]> git.ipfire.org Git - people/ms/ipfire-3.x.git/blob - pkgs/core/glibc/glibc.nm
projects / people / ms / ipfire-3.x.git / blob
? search:


52050793c62c7e3c2984baf132760f754049080d
[people/ms/ipfire-3.x.git] / pkgs / core / glibc / glibc.nm
1 ###############################################################################
2 # #
3 # IPFire.org - A linux based firewall #
4 # Copyright (C) 2007, 2008, 2009 Michael Tremer & Christian Schmidt #
5 # #
6 # This program is free software: you can redistribute it and/or modify #
7 # it under the terms of the GNU General Public License as published by #
8 # the Free Software Foundation, either version 3 of the License, or #
9 # (at your option) any later version. #
10 # #
11 # This program is distributed in the hope that it will be useful, #
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
14 # GNU General Public License for more details. #
15 # #
16 # You should have received a copy of the GNU General Public License #
17 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
18 # #
19 ###############################################################################
20
21 ###############################################################################
22 # Definitions
23 ###############################################################################
24
25 include $(PKGROOT)/Include
26
27 PKG_NAME = glibc
28 PKG_VER = 2.13
29 PKG_REL = 1
30
31 # TODO tzdata
32
33 PKG_MAINTAINER = Michael Tremer <michael.tremer@ipfire.org>
34 PKG_GROUP = System/Base
35 PKG_URL = http://sources.redhat.com/glibc/
36 PKG_LICENSE = GPLv2+ LGPLv2+
37 PKG_SUMMARY = The GNU libc libraries.
38
39 PKG_BUILD_DEPS+= audit-devel autoconf automake gettext libcap-devel \
40 libselinux-devel texinfo
41
42 define PKG_DESCRIPTION
43 The glibc package contains standard libraries which are used by \
44 multiple programs on the system. In order to save disk space and \
45 memory, as well as to make upgrading easier, common system code is \
46 kept in one place and shared between programs. This particular package \
47 contains the most important sets of shared libraries: the standard C \
48 library and the standard math library. Without these two libraries, a \
49 Linux system will not function.
50 endef
51
52 # Build glibc with custom cflags
53 GLIBC_FLAGS = -O3 -g -fasynchronous-unwind-tables -DNDEBUG -DPIC
54
55 ifeq "$(DISTRO_ARCH)" "i686"
56 GLIBC_FLAGS += -march=i686 -mtune=generic
57 endif
58
59 ifeq "$(DISTRO_ARCH)" "x86_64"
60 GLIBC_FLAGS += -mtune=generic
61 endif
62
63 export CFLAGS = $(GLIBC_FLAGS)
64 export CXXFLAGS = $(GLIBC_FLAGS)
65
66 GLIBC_TARGET_PLATFORM = $(subst -gnu,,$(DISTRO_MACHINE))
67 OPTIMIZED_KERNEL = 2.6.32
68
69 PKG_OBJECTS += $(THISAPP).tar.xz
70
71 # $(THISAPP)-pt_pax-1.patch - Support for PT_PaX markings.
72
73 # $(THISAPP)-strlcpy_strlcat-1.patch
74 # This patch adds the strlcpy and strlcat functions and manual pages to Glibc.
75 # A paper written about these functions is available here:
76 # http://www.courtesan.com/todd/papers/strlcpy.html. The Glibc project has
77 # refused to add these functions, and that mail tread starts here:
78 # http://sources.redhat.com/ml/libc-alpha/2000-08/msg00052.html. Linus Torvalds
79 # has added a similar function to the Linux kernel, and that mail thread is
80 # here: http://lwn.net/Articles/33814/. The strlcpy() and strlcat() functions
81 # are replacements for strncpy() and strncat(). The controversy of these
82 # functions is that strlcpy() and strlcat() copy the source data to the
83 # destination buffer until the destination is full, and discards the rest of
84 # the data if there is any. This means that these functions will never
85 # overflow. The basis for the Glibc team's refusal to add these functions is
86 # that they silently hide programing errors, and they have a higher performance
87 # hit than strncpy() and strncat(). These functions should not be needed in a
88 # perfect world, but were invented to deal with the real world. Many packages
89 # will use these functions if they are found, such as Perl and many BLFS
90 # packages. These functions do reduce buffer overflows, and so they are
91 # recommended. After installing this patch no other effort is needed to use it.
92 # Packages will use autotools to detect whether they are available or not.
93
94 # $(THISAPP)-asprintf_reset2null-1.patch
95 # The asprintf(3) and vasprintf(3) functions are GNU extentions, not defined
96 # by C or Posix standards. In Glibc these functions leave (char **strp) undefined
97 # after an error. This patch resets (char **strp) to NULL after an error, for
98 # sanity.
