Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: "Peter S. Mazinger" <ps.m@×××.net>
To: Ned Ludd <solar@g.o>
Cc: gentoo-embedded@l.g.o, gentoo-hardened@l.g.o
Subject: [gentoo-hardened] Re: uclibc base system
Date: Tue, 15 Jun 2004 16:56:41
Message-Id: Pine.LNX.4.44.0406151844520.17560-100000@lnx.bridge.intra
In Reply to: [gentoo-hardened] Re: uclibc base system by Ned Ludd
1 On 15 Jun 2004, Ned Ludd wrote:
2
3 > I've mirrored two more of the files you have sent me to the following
4 > location so others can get to them.
5 > http://dev.gentoo.org/~solar/uclibc/peter_mirror/uClibc-0.9.26-cvs-update-20040613.patch.bz2
6 > http://dev.gentoo.org/~solar/uclibc/peter_mirror/uClibc-0.9.26-patches-1.0.tar.bz2
7 >
8 > I've merged a small portion of the app-arch -> sys-apps
9 > .ebuilds+uclibc/nls diffs last night till I about passed out.
10 >
11 > Saving binutils/gcc/uclibc for last.
12 > All the .ebuilds with use uclibc &&|| in the global context or requiring
13 > changes to virtual/* or PROVIDE= will likely be the ones that will take
14 > me/us longer to get in. I want ask SpanKY/vapier to QA those parts.
15
16 The PROVIDE="" statement does not allow following
17 PROVIDE="somecondition? ( ... )", like [P]DEPEND, it adds faulty entries
18 to /var/cache/edb/virtuals, that's why I used
19
20 use somecondition && PROVIDE="${PROVIDE} ..."
21
22 For the libtool.m4, ltconfig, acinclude.m4, aclocal.m4, configure,
23 configure.ac patches we should really put that into probably elibtoolize
24 (maybe w/ --uclibc?) it is needed too often, and if you do not look deeply
25 at configure time, you'll end up most of the time building only static
26 libs, because the tools do not recognize the shared capability.
27
28 Peter
29
30 >
31 > On Tue, 2004-06-15 at 09:13, Peter S. Mazinger wrote:
32 > > On 15 Jun 2004, Ned Ludd wrote:
33 > >
34 > > > Quite impressive Peter.
35 > > > I have mirrored your files to
36 > > > http://dev.gentoo.org/~solar/uclibc/peter_mirror/portage-uclibc-overlay-20040614.tar.bz2
37 > > > and exploded the tarball to
38 > > > http://dev.gentoo.org/~solar/uclibc/peter_mirror/portage-uclibc/
39 > > > then diffed out the .org files and the .ebuilds the ebuild's patch is
40 > > > here
41 > > > http://dev.gentoo.org/~solar/uclibc/peter_mirror/portage-uclibc-ebuilds-20040614.patch
42 > >
43 > > this is what I really meant, so others can check what changed
44 > >
45 > > > and the profile/script data is here
46 > >
47 > > the script data is yet untested, I have only removed glibc reference from
48 > > there
49 > >
50 > > > http://dev.gentoo.org/~solar/uclibc/peter_mirror/org-uclibc-20040614.patch
51 > > > This will be quite a bit of an undertaking I'm hoping mutex, dragonheat
52 > > > can help with some of these commits.
53 > > >
54 > > > How may megs is your resulting stage/images after the initial bootstrap
55 > > > process?
56 > >
57 > > I can't really tell, I do not have managed to build stages (any help
58 > > appreciated how to do it from tbz2 files), and my env. has left over files
59 > > from my earlier rpms (wouldn't be relevant if counted)
60 > >
61 > > I can tell that the packages/All directory is 58MB (for emerge system) +
62 > > ccache, catalyst
63 > >
64 > > bigger than 1MB are kbd (the keyboard files are next candidates to strip
65 > > down),miscfiles(although stripped, gzipped), ncurses (although not so
66 > > many terminfo files, and no additional libs, like menu,panel,form), db4,
67 > > automake
68 > > bigger than 2MB are libperl, openssl
69 > > bigger than 3MB are binutils
70 > > bigger than 4MB are python
71 > > bigger than 12MB gcc, perl (13MB)
72 > >
73 > > Is there some way to query portage to tell how much the installed stuff
74 > > is?
75 > >
76 > > I haven't checked how much of this is man-pages and info-files, if the
77 > > binaries are really stripped all of them where possible.
78 > >
79 > > I have attached 2 missing files from distfiles (for uClibc)
80 > >
81 > > Busybox is not used at all yet.
82 > >
83 > > There are some things that have to be decide:
84 > > 1. will gcc get a c++ use flag?
85 > > 2. should groff/man/man-pages/info/install-info be in a stage3
86 > > 3. should ncurses include the full stuff (all libs)
87 > > 4. I would remove all the *.so handling by scripts, if they are installed
88 > > in /lib, they really only should be installed directly into /usr/lib.
89 > > 5. what to do w/ perl (mini/micro-perl are alternatives for the build
90 > > system (autotools should work w/ it) but not for a full featured one, no
91 > > support for addons)
92 > > 6. gettext: as I already said, I would put the *.m4 files into autotools
93 > > and remove gettext from the stages
94 > > 7. locale/nls support: the current only usable variant is to have uClibc
95 > > w/o locale support, and use libintl.{a,h,so} from gettext.
