hi robert,
first of all good job on the update thing.
sadly i can't get past glibc-headers in ch5.
the configure fails with
checking for .preinit_array/.init_array/.fini_array support... no
configure: error: Need linker with .init_array/.fini_array support.
i run
../glibc-2.4/configure --prefix=/tools \
--host=${target} --without-cvs \
--disable-sanity-checks --with-headers=/tools/include
the host is
binutils 2.16.1
gcc 3.4.5
glibc 2.3.6
after what i goggled. this is a binutils/glibc update problem, but how
can i update glibc when i can't run configure ? ;)
michael
Robert Connolly schrieb:
I have attached my preliminary/experimental differences to build HLFS with
gcc-4.1.1 and glibc-2.4. Comments are welcome.
robert
------------------------------------------------------------------------
# May 28th, 2006
# These are the differences to use GCC-4.1 and Glibc-2.4 with the HLFS-unstable
# book, available at http://www.linuxfromscratch.org/hlfs/view/unstable/glibc/
# Glibc-2.4 and GCC-4.1 have integrated SSP, so the SSP patches are no longer
# needed.
# Thanks to CLFS and LFS for some commands I stole :-)
# New/additional patches are available at:
# http://www.linuxfromscratch.org/patches/downloads/glibc/
# http://www.linuxfromscratch.org/~robert/new/newpatches/
# http://www.grsecurity.net/~spender/
# Commands here depend on Sed version 4 or higher, and Perl, as usual.
# I tested this with Binutils-2.16.93, but the testsuite had many failures. Feel
# free to try HJL Binutils instead.
# - Chapter 5 -
# - Kernel headers (I used linux-2.6.16.18):
# I dont know if this will be the way kernel headers are installed, but it works
# for now. It's a good idea to be running this kernel version on the host
system,
# for Glibc.
# Unpack your kernel source.
make mrproper &&
make include/linux/version.h &&
make include/asm &&
install -d /tools/include/asm &&
cp -R include/asm/* /tools/include/asm &&
cp -R include/asm-generic /tools/include &&
cp -R include/linux /tools/include
# Don't worry about ".config: No such file or directory".
# - Glibc-2.4 headers:
# Break the GCC version sanity check (this doesn't matter because we're only
# installing the Glibc headers):
sed -e 's/3.4\*/\*/' -i configure
# After 'make install-headers' (just he Glibc version number below was changed):
cp bits/stdio_lim.h /tools/include/bits &&
touch /tools/include/gnu/stubs.h &&
cp ../glibc-2.4/nptl/sysdeps/pthread/pthread.h /tools/include &&
cp ../glibc-2.4/nptl/sysdeps/unix/sysv/linux/i386/bits/pthreadtypes.h \
/tools/include/bits
# - Binutils-2.16.93 cross-linker:
# GCC-4.1 needs binutils-2.16.91 or higher.
# ftp://sources.redhat.com/pub/binutils/snapshots/binutils-2.16.93.tar.bz2
# After 'make install':
make -C ld clean &&
make -C ld LIB_PATH=/tools/lib &&
install ld/ld-new /tools/bin/${target}-ld-new
# Remove the binutils-2.16.93/ and binutils-build/ directories.
# - GCC-4.1.1 cross-compiler:
patch -Np1 -i ../gcc-4.1.1-specs_x86-1.patch
# No need to 'touch ${ldso}'.
# Add '--disable-libssp --disable-libmudflap' to the configure command.
# - Glibc-2.4:
# The ssp patch is no longer needed. The pt_pax and dl_execstack_PaX patches
from
# 2.3.6 still work on 2.4.
tar xf ../glibc-libidn-2.4.tar.bz2 &&
mv glibc-libidn-2.4 libidn
# This patch stops localedef from crashing while running a PaX kernel:
patch -Np1 -i ../glibc-2.4-localedef_segfault-1.patch
