ifeq "$(STAGE)" "toolchain"
$(IFS_TARGET)-gcc -dumpspecs | sed \
-e 's@$(LINKER)@$(TOOLS_DIR)&@g' \
- -e "/^\*cpp:$$/{n;s,$$, -isystem $(TOOLS_DIR)/include,}" \
> $$(dirname $$($(IFS_TARGET)-gcc -print-libgcc-file-name))/specs
endif
objects = $(DL_FILE) \
$(THISAPP)-fixes-8.patch \
$(PKG_NAME)-doc-$(VER).tar.gz \
- $(THISAPP)-arc4random-1.patch
+ $(THISAPP)-arc4random-1.patch \
+ $(THISAPP)-rng.patch
download: $(objects)
cd $(DIR_APP) && patch -Np1 < $(DIR_PATCHES)/$(THISAPP)-fixes-8.patch
-ifeq "$(STAGE)" "toolchain"
+ifeq "$(STAGE)" "toolchain"
+ # This patch modifies Bash to use /dev/urandom (settable with
+ # --with-randomdev=) for $RANDOM, instead of getpid() and gettimeofday().
+ # The test is "( echo $RANDOM; ( echo $RANDOM ); ( echo $RANDOM ) )":
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-rng.patch
+
+ # Bash uses the RTLD_LAZY option when loading libraries. We want to use
+ # RTLD_NOW (it is defined from <dlfcn.h>:
+ cd $(DIR_APP) && sed -e "s/filename, RTLD_LAZY/filename, RTLD_NOW/" \
+ -i builtins/enable.def
+
cd $(DIR_APP) && \
ac_cv_func_working_mktime=yes \
./configure \
+ $(CONFIGURE_ARCH) \
--prefix=$(TOOLS_DIR) \
- --without-bash-malloc \
- --with-curses
+ --without-bash-malloc
cd $(DIR_APP) && make #$(PARALLELISMFLAGS)
cd $(DIR_APP) && make install
ln -sf bash $(TOOLS_DIR)/bin/sh
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && $(EXTRACTOR) $(DIR_DL)/$(DL_FILE)
ifeq "$(STAGE)" "toolchain"
- cd $(DIR_APP) && ./configure --prefix=$(TOOLS_DIR)
+ cd $(DIR_APP) && \
+ ./configure \
+ $(CONFIGURE_ARCH) \
+ --prefix=$(TOOLS_DIR)
cd $(DIR_APP) && make $(PARALLELISMFLAGS)
cd $(DIR_APP) && make install
endif
objects = $(DL_FILE) \
$(THISAPP)-ld_makefile.patch \
$(THISAPP)-pt_pax-1.patch \
- $(THISAPP)-lazy-1.patch
+ $(THISAPP)-lazy-1.patch \
+ $(THISAPP)-asprintf_fix.patch
download: $(objects)
@rm -rf $(DIR_SRC)/binutils-build
-mkdir -v $(DIR_SRC)/binutils-build
+ # Add PT_PaX header marking support. These markings are using by the PaX
+ # kernel, and Pax-utils, to identify which programs need things like executable
+ # stack, etc. Without this patch the PaX kernel must use legacy mode, and this
+ # patch is greatly preferable:
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-pt_pax-1.patch
+
ifeq "$(STAGE)" "toolchain"
ifeq "$(PASS)" "1"
cd $(DIR_SRC)/binutils-build && \
+ CC="gcc -B/usr/bin/" \
../$(THISAPP)/configure \
+ $(CONFIGURE_ARCH) \
--target=$(IFS_TARGET) \
--prefix=$(TOOLS_DIR) \
--disable-nls \
cd $(DIR_SRC)/binutils-build && make $(PARALLELISMFLAGS)
cd $(DIR_SRC)/binutils-build && make install
- cd $(TOOLS_DIR)/$(IFS_TARGET)/bin; \
- if [ "$(IFS_TARGET)" == "$$($(DIR_APP)/config.guess)" ]; then \
- for t in $$(ls -1); do \
- ln -sfv $${t} $(TOOLS_DIR)/bin/$(IFS_TARGET)-$${t}; \
- done; \
- fi
+ for t in $$(ls $(TOOLS_DIR)/$(IFS_TARGET)/bin); do \
+ ln -sfv ../$(IFS_TARGET)/bin/$${t} $(TOOLS_DIR)/bin/$(IFS_TARGET)-$${t}; \
+ done
endif
ifeq "$(PASS)" "2"
+ # Binutils libiberty has the same identical bug GCC has:
+ cd $(DIR_APP) && patch -Np0 -i $(DIR_PATCHES)/$(THISAPP)-asprintf_fix.patch
+
cd $(DIR_SRC)/binutils-build && \
- CC="$(IFS_TARGET)-gcc -B$(TOOLS_DIR)/lib/" \
- AR=$(IFS_TARGET)-ar \
- RANLIB=$(IFS_TARGET)-ranlib \
../$(THISAPP)/configure \
+ $(CONFIGURE_ARCH) \
--target=$(IFS_TARGET) \
--prefix=$(TOOLS_DIR) \
--with-lib-path=$(TOOLS_DIR)/lib \
- --disable-nls
+ --disable-nls \
+ --disable-werror
cd $(DIR_SRC)/binutils-build && make $(PARALLELISMFLAGS)
cd $(DIR_SRC)/binutils-build && make install
endif
ifeq "$(STAGE)" "base"
-ifeq "$(PAX)" "1"
- cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-pt_pax-1.patch
-endif
+ cd $(DIR_APP) && patch -Np0 -i $(DIR_PATCHES)/$(THISAPP)-asprintf_fix.patch
cd $(DIR_SRC)/binutils-build && \
CC="gcc -specs=$$(dirname $$(gcc --print-libgcc-file-name))/myspecs -B/usr/lib/ -B/usr/bin/" \
../$(THISAPP)/configure \
cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-old_build_kernel-1.patch
ifeq "$(STAGE)" "toolchain"
- cd $(DIR_APP) && ./configure --prefix=$(TOOLS_DIR) \
- --enable-install-program=hostname
+ cd $(DIR_APP) && \
