Changeset 38311c3
- Timestamp:
- 12/01/2022 11:41:14 PM (23 months ago)
- Branches:
- 11.3, 11.3-rc1, 12.0, 12.0-rc1, 12.1, 12.1-rc1, 12.2, 12.2-rc1, bdubbs/gcc13, multilib, renodr/libudev-from-systemd, trunk, xry111/arm64, xry111/arm64-12.0, xry111/clfs-ng, xry111/loongarch, xry111/loongarch-12.0, xry111/loongarch-12.1, xry111/loongarch-12.2, xry111/mips64el, xry111/multilib, xry111/update-glibc
- Children:
- a1bc9df, cabb60df
- Parents:
- 82e98d0 (diff), da6e70f (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the(diff)
links above to see all the changes relative to each parent. - Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
chapter04/creatingminlayout.xml
r82e98d0 r38311c3 9 9 <?dbhtml filename="creatingminlayout.html"?> 10 10 11 <title>Creating a limited directory layout in LFS filesystem</title>11 <title>Creating a Limited Directory Layout in the LFS Filesystem</title> 12 12 13 13 <para>In this section, we begin populating the LFS filesystem with the … … 40 40 <screen><userinput>mkdir -pv $LFS/tools</userinput></screen> 41 41 42 <note> 43 <para> 44 The LFS editors have deliberately decided not to use a 45 <filename class="directory">/usr/lib64</filename> directory. Several 46 steps are taken to be sure the toolchain will not use it. If for any 47 reason this directory appears (either because you made an error in 48 following the instructions, or because you installed a binary package that 49 created it after finishing LFS), it may break your system. 50 You should always be sure this directory does not exist. 51 </para> 52 </note> 53 42 54 </sect1> -
chapter07/creatingdirs.xml
r82e98d0 r38311c3 69 69 directories, if you wish. </para> 70 70 71 <warning> 72 <para> 73 The FHS does not mandate the existence of the directory 74 <filename class="directory">/usr/lib64</filename>, and the LFS editors 75 have decided not to use it. For the instructions in LFS and BLFS to work correctly, 76 it is imperative that this directory be non-existent. From time to time you should 77 verify that it does not exist, because it is easy to create it 78 inadvertently, and this will probably break your system. 79 </para> 80 </warning> 81 71 82 </sect2> 72 83 -
chapter08/gcc.xml
r82e98d0 r38311c3 81 81 --with-system-zlib</userinput></screen> 82 82 83 <para> Note that for other programming languages there are some prerequisites that84 are not yet available. See the83 <para>GCC supports seven different computer languages, but the 84 prerequisites for most of them have not yet been installed. See the 85 85 <ulink url="&blfs-book;general/gcc.html">BLFS Book GCC page</ulink> 86 86 for instructions on how to build all of GCC's supported languages.</para> … … 92 92 <term><parameter>LD=ld</parameter></term> 93 93 <listitem> 94 <para>This parameter makes the configure script use the ld installed95 by the binutilsbuilt earlier in this chapter, rather than94 <para>This parameter makes the configure script use the ld program installed 95 by the Binutils package built earlier in this chapter, rather than 96 96 the cross-built version which would otherwise be used.</para> 97 97 </listitem> … … 102 102 <listitem> 103 103 <para>This switch tells GCC to link to the system installed copy of 104 the zlib library, rather than its own internal copy.</para>104 the Zlib library, rather than its own internal copy.</para> 105 105 </listitem> 106 106 </varlistentry> … … 110 110 <anchor id="pie-ssp-info" xreflabel="note on PIE and SSP"/> 111 111 <para> 112 PIE (position-independent executable ) is a technique to produce112 PIE (position-independent executables) are 113 113 binary programs that can be loaded anywhere in memory. Without PIE, 114 114 the security feature named ASLR (Address Space Layout Randomization) 115 can be applied for the shared libraries, but not the executable116 itself. Enabling PIE allows ASLR for the executables in addition to115 can be applied for the shared libraries, but not for the executables 116 themselves. Enabling PIE allows ASLR for the executables in addition to 117 117 the shared