From e502de1ab04336007ecfff9e534abdaa9b0344d9 Mon Sep 17 00:00:00 2001 From: Xi Ruoyao Date: Sun, 11 Sep 2022 11:35:06 +0800 Subject: [PATCH 1/9] gcc: some reword of PIE/SSP/ASLR note Expand tabs to 8 spaces like everywhere else in the book. Explain that shared libraries are already covered by ASLR, PIE expands the ASLR to cover the exetutables. In 2022, stack smashing attackings are mostly constructing a sequence of faked returning addresses to exectute a series of function already existing in the programs or libraries itself (ret2lib). Returning into the code injected by the attacker is almost impossible because on i686 (with a PAE/NX enabled kernel) or x86_64, running injected code needs W/X mappings and those are very rare these days. --- chapter05/gcc-pass1.xml | 10 +++++----- chapter08/gcc.xml | 17 ++++++++++------- 2 files changed, 15 insertions(+), 12 deletions(-) diff --git a/chapter05/gcc-pass1.xml b/chapter05/gcc-pass1.xml index 23707f658..2aace5d2b 100644 --- a/chapter05/gcc-pass1.xml +++ b/chapter05/gcc-pass1.xml @@ -139,11 +139,11 @@ cd build --enable-default-ssp Those switches allow GCC to compile programs with - some hardening security features (more information on those in - the in chapter 8). They are not - strictly needed at this stage, since the compiler will only produce - temporary executables. But it is cleaner to have the temporary - packages be as close as possible to the final ones. + some hardening security features (more information on those in + the in chapter 8) by default. The + are not strictly needed at this stage, since the compiler will + only produce temporary executables. But it is cleaner to have the + temporary packages be as close as possible to the final ones. diff --git a/chapter08/gcc.xml b/chapter08/gcc.xml index 171808df2..fe8e767d1 100644 --- a/chapter08/gcc.xml +++ b/chapter08/gcc.xml @@ -108,18 +108,21 @@ cd build - PIE (position independent executable) is a technique to produce - binary programs that can be loaded anywhere in memory. Together - with a feature named ASLR (Address Space Layout Randomization), - this allows programs to never have the same memory layout, - thus defeating attacks based on reproducible memory patterns. + PIE (position-independent executable) is a technique to produce + binary programs that can be loaded anywhere in memory. Without PIE, + the security feature named ASLR (Address Space Layout Randomization) + can be applied for the shared libraries, but not the exectutable + itself. Enabling PIE allows ASLR for the executables in addition to + the shared libraries, and mitigates some attacks based on fixed + addresses of sensitive code or data in the executables. SSP (Stack Smashing Protection) is a technique to ensure that the parameter stack is not corrupted. Stack corruption can for example alter the return address of a subroutine, - which would allow transferring control to an attacker program instead - of the original one. + which would allow transferring control to some dangerous code + (existing in the program or shared libraries, or injected by the + attacker somehow) instead of the original one. From a710d35e1f64684e29b1a1d627be64f495481e13 Mon Sep 17 00:00:00 2001 From: Xi Ruoyao Date: Sun, 11 Sep 2022 12:01:31 +0800 Subject: [PATCH 2/9] Revert "linux kernel: disable CONFIG_USERFAULTFD to avoid CVE-2022-2590 for now" This reverts commit 098f4de3369ae0fc7d50fc6060b059eb5627de4e. CVE-2022-2590 is fixed in Linux >= 