[gentoo-hardened] Re: uclibc base system - gentoo-hardened

From:	"Peter S. Mazinger" <ps.m@×××.net>
To:	Ned Ludd <solar@g.o>
Cc:	gentoo-embedded@l.g.o, gentoo-hardened@l.g.o
Subject:	[gentoo-hardened] Re: uclibc base system
Date:	Tue, 15 Jun 2004 15:33:15
Message-Id:	`Pine.LNX.4.44.0406151658560.13775-100000@lnx.bridge.intra`

1

On Tue, 15 Jun 2004, Peter S. Mazinger wrote:

2

3

> On 15 Jun 2004, Ned Ludd wrote:

4

5

I have forgotten again, that the list won't accept the attachment, please 

6

put the files into distfiles

7

8

thanks, Peter

9

10

>

11

> > Quite impressive Peter.

12

> > I have mirrored your files to

13

> > http://dev.gentoo.org/~solar/uclibc/peter_mirror/portage-uclibc-overlay-20040614.tar.bz2

14

> > and exploded the tarball to

15

> > http://dev.gentoo.org/~solar/uclibc/peter_mirror/portage-uclibc/

16

> > then diffed out the .org files and the .ebuilds the ebuild's patch is

17

> > here

18

> > http://dev.gentoo.org/~solar/uclibc/peter_mirror/portage-uclibc-ebuilds-20040614.patch

19

>

20

> this is what I really meant, so others can check what changed

21

>

22

> > and the profile/script data is here

23

>

24

> the script data is yet untested, I have only removed glibc reference from

25

> there

26

>

27

> > http://dev.gentoo.org/~solar/uclibc/peter_mirror/org-uclibc-20040614.patch

28

> > This will be quite a bit of an undertaking I'm hoping mutex, dragonheat

29

> > can help with some of these commits.

30

> >

31

> > How may megs is your resulting stage/images after the initial bootstrap

32

> > process?

33

>

34

> I can't really tell, I do not have managed to build stages (any help

35

> appreciated how to do it from tbz2 files), and my env. has left over files

36

> from my earlier rpms (wouldn't be relevant if counted)

37

>

38

> I can tell that the packages/All directory is 58MB (for emerge system) +

39

> ccache, catalyst

40

>

41

> bigger than 1MB are kbd (the keyboard files are next candidates to strip

42

> down),miscfiles(although stripped, gzipped), ncurses (although not so

43

> many terminfo files, and no additional libs, like menu,panel,form), db4,

44

> automake

45

> bigger than 2MB are libperl, openssl

46

> bigger than 3MB are binutils

47

> bigger than 4MB are python

48

> bigger than 12MB gcc, perl (13MB)

49

>

50

> Is there some way to query portage to tell how much the installed stuff

51

> is?

52

>

53

> I haven't checked how much of this is man-pages and info-files, if the

54

> binaries are really stripped all of them where possible.

55

>

56

> I have attached 2 missing files from distfiles (for uClibc)

57

>

58

> Busybox is not used at all yet.

59

>

60

> There are some things that have to be decide:

61

> 1. will gcc get a c++ use flag?

62

> 2. should groff/man/man-pages/info/install-info be in a stage3

63

> 3. should ncurses include the full stuff (all libs)

64

> 4. I would remove all the *.so handling by scripts, if they are installed

65

> in /lib, they really only should be installed directly into /usr/lib.

66

> 5. what to do w/ perl (mini/micro-perl are alternatives for the build

67

> system (autotools should work w/ it) but not for a full featured one, no

68

> support for addons)

69

> 6. gettext: as I already said, I would put the *.m4 files into autotools

70

> and remove gettext from the stages

71

> 7. locale/nls support: the current only usable variant is to have uClibc

72

> w/o locale support, and use libintl.{a,h,so} from gettext.

73

>

74

> Peter

75

>

76

> > I'm CC: the hardened mailing list as others there may have an interest

77

> > in your work as this uses the hardened profile and all :)

78

> >

79

> > On Mon, 2004-06-14 at 19:25, Peter S. Mazinger wrote:

80

> > > Hello!

