]>
Commit | Line | Data |
---|---|---|
166a6c21 MT |
1 | ############################################################################### |
2 | # # | |
3 | # IPFire.org - A linux based firewall # | |
4 | # Copyright (C) 2007, 2008, 2009 Michael Tremer & Christian Schmidt # | |
5 | # # | |
6 | # This program is free software: you can redistribute it and/or modify # | |
7 | # it under the terms of the GNU General Public License as published by # | |
8 | # the Free Software Foundation, either version 3 of the License, or # | |
9 | # (at your option) any later version. # | |
10 | # # | |
11 | # This program is distributed in the hope that it will be useful, # | |
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
14 | # GNU General Public License for more details. # | |
15 | # # | |
16 | # You should have received a copy of the GNU General Public License # | |
17 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
18 | # # | |
19 | ############################################################################### | |
20 | ||
21 | ############################################################################### | |
22 | # Definitions | |
23 | ############################################################################### | |
24 | ||
a7c97434 | 25 | include $(PKGROOT)/Include |
166a6c21 MT |
26 | |
27 | PKG_NAME = glibc | |
eae7d017 | 28 | PKG_VER = 2.14 |
ba8de1f5 | 29 | PKG_REL = 1 |
7f617709 MT |
30 | |
31 | # TODO tzdata | |
166a6c21 MT |
32 | |
33 | PKG_MAINTAINER = Michael Tremer <michael.tremer@ipfire.org> | |
bb7d617c | 34 | PKG_GROUPS = System/Base |
166a6c21 MT |
35 | PKG_URL = http://sources.redhat.com/glibc/ |
36 | PKG_LICENSE = GPLv2+ LGPLv2+ | |
37 | PKG_SUMMARY = The GNU libc libraries. | |
38 | ||
7eaea6f8 MT |
39 | PKG_BUILD_DEPS+= audit-devel autoconf automake gettext libcap-devel \ |
40 | libselinux-devel texinfo | |
2777fcb0 | 41 | |
166a6c21 MT |
42 | define PKG_DESCRIPTION |
43 | The glibc package contains standard libraries which are used by \ | |
44 | multiple programs on the system. In order to save disk space and \ | |
45 | memory, as well as to make upgrading easier, common system code is \ | |
46 | kept in one place and shared between programs. This particular package \ | |
47 | contains the most important sets of shared libraries: the standard C \ | |
48 | library and the standard math library. Without these two libraries, a \ | |
49 | Linux system will not function. | |
50 | endef | |
51 | ||
5a71f323 MT |
52 | # Build glibc with custom cflags |
53 | GLIBC_FLAGS = -O3 -g -fasynchronous-unwind-tables -DNDEBUG -DPIC | |
0bed08cd | 54 | |
5a71f323 MT |
55 | ifeq "$(DISTRO_ARCH)" "i686" |
56 | GLIBC_FLAGS += -march=i686 -mtune=generic | |
57 | endif | |
166a6c21 | 58 | |
5a71f323 MT |
59 | ifeq "$(DISTRO_ARCH)" "x86_64" |
60 | GLIBC_FLAGS += -mtune=generic | |
61 | endif | |
62 | ||
63 | export CFLAGS = $(GLIBC_FLAGS) | |
64 | export CXXFLAGS = $(GLIBC_FLAGS) | |
65 | ||
66 | GLIBC_TARGET_PLATFORM = $(subst -gnu,,$(DISTRO_MACHINE)) | |
0e22dbe2 | 67 | OPTIMIZED_KERNEL = 2.6.32 |
166a6c21 | 68 | |
