From e0fb1098a4b0f5059f029fd88eff78ca244beec1 Mon Sep 17 00:00:00 2001 From: Xi Ruoyao Date: Wed, 8 Mar 2023 11:01:18 +0800 Subject: [PATCH 1/4] kernel: Recommend to disable CONFIG_EXPERT Let's not encourage users to try tricky things and shoot their own foot. For systemd, if CONFIG_EXPERT is disable, CONFIG_FHANDLE will be enabled automatically. So there is no need to enable CONFIG_EXPERT and then set CONFIG_FHANDLE manually. --- chapter10/kernel.xml | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/chapter10/kernel.xml b/chapter10/kernel.xml index e7bcfdb87..4618cc18e 100644 --- a/chapter10/kernel.xml +++ b/chapter10/kernel.xml @@ -111,6 +111,7 @@ General setup ---> [ ] Compile the kernel with warnings as errors [CONFIG_WERROR] < > Enable kernel headers through /sys/kernel/kheaders.tar.xz [CONFIG_IKHEADERS] + [ ] Configure standard kernel features (expert users) [CONFIG_EXPERT] General architecture-dependent options ---> [*] Stack Protector buffer overflow detection [CONFIG_STACKPROTECTOR] [*] Strong Stack Protector [CONFIG_STACKPROTECTOR_STRONG] @@ -137,8 +138,7 @@ General setup ---> [*] Control Group support [CONFIG_CGROUPS] ---> [*] Memory controller [CONFIG_MEMCG] [ ] Enable deprecated sysfs features to support old userspace tools [CONFIG_SYSFS_DEPRECATED] - [*] Configure standard kernel features (expert users) [CONFIG_EXPERT] ---> - [*] open by fhandle syscalls [CONFIG_FHANDLE] + [ ] Configure standard kernel features (expert users) [CONFIG_EXPERT] General architecture-dependent options ---> [*] Enable seccomp to safely compute untrusted bytecode [CONFIG_SECCOMP] [*] Stack Protector buffer overflow detection [CONFIG_STACKPROTECTOR] @@ -236,6 +236,19 @@ Device Drivers ---> + + + + Configure standard kernel features (expert users) + + + + This will make some options show up in the configuration + interface but changing those options may be dangerous. Do not use + this unless you know what you are doing. + + + Strong Stack Protector From 835e40ce16b6043f6349cc37ff83ee701d961ee5 Mon Sep 17 00:00:00 2001 From: Xi Ruoyao Date: Wed, 8 Mar 2023 11:21:34 +0800 Subject: [PATCH 2/4] Adjustments for /dev/pts 1. Declare UNIX98 PTY requirement in host system requirements and check it in the script. All desktop or server distros should have it now, but let's stop anyone from building on a embedded distro w/o UNIX98 PTY early... 2. Use Expect test suite as a guard against mishandled $LFS/dev/pts. 3. No need to test the basic function of Expect in Binutils anymore because if ($LFS)/dev/pts is not good, the Expect test suite would have failed. --- chapter02/hostreqs.xml | 10 ++++++++++ chapter08/binutils.xml | 23 ----------------------- chapter08/expect.xml | 17 +++++++++++++++++ 3 files changed, 27 insertions(+), 23 deletions(-) diff --git a/chapter02/hostreqs.xml b/chapter02/hostreqs.xml index e3a06df4e..78a9c0561 100644 --- a/chapter02/hostreqs.xml +++ b/chapter02/hostreqs.xml @@ -105,6 +105,12 @@ compiling the kernel and configuring the boot loader (assuming the host uses GRUB) are located in . + We require the host kernel to support UNIX 98 pseudo terminal + (PTY). It should be enabled on all desktop or server distros shipping + Linux &min-kernel; or a newer kernel. If you are building a custom + host kernel, ensure is set to + y in the kernel configuration. + @@ -230,6 +236,10 @@ ver_check Texinfo texi2any 4.7 ver_check Xz xz 5.0.0 ver_kernel &min-kernel; +if mount | grep -q 'devpts on /dev/pts' && [ -e /dev/ptmx ] +then echo "OK: Linux Kernel supports UNIX 98 PTY"; +else echo "ERROR: Linux Kernel does NOT support UNIX 98 PTY"; fi + alias_check() { if $1 --version 2>&1 | grep -qi $2 then printf "OK: %-4s is $2\n" "$1"; diff --git a/chapter08/binutils.xml b/chapter08/binutils.xml index eb83563bb..cf1c4f895 100644 --- a/chapter08/binutils.xml +++ b/chapter08/binutils.xml @@ -41,29 +41,6 @@ Installation of Binutils - Verify that the PTYs are working properly inside the chroot - environment by performing a simple test: - -expect -c "spawn ls" - - This command should output the following: - -spawn ls - - If, instead, the output includes the message below, then the environment - is not set