]> git.ipfire.org Git - ipfire-3.x.git/blob - lfs/glibc
projects / ipfire-3.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Added some lines for ext4 on installer.
[ipfire-3.x.git] / lfs / glibc
1 ###############################################################################
2 # #
3 # IPFire.org - A linux based firewall #
4 # Copyright (C) 2007, 2008, 2009 Michael Tremer & Christian Schmidt #
5 # #
6 # This program is free software: you can redistribute it and/or modify #
7 # it under the terms of the GNU General Public License as published by #
8 # the Free Software Foundation, either version 3 of the License, or #
9 # (at your option) any later version. #
10 # #
11 # This program is distributed in the hope that it will be useful, #
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
14 # GNU General Public License for more details. #
15 # #
16 # You should have received a copy of the GNU General Public License #
17 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
18 # #
19 ###############################################################################
20
21 ###############################################################################
22 # Definitions
23 ###############################################################################
24
25 include Config
26
27 PKG_NAME = glibc
28 VER = 2.9
29 PKG_VER = 0
30
31 THISAPP = $(PKG_NAME)-$(VER)
32 DL_FILE = $(THISAPP).tar.bz2
33 DIR_APP = $(DIR_SRC)/$(THISAPP)
34
35 OBJECT = $(DIR_INFO)/$(STAGE_ORDER)_$(STAGE)/$(THISAPP)
36
37 MAINTAINER =
38 GROUP = System/Base
39 EXTRA = no
40 DEBUG = no
41 DEPS =
42
43 URL = http://sources.redhat.com/glibc/
44 LICENSE = GPLv2+ LGPLv2+
45 SHORT_DESC = The GNU libc libraries.
46
47 define LONG_DESC
48 The glibc package contains standard libraries which are used by \
49 multiple programs on the system. In order to save disk space and \
50 memory, as well as to make upgrading easier, common system code is \
51 kept in one place and shared between programs. This particular package \
52 contains the most important sets of shared libraries: the standard C \
53 library and the standard math library. Without these two libraries, a \
54 Linux system will not function.
55 endef
56
57 CFLAGS = -O2 -pipe
58 CXXFLAGS =
59
60 ###############################################################################
61 # Top-level Rules
62 ###############################################################################
63
64 objects = $(DL_FILE) \
65 $(PKG_NAME)-libidn-$(VER).tar.bz2 \
66 $(THISAPP)-pt_pax-1.patch \
67 $(THISAPP)-strlcpy_strlcat-1.patch \
68 $(THISAPP)-asprintf_reset2null-1.patch \
69 $(THISAPP)-issetugid-1.patch \
70 $(THISAPP)-localedef_trampoline-1.patch \
71 $(THISAPP)-sanitize_env.patch \
72 $(THISAPP)-mktemp_urandom.patch \
73 $(THISAPP)-res_randomid.patch \
74 $(THISAPP)-resolv_response_length.patch \
75 $(THISAPP)-undefine-__i686.patch \
76 $(THISAPP)-d_tlsdec.patch
77
78 download: $(objects)
79
80 info:
81 $(DO_PKG_INFO)
82
83 install: $(OBJECT)
84
85 package:
86 @$(DO_PACKAGE)
87
88 $(objects):
89 @$(LOAD)
90
91 ###############################################################################
92 # Installation Details
93 ###############################################################################
94
95 $(OBJECT): $(objects)
96 @$(PREBUILD)
97 @rm -rf $(DIR_APP) $(DIR_SRC)/glibc-build && cd $(DIR_SRC) && $(EXTRACTOR) $(DIR_DL)/$(DL_FILE)
98 @mkdir $(DIR_SRC)/glibc-build
99
100 # Extracting libidn
101 cd $(DIR_APP) && $(EXTRACTOR) $(DIR_DL)/$(PKG_NAME)-libidn-$(VER).tar.bz2
102 cd $(DIR_APP) && mv -v $(PKG_NAME)-libidn-$(VER) libidn
103
104 # In the vi_VN.TCVN locale, bash enters an infinite loop at startup. It is
105 # unknown whether this is a bash bug or a Glibc problem. Disable
106 # installation of this locale in order to avoid the problem.
107 cd $(DIR_APP) && sed -i '/vi_VN.TCVN/d' localedata/SUPPORTED
108
109 # The ldd shell script contains Bash-specific syntax. Change its default
110 # program interpreter to /bin/bash in case another /bin/sh is installed.