+ ./configure \
+ $(CONFIGURE_ARCH) \
+ --prefix=$(TOOLS_DIR) \
+ --enable-install-program=hostname
cd $(DIR_APP) && make $(PARALLELISMFLAGS)
cd $(DIR_APP) && make install
-
+
cd $(DIR_APP) && cp -v src/su $(TOOLS_DIR)/bin/su-tools
endif
$(TARGET) :
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
-
+
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-hardened_tmp-1.patch
+
ifeq "$(STAGE)" "toolchain"
- cd $(DIR_APP) && ./configure --prefix=$(TOOLS_DIR)
+ cd $(DIR_APP) && \
+ ./configure \
+ $(CONFIGURE_ARCH) \
+ --prefix=$(TOOLS_DIR)
cd $(DIR_APP) && make $(PARALLELISMFLAGS)
cd $(DIR_APP) && make install
endif
ifeq "$(STAGE)" "base"
cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-i18n-1.patch
- cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-hardened_tmp-1.patch
cd $(DIR_APP) && touch man/diff.1
cd $(DIR_APP) && ./configure --prefix=/usr
cd $(DIR_APP) && make $(PARALLELISMFLAGS)
-mkdir $(DIR_APP)/build
ifeq "$(STAGE)" "toolchain"
- cd $(DIR_APP)/build && ../configure --prefix=$(TOOLS_DIR) \
- --enable-elf-shlibs
+ # Fix DT_TEXTREL in e2fsprogs libraries. --disable-shared and
+ # --with-pic are not options in E2fsprogs:
+ cd $(DIR_APP) && \
+ find lib/ -name Makefile.in -exec sed -i "s/\$$(ALL_CFLAGS)/& -fPIC/" {} \;
+
+ # At run time libblkid looks for the BLKID_DEBUG environment variable to
+ # enable debbugging, with getenv(3). Some suid-root programs use libblkid,
+ # such as mount(1). e2fsprogs includes a safe_getenv() function, which calls
+ # __secure_getenv() from libc. __secure_getenv will restrict some environment
+ # variables if the user is suid or sgid. So, this command replaces getenv()
+ # with safe_getenv():
+ cd $(DIR_APP) && sed \
+ -e "s/getenv(\"BLKID_DEBUG\")/safe_getenv(\"BLKID_DEBUG\")/" \
+ -i lib/blkid/cache.c
+
+ cd $(DIR_APP)/build && \
+ ../configure \
+ $(CONFIGURE_ARCH) \
+ --prefix=$(TOOLS_DIR) \
+ --enable-elf-shlibs
cd $(DIR_APP)/build && make $(PARALLELISMFLAGS)
cd $(DIR_APP)/build && make install-libs
endif
$(TARGET) :
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+
ifeq "$(STAGE)" "toolchain"
- cd $(DIR_APP) && ./configure --prefix=$(TOOLS_DIR)
+ cd $(DIR_APP) && \
+ ./configure \
+ $(CONFIGURE_ARCH) \
+ --prefix=$(TOOLS_DIR) \
+ --libexecdir=$(TOOLS_DIR)/lib/findutils
cd $(DIR_APP) && make $(PARALLELISMFLAGS)
cd $(DIR_APP) && make install
endif
mv -v /usr/bin/find /bin
sed -i -e 's/find:=$${BINDIR}/find:=\/bin/' /usr/bin/updatedb
endif
+
@rm -rf $(DIR_APP)
@$(POSTBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
ifeq "$(STAGE)" "toolchain"
- cd $(DIR_APP) && ./configure --prefix=$(TOOLS_DIR)
+ cd $(DIR_APP) && \
+ ./configure \
+ $(CONFIGURE_ARCH) \
+ --prefix=$(TOOLS_DIR)
cd $(DIR_APP) && make $(PARALLELISMFLAGS)
cd $(DIR_APP) && make install
endif
--localstatedir=/var \
--disable-static \
--enable-libxml2
- cd $(DIR_APP) && make $(PARALLELISMFLAGS)
+ cd $(DIR_APP) && make #$(PARALLELISMFLAGS)
cd $(DIR_APP) && make install
@rm -rf $(DIR_APP)
@$(POSTBUILD)
cd $(DIR_APP) && \
ac_cv_func_working_mktime=yes \
./configure \
- --prefix=$(TOOLS_DIR)
+ $(CONFIGURE_ARCH) \
+ --prefix=$(TOOLS_DIR) \
+ --libexecdir=$(TOOLS_DIR)/lib
cd $(DIR_APP) && echo "#define HAVE_LANGINFO_CODESET 1" >> config.h
cd $(DIR_APP) && echo "#define HAVE_LC_MESSAGES 1" >> config.h
cd $(DIR_APP) && make $(PARALLELISMFLAGS)
CFLAGS = -pipe
CXXFLAGS =
+GMP = $(shell grep ^VER $(DIR_SRC)/lfs/gmp | awk '{ print $$3 }')
+MPFR = $(shell grep ^VER $(DIR_SRC)/lfs/mpfr | awk '{ print $$3 }')
+
ifeq "$(STAGE)" "base"
TARGET = $(DIR_INFO)/$(STAGE_ORDER)_$(STAGE)/$(THISAPP)
else
###############################################################################
objects = $(DL_FILE) \
+ gmp-$(GMP).tar.bz2 mpfr-$(MPFR).tar.bz2 \
$(THISAPP)-fstack_protector-1.patch \
$(THISAPP)-fortify_source-2.patch \
$(THISAPP)-fpie-1.patch \
- $(THISAPP)-branch-startfiles-1.patch
+ $(THISAPP)-branch-startfiles-1.patch \
+ $(THISAPP)-asprintf_fix.patch
install : $(TARGET)
@rm -rf $(DIR_APP) $(DIR_SRC)/gcc-build && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
-mkdir -v $(DIR_SRC)/gcc-build
+ # First, unpack gmp and mpfr.
