[people/ms/ipfire-3.x.git] / pkgs / core / glibc / glibc.nm

###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2007, 2008, 2009 Michael Tremer & Christian Schmidt           #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

###############################################################################
# Definitions
###############################################################################

include ../../Config

PKG_NAME       = glibc
PKG_VER        = 2.10.1
PKG_REL        = 0

PKG_MAINTAINER = Michael Tremer <michael.tremer@ipfire.org>
PKG_GROUP      = System/Base
PKG_URL        = http://sources.redhat.com/glibc/
PKG_LICENSE    = GPLv2+ LGPLv2+
PKG_SUMMARY    = The GNU libc libraries.

define PKG_DESCRIPTION
	The glibc package contains standard libraries which are used by \
	multiple programs on the system. In order to save disk space and \
	memory, as well as to make upgrading easier, common system code is \
	kept in one place and shared between programs. This particular package \
	contains the most important sets of shared libraries: the standard C \
	library and the standard math library. Without these two libraries, a \
	Linux system will not function.
endef

PKG_BUILD_DEPS = # Has got no dependencies

CFLAGS         = -O2 -fomit-frame-pointer -pipe -DPIC -fno-strict-aliasing \
					-mno-tls-direct-seg-refs -D_FORTIFY_SOURCE=2 \
					-fstack-protector-all
CXXFLAGS       = $(CFLAGS)

OPTIMIZED_KERNEL = 2.6.18

PKG_OBJECTS   += $(THISAPP).tar.bz2

# Support for PT_PaX markings:
PKG_PATCHES   += $(THISAPP)-pt_pax-1.patch

# This patch adds the strlcpy and strlcat functions and manual pages to Glibc.
# A paper written about these functions is available here:
# http://www.courtesan.com/todd/papers/strlcpy.html. The Glibc project has
# refused to add these functions, and that mail tread starts here:
# http://sources.redhat.com/ml/libc-alpha/2000-08/msg00052.html. Linus Torvalds
# has added a similar function to the Linux kernel, and that mail thread is
# here: http://lwn.net/Articles/33814/. The strlcpy() and strlcat() functions
# are replacements for strncpy() and strncat(). The controversy of these
# functions is that strlcpy() and strlcat() copy the source data to the
# destination buffer until the destination is full, and discards the rest of
# the data if there is any. This means that these functions will never
# overflow. The basis for the Glibc team's refusal to add these functions is
# that they silently hide programing errors, and they have a higher performance
# hit than strncpy() and strncat(). These functions should not be needed in a
# perfect world, but were invented to deal with the real world. Many packages
# will use these functions if they are found, such as Perl and many BLFS
# packages. These functions do reduce buffer overflows, and so they are
# recommended. After installing this patch no other effort is needed to use it.
# Packages will use autotools to detect whether they are available or not:
PKG_PATCHES   += $(THISAPP)-strlcpy_strlcat-1.patch

# The asprintf(3) and vasprintf(3) functions are GNU extentions, not defined
# by C or Posix standards. In Glibc these functions leave (char **strp) undefined
# after an error. This patch resets (char **strp) to NULL after an error, for
# sanity.
PKG_PATCHES   += $(THISAPP)-asprintf_reset2null-1.patch

# This patch adds the issetugid() function, which is a front-end to the
# __libc_enable_secure() dynamic linker private function. This function
# reports whether the program is running with matching real and effective
# ID's, or not, to determine whether the program is running with set-uid or
# set-gid privileges. Many packages will search for issetugid() and use it if
# found, such as Ncurses. This is safer than allowing each program to
# determine privileges itself because it is tested at a lower level which is
# not manipulatable by the user. Apply this patch with the following command:
PKG_PATCHES   += $(THISAPP)-issetugid-1.patch

# The next patch modifies the localedef program so it does not use GCC
# Trampoline code (http://gcc.gnu.org/onlinedocs/gccint/Trampolines.html),
# which relies on an executable stack to run. Without this patch the localedef
# program will be killed if it is run on a kernel with PaX memory protection.
# See http://pax.grsecurity.net/docs/pageexec.txt and
# http://pax.grsecurity.net/docs/segmexec.txt for more information:
PKG_PATCHES   += $(THISAPP)-localedef_trampoline-1.patch

