[people/stevee/ipfire-3.x.git] / pkgs / core / glibc / glibc.nm

###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2007, 2008, 2009 Michael Tremer & Christian Schmidt           #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

###############################################################################
# Definitions
###############################################################################

include $(PKGROOT)/Include

PKG_NAME       = glibc
PKG_VER        = 2.12
PKG_REL        = 0

PKG_MAINTAINER = Michael Tremer <michael.tremer@ipfire.org>
PKG_GROUP      = System/Base
PKG_URL        = http://sources.redhat.com/glibc/
PKG_LICENSE    = GPLv2+ LGPLv2+
PKG_SUMMARY    = The GNU libc libraries.

PKG_PACKAGES  += $(PKG_NAME_REAL)-devel

define PKG_DESCRIPTION
	The glibc package contains standard libraries which are used by \
	multiple programs on the system. In order to save disk space and \
	memory, as well as to make upgrading easier, common system code is \
	kept in one place and shared between programs. This particular package \
	contains the most important sets of shared libraries: the standard C \
	library and the standard math library. Without these two libraries, a \
	Linux system will not function.
endef

PKG_DEPS = # Has got no dependencies

GLIBC_FLAGS += -DPIC -fno-strict-aliasing -mno-tls-direct-seg-refs

CFLAGS   += $(GLIBC_FLAGS)
CXXFLAGS += $(GLIBC_FLAGS)

OPTIMIZED_KERNEL = 2.6.18

PKG_OBJECTS   += $(THISAPP).tar.bz2

# $(THISAPP)-pt_pax-1.patch - Support for PT_PaX markings.

# $(THISAPP)-strlcpy_strlcat-1.patch
#	This patch adds the strlcpy and strlcat functions and manual pages to Glibc.
#	A paper written about these functions is available here:
#	http://www.courtesan.com/todd/papers/strlcpy.html. The Glibc project has
#	refused to add these functions, and that mail tread starts here:
#	http://sources.redhat.com/ml/libc-alpha/2000-08/msg00052.html. Linus Torvalds
#	has added a similar function to the Linux kernel, and that mail thread is
#	here: http://lwn.net/Articles/33814/. The strlcpy() and strlcat() functions
#	are replacements for strncpy() and strncat(). The controversy of these
#	functions is that strlcpy() and strlcat() copy the source data to the
#	destination buffer until the destination is full, and discards the rest of
#	the data if there is any. This means that these functions will never
#	overflow. The basis for the Glibc team's refusal to add these functions is
#	that they silently hide programing errors, and they have a higher performance
#	hit than strncpy() and strncat(). These functions should not be needed in a
#	perfect world, but were invented to deal with the real world. Many packages
#	will use these functions if they are found, such as Perl and many BLFS
#	packages. These functions do reduce buffer overflows, and so they are
#	recommended. After installing this patch no other effort is needed to use it.
#	Packages will use autotools to detect whether they are available or not.

# $(THISAPP)-asprintf_reset2null-1.patch
#	The asprintf(3) and vasprintf(3) functions are GNU extentions, not defined
#	by C or Posix standards. In Glibc these functions leave (char **strp) undefined
#	after an error. This patch resets (char **strp) to NULL after an error, for
#	sanity. 

# $(THISAPP)-issetugid-1.patch
#	This patch adds the issetugid() function, which is a front-end to the
#	__libc_enable_secure() dynamic linker private function. This function
#	reports whether the program is running with matching real and effective
#	ID's, or not, to determine whether the program is running with set-uid or
#	set-gid privileges. Many packages will search for issetugid() and use it if
#	found, such as Ncurses. This is safer than allowing each program to
#	determine privileges itself because it is tested at a lower level which is
#	not manipulatable by the user. Apply this patch with the following command: 

# $(THISAPP)-localedef_trampoline-1.patch
#	The next patch modifies the localedef program so it does not use GCC
#	Trampoline code (http://gcc.gnu.org/onlinedocs/gccint/Trampolines.html),
#	which relies on an executable stack to run. Without this patch the localedef
#	program will be killed if it is run on a kernel with PaX memory protection.
#	See http://pax.grsecurity.net/docs/pageexec.txt and
#	http://pax.grsecurity.net/docs/segmexec.txt for more information.

