source: chapter05/gcc-pass1.xml@ e502de1

11.3 11.3-rc1 12.0 12.0-rc1 12.1 12.1-rc1 bdubbs/gcc13 multilib renodr/libudev-from-systemd trunk xry111/arm64 xry111/arm64-12.0 xry111/clfs-ng xry111/loongarch xry111/loongarch-12.0 xry111/loongarch-12.1 xry111/mips64el xry111/pip3 xry111/rust-wip-20221008 xry111/update-glibc
Last change on this file since e502de1 was e502de1, checked in by Xi Ruoyao <xry111@…>, 20 months ago

gcc: some reword of PIE/SSP/ASLR note

Expand tabs to 8 spaces like everywhere else in the book.

Explain that shared libraries are already covered by ASLR, PIE expands
the ASLR to cover the exetutables.

In 2022, stack smashing attackings are mostly constructing a sequence of
faked returning addresses to exectute a series of function already
existing in the programs or libraries itself (ret2lib). Returning into
the code injected by the attacker is almost impossible because on
i686 (with a PAE/NX enabled kernel) or x86_64, running injected code
needs W/X mappings and those are very rare these days.
  • Property mode set to 100644
File size: 8.2 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../general.ent">
5 %general-entities;
6]>
7
8<sect1 id="ch-tools-gcc-pass1" role="wrap" xreflabel="gcc-pass1">
9 <?dbhtml filename="gcc-pass1.html"?>
10
11 <sect1info condition="script">
12 <productname>gcc-pass1</productname>
13 <productnumber>&gcc-version;</productnumber>
14 <address>&gcc-url;</address>
15 </sect1info>
16
17 <title>GCC-&gcc-version; - Pass 1</title>
18
19 <indexterm zone="ch-tools-gcc-pass1">
20 <primary sortas="a-GCC">GCC</primary>
21 <secondary>tools, pass 1</secondary>
22 </indexterm>
23
24 <sect2 role="package">
25 <title/>
26
27 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
28 href="../chapter08/gcc.xml"
29 xpointer="xpointer(/sect1/sect2[1]/para[1])"/>
30
31 <segmentedlist>
32 <segtitle>&buildtime;</segtitle>
33 <segtitle>&diskspace;</segtitle>
34
35 <seglistitem>
36 <seg>&gcc-tmpp1-sbu;</seg>
37 <seg>&gcc-tmpp1-du;</seg>
38 </seglistitem>
39 </segmentedlist>
40
41 </sect2>
42
43 <sect2 role="installation">
44 <title>Installation of Cross GCC</title>
45
46 <para>GCC requires the GMP, MPFR and MPC packages. As these packages may
47 not be included in your host distribution, they will be built with
48 GCC. Unpack each package into the GCC source directory and rename the
49 resulting directories so the GCC build procedures will automatically
50 use them:</para>
51
52 <note><para>There are frequent misunderstandings about this chapter. The
53 procedures are the same as every other chapter as explained earlier (<xref
54 linkend='buildinstr'/>). First extract the gcc tarball from the sources
55 directory and then change to the directory created. Only then should you
56 proceed with the instructions below.</para></note>
57
58<screen><userinput remap="pre">tar -xf ../mpfr-&mpfr-version;.tar.xz
59mv -v mpfr-&mpfr-version; mpfr
60tar -xf ../gmp-&gmp-version;.tar.xz
61mv -v gmp-&gmp-version; gmp
62tar -xf ../mpc-&mpc-version;.tar.gz
63mv -v mpc-&mpc-version; mpc</userinput></screen>
64
65 <para>On x86_64 hosts, set the default directory name for
66 64-bit libraries to <quote>lib</quote>:</para>
67
68<screen><userinput remap="pre">case $(uname -m) in
69 x86_64)
70 sed -e '/m64=/s/lib64/lib/' \
71 -i.orig gcc/config/i386/t-linux64
72 ;;
73esac</userinput></screen>
74
75 <para>The GCC documentation recommends building GCC
76 in a dedicated build directory:</para>
77
78<screen><userinput remap="pre">mkdir -v build
79cd build</userinput></screen>
80
81 <para>Prepare GCC for compilation:</para>
82
83<screen><userinput remap="configure">../configure \
84 --target=$LFS_TGT \
85 --prefix=$LFS/tools \
86 --with-glibc-version=&glibc-version; \
87 --with-sysroot=$LFS \
88 --with-newlib \
89 --without-headers \
90 --enable-default-pie \
91 --enable-default-ssp \
92 --disable-nls \
93 --disable-shared \
94 --disable-multilib \
95 --disable-decimal-float \
96 --disable-threads \
97 --disable-libatomic \
98 --disable-libgomp \
99 --disable-libquadmath \
100 --disable-libssp \
101 --disable-libvtv \
102 --disable-libstdcxx \
103 --enable-languages=c,c++</userinput></screen>
104 <variablelist>
105 <title>The meaning of the configure options:</title>
106
107 <varlistentry>
108 <term><parameter>--with-glibc-version=&glibc-version;</parameter></term>
109 <listitem>
110 <para>This option specifies the version of glibc which will be
111 used on the target. It is not relevant to the libc of the host