96 > >
97 > > Peter
98 > >
99 > > > I'm CC: the hardened mailing list as others there may have an interest
100 > > > in your work as this uses the hardened profile and all :)
101 > > >
102 > > > On Mon, 2004-06-14 at 19:25, Peter S. Mazinger wrote:
103 > > > > Hello!
104 > > > >
105 > > > > This is the overlay directory I used parallel to portage (it has to be
106 > > > > there for now, else the included links won't work), that allowed me to
107 > > > > build gentoo fully uclibc based (starting from a buildroot config,
108 > > > > building manually python/portage, running emerge sync ...)
109 > > > >
110 > > > > 1. the files directories have only new files and links to the originally
111 > > > > used (for x86), the digest/Manifest files were needed to rebuild fully
112 > > > > with these configs as an overlay directory, the links because portage
113 > > > > can't handle "properly (my opinion)" the overlay directory
114 > > > >
115 > > > > 2. the ebuilds can be diffed to the corresponding version (as of emerge
116 > > > > sync 20040613) to see what I have done
117 > > > >
118 > > > > 3. some of the changes are not directly uclibc related, they correct
119 > > > > typos etc. in the originals, add support to build w/o nls, or strip down
120 > > > > the package somewhat
121 > > > >
122 > > > > 4. the directories profiles, scripts include the original version (*.org)
123 > > > > of files too, the new ones have to be copied over the original tree, the
124 > > > > overlay support does not allow to have these files at another location.
125 > > > >
126 > > > > 5. distfiles include new patches for binutils-2.14.90/15.91 and gcc-3.3.3
127 > > > > (these have to be copied to the main distfiles, because again the overlay
128 > > > > structure does not support it in another location)
129 > > > >
130 > > > > 6. I haven't tried yet cascaded profiles, the only profile tested is what
131 > > > > I delivered.
132 > > > >
133 > > > > 7. it builds as it is (haven't tried w/ nls, and that is not really
134 > > > > correct in uclibc yet), don't enable nls for now
135 > > > >
136 > > > > 8. stage building and bootstraping was not tested, because I didn't find
137 > > > > an "elegant" way to make a stage1/2/3 from .tbz2 files (any help
138 > > > > appreciated, then I could also provide a stage1)
139 > > > >
140 > > > > 9. for now gettext, yacc (replaced by bison -y), ncompress
141 > > > > (uncompress replaced by gzip), bc, bin86, groff, man[-pages] are not a
142 > > > > part of an 'emerge system', cracklib got support for gzipped files (so
143 > > > > miscfiles is much smaller), w/o groff and man-pages it is not a
144 > > > > requirement to have c++ compiler either (this is not implemented, should
145 > > > > probably be a flag in gcc, like f77, objc), gnuconfig_update is only
146 > > > > needed where configure is run directly, not by econf (econf is hacked to
147 > > > > provide the same functionality, as gnuconfig_update), ncurses does not
148 > > > > deliver the addon libraries (menu,panel,form). Some told me that gettext
149 > > > > can't be removed, else autotools won't run, well I think, the .m4 from
150 > > > > gettext could be added to autotools, and than it should be no problem w/o
151 > > > > it.
152 > > > >
153 > > > > 10. added also my make.conf and package.keywords, to show which versions
154 > > > > where used, the most is stable stuff, but some have to be ~x86.
155 > > > >
156 > > > > 11. mainly the shared libs will have problems, to add support for new
157 > > > > libs, look at the libtool patches (ltconfig-uclibc for older configures
158 > > > > and libtool-1.4.3-uclibc for newer ones)
159 > > > >
160 > > > > 12. be aware that you have to build the buildroot w/ the same config (and
161 > > > > patches), as deduced from the uclibc.ebuild (using in both places the
162 > > > > same cvs too). Do not start from uclibc-0.9.26 stable, because it is not
163 > > > > binary compatible w/ the current cvs.
164 > > > >
165 > > > > 13. hardened stuff: gcc uses pie and ssp, but relro/now are disabled,
166 > > > > relro is also completely removed from binutils, uclibc does not have
167 > > > > support for it (any volunteer to add this to the uclibc's ldso?)
168 > > > >
169 > > > > 14. CHOST has to be set to *linux-uclibc (not linux-gnu)
170 > > > >
171 > > > > Peter
172 > > >
173 >
174
175 --
176 Peter S. Mazinger <ps dot m at gmx dot net> ID: 0xA5F059F2
177 Key fingerprint = 92A4 31E1 56BC 3D5A 2D08 BB6E C389 975E A5F0 59F2
178
179
180 ____________________________________________________________________
181 Miert fizetsz az internetert? Korlatlan, ingyenes internet hozzaferes a FreeStarttol.
182 Probald ki most! http://www.freestart.hu
183
184 --
185 gentoo-hardened@g.o mailing list

Replies

Subject Author
Re: [gentoo-hardened] Re: uclibc base system Ned Ludd <solar@g.o>
Report Message
Find on MARC Find on Google Groups