# $(THISAPP)-sanitize_env.patch
#	This patch resticts the environment, particularly with setuid programs. 

# $(THISAPP)-mktemp_urandom.patch
#	The patch modifies __gen_tempname(), used by the mk*temp()/tmpnam() family
#	of functions, to use /dev/urandom instead of hp-timing, gettimeofday(), or
#	getpid(): 

# $(THISAPP)-res_randomid.patch
#	The res_randomid() function is a pseudo-random number generator, using
#	getpid() for entropy. See: http://www.openbsd.org/advisories/res_random.txt
#	for the vulnerability. This patch uses /dev/urandom instead.

# $(THISAPP)-resolv_response_length.patch
#	This patch does a check on the buffer size of res_* functions.

QUALITY_AGENT_RPATH_ALLOW_ORIGIN=yes

define STAGE_PREPARE
	@cd $(DIR_SRC) && $(DO_EXTRACT) $(DIR_DL)/$(firstword $(PKG_OBJECTS))
	@mkdir $(DIR_SRC)/glibc-build

	# In the vi_VN.TCVN locale, bash enters an infinite loop at startup. It is
	# unknown whether this is a bash bug or a Glibc problem. Disable
	# installation of this locale in order to avoid the problem.
	cd $(DIR_APP) && sed -i '/vi_VN.TCVN/d' localedata/SUPPORTED

	# The ldd shell script contains Bash-specific syntax. Change its default
	# program interpreter to /bin/bash in case another /bin/sh is installed.
	cd $(DIR_APP) && sed -i 's|@BASH@|/bin/bash|' elf/ldd.bash.in

	$(DO_PATCHES)

	# We don't install pt_chown(1) on the final system, so why install it to
	# $(TOOLS_DIR):
	cd $(DIR_APP) && sed -e "/^install.*pt_chown/d" -i login/Makefile

	# Build nscd with -fstack-protector-all, instead of -fstack-protector:
	cd $(DIR_APP) && sed -e "s/fstack-protector/&-all/" -i nscd/Makefile

	# We don't need to set -march=i?86 in confparams because GCC was built with
	# --with-arch=i?86.

	cat $(DIR_SOURCE)/$(PKG_NAME)-stack_chk_fail.c \
		> $(DIR_APP)/debug/stack_chk_fail.c

	cd $(DIR_APP) && \
		sed -e "s|libs -o|libs -L/usr/lib -Wl,-dynamic-linker=$(shell readelf -l /bin/sh | sed -n 's@.*interpret.*$(TOOLS_DIR)\(.*\)]$$@\1@p') -o|" \
		-i scripts/test-installation.pl

	# Use gnu hash style
	cd $(DIR_APP) && sed -i Makeconfig \
		-e "s/-Wl,--hash-style=both/-Wl,--hash-style=gnu -Wl,-O1/"

	# stdlib/tst-putenvmod is not linked against libc.
	cd $(DIR_APP) && sed -i stdlib/Makefile \
		-e "s/^CFLAGS-tst-putenvmod.c.*/& -fno-stack-protector/g"

	# stdio-common/bug22 hits timeout.
	cd $(DIR_APP) && sed -i stdio-common/bug22.c \
		-e "s/#define TIMEOUT.*/#define TIMEOUT 300/"