+ # We use the build-"magic" of the gcc build system that we compile libgmp and
+ # libmpfr right (with -fPIC and so on).
+ cd $(DIR_APP) && $(EXTRACTOR) $(DIR_DL)/gmp-$(GMP).tar.bz2
+ cd $(DIR_APP) && ln -svf gmp-* gmp
+ cd $(DIR_APP) && $(EXTRACTOR) $(DIR_DL)/mpfr-$(MPFR).tar.bz2
+ cd $(DIR_APP) && ln -svf mpfr-* mpfr
+
ifeq "$(STAGE)" "toolchain"
ifeq "$(PASS)" "1"
-ifeq "$(PIE)" "1"
## Enable -fPIC by default
cd $(DIR_APP) && sed 's/^\(#define CC1_SPEC.*\)\("\)$$/\1 %{fno-pic|fpic|fPIC:;:-fPIC}\2/' \
-i gcc/config/i386/linux.h
-endif
+
cd $(DIR_SRC)/gcc-build && \
+ CC="gcc -B/usr/bin/" \
../$(THISAPP)/configure \
+ $(CONFIGURE_ARCH) \
--target=$(IFS_TARGET) \
+ --with-cpu=$(MACHINE) \
+ --with-arch=$(MACHINE) \
--prefix=$(TOOLS_DIR) \
+ --with-local-prefix=$(TOOLS_DIR) \
+ --libexecdir=$(TOOLS_DIR)/lib \
--enable-languages=c \
- --disable-shared \
- --disable-threads \
- --disable-multilib \
- --disable-libmudflap \
- --disable-libssp \
- --disable-libgomp \
+ --enable-shared \
--disable-nls \
- --enable-checking=none \
- --with-mpfr=$(TOOLS_DIR) \
- --with-gmp=$(TOOLS_DIR) \
--disable-werror \
$(CONFIGURE_ARGS)
- cd $(DIR_SRC)/gcc-build && make $(PARALLELISMFLAGS)
+
+ # 'gcc_cv_libc_provides_ssp=yes' is added because without it GCC may want to
+ # use libssp if the host system's libc is unsupported:
+ cd $(DIR_SRC)/gcc-build && make gcc_cv_libc_provides_ssp=yes $(PARALLELISMFLAGS)
cd $(DIR_SRC)/gcc-build && make install
ln -fvs gcc $(TOOLS_DIR)/bin/cc
- ln -sfv libgcc.a $$($(IFS_TARGET)-gcc -print-libgcc-file-name | sed 's/libgcc/&_eh/')
- ln -svf ../include-fixed/syslimits.h \
- $(TOOLS_DIR)/lib/gcc/$(IFS_TARGET)/$(VER)/include/syslimits.h
- ln -svf ../include-fixed/limits.h \
- $(TOOLS_DIR)/lib/gcc/$(IFS_TARGET)/$(VER)/include/limits.h
endif
ifeq "$(PASS)" "2"
+ # Enable hardening by default:
cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-fortify_source-2.patch
-ifeq "$(SSP)" "1"
cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-fstack_protector-1.patch
-endif
-ifeq "$(PIE)" "1"
+
+ # This fpie patch also warns about DT_TEXTREL in shared objects (libraries and
+ # PIE's), and makes linker warnings fatal. Disable --fatal-warnings with
+ # -Wl,--no-fatal-warnings.
cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-fpie-1.patch
-endif
cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-branch-startfiles-1.patch
+
+ # This patch fixes a conflict between libiberty's asprintf() and Glibc's, when
+ # -D_FORTIFY_SOURCE=2 is used:
+ cd $(DIR_APP) && patch -Np0 -i $(DIR_PATCHES)/$(THISAPP)-asprintf_fix.patch
+
cd $(DIR_APP) && sed 's@\./fixinc\.sh@-c true@' -i gcc/Makefile.in
cd $(DIR_APP) && sed 's/^XCFLAGS =$$/& -fomit-frame-pointer/' -i gcc/Makefile.in
cd $(DIR_APP) && \
sed -e 's@/lib\(64\)\?\(32\)\?/ld@$(TOOLS_DIR)&@g' \
-e 's@/usr@$(TOOLS_DIR)@g' $$file.orig > $$file; \
echo -e "\n#undef STANDARD_INCLUDE_DIR\n#define STANDARD_INCLUDE_DIR 0" >> $$file; \
- echo -e "\n#define STANDARD_STARTFILE_PREFIX_1 \"\"\n#define STANDARD_STARTFILE_PREFIX_2 \"\"" >> $$file; \
touch $$file.orig; \
done
+ # Libgomp uses -Werror regardless of --disable-werror, and this will cause a
+ # build failure when -D_FORTIFY_SOURCE=2 causes build time warnings:
+ cd $(DIR_APP) && sed -e "s/-Werror//" -i libgomp/configure
+
+ # We need to do another bootstrap, so that everything in $(TOOLS_DIR) is hardened.