5.19.6. --- chapter10/kernel.xml | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/chapter10/kernel.xml b/chapter10/kernel.xml index 157fb9f64..9042f570b 100644 --- a/chapter10/kernel.xml +++ b/chapter10/kernel.xml @@ -159,8 +159,6 @@ File systems ---> Processor type and features ---> [*] Support x2apic [CONFIG_X86_X2APIC] -Memory Management options ---> - [ ] Enable userfaultfd() system call [CONFIG_USERFAULTFD] Device Drivers ---> [*] PCI Support ---> [CONFIG_PCI] [*] Message Signaled Interrupts (MSI and MSI-X) [CONFIG_PCI_MSI] @@ -254,16 +252,6 @@ Device Drivers ---> - - Enable userfaultfd() system call - - If this option is enabled, a security vulnerability not - resolved in Linux-&linux-version; yet will be exploitable. - Disable this option to avoid the vulnerability. This system call - is not used by any part of LFS or BLFS. - - - Alternatively, make oldconfig may be more From e5aa02fe17dcce0f57a59ab1384973be8c71f2fd Mon Sep 17 00:00:00 2001 From: Xi Ruoyao Date: Sun, 11 Sep 2022 12:05:21 +0800 Subject: [PATCH 3/9] kernel: enable ASLR and SSP It does not make too much sense to protect the userspace with PIE+ASLR and SSP but leave the kernel alone... --- chapter10/kernel.xml | 33 +++++++++++++++++++++++++++++++-- 1 file changed, 31 insertions(+), 2 deletions(-) diff --git a/chapter10/kernel.xml b/chapter10/kernel.xml index 9042f570b..76a6f86ca 100644 --- a/chapter10/kernel.xml +++ b/chapter10/kernel.xml @@ -105,9 +105,15 @@ Be sure to enable/disable/set the following features or the system might not work correctly or boot at all: - General setup --> + Processor type and features ---> + [*] Build a relocatable kernel [CONFIG_RELOCATABLE] + [*] Randomize the address of the kernel image (KASLR) [CONFIG_RANDOMIZE_BASE] +General setup ---> [ ] Compile the kernel with warnings as errors [CONFIG_WERROR] < > Enable kernel headers through /sys/kernel/kheaders.tar.xz [CONFIG_IKHEADERS] +General architecture-dependent options ---> + [*] Stack Protector buffer overflow detection [CONFIG_STACKPROTECTOR] + [*] Strong Stack Protector [CONFIG_STACKPROTECTOR_STRONG] Device Drivers ---> Graphics support ---> Frame buffer Devices ---> @@ -117,7 +123,10 @@ Device Drivers ---> [*] Maintain a devtmpfs filesystem to mount at /dev [CONFIG_DEVTMPFS] [*] Automount devtmpfs at /dev, after the kernel mounted the rootfs [CONFIG_DEVTMPFS_MOUNT] - General setup --> + Processor type and features ---> + [*] Build a relocatable kernel [CONFIG_RELOCATABLE] + [*] Randomize the address of the kernel image (KASLR) [CONFIG_RANDOMIZE_BASE] +General setup ---> [ ] Compile the kernel with warnings as errors [CONFIG_WERROR] [ ] Auditing Support [CONFIG_AUDIT] CPU/Task time and stats accounting ---> @@ -130,6 +139,8 @@ Device Drivers ---> [*] open by fhandle syscalls [CONFIG_FHANDLE] General architecture-dependent options ---> [*] Enable seccomp to safely compute untrusted bytecode [CONFIG_SECCOMP] + [*] Stack Protector buffer overflow detection [CONFIG_STACKPROTECTOR] + [*] Strong Stack Protector [CONFIG_STACKPROTECTOR_STRONG] Networking support ---> Networking options ---> <*> The IPv6 protocol [CONFIG_IPV6] @@ -188,6 +199,14 @@ Device Drivers ---> The rationale for the above configuration items: + + Randomize the address of the kernel image (KASLR) + + Enable ASLR for kernel image, to mitigate some attacks based + on fixed addresses of sensitive data or code in the kernel. + + + @@ -213,6 +232,16 @@ Device Drivers ---> + + Strong Stack Protector + + Enable SSP for the kernel. We've enabled it for the entire + userspace with --enable-default-ssp + configuring GCC, but the kernel does not use GCC default setting + for SSP. We enable it explicitly here. + + + Support for uevent helper From c10a327376830278cc8cc2bf642c588f9273a065 Mon Sep 17 00:00:00 2001 From: Xi Ruoyao Date: Sun, 11 Sep 2022 13:55:57 +0800 Subject: [PATCH 4/9] gcc: fix link to PIE & SSP note DocBook does not handle xref to note properly (#pie-ssp-info not generated). --- chapter08/gcc.xml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/chapter08/gcc.xml b/chapter08/gcc.xml index fe8e767d1..93961626c 100644 --- a/chapter08/gcc.xml +++ b/chapter08/gcc.xml @@ -106,7 +106,8 @@ cd build - + + PIE (position-independent executable) is a technique to produce binary programs that can be loaded anywhere in memory. Without PIE, From 63c2e8bb66fd85aa7921dc64e1ac3612d318e1c5 Mon Sep 17 00:00:00 2001 From: Pierre Labastie Date: Sun, 11 Sep 2022 10:54:08 +0200 Subject: [PATCH 5/9] Comment on binutils test failures with pie/ssp --- chapter08/binutils.xml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/chapter08/binutils.xml b/chapter08/binutils.xml index d9855e735..96b820277 100644 --- a/chapter08/binutils.xml +++ b/chapter08/binutils.xml @@ -160,6 +160,10 @@ cd build make -k check +Twelve tests fail in the gold testsuite when the + and + options are passed to GCC. There + is also a known failure in the as tests. + + 2022-09-10 + + + [pierre] - Add and + to GCC build. Rationale + and some reports at + #5107. + + + + 2022-09-07 - [bdubbs] - Update to shadow-4.12.3. Fixes - #5101. + [bdubbs] - Update to shadow-4.12.3. Fixes + #5101. - [bdubbs] - Update to Python3-3.10.7. Fixes - #5109. + [bdubbs] - Update to Python3-3.10.7. Fixes + #5109. - [bdubbs] - Update to linux-5.19.7. Fixes - #5099. + [bdubbs] - Update to linux-5.19.7. Fixes + #5099. - [bdubbs] - Update to less-608. Fixes - #5104. + [bdubbs] - Update to less-608. Fixes + #5104. - [bdubbs] - Update to grep-3.8. Fixes - #5105. + [bdubbs] - Update to grep-3.8. Fixes + #5105. From c37e846f4b5db3ae2037dee054b3923192a50a31 Mon Sep 17 00:00:00 2001 From: Pierre Labastie Date: Sun, 11 Sep 2022 18:42:26 +0200 Subject: [PATCH 7/9] Replace tabs with spaces --- bootscripts/lfs/sysconfig/createfiles | 28 +- bootscripts/lfs/sysconfig/modules | 2 +- chapter03/packages.xml | 6 +- chapter04/settingenviron.xml | 2 +- chapter08/gettext.xml | 2 +- chapter08/meson.xml | 2 +- chapter08/readline.xml | 6 +- chapter08/vim.xml | 5 +- git-version.sh | 46 ++-- packages.ent | 6 +- part3intro/generalinstructions.xml | 4 +- udev-lfs/ChangeLog | 336 +++++++++++------------ udev-lfs/contrib/debian/write_cd_aliases | 2 +- 13 files changed, 224 insertions(+), 223 deletions(-) diff --git a/bootscripts/lfs/sysconfig/createfiles b/bootscripts/lfs/sysconfig/createfiles index 3d8587439..378fa3ee7 100644 --- a/bootscripts/lfs/sysconfig/createfiles +++ b/bootscripts/lfs/sysconfig/createfiles @@ -8,23 +8,23 @@ # Version : 00.00 # # Notes : The syntax of this file is as follows: -# if type is equal to "file" or "dir" -# -# if type is equal to "dev" -# +# if type is equal to "file" or "dir" +# +# if type is equal to "dev" +# # # -# is the name of the file which is to be created -# is either file, dir, or dev. -# file creates a new file -# dir creates a new directory -# dev creates a new device -# is either block, char or pipe -# block creates a block device -# char creates