	# These tests don't work or need more investigation:
	cd $(DIR_APP) && sed -i dlfcn/Makefile -e "s/default //g"

	cd $(DIR_APP) && sed -i nptl/Makefile \
		-e "s/tst-mutex5 //g" \
		-e "s/tst-mutex5a //g" \
		-e "s/tst-cond11 //g" \
		-e "s/tst-rwlock6 //g" \
		-e "s/tst-rwlock7 //g" \
		-e "s/tst-sem5 //g" \
		-e "s/tst-cancelx4 //g" \
		-e "s/tst-cancelx5 //g" \
		-e "s/tst-cancelx10 //g" \
		-e "s/tst-cancelx18 //g" \

	# These are known to fail on x86:
	cd $(DIR_APP) && sed -i rt/Makefile \
		-e "s/tst-cpuclock1 //g" \
		-e "s/tst-cpuclock2 //g"

	cd $(DIR_APP) && sed -i elf/Makefile \
		-e "s/tst-tls1 //g" \
		-e "s/tst-tls1-static //g" \
		-e "s/tst-tls2 //g" \
		-e "s/tst-tls2-static //g" \
		-e "s/tst-tls3 //g" \
		-e "s/resolvfail //g" \
		-e "s/constload1 //g" \
		-e "s/order //g" \
		-e "s/lateglobal //g" \
		-e "s/dblload //g" \
		-e "s/dblunload //g" \
		-e "s/reldep6 //g" \
		-e "s/circleload1 //g" \
		-e "s/tst-global1 //g" \
		-e "s/tst-audit2 //g" \
		-e "s/check-localplt //g" \
		-e "s/check-localplt.out$$//g"

endef

define STAGE_BUILD
	# --enable-stackguard-randomization could be added here, but this is primarily
	# for attacks by local users, and we shouldn't have those in the rebooted
	# system. Adding this will empty the /dev/random entropy pool (via
	# /dev/urandom), unless the system is running a Random Number Gathering Daemon
	# (rngd). This version of Glibc uses high precision timing with SSP, so the
	# canary value changes at run-time. This is not as good as /dev/urandom, but
	# it's better than nothing and has very good performance.

	cd $(DIR_SRC)/glibc-build && \
		CFLAGS= \
		CXXFLAGS= \
		../$(THISAPP)/configure \
			--prefix=/usr \
			--libexecdir=/usr/lib/glibc \
			--disable-profile \
			--enable-add-ons \
			--enable-kernel=$(OPTIMIZED_KERNEL) \
			--without-selinux \
			--disable-werror \
			--enable-bind-now \
			--enable-stackguard-randomization \
			--with-stack-protector=all

	# Our GCC is already passing -fPIC, and that's all we want for the libraries.
	# LDFLAGS.so is appended to so we don't build shared libraries with
	# DT_TEXTREL (and to tell us if something goes wrong). For now we only build
	# the libraries, not the programs:
	echo "build-programs=no" \
		>> $(DIR_SRC)/glibc-build/configparms

	cd $(DIR_SRC)/glibc-build && make PARALLELMFLAGS=$(PARALLELISMFLAGS) \
		CFLAGS="$(CFLAGS) -fno-stack-protector -U_FORTIFY_SOURCE" \
		CXXFLAGS="$(CXXFLAGS) -fno-stack-protector -U_FORTIFY_SOURCE"

	# Then build the programs with hardening, so everything possible in
	# $(TOOLS_DIR) is hardened:
	echo "# Nothing in here :D" >  $(DIR_SRC)/glibc-build/configparms
	cd $(DIR_SRC)/glibc-build && make PARALLELMFLAGS=$(PARALLELISMFLAGS) \
		CFLAGS="$(CFLAGS)" CXXFLAGS="$(CXXFLAGS)"
endef

define STAGE_TEST
	cd $(DIR_SRC)/glibc-build && make check
endef

define STAGE_INSTALL
	cd $(DIR_SRC)/glibc-build && make install install_root=$(BUILDROOT)

	# Locales
	-mkdir -pv $(BUILDROOT)/usr/lib/locale
	# This would install all locales that are supported
	cd $(DIR_SRC)/glibc-build && make localedata/install-locales install_root=$(BUILDROOT)