cd $(DIR_SRC)/gcc-build && \
- CC="$(IFS_TARGET)-gcc -B$(TOOLS_DIR)/lib/" \
- AR=$(IFS_TARGET)-ar \
- RANLIB=$(IFS_TARGET)-ranlib \
../$(THISAPP)/configure \
+ $(CONFIGURE_ARCH) \
+ --target=$(IFS_TARGET) \
+ --with-cpu=$(MACHINE) \
+ --with-arch=$(MACHINE) \
--prefix=$(TOOLS_DIR) \
--with-local-prefix=$(TOOLS_DIR) \
- --with-mpfr=$(TOOLS_DIR) \
- --with-gmp=$(TOOLS_DIR) \
+ --libexecdir=$(TOOLS_DIR)/lib \
--enable-clocale=gnu \
--enable-shared \
--enable-threads=posix \
--disable-bootstrap \
--disable-werror \
--disable-nls \
- --disable-libgomp \
$(CONFIGURE_ARGS)
- ## Libgomp was disabled here because it doesn't want to compile ##
cd $(DIR_SRC)/gcc-build && make $(PARALLELISMFLAGS)
cd $(DIR_SRC)/gcc-build && make install
- ln -svf ../include-fixed/syslimits.h \
- $(TOOLS_DIR)/lib/gcc/$(IFS_TARGET)/$(VER)/include/syslimits.h
- ln -svf ../include-fixed/limits.h \
- $(TOOLS_DIR)/lib/gcc/$(IFS_TARGET)/$(VER)/include/limits.h
endif
endif
cd $(DIR_APP) && sed -i 's/^XCFLAGS =$$/& -fomit-frame-pointer/' gcc/Makefile.in
cd $(DIR_APP) && sed -i 's@\./fixinc\.sh@-c true@' gcc/Makefile.in
- cd $(DIR_SRC)/gcc-build && ../$(THISAPP)/configure \
- --prefix=/usr \
- --libexecdir=/usr/lib \
- --enable-shared \
- --enable-threads=posix \
- --enable-__cxa_atexit \
- --enable-clocale=gnu \
- --enable-languages=c,c++ \
- --disable-bootstrap \
- --disable-werror \
- --disable-libgomp
- ## Libgomp was disabled here because it doesn't want to compile ##
+ # Libgomp uses -Werror regardless of --disable-werror, and this will cause a
+ # build failure when -D_FORTIFY_SOURCE=2 causes build time warnings:
+ cd $(DIR_APP) && sed -e "s/-Werror//" -i libgomp/configure
+
+ cd $(DIR_SRC)/gcc-build && \
+ ../$(THISAPP)/configure \
+ $(CONFIGURE_ARCH) \
+ --target=$(IFS_TARGET) \
+ --with-cpu=$(MACHINE) \
+ --with-arch=$(MACHINE) \
+ --prefix=/usr \
+ --libexecdir=/usr/lib \
+ --enable-shared \
+ --enable-threads=posix \
+ --enable-__cxa_atexit \
+ --enable-clocale=gnu \
+ --enable-languages=c,c++ \
+ --disable-bootstrap \
+ --disable-werror
+
cd $(DIR_SRC)/gcc-build && make $(PARALLELISMFLAGS)
cd $(DIR_SRC)/gcc-build && make install
- ln -svf ../include-fixed/syslimits.h \
- /usr/lib/gcc/$(IFS_TARGET)/$(VER)/include/syslimits.h
- ln -svf ../include-fixed/limits.h \
- /usr/lib/gcc/$(IFS_TARGET)/$(VER)/include/limits.h
-
ln -sfv ../usr/bin/cpp /lib
ln -sfv gcc /usr/bin/cc
endif
cd $(DIR_APP) && patch -Np0 -i $(DIR_PATCHES)/$(THISAPP)-open-args.patch
ifeq "$(STAGE)" "toolchain"
- cd $(DIR_APP)/gettext-tools && ./configure --prefix=$(TOOLS_DIR) --disable-shared
+ cd $(DIR_APP)/gettext-tools && \
+ ./configure \
+ $(CONFIGURE_ARCH) \
+ --prefix=$(TOOLS_DIR) \
+ --disable-shared
cd $(DIR_APP)/gettext-tools && make -C gnulib-lib
cd $(DIR_APP)/gettext-tools && make -C src msgfmt
cd $(DIR_APP)/gettext-tools && cp -v src/msgfmt $(TOOLS_DIR)/bin
$(THISAPP)-arc4_prng-1.patch \
$(THISAPP)-strlcpy_strlcat-1.patch \
$(THISAPP)-asprintf_reset2null-1.patch \
- $(THISAPP)-issetugid-1.patch
+ $(THISAPP)-issetugid-1.patch \
+ $(THISAPP)-localedef_trampoline-1.patch \
+ $(THISAPP)-sanitize_env.patch \
+ $(THISAPP)-mktemp_urandom.patch \
+ $(THISAPP)-res_randomid.patch
install : $(TARGET)
@mkdir $(DIR_SRC)/glibc-build
ifeq "$(STAGE)" "toolchain"
-ifeq "$(PAX)" "1"
+ # Glibc uses a hard coded path for /etc/ld.so.preload. To keep Glibc from
+ # preloading libraries from the host machine perform the following command:
+ cd $(DIR_APP) && sed -e "s@/etc/ld.so.preload@$(TOOLS_DIR)@" -i elf/rtld.c
+
+ # The next patch modifies the localedef program so it does not use GCC
+ # Trampoline code (http://gcc.gnu.org/onlinedocs/gccint/Trampolines.html),
+ # which relies on an executable stack to run. Without this patch the localedef
+ # program will be killed if it is run on a kernel with PaX memory protection.
+ # See http://pax.grsecurity.net/docs/pageexec.txt and
+ # http://pax.grsecurity.net/docs/segmexec.txt for more information:
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-localedef_trampoline-1.patch
+
+ # Support for PT_PaX markings:
cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-pt_pax-1.patch
-endif
- cd $(DIR_SRC)/glibc-build && CFLAGS="-O2 -march=$(MACHINE) -pipe" \
+
+ # This patch adds the issetugid() function, which is a front-end to the
+ # __libc_enable_secure() dynamic linker private function. This function
+ # reports whether the program is running with matching real and effective
+ # ID's, or not, to determine whether the program is running with set-uid or
+ # set-gid privileges. Many packages will search for issetugid() and use it if
+ # found, such as Ncurses. This is safer than allowing each program to
+ # determine privileges itself because it is tested at a lower level which is
+ # not manipulatable by the user. Apply this patch with the following command:
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-issetugid-1.patch
+
+ # This patch resticts the environment, particularly with setuid programs:
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-sanitize_env.patch
+
+ # This patch adds the strlcpy and strlcat functions and manual pages to Glibc.