111 cd $(DIR_APP) && sed -i 's|@BASH@|/bin/bash|' elf/ldd.bash.in
112
113 # The next patch modifies the localedef program so it does not use GCC
114 # Trampoline code (http://gcc.gnu.org/onlinedocs/gccint/Trampolines.html),
115 # which relies on an executable stack to run. Without this patch the localedef
116 # program will be killed if it is run on a kernel with PaX memory protection.
117 # See http://pax.grsecurity.net/docs/pageexec.txt and
118 # http://pax.grsecurity.net/docs/segmexec.txt for more information:
119 cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-localedef_trampoline-1.patch
120
121 # Support for PT_PaX markings:
122 cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-pt_pax-1.patch
123
124 # The asprintf(3) and vasprintf(3) functions are GNU extentions, not defined
125 # by C or Posix standards. In Glibc these functions leave (char **strp) undefined
126 # after an error. This patch resets (char **strp) to NULL after an error, for
127 # sanity.
128 cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-asprintf_reset2null-1.patch
129
130 # This patch adds the issetugid() function, which is a front-end to the
131 # __libc_enable_secure() dynamic linker private function. This function
132 # reports whether the program is running with matching real and effective
133 # ID's, or not, to determine whether the program is running with set-uid or
134 # set-gid privileges. Many packages will search for issetugid() and use it if
135 # found, such as Ncurses. This is safer than allowing each program to
136 # determine privileges itself because it is tested at a lower level which is
137 # not manipulatable by the user. Apply this patch with the following command:
138 cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-issetugid-1.patch
139
140 # This patch resticts the environment, particularly with setuid programs:
141 cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-sanitize_env.patch
142
143 # This patch adds the strlcpy and strlcat functions and manual pages to Glibc.
144 # A paper written about these functions is available here:
145 # http://www.courtesan.com/todd/papers/strlcpy.html. The Glibc project has
146 # refused to add these functions, and that mail tread starts here:
147 # http://sources.redhat.com/ml/libc-alpha/2000-08/msg00052.html. Linus Torvalds
148 # has added a similar function to the Linux kernel, and that mail thread is
149 # here: http://lwn.net/Articles/33814/. The strlcpy() and strlcat() functions
150 # are replacements for strncpy() and strncat(). The controversy of these
151 # functions is that strlcpy() and strlcat() copy the source data to the
152 # destination buffer until the destination is full, and discards the rest of
153 # the data if there is any. This means that these functions will never
154 # overflow. The basis for the Glibc team's refusal to add these functions is
155 # that they silently hide programing errors, and they have a higher performance
156 # hit than strncpy() and strncat(). These functions should not be needed in a
157 # perfect world, but were invented to deal with the real world. Many packages
158 # will use these functions if they are found, such as Perl and many BLFS
159 # packages. These functions do reduce buffer overflows, and so they are
160 # recommended. After installing this patch no other effort is needed to use it.
161 # Packages will use autotools to detect whether they are available or not:
162 cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-strlcpy_strlcat-1.patch
163
164 # The patch modifies __gen_tempname(), used by the mk*temp()/tmpnam() family
165 # of functions, to use /dev/urandom instead of hp-timing, gettimeofday(), or
166 # getpid():
167 cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-mktemp_urandom.patch
168
169 # The res_randomid() function is a pseudo-random number generator, using
170 # getpid() for entropy. See: http://www.openbsd.org/advisories/res_random.txt
171 # for the vulnerability. This patch uses /dev/urandom instead:
172 cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-res_randomid.patch
173
174 # This patch does a check on the buffer size of res_* functions:
175 cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-resolv_response_length.patch
176
177 # We don't install pt_chown(1) on the final system, so why install it to
178 # $(TOOLS_DIR):
179 cd $(DIR_APP) && sed -e "/^install.*pt_chown/d" -i login/Makefile
180
181 # ldconfig is statically linked, so don't build it PIC:
182 cd $(DIR_APP) && sed "s/CFLAGS-ldconfig.c =/& -fno-PIC -fno-PIE/" \
183 -i elf/Makefile
184
185 # Build nscd with -fstack-protector-all, instead of -fstack-protector:
186 cd $(DIR_APP) && sed -e "s/fstack-protector/&-all/" -i nscd/Makefile
187
188 # We don't need to set -march=i?86 in confparams because GCC was built with
189 # --with-arch=i?86.
