1 |
Quite impressive Peter. |
2 |
I have mirrored your files to |
3 |
http://dev.gentoo.org/~solar/uclibc/peter_mirror/portage-uclibc-overlay-20040614.tar.bz2 |
4 |
and exploded the tarball to |
5 |
http://dev.gentoo.org/~solar/uclibc/peter_mirror/portage-uclibc/ |
6 |
then diffed out the .org files and the .ebuilds the ebuild's patch is |
7 |
here |
8 |
http://dev.gentoo.org/~solar/uclibc/peter_mirror/portage-uclibc-ebuilds-20040614.patch |
9 |
and the profile/script data is here |
10 |
http://dev.gentoo.org/~solar/uclibc/peter_mirror/org-uclibc-20040614.patch |
11 |
|
12 |
This will be quite a bit of an undertaking I'm hoping mutex, dragonheat |
13 |
can help with some of these commits. |
14 |
|
15 |
How may megs is your resulting stage/images after the initial bootstrap |
16 |
process? |
17 |
|
18 |
I'm CC: the hardened mailing list as others there may have an interest |
19 |
in your work as this uses the hardened profile and all :) |
20 |
|
21 |
On Mon, 2004-06-14 at 19:25, Peter S. Mazinger wrote: |
22 |
> Hello! |
23 |
> |
24 |
> This is the overlay directory I used parallel to portage (it has to be |
25 |
> there for now, else the included links won't work), that allowed me to |
26 |
> build gentoo fully uclibc based (starting from a buildroot config, |
27 |
> building manually python/portage, running emerge sync ...) |
28 |
> |
29 |
> 1. the files directories have only new files and links to the originally |
30 |
> used (for x86), the digest/Manifest files were needed to rebuild fully |
31 |
> with these configs as an overlay directory, the links because portage |
32 |
> can't handle "properly (my opinion)" the overlay directory |
33 |
> |
34 |
> 2. the ebuilds can be diffed to the corresponding version (as of emerge |
35 |
> sync 20040613) to see what I have done |
36 |
> |
37 |
> 3. some of the changes are not directly uclibc related, they correct |
38 |
> typos etc. in the originals, add support to build w/o nls, or strip down |
39 |
> the package somewhat |
40 |
> |
41 |
> 4. the directories profiles, scripts include the original version (*.org) |
42 |
> of files too, the new ones have to be copied over the original tree, the |
43 |
> overlay support does not allow to have these files at another location. |
44 |
> |
45 |
> 5. distfiles include new patches for binutils-2.14.90/15.91 and gcc-3.3.3 |
46 |
> (these have to be copied to the main distfiles, because again the overlay |
47 |
> structure does not support it in another location) |
48 |
> |
49 |
> 6. I haven't tried yet cascaded profiles, the only profile tested is what |
50 |
> I delivered. |
51 |
> |
52 |
> 7. it builds as it is (haven't tried w/ nls, and that is not really |
53 |
> correct in uclibc yet), don't enable nls for now |
54 |
> |
55 |
> 8. stage building and bootstraping was not tested, because I didn't find |
56 |
> an "elegant" way to make a stage1/2/3 from .tbz2 files (any help |
57 |
> appreciated, then I could also provide a stage1) |
58 |
> |
59 |
> 9. for now gettext, yacc (replaced by bison -y), ncompress |
60 |
> (uncompress replaced by gzip), bc, bin86, groff, man[-pages] are not a |
61 |
> part of an 'emerge system', cracklib got support for gzipped files (so |
62 |
> miscfiles is much smaller), w/o groff and man-pages it is not a |
63 |
> requirement to have c++ compiler either (this is not implemented, should |
64 |
> probably be a flag in gcc, like f77, objc), gnuconfig_update is only |
65 |
> needed where configure is run directly, not by econf (econf is hacked to |
66 |
> provide the same functionality, as gnuconfig_update), ncurses does not |
67 |
> deliver the addon libraries (menu,panel,form). Some told me that gettext |
68 |
> can't be removed, else autotools won't run, well I think, the .m4 from |
69 |
> gettext could be added to autotools, and than it should be no problem w/o |
70 |
> it. |
71 |
> |
72 |
> 10. added also my make.conf and package.keywords, to show which versions |
73 |
> where used, the most is stable stuff, but some have to be ~x86. |
74 |
> |
75 |
> 11. mainly the shared libs will have problems, to add support for new |
76 |
> libs, look at the libtool patches (ltconfig-uclibc for older configures |
77 |
> and libtool-1.4.3-uclibc for newer ones) |
78 |
> |
79 |
> 12. be aware that you have to build the buildroot w/ the same config (and |
80 |
> patches), as deduced from the uclibc.ebuild (using in both places the |
81 |
> same cvs too). Do not start from uclibc-0.9.26 stable, because it is not |
82 |
> binary compatible w/ the current cvs. |
83 |
> |
84 |
> 13. hardened stuff: gcc uses pie and ssp, but relro/now are disabled, |
85 |
> relro is also completely removed from binutils, uclibc does not have |
86 |
> support for it (any volunteer to add this to the uclibc's ldso?) |
87 |
> |
88 |
> 14. CHOST has to be set to *linux-uclibc (not linux-gnu) |
89 |
> |
90 |
> Peter |
91 |
-- |
92 |
Ned Ludd <solar@g.o> |
93 |
Gentoo (hardened,security,infrastructure,embedded,toolchain) Developer |