libraries, and mitigates some attacks based on fixed 118 118 addresses of sensitive code or data in the executables. … … 120 120 <para> 121 121 SSP (Stack Smashing Protection) is a technique to ensure 122 that the parameter stack is not corrupted. Stack corruption can 123 for example alter the return address of a subroutine,124 which would allowtransferring control to some dangerous code122 that the parameter stack is not corrupted. Stack corruption can, 123 for example, alter the return address of a subroutine, 124 thus transferring control to some dangerous code 125 125 (existing in the program or shared libraries, or injected by the 126 attacker somehow) instead of the original one.126 attacker somehow). 127 127 </para> 128 128 </note> … … 134 134 <important> 135 135 <para>In this section, the test suite for GCC is considered 136 important, but it takes a long time. First 137 encouraged to not skip it. The time to run the tests can be138 reduced significantly by adding -jx to the make command below139 where x is the number of cores on your system.</para>136 important, but it takes a long time. First-time builders are 137 encouraged to run the test suite. The time to run the tests can be 138 reduced significantly by adding -jx to the <command>make -k check</command> command below, 139 where x is the number of CPU cores on your system.</para> 140 140 </important> 141 141 … … 150 150 su tester -c "PATH=$PATH make -k check"</userinput></screen> 151 151 152 <para>To receivea summary of the test suite results, run:</para>152 <para>To extract a summary of the test suite results, run:</para> 153 153 154 154 <screen><userinput remap="test">../contrib/test_summary</userinput></screen> 155 155 156 <para> Foronly the summaries, pipe the output through156 <para>To filter out only the summaries, pipe the output through 157 157 <userinput>grep -A7 Summ</userinput>.</para> 158 158 … … 161 161 <ulink url="https://gcc.gnu.org/ml/gcc-testresults/"/>.</para> 162 162 163 <para> In gcc, eleven tests, in the i386 test suiteare known to FAIL.163 <para>Eleven tests in the i386 test suite for the gcc compiler are known to FAIL. 164 164 It's because the test files do not account for the 165 165 <parameter>--enable-default-pie</parameter> option.</para> 166 166 167 <para> In g++, four tests related to PR100400 are known tobe reported168 as both XPASS and FAIL . It's because the test file for this known issue167 <para>Four tests related to PR100400 may be reported 168 as both XPASS and FAIL when testing the g++ compiler; the test file 169 169 is not well written.</para> 170 170 … … 188 188 189 189 <para>The GCC build directory is owned by <systemitem class="username"> 190 tester</systemitem> now and the ownership of the installed header191 directory (and its content) will be incorrect. Change the ownership to190 tester</systemitem> now, and the ownership of the installed header 191 directory (and its content) is incorrect. Change the ownership to the 192 192 <systemitem class="username">root</systemitem> user and group:</para> 193 193 … … 226 226 <screen><computeroutput>[Requesting program interpreter: /lib64/ld-linux-x86-64.so.2]</computeroutput></screen> 227 227 228 <para>Now make sure that we're set up to use the correct start files:</para>228 <para>Now make sure that we're set up to use the correct start files:</para> 229 229 230 230 <screen><userinput>grep -E -o '/usr/lib.*/S?crt[1in].*succeeded' dummy.log</userinput></screen> … … 275 275 SEARCH_DIR("/usr/lib");</computeroutput></screen> 276 276 277 <para>A 32-bit system may see a few differentdirectories. For example, here277 <para>A 32-bit system may use a few other directories. For example, here 278 278 is the output from an i686 machine:</para> 279 279 … … 308 308 steps to find out where the problem is and correct it. <!--The most likely 309 309 reason is that something went wrong with the specs file adjustment.--> Any 310 issues will need tobe resolved before continuing with the process.</para>310 issues should be resolved before continuing with the process.