Gentoo Archives: gentoo-hardened

From: Ned Ludd <solar@g.o>
To: "Peter S. Mazinger" <ps.m@×××.net>
Cc: gentoo-embedded@l.g.o, gentoo-hardened@l.g.o
Subject: [gentoo-hardened] Re: uclibc base system
Date: Tue, 15 Jun 2004 15:55:09
Message-Id: 1087314661.14667.5.camel@simple
1 I've mirrored two more of the files you have sent me to the following
2 location so others can get to them.
3 http://dev.gentoo.org/~solar/uclibc/peter_mirror/uClibc-0.9.26-cvs-update-20040613.patch.bz2
4 http://dev.gentoo.org/~solar/uclibc/peter_mirror/uClibc-0.9.26-patches-1.0.tar.bz2
5
6 I've merged a small portion of the app-arch -> sys-apps
7 .ebuilds+uclibc/nls diffs last night till I about passed out.
8
9 Saving binutils/gcc/uclibc for last.
10 All the .ebuilds with use uclibc &&|| in the global context or requiring
11 changes to virtual/* or PROVIDE= will likely be the ones that will take
12 me/us longer to get in. I want ask SpanKY/vapier to QA those parts.
13
14 On Tue, 2004-06-15 at 09:13, Peter S. Mazinger wrote:
15 > On 15 Jun 2004, Ned Ludd wrote:
16 >
17 > > Quite impressive Peter.
18 > > I have mirrored your files to
19 > > http://dev.gentoo.org/~solar/uclibc/peter_mirror/portage-uclibc-overlay-20040614.tar.bz2
20 > > and exploded the tarball to
21 > > http://dev.gentoo.org/~solar/uclibc/peter_mirror/portage-uclibc/
22 > > then diffed out the .org files and the .ebuilds the ebuild's patch is
23 > > here
24 > > http://dev.gentoo.org/~solar/uclibc/peter_mirror/portage-uclibc-ebuilds-20040614.patch
25 >
26 > this is what I really meant, so others can check what changed
27 >
28 > > and the profile/script data is here
29 >
30 > the script data is yet untested, I have only removed glibc reference from
31 > there
32 >
33 > > http://dev.gentoo.org/~solar/uclibc/peter_mirror/org-uclibc-20040614.patch
34 > > This will be quite a bit of an undertaking I'm hoping mutex, dragonheat
35 > > can help with some of these commits.
36 > >
37 > > How may megs is your resulting stage/images after the initial bootstrap
38 > > process?
39 >
40 > I can't really tell, I do not have managed to build stages (any help
41 > appreciated how to do it from tbz2 files), and my env. has left over files
42 > from my earlier rpms (wouldn't be relevant if counted)
43 >
44 > I can tell that the packages/All directory is 58MB (for emerge system) +
45 > ccache, catalyst
46 >
47 > bigger than 1MB are kbd (the keyboard files are next candidates to strip
48 > down),miscfiles(although stripped, gzipped), ncurses (although not so
49 > many terminfo files, and no additional libs, like menu,panel,form), db4,
50 > automake
51 > bigger than 2MB are libperl, openssl
52 > bigger than 3MB are binutils
53 > bigger than 4MB are python
54 > bigger than 12MB gcc, perl (13MB)
55 >
56 > Is there some way to query portage to tell how much the installed stuff
57 > is?
58 >
59 > I haven't checked how much of this is man-pages and info-files, if the
60 > binaries are really stripped all of them where possible.
61 >
62 > I have attached 2 missing files from distfiles (for uClibc)
63 >
64 > Busybox is not used at all yet.
65 >
66 > There are some things that have to be decide:
67 > 1. will gcc get a c++ use flag?
68 > 2. should groff/man/man-pages/info/install-info be in a stage3
69 > 3. should ncurses include the full stuff (all libs)
70 > 4. I would remove all the *.so handling by scripts, if they are installed
71 > in /lib, they really only should be installed directly into /usr/lib.
72 > 5. what to do w/ perl (mini/micro-perl are alternatives for the build
73 > system (autotools should work w/ it) but not for a full featured one, no
74 > support for addons)
75 > 6. gettext: as I already said, I would put the *.m4 files into autotools
76 > and remove gettext from the stages
77 > 7. locale/nls support: the current only usable variant is to have uClibc
78 > w/o locale support, and use libintl.{a,h,so} from gettext.
79 >
80 > Peter
81 >
82 > > I'm CC: the hardened mailing list as others there may have an interest
83 > > in your work as this uses the hardened profile and all :)
84 > >
85 > > On Mon, 2004-06-14 at 19:25, Peter S. Mazinger wrote:
86 > > > Hello!
87 > > >
88 > > > This is the overlay directory I used parallel to portage (it has to be