190 ifeq "$(MACHINE)" "i686"
191 cd $(DIR_APP) && patch -Np0 -i $(DIR_PATCHES)/$(THISAPP)-undefine-__i686.patch
192 endif
193
194 # Replace a direct call of a i686 function (Not able to compile at i586)
195 cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-d_tlsdec.patch
196
197 # --sbindir=$(TOOLS_DIR)/bin does not work... anyone want to fix this?
198 # We don't need Glibc's sbin programs, but still.
199
200 # --enable-stackguard-randomization could be added here, but this is primarily
201 # for attacks by local users, and we shouldn't have those in the rebooted
202 # system. Adding this will empty the /dev/random entropy pool (via
203 # /dev/urandom), unless the system is running a Random Number Gathering Daemon
204 # (rngd). This version of Glibc uses high precision timing with SSP, so the
205 # canary value changes at run-time. This is not as good as /dev/urandom, but
206 # it's better than nothing and has very good performance.
207
208 ifeq "$(STAGE)" "toolchain"
209 # Glibc uses a hard coded path for /etc/ld.so.preload. To keep Glibc from
210 # preloading libraries from the host machine perform the following command:
211 cd $(DIR_APP) && sed -e "s@/etc/ld.so.preload@$(TOOLS_DIR)@" -i elf/rtld.c
212 -mkdir -v $(TOOLS_DIR)/etc
213 touch $(TOOLS_DIR)/etc/ld.so.conf
214
215 cd $(DIR_SRC)/glibc-build && \
216 ../$(THISAPP)/configure \
217 $(CONFIGURE_ARCH) \
218 --prefix=$(TOOLS_DIR) \
219 --libexecdir=$(TOOLS_DIR)/lib/$(PKG_NAME) \
220 --with-headers=$(TOOLS_DIR)/include \
221 --with-binutils=$(TOOLS_DIR)/bin \
222 --disable-profile \
223 --enable-add-ons \
224 --enable-kernel=2.6.0 \
225 --without-selinux \
226 --without-gd \
227 --enable-bind-now \
228 --enable-stackguard-randomization
229 endif
230
231 ifeq "$(STAGE)" "base"
232 if [ ! -e /bin/pwd ]; then ln -sfn $(TOOLS_DIR)/bin/pwd /bin/pwd; fi
233 cd $(DIR_APP) && sed 's/-nostdlib/& -fno-stack-protector/g' -i.orig configure
234 cd $(DIR_APP) && sed -i 's|libs -o|libs -L/usr/lib -Wl,-dynamic-linker=$(LINKER) -o|' \
235 scripts/test-installation.pl
236 touch /etc/ld.so.conf
237
238 cd $(DIR_SRC)/glibc-build && \
239 ../$(THISAPP)/configure \
240 $(CONFIGURE_ARCH) \
241 --prefix=/usr \
242 --libexecdir=/usr/lib/glibc \
243 --disable-profile \
244 --enable-add-ons \
245 --enable-kernel=2.6.0 \
246 --without-selinux \
247 --disable-werror \
248 --enable-bind-now \
249 --enable-stackguard-randomization
250 endif
251
252 # Our GCC is already passing -fPIC, and that's all we want for the libraries.