</para> 311 311 312 312 <para>Once everything is working correctly, clean up the test files:</para> … … 375 375 <listitem> 376 376 <para>The C preprocessor; it is used by the compiler to expand the 377 #include, #define, and similar statements in the source files</para>377 #include, #define, and similar directives in the source files</para> 378 378 <indexterm zone="ch-system-gcc cpp"> 379 379 <primary sortas="b-cpp">cpp</primary> … … 408 408 plugin to the command line. This program is only used 409 409 to add "link time optimization" and is not useful with the 410 default build options </para>410 default build options.</para> 411 411 <indexterm zone="ch-system-gcc gcc-ar"> 412 412 <primary sortas="b-gcc-ar">gc-ar</primary> … … 421 421 plugin to the command line. This program is only used 422 422 to add "link time optimization" and is not useful with the 423 default build options </para>423 default build options.</para> 424 424 <indexterm zone="ch-system-gcc gcc-nm"> 425 425 <primary sortas="b-gcc-nm">gc-nm</primary> … … 434 434 plugin to the command line. This program is only used 435 435 to add "link time optimization" and is not useful with the 436 default build options </para>436 default build options.</para> 437 437 <indexterm zone="ch-system-gcc gcc-ranlib"> 438 438 <primary sortas="b-gcc-ranlib">gc-ranlib</primary> … … 445 445 <listitem> 446 446 <para>A coverage testing tool; it is used to analyze programs to 447 determine where optimizations will have the most effect</para>447 determine where optimizations will have the greatest effect</para> 448 448 <indexterm zone="ch-system-gcc gcov"> 449 449 <primary sortas="b-gcov">gcov</primary> … … 526 526 <term><filename class="libraryfile">libgcov</filename></term> 527 527 <listitem> 528 <para>This library is linked in 528 <para>This library is linked into a program when GCC is instructed 529 529 to enable profiling</para> 530 530 <indexterm zone="ch-system-gcc libgcov"> … … 568 568 <term><filename class="libraryfile">liblto_plugin</filename></term> 569 569 <listitem> 570 <para>GCC's LTO plugin allows binutils to process object files570 <para>GCC's LTO plugin allows Binutils to process object files 571 571 produced by GCC with LTO enabled</para> 572 572 <indexterm zone="ch-system-gcc liblto_plugin"> … … 590 590 <listitem> 591 591 <para>Contains routines supporting GCC's stack-smashing protection 592 functionality. Normally it 's unused because glibc also provides593 those routines </para>592 functionality. Normally it is not used, because Glibc also provides 593 those routines.</para> 594 594 <indexterm zone="ch-system-gcc libssp"> 595 595 <primary sortas="c-libssp">libssp</primary> -
chapter08/shadow.xml
r82e98d0 r38311c3 63 63 <emphasis>crypt</emphasis> method, use the more secure 64 64 <emphasis>SHA-512</emphasis> method of password encryption, which also 65 allows passwords longer than 8 characters. It is also necessary to change 65 allows passwords longer than 8 characters. In addition, set the number of 66 rounds to 500,000 instead of the default 5000, which is much too low to 67 prevent brute force password attacks. It is also necessary to change 66 68 the obsolete <filename class="directory">/var/spool/mail</filename> location 67 69 for user mailboxes that Shadow uses by default to the <filename … … 81 83 82 84 <screen><userinput remap="pre">sed -e 's:#ENCRYPT_METHOD DES:ENCRYPT_METHOD SHA512:' \ 85 -e 's@#\(SHA_CRYPT_..._ROUNDS 5000\)@\100@' \ 83 86 -e 's:/var/spool/mail:/var/mail:' \ 84 87 -e '/PATH=/{s@/sbin:@@;s@/bin:@@}' \ … … 204 207 an ID equal to this number on your system, then the first time you use 205 208 <command>useradd</command> without the <parameter>-g</parameter> 206 parameter, an error message will be generated —<computeroutput>useradd:209 parameter, an error message will be generated—<computeroutput>useradd: 207 210 unknown GID 999</computeroutput>, 208 211 even though the account has been created correctly. That is why we
Note:
See TracChangeset
for help on using the changeset viewer.