a character deivce -# pipe creates a pipe, this will ignore the and +# is the name of the file which is to be created +# is either file, dir, or dev. +# file creates a new file +# dir creates a new directory +# dev creates a new device +# is either block, char or pipe +# block creates a block device +# char creates a character deivce +# pipe creates a pipe, this will ignore the and # fields -# and are the major and minor numbers used for +# and are the major and minor numbers used for # the device. ######################################################################## diff --git a/bootscripts/lfs/sysconfig/modules b/bootscripts/lfs/sysconfig/modules index 0fce3f31f..c594e24a2 100644 --- a/bootscripts/lfs/sysconfig/modules +++ b/bootscripts/lfs/sysconfig/modules @@ -8,7 +8,7 @@ # Version : 00.00 # # Notes : The syntax of this file is as follows: -# [ ...] +# [ ...] # # Each module should be on its own line, and any options that you want # passed to the module should follow it. The line deliminator is either diff --git a/chapter03/packages.xml b/chapter03/packages.xml index aa927e60a..244c1ed2c 100644 --- a/chapter03/packages.xml +++ b/chapter03/packages.xml @@ -20,9 +20,9 @@ reachable, you should read the security advisories first to figure out if a newer version (with the vulnerability fixed) should be used. If not, try to download the removed package from a mirror. Although it's - possible to download an old release from a mirror even if this release - has been removed because of a vulnerability, it's not recommended to - use a release known to be vulnerable for building your system. + possible to download an old release from a mirror even if this release + has been removed because of a vulnerability, it's not recommended to + use a release known to be vulnerable for building your system. Download or otherwise obtain the following packages: diff --git a/chapter04/settingenviron.xml b/chapter04/settingenviron.xml index b0c3441e5..bac551e19 100644 --- a/chapter04/settingenviron.xml +++ b/chapter04/settingenviron.xml @@ -186,7 +186,7 @@ EOF After use of the lfs user is finished at the beginning of , you can restore - /etc/bash.bashrc (if desired). + /etc/bash.bashrc (if desired). Note that the LFS Bash package we will build in is not configured to load or execute diff --git a/chapter08/gettext.xml b/chapter08/gettext.xml index cafe26182..08b960d44 100644 --- a/chapter08/gettext.xml +++ b/chapter08/gettext.xml @@ -62,7 +62,7 @@ Since bison is not yet installed in /usr, configure hardcodes the directory containing translations for the bison program (the - "locale" directory) as /tools/share/locale. Passing this variable + "locale" directory) as /tools/share/locale. Passing this variable to make allows overriding the choice made by configure. diff --git a/chapter08/meson.xml b/chapter08/meson.xml index d2132b5a1..6e4b006ad 100644 --- a/chapter08/meson.xml +++ b/chapter08/meson.xml @@ -108,7 +108,7 @@ install -vDm644 data/shell-completions/zsh/_meson /usr/share/zsh/site-functions/ - meson + meson A high productivity build system diff --git a/chapter08/readline.xml b/chapter08/readline.xml index 72608ac94..889314b14 100644 --- a/chapter08/readline.xml +++ b/chapter08/readline.xml @@ -63,9 +63,9 @@ sed -i '/{OLDSUFF}/c:' support/shlib-install --with-curses This option tells Readline that it can find the termcap - library functions in the curses library, rather than a separate - termcap library. It allows