99
100 # $(THISAPP)-issetugid-1.patch
101 # This patch adds the issetugid() function, which is a front-end to the
102 # __libc_enable_secure() dynamic linker private function. This function
103 # reports whether the program is running with matching real and effective
104 # ID's, or not, to determine whether the program is running with set-uid or
105 # set-gid privileges. Many packages will search for issetugid() and use it if
106 # found, such as Ncurses. This is safer than allowing each program to
107 # determine privileges itself because it is tested at a lower level which is
108 # not manipulatable by the user. Apply this patch with the following command:
109
110 # $(THISAPP)-localedef_trampoline-1.patch
111 # The next patch modifies the localedef program so it does not use GCC
112 # Trampoline code (http://gcc.gnu.org/onlinedocs/gccint/Trampolines.html),
113 # which relies on an executable stack to run. Without this patch the localedef
114 # program will be killed if it is run on a kernel with PaX memory protection.
115 # See http://pax.grsecurity.net/docs/pageexec.txt and
116 # http://pax.grsecurity.net/docs/segmexec.txt for more information.
117
118 # $(THISAPP)-sanitize_env.patch
119 # This patch resticts the environment, particularly with setuid programs.
120
121 # $(THISAPP)-mktemp_urandom.patch
122 # The patch modifies __gen_tempname(), used by the mk*temp()/tmpnam() family
123 # of functions, to use /dev/urandom instead of hp-timing, gettimeofday(), or
124 # getpid():
125
126 # $(THISAPP)-res_randomid.patch
127 # The res_randomid() function is a pseudo-random number generator, using
128 # getpid() for entropy. See: http://www.openbsd.org/advisories/res_random.txt
129 # for the vulnerability. This patch uses /dev/urandom instead.
130
131 # $(THISAPP)-resolv_response_length.patch
132 # This patch does a check on the buffer size of res_* functions.
133
134 QUALITY_AGENT_RPATH_ALLOW_ORIGIN=yes
135
136 define STAGE_PREPARE
137 @cd $(DIR_SRC) && $(DO_EXTRACT) $(DIR_DL)/$(firstword $(PKG_OBJECTS))
138 @mkdir $(DIR_SRC)/glibc-build
139
140 # In the vi_VN.TCVN locale, bash enters an infinite loop at startup. It is
141 # unknown whether this is a bash bug or a Glibc problem. Disable
142 # installation of this locale in order to avoid the problem.
143 cd $(DIR_APP) && sed -i '/vi_VN.TCVN/d' localedata/SUPPORTED
144
145 # The ldd shell script contains Bash-specific syntax. Change its default
146 # program interpreter to /bin/bash in case another /bin/sh is installed.
147 cd $(DIR_APP) && sed -i 's|@BASH@|/bin/bash|' elf/ldd.bash.in
148
149 $(DO_PATCHES)
150
151 # We don't install pt_chown(1) on the final system, so why install it to
152 # $(TOOLS_DIR):
153 cd $(DIR_APP) && sed -e "/^install.*pt_chown/d" -i login/Makefile
154
155 # Build nscd with -fstack-protector-all, instead of -fstack-protector:
156 cd $(DIR_APP) && sed -e "s/fstack-protector/&-all/" -i nscd/Makefile
157
158 # We don't need to set -march=i?86 in confparams because GCC was built with
159 # --with-arch=i?86.
160
161 cat $(DIR_SOURCE)/$(PKG_NAME)-stack_chk_fail.c \
162 > $(DIR_APP)/debug/stack_chk_fail.c
163
164 #cd $(DIR_APP) && \
165 # sed -e "s|libs -o|libs -L/usr/lib -Wl,-dynamic-linker=$(shell readelf -l /bin/sh | sed -n 's@.*interpret.*$(TOOLS_DIR)\(.*\)]$$@\1@p') -o|" \
166 # -i scripts/test-installation.pl
167
168 # Use gnu hash style
169 cd $(DIR_APP) && sed -i Makeconfig \
170 -e "s/-Wl,--hash-style=both/-Wl,--hash-style=gnu -Wl,-O1/"
171
172 # stdlib/tst-putenvmod is not linked against libc.
173 cd $(DIR_APP) && sed -i stdlib/Makefile \
174 -e "s/^CFLAGS-tst-putenvmod.c.*/& -fno-stack-protector/g"
175
176 # stdio-common/bug22 hits timeout.