253 # LDFLAGS.so is appended to so we don't build shared libraries with
254 # DT_TEXTREL (and to tell us if something goes wrong). For now we only build
255 # the libraries, not the programs:
256 echo "build-programs=no" \
257 >> $(DIR_SRC)/glibc-build/configparms
258 echo "CC = gcc -fPIC -fno-stack-protector -U_FORTIFY_SOURCE -nonow -nopie" \
259 >> $(DIR_SRC)/glibc-build/configparms
260 echo "CXX = g++ -fPIC -fno-stack-protector -U_FORTIFY_SOURCE -nonow -nopie" \
261 >> $(DIR_SRC)/glibc-build/configparms
262 echo "LDFLAGS.so += -Wl,--warn-shared-textrel,--fatal-warnings" \
263 >> $(DIR_SRC)/glibc-build/configparms
264 cd $(DIR_SRC)/glibc-build && make PARALLELMFLAGS=$(PARALLELISMFLAGS)
265
266 # Then build the programs with hardening, so everything possible in
267 # $(TOOLS_DIR) is hardened:
268 @rm -f $(DIR_SRC)/glibc-build/configparms
269 echo "CC = gcc -fPIE -fstack-protector-all -D_FORTIFY_SOURCE=2" \
270 >> $(DIR_SRC)/glibc-build/configparms
271 echo "CXX = g++ -fPIE -fstack-protector-all -D_FORTIFY_SOURCE=2" \
272 >> $(DIR_SRC)/glibc-build/configparms
273 echo "CFLAGS-sln.c += -fno-PIC -fno-PIE" \
274 >> $(DIR_SRC)/glibc-build/configparms
275 echo "+link = \$$(CC) -nostdlib -nostartfiles -fPIE -pie -o \$$@ \\" \
276 >> $(DIR_SRC)/glibc-build/configparms
277 echo " \$$(sysdep-LDFLAGS) \$$(config-LDFLAGS) \$$(LDFLAGS) \$$(LDFLAGS-\$$(@F)) \\" \
278 >> $(DIR_SRC)/glibc-build/configparms
279 echo " -Wl,-z,combreloc -Wl,-z,relro -Wl,-z,now \$$(hashstyle-LDFLAGS) \\" \
280 >> $(DIR_SRC)/glibc-build/configparms
281 echo " -Wl,--warn-shared-textrel,--fatal-warnings \\" \
282 >> $(DIR_SRC)/glibc-build/configparms
283 echo " \$$(addprefix \$$(csu-objpfx),S\$$(start-installed-name)) \\" \
284 >> $(DIR_SRC)/glibc-build/configparms
285 echo " \$$(+preinit) `\$$(CC) --print-file-name=crtbeginS.o` \\" \
286 >> $(DIR_SRC)/glibc-build/configparms
287 echo " \$$(filter-out \$$(addprefix \$$(csu-objpfx),start.o \\" \
288 >> $(DIR_SRC)/glibc-build/configparms
289 echo " \$$(start-installed-name))\\" \
290 >> $(DIR_SRC)/glibc-build/configparms
291 echo " \$$(+preinit) \$$(link-extra-libs) \\" \
292 >> $(DIR_SRC)/glibc-build/configparms
293 echo " \$$(common-objpfx)libc% \$$(+postinit),\$$^) \\" \
294 >> $(DIR_SRC)/glibc-build/configparms
295 echo " \$$(link-extra-libs) \$$(link-libc) `\$$(CC) --print-file-name=crtendS.o` \$$(+postinit)" \
296 >> $(DIR_SRC)/glibc-build/configparms
297 cd $(DIR_SRC)/glibc-build && make PARALLELMFLAGS=$(PARALLELISMFLAGS)
298 cd $(DIR_SRC)/glibc-build && make install
299
300 ifeq "$(STAGE)" "base"
301 install -vd /usr/lib/static/
302 mv -v /usr/lib/{libbsd-compat,libg,libieee,libmcheck}.a /usr/lib/static/
303 mv -v /usr/lib/{libBrokenLocale,libanl,libcrypt}.a /usr/lib/static/
304 mv -v /usr/lib/{libm,libnsl,libpthread,libresolv}.a /usr/lib/static/
305 mv -v /usr/lib/{librpcsvc,librt,libutil}.a /usr/lib/static/
306
307 # Locales
308 -mkdir -pv /usr/lib/locale
309 # This would install all locales that are supported, but we do only
310 # install a minimal set of them
311 #cd $(DIR_SRC)/glibc-build && make localedata/install-locales
312 cd $(DIR_SRC)/glibc-build && localedef -i de_DE -f UTF-8 de_DE.UTF-8
313 cd $(DIR_SRC)/glibc-build && localedef -i en_US -f UTF-8 en_US.UTF-8
314 cd $(DIR_SRC)/glibc-build && localedef -i da_DK -f UTF-8 da_DK.UTF-8
315
316 # Timezone
317 cp -v --remove-destination /usr/share/zoneinfo/GMT /etc/localtime
318
319 # Set up ld.so.conf
320 echo -e "# Begin /etc/ld.so.conf\n" >> /etc/ld.so.conf
321 echo -e "/usr/local/lib\n" >> /etc/ld.so.conf
322 echo "# End /etc/ld.so.conf" >> /etc/ld.so.conf
323
324 if [ -h /bin/pwd ]; then rm -f /bin/pwd; fi
325 endif
326
327 @rm -rf $(DIR_APP) $(DIR_SRC)/glibc-build
328 @$(POSTBUILD)
IPFire 3.x development tree