# This patch resticts the environment, particularly with setuid programs:
#PKG_PATCHES   += $(THISAPP)-sanitize_env.patch

# The patch modifies __gen_tempname(), used by the mk*temp()/tmpnam() family
# of functions, to use /dev/urandom instead of hp-timing, gettimeofday(), or
# getpid():
PKG_PATCHES   += $(THISAPP)-mktemp_urandom.patch

# The res_randomid() function is a pseudo-random number generator, using
# getpid() for entropy. See: http://www.openbsd.org/advisories/res_random.txt
# for the vulnerability. This patch uses /dev/urandom instead:
PKG_PATCHES   += $(THISAPP)-res_randomid.patch

# This patch does a check on the buffer size of res_* functions:
PKG_PATCHES   += $(THISAPP)-resolv_response_length.patch

PKG_PATCHES   += $(THISAPP)-undefine-__i686.patch
PKG_PATCHES   += $(THISAPP)-arc4random.patch
PKG_PATCHES   += $(THISAPP)-hardened-configure-picdefault.patch
PKG_PATCHES   += $(THISAPP)-hardened-inittls-nosysenter.patch
PKG_PATCHES   += $(THISAPP)-hardened-pie.patch

include ../../Rules

###############################################################################
# Installation Details
###############################################################################

$(STAGE_PREPARE): $(OBJECTS)
	@@$(PRE_PREPARE)
	@rm -rf $(DIR_APP) $(DIR_SRC)/glibc-build && cd $(DIR_SRC) && $(DO_EXTRACT) $(DIR_DL)/$(firstword $(PKG_OBJECTS))
	@mkdir $(DIR_SRC)/glibc-build

	# In the vi_VN.TCVN locale, bash enters an infinite loop at startup. It is
	# unknown whether this is a bash bug or a Glibc problem. Disable
	# installation of this locale in order to avoid the problem.
	cd $(DIR_APP) && sed -i '/vi_VN.TCVN/d' localedata/SUPPORTED

	# The ldd shell script contains Bash-specific syntax. Change its default
	# program interpreter to /bin/bash in case another /bin/sh is installed.
	cd $(DIR_APP) && sed -i 's|@BASH@|/bin/bash|' elf/ldd.bash.in

	$(DO_PATCHES)

	# We don't install pt_chown(1) on the final system, so why install it to
	# $(TOOLS_DIR):
	cd $(DIR_APP) && sed -e "/^install.*pt_chown/d" -i login/Makefile

	# ldconfig is statically linked, so don't build it PIC:
	cd $(DIR_APP) && sed "s/CFLAGS-ldconfig.c =/& -fno-PIC -fno-PIE/" \
		-i elf/Makefile

	# Build nscd with -fstack-protector-all, instead of -fstack-protector:
	cd $(DIR_APP) && sed -e "s/fstack-protector/&-all/" -i nscd/Makefile

	# We don't need to set -march=i?86 in confparams because GCC was built with
	# --with-arch=i?86.

	cat $(DIR_SOURCE)/$(THISAPP)-stack_chk_fail.c \
		> $(DIR_APP)/debug/stack_chk_fail.c

	@$(POST_PREPARE)


$(STAGE_BUILD): $(STAGE_PREPARE)
	@$(PRE_BUILD)
	# --enable-stackguard-randomization could be added here, but this is primarily
	# for attacks by local users, and we shouldn't have those in the rebooted
	# system. Adding this will empty the /dev/random entropy pool (via
	# /dev/urandom), unless the system is running a Random Number Gathering Daemon
	# (rngd). This version of Glibc uses high precision timing with SSP, so the
	# canary value changes at run-time. This is not as good as /dev/urandom, but
	# it's better than nothing and has very good performance.

	if [ ! -e /bin/pwd ]; then ln -sfn $(TOOLS_DIR)/bin/pwd /bin/pwd; fi

	cd $(DIR_APP) && sed 's/-nostdlib/& -fno-stack-protector/g' -i.orig configure

	cd $(DIR_APP) && sed -i 's|libs -o|libs -L/usr/lib -Wl,-dynamic-linker=$(LINKER) -o|' \
		scripts/test-installation.pl

	cd $(DIR_SRC)/glibc-build && \
		CFLAGS= \
		CXXFLAGS= \
		../$(THISAPP)/configure \
			$(CONFIGURE_ARCH) \
			--prefix=/usr \
			--libexecdir=/usr/lib/glibc \
			--disable-profile \
			--enable-add-ons \
			--enable-kernel=$(OPTIMIZED_KERNEL) \
			--without-selinux \
			--disable-werror \
			--enable-bind-now \
			--enable-stackguard-randomization \
			--with-stack-protector=all \
			--enable-omitfp

