From: Michael Tremer Date: Sat, 15 Nov 2008 17:59:13 +0000 (+0100) Subject: Introduced a new toolchain. X-Git-Tag: v3.0-alpha1~458 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=880689805c925099bfbbc4527f48af1d2febb1aa;p=ipfire-3.x.git Introduced a new toolchain. This is the first version of a new way to compile the toolchain. It gives us much flexibility and is fully hardened. But there may be some bugs left. I wrote comments about what I am doing into the lfs-files. --- diff --git a/lfs/adjust-toolchain b/lfs/adjust-toolchain index 0c9e4d72f..69e5ee637 100644 --- a/lfs/adjust-toolchain +++ b/lfs/adjust-toolchain @@ -52,7 +52,6 @@ $(TARGET) : ifeq "$(STAGE)" "toolchain" $(IFS_TARGET)-gcc -dumpspecs | sed \ -e 's@$(LINKER)@$(TOOLS_DIR)&@g' \ - -e "/^\*cpp:$$/{n;s,$$, -isystem $(TOOLS_DIR)/include,}" \ > $$(dirname $$($(IFS_TARGET)-gcc -print-libgcc-file-name))/specs endif diff --git a/lfs/bash b/lfs/bash index c043fb3de..a0ee0be2c 100644 --- a/lfs/bash +++ b/lfs/bash @@ -58,7 +58,8 @@ endef objects = $(DL_FILE) \ $(THISAPP)-fixes-8.patch \ $(PKG_NAME)-doc-$(VER).tar.gz \ - $(THISAPP)-arc4random-1.patch + $(THISAPP)-arc4random-1.patch \ + $(THISAPP)-rng.patch download: $(objects) @@ -80,13 +81,23 @@ $(TARGET): $(objects) cd $(DIR_APP) && patch -Np1 < $(DIR_PATCHES)/$(THISAPP)-fixes-8.patch -ifeq "$(STAGE)" "toolchain" +ifeq "$(STAGE)" "toolchain" + # This patch modifies Bash to use /dev/urandom (settable with + # --with-randomdev=) for $RANDOM, instead of getpid() and gettimeofday(). + # The test is "( echo $RANDOM; ( echo $RANDOM ); ( echo $RANDOM ) )": + cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-rng.patch + + # Bash uses the RTLD_LAZY option when loading libraries. We want to use + # RTLD_NOW (it is defined from : + cd $(DIR_APP) && sed -e "s/filename, RTLD_LAZY/filename, RTLD_NOW/" \ + -i builtins/enable.def + cd $(DIR_APP) && \ ac_cv_func_working_mktime=yes \ ./configure \ + $(CONFIGURE_ARCH) \ --prefix=$(TOOLS_DIR) \ - --without-bash-malloc \ - --with-curses + --without-bash-malloc cd $(DIR_APP) && make #$(PARALLELISMFLAGS) cd $(DIR_APP) && make install ln -sf bash $(TOOLS_DIR)/bin/sh diff --git a/lfs/bc b/lfs/bc index 3ce702f5c..bbce2515a 100644 --- a/lfs/bc +++ b/lfs/bc @@ -75,7 +75,10 @@ $(TARGET): $(objects) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && $(EXTRACTOR) $(DIR_DL)/$(DL_FILE) ifeq "$(STAGE)" "toolchain" - cd $(DIR_APP) && ./configure --prefix=$(TOOLS_DIR) + cd $(DIR_APP) && \ + ./configure \ + $(CONFIGURE_ARCH) \ + --prefix=$(TOOLS_DIR) cd $(DIR_APP) && make $(PARALLELISMFLAGS) cd $(DIR_APP) && make install endif diff --git a/lfs/binutils b/lfs/binutils index 5dafbcb15..71e195c80 100644 --- a/lfs/binutils +++ b/lfs/binutils @@ -60,7 +60,8 @@ endef objects = $(DL_FILE) \ $(THISAPP)-ld_makefile.patch \ $(THISAPP)-pt_pax-1.patch \ - $(THISAPP)-lazy-1.patch + $(THISAPP)-lazy-1.patch \ + $(THISAPP)-asprintf_fix.patch download: $(objects) @@ -82,10 +83,18 @@ $(TARGET): $(objects) @rm -rf $(DIR_SRC)/binutils-build -mkdir -v $(DIR_SRC)/binutils-build + # Add PT_PaX header marking support. These markings are using by the PaX + # kernel, and Pax-utils, to identify which programs need things like executable + # stack, etc. Without this patch the PaX kernel must use legacy mode, and this + # patch is greatly preferable: + cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-pt_pax-1.patch + ifeq "$(STAGE)" "toolchain" ifeq "$(PASS)" "1" cd $(DIR_SRC)/binutils-build && \ + CC="gcc -B/usr/bin/" \ ../$(THISAPP)/configure \ + $(CONFIGURE_ARCH) \ --target=$(IFS_TARGET) \ --prefix=$(TOOLS_DIR) \ --disable-nls \ @@ -93,24 +102,23 @@ ifeq "$(PASS)" "1" cd $(DIR_SRC)/binutils-build && make $(PARALLELISMFLAGS) cd $(DIR_SRC)/binutils-build && make install - cd $(TOOLS_DIR)/$(IFS_TARGET)/bin; \ - if [ "$(IFS_TARGET)" == "$$($(DIR_APP)/config.guess)" ]; then \ - for t in $$(ls -1); do \ - ln -sfv $${t} $(TOOLS_DIR)/bin/$(IFS_TARGET)-$${t}; \ - done; \ - fi + for t in $$(ls $(TOOLS_DIR)/$(IFS_TARGET)/bin); do \ + ln -sfv ../$(IFS_TARGET)/bin/$${t} $(TOOLS_DIR)/bin/$(IFS_TARGET)-$${t}; \ + done endif ifeq "$(PASS)" "2" + # Binutils libiberty has the same identical bug GCC has: + cd $(DIR_APP) && patch -Np0 -i $(DIR_PATCHES)/$(THISAPP)-asprintf_fix.patch + cd $(DIR_SRC)/binutils-build && \ - CC="$(IFS_TARGET)-gcc -B$(TOOLS_DIR)/lib/" \ - AR=$(IFS_TARGET)-ar \ - RANLIB=$(IFS_TARGET)-ranlib \ ../$(THISAPP)/configure \ + $(CONFIGURE_ARCH) \ --target=$(IFS_TARGET) \ --prefix=$(TOOLS_DIR) \ --with-lib-path=$(TOOLS_DIR)/lib \ - --disable-nls + --disable-nls \ + --disable-werror cd $(DIR_SRC)/binutils-build && make $(PARALLELISMFLAGS) cd $(DIR_SRC)/binutils-build && make install @@ -121,9 +129,7 @@ endif endif ifeq "$(STAGE)" "base" -ifeq "$(PAX)" "1" - cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-pt_pax-1.patch -endif + cd $(DIR_APP) && patch -Np0 -i $(DIR_PATCHES)/$(THISAPP)-asprintf_fix.patch cd $(DIR_SRC)/binutils-build && \ CC="gcc -specs=$$(dirname $$(gcc --print-libgcc-file-name))/myspecs -B/usr/lib/ -B/usr/bin/" \ ../$(THISAPP)/configure \ diff --git a/lfs/coreutils b/lfs/coreutils index 38af067f2..7a19c1016 100644 --- a/lfs/coreutils +++ b/lfs/coreutils @@ -57,11 +57,14 @@ $(TARGET) : cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-old_build_kernel-1.patch ifeq "$(STAGE)" "toolchain" - cd $(DIR_APP) && ./configure --prefix=$(TOOLS_DIR) \ - --enable-install-program=hostname + cd $(DIR_APP) && \ + ./configure \ + $(CONFIGURE_ARCH) \ + --prefix=$(TOOLS_DIR) \ + --enable-install-program=hostname cd $(DIR_APP) && make $(PARALLELISMFLAGS) cd $(DIR_APP) && make install - + cd $(DIR_APP) && cp -v src/su $(TOOLS_DIR)/bin/su-tools endif diff --git a/lfs/diffutils b/lfs/diffutils index 3c9c93c14..54cb3f506 100644 --- a/lfs/diffutils +++ b/lfs/diffutils @@ -53,16 +53,20 @@ $(objects) : $(TARGET) : @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - + + cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-hardened_tmp-1.patch + ifeq "$(STAGE)" "toolchain" - cd $(DIR_APP) && ./configure --prefix=$(TOOLS_DIR) + cd $(DIR_APP) && \ + ./configure \ + $(CONFIGURE_ARCH) \ + --prefix=$(TOOLS_DIR) cd $(DIR_APP) && make $(PARALLELISMFLAGS) cd $(DIR_APP) && make install endif ifeq "$(STAGE)" "base" cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-i18n-1.patch - cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-hardened_tmp-1.patch cd $(DIR_APP) && touch man/diff.1 cd $(DIR_APP) && ./configure --prefix=/usr cd $(DIR_APP) && make $(PARALLELISMFLAGS) diff --git a/lfs/e2fsprogs b/lfs/e2fsprogs index dd1288b4e..a5dac4347 100644 --- a/lfs/e2fsprogs +++ b/lfs/e2fsprogs @@ -56,8 +56,26 @@ $(TARGET) : -mkdir $(DIR_APP)/build ifeq "$(STAGE)" "toolchain" - cd $(DIR_APP)/build && ../configure --prefix=$(TOOLS_DIR) \ - --enable-elf-shlibs + # Fix DT_TEXTREL in e2fsprogs libraries. --disable-shared and + # --with-pic are not options in E2fsprogs: + cd $(DIR_APP) && \ + find lib/ -name Makefile.in -exec sed -i "s/\$$(ALL_CFLAGS)/& -fPIC/" {} \; + + # At run time libblkid looks for the BLKID_DEBUG environment variable to + # enable debbugging, with getenv(3). Some suid-root programs use libblkid, + # such as mount(1). e2fsprogs includes a safe_getenv() function, which calls + # __secure_getenv() from libc. __secure_getenv will restrict some environment + # variables if the user is suid or sgid. So, this command replaces getenv() + # with safe_getenv(): + cd $(DIR_APP) && sed \ + -e "s/getenv(\"BLKID_DEBUG\")/safe_getenv(\"BLKID_DEBUG\")/" \ + -i lib/blkid/cache.c + + cd $(DIR_APP)/build && \ + ../configure \ + $(CONFIGURE_ARCH) \ + --prefix=$(TOOLS_DIR) \ + --enable-elf-shlibs cd $(DIR_APP)/build && make $(PARALLELISMFLAGS) cd $(DIR_APP)/build && make install-libs endif diff --git a/lfs/findutils b/lfs/findutils index b480b2fb2..c73510c02 100644 --- a/lfs/findutils +++ b/lfs/findutils @@ -53,8 +53,13 @@ $(objects) : $(TARGET) : @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + ifeq "$(STAGE)" "toolchain" - cd $(DIR_APP) && ./configure --prefix=$(TOOLS_DIR) + cd $(DIR_APP) && \ + ./configure \ + $(CONFIGURE_ARCH) \ + --prefix=$(TOOLS_DIR) \ + --libexecdir=$(TOOLS_DIR)/lib/findutils cd $(DIR_APP) && make $(PARALLELISMFLAGS) cd $(DIR_APP) && make install endif @@ -67,5 +72,6 @@ ifeq "$(STAGE)" "base" mv -v /usr/bin/find /bin sed -i -e 's/find:=$${BINDIR}/find:=\/bin/' /usr/bin/updatedb endif + @rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/lfs/flex b/lfs/flex index b08a83f94..cdb1cd472 100644 --- a/lfs/flex +++ b/lfs/flex @@ -58,7 +58,10 @@ $(TARGET) : @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE) ifeq "$(STAGE)" "toolchain" - cd $(DIR_APP) && ./configure --prefix=$(TOOLS_DIR) + cd $(DIR_APP) && \ + ./configure \ + $(CONFIGURE_ARCH) \ + --prefix=$(TOOLS_DIR) cd $(DIR_APP) && make $(PARALLELISMFLAGS) cd $(DIR_APP) && make install endif diff --git a/lfs/fontconfig b/lfs/fontconfig index 216ac4586..62c8eb0ce 100644 --- a/lfs/fontconfig +++ b/lfs/fontconfig @@ -60,7 +60,7 @@ $(TARGET) : --localstatedir=/var \ --disable-static \ --enable-libxml2 - cd $(DIR_APP) && make $(PARALLELISMFLAGS) + cd $(DIR_APP) && make #$(PARALLELISMFLAGS) cd $(DIR_APP) && make install @rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/lfs/gawk b/lfs/gawk index e506a7bf0..7524a5885 100644 --- a/lfs/gawk +++ b/lfs/gawk @@ -58,7 +58,9 @@ ifeq "$(STAGE)" "toolchain" cd $(DIR_APP) && \ ac_cv_func_working_mktime=yes \ ./configure \ - --prefix=$(TOOLS_DIR) + $(CONFIGURE_ARCH) \ + --prefix=$(TOOLS_DIR) \ + --libexecdir=$(TOOLS_DIR)/lib cd $(DIR_APP) && echo "#define HAVE_LANGINFO_CODESET 1" >> config.h cd $(DIR_APP) && echo "#define HAVE_LC_MESSAGES 1" >> config.h cd $(DIR_APP) && make $(PARALLELISMFLAGS) diff --git a/lfs/gcc b/lfs/gcc index 86180a0c1..52a3f17fc 100644 --- a/lfs/gcc +++ b/lfs/gcc @@ -33,6 +33,9 @@ DIR_APP = $(DIR_SRC)/$(THISAPP) CFLAGS = -pipe CXXFLAGS = +GMP = $(shell grep ^VER $(DIR_SRC)/lfs/gmp | awk '{ print $$3 }') +MPFR = $(shell grep ^VER $(DIR_SRC)/lfs/mpfr | awk '{ print $$3 }') + ifeq "$(STAGE)" "base" TARGET = $(DIR_INFO)/$(STAGE_ORDER)_$(STAGE)/$(THISAPP) else @@ -48,10 +51,12 @@ endif ############################################################################### objects = $(DL_FILE) \ + gmp-$(GMP).tar.bz2 mpfr-$(MPFR).tar.bz2 \ $(THISAPP)-fstack_protector-1.patch \ $(THISAPP)-fortify_source-2.patch \ $(THISAPP)-fpie-1.patch \ - $(THISAPP)-branch-startfiles-1.patch + $(THISAPP)-branch-startfiles-1.patch \ + $(THISAPP)-asprintf_fix.patch install : $(TARGET) @@ -69,50 +74,59 @@ $(TARGET) : @rm -rf $(DIR_APP) $(DIR_SRC)/gcc-build && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE) -mkdir -v $(DIR_SRC)/gcc-build + # First, unpack gmp and mpfr. + # We use the build-"magic" of the gcc build system that we compile libgmp and + # libmpfr right (with -fPIC and so on). + cd $(DIR_APP) && $(EXTRACTOR) $(DIR_DL)/gmp-$(GMP).tar.bz2 + cd $(DIR_APP) && ln -svf gmp-* gmp + cd $(DIR_APP) && $(EXTRACTOR) $(DIR_DL)/mpfr-$(MPFR).tar.bz2 + cd $(DIR_APP) && ln -svf mpfr-* mpfr + ifeq "$(STAGE)" "toolchain" ifeq "$(PASS)" "1" -ifeq "$(PIE)" "1" ## Enable -fPIC by default cd $(DIR_APP) && sed 's/^\(#define CC1_SPEC.*\)\("\)$$/\1 %{fno-pic|fpic|fPIC:;:-fPIC}\2/' \ -i gcc/config/i386/linux.h -endif + cd $(DIR_SRC)/gcc-build && \ + CC="gcc -B/usr/bin/" \ ../$(THISAPP)/configure \ + $(CONFIGURE_ARCH) \ --target=$(IFS_TARGET) \ + --with-cpu=$(MACHINE) \ + --with-arch=$(MACHINE) \ --prefix=$(TOOLS_DIR) \ + --with-local-prefix=$(TOOLS_DIR) \ + --libexecdir=$(TOOLS_DIR)/lib \ --enable-languages=c \ - --disable-shared \ - --disable-threads \ - --disable-multilib \ - --disable-libmudflap \ - --disable-libssp \ - --disable-libgomp \ + --enable-shared \ --disable-nls \ - --enable-checking=none \ - --with-mpfr=$(TOOLS_DIR) \ - --with-gmp=$(TOOLS_DIR) \ --disable-werror \ $(CONFIGURE_ARGS) - cd $(DIR_SRC)/gcc-build && make $(PARALLELISMFLAGS) + + # 'gcc_cv_libc_provides_ssp=yes' is added because without it GCC may want to + # use libssp if the host system's libc is unsupported: + cd $(DIR_SRC)/gcc-build && make gcc_cv_libc_provides_ssp=yes $(PARALLELISMFLAGS) cd $(DIR_SRC)/gcc-build && make install ln -fvs gcc $(TOOLS_DIR)/bin/cc - ln -sfv libgcc.a $$($(IFS_TARGET)-gcc -print-libgcc-file-name | sed 's/libgcc/&_eh/') - ln -svf ../include-fixed/syslimits.h \ - $(TOOLS_DIR)/lib/gcc/$(IFS_TARGET)/$(VER)/include/syslimits.h - ln -svf ../include-fixed/limits.h \ - $(TOOLS_DIR)/lib/gcc/$(IFS_TARGET)/$(VER)/include/limits.h endif ifeq "$(PASS)" "2" + # Enable hardening by default: cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-fortify_source-2.patch -ifeq "$(SSP)" "1" cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-fstack_protector-1.patch -endif -ifeq "$(PIE)" "1" + + # This fpie patch also warns about DT_TEXTREL in shared objects (libraries and + # PIE's), and makes linker warnings fatal. Disable --fatal-warnings with + # -Wl,--no-fatal-warnings. cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-fpie-1.patch -endif cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-branch-startfiles-1.patch + + # This patch fixes a conflict between libiberty's asprintf() and Glibc's, when + # -D_FORTIFY_SOURCE=2 is used: + cd $(DIR_APP) && patch -Np0 -i $(DIR_PATCHES)/$(THISAPP)-asprintf_fix.patch + cd $(DIR_APP) && sed 's@\./fixinc\.sh@-c true@' -i gcc/Makefile.in cd $(DIR_APP) && sed 's/^XCFLAGS =$$/& -fomit-frame-pointer/' -i gcc/Makefile.in cd $(DIR_APP) && \ @@ -121,19 +135,23 @@ endif sed -e 's@/lib\(64\)\?\(32\)\?/ld@$(TOOLS_DIR)&@g' \ -e 's@/usr@$(TOOLS_DIR)@g' $$file.orig > $$file; \ echo -e "\n#undef STANDARD_INCLUDE_DIR\n#define STANDARD_INCLUDE_DIR 0" >> $$file; \ - echo -e "\n#define STANDARD_STARTFILE_PREFIX_1 \"\"\n#define STANDARD_STARTFILE_PREFIX_2 \"\"" >> $$file; \ touch $$file.orig; \ done + # Libgomp uses -Werror regardless of --disable-werror, and this will cause a + # build failure when -D_FORTIFY_SOURCE=2 causes build time warnings: + cd $(DIR_APP) && sed -e "s/-Werror//" -i libgomp/configure + + # We need to do another bootstrap, so that everything in $(TOOLS_DIR) is hardened. cd $(DIR_SRC)/gcc-build && \ - CC="$(IFS_TARGET)-gcc -B$(TOOLS_DIR)/lib/" \ - AR=$(IFS_TARGET)-ar \ - RANLIB=$(IFS_TARGET)-ranlib \ ../$(THISAPP)/configure \ + $(CONFIGURE_ARCH) \ + --target=$(IFS_TARGET) \ + --with-cpu=$(MACHINE) \ + --with-arch=$(MACHINE) \ --prefix=$(TOOLS_DIR) \ --with-local-prefix=$(TOOLS_DIR) \ - --with-mpfr=$(TOOLS_DIR) \ - --with-gmp=$(TOOLS_DIR) \ + --libexecdir=$(TOOLS_DIR)/lib \ --enable-clocale=gnu \ --enable-shared \ --enable-threads=posix \ @@ -143,15 +161,9 @@ endif --disable-bootstrap \ --disable-werror \ --disable-nls \ - --disable-libgomp \ $(CONFIGURE_ARGS) - ## Libgomp was disabled here because it doesn't want to compile ## cd $(DIR_SRC)/gcc-build && make $(PARALLELISMFLAGS) cd $(DIR_SRC)/gcc-build && make install - ln -svf ../include-fixed/syslimits.h \ - $(TOOLS_DIR)/lib/gcc/$(IFS_TARGET)/$(VER)/include/syslimits.h - ln -svf ../include-fixed/limits.h \ - $(TOOLS_DIR)/lib/gcc/$(IFS_TARGET)/$(VER)/include/limits.h endif endif @@ -167,26 +179,29 @@ endif cd $(DIR_APP) && sed -i 's/^XCFLAGS =$$/& -fomit-frame-pointer/' gcc/Makefile.in