+ # A paper written about these functions is available here:
+ # http://www.courtesan.com/todd/papers/strlcpy.html. The Glibc project has
+ # refused to add these functions, and that mail tread starts here:
+ # http://sources.redhat.com/ml/libc-alpha/2000-08/msg00052.html. Linus Torvalds
+ # has added a similar function to the Linux kernel, and that mail thread is
+ # here: http://lwn.net/Articles/33814/. The strlcpy() and strlcat() functions
+ # are replacements for strncpy() and strncat(). The controversy of these
+ # functions is that strlcpy() and strlcat() copy the source data to the
+ # destination buffer until the destination is full, and discards the rest of
+ # the data if there is any. This means that these functions will never
+ # overflow. The basis for the Glibc team's refusal to add these functions is
+ # that they silently hide programing errors, and they have a higher performance
+ # hit than strncpy() and strncat(). These functions should not be needed in a
+ # perfect world, but were invented to deal with the real world. Many packages
+ # will use these functions if they are found, such as Perl and many BLFS
+ # packages. These functions do reduce buffer overflows, and so they are
+ # recommended. After installing this patch no other effort is needed to use it.
+ # Packages will use autotools to detect whether they are available or not:
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-strlcpy_strlcat-1.patch
+
+ # The patch modifies __gen_tempname(), used by the mk*temp()/tmpnam() family
+ # of functions, to use /dev/urandom instead of hp-timing, gettimeofday(), or
+ # getpid():
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-mktemp_urandom.patch
+
+ # The res_randomid() function is a pseudo-random number generator, using
+ # getpid() for entropy. See: http://www.openbsd.org/advisories/res_random.txt
+ # for the vulnerability. This patch uses /dev/urandom instead:
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-res_randomid.patch
+
+ # We don't install pt_chown(1) on the final system, so why install it to
+ # $(TOOLS_DIR):
+ cd $(DIR_APP) && sed -e "/^install.*pt_chown/d" -i login/Makefile
+
+ # ldconfig is statically linked, so don't build it PIC:
+ cd $(DIR_APP) && sed "s/CFLAGS-ldconfig.c =/& -fno-PIC -fno-PIE/" \
+ -i elf/Makefile
+
+ # Build nscd with -fstack-protector-all, instead of -fstack-protector:
+ cd $(DIR_APP) && sed -e "s/fstack-protector/&-all/" -i nscd/Makefile
+
+ # We don't need to set -march=i?86 in confparams because GCC was built with
+ # --with-arch=i?86.
+
+ # --sbindir=$(TOOLS_DIR)/bin does not work... anyone want to fix this?
+ # We don't need Glibc's sbin programs, but still.
+
+ # --enable-stackguard-randomization could be added here, but this is primarily
+ # for attacks by local users, and we shouldn't have those in the rebooted
+ # system. Adding this will empty the /dev/random entropy pool (via
+ # /dev/urandom), unless the system is running a Random Number Gathering Daemon
+ # (rngd). This version of Glibc uses high precision timing with SSP, so the
+ # canary value changes at run-time. This is not as good as /dev/urandom, but
+ # it's better than nothing and has very good performance.
+
+ cd $(DIR_SRC)/glibc-build && \
+ CFLAGS="-O2 -pipe" \
../$(THISAPP)/configure \
--prefix=$(TOOLS_DIR) \
- --host=$(IFS_TARGET) \
- --build=$$($(DIR_APP)/scripts/config.guess) \
+ --libexecdir=$(TOOLS_DIR)/lib/$(PKG_NAME) \
+ --with-headers=$(TOOLS_DIR)/include \
+ --with-binutils=$(TOOLS_DIR)/bin \
--disable-profile \
--enable-add-ons \
--enable-kernel=2.6.0 \
- --with-headers=$(TOOLS_DIR)/include \
- --with-binutils=$(TOOLS_DIR)/bin \
--without-selinux \
--without-gd \
- --enable-bind-now \
- libc_cv_initfini_array=yes \
- libc_cv_forced_unwind=yes \
- libc_cv_c_cleanup=yes
+ --enable-bind-now
+
+ # Our GCC is already passing -fPIC, and that's all we want for the libraries.
