trunk/text/chapter01/changelog.txt	2005-01-08 15:34:41 UTC (rev 60)
@@ -84,4 +84,8 @@
 January 7th, 2005 [robert]
 Bump to Texinfo 4.8, removed segfault patch. Bump to Findutils 4.2.11.
 Put a Gettext page in chapter 6. Added new Grsec patch for kernel 2.6.10.
+Removed /opt from createdirs.txt, nothing uses it, /usr/local does same thing.
+Removed /media from createdirs.txt, nothing uses it, /mnt does same thing.
+Removed /srv from createdirs.txt, nothing uses it, /var does same thing.
+Upgrade to bash-fixes-3.patch.
 

Modified: trunk/text/chapter03/patches.txt
===================================================================
--- trunk/text/chapter03/patches.txt	2005-01-07 22:59:30 UTC (rev 59)
+++ trunk/text/chapter03/patches.txt	2005-01-08 15:34:41 UTC (rev 60)
@@ -1,5 +1,5 @@
 http://www.linuxfromscratch.org/patches/downloads/hlfs/bash-3.0-avoid_WCONTINUED-1.patch
-http://www.linuxfromscratch.org/patches/downloads/hlfs/bash-3.0-fixes-1.patch
+http://www.linuxfromscratch.org/patches/downloads/hlfs/bash-3.0-fixes-3.patch
 http://www.linuxfromscratch.org/patches/downloads/hlfs/binutils-2.15.94.0.2-pt_pax-1.patch
 http://www.linuxfromscratch.org/patches/downloads/hlfs/binutils-2.15.94.0.2-uclibc_conf-1.patch
 http://www.linuxfromscratch.org/patches/downloads/hlfs/coreutils-5.2.1-static_uname-1.patch
@@ -14,13 +14,13 @@
 http://www.linuxfromscratch.org/patches/downloads/hlfs/glibc-2.3.4-fstack_protector-1.patch
 http://www.linuxfromscratch.org/patches/downloads/hlfs/glibc-2.3.4-pt_pax-1.patch
 http://www.linuxfromscratch.org/patches/downloads/hlfs/glibc-2.3.4-ssp_frandom-6.patch
-http://grsecurity.net/grsecurity-2.1.0-2.4.28-200501051112.patch
+http://www.grsecurity.net/grsecurity-2.1.0-2.6.10-200501071049.patch
 http://www.linuxfromscratch.org/patches/downloads/hlfs/inetutils-1.4.2-kernel_headers-1.patch
 http://www.linuxfromscratch.org/patches/downloads/hlfs/inetutils-1.4.2-no_server_man_pages-1.patch
 http://www.linuxfromscratch.org/patches/downloads/hlfs/iproute2-2.6.9_ss040831-find_update-1.patch
 http://www.linuxfromscratch.org/patches/downloads/hlfs/iproute2-2.6.9_ss040831-remove_db-1.patch
 http://www.linuxfromscratch.org/patches/downloads/hlfs/linux-2.6.10-frandom-1.patch
-http://www.linuxfromscratch.org/patches/downloads/hlfs/linux-2.6.10-security_fix-1.patch
+http://www.grsecurity.net/linux-2.6.10-secfix-200501071130.patch
 http://www.linuxfromscratch.org/patches/downloads/hlfs/linux-libc-headers-2.6-frandom-2.patch
 http://www.linuxfromscratch.org/patches/downloads/hlfs/man-1.5o1-80cols-1.patch
 http://www.linuxfromscratch.org/patches/downloads/hlfs/mktemp-1.5-add_tempfile-1.patch

Modified: trunk/text/chapter05/12-gcc-native.txt
===================================================================
--- trunk/text/chapter05/12-gcc-native.txt	2005-01-07 22:59:30 UTC (rev 59)
+++ trunk/text/chapter05/12-gcc-native.txt	2005-01-08 15:34:41 UTC (rev 60)
@@ -29,7 +29,8 @@
 	--enable-shared --enable-threads=posix \
 	--enable-__cxa_atexit --enable-languages=c,c++ \
 	--disable-libstdcxx-pch ${disable_nls} ${clocale} \
-	--with-dynamic-linker=${ldso} --with-nostdinc &&
+	--with-dynamic-linker=${ldso} --with-nostdinc \
+	--enable-multilib=no &&
 make
 
