stupid newbie question

Darren McGrandle darren at mcgrandle.com
Sun Jul 24 15:20:40 PDT 2005


To all,

>From the discussion in Chapter 2, part 6 on Position 
Independent Executables, I have been taking each package and 
looking through the Make files, then applying a modified sed, 
as given by example throughout the hlfs book.  As Robert 
indicated, the only time this isn't appropriate is for libs, 
and then I use -fpic (seems safer in the general case).

Since I am also using the 'more control' package management 
system, I have the added complication of dealing with package 
users' installation issues.  :)  So following that template, I 
set up a build script for building each package, with the 
sed's in it.  I've attached the one for openswan, which I am 
still in the process of refining (I need to make sed's for the 
substitutions in Makefile.inc).

I also modified the source code so that the ipsec utilities 
use /dev/erandom instead of /dev/random.  I looked into 
various methods of increasing the entropy, and may still 
implement some, but by modifying openswan to use /dev/erandom, 
my entropy pool now doesn't sit at 0 forever.  :)  The 
system's normal methods of filling the pool can keep up with 
demand.

Critiques?

Darren McGrandle

------- /usr/src/openswan/build --------
#!/bin/bash
#
# Build script for openswan
#
# Note: BEFORE running this script, need to edit the 
Makefile.inc and
# - delete local from /usr/local in line 72: INC_USRLOCAL= 
variable
# - change /libexec/ to /bin/ from line 81 in FINALLIBEXECDIR 
variable
# Note: erandom sed causes ipsec to use /dev/erandom instead 
of /dev/ramdon
#
# Note: you must also chown openswan:openswan 
/etc/rc.d/init.d/ipsec as root

patch_commands()
{ :
  sed -e 's/dev\/random/dev\/erandom/' -i 
programs/{ranbits/ranbits.{8{,.xml},c},rsasigkey/rsasigkey.{8,
c},starter/files.h}
}

make_commands()
{ :
  export CC="gcc -fpie -pie"
  make programs
}

install_commands()
{ :
  export CC="gcc -fpie -pie"
  make INSTALL=install install
}

test_pipe()
{
  for i in "${PIPESTATUS[@]}"
  do
    test $i != 0 && { echo FAILED! ; exit 1 ; }
  done
  echo successful!
  return 0
}

echo -n Patching...

{ patch_commands 3>&1 1>&2 2>&3 | tee "$HOME/patch.err" ;} 
&>"$HOME/patch.log"
test_pipe

echo -n Building...

{ make_commands 3>&1 1>&2 2>&3 | tee "$HOME/make.err" ;} 
&>"$HOME/make.log"
test_pipe

echo -n Installing...

{ install_commands 3>&1 1>&2 2>&3 | tee "$HOME/install.err" ;} 
&>"$HOME/install.log"
test_pipe




More information about the hlfs-dev mailing list