Changes in chapter08/glibc.xml [677f795:09d148d]
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
chapter08/glibc.xml
r677f795 r09d148d 1 <?xml version="1.0" encoding=" UTF-8"?>1 <?xml version="1.0" encoding="ISO-8859-1"?> 2 2 <!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" 3 3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ … … 50 50 51 51 <screen><userinput remap="pre">patch -Np1 -i ../&glibc-fhs-patch;</userinput></screen> 52 <!-- 52 53 53 <para>Now fix two security vulnerabilities and a regression causing the 54 54 posix_memalign() function very slow in some conditions:</para> 55 55 56 56 <screen><userinput remap="pre">patch -Np1 -i ../&glibc-upstream-fixes-patch;</userinput></screen> 57 --> 57 58 58 <para>The Glibc documentation recommends building Glibc 59 59 in a dedicated build directory:</para> … … 74 74 --enable-kernel=&min-kernel; \ 75 75 --enable-stack-protector=strong \ 76 --with-headers=/usr/include \ 76 77 --disable-nscd \ 77 78 libc_cv_slibdir=/usr/lib</userinput></screen> … … 103 104 <para>This option increases system security by adding 104 105 extra code to check for buffer overflows, such as stack 105 smashing attacks. Note that Glibc always explicitly overrides 106 the default of GCC, so this option is still needed even though 107 we've already specified <option>--enable-default-ssp</option> for 108 GCC.</para> 106 smashing attacks.</para> 107 </listitem> 108 </varlistentry> 109 <!-- do we need this one? --> 110 <varlistentry> 111 <term><parameter>--with-headers=/usr/include</parameter></term> 112 <listitem> 113 <para>This option tells the build system where to find the 114 kernel API headers.</para> 109 115 </listitem> 110 116 </varlistentry> … … 201 207 202 208 <screen><userinput remap="install">sed '/test-installation/s@$(PERL)@echo not running@' -i ../Makefile</userinput></screen> 203 204 <important>205 <para>206 If upgrading Glibc to a new minor version (for example, from207 Glibc-2.36 to Glibc-&glibc-version;) on a running LFS system, you208 need to take some extra precautions to avoid breaking the system:209 </para>210 211 <itemizedlist>212 <listitem>213 <!-- There are two reasons we don't support this:214 1. Upgrading on a system with separate /lib and /usr/lib is215 tricky.216 2. With Glibc prior to 2.34 libc.so.6 etc. are symlinks to217 libc-2.33.so etc., again causing the upgradation tricky.218 The Glibc NEWS file explicit states they no longer use219 symlinks for the ABI names to avoid upgradation220 issues. -->221 <para>222 Upgrading Glibc on a LFS system prior to 11.0 (exclusive) is223 not supported. Rebuild LFS if you are running such an old LFS224 system but you need a newer Glibc.225 </para>226 </listitem>227 228 <!-- https://sourceware.org/pipermail/libc-alpha/2024-January/154095.html -->229 <listitem>230 <para>231 If upgrading on a LFS system prior to 12.0 (exclusive), install232 <application>Libxcrypt</application> following233 <xref role='.' linkend='ch-system-libxcrypt'/> In addition to234 a normal <application>Libxcrypt</application> installation,235 <emphasis role='bold'>you MUST follow the note in Libxcrypt236 section to install237 <filename class='libraryfile'>libcrypt.so.1*</filename>238 (overwritting239 <filename class='libraryfile'>libcrypt.so.1</filename> from the240 prior Glibc installation)</emphasis>.241 </para>242 </listitem>243 244 <!-- Otherwise on lfs-systemd nscd will fail to start on boot,245 and on both lfs-sysv and lfs-systemd useradd etc. will try246 to start nscd, then nscd will fail to start as well and247 produce some spurious error message. -->248 <listitem>249 <para>250 If upgrading on a LFS system prior to 12.1 (exclusive),251 remove the <command>nscd</command> program:252 </para>253 254 <screen role='nodump'><userinput>rm -f /usr/sbin/nscd</userinput></screen>255 256 <para>257 If this system (prior to LFS 12.1, exclusive) is based on258 Systemd, it's also needed to disable and stop the259 <command>nscd</command> service now:260 </para>261 262 <screen revision='systemd' role='nodump'><userinput>systemctl disable --now nscd</userinput></screen>263 </listitem>264 265 <listitem>266 <para>267 Upgrade the kernel and reboot if it's older than &min-kernel;268 (check the current version with <command>uname -r</command>)269 or if you want to upgrade it anyway, following270 <xref linkend='ch-bootable-kernel' role='.'/>271 </para>272 </listitem>273 274 <listitem>275 <para>276 Upgrade the kernel API headers if it's older than &min-kernel;277 (check the current version with278 <command>cat /usr/include/linux/version.h</command>)279 or if you want to upgrade it anyway, following280 <xref linkend='ch-tools-linux-headers'/> (but removing281 <envar>$LFS</envar> from the <command>cp</command> command).282 </para>283 </listitem>284 285 <!-- This is to ensure we don't start a process at the time point286 where some Glibc shared libraries are updated but the others287 are not. Such mismatches can cause programs crash on startup,288 esp. a mismatch between ld-linux-x86-64.so.2 and289 libc.so.6. Note that a crash in the installation process290 will leave the system in a state with the mismatch forever,291 unrecoverable without the help of another distro. -->292 <listitem>293 <para>294 Perform a <envar>DESTDIR</envar> installation and upgrade295 the Glibc shared libraries on the system using one single296 <command>install</command> command:297 </para>298 299 <screen role='nodump'><userinput>make DESTDIR=$PWD/dest install300 install -vm755 dest/usr/lib/*.so.* /usr/lib</userinput></screen>301 </listitem>302 </itemizedlist>303 304 <para>305 It's imperative to strictly follow these steps above unless you306 completely understand what you are doing.307 <emphasis role='bold'>Any unexpected deviation may render the308 system completely unusable. YOU ARE WARNED.</emphasis>309 </para>310 311 <para>312 Then continue to run the <command>make install</command> command,313 the <command>sed</command> command against314 <filename>/usr/bin/ldd</filename>, and the commands to install315 the locales. Once they are finished, reboot the system316 immediately.317 </para>318 </important>319 209 320 210 <para>Install the package:</para> … … 356 246 357 247 <screen role="nodump"><userinput remap="locale-test">mkdir -pv /usr/lib/locale 358 localedef -i C -f UTF-8 C.UTF-8248 localedef -i POSIX -f UTF-8 C.UTF-8 2> /dev/null || true 359 249 localedef -i cs_CZ -f UTF-8 cs_CZ.UTF-8 360 250 localedef -i de_DE -f ISO-8859-1 de_DE … … 408 298 needed for some tests later in this chapter:</para> 409 299 410 <screen role="nodump"><userinput remap="locale-full">localedef -i C -f UTF-8 C.UTF-8300 <screen role="nodump"><userinput remap="locale-full">localedef -i POSIX -f UTF-8 C.UTF-8 2> /dev/null || true 411 301 localedef -i ja_JP -f SHIFT_JIS ja_JP.SJIS 2> /dev/null || true</userinput></screen> 412 302
Note:
See TracChangeset
for help on using the changeset viewer.