81

> > >

82

> > > This is the overlay directory I used parallel to portage (it has to be

83

> > > there for now, else the included links won't work), that allowed me to

84

> > > build gentoo fully uclibc based (starting from a buildroot config,

85

> > > building manually python/portage, running emerge sync ...)

86

> > >

87

> > > 1. the files directories have only new files and links to the originally

88

> > > used (for x86), the digest/Manifest files were needed to rebuild fully

89

> > > with these configs as an overlay directory, the links because portage

90

> > > can't handle "properly (my opinion)" the overlay directory

91

> > >

92

> > > 2. the ebuilds can be diffed to the corresponding version (as of emerge

93

> > > sync 20040613) to see what I have done

94

> > >

95

> > > 3. some of the changes are not directly uclibc related, they correct

96

> > > typos etc. in the originals, add support to build w/o nls, or strip down

97

> > > the package somewhat

98

> > >

99

> > > 4. the directories profiles, scripts include the original version (*.org)

100

> > > of files too, the new ones have to be copied over the original tree, the

101

> > > overlay support does not allow to have these files at another location.

102

> > >

103

> > > 5. distfiles include new patches for binutils-2.14.90/15.91 and gcc-3.3.3

104

> > > (these have to be copied to the main distfiles, because again the overlay

105

> > > structure does not support it in another location)

106

> > >

107

> > > 6. I haven't tried yet cascaded profiles, the only profile tested is what

108

> > > I delivered.

109

> > >

110

> > > 7. it builds as it is (haven't tried w/ nls, and that is not really

111

> > > correct in uclibc yet), don't enable nls for now

112

> > >

113

> > > 8. stage building and bootstraping was not tested, because I didn't find

114

> > > an "elegant" way to make a stage1/2/3 from .tbz2 files (any help

115

> > > appreciated, then I could also provide a stage1)

116

> > >

117

> > > 9. for now gettext, yacc (replaced by bison -y), ncompress

118

> > > (uncompress replaced by gzip), bc, bin86, groff, man[-pages] are not a

119

> > > part of an 'emerge system', cracklib got support for gzipped files (so

120

> > > miscfiles is much smaller), w/o groff and man-pages it is not a

121

> > > requirement to have c++ compiler either (this is not implemented, should

122

> > > probably be a flag in gcc, like f77, objc), gnuconfig_update is only

123

> > > needed where configure is run directly, not by econf (econf is hacked to

124

> > > provide the same functionality, as gnuconfig_update), ncurses does not

125

> > > deliver the addon libraries (menu,panel,form). Some told me that gettext

126

> > > can't be removed, else autotools won't run, well I think, the .m4 from

127

> > > gettext could be added to autotools, and than it should be no problem w/o

128

> > > it.

129

> > >

130

> > > 10. added also my make.conf and package.keywords, to show which versions

131

> > > where used, the most is stable stuff, but some have to be ~x86.

132

> > >

133

> > > 11. mainly the shared libs will have problems, to add support for new

134

> > > libs, look at the libtool patches (ltconfig-uclibc for older configures

135

> > > and libtool-1.4.3-uclibc for newer ones)

136

> > >

137

> > > 12. be aware that you have to build the buildroot w/ the same config (and

138

> > > patches), as deduced from the uclibc.ebuild (using in both places the

139

> > > same cvs too). Do not start from uclibc-0.9.26 stable, because it is not

140

> > > binary compatible w/ the current cvs.

141

> > >

142

> > > 13. hardened stuff: gcc uses pie and ssp, but relro/now are disabled,

143

> > > relro is also completely removed from binutils, uclibc does not have

144

> > > support for it (any volunteer to add this to the uclibc's ldso?)

145

> > >

146

> > > 14. CHOST has to be set to *linux-uclibc (not linux-gnu)

147

> > >

148

> > > Peter

149

> >

150

>

151

>

152

153

--

154

Peter S. Mazinger <ps dot m at gmx dot net>           ID: 0xA5F059F2

155

Key fingerprint = 92A4 31E1 56BC 3D5A 2D08  BB6E C389 975E A5F0 59F2

156

157

158

____________________________________________________________________

159

Miert fizetsz az internetert? Korlatlan, ingyenes internet hozzaferes a FreeStarttol.