 # Run the tests if you like. Using Glibc there should only be a few failures.

Modified: trunk/text/chapter05/31-util-linux.txt
===================================================================
--- trunk/text/chapter05/31-util-linux.txt	2005-01-07 22:59:30 UTC (rev 59)
+++ trunk/text/chapter05/31-util-linux.txt	2005-01-08 15:34:41 UTC (rev 60)
@@ -1,6 +1,6 @@
 - Chapter 5 - Installing Util-linux 2.12p
 
-# Util-linux needs a patch to compile with -fpic.
+# Util-linux needs a patch to compile with -fpic/fpie.
 
 patch -Np1 -i ../util-linux-2.12p-fPIC-1.patch &&
 sed -i 's@/usr/include@/tools/include at g' configure &&

Modified: trunk/text/chapter06/02-chroot.txt
===================================================================
--- trunk/text/chapter06/02-chroot.txt	2005-01-07 22:59:30 UTC (rev 59)
+++ trunk/text/chapter06/02-chroot.txt	2005-01-08 15:34:41 UTC (rev 60)
@@ -5,3 +5,16 @@
 	PATH=/bin:/usr/bin:/sbin:/usr/sbin:/tools/bin \
 	/tools/bin/bash --login +h
 
+# If you are using Glibc use these commands:
+
+export target=$(uname -m)-pc-linux-gnu &&
+export ldso=/lib/ld-linux.so.2 &&
+export clocale=--enable-clocale=gnu
+
+# If you are using uClibc use these commands:
+
+export target=$(uname -m)-pc-linux-uclibc &&
+export ldso=/lib/ld-uClibc.so.0 &&
+export clocale="--disable-clocale --enable-sjlj-exceptions" &&
+export disable_nls=--disable-nls
+

Modified: trunk/text/chapter06/04-creatingdirs.txt
===================================================================
--- trunk/text/chapter06/04-creatingdirs.txt	2005-01-07 22:59:30 UTC (rev 59)
+++ trunk/text/chapter06/04-creatingdirs.txt	2005-01-08 15:34:41 UTC (rev 60)
@@ -1,10 +1,9 @@
 - Chapter 6 - Creating directories
 
-install -d /{bin,boot,dev,etc/opt,home,lib,mnt} &&
-install -d /{sbin,srv,usr/local,var,opt} &&
+install -d /{bin,boot,dev,etc,home,lib,mnt} &&
+install -d /{sbin,usr/local,var} &&
 install -d /root -m 0750 &&
 install -d /tmp /var/tmp -m 1777 &&
-install -d /media/{floppy,cdrom} &&
 install -d /usr/{bin,include,lib,sbin,share,src} &&
 ln -s share/{man,doc,info} /usr &&
 install -d /usr/share/{doc,info,locale,man} &&
@@ -16,7 +15,5 @@
 install -d /usr/local/share/{misc,terminfo,zoneinfo} &&
 install -d /usr/local/share/man/man{1,2,3,4,5,6,7,8} &&
 install -d /var/{lock,log,mail,run,spool} &&
-install -d /var/{opt,cache,lib/{misc,locate},local} &&
-install -d /opt/{bin,doc,include,info} &&
-install -d /opt/{lib,man/man{1,2,3,4,5,6,7,8}}
+install -d /var/{cache,lib/{misc,locate},local}
 

Modified: trunk/text/chapter06/05-createfiles.txt
===================================================================
--- trunk/text/chapter06/05-createfiles.txt	2005-01-07 22:59:30 UTC (rev 59)
+++ trunk/text/chapter06/05-createfiles.txt	2005-01-08 15:34:41 UTC (rev 60)
@@ -5,27 +5,3 @@
 ln -s /tools/lib/libgcc_s.so{,.1} /usr/lib &&
 ln -s bash /bin/sh
 
-# Create an /etc/profile for setting a few variables. Using /etc/profile
-# ensures it will be re-sourced when Bash is reinstalled later. This file
-# will be overwritten in chapter 7, and/or you can remove it when chapter 6
-# is complete. If you are using Glibc use these commands:
-
-cat > /etc/profile << "EOF"
-export target=$(uname -m)-pc-linux-gnu &&
-export ldso=/lib/ld-linux.so.2 &&
-export clocale=--enable-clocale=gnu
-EOF
-
-# If you are using uClibc use these commands:
-
-cat > /etc/profile << "EOF"
-export target=$(uname -m)-pc-linux-uclibc &&
-export ldso=/lib/ld-uClibc.so.0 &&
-export clocale="--disable-clocale --enable-sjlj-exceptions" &&
-export disable_nls=--disable-nls
-EOF
-
-# Then source it.
-
-source /etc/profile
-