d9a1ddc1 | 69 | PKG_OBJECTS += $(THISAPP).tar.xz |
166a6c21 | 70 | |
b2ec3c8a MT |
71 | # $(THISAPP)-pt_pax-1.patch - Support for PT_PaX markings. |
72 | ||
73 | # $(THISAPP)-strlcpy_strlcat-1.patch | |
74 | # This patch adds the strlcpy and strlcat functions and manual pages to Glibc. | |
75 | # A paper written about these functions is available here: | |
76 | # http://www.courtesan.com/todd/papers/strlcpy.html. The Glibc project has | |
77 | # refused to add these functions, and that mail tread starts here: | |
78 | # http://sources.redhat.com/ml/libc-alpha/2000-08/msg00052.html. Linus Torvalds | |
79 | # has added a similar function to the Linux kernel, and that mail thread is | |
80 | # here: http://lwn.net/Articles/33814/. The strlcpy() and strlcat() functions | |
81 | # are replacements for strncpy() and strncat(). The controversy of these | |
82 | # functions is that strlcpy() and strlcat() copy the source data to the | |
83 | # destination buffer until the destination is full, and discards the rest of | |
84 | # the data if there is any. This means that these functions will never | |
85 | # overflow. The basis for the Glibc team's refusal to add these functions is | |
86 | # that they silently hide programing errors, and they have a higher performance | |
87 | # hit than strncpy() and strncat(). These functions should not be needed in a | |
88 | # perfect world, but were invented to deal with the real world. Many packages | |
89 | # will use these functions if they are found, such as Perl and many BLFS | |
90 | # packages. These functions do reduce buffer overflows, and so they are | |
91 | # recommended. After installing this patch no other effort is needed to use it. | |
92 | # Packages will use autotools to detect whether they are available or not. | |
93 | ||
94 | # $(THISAPP)-asprintf_reset2null-1.patch | |
95 | # The asprintf(3) and vasprintf(3) functions are GNU extentions, not defined | |
96 | # by C or Posix standards. In Glibc these functions leave (char **strp) undefined | |
97 | # after an error. This patch resets (char **strp) to NULL after an error, for | |
98 | # sanity. | |
99 | ||
100 | # $(THISAPP)-issetugid-1.patch | |
101 | # This patch adds the issetugid() function, which is a front-end to the | |
102 | # __libc_enable_secure() dynamic linker private function. This function | |
103 | # reports whether the program is running with matching real and effective | |
104 | # ID's, or not, to determine whether the program is running with set-uid or | |
105 | # set-gid privileges. Many packages will search for issetugid() and use it if | |
106 | # found, such as Ncurses. This is safer than allowing each program to | |
107 | # determine privileges itself because it is tested at a lower level which is | |
108 | # not manipulatable by the user. Apply this patch with the following command: | |
109 | ||
110 | # $(THISAPP)-localedef_trampoline-1.patch | |
111 | # The next patch modifies the localedef program so it does not use GCC | |
112 | # Trampoline code (http://gcc.gnu.org/onlinedocs/gccint/Trampolines.html), | |