up for proper PTY operation. This issue needs to be resolved before - running the test suites for Binutils and GCC: - -The system has no more ptys. -Ask your system administrator to create more. - The Binutils documentation recommends building Binutils in a dedicated build directory: diff --git a/chapter08/expect.xml b/chapter08/expect.xml index 6286d9033..7b6dac354 100644 --- a/chapter08/expect.xml +++ b/chapter08/expect.xml @@ -82,10 +82,27 @@ make + + The test suite for Expect is considered critical. + Do not skip it under any circumstances. + + To test the results, issue: make test + If any test fails with the message + The system has no more ptys. Ask your system + administrator to create more, it indicates + you've not mounted the + devpts file system + correctly. You need to exit from the chroot environment, read + again, and ensure the + devpts file system (and + other virtual kernel file systems) mounted correctly. Then reenter + the chroot environment following . + This issue needs to be resolved before continuing. + Install the package: make install From d0a9bda4e696f4be02499b87c2bd6d8f40a3d4a3 Mon Sep 17 00:00:00 2001 From: Xi Ruoyao Date: Thu, 9 Mar 2023 01:14:15 +0800 Subject: [PATCH 3/4] kernel: Use for make defconfig and... tell people not to messing the options enabled by defconfig up. Yes, I messed them up and shot my own foot. --- chapter10/kernel.xml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/chapter10/kernel.xml b/chapter10/kernel.xml index 4618cc18e..7c64e0983 100644 --- a/chapter10/kernel.xml +++ b/chapter10/kernel.xml @@ -96,12 +96,18 @@ information about configuring and building the kernel can be found at - + A good starting place for setting up the kernel configuration is to run make defconfig. This will set the base configuration to a good state that takes your current system architecture into account. + Do not disable any option enabled by make + defconfig unless the following note explicitly makes it + disabled or you really know what you are doing. + + + Be sure to enable/disable/set the following features or the system might not work correctly or boot at all: From de679165f9a63ce94202d356abbae2b9a3bff5c3 Mon Sep 17 00:00:00 2001 From: Pierre Labastie Date: Wed, 8 Mar 2023 22:27:34 +0100 Subject: [PATCH 4/4] Suggest make localmodconfig for kernel This is less generic than defconfig, and you can then tell not to tweak options... --- chapter10/kernel.xml | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/chapter10/kernel.xml b/chapter10/kernel.xml index 7c64e0983..023aa32b9 100644 --- a/chapter10/kernel.xml +++ b/chapter10/kernel.xml @@ -98,15 +98,25 @@ A good starting place for setting up the kernel configuration is to - run make defconfig. This will set the base - configuration to a good state that takes your current system architecture - into account. + run make localmodconfig. If the host kernel version + is not too different from the version of the kernel you are building, + this will set the base configuration to a good state similar to what + the host uses. Another possibility is to use make + localyesconfig, which does the same except everything is built + into the kernel. Do not disable any option enabled by make - defconfig unless the following note explicitly makes it + localmodconfig unless the following notes explicitly make it disabled or you really know what you are doing. + + Another possibility is to run make defconfig, + which creates a more generic configuration for your architecture. You + may then have to disable drivers for hardware you do not have if + you want to reduce the kernel size. + + Be sure to enable/disable/set the following features or the system might not work correctly or boot at all: @@ -312,7 +322,7 @@ Device Drivers ---> Support running the interrupt controller of 64-bit x86 processors in x2APIC mode. x2APIC may be enabled by firmware on 64-bit x86 systems, and a kernel without this option enabled will - panic on boot if x2APIC is enabled by firmware. This option has + panic on boot if x2APIC is enabled by firmware. This option has no effect, but also does no harm if x2APIC is disabled by the firmware.