177 cd $(DIR_APP) && sed -i stdio-common/bug22.c \
178 -e "s/#define TIMEOUT.*/#define TIMEOUT 300/"
179
180 # These tests don't work or need more investigation:
181 cd $(DIR_APP) && sed -i dlfcn/Makefile -e "s/default //g"
182
183 cd $(DIR_APP) && sed -i nptl/Makefile \
184 -e "s/tst-mutex5 //g" \
185 -e "s/tst-mutex5a //g" \
186 -e "s/tst-cond11 //g" \
187 -e "s/tst-rwlock6 //g" \
188 -e "s/tst-rwlock7 //g" \
189 -e "s/tst-sem5 //g" \
190 -e "s/tst-cancelx4 //g" \
191 -e "s/tst-cancelx5 //g" \
192 -e "s/tst-cancelx10 //g" \
193 -e "s/tst-cancelx18 //g" \
194 -e "s/tst-signal1 //g"
195
196 # These are known to fail on x86:
197 cd $(DIR_APP) && sed -i rt/Makefile \
198 -e "s/tst-cpuclock1 //g" \
199 -e "s/tst-cpuclock2 //g"
200
201 cd $(DIR_APP) && sed -i elf/Makefile \
202 -e "s/tst-tls1 //g" \
203 -e "s/tst-tls1-static //g" \
204 -e "s/tst-tls2 //g" \
205 -e "s/tst-tls2-static //g" \
206 -e "s/tst-tls3 //g" \
207 -e "s/resolvfail //g" \
208 -e "s/constload1 //g" \
209 -e "s/order //g" \
210 -e "s/lateglobal //g" \
211 -e "s/dblload //g" \
212 -e "s/dblunload //g" \
213 -e "s/reldep6 //g" \
214 -e "s/circleload1 //g" \
215 -e "s/tst-global1 //g" \
216 -e "s/tst-audit2 //g" \
217 -e "s/check-localplt //g" \
218 -e "s/check-localplt.out$$//g"
219
220 cd $(DIR_APP) && sed -i signal/Makefile \
221 -e "s/tst-sigset2//g"
222
223 #cd $(DIR_APP) && sed -i configure \
224 # -e "s/-Werror -fstack-protector/-fstack-protector/"
225 endef
226
227 define STAGE_BUILD
228 cd $(DIR_SRC)/glibc-build && \
229 CFLAGS="$(CFLAGS) -fno-asynchronous-unwind-tables" \
230 ../$(THISAPP)/configure \
231 --build=$(GLIBC_TARGET_PLATFORM) \
232 --host=$(GLIBC_TARGET_PLATFORM) \
233 --prefix=/usr \
234 --libexecdir=/usr/lib/glibc \
235 --disable-profile \
236 --enable-add-ons \
237 --enable-kernel=$(OPTIMIZED_KERNEL) \
238 --with-selinux \
239 --disable-werror \
240 --enable-bind-now \
241 --enable-__thread \
242 --enable-tls \
243 --enable-experimental-malloc \
244 --with-gd \
245 --with-nss-crypt
246
247 cd $(DIR_SRC)/glibc-build && sed -i config.make \
248 -e "s/^build-pic-default=.*/build-pic-default=yes/"
249
250 # Our GCC is already passing -fPIC, and that's all we want for the libraries.
251 # LDFLAGS.so is appended to so we don't build shared libraries with
252 # DT_TEXTREL (and to tell us if something goes wrong). For now we only build
253 # the libraries, not the programs:
254 echo "build-programs=no" \
255 >> $(DIR_SRC)/glibc-build/configparms
256
257 cd $(DIR_SRC)/glibc-build && make PARALLELMFLAGS=$(PARALLELISMFLAGS) \
258 CFLAGS="$(CFLAGS) -fno-stack-protector -U_FORTIFY_SOURCE" \
259 CXXFLAGS="$(CXXFLAGS) -fno-stack-protector -U_FORTIFY_SOURCE"
260
261 # Then build the programs with hardening, so everything possible in
262 # $(TOOLS_DIR) is hardened:
263 echo "# Nothing in here :D" > $(DIR_SRC)/glibc-build/configparms
264 cd $(DIR_SRC)/glibc-build && make PARALLELMFLAGS=$(PARALLELISMFLAGS) \
265 CFLAGS="$(CFLAGS)" CXXFLAGS="$(CXXFLAGS)"
266 endef
267
268 #define STAGE_TEST
269 # cd $(DIR_SRC)/glibc-build && TIMEOUTFACTOR=16 make check \
270 # CFLAGS="$(CFLAGS) -fno-stack-protector -U_FORTIFY_SOURCE" \
271 # CXXFLAGS="$(CXXFLAGS) -fno-stack-protector -U_FORTIFY_SOURCE"
272 #endef
273
274 define STAGE_INSTALL
275 cd $(DIR_SRC)/glibc-build && make install install_root=$(BUILDROOT)
276
277 # Locales
278 -mkdir -pv $(BUILDROOT)/usr/lib/locale
279 # This would install all locales that are supported
280 cd $(DIR_SRC)/glibc-build && make localedata/install-locales install_root=$(BUILDROOT)
281
282 # Timezone
283 cp -v --remove-destination $(BUILDROOT)/usr/share/zoneinfo/GMT $(BUILDROOT)/etc/localtime
284
285 # Configuration