113 | # which relies on an executable stack to run. Without this patch the localedef | |
114 | # program will be killed if it is run on a kernel with PaX memory protection. | |
115 | # See http://pax.grsecurity.net/docs/pageexec.txt and | |
116 | # http://pax.grsecurity.net/docs/segmexec.txt for more information. | |
117 | ||
118 | # $(THISAPP)-sanitize_env.patch | |
119 | # This patch resticts the environment, particularly with setuid programs. | |
120 | ||
121 | # $(THISAPP)-mktemp_urandom.patch | |
122 | # The patch modifies __gen_tempname(), used by the mk*temp()/tmpnam() family | |
123 | # of functions, to use /dev/urandom instead of hp-timing, gettimeofday(), or | |
124 | # getpid(): | |
125 | ||
126 | # $(THISAPP)-res_randomid.patch | |
127 | # The res_randomid() function is a pseudo-random number generator, using | |
128 | # getpid() for entropy. See: http://www.openbsd.org/advisories/res_random.txt | |
129 | # for the vulnerability. This patch uses /dev/urandom instead. | |
130 | ||
131 | # $(THISAPP)-resolv_response_length.patch | |
132 | # This patch does a check on the buffer size of res_* functions. | |
166a6c21 | 133 | |
370830cf | 134 | QUALITY_AGENT_RPATH_ALLOW_ORIGIN=yes |
166a6c21 | 135 | |
17c0ee8a MT |
136 | define STAGE_PREPARE |
137 | @cd $(DIR_SRC) && $(DO_EXTRACT) $(DIR_DL)/$(firstword $(PKG_OBJECTS)) | |
166a6c21 MT |
138 | @mkdir $(DIR_SRC)/glibc-build |
139 | ||
140 | # In the vi_VN.TCVN locale, bash enters an infinite loop at startup. It is | |
141 | # unknown whether this is a bash bug or a Glibc problem. Disable | |
142 | # installation of this locale in order to avoid the problem. | |
143 | cd $(DIR_APP) && sed -i '/vi_VN.TCVN/d' localedata/SUPPORTED | |
144 | ||
145 | # The ldd shell script contains Bash-specific syntax. Change its default | |
146 | # program interpreter to /bin/bash in case another /bin/sh is installed. | |
147 | cd $(DIR_APP) && sed -i 's|@BASH@|/bin/bash|' elf/ldd.bash.in | |
148 | ||
149 | $(DO_PATCHES) | |
150 | ||
151 | # We don't install pt_chown(1) on the final system, so why install it to | |
152 | # $(TOOLS_DIR): | |
153 | cd $(DIR_APP) && sed -e "/^install.*pt_chown/d" -i login/Makefile | |
154 | ||
166a6c21 MT |
155 | # Build nscd with -fstack-protector-all, instead of -fstack-protector: |
156 | cd $(DIR_APP) && sed -e "s/fstack-protector/&-all/" -i nscd/Makefile | |
157 | ||
158 | # We don't need to set -march=i?86 in confparams because GCC was built with | |
159 | # --with-arch=i?86. | |
160 | ||
bceb6c91 | 161 | cat $(DIR_SOURCE)/$(PKG_NAME)-stack_chk_fail.c \ |
166a6c21 | 162 | > $(DIR_APP)/debug/stack_chk_fail.c |
f1fdd4d6 | 163 | |
7c1fc7a0 MT |
164 | #cd $(DIR_APP) && \ |
165 | # sed -e "s|libs -o|libs -L/usr/lib -Wl,-dynamic-linker=$(shell readelf -l /bin/sh | sed -n 's@.*interpret.*$(TOOLS_DIR)\(.*\)]$$@\1@p') -o|" \ | |
166 | # -i scripts/test-installation.pl | |
8a346372 | 167 | |
0bed08cd MT |
168 | # Use gnu hash style |
169 | cd $(DIR_APP) && sed -i Makeconfig \ | |
170 | -e "s/-Wl,--hash-style=both/-Wl,--hash-style=gnu -Wl,-O1/" | |
342b9bc7 MT |
171 | |