# This patch is so that we can just use a simple 'make' command, instead of
# 'make libgcc_eh="" gnulib="-lgcc" static-gnulib="-lgcc"':
patch -Np1 -i ../glibc-2.4-libgcc_eh-1.patch
# Run 'make check' like this:
make -k check >glibc-check-log 2>&1 ; grep Error glibc-check-log
# I couldn't get 'make check' to pass perfectly even under the best conditions.
# make[2]: [/mnt/hlfs/usr/src/glibc-build/posix/annexc.out] Error 1 (ignored)
# make[2]: *** [/mnt/hlfs/usr/src/glibc-build/nptl/tst-cancel24.o] Error 1
# make[1]: *** [nptl/tests] Error 2
# make[2]: *** [/mnt/hlfs/usr/src/glibc-build/elf/check-localplt.out] Error 1
# make[1]: *** [elf/tests] Error 2
# make: *** [check] Error 2
# Install like this:
install -d /tools/etc &&
touch /tools/etc/ld.so.conf &&
make install
# - Adjusting toolchain:
mv /tools/bin/${target}-{ld-new,ld} &&
ln -f /tools/bin/${target}-ld /tools/${target}/bin/ld
# Then test it...
# - Binutils-2.16.93:
# After 'make install':
make -C ld clean &&
make -C ld LIB_PATH=/usr/lib:/lib &&
install ld/ld-new /tools/bin/ld-new
# Remove the binutils-2.16.93/ and binutils-build/ directories.
# - GCC-4.1:
# Don't use the SSP patch, or the version.c sed command.
# The nofixincludes patch is replaced by this:
sed '[EMAIL PROTECTED]/[EMAIL PROTECTED] true@' -i gcc/Makefile.in
#
patch -Np1 -i ../gcc-4.1.1-specs_x86-1.patch
# GCC-4.1.1 does not detect SSP when Glibc is installed to non-standard
locations,
# like /tools. Fix that:
sed -e '[EMAIL PROTECTED]/usr\/[EMAIL PROTECTED]/tools\/include@' -i
gcc/configure
# GCC will still build and install libssp, but gcc won't use it.
# 'make', 'make bootstrap', or 'make profiledbootstrap', whichever you prefer.
# 'make bootstrap' is probably a good idea, but this gcc is being built by the
# same version of gcc, so it may not make a difference.
# - Adding hardened specs:
# This requires Perl on your host system.
# Get:
# http://www.linuxfromscratch.org/~robert/new/newpatches/hardened-specs.sh
install hardened-specs.sh /tools/bin/hardened-specs &&
gcc -dumpspecs > `dirname $(gcc -print-libgcc-file-name)`/specs &&
/tools/bin/hardened-specs
# The two lines with __guard need to be removed from test.c for it to compile.
# Glibc's SSP does not use __guard anymore, but Glibc's testsuite will also run
# tests for SSP in chapter 6 to conferm it is working properly.
# - Chapter 6 -
# - Kernel headers (for Glibc):
# Unpack the kernel.
patch --no-backup-if-mismatch -Np1 -i \
../linux-libc-headers-2.6.12.0-pseudo_random-1.patch &&
patch --no-backup-if-mismatch -Np1 -i \
../linux-libc-headers-2.6.12.0-unistd_x86_PIC-1.patch &&
make mrproper &&
make include/linux/version.h &&
make include/asm &&
mkdir /usr/src/glibcheaders &&
cp -HR include/asm /usr/src/glibcheaders &&
cp -R include/asm-generic /usr/src/glibcheaders &&
cp -R include/linux /usr/src/glibcheaders &&
touch /usr/src/glibcheaders/linux/autoconf.h
# - Glibc-2.4:
tar xf ../glibc-libidn-2.4.tar.bz2 &&
mv glibc-libidn-2.4 libidn
# Don't forget to apply the dl_execstack_PaX and pt_pax patches. Don't use the
# fstack_protector patch for now.
patch -Np1 -i ../glibc-2.4-localedef_segfault-1.patch
# The glibc-2.3.6-arc4random-2.patch is now optional. Glibc and uClibc have
moved
# the SSP functions to ld.so (rtld). In order to use arc4random with SSP the
# arc4random code would also need to be moved to ld.so, and that's not a sane
idea.