160

Probald ki most! http://www.freestart.hu

161

162

--

163

gentoo-hardened@g.o mailing list

1	On Tue, 15 Jun 2004, Peter S. Mazinger wrote:
2
3	> On 15 Jun 2004, Ned Ludd wrote:
4
5	I have forgotten again, that the list won't accept the attachment, please
6	put the files into distfiles
7
8	thanks, Peter
9
10	>
11	> > Quite impressive Peter.
12	> > I have mirrored your files to
13	> > http://dev.gentoo.org/~solar/uclibc/peter_mirror/portage-uclibc-overlay-20040614.tar.bz2
14	> > and exploded the tarball to
15	> > http://dev.gentoo.org/~solar/uclibc/peter_mirror/portage-uclibc/
16	> > then diffed out the .org files and the .ebuilds the ebuild's patch is
17	> > here
18	> > http://dev.gentoo.org/~solar/uclibc/peter_mirror/portage-uclibc-ebuilds-20040614.patch
19	>
20	> this is what I really meant, so others can check what changed
21	>
22	> > and the profile/script data is here
23	>
24	> the script data is yet untested, I have only removed glibc reference from
25	> there
26	>
27	> > http://dev.gentoo.org/~solar/uclibc/peter_mirror/org-uclibc-20040614.patch
28	> > This will be quite a bit of an undertaking I'm hoping mutex, dragonheat
29	> > can help with some of these commits.
30	> >
31	> > How may megs is your resulting stage/images after the initial bootstrap
32	> > process?
33	>
34	> I can't really tell, I do not have managed to build stages (any help
35	> appreciated how to do it from tbz2 files), and my env. has left over files
36	> from my earlier rpms (wouldn't be relevant if counted)
37	>
38	> I can tell that the packages/All directory is 58MB (for emerge system) +
39	> ccache, catalyst
40	>
41	> bigger than 1MB are kbd (the keyboard files are next candidates to strip
42	> down),miscfiles(although stripped, gzipped), ncurses (although not so
43	> many terminfo files, and no additional libs, like menu,panel,form), db4,
44	> automake
45	> bigger than 2MB are libperl, openssl
46	> bigger than 3MB are binutils
47	> bigger than 4MB are python
48	> bigger than 12MB gcc, perl (13MB)
49	>
50	> Is there some way to query portage to tell how much the installed stuff
51	> is?
52	>
53	> I haven't checked how much of this is man-pages and info-files, if the
54	> binaries are really stripped all of them where possible.
55	>
56	> I have attached 2 missing files from distfiles (for uClibc)
57	>
58	> Busybox is not used at all yet.
59	>
60	> There are some things that have to be decide:
61	> 1. will gcc get a c++ use flag?
62	> 2. should groff/man/man-pages/info/install-info be in a stage3
63	> 3. should ncurses include the full stuff (all libs)
64	> 4. I would remove all the *.so handling by scripts, if they are installed
65	> in /lib, they really only should be installed directly into /usr/lib.
66	> 5. what to do w/ perl (mini/micro-perl are alternatives for the build
67	> system (autotools should work w/ it) but not for a full featured one, no
68	> support for addons)
69	> 6. gettext: as I already said, I would put the *.m4 files into autotools
70	> and remove gettext from the stages
71	> 7. locale/nls support: the current only usable variant is to have uClibc
72	> w/o locale support, and use libintl.{a,h,so} from gettext.
73	>
74	> Peter
75	>
76	> > I'm CC: the hardened mailing list as others there may have an interest
77	> > in your work as this uses the hardened profile and all :)
78	> >
79	> > On Mon, 2004-06-14 at 19:25, Peter S. Mazinger wrote:
80	> > > Hello!
81	> > >
82	> > > This is the overlay directory I used parallel to portage (it has to be
83	> > > there for now, else the included links won't work), that allowed me to
84	> > > build gentoo fully uclibc based (starting from a buildroot config,
85	> > > building manually python/portage, running emerge sync ...)
86	> > >
87	> > > 1. the files directories have only new files and links to the originally
88	> > > used (for x86), the digest/Manifest files were needed to rebuild fully