172 | # stdlib/tst-putenvmod is not linked against libc. | |
173 | cd $(DIR_APP) && sed -i stdlib/Makefile \ | |
174 | -e "s/^CFLAGS-tst-putenvmod.c.*/& -fno-stack-protector/g" | |
175 | ||
176 | # stdio-common/bug22 hits timeout. | |
177 | cd $(DIR_APP) && sed -i stdio-common/bug22.c \ | |
178 | -e "s/#define TIMEOUT.*/#define TIMEOUT 300/" | |
ce136479 MT |
179 | |
180 | # These tests don't work or need more investigation: | |
181 | cd $(DIR_APP) && sed -i dlfcn/Makefile -e "s/default //g" | |
182 | ||
183 | cd $(DIR_APP) && sed -i nptl/Makefile \ | |
184 | -e "s/tst-mutex5 //g" \ | |
185 | -e "s/tst-mutex5a //g" \ | |
186 | -e "s/tst-cond11 //g" \ | |
187 | -e "s/tst-rwlock6 //g" \ | |
188 | -e "s/tst-rwlock7 //g" \ | |
189 | -e "s/tst-sem5 //g" \ | |
190 | -e "s/tst-cancelx4 //g" \ | |
191 | -e "s/tst-cancelx5 //g" \ | |
192 | -e "s/tst-cancelx10 //g" \ | |
193 | -e "s/tst-cancelx18 //g" \ | |
80ac1d2c | 194 | -e "s/tst-signal1 //g" |
ce136479 MT |
195 | |
196 | # These are known to fail on x86: | |
197 | cd $(DIR_APP) && sed -i rt/Makefile \ | |
198 | -e "s/tst-cpuclock1 //g" \ | |
199 | -e "s/tst-cpuclock2 //g" | |
200 | ||
201 | cd $(DIR_APP) && sed -i elf/Makefile \ | |
202 | -e "s/tst-tls1 //g" \ | |
203 | -e "s/tst-tls1-static //g" \ | |
204 | -e "s/tst-tls2 //g" \ | |
205 | -e "s/tst-tls2-static //g" \ | |
206 | -e "s/tst-tls3 //g" \ | |
207 | -e "s/resolvfail //g" \ | |
208 | -e "s/constload1 //g" \ | |
209 | -e "s/order //g" \ | |
210 | -e "s/lateglobal //g" \ | |
211 | -e "s/dblload //g" \ | |
212 | -e "s/dblunload //g" \ | |
213 | -e "s/reldep6 //g" \ | |
214 | -e "s/circleload1 //g" \ | |
215 | -e "s/tst-global1 //g" \ | |
216 | -e "s/tst-audit2 //g" \ | |
217 | -e "s/check-localplt //g" \ | |
218 | -e "s/check-localplt.out$$//g" | |
219 | ||
80ac1d2c MT |
220 | cd $(DIR_APP) && sed -i signal/Makefile \ |
221 | -e "s/tst-sigset2//g" | |
5a71f323 MT |
222 | |
223 | #cd $(DIR_APP) && sed -i configure \ | |
224 | # -e "s/-Werror -fstack-protector/-fstack-protector/" | |
17c0ee8a | 225 | endef |
166a6c21 | 226 | |
17c0ee8a | 227 | define STAGE_BUILD |
166a6c21 | 228 | cd $(DIR_SRC)/glibc-build && \ |
5a71f323 | 229 | CFLAGS="$(CFLAGS) -fno-asynchronous-unwind-tables" \ |
166a6c21 | 230 | ../$(THISAPP)/configure \ |
5a71f323 MT |
231 | --build=$(GLIBC_TARGET_PLATFORM) \ |
232 | --host=$(GLIBC_TARGET_PLATFORM) \ | |
166a6c21 MT |
233 | --prefix=/usr \ |
234 | --libexecdir=/usr/lib/glibc \ | |
235 | --disable-profile \ | |
236 | --enable-add-ons \ | |
237 | --enable-kernel=$(OPTIMIZED_KERNEL) \ | |
2777fcb0 | 238 | --with-selinux \ |
166a6c21 MT |
239 | --disable-werror \ |
240 | --enable-bind-now \ | |
70b63715 MT |
241 | --enable-__thread \ |
242 | --enable-tls \ | |
243 | --enable-experimental-malloc \ | |
244 | --with-gd \ | |
245 | --with-nss-crypt | |
246 | ||
247 | cd $(DIR_SRC)/glibc-build && sed -i config.make \ | |
248 | -e "s/^build-pic-default=.*/build-pic-default=yes/" | |
166a6c21 MT |
249 | |
250 | # Our GCC is already passing -fPIC, and that's all we want for the libraries. | |