	# Timezone
	cp -v --remove-destination $(BUILDROOT)/usr/share/zoneinfo/GMT $(BUILDROOT)/etc/localtime

	# Configuration
	cp -vf $(DIR_SOURCE)/{ld.so.conf,nsswitch.conf} $(BUILDROOT)/etc
	-mkdir -pv $(BUILDROOT)/etc/ld.so.conf.d
endef
Commit	Line	Data
166a6c21 MT	1	###############################################################################
	2	# #
	3	# IPFire.org - A linux based firewall #
	4	# Copyright (C) 2007, 2008, 2009 Michael Tremer & Christian Schmidt #
	5	# #
	6	# This program is free software: you can redistribute it and/or modify #
	7	# it under the terms of the GNU General Public License as published by #
	8	# the Free Software Foundation, either version 3 of the License, or #
	9	# (at your option) any later version. #
	10	# #
	11	# This program is distributed in the hope that it will be useful, #
	12	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	13	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	14	# GNU General Public License for more details. #
	15	# #
	16	# You should have received a copy of the GNU General Public License #
	17	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	18	# #
	19	###############################################################################
	20
	21	###############################################################################
	22	# Definitions
	23	###############################################################################
	24
a7c97434	25	include $(PKGROOT)/Include
166a6c21 MT	26
166a6c21 MT	27	PKG_NAME = glibc
3ae9e320	28	PKG_VER = 2.12
166a6c21 MT	29	PKG_REL = 0
	30
	31	PKG_MAINTAINER = Michael Tremer <michael.tremer@ipfire.org>
	32	PKG_GROUP = System/Base
	33	PKG_URL = http://sources.redhat.com/glibc/
	34	PKG_LICENSE = GPLv2+ LGPLv2+
	35	PKG_SUMMARY = The GNU libc libraries.
	36
72d2189b	37	PKG_PACKAGES += $(PKG_NAME_REAL)-devel
48add3fd	38
166a6c21 MT	39	define PKG_DESCRIPTION
	40	The glibc package contains standard libraries which are used by \
	41	multiple programs on the system. In order to save disk space and \
	42	memory, as well as to make upgrading easier, common system code is \
	43	kept in one place and shared between programs. This particular package \
	44	contains the most important sets of shared libraries: the standard C \
	45	library and the standard math library. Without these two libraries, a \
	46	Linux system will not function.
	47	endef
	48
0bed08cd	49	PKG_DEPS = # Has got no dependencies
166a6c21	50
0bed08cd MT	51	GLIBC_FLAGS += -DPIC -fno-strict-aliasing -mno-tls-direct-seg-refs
	52
	53	CFLAGS += $(GLIBC_FLAGS)
	54	CXXFLAGS += $(GLIBC_FLAGS)
166a6c21 MT	55
	56	OPTIMIZED_KERNEL = 2.6.18
	57
	58	PKG_OBJECTS += $(THISAPP).tar.bz2
	59
b2ec3c8a MT	60	# $(THISAPP)-pt_pax-1.patch - Support for PT_PaX markings.
	61
	62	# $(THISAPP)-strlcpy_strlcat-1.patch
	63	# This patch adds the strlcpy and strlcat functions and manual pages to Glibc.
	64	# A paper written about these functions is available here:
	65	# http://www.courtesan.com/todd/papers/strlcpy.html. The Glibc project has
	66	# refused to add these functions, and that mail tread starts here:
	67	# http://sources.redhat.com/ml/libc-alpha/2000-08/msg00052.html. Linus Torvalds