89	> > > with these configs as an overlay directory, the links because portage
90	> > > can't handle "properly (my opinion)" the overlay directory
91	> > >
92	> > > 2. the ebuilds can be diffed to the corresponding version (as of emerge
93	> > > sync 20040613) to see what I have done
94	> > >
95	> > > 3. some of the changes are not directly uclibc related, they correct
96	> > > typos etc. in the originals, add support to build w/o nls, or strip down
97	> > > the package somewhat
98	> > >
99	> > > 4. the directories profiles, scripts include the original version (*.org)
100	> > > of files too, the new ones have to be copied over the original tree, the
101	> > > overlay support does not allow to have these files at another location.
102	> > >
103	> > > 5. distfiles include new patches for binutils-2.14.90/15.91 and gcc-3.3.3
104	> > > (these have to be copied to the main distfiles, because again the overlay
105	> > > structure does not support it in another location)
106	> > >
107	> > > 6. I haven't tried yet cascaded profiles, the only profile tested is what
108	> > > I delivered.
109	> > >
110	> > > 7. it builds as it is (haven't tried w/ nls, and that is not really
111	> > > correct in uclibc yet), don't enable nls for now
112	> > >
113	> > > 8. stage building and bootstraping was not tested, because I didn't find
114	> > > an "elegant" way to make a stage1/2/3 from .tbz2 files (any help
115	> > > appreciated, then I could also provide a stage1)
116	> > >
117	> > > 9. for now gettext, yacc (replaced by bison -y), ncompress
118	> > > (uncompress replaced by gzip), bc, bin86, groff, man[-pages] are not a
119	> > > part of an 'emerge system', cracklib got support for gzipped files (so
120	> > > miscfiles is much smaller), w/o groff and man-pages it is not a
121	> > > requirement to have c++ compiler either (this is not implemented, should
122	> > > probably be a flag in gcc, like f77, objc), gnuconfig_update is only
123	> > > needed where configure is run directly, not by econf (econf is hacked to
124	> > > provide the same functionality, as gnuconfig_update), ncurses does not
125	> > > deliver the addon libraries (menu,panel,form). Some told me that gettext
126	> > > can't be removed, else autotools won't run, well I think, the .m4 from
127	> > > gettext could be added to autotools, and than it should be no problem w/o
128	> > > it.
129	> > >
130	> > > 10. added also my make.conf and package.keywords, to show which versions
131	> > > where used, the most is stable stuff, but some have to be ~x86.
132	> > >
133	> > > 11. mainly the shared libs will have problems, to add support for new
134	> > > libs, look at the libtool patches (ltconfig-uclibc for older configures
135	> > > and libtool-1.4.3-uclibc for newer ones)
136	> > >
137	> > > 12. be aware that you have to build the buildroot w/ the same config (and
138	> > > patches), as deduced from the uclibc.ebuild (using in both places the
139	> > > same cvs too). Do not start from uclibc-0.9.26 stable, because it is not
140	> > > binary compatible w/ the current cvs.
141	> > >
142	> > > 13. hardened stuff: gcc uses pie and ssp, but relro/now are disabled,
143	> > > relro is also completely removed from binutils, uclibc does not have
144	> > > support for it (any volunteer to add this to the uclibc's ldso?)
145	> > >
146	> > > 14. CHOST has to be set to *linux-uclibc (not linux-gnu)
147	> > >
148	> > > Peter
149	> >
150	>
151	>
152
153	--
154	Peter S. Mazinger <ps dot m at gmx dot net> ID: 0xA5F059F2
155	Key fingerprint = 92A4 31E1 56BC 3D5A 2D08 BB6E C389 975E A5F0 59F2
156
157
158	____________________________________________________________________
159	Miert fizetsz az internetert? Korlatlan, ingyenes internet hozzaferes a FreeStarttol.
160	Probald ki most! http://www.freestart.hu
161
162	--
163	gentoo-hardened@g.o mailing list

Gentoo Archives: gentoo-hardened