book brokenness, etc

Robert Connolly robert at linuxfromscratch.org
Fri Feb 9 00:21:36 PST 2007


Hello. I just realized linuxfromscratch.org is the mail server now, not 
mail.linuxfromscratch.org. 1800 messages later, I'm back.

I fixed some of the uClibc 2.4-book issues this week. Chapter 5 builds now. I 
haven't finished a chapter 6 build in a very long time, and I know there are 
various problems. There was a post a while ago about adding the assertions to 
a header, so fputs=assert(fputs) all the time, and I think this is a better 
idea but I just haven't gotton to it yet. I apologize for the brokenness in 
chapter 6 and the kernel. I'll try to start removing the assertions stuff 
from chapter 6 and finish by adding a new header for <stdio.h> to wrap 
affected functions in assert().

I'm concentrating mainly on the 2.4 branch but adding differences that work to 
the trunk too. I finally added the hardened-specs header, minus 
stack-protector, to the 2.4-branch. And switched uClibc-snapshot with 
uClibc-0.9.28.1.

I got rid of that Sed patch because it broke Sed.

Regarding the two mail threads about testing the security of an HLFS system, 
there is a Paxtest package at the PaX website that I'd like to add to the 
book somewhere. There are also of course the test suites for each package. 
And fixing compiler warnings, including backporting gcc-4.3 fixes to the 
2.4-branch gcc-3.4 systems. Assertions aren't intended to be used on a 
production system because of performance loss, but I think it's a good idea 
because they will abort programs that have unforeseen errors. The 
gcc41 'unused return value' warning fixed with assertions should make sure 
every function has a contingency plan for errors.

I'd like to mention that people who want to run linux-2.6 can still build the 
2.4-book and simply boot a 2.6 kernel. 2.6 isn't stable, even though it runs 
well without crashing. My cdrom used to be named /dev/hda in 2.6.18, and is 
named /dev/sr0 in 2.6.19. Using the 2.6 kernels involves constant adjustments 
to userland configuration, like Udev, which inherently means it's in the 
development stage. The 2.6.18.x branch seems to be being maintained parallel 
to the latest kernels, but who knows how long this will last. The 2.4-branch 
system will allow the system to boot anything after linux-2.4.20, or so, but 
won't have performance features from the later kernels.

I've been thinking of adding pages to cross build a uClibc system, either at 
the end of chapter 5 or near the end of the book, with examples of building a 
4MB embedded system for a mips (netgear) router/firewall or an initrd for 
booting a loop-aes encrypted drive... a Busybox system. I think this is more 
what uClibc is intended for. It would preferably be built from an HLFS system 
so the host is more trusted, but doesn't necessarily have to be. The howto's 
for rescue systems are fairly out of date, aren't very specific, don't 
mention firewalling, often lack boot scripts, and adding loop-aes, sshd 
(dropbear), or addressing security concerns only complicates it. So I think 
it deserves a place in the (b)hlfs-book. The uClibc config for an embedded 
system isn't the same as for a full featured system because things like GCC 
(wchar) support are not needed, so the libraries can be cut smaller.

So anyway, I'll start try to fix chapter 6 so the book isn't broken anymore.

Robert
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.linuxfromscratch.org/pipermail/hlfs-dev/attachments/20070209/3380d0d0/attachment.sig>


More information about the hlfs-dev mailing list