	68	# has added a similar function to the Linux kernel, and that mail thread is
	69	# here: http://lwn.net/Articles/33814/. The strlcpy() and strlcat() functions
	70	# are replacements for strncpy() and strncat(). The controversy of these
	71	# functions is that strlcpy() and strlcat() copy the source data to the
	72	# destination buffer until the destination is full, and discards the rest of
	73	# the data if there is any. This means that these functions will never
	74	# overflow. The basis for the Glibc team's refusal to add these functions is
	75	# that they silently hide programing errors, and they have a higher performance
	76	# hit than strncpy() and strncat(). These functions should not be needed in a
	77	# perfect world, but were invented to deal with the real world. Many packages
	78	# will use these functions if they are found, such as Perl and many BLFS
	79	# packages. These functions do reduce buffer overflows, and so they are
	80	# recommended. After installing this patch no other effort is needed to use it.
	81	# Packages will use autotools to detect whether they are available or not.
	82
	83	# $(THISAPP)-asprintf_reset2null-1.patch
	84	# The asprintf(3) and vasprintf(3) functions are GNU extentions, not defined
	85	# by C or Posix standards. In Glibc these functions leave (char **strp) undefined
	86	# after an error. This patch resets (char **strp) to NULL after an error, for
	87	# sanity.
	88
	89	# $(THISAPP)-issetugid-1.patch
	90	# This patch adds the issetugid() function, which is a front-end to the
	91	# __libc_enable_secure() dynamic linker private function. This function
	92	# reports whether the program is running with matching real and effective
	93	# ID's, or not, to determine whether the program is running with set-uid or
	94	# set-gid privileges. Many packages will search for issetugid() and use it if
	95	# found, such as Ncurses. This is safer than allowing each program to
	96	# determine privileges itself because it is tested at a lower level which is
	97	# not manipulatable by the user. Apply this patch with the following command:
	98
	99	# $(THISAPP)-localedef_trampoline-1.patch
	100	# The next patch modifies the localedef program so it does not use GCC
	101	# Trampoline code (http://gcc.gnu.org/onlinedocs/gccint/Trampolines.html),
	102	# which relies on an executable stack to run. Without this patch the localedef
	103	# program will be killed if it is run on a kernel with PaX memory protection.
	104	# See http://pax.grsecurity.net/docs/pageexec.txt and
	105	# http://pax.grsecurity.net/docs/segmexec.txt for more information.
	106
	107	# $(THISAPP)-sanitize_env.patch
	108	# This patch resticts the environment, particularly with setuid programs.
	109
	110	# $(THISAPP)-mktemp_urandom.patch
	111	# The patch modifies __gen_tempname(), used by the mk*temp()/tmpnam() family
	112	# of functions, to use /dev/urandom instead of hp-timing, gettimeofday(), or
	113	# getpid():
	114
	115	# $(THISAPP)-res_randomid.patch
	116	# The res_randomid() function is a pseudo-random number generator, using
	117	# getpid() for entropy. See: http://www.openbsd.org/advisories/res_random.txt