112 distro because everything compiled by pass1 gcc will run in the
113 chroot environment, which is isolated from libc of the host
114 distro.</para>
115 </listitem>
116 </varlistentry>
117
118 <varlistentry>
119 <term><parameter>--with-newlib</parameter></term>
120 <listitem>
121 <para>Since a working C library is not yet available, this ensures
122 that the inhibit_libc constant is defined when building libgcc. This prevents
123 the compiling of any code that requires libc support.</para>
124 </listitem>
125 </varlistentry>
126
127 <varlistentry>
128 <term><parameter>--without-headers</parameter></term>
129 <listitem>
130 <para>When creating a complete cross-compiler, GCC requires
131 standard headers compatible with the target system. For our
132 purposes these headers will not be needed. This switch prevents
133 GCC from looking for them.</para>
134 </listitem>
135 </varlistentry>
136
137 <varlistentry>
138 <term><parameter>--enable-default-pie and
139 --enable-default-ssp</parameter></term>
140 <listitem>
141 <para>Those switches allow GCC to compile programs with
142 some hardening security features (more information on those in
143 the <xref linkend="pie-ssp-info"/> in chapter 8) by default. The
144 are not strictly needed at this stage, since the compiler will
145 only produce temporary executables. But it is cleaner to have the
146 temporary packages be as close as possible to the final ones.
147 </para>
148 </listitem>
149 </varlistentry>
150
151 <varlistentry>
152 <term><parameter>--disable-shared</parameter></term>
153 <listitem>
154 <para>This switch forces GCC to link its internal libraries
155 statically. We need this because the shared libraries require glibc,
156 which is not yet installed on the target system.</para>
157 </listitem>
158 </varlistentry>
159
160 <varlistentry>
161 <term><parameter>--disable-multilib</parameter></term>
162 <listitem>
163 <para>On x86_64, LFS does not support a multilib configuration.
164 This switch is harmless for x86.</para>
165 </listitem>
166 </varlistentry>
167
168 <varlistentry>
169 <term><parameter>--disable-decimal-float, --disable-threads,
170 --disable-libatomic, --disable-libgomp,
171 --disable-libquadmath, --disable-libssp, --disable-libvtv,
172 --disable-libstdcxx</parameter></term>
173 <listitem>
174 <para>These switches disable support for the decimal floating point
175 extension, threading, libatomic, libgomp, libquadmath, libssp,
176 libvtv, and the C++ standard library respectively. These features
177 will fail to compile when building a cross-compiler and are not
178 necessary for the task of cross-compiling the temporary libc.</para>
179 </listitem>
180 </varlistentry>
181
182 <varlistentry>
183 <term><parameter>--enable-languages=c,c++</parameter></term>
184 <listitem>
185 <para>This option ensures that only the C and C++ compilers are built.
186 These are the only languages needed now.</para>
187 </listitem>
188 </varlistentry>
189
190 </variablelist>
191
192 <para>Compile GCC by running:</para>
193
194<screen><userinput remap="make">make</userinput></screen>
195
196 <para>Install the package:</para>
197
198 <screen><userinput remap="install">make install</userinput></screen>
199
200 <para>This build of GCC has installed a couple of internal system
201 headers. Normally one of them, <filename>limits.h</filename>, would in turn
202 include the corresponding system <filename>limits.h</filename> header, in
203 this case, <filename>$LFS/usr/include/limits.h</filename>. However, at the
204 time of this build of GCC <filename>$LFS/usr/include/limits.h</filename>
205 does not exist, so the internal header that has just been installed is a
206 partial, self-contained file and does not include the extended features of
207 the system header. This is adequate for building glibc, but the full
208 internal header will be needed later. Create a full version of the internal
209 header using a command that is identical to what the GCC build system does
210 in normal circumstances:</para>
211
212<screen><userinput remap="install">cd ..
213cat gcc/limitx.h gcc/glimits.h gcc/limity.h > \
214 `dirname $($LFS_TGT-gcc -print-libgcc-file-name)`/install-tools/include/limits.h</userinput></screen>
215 </sect2>
216
217 <sect2 role="content">
218 <title/>
219
220 <para>Details on this package are located in
221 <xref linkend="contents-gcc" role="."/></para>
222
223 </sect2>
224
225</sect1>
Note: See TracBrowser for help on using the repository browser.