| 1 |
> Sent: Tuesday, December 23, 2014 at 5:32 PM |
| 2 |
> From: veovis <veovis@×××××.fr> |
| 3 |
> To: gentoo-hardened@l.g.o |
| 4 |
> Subject: [gentoo-hardened] [musl] A bunch of new compatibles ebuilds for musl |
| 5 |
> |
| 6 |
> Hi everyone, |
| 7 |
> |
| 8 |
> I recently saw the hardened musl project so I wanted to play with it for |
| 9 |
> my router. |
| 10 |
> |
| 11 |
> My platform: CHOST="x86_64-gentoo-linux-musl" |
| 12 |
> |
| 13 |
> There is a list of ebuilds taken from official portage I modified to |
| 14 |
> successfully compile for musl without breaking the compatibility with |
| 15 |
> other CHOST: |
| 16 |
> * app-admin/logrotate |
| 17 |
> * app-misc/screen |
| 18 |
> * net-analyzer/snort |
| 19 |
> * net-firewall/arptables |
| 20 |
> * net-firewall/ebtables |
| 21 |
> * net-libs/daq |
| 22 |
> * net-libs/libnetfiler_queue |
| 23 |
> * net-libs/libnfnetlink |
| 24 |
> * net-libs/libtirpc |
| 25 |
> * net-misc/dhcp |
| 26 |
> * net-misc/iperf |
| 27 |
> * net-misc/openvpn-2.3.6 |
| 28 |
> * sys-apps/hwinfo |
| 29 |
> * sys-apps/iproute2 |
| 30 |
> * sys-apps/lm_sensors |
| 31 |
> * sys-apps/watchdog |
| 32 |
> * sys-boot/grub:2 |
| 33 |
> * sys-fs/btrfs-progs |
| 34 |
> * sys-libs/musl |
| 35 |
> * sys-process/lsof |
| 36 |
> * www-servers/nginx |
| 37 |
> |
| 38 |
> I have modified libtirpc so it is the default rpc include files provider |
| 39 |
> for musl. glibc and ulibc provides rpc, musl not. |
| 40 |
> |
| 41 |
> With recent releases of binutils, musl fail to correctly find libraries |
| 42 |
> as described here: |
| 43 |
> http://git.musl-libc.org/cgit/musl/commit/src/ldso/dynlink.c?id=d8dc2b7c0289b12eeef4feff65e3c918111b0f55 |
| 44 |
> |
| 45 |
> This is the case with /usr/bin/man provided in the current experimental |
| 46 |
> stage3 where musl does not found libmandb or libman without the patch or |
| 47 |
> without defining LD_LIBRARY_PATH: |
| 48 |
> localhost kveer # ldd /usr/bin/man |
| 49 |
> /lib/ld-musl-x86_64.so.1 (0x317c90c4000) |
| 50 |
> libmandb-2.6.6.so => /usr/lib/man-db/libmandb-2.6.6.so |
| 51 |
> (0x317c8ca1000) |
| 52 |
> libman-2.6.6.so => /usr/lib/man-db/libman-2.6.6.so |
| 53 |
> (0x317c8a68000) |
| 54 |
> libpipeline.so.1 => /usr/lib/libpipeline.so.1 (0x317c8858000) |
| 55 |
> libc.so => /lib/ld-musl-x86_64.so.1 (0x317c90c4000) |
| 56 |
> libgdbm.so.4 => /usr/lib/libgdbm.so.4 (0x317c864c000) |
| 57 |
> libz.so.1 => /lib/libz.so.1 (0x317c8434000) |
| 58 |
> |
| 59 |
> Finally, musl does not come with a distinct ldd tool and is missing on |
| 60 |
> the stage3. As described by the musl maintener, ldd is available making |
| 61 |
> a symbolic link to the main lib: |
| 62 |
> localhost kveer # ll /usr/bin/ldd |
| 63 |
> lrwxrwxrwx 1 root root 24 Dec 23 16:11 /usr/bin/ldd -> |
| 64 |
> /lib/ld-musl-x86_64.so.1 |
| 65 |
> |
| 66 |
> For now, everything compiles fine but I don't know yet if all is working |
| 67 |
> properly. |
| 68 |
> |
| 69 |
> I put everything on my personal repo here: |
| 70 |
> https://github.com/LordVeovis/gentoo (starting from |
| 71 |
> 176c1d4dd1f7064d0c378e6b37034f7b604e04a2) but let me know how you want |
| 72 |
> to proceed for all of this or if my way of patching is incorrect. |
| 73 |
> |
| 74 |
> |
| 75 |
|
| 76 |
Greetings, |
| 77 |
|
| 78 |
note that sys-boot/grub:2, net-libs/libtirpc and net-misc/dhcp have already bugs in bugzilla on this matter which either patches or explanations. |
| 79 |
might worthwhile to check bugzilla before starting to work on a pkg. |
| 80 |
|
| 81 |
Dagg. |
Archives