	118	# for the vulnerability. This patch uses /dev/urandom instead.
	119
	120	# $(THISAPP)-resolv_response_length.patch
	121	# This patch does a check on the buffer size of res_* functions.
166a6c21	122
370830cf	123	QUALITY_AGENT_RPATH_ALLOW_ORIGIN=yes
166a6c21	124
17c0ee8a MT	125	define STAGE_PREPARE
17c0ee8a MT	126	@cd $(DIR_SRC) && $(DO_EXTRACT) $(DIR_DL)/$(firstword $(PKG_OBJECTS))
166a6c21 MT	127	@mkdir $(DIR_SRC)/glibc-build
	128
	129	# In the vi_VN.TCVN locale, bash enters an infinite loop at startup. It is
	130	# unknown whether this is a bash bug or a Glibc problem. Disable
	131	# installation of this locale in order to avoid the problem.
	132	cd $(DIR_APP) && sed -i '/vi_VN.TCVN/d' localedata/SUPPORTED
	133
	134	# The ldd shell script contains Bash-specific syntax. Change its default
	135	# program interpreter to /bin/bash in case another /bin/sh is installed.
	136	cd $(DIR_APP) && sed -i 's\|@BASH@\|/bin/bash\|' elf/ldd.bash.in
	137
	138	$(DO_PATCHES)
	139
	140	# We don't install pt_chown(1) on the final system, so why install it to
	141	# $(TOOLS_DIR):
	142	cd $(DIR_APP) && sed -e "/^install.*pt_chown/d" -i login/Makefile
	143
166a6c21 MT	144	# Build nscd with -fstack-protector-all, instead of -fstack-protector:
	145	cd $(DIR_APP) && sed -e "s/fstack-protector/&-all/" -i nscd/Makefile
	146
	147	# We don't need to set -march=i?86 in confparams because GCC was built with
	148	# --with-arch=i?86.
	149
bceb6c91	150	cat $(DIR_SOURCE)/$(PKG_NAME)-stack_chk_fail.c \
166a6c21	151	> $(DIR_APP)/debug/stack_chk_fail.c
f1fdd4d6 MT	152
	153	cd $(DIR_APP) && \
	154	sed -e "s\|libs -o\|libs -L/usr/lib -Wl,-dynamic-linker=$(shell readelf -l /bin/sh \| sed -n 's@.interpret.$(TOOLS_DIR)\(.*\)]$$@\1@p') -o\|" \
	155	-i scripts/test-installation.pl
8a346372	156
0bed08cd MT	157	# Use gnu hash style
	158	cd $(DIR_APP) && sed -i Makeconfig \
	159	-e "s/-Wl,--hash-style=both/-Wl,--hash-style=gnu -Wl,-O1/"
342b9bc7 MT	160
	161	# stdlib/tst-putenvmod is not linked against libc.
	162	cd $(DIR_APP) && sed -i stdlib/Makefile \
	163	-e "s/^CFLAGS-tst-putenvmod.c.*/& -fno-stack-protector/g"
	164
	165	# stdio-common/bug22 hits timeout.
	166	cd $(DIR_APP) && sed -i stdio-common/bug22.c \
	167	-e "s/#define TIMEOUT.*/#define TIMEOUT 300/"
ce136479 MT	168
	169	# These tests don't work or need more investigation:
	170	cd $(DIR_APP) && sed -i dlfcn/Makefile -e "s/default //g"
	171
	172	cd $(DIR_APP) && sed -i nptl/Makefile \
	173	-e "s/tst-mutex5 //g" \
	174	-e "s/tst-mutex5a //g" \
	175	-e "s/tst-cond11 //g" \
	176	-e "s/tst-rwlock6 //g" \
	177	-e "s/tst-rwlock7 //g" \
	178	-e "s/tst-sem5 //g" \
	179	-e "s/tst-cancelx4 //g" \
	180	-e "s/tst-cancelx5 //g" \
	181	-e "s/tst-cancelx10 //g" \
	182	-e "s/tst-cancelx18 //g" \
	183
	184	# These are known to fail on x86:
	185	cd $(DIR_APP) && sed -i rt/Makefile \
	186	-e "s/tst-cpuclock1 //g" \
	187	-e "s/tst-cpuclock2 //g"
	188
	189	cd $(DIR_APP) && sed -i elf/Makefile \
	190	-e "s/tst-tls1 //g" \
	191	-e "s/tst-tls1-static //g" \
	192	-e "s/tst-tls2 //g" \
	193	-e "s/tst-tls2-static //g" \
	194	-e "s/tst-tls3 //g" \
	195	-e "s/resolvfail //g" \