Modified: trunk/text/chapter06/10-libc/10-uclibc.txt
===================================================================
--- trunk/text/chapter06/10-libc/10-uclibc.txt	2005-01-07 22:59:30 UTC (rev 59)
+++ trunk/text/chapter06/10-libc/10-uclibc.txt	2005-01-08 15:34:41 UTC (rev 60)
@@ -41,18 +41,13 @@
 
 make -k -C test | tee make-test.log
 
-# Then install uClibc libraries, and headers (but not the kernel headers).
+# Then install uClibc libraries, headers, and utilities (but not the kernel
+# headers). The readelf(1) supplied with uClibc gets built but not installed.
 
 rm include/{asm,asm-generic,linux} &&
-make install
+make install &&
+make -C utils install
 
-# Then install the utilities by hand. There is a readelf(1) program too,
-# but that is already provided by the Binutils package. If you built compiled
-# uClibc with locales you should also install the iconv(3) program.
-
-install utils/ldd /usr/bin/ldd &&
-install utils/ldconfig /sbin/ldconfig
-
 # Then install /etc/ld.so.conf.
 
 cat > ld.so.conf.new << "EOF"

Modified: trunk/text/chapter06/13-gcc.txt
===================================================================
--- trunk/text/chapter06/13-gcc.txt	2005-01-07 22:59:30 UTC (rev 59)
+++ trunk/text/chapter06/13-gcc.txt	2005-01-08 15:34:41 UTC (rev 60)
@@ -24,17 +24,14 @@
 	--libexecdir=/usr/lib --enable-threads=posix \
 	--enable-shared --enable-__cxa_atexit \
 	--with-dynamic-linker=${ldso} ${disable_nls} ${clocale} \
-	--enable-languages=c,c++
+	--enable-languages=c,c++ --enable-multilib=no
 
 # The -fstack-protector in CFLAGS isn't actually needed since it is the
 # default on the host's gcc. The -fstack-protector in CXXFLAGS is needed
-# because the new g++ is built with the new gcc. Fortunetly GCC allows us
-# to specify seperate CFLAGS for libgcc, so we take advantage of that to
-# use -fPIE on the executables.
+# because the new g++ is built with the new gcc.
 
-make CFLAGS="-pie -fPIE -fstack-protector-all -O2" \
-	CXXFLAGS="-pie -fPIE -fstack-protector-all -O2" \
-	LIBCFLAGS="-fstack-protector-all -O2"
+make CFLAGS="-pie -fPIC -fstack-protector-all -O2" \
+	CXXFLAGS="-pie -fPIC -fstack-protector-all -O2"
 
 # Run the testsuite if you like. The results should be identical to results
 # you would typically get from an LFS build. There is an SSP test in

Modified: trunk/text/chapter06/14-coreutils.txt
===================================================================
--- trunk/text/chapter06/14-coreutils.txt	2005-01-07 22:59:30 UTC (rev 59)
+++ trunk/text/chapter06/14-coreutils.txt	2005-01-08 15:34:41 UTC (rev 60)
@@ -18,12 +18,12 @@
 # To build Coreutils with static linking use this command.
 
 env LDFLAGS=-static DEFAULT_POSIX2_VERSION=199209 \
-./configure --prefix=/usr ${disable_nls}
+	./configure --prefix=/usr ${disable_nls}
 
 # To build Coreutils with shared linking use this command.
 
 env DEFAULT_POSIX2_VERSION=199209 \
-./configure --prefix=/usr ${disable_nls}
+	./configure --prefix=/usr ${disable_nls}
 
 # Then build Coreutils.
 

Modified: trunk/text/chapter06/22-vim.txt
===================================================================
--- trunk/text/chapter06/22-vim.txt	2005-01-07 22:59:30 UTC (rev 59)
+++ trunk/text/chapter06/22-vim.txt	2005-01-08 15:34:41 UTC (rev 60)
@@ -18,12 +18,12 @@
 # If you would like to compile Vim statically linked use this command.
 
 env LDFLAGS=-static \
-./configure --prefix=/usr --enable-multibyte ${disable_nls}
+	./configure --prefix=/usr --enable-multibyte ${disable_nls}
 
 # If you would like to compile Vim with shared linking use this command.
 
 env CC="gcc -pie -fPIE" \
-./configure --prefix=/usr --enable-multibyte ${disable_nls}
+	./configure --prefix=/usr --enable-multibyte ${disable_nls}
 