+ # LDFLAGS.so is appended to so we don't build shared libraries with
+ # DT_TEXTREL (and to tell us if something goes wrong). For now we only build
+ # the libraries, not the programs:
+ echo "build-programs=no" \
+ >> $(DIR_SRC)/glibc-build/configparms
+ echo "LDFLAGS.so += -Wl,--warn-shared-textrel,--fatal-warnings" \
+ >> $(DIR_SRC)/glibc-build/configparms
cd $(DIR_SRC)/glibc-build && make PARALLELMFLAGS=$(PARALLELISMFLAGS)
+
+ # Then build the programs with hardening, so everything possible in
+ # $(TOOLS_DIR) is hardened:
+ @rm -f $(DIR_SRC)/glibc-build/configparms
+ echo "CC = gcc -fPIE -fstack-protector-all -D_FORTIFY_SOURCE=2" \
+ >> $(DIR_SRC)/glibc-build/configparms
+ echo "CXX = g++ -fPIE -fstack-protector-all -D_FORTIFY_SOURCE=2" \
+ >> $(DIR_SRC)/glibc-build/configparms
+ echo "CFLAGS-sln.c += -fno-PIC -fno-PIE" \
+ >> $(DIR_SRC)/glibc-build/configparms
+ echo "+link = \$$(CC) -nostdlib -nostartfiles -fPIE -pie -o \$$@ \\" \
+ >> $(DIR_SRC)/glibc-build/configparms
+ echo " \$$(sysdep-LDFLAGS) \$$(config-LDFLAGS) \$$(LDFLAGS) \$$(LDFLAGS-\$$(@F)) \\" \
+ >> $(DIR_SRC)/glibc-build/configparms
+ echo " -Wl,-z,combreloc -Wl,-z,relro -Wl,-z,now \$$(hashstyle-LDFLAGS) \\" \
+ >> $(DIR_SRC)/glibc-build/configparms
+ echo " -Wl,--warn-shared-textrel,--fatal-warnings \\" \
+ >> $(DIR_SRC)/glibc-build/configparms
+ echo " \$$(addprefix \$$(csu-objpfx),S\$$(start-installed-name)) \\" \
+ >> $(DIR_SRC)/glibc-build/configparms
+ echo " \$$(+preinit) `\$$(CC) --print-file-name=crtbeginS.o` \\" \
+ >> $(DIR_SRC)/glibc-build/configparms
+ echo " \$$(filter-out \$$(addprefix \$$(csu-objpfx),start.o \\" \
+ >> $(DIR_SRC)/glibc-build/configparms
+ echo " \$$(start-installed-name))\\" \
+ >> $(DIR_SRC)/glibc-build/configparms
+ echo " \$$(+preinit) \$$(link-extra-libs) \\" \
+ >> $(DIR_SRC)/glibc-build/configparms
+ echo " \$$(common-objpfx)libc% \$$(+postinit),\$$^) \\" \
+ >> $(DIR_SRC)/glibc-build/configparms
+ echo " \$$(link-extra-libs) \$$(link-libc) `\$$(CC) --print-file-name=crtendS.o` \$$(+postinit)" \
+ >> $(DIR_SRC)/glibc-build/configparms
+ cd $(DIR_SRC)/glibc-build && make PARALLELMFLAGS=$(PARALLELISMFLAGS)
+
-mkdir -v $(TOOLS_DIR)/etc
touch $(TOOLS_DIR)/etc/ld.so.conf
cd $(DIR_SRC)/glibc-build && make install
$(TARGET) :
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
-
-ifeq "$(STAGE)" "toolchain"
- cd $(DIR_APP) && ./configure \
- --prefix=$(TOOLS_DIR) \
- --disable-shared \
- --enable-static \
- --enable-fft \
- --enable-mpbsd
+ cd $(DIR_APP) && ABI=32 \
+ ./configure \
+ --prefix=/usr \
+ --enable-cxx \
+ --enable-mpbsd
cd $(DIR_APP) && make $(PARALLELISMFLAGS)
cd $(DIR_APP) && make install
-endif
-
-ifeq "$(STAGE)" "base"
- cd $(DIR_APP) && ./configure --prefix=/usr --enable-cxx --enable-mpbsd ABI=32
- cd $(DIR_APP) && make $(PARALLELISMFLAGS)
- cd $(DIR_APP) && make install
-endif
-
@rm -rf $(DIR_APP)
@$(POSTBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
ifeq "$(STAGE)" "toolchain"
+ # --without-included-regex makes Grep use libc for regex. This gets rid of
+ # some compiler warnings, and I can't imagine why it's unsafe.
cd $(DIR_APP) && \
./configure \
+ $(CONFIGURE_ARCH) \
--prefix=$(TOOLS_DIR) \
--disable-perl-regexp \
--without-included-regex
# Top-level Rules
###############################################################################
-objects = $(DL_FILE)
+objects = $(DL_FILE) \
+ $(THISAPP)-openbsd-owl-tmp.patch \
+ $(THISAPP)-cve-2006-4337_len.patch \
+ $(THISAPP)-cve-2006-4338.patch
install : $(TARGET)
sed 's/futimens/gl_&/' $$file.orig > $$file; \
done
-ifeq "$(PIE)" "1"
- ## Don't use assembler code because this is not position independent.
- cd $(DIR_APP) && DEFS=NO_ASM ./configure --prefix=$(TOOLS_DIR)
-else
- cd $(DIR_APP) && ./configure --prefix=$(TOOLS_DIR)
+ # This patch modifies 'znew' so we don't use temporary files:
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-openbsd-owl-tmp.patch
+
+ # Fix CVE 2006-4337
+ # (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4337) and
+ # CVE 2006-4338 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4338),
+ # against malformed gzip files:
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-cve-2006-4337_len.patch
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-cve-2006-4338.patch
+
+ # NO_ASM is for textrels.
+ cd $(DIR_APP) && \
+ DEFS=NO_ASM \
+ ./configure \
+ $(CONFIGURE_ARCH) \
+ --prefix=$(TOOLS_DIR)
cd $(DIR_APP) && make $(PARALLELISMFLAGS)
-endif
cd $(DIR_APP) && make install
endif
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
ifeq "$(STAGE)" "toolchain"
- cd $(DIR_APP) && ./configure --prefix=$(TOOLS_DIR)
+ # We need -D_GNU_SOURCE because this version of M4 has a bug in gnulib (or
+ # possibly autoconf) that doesn't recognise that we have asprintf() in libc.
