Changes in chapter08/glibc.xml [09d148d:677f795]
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
chapter08/glibc.xml
r09d148d r677f795 1 <?xml version="1.0" encoding=" ISO-8859-1"?>1 <?xml version="1.0" encoding="UTF-8"?> 2 2 <!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" 3 3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ … … 50 50 51 51 <screen><userinput remap="pre">patch -Np1 -i ../&glibc-fhs-patch;</userinput></screen> 52 52 <!-- 53 53 <para>Now fix two security vulnerabilities and a regression causing the 54 54 posix_memalign() function very slow in some conditions:</para> 55 55 56 56 <screen><userinput remap="pre">patch -Np1 -i ../&glibc-upstream-fixes-patch;</userinput></screen> 57 57 --> 58 58 <para>The Glibc documentation recommends building Glibc 59 59 in a dedicated build directory:</para> … … 74 74 --enable-kernel=&min-kernel; \ 75 75 --enable-stack-protector=strong \ 76 --with-headers=/usr/include \77 76 --disable-nscd \ 78 77 libc_cv_slibdir=/usr/lib</userinput></screen> … … 104 103 <para>This option increases system security by adding 105 104 extra code to check for buffer overflows, such as stack 106 smashing attacks.</para> 107 </listitem> 108 </varlistentry> 109 <!-- do we need this one? --> 110 <varlistentry> 111 <term><parameter>--with-headers=/usr/include</parameter></term> 112 <listitem> 113 <para>This option tells the build system where to find the 114 kernel API headers.</para> 105 smashing attacks. Note that Glibc always explicitly overrides 106 the default of GCC, so this option is still needed even though 107 we've already specified <option>--enable-default-ssp</option> for 108 GCC.</para> 115 109 </listitem> 116 110 </varlistentry> … … 207 201 208 202 <screen><userinput remap="install">sed '/test-installation/s@$(PERL)@echo not running@' -i ../Makefile</userinput></screen> 203 204 <important> 205 <para> 206 If upgrading Glibc to a new minor version (for example, from 207 Glibc-2.36 to Glibc-&glibc-version;) on a running LFS system, you 208 need to take some extra precautions to avoid breaking the system: 209 </para> 210 211 <itemizedlist> 212 <listitem> 213 <!-- There are two reasons we don't support this: 214 1. Upgrading on a system with separate /lib and /usr/lib is 215 tricky. 216 2. With Glibc prior to 2.34 libc.so.6 etc. are symlinks to 217 libc-2.33.so etc., again causing the upgradation tricky. 218 The Glibc NEWS file explicit states they no longer use 219 symlinks for the ABI names to avoid upgradation 220 issues. --> 221 <para> 222 Upgrading Glibc on a LFS system prior to 11.0 (exclusive) is 223 not supported. Rebuild LFS if you are running such an old LFS 224 system but you need a newer Glibc. 225 </para> 226 </listitem> 227 228 <!-- https://sourceware.org/pipermail/libc-alpha/2024-January/154095.html --> 229 <listitem> 230 <para> 231 If upgrading on a LFS system prior to 12.0 (exclusive), install 232 <application>Libxcrypt</application> following 233 <xref role='.' linkend='ch-system-libxcrypt'/> In addition to 234 a normal <application>Libxcrypt</application> installation, 235 <emphasis role='bold'>you MUST follow the note in Libxcrypt 236 section to install 237 <filename class='libraryfile'>libcrypt.so.1*</filename> 238 (overwritting 239 <filename class='libraryfile'>libcrypt.so.1</filename> from the 240 prior Glibc installation)</emphasis>. 241 </para> 242 </listitem> 243 244 <!-- Otherwise on lfs-systemd nscd will fail to start on boot, 245 and on both lfs-sysv and lfs-systemd useradd etc. will try 246 to start nscd, then nscd will fail to start as well and 247 produce some spurious error message. --> 248 <listitem> 249 <para> 250 If upgrading on a LFS system prior to 12.1 (exclusive), 251 remove the <command>nscd</command> program: 252 </para> 253 254 <screen role='nodump'><userinput>rm -f /usr/sbin/nscd</userinput></screen> 255 256 <para> 257 If this system (prior to LFS 12.1, exclusive) is based on 258 Systemd, it's also needed to disable and stop the 259 <command>nscd</command> service now: 260 </para> 261 262 <screen revision='systemd' role='nodump'><userinput>systemctl disable --now nscd</userinput></screen> 263 </listitem> 264 265 <listitem> 266 <para> 267 Upgrade the kernel and reboot if it's older than &min-kernel; 268 (check the current version with <command>uname -r</command>) 269 or if you want to upgrade it anyway, following 270 <xref linkend='ch-bootable-kernel' role='.'/> 271 </para> 272 </listitem> 273 274 <listitem> 275 <para> 276 Upgrade the kernel API headers if it's older than &min-kernel; 277 (check the current version with 278 <command>cat /usr/include/linux/version.h</command>) 279 or if you want to upgrade it anyway, following 280 <xref linkend='ch-tools-linux-headers'/> (but removing 281 <envar>$LFS</envar> from the <command>cp</command> command). 282 </para> 283 </listitem> 284 285 <!-- This is to ensure we don't start a process at the time point 286 where some Glibc shared libraries are updated but the others 287 are not. Such mismatches can cause programs crash on startup, 288 esp. a mismatch between ld-linux-x86-64.so.2 and 289 libc.so.6. Note that a crash in the installation process 290 will leave the system in a state with the mismatch forever, 291 unrecoverable without the help of another distro. --> 292 <listitem> 293 <para> 294 Perform a <envar>DESTDIR</envar> installation and upgrade 295 the Glibc shared libraries on the system using one single 296 <command>install</command> command: 297 </para> 298 299 <screen role='nodump'><userinput>make DESTDIR=$PWD/dest install 300 install -vm755 dest/usr/lib/*.so.* /usr/lib</userinput></screen> 301 </listitem> 302 </itemizedlist> 303 304 <para> 305 It's imperative to strictly follow these steps above unless you 306 completely understand what you are doing. 307 <emphasis role='bold'>Any unexpected deviation may render the 308 system completely unusable. YOU ARE WARNED.</emphasis> 309 </para> 310 311 <para> 312 Then continue to run the <command>make install</command> command, 313 the <command>sed</command> command against 314 <filename>/usr/bin/ldd</filename>, and the commands to install 315 the locales. Once they are finished, reboot the system 316 immediately. 317 </para> 318 </important> 209 319 210 320 <para>Install the package:</para> … … 246 356 247 357 <screen role="nodump"><userinput remap="locale-test">mkdir -pv /usr/lib/locale 248 localedef -i POSIX -f UTF-8 C.UTF-8 2> /dev/null || true358 localedef -i C -f UTF-8 C.UTF-8 249 359 localedef -i cs_CZ -f UTF-8 cs_CZ.UTF-8 250 360 localedef -i de_DE -f ISO-8859-1 de_DE … … 298 408 needed for some tests later in this chapter:</para> 299 409 300 <screen role="nodump"><userinput remap="locale-full">localedef -i POSIX -f UTF-8 C.UTF-8 2> /dev/null || true410 <screen role="nodump"><userinput remap="locale-full">localedef -i C -f UTF-8 C.UTF-8 301 411 localedef -i ja_JP -f SHIFT_JIS ja_JP.SJIS 2> /dev/null || true</userinput></screen> 302 412
Note:
See TracChangeset
for help on using the changeset viewer.