89 > > > there for now, else the included links won't work), that allowed me to
90 > > > build gentoo fully uclibc based (starting from a buildroot config,
91 > > > building manually python/portage, running emerge sync ...)
92 > > >
93 > > > 1. the files directories have only new files and links to the originally
94 > > > used (for x86), the digest/Manifest files were needed to rebuild fully
95 > > > with these configs as an overlay directory, the links because portage
96 > > > can't handle "properly (my opinion)" the overlay directory
97 > > >
98 > > > 2. the ebuilds can be diffed to the corresponding version (as of emerge
99 > > > sync 20040613) to see what I have done
100 > > >
101 > > > 3. some of the changes are not directly uclibc related, they correct
102 > > > typos etc. in the originals, add support to build w/o nls, or strip down
103 > > > the package somewhat
104 > > >
105 > > > 4. the directories profiles, scripts include the original version (*.org)
106 > > > of files too, the new ones have to be copied over the original tree, the
107 > > > overlay support does not allow to have these files at another location.
108 > > >
109 > > > 5. distfiles include new patches for binutils-2.14.90/15.91 and gcc-3.3.3
110 > > > (these have to be copied to the main distfiles, because again the overlay
111 > > > structure does not support it in another location)
112 > > >
113 > > > 6. I haven't tried yet cascaded profiles, the only profile tested is what
114 > > > I delivered.
115 > > >
116 > > > 7. it builds as it is (haven't tried w/ nls, and that is not really
117 > > > correct in uclibc yet), don't enable nls for now
118 > > >
119 > > > 8. stage building and bootstraping was not tested, because I didn't find
120 > > > an "elegant" way to make a stage1/2/3 from .tbz2 files (any help
121 > > > appreciated, then I could also provide a stage1)
122 > > >
123 > > > 9. for now gettext, yacc (replaced by bison -y), ncompress
124 > > > (uncompress replaced by gzip), bc, bin86, groff, man[-pages] are not a
125 > > > part of an 'emerge system', cracklib got support for gzipped files (so
126 > > > miscfiles is much smaller), w/o groff and man-pages it is not a
127 > > > requirement to have c++ compiler either (this is not implemented, should
128 > > > probably be a flag in gcc, like f77, objc), gnuconfig_update is only
129 > > > needed where configure is run directly, not by econf (econf is hacked to
130 > > > provide the same functionality, as gnuconfig_update), ncurses does not
131 > > > deliver the addon libraries (menu,panel,form). Some told me that gettext
132 > > > can't be removed, else autotools won't run, well I think, the .m4 from
133 > > > gettext could be added to autotools, and than it should be no problem w/o
134 > > > it.
135 > > >
136 > > > 10. added also my make.conf and package.keywords, to show which versions
137 > > > where used, the most is stable stuff, but some have to be ~x86.
138 > > >
139 > > > 11. mainly the shared libs will have problems, to add support for new
140 > > > libs, look at the libtool patches (ltconfig-uclibc for older configures
141 > > > and libtool-1.4.3-uclibc for newer ones)
142 > > >
143 > > > 12. be aware that you have to build the buildroot w/ the same config (and
144 > > > patches), as deduced from the uclibc.ebuild (using in both places the
145 > > > same cvs too). Do not start from uclibc-0.9.26 stable, because it is not
146 > > > binary compatible w/ the current cvs.
147 > > >
148 > > > 13. hardened stuff: gcc uses pie and ssp, but relro/now are disabled,
149 > > > relro is also completely removed from binutils, uclibc does not have
150 > > > support for it (any volunteer to add this to the uclibc's ldso?)
151 > > >
152 > > > 14. CHOST has to be set to *linux-uclibc (not linux-gnu)
153 > > >
154 > > > Peter
155 > >
156 --
157 Ned Ludd <solar@g.o>
158 Gentoo (hardened,security,infrastructure,embedded,toolchain) Developer

Attachments

File name MIME type
signature.asc application/pgp-signature

Replies

Subject Author
[gentoo-hardened] Re: uclibc base system "Peter S. Mazinger" <ps.m@×××.net>
[gentoo-hardened] Re: [gentoo-embedded] Re: uclibc base system Ned Ludd <solar@g.o>