251 | # LDFLAGS.so is appended to so we don't build shared libraries with | |
252 | # DT_TEXTREL (and to tell us if something goes wrong). For now we only build | |
253 | # the libraries, not the programs: | |
254 | echo "build-programs=no" \ | |
255 | >> $(DIR_SRC)/glibc-build/configparms | |
256 | ||
257 | cd $(DIR_SRC)/glibc-build && make PARALLELMFLAGS=$(PARALLELISMFLAGS) \ | |
0bed08cd MT |
258 | CFLAGS="$(CFLAGS) -fno-stack-protector -U_FORTIFY_SOURCE" \ |
259 | CXXFLAGS="$(CXXFLAGS) -fno-stack-protector -U_FORTIFY_SOURCE" | |
166a6c21 MT |
260 | |
261 | # Then build the programs with hardening, so everything possible in | |
262 | # $(TOOLS_DIR) is hardened: | |
0bed08cd | 263 | echo "# Nothing in here :D" > $(DIR_SRC)/glibc-build/configparms |
166a6c21 MT |
264 | cd $(DIR_SRC)/glibc-build && make PARALLELMFLAGS=$(PARALLELISMFLAGS) \ |
265 | CFLAGS="$(CFLAGS)" CXXFLAGS="$(CXXFLAGS)" | |
17c0ee8a | 266 | endef |
166a6c21 | 267 | |
7c1fc7a0 MT |
268 | #define STAGE_TEST |
269 | # cd $(DIR_SRC)/glibc-build && TIMEOUTFACTOR=16 make check \ | |
270 | # CFLAGS="$(CFLAGS) -fno-stack-protector -U_FORTIFY_SOURCE" \ | |
271 | # CXXFLAGS="$(CXXFLAGS) -fno-stack-protector -U_FORTIFY_SOURCE" | |
272 | #endef | |
b6ca5178 | 273 | |
17c0ee8a | 274 | define STAGE_INSTALL |
166a6c21 MT |
275 | cd $(DIR_SRC)/glibc-build && make install install_root=$(BUILDROOT) |
276 | ||
166a6c21 MT |
277 | # Locales |
278 | -mkdir -pv $(BUILDROOT)/usr/lib/locale | |
f1fdd4d6 | 279 | # This would install all locales that are supported |
166a6c21 MT |
280 | cd $(DIR_SRC)/glibc-build && make localedata/install-locales install_root=$(BUILDROOT) |
281 | ||
166a6c21 MT |
282 | # Timezone |
283 | cp -v --remove-destination $(BUILDROOT)/usr/share/zoneinfo/GMT $(BUILDROOT)/etc/localtime | |
284 | ||
285 | # Configuration | |
286 | cp -vf $(DIR_SOURCE)/{ld.so.conf,nsswitch.conf} $(BUILDROOT)/etc | |
7f617709 MT |
287 | -mkdir -pv $(BUILDROOT)/etc/{default,ld.so.conf.d} |
288 | install -p -m644 $(DIR_APP)/nis/nss $(BUILDROOT)/etc/default/nss | |
2cef8807 MT |
289 | |
290 | # Remove unused binaries | |
7f617709 MT |
291 | rm -vf $(BUILDROOT)/sbin/sln \ |
292 | $(BUILDROOT)/usr/bin/rpcinfo | |
293 | ||
294 | # Don't distribute linker cache | |
295 | rm -vf $(BUILDROOT)/etc/ld.so.cache | |
296 | ||
297 | # Include /usr/lib/gconv/gconv-modules.cache | |
298 | > $(BUILDROOT)/usr/lib/gconv/gconv-modules.cache | |
299 | chmod 644 $(BUILDROOT)/usr/lib/gconv/gconv-modules.cache | |
300 | ||
301 | strip -g $(BUILDROOT)/usr/lib/*.o | |
302 | ||
303 | # Move some libs to correct place | |
304 | mv -v $(BUILDROOT)/lib/lib{memusage,pcprofile}.so $(BUILDROOT)/usr/lib/ | |
305 | endef | |
306 | ||
307 | ### Packages | |
308 | ||
309 | # glibc-common | |
310 | PKG_PACKAGES += $(PKG_NAME)-common | |
311 | PKG_DEPS += $(PKG_NAME)-common | |
312 | ||
313 | define PKG_FILES-$(PKG_NAME)-common | |
314 | /usr/bin | |
315 | /usr/sbin | |
316 | /usr/share | |
317 | !/usr/share/zoneinfo | |
318 | endef | |
319 | ||
320 | # glibc-devel | |
321 | PKG_PACKAGES += $(PKG_NAME)-devel | |
322 | ||
323 | PKG_SUMMARY-$(PKG_NAME)-devel = \ | |