	# Our GCC is already passing -fPIC, and that's all we want for the libraries.
	# LDFLAGS.so is appended to so we don't build shared libraries with
	# DT_TEXTREL (and to tell us if something goes wrong). For now we only build
	# the libraries, not the programs:
	echo "build-programs=no" \
		>> $(DIR_SRC)/glibc-build/configparms

	cd $(DIR_SRC)/glibc-build && make PARALLELMFLAGS=$(PARALLELISMFLAGS) \
		CFLAGS="-O2 -DPIC -fno-stack-protector -U_FORTIFY_SOURCE" \
		CXXFLAGS="-O2 -DPIC -fno-stack-protector -U_FORTIFY_SOURCE"

	# Then build the programs with hardening, so everything possible in
	# $(TOOLS_DIR) is hardened:
	echo "CFLAGS   = $(CFLAGS)"   >  $(DIR_SRC)/glibc-build/configparms
	echo "CXXFLAGS = $(CXXFLAGS)" >> $(DIR_SRC)/glibc-build/configparms
	cd $(DIR_SRC)/glibc-build && make PARALLELMFLAGS=$(PARALLELISMFLAGS) \
		CFLAGS="$(CFLAGS)" CXXFLAGS="$(CXXFLAGS)"

	@$(POST_BUILD)

$(STAGE_INSTALL): $(STAGE_BUILD)
	@$(PRE_INSTALL)

	cd $(DIR_SRC)/glibc-build && make install install_root=$(BUILDROOT)

	install -vd $(BUILDROOT)/usr/lib/static/
	mv -v $(BUILDROOT)/usr/lib/{libbsd-compat,libg,libieee,libmcheck}.a $(BUILDROOT)/usr/lib/static/
	mv -v $(BUILDROOT)/usr/lib/{libBrokenLocale,libanl,libcrypt}.a $(BUILDROOT)/usr/lib/static/
	mv -v $(BUILDROOT)/usr/lib/{libm,libnsl,libpthread,libresolv}.a $(BUILDROOT)/usr/lib/static/
	mv -v $(BUILDROOT)/usr/lib/{librpcsvc,librt,libutil}.a $(BUILDROOT)/usr/lib/static/

	rm -vf $(BUILDROOT){/usr,}/lib/*_g.a

	# Locales
	-mkdir -pv $(BUILDROOT)/usr/lib/locale
	# This would install all locales that are supported, but we do only
	# install a minimal set of them
	cd $(DIR_SRC)/glibc-build && make localedata/install-locales install_root=$(BUILDROOT)