# Some packages, like OpenSSL, OpenNTPD, and BIND can still use arc4random via
# libc if it is available.
# If you want to preserve your kernel entropy you should use /dev/erandom
instead
# of /dev/urandom for SSP. This is especially important for servers with little
# or no keyboard and mouse activity. Note: doing this while compiling Glibc on a
# vanilla kernel may cause a couple test failures because erandom doesn't exist.
# To do that enter this:
sed -e 's/urandom/erandom/' -i sysdeps/unix/sysv/linux/dl-osinfo.h
# Add --enable-stackguard-randomization to have Glibc use urandom/erandom to
generate
# random canary values used with SSP.
# Add '--with-headers=/usr/src/glibcheaders' to point Glibc to the raw kernel
headers.
# This 'make check' resulted the same as chapter 5.
# - Sanitized headers:
#
http://download.fedora.redhat.com/pub/fedora/linux/core/development/source/SRPMS/\
# glibc-kernheaders-3.0-??.src.rpm
# You'll need to rpm2tgz this package, then unpack it. Inside there's another
# tarball.
tar xf glibc-kernheaders-2.6.??-?.????_FC6.tar.bz2 &&
cd usr/include/ &&
cp -R asm-i386 /usr/include/asm &&
cp -R asm-generic /usr/include &&
cp -R linux /usr/include
# - Adjusting toolchain:
install /tools/bin/ld{-new,} &&
perl -pi -e 's:/tools${ldso}:${ldso}:g;' \
-e '[EMAIL PROTECTED]:[EMAIL PROTECTED]/usr/lib/@g;' \
`dirname $(gcc -print-libgcc-file-name)`/specs
# - Binutils-2.16.93:
# To do 'make check':
make CC_FOR_TARGET="gcc -no-pie -fno-stack-protector" -k check
# However, many of the tests won't pass (I'm pretty sure this is a problem with
# the binutils snapshot, and not HLFS). Binutils tests are also sensitive to
CFLAGS.
# - GCC-4.1.1:
# No patches are needed (with Glibc).
# Fix libiberty/Makefile.in:
sed -e 's/install_to_$(INSTALL_DEST) //' -i libiberty/Makefile.in
# Disable fixincludes if you want:
sed '[EMAIL PROTECTED]/[EMAIL PROTECTED] true@' -i gcc/Makefile.in
# Fix gccbug:
sed 's/@have_mktemp_command@/yes/' -i gcc/gccbug.in
# Configure GCC...
# Compile GCC with -fstack-protector and -pie:
make CFLAGS="-fstack-protector-all -fPIC -fomit-frame-pointer -O2" \
CXXFLAGS="-fstack-protector-all -fPIC -fomit-frame-pointer -O2" \
LDFLAGS="-z relro -z now -pie"
# Use BOOT_CFLAGS, BOOT_CXXFLAGS, and BOOT_LDFLAGS, if you are using
# 'make bootstrap'.
# Maybe one day I'll figure out how to stick -fPIE in GCC's build, so it runs
# more optimally. Alternately the specs can be hardcoded with a patch.
# After 'make install':
gcc -dumpspecs > `dirname $(gcc -print-libgcc-file-name)`/specs &&
/tools/bin/hardened-specs
# - Kernel
# The pseudo_random kernel patch is also optional, but only if you are not using
# the arc4random libc patch, and you are not using /dev/erandom with SSP. It is
# advisable to use the pseudo_random kernel patch.
# It should be downhill after this, aside from gcc-4.1.1 issues. Now I need to
# get this working with uClibc too, and see if it can be cleaned up better.
# robert - ashes
--
http://linuxfromscratch.org/mailman/listinfo/hlfs-dev
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page
