LFS-XML to hlfs patch.

Gilles Espinasse g.esp at free.fr
Tue Jun 29 23:43:55 PDT 2010


----- Original Message ----- 
From: "robert baker" <robertmbaker at gmail.com>
To: "Hardened LFS Development List" <hlfs-dev at linuxfromscratch.org>
Sent: Tuesday, June 29, 2010 9:33 PM
Subject: Re: LFS-XML to hlfs patch.


> I have completed adding the additional package and patch entities to
> the XML patch. The SBU entities for each package are not accurate yet.
> Once the full system builds using jhalfs the SBU values can be
> updated.
>
> You can find the patch here:
> http://www.linuxfromscratch.org/~rbaker/hlfs-0.0.1-lfs-6.6.patch
>
> As I said I have been working with jhalfs to ensure the system build
> can be automated. At the moment the system will download
> everything and build through chapter 5. I haven't gotten the automated
> kernel build working in chapter 5 yet. Just leave the kernel build
> disabled for now.
>
> I have uploaded two additional files to aid in automated builds
> through chapter 5.
>
> This file is lightly modified. It sets the HLFS environment variable
> instead of LFS, and handles skipping the kernel build in chapter05
> when you don't select a config file.
> http://www.linuxfromscratch.org/~rbaker/master.sh
>
> This file needed to have the diff file extension added to it so jhalfs
> would download patches with the diff extension.
> http://www.linuxfromscratch.org/~rbaker/urls.xsl
>
> The process I have been using to build using jhalfs is as follows.
>
> 1. Boot system using lfs live cd. (I generally use a vmware or vbox
> virtual system)
> 2. Setup disks partition/format/mount data and swap.
> 3. Set jhalfs user and group as owners of the whole mounted data
partition.
> 4. Download jhalfs-2.3.2, LFS-6.6-XML, and the hlfs patch to the root
> of the mounted data partition.
> 5. Unpack LFS-6.6-XML and patch the LFS book
> 6. Copy modified master.sh to jhalfs-2.3.2/LFS/ and urls to
> jhalfs-2.3.2/common/.
> 7. Change users to jhalfs and run make in the jhalfs2.3.2 directory.
> 8. Use LFS as the build type, use the working copy option. (point to
> the patched LFS-XML) Configure it to build the sources, and close the
menu.
> 9. Once the build begins delete the
> jhalfs/lfs-commands/chapter0{6,7,8} so the build doesn't continue past
> the temporary system phase. (I haven't changed any commands beyond
> chapter
> 5.)
>
> Some highlights of the changes to the book include the following:
> Build order change to conform with HLFS.
> Don't use a cross compiled build as it causes issues with HLFS build
order.

cross-compilation of the first part mean less dependencies from the host.
I have one machine that had fail to compile chap5 until I implemented LFS
cross-compilation.
I am building like LFS on chap5 with only hardening (not all what HLFS do)
applied starting from chap6.
Basically I set starting from chap6
CFLAGS="-Os -march=${MACHINE} -mtune=pentium -pipe -fomit-frame-pointer -D_F
ORTIFY_SOURCE=2 -fstack-protector-all -fPIE -Wl,-z,now"
CXXFLAGS=${CFLAGS}
LDFLAGS="-Wl,--hash-style=gnu"

and glibc is at both chap5 and 6 build with
sed -i 's|hash-style=both|hash-style=gnu|' Makeconfig
and
--enable-bind-now
--enable-stackguard-randomization
--enable-omitfp

binutils, gcc are not build with hardened flags (I don't care that much for
my application as they are not installed). I have only one error added by
hardening (the know /usr/src/glibc-build/elf/check-localplt.out). Build on
i686 and ppc, not yet tested x86_64.

Gilles




More information about the hlfs-dev mailing list