	196	-e "s/constload1 //g" \
	197	-e "s/order //g" \
	198	-e "s/lateglobal //g" \
	199	-e "s/dblload //g" \
	200	-e "s/dblunload //g" \
	201	-e "s/reldep6 //g" \
	202	-e "s/circleload1 //g" \
	203	-e "s/tst-global1 //g" \
	204	-e "s/tst-audit2 //g" \
	205	-e "s/check-localplt //g" \
	206	-e "s/check-localplt.out$$//g"
	207
17c0ee8a	208	endef
166a6c21	209
17c0ee8a	210	define STAGE_BUILD
166a6c21 MT	211	# --enable-stackguard-randomization could be added here, but this is primarily
	212	# for attacks by local users, and we shouldn't have those in the rebooted
	213	# system. Adding this will empty the /dev/random entropy pool (via
	214	# /dev/urandom), unless the system is running a Random Number Gathering Daemon
	215	# (rngd). This version of Glibc uses high precision timing with SSP, so the
	216	# canary value changes at run-time. This is not as good as /dev/urandom, but
	217	# it's better than nothing and has very good performance.
	218
166a6c21 MT	219	cd $(DIR_SRC)/glibc-build && \
	220	CFLAGS= \
	221	CXXFLAGS= \
	222	../$(THISAPP)/configure \
166a6c21 MT	223	--prefix=/usr \
	224	--libexecdir=/usr/lib/glibc \
	225	--disable-profile \
	226	--enable-add-ons \
	227	--enable-kernel=$(OPTIMIZED_KERNEL) \
	228	--without-selinux \
	229	--disable-werror \
	230	--enable-bind-now \
	231	--enable-stackguard-randomization \
bc4ad5b7	232	--with-stack-protector=all
166a6c21 MT	233
	234	# Our GCC is already passing -fPIC, and that's all we want for the libraries.
	235	# LDFLAGS.so is appended to so we don't build shared libraries with
	236	# DT_TEXTREL (and to tell us if something goes wrong). For now we only build
	237	# the libraries, not the programs:
	238	echo "build-programs=no" \
	239	>> $(DIR_SRC)/glibc-build/configparms
	240
	241	cd $(DIR_SRC)/glibc-build && make PARALLELMFLAGS=$(PARALLELISMFLAGS) \
0bed08cd MT	242	CFLAGS="$(CFLAGS) -fno-stack-protector -U_FORTIFY_SOURCE" \
0bed08cd MT	243	CXXFLAGS="$(CXXFLAGS) -fno-stack-protector -U_FORTIFY_SOURCE"
166a6c21 MT	244
	245	# Then build the programs with hardening, so everything possible in
	246	# $(TOOLS_DIR) is hardened:
0bed08cd	247	echo "# Nothing in here :D" > $(DIR_SRC)/glibc-build/configparms
166a6c21 MT	248	cd $(DIR_SRC)/glibc-build && make PARALLELMFLAGS=$(PARALLELISMFLAGS) \
166a6c21 MT	249	CFLAGS="$(CFLAGS)" CXXFLAGS="$(CXXFLAGS)"
17c0ee8a	250	endef
166a6c21	251
34c789f0 MT	252	define STAGE_TEST
	253	cd $(DIR_SRC)/glibc-build && make check
	254	endef
b6ca5178	255
17c0ee8a	256	define STAGE_INSTALL
166a6c21 MT	257	cd $(DIR_SRC)/glibc-build && make install install_root=$(BUILDROOT)
166a6c21 MT	258
166a6c21 MT	259	# Locales
166a6c21 MT	260	-mkdir -pv $(BUILDROOT)/usr/lib/locale
f1fdd4d6	261	# This would install all locales that are supported
166a6c21 MT	262	cd $(DIR_SRC)/glibc-build && make localedata/install-locales install_root=$(BUILDROOT)
166a6c21 MT	263
166a6c21 MT	264	# Timezone
	265	cp -v --remove-destination $(BUILDROOT)/usr/share/zoneinfo/GMT $(BUILDROOT)/etc/localtime
	266
	267	# Configuration
	268	cp -vf $(DIR_SOURCE)/{ld.so.conf,nsswitch.conf} $(BUILDROOT)/etc
647b4a94	269	-mkdir -pv $(BUILDROOT)/etc/ld.so.conf.d
17c0ee8a	270	endef