	# Timezone
	cp -v --remove-destination $(BUILDROOT)/usr/share/zoneinfo/GMT $(BUILDROOT)/etc/localtime

	# Configuration
	cp -vf $(DIR_SOURCE)/{ld.so.conf,nsswitch.conf} $(BUILDROOT)/etc

	if [ -h /bin/pwd ]; then rm -f /bin/pwd; fi

	@$(POST_INSTALL)
Commit	Line	Data
166a6c21 MT	1	###############################################################################
	2	# #
	3	# IPFire.org - A linux based firewall #
	4	# Copyright (C) 2007, 2008, 2009 Michael Tremer & Christian Schmidt #
	5	# #
	6	# This program is free software: you can redistribute it and/or modify #
	7	# it under the terms of the GNU General Public License as published by #
	8	# the Free Software Foundation, either version 3 of the License, or #
	9	# (at your option) any later version. #
	10	# #
	11	# This program is distributed in the hope that it will be useful, #
	12	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	13	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	14	# GNU General Public License for more details. #
	15	# #
	16	# You should have received a copy of the GNU General Public License #
	17	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	18	# #
	19	###############################################################################
	20
	21	###############################################################################
	22	# Definitions
	23	###############################################################################
	24
	25	include ../../Config
	26
	27	PKG_NAME = glibc
	28	PKG_VER = 2.10.1
	29	PKG_REL = 0
	30
	31	PKG_MAINTAINER = Michael Tremer <michael.tremer@ipfire.org>
	32	PKG_GROUP = System/Base
	33	PKG_URL = http://sources.redhat.com/glibc/
	34	PKG_LICENSE = GPLv2+ LGPLv2+
	35	PKG_SUMMARY = The GNU libc libraries.
	36
	37	define PKG_DESCRIPTION
	38	The glibc package contains standard libraries which are used by \
	39	multiple programs on the system. In order to save disk space and \
	40	memory, as well as to make upgrading easier, common system code is \
	41	kept in one place and shared between programs. This particular package \
	42	contains the most important sets of shared libraries: the standard C \
	43	library and the standard math library. Without these two libraries, a \
	44	Linux system will not function.
	45	endef
	46
	47	PKG_BUILD_DEPS = # Has got no dependencies
	48
	49	CFLAGS = -O2 -fomit-frame-pointer -pipe -DPIC -fno-strict-aliasing \
	50	-mno-tls-direct-seg-refs -D_FORTIFY_SOURCE=2 \
	51	-fstack-protector-all
	52	CXXFLAGS = $(CFLAGS)
	53
	54	OPTIMIZED_KERNEL = 2.6.18
	55
	56	PKG_OBJECTS += $(THISAPP).tar.bz2
	57
	58	# Support for PT_PaX markings:
	59	PKG_PATCHES += $(THISAPP)-pt_pax-1.patch
	60
	61	# This patch adds the strlcpy and strlcat functions and manual pages to Glibc.
	62	# A paper written about these functions is available here:
	63	# http://www.courtesan.com/todd/papers/strlcpy.html. The Glibc project has
	64	# refused to add these functions, and that mail tread starts here:
65	# http://sources.redhat.com/ml/libc-alpha/2000-08/msg00052.html. Linus Torvalds
66	# has added a similar function to the Linux kernel, and that mail thread is
67	# here: http://lwn.net/Articles/33814/. The strlcpy() and strlcat() functions
68	# are replacements for strncpy() and strncat(). The controversy of these
69	# functions is that strlcpy() and strlcat() copy the source data to the
70	# destination buffer until the destination is full, and discards the rest of
71	# the data if there is any. This means that these functions will never
72	# overflow. The basis for the Glibc team's refusal to add these functions is
73	# that they silently hide programing errors, and they have a higher performance
74	# hit than strncpy() and strncat(). These functions should not be needed in a
75	# perfect world, but were invented to deal with the real world. Many packages
76	# will use these functions if they are found, such as Perl and many BLFS
77	# packages. These functions do reduce buffer overflows, and so they are