cd $(DIR_APP) && sed -i 's@\./fixinc\.sh@-c true@' gcc/Makefile.in - cd $(DIR_SRC)/gcc-build && ../$(THISAPP)/configure \ - --prefix=/usr \ - --libexecdir=/usr/lib \ - --enable-shared \ - --enable-threads=posix \ - --enable-__cxa_atexit \ - --enable-clocale=gnu \ - --enable-languages=c,c++ \ - --disable-bootstrap \ - --disable-werror \ - --disable-libgomp - ## Libgomp was disabled here because it doesn't want to compile ## + # Libgomp uses -Werror regardless of --disable-werror, and this will cause a + # build failure when -D_FORTIFY_SOURCE=2 causes build time warnings: + cd $(DIR_APP) && sed -e "s/-Werror//" -i libgomp/configure + + cd $(DIR_SRC)/gcc-build && \ + ../$(THISAPP)/configure \ + $(CONFIGURE_ARCH) \ + --target=$(IFS_TARGET) \ + --with-cpu=$(MACHINE) \ + --with-arch=$(MACHINE) \ + --prefix=/usr \ + --libexecdir=/usr/lib \ + --enable-shared \ + --enable-threads=posix \ + --enable-__cxa_atexit \ + --enable-clocale=gnu \ + --enable-languages=c,c++ \ + --disable-bootstrap \ + --disable-werror + cd $(DIR_SRC)/gcc-build && make $(PARALLELISMFLAGS) cd $(DIR_SRC)/gcc-build && make install - ln -svf ../include-fixed/syslimits.h \ - /usr/lib/gcc/$(IFS_TARGET)/$(VER)/include/syslimits.h - ln -svf ../include-fixed/limits.h \ - /usr/lib/gcc/$(IFS_TARGET)/$(VER)/include/limits.h - ln -sfv ../usr/bin/cpp /lib ln -sfv gcc /usr/bin/cc endif diff --git a/lfs/gettext b/lfs/gettext index b5038be4b..ad48aabc6 100644 --- a/lfs/gettext +++ b/lfs/gettext @@ -58,7 +58,11 @@ $(TARGET) : cd $(DIR_APP) && patch -Np0 -i $(DIR_PATCHES)/$(THISAPP)-open-args.patch ifeq "$(STAGE)" "toolchain" - cd $(DIR_APP)/gettext-tools && ./configure --prefix=$(TOOLS_DIR) --disable-shared + cd $(DIR_APP)/gettext-tools && \ + ./configure \ + $(CONFIGURE_ARCH) \ + --prefix=$(TOOLS_DIR) \ + --disable-shared cd $(DIR_APP)/gettext-tools && make -C gnulib-lib cd $(DIR_APP)/gettext-tools && make -C src msgfmt cd $(DIR_APP)/gettext-tools && cp -v src/msgfmt $(TOOLS_DIR)/bin diff --git a/lfs/glibc b/lfs/glibc index 21e7c1e1c..dcbef3791 100644 --- a/lfs/glibc +++ b/lfs/glibc @@ -61,7 +61,11 @@ objects = $(DL_FILE) \ $(THISAPP)-arc4_prng-1.patch \ $(THISAPP)-strlcpy_strlcat-1.patch \ $(THISAPP)-asprintf_reset2null-1.patch \ - $(THISAPP)-issetugid-1.patch + $(THISAPP)-issetugid-1.patch \ + $(THISAPP)-localedef_trampoline-1.patch \ + $(THISAPP)-sanitize_env.patch \ + $(THISAPP)-mktemp_urandom.patch \ + $(THISAPP)-res_randomid.patch install : $(TARGET) @@ -80,26 +84,147 @@ $(TARGET) : @mkdir $(DIR_SRC)/glibc-build ifeq "$(STAGE)" "toolchain" -ifeq "$(PAX)" "1" + # Glibc uses a hard coded path for /etc/ld.so.preload. To keep Glibc from + # preloading libraries from the host machine perform the following command: + cd $(DIR_APP) && sed -e "s@/etc/ld.so.preload@$(TOOLS_DIR)@" -i elf/rtld.c + + # The next patch modifies the localedef program so it does not use GCC + # Trampoline code (http://gcc.gnu.org/onlinedocs/gccint/Trampolines.html), + # which relies on an executable stack to run. Without this patch the localedef + # program will be killed if it is run on a kernel with PaX memory protection. + # See http://pax.grsecurity.net/docs/pageexec.txt and + # http://pax.grsecurity.net/docs/segmexec.txt for more information: + cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-localedef_trampoline-1.patch + + # Support for PT_PaX markings: cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-pt_pax-1.patch -endif - cd $(DIR_SRC)/glibc-build && CFLAGS="-O2 -march=$(MACHINE) -pipe" \ + + # This patch adds the issetugid() function, which is a front-end to the + # __libc_enable_secure() dynamic linker private function. This function + # reports whether the program is running with matching real and effective + # ID's, or not, to determine whether the program is running with set-uid or + # set-gid privileges. Many packages will search for issetugid() and use it if + # found, such as Ncurses. This is safer than allowing each program to + # determine privileges itself because it is tested at a lower level which is + # not manipulatable by the user. Apply this patch with the following command: + cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-issetugid-1.patch + + # This patch resticts the environment, particularly with setuid programs: + cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-sanitize_env.patch + + # This patch adds the strlcpy and strlcat functions and manual pages to Glibc. + # A paper written about these functions is available here: + # http://www.courtesan.com/todd/papers/strlcpy.html. The Glibc project has + # refused to add these functions, and that mail tread starts here: + # http://sources.redhat.com/ml/libc-alpha/2000-08/msg00052.html. Linus Torvalds + # has added a similar function to the Linux kernel, and that mail thread is + # here: http://lwn.net/Articles/33814/. The strlcpy() and strlcat() functions + # are replacements for strncpy() and strncat(). The controversy of these + # functions is that strlcpy() and strlcat() copy the source data to the + # destination buffer until