324 | Object files for development using standard C libraries. | |
325 | PKG_GROUP-$(PKG_NAME)-devel = Development/Libraries | |
326 | PKG_DEPS-$(PKG_NAME)-devel += $(PKG_NAME)-headers | |
327 | ||
328 | define PKG_DESCRIPTION-$(PKG_NAME)-devel | |
329 | The glibc-devel package contains the object files necessary | |
330 | for developing programs which use the standard C libraries (which are | |
331 | used by nearly all programs). If you are developing programs which | |
332 | will use the standard C libraries, your system needs to have these | |
333 | standard object files available in order to create the | |
334 | executables. | |
335 | ||
336 | Install glibc-devel if you are going to develop programs which will | |
337 | use the standard C libraries. | |
338 | endef | |
339 | ||
340 | PKG_FILES-$(PKG_NAME)-devel += /usr/lib/*.a /usr/lib/*.o | |
341 | ||
342 | # glibc-headers | |
343 | PKG_PACKAGES += $(PKG_NAME)-headers | |
344 | ||
345 | PKG_DEPS-$(PKG_NAME)-headers += kernel-headers | |
346 | ||
347 | define PKG_DESCRIPTION-$(PKG_NAME)-heasders | |
348 | The glibc-headers package contains the header files necessary | |
349 | for developing programs which use the standard C libraries (which are | |
350 | used by nearly all programs). If you are developing programs which | |
351 | will use the standard C libraries, your system needs to have these | |
352 | standard header files available in order to create the | |
353 | executables. | |
354 | ||
355 | Install glibc-headers if you are going to develop programs which will | |
356 | use the standard C libraries. | |
357 | endef | |
358 | ||
359 | define PKG_FILES-$(PKG_NAME)-headers | |
360 | /usr/include | |
361 | !/usr/include/linuxthreads | |
362 | !/usr/include/gnu/stubs-[32164]*.h | |
363 | endef | |
364 | ||
365 | # nscd | |
366 | PKG_PACKAGES += nscd | |
367 | ||
368 | PKG_SUMMARY-nscd = A Name Service Caching Daemon (nscd). | |
369 | PKG_GROUP-nscd = System/Daemons | |
370 | ||
371 | define PKG_DESCRIPTION-nscd | |
372 | Nscd caches name service lookups and can dramatically improve \ | |
373 | performance with NIS+, and may help with DNS as well. | |
374 | endef | |
375 | ||
376 | define PKG_FILES-nscd | |
377 | /usr/sbin/nscd | |
378 | endef | |
379 | ||
380 | # glibc-utils | |
381 | PKG_PACKAGES += $(PKG_NAME)-utils | |
382 | ||
383 | PKG_SUMMARY-$(PKG_NAME)-utils = Development utilities from GNU C library. | |
384 | PKG_GROUP-$(PKG_NAME)-utils = Development/Tools | |
385 | define PKG_DESCRIPTION_$(PKG_NAME)-utils | |
386 | The glibc-utils package contains memusage, a memory usage profiler, \ | |
387 | mtrace, a memory leak tracer and xtrace, a function call tracer \ | |
388 | which can be helpful during program debugging. | |
389 | endef | |
390 | ||
391 | define PKG_FILES-$(PKG_NAME)-utils | |
7aad036c MT |
392 | /usr/bin/memusage |
393 | /usr/bin/memusagestat | |
7f617709 MT |
394 | /usr/bin/mtrace |
395 | /usr/bin/pcprofiledump | |
396 | /usr/bin/xtrace | |
397 | /usr/lib/libmemusage.so | |
398 | /usr/lib/libpcprofile.so | |
17c0ee8a | 399 | endef |