78	# recommended. After installing this patch no other effort is needed to use it.
79	# Packages will use autotools to detect whether they are available or not:
80	PKG_PATCHES += $(THISAPP)-strlcpy_strlcat-1.patch
81
82	# The asprintf(3) and vasprintf(3) functions are GNU extentions, not defined
83	# by C or Posix standards. In Glibc these functions leave (char **strp) undefined
84	# after an error. This patch resets (char **strp) to NULL after an error, for
85	# sanity.
86	PKG_PATCHES += $(THISAPP)-asprintf_reset2null-1.patch
87
88	# This patch adds the issetugid() function, which is a front-end to the
89	# __libc_enable_secure() dynamic linker private function. This function
90	# reports whether the program is running with matching real and effective
91	# ID's, or not, to determine whether the program is running with set-uid or
92	# set-gid privileges. Many packages will search for issetugid() and use it if
93	# found, such as Ncurses. This is safer than allowing each program to
94	# determine privileges itself because it is tested at a lower level which is
95	# not manipulatable by the user. Apply this patch with the following command:
96	PKG_PATCHES += $(THISAPP)-issetugid-1.patch
97
98	# The next patch modifies the localedef program so it does not use GCC
99	# Trampoline code (http://gcc.gnu.org/onlinedocs/gccint/Trampolines.html),
100	# which relies on an executable stack to run. Without this patch the localedef
101	# program will be killed if it is run on a kernel with PaX memory protection.
102	# See http://pax.grsecurity.net/docs/pageexec.txt and
103	# http://pax.grsecurity.net/docs/segmexec.txt for more information:
104	PKG_PATCHES += $(THISAPP)-localedef_trampoline-1.patch
105
106	# This patch resticts the environment, particularly with setuid programs:
107	#PKG_PATCHES += $(THISAPP)-sanitize_env.patch
108
109	# The patch modifies __gen_tempname(), used by the mk*temp()/tmpnam() family
110	# of functions, to use /dev/urandom instead of hp-timing, gettimeofday(), or
111	# getpid():
112	PKG_PATCHES += $(THISAPP)-mktemp_urandom.patch
113
114	# The res_randomid() function is a pseudo-random number generator, using
115	# getpid() for entropy. See: http://www.openbsd.org/advisories/res_random.txt
116	# for the vulnerability. This patch uses /dev/urandom instead:
117	PKG_PATCHES += $(THISAPP)-res_randomid.patch
118
119	# This patch does a check on the buffer size of res_* functions:
120	PKG_PATCHES += $(THISAPP)-resolv_response_length.patch
121
122	PKG_PATCHES += $(THISAPP)-undefine-__i686.patch
123	PKG_PATCHES += $(THISAPP)-arc4random.patch
124	PKG_PATCHES += $(THISAPP)-hardened-configure-picdefault.patch
125	PKG_PATCHES += $(THISAPP)-hardened-inittls-nosysenter.patch
126	PKG_PATCHES += $(THISAPP)-hardened-pie.patch
127
128	include ../../Rules
129
130	###############################################################################
131	# Installation Details
132	###############################################################################
133
134	$(STAGE_PREPARE): $(OBJECTS)
135	@@$(PRE_PREPARE)
136	@rm -rf $(DIR_APP) $(DIR_SRC)/glibc-build && cd $(DIR_SRC) && $(DO_EXTRACT) $(DIR_DL)/$(firstword $(PKG_OBJECTS))
137	@mkdir $(DIR_SRC)/glibc-build
138
139	# In the vi_VN.TCVN locale, bash enters an infinite loop at startup. It is
140	# unknown whether this is a bash bug or a Glibc problem. Disable
141	# installation of this locale in order to avoid the problem.
142	cd $(DIR_APP) && sed -i '/vi_VN.TCVN/d' localedata/SUPPORTED
143
144	# The ldd shell script contains Bash-specific syntax. Change its default
145	# program interpreter to /bin/bash in case another /bin/sh is installed.
146	cd $(DIR_APP) && sed -i 's\|@BASH@\|/bin/bash\|' elf/ldd.bash.in
147
148	$(DO_PATCHES)
149
150	# We don't install pt_chown(1) on the final system, so why install it to
151	# $(TOOLS_DIR):
152	cd $(DIR_APP) && sed -e "/^install.*pt_chown/d" -i login/Makefile
153