the destination is full, and discards the rest of + # the data if there is any. This means that these functions will never + # overflow. The basis for the Glibc team's refusal to add these functions is + # that they silently hide programing errors, and they have a higher performance + # hit than strncpy() and strncat(). These functions should not be needed in a + # perfect world, but were invented to deal with the real world. Many packages + # will use these functions if they are found, such as Perl and many BLFS + # packages. These functions do reduce buffer overflows, and so they are + # recommended. After installing this patch no other effort is needed to use it. + # Packages will use autotools to detect whether they are available or not: + cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-strlcpy_strlcat-1.patch + + # The patch modifies __gen_tempname(), used by the mk*temp()/tmpnam() family + # of functions, to use /dev/urandom instead of hp-timing, gettimeofday(), or + # getpid(): + cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-mktemp_urandom.patch + + # The res_randomid() function is a pseudo-random number generator, using + # getpid() for entropy. See: http://www.openbsd.org/advisories/res_random.txt + # for the vulnerability. This patch uses /dev/urandom instead: + cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-res_randomid.patch + + # We don't install pt_chown(1) on the final system, so why install it to + # $(TOOLS_DIR): + cd $(DIR_APP) && sed -e "/^install.*pt_chown/d" -i login/Makefile + + # ldconfig is statically linked, so don't build it PIC: + cd $(DIR_APP) && sed "s/CFLAGS-ldconfig.c =/& -fno-PIC -fno-PIE/" \ + -i elf/Makefile + + # Build nscd with -fstack-protector-all, instead of -fstack-protector: + cd $(DIR_APP) && sed -e "s/fstack-protector/&-all/" -i nscd/Makefile + + # We don't need to set -march=i?86 in confparams because GCC was built with + # --with-arch=i?86. + + # --sbindir=$(TOOLS_DIR)/bin does not work... anyone want to fix this? + # We don't need Glibc's sbin programs, but still. + + # --enable-stackguard-randomization could be added here, but this is primarily + # for attacks by local users, and we shouldn't have those in the rebooted + # system. Adding this will empty the /dev/random entropy pool (via + # /dev/urandom), unless the system is running a Random Number Gathering Daemon + # (rngd). This version of Glibc uses high precision timing with SSP, so the + # canary value changes at run-time. This is not as good as /dev/urandom, but + # it's better than nothing and has very good performance. + + cd $(DIR_SRC)/glibc-build && \ + CFLAGS="-O2 -pipe" \ ../$(THISAPP)/configure \ --prefix=$(TOOLS_DIR) \ - --host=$(IFS_TARGET) \ - --build=$$($(DIR_APP)/scripts/config.guess) \ + --libexecdir=$(TOOLS_DIR)/lib/$(PKG_NAME) \ + --with-headers=$(TOOLS_DIR)/include \ + --with-binutils=$(TOOLS_DIR)/bin \ --disable-profile \ --enable-add-ons \ --enable-kernel=2.6.0 \ - --with-headers=$(TOOLS_DIR)/include \ - --with-binutils=$(TOOLS_DIR)/bin \ --without-selinux \ --without-gd \ - --enable-bind-now \ - libc_cv_initfini_array=yes \ - libc_cv_forced_unwind=yes \ - libc_cv_c_cleanup=yes + --enable-bind-now + + # Our GCC is already passing -fPIC, and that's all we want for the libraries. + # LDFLAGS.so is appended to so we don't build shared libraries with + # DT_TEXTREL (and to tell us if something goes wrong). For now we only build + # the libraries, not the programs: + echo "build-programs=no" \ + >> $(DIR_SRC)/glibc-build/configparms + echo "LDFLAGS.so += -Wl,--warn-shared-textrel,--fatal-warnings" \ + >> $(DIR_SRC)/glibc-build/configparms cd $(DIR_SRC)/glibc-build && make PARALLELMFLAGS=$(PARALLELISMFLAGS) + + # Then build the programs with hardening, so everything possible in + # $(TOOLS_DIR) is hardened: + @rm -f $(DIR_SRC)/glibc-build/configparms + echo "CC = gcc -fPIE -fstack-protector-all -D_FORTIFY_SOURCE=2" \ + >> $(DIR_SRC)/glibc-build/configparms + echo "CXX = g++ -fPIE -fstack-protector-all -D_FORTIFY_SOURCE=2" \ + >> $(DIR_SRC)/glibc-build/configparms + echo "CFLAGS-sln.c += -fno-PIC -fno-PIE" \ + >> $(DIR_SRC)/glibc-build/configparms + echo "+link = \$$(CC) -nostdlib -nostartfiles -fPIE -pie -o \$$@ \\" \ + >> $(DIR_SRC)/glibc-build/configparms + echo " \$$(sysdep-LDFLAGS) \$$(config-LDFLAGS) \$$(LDFLAGS) \$$(LDFLAGS-\$$(@F)) \\" \ + >> $(DIR_SRC)/glibc-build/configparms + echo " -Wl,-z,combreloc -Wl,-z,relro -Wl,-z,now \$$(hashstyle-LDFLAGS) \\" \ + >> $(DIR_SRC)/glibc-build/configparms + echo " -Wl,--warn-shared-textrel,--fatal-warnings \\" \ + >> $(DIR_SRC)/glibc-build/configparms + echo " \$$(addprefix \$$(csu-objpfx),S\$$(start-installed-name)) \\" \ + >> $(DIR_SRC)/glibc-build/configparms + echo " \$$(+preinit) `\$$(CC) --print-file-name=crtbeginS.o` \\" \ + >> $(DIR_SRC)/glibc-build/configparms + echo " \$$(filter-out \$$(addprefix \$$(csu-objpfx),start.o \\" \ + >> $(DIR_SRC)/glibc-build/configparms + echo " \$$(start-installed-name))\\" \ + >> $(DIR_SRC)/glibc-build/configparms + echo " \$$(+preinit) \$$(link-extra-libs) \\" \ + >> $(DIR_SRC)/glibc-build/configparms + echo " \$$(common-objpfx)libc% \$$(+postinit),\$$^) \\" \ + >> $(DIR_SRC)/glibc-build/configparms + echo " \$$(link-extra-libs) \$$(link-libc) `\$$(CC) --print-file-name=crtendS.o` \$$(+postinit)" \ + >> $(DIR_SRC)/glibc-build/configparms + cd $(DIR_SRC)/glibc-build && make PARALLELMFLAGS=$(PARALLELISMFLAGS) + -mkdir -v $(TOOLS_DIR)/etc touch $(TOOLS_DIR)/etc/ld.so.conf cd $(DIR_SRC)/glibc-build && make install diff --git a/lfs/gmp b/lfs/gmp index 2c2484460..9e471dc1e 100644 --- a/lfs/gmp +++ b/lfs/gmp @@ -53,23 +53,12 @@ $(objects) : $(TARGET) : @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE) - -ifeq "$(STAGE)" "toolchain" - cd $(DIR_APP) && ./configure \ - --prefix=$(TOOLS_DIR) \ - --disable-shared \ - --enable-static \ - --enable-fft \ - --enable-mpbsd + cd $(DIR_APP) && ABI=32 \ + ./configure \ + --prefix=/usr \ + --enable-cxx \ + --enable-mpbsd cd $(DIR_APP) && make $(PARALLELISMFLAGS) cd $(DIR_APP) && make install -endif - -ifeq "$(STAGE)" "base" - cd $(DIR_APP) && ./configure --prefix=/usr --enable-cxx --enable-mpbsd ABI=32 - cd $(DIR_APP) && make $(PARALLELISMFLAGS) - cd $(DIR_APP) && make install -endif - @rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/lfs/grep b/lfs/grep index 7d6018258..e6c14def5 100644 --- a/lfs/grep +++ b/lfs/grep @@ -57,8 +57,11 @@ $(TARGET) : @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE) ifeq "$(STAGE)" "toolchain" + # --without-included-regex makes Grep use libc for regex. This gets rid of + # some compiler warnings, and I can't imagine why it's unsafe. cd $(DIR_APP) && \ ./configure \ + $(CONFIGURE_ARCH) \ --prefix=$(TOOLS_DIR) \ --disable-perl-regexp \ --without-included-regex diff --git a/lfs/gzip b/lfs/gzip index 5c66fe084..0a37628fb 100644 --- a/lfs/gzip +++ b/lfs/gzip @@ -37,7 +37,10 @@ TARGET = $(DIR_INFO)/$(STAGE_ORDER)_$(STAGE)/$(THISAPP) # Top-level Rules ############################################################################### -objects = $(DL_FILE) +objects = $(DL_FILE) \ + $(THISAPP)-openbsd-owl-tmp.patch \ + $(THISAPP)-cve-2006-4337_len.patch \ + $(THISAPP)-cve-2006-4338.patch install : $(TARGET) @@ -61,13 +64,23 @@ ifeq "$(STAGE)" "toolchain" sed 's/futimens/gl_&/' $$file.orig > $$file; \ done -ifeq "$(PIE)" "1" - ## Don't use assembler code because this is not position independent. - cd $(DIR_APP) && DEFS=NO_ASM ./configure --prefix=$(TOOLS_DIR) -else - cd $(DIR_APP) && ./configure --prefix=$(TOOLS_DIR) + # This patch modifies 'znew' so we don't use temporary files: + cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-openbsd-owl-tmp.patch + + # Fix CVE 2006-4337 + # (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4337) and + # CVE 2006-4338 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4338), + # against malformed gzip files: + cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-cve-2006-4337_len.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-cve-2006-4338.patch + + # NO_ASM is for textrels. + cd $(DIR_APP) && \ + DEFS=NO_ASM \ + ./configure \ + $(CONFIGURE_ARCH) \ + --prefix=$(TOOLS_DIR) cd $(DIR_APP) && make $(PARALLELISMFLAGS) -endif cd $(DIR_APP) && make install endif diff --git a/lfs/m4 b/lfs/m4 index b99656eed..b717a4843 100644 --- a/lfs/m4 +++ b/lfs/m4 @@ -55,7 +55,13 @@ $(TARGET) : @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE) ifeq "$(STAGE)" "toolchain" - cd $(DIR_APP) && ./configure --prefix=$(TOOLS_DIR) + # We need -D_GNU_SOURCE because this version of M4 has a bug in gnulib (or + # possibly autoconf) that doesn't recognise that we have asprintf() in libc. + cd $(DIR_APP) && \ + CPPFLAGS="-D_GNU_SOURCE" \ + ./configure \ + $(CONFIGURE_ARCH) \ + --prefix=$(TOOLS_DIR) cd $(DIR_APP) && make $(PARALLELISMFLAGS) cd $(DIR_APP) && make install endif diff --git a/lfs/make b/lfs/make index aecaa12d5..046af34c5 100644 --- a/lfs/make +++ b/lfs/make @@ -55,7 +55,10 @@ $(TARGET) : @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE) ifeq "$(STAGE)" "toolchain" - cd $(DIR_APP) && ./configure --prefix=$(TOOLS_DIR) + cd $(DIR_APP) && \ + ./configure \ + $(CONFIGURE_ARCH) \ + --prefix=$(TOOLS_DIR) cd $(DIR_APP) && make $(PARALLELISMFLAGS) cd $(DIR_APP) && make install endif diff --git a/lfs/mpfr b/lfs/mpfr index e11a48ff3..4ff57fbd0 100644 --- a/lfs/mpfr +++ b/lfs/mpfr @@ -53,27 +53,12 @@ $(objects) : $(TARGET) : @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE) - -ifeq "$(STAGE)" "toolchain" - cd $(DIR_APP) && ./configure \ - --prefix=$(TOOLS_DIR) \ - --enable-thread-safe \ - --disable-shared \ - --enable-static \ - --with-gmp=$(TOOLS_DIR) + cd $(DIR_APP) && \ + ./configure \ + --prefix=/usr \ + --enable-thread-safe \ + --disable-static cd $(DIR_APP) && make $(PARALLELISMFLAGS) cd $(DIR_APP) && make install -endif - -ifeq "$(STAGE)" "base" - cd $(DIR_APP) && ./configure \ - --prefix=/usr \ - --enable-thread-safe \ - --disable-shared \ - --enable-static - cd $(DIR_APP) && make $(PARALLELISMFLAGS) - cd $(DIR_APP) && make install -endif - @rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/lfs/ncurses b/lfs/ncurses index 1ad12a666..3e0175d50 100644 --- a/lfs/ncurses +++ b/lfs/ncurses @@ -25,7 +25,7 @@ include Config PKG_NAME = ncurses -VER = 5.6 +VER = 5.7 THISAPP = $(PKG_NAME)-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -55,15 +55,27 @@ $(TARGET) : @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) ifeq "$(STAGE)" "toolchain" - cd $(DIR_APP) && ./configure --prefix=$(TOOLS_DIR) --with-shared \ - --without-debug --without-ada --enable-overwrite - + # We need wide character support for the Linux kernel menuconfig. + # --enable-symlinks installs the 'tic' program as a symbolic link (why not). + # --disable-root-environ restricts some environment variables, like TERMINFO, + # when running as root, so it can not be customized (why not). + cd $(DIR_APP) && \ + ./configure \ + $(CONFIGURE_ARCH) \ + --prefix=$(TOOLS_DIR) \ + --with-shared \ + --without-debug \ + --without-ada \ + --enable-overwrite \ + --enable-widec \ + --without-cxx-binding \ + --enable-symlinks \ + --disable-root-environ cd $(DIR_APP) && make $(PARALLELISMFLAGS) cd $(DIR_APP) && make install endif ifeq "$(STAGE)" "base" - cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-coverity_fixes-1.patch cd $(DIR_APP) && \ ./configure \ --prefix=/usr \ diff --git a/lfs/patch b/lfs/patch index db60cf0cb..69788b5dc 100644 --- a/lfs/patch +++ b/lfs/patch @@ -54,16 +54,22 @@ $(TARGET) : @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + # Some fixes: cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-fixes-1.patch + # Get rid of mktemp(3): + cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-mkstemp-1.patch + ifeq "$(STAGE)" "toolchain" - cd $(DIR_APP) && ./configure --prefix=$(TOOLS_DIR) + cd $(DIR_APP) && \ + ./configure \ + $(CONFIGURE_ARCH) \ + --prefix=$(TOOLS_DIR) cd $(DIR_APP) && make $(PARALLELISMFLAGS) cd $(DIR_APP) && make install endif ifeq "$(STAGE)" "base" - cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-mkstemp-1.patch cd $(DIR_APP) && ./configure --prefix=/usr cd $(DIR_APP) && make $(PARALLELISMFLAGS) cd $(DIR_APP) && make install diff --git a/lfs/perl b/lfs/perl index d4eabb4b0..5b185f4c8 100644 --- a/lfs/perl +++ b/lfs/perl @@ -40,7 +40,6 @@ XMLPARSER = XML-Parser-2.34 ############################################################################### objects = $(DL_FILE) \ - $(THISAPP)-libc-1.patch \ $(THISAPP)-page-1.patch \ $(THISAPP)-security_fix-1.patch \ $(XMLPARSER).tar.gz @@ -58,22 +57,34 @@ $(objects) : $(TARGET) : @$(PREBUILD) - @rm -rf $(DIR_APP) $(DIR_SRC)/$(XMLPARSER) && \ - cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + @rm -rf $(DIR_SRC)/perl* && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + -mkdir -v $(DIR_SRC)/perl-build ifeq "$(STAGE)" "toolchain" - cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-libc-1.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-page-1.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_PATCHES)/$(THISAPP)-security_fix-1.patch cd $(DIR_APP) && sed -i 's/command /command[ -]/' makedepend.SH - cd $(DIR_APP) && ./configure.gnu --prefix=$(TOOLS_DIR) -Dstatic_ext='Data/Dumper Fcntl IO POSIX' - - cd $(DIR_APP) && make perl utilities ext/Errno/pm_to_blib $(PARALLELISMFLAGS) - - cd $(DIR_APP) && cp -v perl pod/pod2man $(TOOLS_DIR)/bin - -mkdir -pv $(TOOLS_DIR)/lib/perl5/$(VER) - cd $(DIR_APP) && cp -Rv lib/* $(TOOLS_DIR)/lib/perl5/$(VER) + # -Dlibc, locincpth, loclibpth, glibpth, and usrinc, are equivilent to the LFS + # Perl libc patch. + + # ./Configure is used instead of ./configure.gnu because it supports builds + # from an object directory. -Dmksymlinks is also used, to support read-only + # sources. -d -e are added to accept all defaults, otherwise ./Configure will + # be interactive. + cd $(DIR_SRC)/perl-build && \ + $(DIR_APP)/Configure \ + -Dcc=$(IFS_TARGET)-gcc \ + -Dprefix=$(TOOLS_DIR) \ + -Dlibc=$(TOOLS_DIR)/lib/libc-2.8.so \ + -Ulocincpth \ + -Uloclibpth \ + -Dglibpth="$(TOOLS_DIR)/lib" \ + -Dusrinc="$(TOOLS_DIR)/include" \ + -Dmksymlinks \ + -d -e + cd $(DIR_SRC)/perl-build && make $(PARALLELISMFLAGS) + cd $(DIR_SRC)/perl-build && make LNS="cp" install endif ifeq "$(STAGE)" "base" @@ -106,5 +117,5 @@ ifeq "$(STAGE)" "ipfire" cd $(DIR_SRC)/$(XMLPARSER) && make install endif - @rm -rf $(DIR_APP) $(DIR_SRC)/$(XMLPARSER) + @rm -rf $(DIR_SRC)/perl* @$(POSTBUILD) diff --git a/lfs/sed b/lfs/sed index ad418ea9f..29514b6ac 100644 --- a/lfs/sed +++ b/lfs/sed @@ -55,7 +55,10 @@ $(TARGET) : @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) ifeq "$(STAGE)" "toolchain" - cd $(DIR_APP) && ./configure --prefix=$(TOOLS_DIR) + cd $(DIR_APP) && \ + ./configure \ + $(CONFIGURE_ARCH) \ + --prefix=$(TOOLS_DIR) endif ifeq "$(STAGE)" "base" diff --git a/lfs/stage1 b/lfs/stage1 index 8b12af55c..ca85a3a93 100644 --- a/lfs/stage1 +++ b/lfs/stage1 @@ -45,5 +45,5 @@ download : $(TARGET) : @$(PREBUILD) - + -mkdir -p $(TOOLS_DIR)/usr/bin @$(POSTBUILD) diff --git a/lfs/strip b/lfs/strip index 9f65b63d1..40d8f49ed 100644 --- a/lfs/strip +++ b/lfs/strip @@ -49,7 +49,8 @@ ifeq "$(STAGE)" "toolchain" -strip --strip-all $(TOOLS_DIR)/{,usr/}{,s}bin/* -rm -rf $(TOOLS_DIR)/{,share/}{info,man} \ $(TOOLS_DIR)/usr/{share,man,info} \ - $(TOOLS_DIR)/share/locale/* + $(TOOLS_DIR)/share/locale/* \ + $(TOOLS_DIR)/var chown -R root:root $(LFS)$(TOOLS_DIR) endif diff --git a/lfs/tar b/lfs/tar index d250e4ee8..c9b3edc36 100644 --- a/lfs/tar +++ b/lfs/tar @@ -55,7 +55,12 @@ $(TARGET) : @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE) ifeq "$(STAGE)" "toolchain" - cd $(DIR_APP) && ./configure --prefix=$(TOOLS_DIR) + # Normally the 'rmt' programs goes in sbin/. + cd $(DIR_APP) && \ + ./configure \ + $(CONFIGURE_ARCH) \ + --prefix=$(TOOLS_DIR) \ + --libexecdir=$(TOOLS_DIR)/bin cd $(DIR_APP) && make $(PARALLELISMFLAGS) cd $(DIR_APP) && make install endif diff --git a/lfs/texinfo b/lfs/texinfo index 076e08617..fa888acad 100644 --- a/lfs/texinfo +++ b/lfs/texinfo @@ -55,7 +55,11 @@ $(TARGET) : @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) ifeq "$(STAGE)" "toolchain" - cd $(DIR_APP) && ./configure --prefix=$(TOOLS_DIR) + cd $(DIR_APP) && \ + LDFLAGS="-lncursesw" \ + ./configure \ + $(CONFIGURE_ARCH) \ + --prefix=$(TOOLS_DIR) cd $(DIR_APP) && make $(PARALLELISMFLAGS) cd $(DIR_APP) && make install endif diff --git a/lfs/util-linux-ng b/lfs/util-linux-ng index 8c3a79db9..0ee640253 100644 --- a/lfs/util-linux-ng +++ b/lfs/util-linux-ng @@ -55,7 +55,12 @@ $(TARGET) : @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE) ifeq "$(STAGE)" "toolchain" - cd $(DIR_APP) && ./configure --prefix=$(TOOLS_DIR) + # There's a bug with this version of Util-linux-ng and the E2fsprogs version + # we installed, so -luuid needs to be added. + cd $(DIR_APP) && \ + ./configure \ + $(CONFIGURE_ARCH) \ + --prefix=$(TOOLS_DIR) cd $(DIR_APP) && make -C mount mount umount $(PARALLELISMFLAGS) cd $(DIR_APP) && make -C text-utils more $(PARALLELISMFLAGS) cd $(DIR_APP) && cp -v mount/{,u}mount text-utils/more $(TOOLS_DIR)/bin diff --git a/make.sh b/make.sh index cf0c82b93..c08682120 100755 --- a/make.sh +++ b/make.sh @@ -48,19 +48,18 @@ toolchain_build() { build_spy stage ${STAGE} toolchain_make stage1 + #toolchain_make scripts # make distcc first so that CCACHE_PREFIX works immediately [ -z "$DISTCC_HOSTS" ] || toolchain_make distcc toolchain_make ccache - toolchain_make gmp - toolchain_make mpfr - toolchain_make linux toolchain_make binutils PASS=1 toolchain_make gcc PASS=1 + toolchain_make linux toolchain_make glibc toolchain_make adjust-toolchain toolchain_make test-toolchain PASS=1 - toolchain_make binutils PASS=2 toolchain_make gcc PASS=2 + toolchain_make binutils PASS=2 toolchain_make test-toolchain PASS=2 toolchain_make ncurses toolchain_make bash @@ -103,8 +102,6 @@ base_build() { ipfire_make stage2 ipfire_make scripts - ipfire_make gmp - ipfire_make mpfr ipfire_make linux ipfire_make man-pages ipfire_make glibc @@ -139,6 +136,7 @@ base_build() { ipfire_make file ipfire_make findutils ipfire_make flex + ipfire_make gmp ipfire_make grub ipfire_make gawk ipfire_make grep @@ -152,6 +150,7 @@ base_build() { ipfire_make less ipfire_make man-db ipfire_make module-init-tools + ipfire_make mpfr ipfire_make patch ipfire_make psmisc ipfire_make shadow diff --git a/src/rootfiles/core/02.gmp b/src/rootfiles/core/02.gmp index 6f371a3f9..7879e7c97 100644 --- a/src/rootfiles/core/02.gmp +++ b/src/rootfiles/core/02.gmp @@ -16,7 +16,6 @@ usr/lib/libgmpxx.so.4.0.2 usr/lib/libmp.so usr/lib/libmp.so.3 usr/lib/libmp.so.3.1.11 -#usr/share/info/dir #usr/share/info/gmp.info #usr/share/info/gmp.info-1 #usr/share/info/gmp.info-2 diff --git a/src/rootfiles/core/02.ncurses b/src/rootfiles/core/02.ncurses index aeff04a75..636f66b77 100644 --- a/src/rootfiles/core/02.ncurses +++ b/src/rootfiles/core/02.ncurses @@ -1,5 +1,5 @@ lib/libncursesw.so.5 -lib/libncursesw.so.5.6 +lib/libncursesw.so.5.7 #usr/bin/captoinfo #usr/bin/clear #usr/bin/infocmp diff --git a/tools/make-constants b/tools/make-constants index 570daca99..477b2faac 100644 --- a/tools/make-constants +++ b/tools/make-constants @@ -26,7 +26,7 @@ # Default target TARGET=i686 -POSSIBLE_TARGETS="i586 i686 via-c3 via-c7 geodelx" +POSSIBLE_TARGETS="i486 i586 i686 via-c3 via-c7 geodelx" # Configuration rootdir CONFIG_ROOT=/etc/$SNAME @@ -108,21 +108,21 @@ elif [ 'via-c7' = $TARGET ]; then MACHINE=i686 MACHINE_REAL=${MACHINE_REAL} LINKER=/lib/ld-linux.so.2 - IFS_TARGET="${MACHINE}-pc-linux-gnu" + IFS_TARGET="${MACHINE}-via-linux-gnu" CFLAGS="-march=${MACHINE} -mmmx -msse -msse2 -msse3 -O2 -pipe" CXXFLAGS="${CFLAGS}" elif [ 'via-c3' = $TARGET ]; then MACHINE=i586 MACHINE_REAL=${MACHINE_REAL} LINKER=/lib/ld-linux.so.2 - IFS_TARGET="${MACHINE}-pc-linux-gnu" + IFS_TARGET="${MACHINE}-via-linux-gnu" CFLAGS="-march=c3 -m3dnow -O2 -pipe -fomit-frame-pointer" CXXFLAGS="${CFLAGS}" elif [ 'geodelx' = $TARGET ]; then MACHINE=i586 MACHINE_REAL=${MACHINE_REAL} LINKER=/lib/ld-linux.so.2 - IFS_TARGET="${MACHINE}-pc-linux-gnu" + IFS_TARGET="${MACHINE}-geode-linux-gnu" CFLAGS="-march=geode -Os -pipe -fomit-frame-pointer" CXXFLAGS="${CFLAGS}" else