286 cp -vf $(DIR_SOURCE)/{ld.so.conf,nsswitch.conf} $(BUILDROOT)/etc
287 -mkdir -pv $(BUILDROOT)/etc/{default,ld.so.conf.d}
288 install -p -m644 $(DIR_APP)/nis/nss $(BUILDROOT)/etc/default/nss
289
290 # Remove unused binaries
291 rm -vf $(BUILDROOT)/sbin/sln \
292 $(BUILDROOT)/usr/bin/rpcinfo
293
294 # Don't distribute linker cache
295 rm -vf $(BUILDROOT)/etc/ld.so.cache
296
297 # Include /usr/lib/gconv/gconv-modules.cache
298 > $(BUILDROOT)/usr/lib/gconv/gconv-modules.cache
299 chmod 644 $(BUILDROOT)/usr/lib/gconv/gconv-modules.cache
300
301 strip -g $(BUILDROOT)/usr/lib/*.o
302
303 # Move some libs to correct place
304 mv -v $(BUILDROOT)/lib/lib{memusage,pcprofile}.so $(BUILDROOT)/usr/lib/
305 endef
306
307 ### Packages
308
309 # glibc-common
310 PKG_PACKAGES += $(PKG_NAME)-common
311 PKG_DEPS += $(PKG_NAME)-common
312
313 define PKG_FILES-$(PKG_NAME)-common
314 /usr/bin
315 /usr/sbin
316 /usr/share
317 !/usr/share/zoneinfo
318 endef
319
320 # glibc-devel
321 PKG_PACKAGES += $(PKG_NAME)-devel
322
323 PKG_SUMMARY-$(PKG_NAME)-devel = \
324 Object files for development using standard C libraries.
325 PKG_GROUP-$(PKG_NAME)-devel = Development/Libraries
326 PKG_DEPS-$(PKG_NAME)-devel += $(PKG_NAME)-headers
327
328 define PKG_DESCRIPTION-$(PKG_NAME)-devel
329 The glibc-devel package contains the object files necessary
330 for developing programs which use the standard C libraries (which are
331 used by nearly all programs). If you are developing programs which
332 will use the standard C libraries, your system needs to have these
333 standard object files available in order to create the
334 executables.
335
336 Install glibc-devel if you are going to develop programs which will
337 use the standard C libraries.
338 endef
339
340 PKG_FILES-$(PKG_NAME)-devel += /usr/lib/*.a /usr/lib/*.o
341
342 # glibc-headers
343 PKG_PACKAGES += $(PKG_NAME)-headers
344
345 PKG_DEPS-$(PKG_NAME)-headers += kernel-headers
346
347 define PKG_DESCRIPTION-$(PKG_NAME)-heasders
348 The glibc-headers package contains the header files necessary
349 for developing programs which use the standard C libraries (which are
350 used by nearly all programs). If you are developing programs which
351 will use the standard C libraries, your system needs to have these
352 standard header files available in order to create the
353 executables.
354
355 Install glibc-headers if you are going to develop programs which will
356 use the standard C libraries.
357 endef
358
359 define PKG_FILES-$(PKG_NAME)-headers
360 /usr/include
361 !/usr/include/linuxthreads
362 !/usr/include/gnu/stubs-[32164]*.h
363 endef
364
365 # nscd
366 PKG_PACKAGES += nscd
367
368 PKG_SUMMARY-nscd = A Name Service Caching Daemon (nscd).
369 PKG_GROUP-nscd = System/Daemons
370
371 define PKG_DESCRIPTION-nscd
372 Nscd caches name service lookups and can dramatically improve \
373 performance with NIS+, and may help with DNS as well.
374 endef
375
376 define PKG_FILES-nscd
377 /usr/sbin/nscd
378 endef
379
380 # glibc-utils
381 PKG_PACKAGES += $(PKG_NAME)-utils
382
383 PKG_SUMMARY-$(PKG_NAME)-utils = Development utilities from GNU C library.
384 PKG_GROUP-$(PKG_NAME)-utils = Development/Tools
385 define PKG_DESCRIPTION_$(PKG_NAME)-utils
386 The glibc-utils package contains memusage, a memory usage profiler, \
387 mtrace, a memory leak tracer and xtrace, a function call tracer \
388 which can be helpful during program debugging.
389 endef
390
391 define PKG_FILES-$(PKG_NAME)-utils
392 /usr/bin/memusage
393 /usr/bin/memusagestat
394 /usr/bin/mtrace
395 /usr/bin/pcprofiledump
396 /usr/bin/xtrace
397 /usr/lib/libmemusage.so
398 /usr/lib/libpcprofile.so
399 endef
Michael's tree of IPFire 3.x.