+ cd $(DIR_APP) && \
+ CPPFLAGS="-D_GNU_SOURCE" \
+ ./configure \
+ $(CONFIGURE_ARCH) \
+ --prefix=$(TOOLS_DIR)
cd $(DIR_APP) && make $(PARALLELISMFLAGS)
cd $(DIR_APP) && make install
endif
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
ifeq "$(STAGE)" "toolchain"
- cd $(DIR_APP) && ./configure --prefix=$(TOOLS_DIR)
+ cd $(DIR_APP) && \
+ ./configure \
+ $(CONFIGURE_ARCH) \
+ --prefix=$(TOOLS_DIR)
cd $(DIR_APP) && make $(PARALLELISMFLAGS)
cd $(DIR_APP) && make install
endif
$(TARGET) :
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
-
-ifeq "$(STAGE)" "toolchain"
- cd $(DIR_APP) && ./configure \
- --prefix=$(TOOLS_DIR) \
- --enable-thread-safe \
- --disable-shared \
- --enable-static \
- --with-gmp=$(TOOLS_DIR)
+ cd $(DIR_APP) && \
+ ./configure \
+ --prefix=/usr \
+ --enable-thread-safe \
+ --disable-static
cd $(DIR_APP) && make $(PARALLELISMFLAGS)
cd $(DIR_APP) && make install
-endif
-
-ifeq "$(STAGE)" "base"
- cd $(DIR_APP) && ./configure \
- --prefix=/usr \
- --enable-thread-safe \
- --disable-shared \
- --enable-static
- cd $(DIR_APP) && make $(PARALLELISMFLAGS)
- cd $(DIR_APP) && make install
-endif
-
@rm -rf $(DIR_APP)
@$(POSTBUILD)
include Config
PKG_NAME = ncurses
-VER = 5.6
+VER = 5.7
THISAPP = $(PKG_NAME)-$(VER)
DL_FILE = $(THISAPP).tar.gz
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
ifeq "$(STAGE)" "toolchain"
- cd $(DIR_APP) && ./configure --prefix=$(TOOLS_DIR) --with-shared \
- --without-debug --without-ada --enable-overwrite
-
+ # We need wide character support for the Linux kernel menuconfig.
+ # --enable-symlinks installs the 'tic' program as a symbolic link (why not).
+ # --disable-root-environ restricts some environment variables, like TERMINFO,
+ # when running as root, so it can not be customized (why not).
+ cd $(DIR_APP) && \
+ ./configure \
+ $(CONFIGURE_ARCH) \
+ --prefix=$(TOOLS_DIR) \
+ --with-shared \
+ --without-debug \
+ --without-ada \
+ --enable-overwrite \
+ --enable-widec \
+ --without-cxx-binding \
+ --enable-symlinks \
+ --disable-root-environ
cd $(DIR_APP) && make $(PARALLELISMFLAGS)
cd $(DIR_APP) && make install
endif
ifeq "$(STAGE)" "base"
- cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-coverity_fixes-1.patch
cd $(DIR_APP) && \
./configure \
--prefix=/usr \
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ # Some fixes:
cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-fixes-1.patch
+ # Get rid of mktemp(3):
+ cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-mkstemp-1.patch
+
ifeq "$(STAGE)" "toolchain"
- cd $(DIR_APP) && ./configure --prefix=$(TOOLS_DIR)
+ cd $(DIR_APP) && \
+ ./configure \
+ $(CONFIGURE_ARCH) \
+ --prefix=$(TOOLS_DIR)
cd $(DIR_APP) && make $(PARALLELISMFLAGS)
cd $(DIR_APP) && make install
endif
ifeq "$(STAGE)" "base"
- cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-mkstemp-1.patch
cd $(DIR_APP) && ./configure --prefix=/usr
cd $(DIR_APP) && make $(PARALLELISMFLAGS)
cd $(DIR_APP) && make install
###############################################################################
objects = $(DL_FILE) \
- $(THISAPP)-libc-1.patch \
$(THISAPP)-page-1.patch \
$(THISAPP)-security_fix-1.patch \
$(XMLPARSER).tar.gz
$(TARGET) :
@$(PREBUILD)
- @rm -rf $(DIR_APP) $(DIR_SRC)/$(XMLPARSER) && \
- cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ @rm -rf $(DIR_SRC)/perl* && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ -mkdir -v $(DIR_SRC)/perl-build
ifeq "$(STAGE)" "toolchain"
- cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-libc-1.patch
cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-page-1.patch
cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-security_fix-1.patch
cd $(DIR_APP) && sed -i 's/command /command[ -]/' makedepend.SH
- cd $(DIR_APP) && ./configure.gnu --prefix=$(TOOLS_DIR) -Dstatic_ext='Data/Dumper Fcntl IO POSIX'
-
- cd $(DIR_APP) && make perl utilities ext/Errno/pm_to_blib $(PARALLELISMFLAGS)
-
- cd $(DIR_APP) && cp -v perl pod/pod2man $(TOOLS_DIR)/bin
- -mkdir -pv $(TOOLS_DIR)/lib/perl5/$(VER)
- cd $(DIR_APP) && cp -Rv lib/* $(TOOLS_DIR)/lib/perl5/$(VER)
+ # -Dlibc, locincpth, loclibpth, glibpth, and usrinc, are equivilent to the LFS
+ # Perl libc patch.
+
+ # ./Configure is used instead of ./configure.gnu because it supports builds
+ # from an object directory. -Dmksymlinks is also used, to support read-only
+ # sources. -d -e are added to accept all defaults, otherwise ./Configure will
+ # be interactive.
+ cd $(DIR_SRC)/perl-build && \
+ $(DIR_APP)/Configure \
+ -Dcc=$(IFS_TARGET)-gcc \
+ -Dprefix=$(TOOLS_DIR) \
+ -Dlibc=$(TOOLS_DIR)/lib/libc-2.8.so \
+ -Ulocincpth \
+ -Uloclibpth \
+ -Dglibpth="$(TOOLS_DIR)/lib" \
+ -Dusrinc="$(TOOLS_DIR)/include" \
+ -Dmksymlinks \
+ -d -e
+ cd $(DIR_SRC)/perl-build && make $(PARALLELISMFLAGS)
+ cd $(DIR_SRC)/perl-build && make LNS="cp" install
endif
ifeq "$(STAGE)" "base"
cd $(DIR_SRC)/$(XMLPARSER) && make install
endif
- @rm -rf $(DIR_APP) $(DIR_SRC)/$(XMLPARSER)
+ @rm -rf $(DIR_SRC)/perl*
@$(POSTBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
ifeq "$(STAGE)" "toolchain"
- cd $(DIR_APP) && ./configure --prefix=$(TOOLS_DIR)
+ cd $(DIR_APP) && \
+ ./configure \
+ $(CONFIGURE_ARCH) \
+ --prefix=$(TOOLS_DIR)
endif
ifeq "$(STAGE)" "base"
$(TARGET) :
@$(PREBUILD)
-
+ -mkdir -p $(TOOLS_DIR)/usr/bin
@$(POSTBUILD)
-strip --strip-all $(TOOLS_DIR)/{,usr/}{,s}bin/*
-rm -rf $(TOOLS_DIR)/{,share/}{info,man} \
$(TOOLS_DIR)/usr/{share,man,info} \
- $(TOOLS_DIR)/share/locale/*
+ $(TOOLS_DIR)/share/locale/* \
+ $(TOOLS_DIR)/var
chown -R root:root $(LFS)$(TOOLS_DIR)
endif
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
ifeq "$(STAGE)" "toolchain"
- cd $(DIR_APP) && ./configure --prefix=$(TOOLS_DIR)
+ # Normally the 'rmt' programs goes in sbin/.