 # Then compile and install Vim.
 

Modified: trunk/text/chapter06/33-texinfo.txt
===================================================================
--- trunk/text/chapter06/33-texinfo.txt	2005-01-07 22:59:30 UTC (rev 59)
+++ trunk/text/chapter06/33-texinfo.txt	2005-01-08 15:34:41 UTC (rev 60)
@@ -1,6 +1,5 @@
 - Chapter 6 - Texinfo 4.8
 
-patch -Np1 -i ../texinfo-4.7-segfault-1.patch &&
 env CC="gcc -pie -fPIE" \
 ./configure --prefix=/usr ${disable_nls} &&
 make

Modified: trunk/text/chapter06/36-bash.txt
===================================================================
--- trunk/text/chapter06/36-bash.txt	2005-01-07 22:59:30 UTC (rev 59)
+++ trunk/text/chapter06/36-bash.txt	2005-01-08 15:34:41 UTC (rev 60)
@@ -6,7 +6,7 @@
 
 # This patch fixes various issues with Bash.
 
-patch -Np1 -i ../bash-3.0-fixes-1.patch
+patch -Np1 -i ../bash-3.0-fixes-3.patch
 
 # We have a few options on how to install Bash. Bash is needed to preform
 # any kind of maintence, it is also used for most login shells.

Modified: trunk/text/chapter06/43-grep.txt
===================================================================
--- trunk/text/chapter06/43-grep.txt	2005-01-07 22:59:30 UTC (rev 59)
+++ trunk/text/chapter06/43-grep.txt	2005-01-08 15:34:41 UTC (rev 60)
@@ -4,13 +4,13 @@
 # If you would like to link Grep statically use this command.
 
 env LDFLAGS=-static \
-./configure --prefix=/usr --bindir=/bin --with-included-regex \
-	${disable_nls}
+	./configure --prefix=/usr --bindir=/bin \
+	--with-included-regex ${disable_nls}
 
 # If you prefer to link Grep dynamically use this command.
 
-./configure --prefix=/usr --bindir=/bin --with-included-regex \
-	${disable_nls}
+./configure --prefix=/usr --bindir=/bin \
+	--with-included-regex ${disable_nls}
 
 # Then compile Grep.
 

Modified: trunk/text/chapter06/57-tar.txt
===================================================================
--- trunk/text/chapter06/57-tar.txt	2005-01-07 22:59:30 UTC (rev 59)
+++ trunk/text/chapter06/57-tar.txt	2005-01-08 15:34:41 UTC (rev 60)
@@ -5,7 +5,7 @@
 	--libexecdir=/usr/sbin ${disable_nls} &&
 make
 
-# Run the testsuite if you like. 3 of 24 tests may fail.
+# Run the testsuite if you like.
 
 make check
 

Modified: trunk/text/chapter07/10-kernel.txt
===================================================================
--- trunk/text/chapter07/10-kernel.txt	2005-01-07 22:59:30 UTC (rev 59)
+++ trunk/text/chapter07/10-kernel.txt	2005-01-08 15:34:41 UTC (rev 60)
@@ -19,21 +19,24 @@
 ln -s linux-2.6.10 /usr/src/linux
 
 # Install any patches for the Linux kernel to /usr/src so you can remember
-# which patches and versions are being used. Remember this Grsecurity patch
-# is a prerelease version.
+# which patches and versions are being used.
 
-install -m 444 /sources/hlfs-packages/linux-2.6.10-security_fix-1.patch \
-	/usr/src &&
+# The linux-2.6.10-security_fix-1.patch in LFS is included as part of the
+# grsecurity patch.
+
 install -m444 /sources/hlfs-packages/linux-2.6.10-frandom-1.patch /usr/src &&
 install -m444 \
-	/sources/hlfs-packages/grsecurity-2.1.0-2.6.10-200501051431.patch \
+	/sources/hlfs-packages/grsecurity-2.1.0-2.6.10-200501071049.patch \
 	/usr/src
+install -m444 /sources/hlfs-packages/linux-2.6.10-secfix-200501071130.patch \
+	/usr/src
 
 # Then change to the Linux source directory and apply the patch.
 
 cd /usr/src/linux &&
-patch -Np1 -i ../linux-2.6.10-security_fix-1.patch &&
-patch -Np1 -i ../linux-2.6.10-frandom-1.patch
+patch -Np1 -i ../linux-2.6.10-frandom-1.patch &&
+patch -Np1 -i ../grsecurity-2.1.0-2.6.10-200501071049.patch &&
+patch -Np1 -i ../linux-2.6.10-secfix-200501071130.patch
 
 # And begin building the kernel. Configuring the kernel with menuconfig is
 # another doccument. All the Grsec and PaX options can be enabled.




More information about the hlfs-dev mailing list