154	# ldconfig is statically linked, so don't build it PIC:
155	cd $(DIR_APP) && sed "s/CFLAGS-ldconfig.c =/& -fno-PIC -fno-PIE/" \
156	-i elf/Makefile
157
158	# Build nscd with -fstack-protector-all, instead of -fstack-protector:
159	cd $(DIR_APP) && sed -e "s/fstack-protector/&-all/" -i nscd/Makefile
160
161	# We don't need to set -march=i?86 in confparams because GCC was built with
162	# --with-arch=i?86.
163
164	cat $(DIR_SOURCE)/$(THISAPP)-stack_chk_fail.c \
165	> $(DIR_APP)/debug/stack_chk_fail.c
166
167	@$(POST_PREPARE)
168
169
170	$(STAGE_BUILD): $(STAGE_PREPARE)
171	@$(PRE_BUILD)
172	# --enable-stackguard-randomization could be added here, but this is primarily
173	# for attacks by local users, and we shouldn't have those in the rebooted
174	# system. Adding this will empty the /dev/random entropy pool (via
175	# /dev/urandom), unless the system is running a Random Number Gathering Daemon
176	# (rngd). This version of Glibc uses high precision timing with SSP, so the
177	# canary value changes at run-time. This is not as good as /dev/urandom, but
178	# it's better than nothing and has very good performance.
179
180	if [ ! -e /bin/pwd ]; then ln -sfn $(TOOLS_DIR)/bin/pwd /bin/pwd; fi
181
182	cd $(DIR_APP) && sed 's/-nostdlib/& -fno-stack-protector/g' -i.orig configure
183
184	cd $(DIR_APP) && sed -i 's\|libs -o\|libs -L/usr/lib -Wl,-dynamic-linker=$(LINKER) -o\|' \
185	scripts/test-installation.pl
186
187	cd $(DIR_SRC)/glibc-build && \
188	CFLAGS= \
189	CXXFLAGS= \
190	../$(THISAPP)/configure \
191	$(CONFIGURE_ARCH) \
192	--prefix=/usr \
193	--libexecdir=/usr/lib/glibc \
194	--disable-profile \
195	--enable-add-ons \
196	--enable-kernel=$(OPTIMIZED_KERNEL) \
197	--without-selinux \
198	--disable-werror \
199	--enable-bind-now \
200	--enable-stackguard-randomization \
201	--with-stack-protector=all \
202	--enable-omitfp
203
204	# Our GCC is already passing -fPIC, and that's all we want for the libraries.
205	# LDFLAGS.so is appended to so we don't build shared libraries with
206	# DT_TEXTREL (and to tell us if something goes wrong). For now we only build
207	# the libraries, not the programs:
208	echo "build-programs=no" \
209	>> $(DIR_SRC)/glibc-build/configparms
210
211	cd $(DIR_SRC)/glibc-build && make PARALLELMFLAGS=$(PARALLELISMFLAGS) \
212	CFLAGS="-O2 -DPIC -fno-stack-protector -U_FORTIFY_SOURCE" \
213	CXXFLAGS="-O2 -DPIC -fno-stack-protector -U_FORTIFY_SOURCE"
214
215	# Then build the programs with hardening, so everything possible in
216	# $(TOOLS_DIR) is hardened:
217	echo "CFLAGS = $(CFLAGS)" > $(DIR_SRC)/glibc-build/configparms
218	echo "CXXFLAGS = $(CXXFLAGS)" >> $(DIR_SRC)/glibc-build/configparms
219	cd $(DIR_SRC)/glibc-build && make PARALLELMFLAGS=$(PARALLELISMFLAGS) \
220	CFLAGS="$(CFLAGS)" CXXFLAGS="$(CXXFLAGS)"
221
222	@$(POST_BUILD)
223
224	$(STAGE_INSTALL): $(STAGE_BUILD)
225	@$(PRE_INSTALL)
226
227	cd $(DIR_SRC)/glibc-build && make install install_root=$(BUILDROOT)
228
229	install -vd $(BUILDROOT)/usr/lib/static/
230	mv -v $(BUILDROOT)/usr/lib/{libbsd-compat,libg,libieee,libmcheck}.a $(BUILDROOT)/usr/lib/static/
231	mv -v $(BUILDROOT)/usr/lib/{libBrokenLocale,libanl,libcrypt}.a $(BUILDROOT)/usr/lib/static/
232	mv -v $(BUILDROOT)/usr/lib/{libm,libnsl,libpthread,libresolv}.a $(BUILDROOT)/usr/lib/static/
233	mv -v $(BUILDROOT)/usr/lib/{librpcsvc,librt,libutil}.a $(BUILDROOT)/usr/lib/static/
234
235	rm -vf $(BUILDROOT){/usr,}/lib/*_g.a
236
237	# Locales
238	-mkdir -pv $(BUILDROOT)/usr/lib/locale
239	# This would install all locales that are supported, but we do only
240	# install a minimal set of them
241	cd $(DIR_SRC)/glibc-build && make localedata/install-locales install_root=$(BUILDROOT)
242
243
244	# Timezone
245	cp -v --remove-destination $(BUILDROOT)/usr/share/zoneinfo/GMT $(BUILDROOT)/etc/localtime
246
247	# Configuration
248	cp -vf $(DIR_SOURCE)/{ld.so.conf,nsswitch.conf} $(BUILDROOT)/etc
249
250	if [ -h /bin/pwd ]; then rm -f /bin/pwd; fi
251
252	@$(POST_INSTALL)