+ cd $(DIR_APP) && \
+ ./configure \
+ $(CONFIGURE_ARCH) \
+ --prefix=$(TOOLS_DIR) \
+ --libexecdir=$(TOOLS_DIR)/bin
cd $(DIR_APP) && make $(PARALLELISMFLAGS)
cd $(DIR_APP) && make install
endif
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
ifeq "$(STAGE)" "toolchain"
- cd $(DIR_APP) && ./configure --prefix=$(TOOLS_DIR)
+ cd $(DIR_APP) && \
+ LDFLAGS="-lncursesw" \
+ ./configure \
+ $(CONFIGURE_ARCH) \
+ --prefix=$(TOOLS_DIR)
cd $(DIR_APP) && make $(PARALLELISMFLAGS)
cd $(DIR_APP) && make install
endif
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
ifeq "$(STAGE)" "toolchain"
- cd $(DIR_APP) && ./configure --prefix=$(TOOLS_DIR)
+ # There's a bug with this version of Util-linux-ng and the E2fsprogs version
+ # we installed, so -luuid needs to be added.
+ cd $(DIR_APP) && \
+ ./configure \
+ $(CONFIGURE_ARCH) \
+ --prefix=$(TOOLS_DIR)
cd $(DIR_APP) && make -C mount mount umount $(PARALLELISMFLAGS)
cd $(DIR_APP) && make -C text-utils more $(PARALLELISMFLAGS)
cd $(DIR_APP) && cp -v mount/{,u}mount text-utils/more $(TOOLS_DIR)/bin
build_spy stage ${STAGE}
toolchain_make stage1
+ #toolchain_make scripts
# make distcc first so that CCACHE_PREFIX works immediately
[ -z "$DISTCC_HOSTS" ] || toolchain_make distcc
toolchain_make ccache
- toolchain_make gmp
- toolchain_make mpfr
- toolchain_make linux
toolchain_make binutils PASS=1
toolchain_make gcc PASS=1
+ toolchain_make linux
toolchain_make glibc
toolchain_make adjust-toolchain
toolchain_make test-toolchain PASS=1
- toolchain_make binutils PASS=2
toolchain_make gcc PASS=2
+ toolchain_make binutils PASS=2
toolchain_make test-toolchain PASS=2
toolchain_make ncurses
toolchain_make bash
ipfire_make stage2
ipfire_make scripts
- ipfire_make gmp
- ipfire_make mpfr
ipfire_make linux
ipfire_make man-pages
ipfire_make glibc
ipfire_make file
ipfire_make findutils
ipfire_make flex
+ ipfire_make gmp
ipfire_make grub
ipfire_make gawk
ipfire_make grep
ipfire_make less
ipfire_make man-db
ipfire_make module-init-tools
+ ipfire_make mpfr
ipfire_make patch
ipfire_make psmisc
ipfire_make shadow
usr/lib/libmp.so
usr/lib/libmp.so.3
usr/lib/libmp.so.3.1.11
-#usr/share/info/dir
#usr/share/info/gmp.info
#usr/share/info/gmp.info-1
#usr/share/info/gmp.info-2
lib/libncursesw.so.5
-lib/libncursesw.so.5.6
+lib/libncursesw.so.5.7
#usr/bin/captoinfo
#usr/bin/clear
#usr/bin/infocmp
# Default target
TARGET=i686
-POSSIBLE_TARGETS="i586 i686 via-c3 via-c7 geodelx"
+POSSIBLE_TARGETS="i486 i586 i686 via-c3 via-c7 geodelx"
# Configuration rootdir
CONFIG_ROOT=/etc/$SNAME
MACHINE=i686
MACHINE_REAL=${MACHINE_REAL}
LINKER=/lib/ld-linux.so.2
- IFS_TARGET="${MACHINE}-pc-linux-gnu"
+ IFS_TARGET="${MACHINE}-via-linux-gnu"
CFLAGS="-march=${MACHINE} -mmmx -msse -msse2 -msse3 -O2 -pipe"
CXXFLAGS="${CFLAGS}"
elif [ 'via-c3' = $TARGET ]; then
MACHINE=i586
MACHINE_REAL=${MACHINE_REAL}
LINKER=/lib/ld-linux.so.2
- IFS_TARGET="${MACHINE}-pc-linux-gnu"
+ IFS_TARGET="${MACHINE}-via-linux-gnu"
CFLAGS="-march=c3 -m3dnow -O2 -pipe -fomit-frame-pointer"
CXXFLAGS="${CFLAGS}"
elif [ 'geodelx' = $TARGET ]; then
MACHINE=i586
MACHINE_REAL=${MACHINE_REAL}
LINKER=/lib/ld-linux.so.2
- IFS_TARGET="${MACHINE}-pc-linux-gnu"
+ IFS_TARGET="${MACHINE}-geode-linux-gnu"
CFLAGS="-march=geode -Os -pipe -fomit-frame-pointer"
CXXFLAGS="${CFLAGS}"
else
projects / ipfire-3.x.git / commitdiff