generating a correct - readline.pc file. + library functions in the curses library, rather than a separate + termcap library. It allows generating a correct + readline.pc file. diff --git a/chapter08/vim.xml b/chapter08/vim.xml index 11b5c2565..2df2038dd 100644 --- a/chapter08/vim.xml +++ b/chapter08/vim.xml @@ -170,8 +170,9 @@ EOF To install spell files for your preferred language, download the *.spl and optionally, the *.sug files for your language and character encoding from and save them to - /usr/share/&vim-docdir;/spell/. + url="https://github.com/vim/vim/tree/master/runtime/spell/"/> and save + them to + /usr/share/&vim-docdir;/spell/. To use these spell files, some configuration in /etc/vimrc is needed, e.g.: diff --git a/git-version.sh b/git-version.sh index 7e0b3b4df..a00deb6d2 100755 --- a/git-version.sh +++ b/git-version.sh @@ -1,31 +1,31 @@ #!/bin/sh if [ "$1" = sysv ]; then - SYSV="INCLUDE" - SYSTEMD="IGNORE " + SYSV="INCLUDE" + SYSTEMD="IGNORE " elif [ "$1" = systemd ]; then - SYSV="IGNORE " - SYSTEMD="INCLUDE" + SYSV="IGNORE " + SYSTEMD="INCLUDE" else - echo You must provide either \"sysv\" or \"systemd\" as argument - exit 1 + echo You must provide either \"sysv\" or \"systemd\" as argument + exit 1 fi echo "" > conditional.ent echo "" >> conditional.ent if ! git status > /dev/null; then - # Either it's not a git repository, or git is unavaliable. - # Just workaround. - echo " version.ent - echo "" >> version.ent - echo "]]>" >> version.ent - echo "> version.ent - echo "" >> version.ent - echo "]]>" >> version.ent - echo "" >> version.ent - echo "" >> version.ent - exit 0 + # Either it's not a git repository, or git is unavaliable. + # Just workaround. + echo " version.ent + echo "" >> version.ent + echo "]]>" >> version.ent + echo "> version.ent + echo "" >> version.ent + echo "]]>" >> version.ent + echo "" >> version.ent + echo "" >> version.ent + exit 0 fi export LC_ALL=en_US.utf8 @@ -39,10 +39,10 @@ month_digit=$(date --date "$commit_date" "+%m") day=$(date --date "$commit_date" "+%d" | sed 's/^0//') case $day in - "1" | "21" | "31" ) suffix="st";; - "2" | "22" ) suffix="nd";; - "3" | "23" ) suffix="rd";; - * ) suffix="th";; + "1" | "21" | "31" ) suffix="st";; + "2" | "22" ) suffix="nd";; + "3" | "23" ) suffix="rd";; + * ) suffix="th";; esac full_date="$month $day$suffix, $year" @@ -53,8 +53,8 @@ version="$rev" versiond="$rev-systemd" if [ "$(git diff HEAD | wc -l)" != "0" ]; then - version="$version+" - versiond="$versiond+" + version="$version+" + versiond="$versiond+" fi echo " version.ent diff --git a/packages.ent b/packages.ent index ce13ec456..7f1f5bd3d 100644 --- a/packages.ent +++ b/packages.ent @@ -207,10 +207,10 @@ - - + + - + diff --git a/part3intro/generalinstructions.xml b/part3intro/generalinstructions.xml index d8e280e0d..ac2bcc675 100644 --- a/part3intro/generalinstructions.xml +++ b/part3intro/generalinstructions.xml @@ -82,9 +82,9 @@ Place all the sources and patches in a directory that will be accessible from the chroot environment such as - /mnt/lfs/sources/. + /mnt/lfs/tools/. --> Change to the sources directory. diff --git a/udev-lfs/ChangeLog b/udev-lfs/ChangeLog index 897acee15..560346143 100644 --- a/udev-lfs/ChangeLog +++ b/udev-lfs/ChangeLog @@ -8,257 +8,257 @@ * Makefile.lfs: Adjust warning flags. Adjust linking rules to allow build with util-linux in LFS's /tools directory. -2010-01-26 Matt Burgess - * 55-lfs.rules: Remove lots of rules that have been merged upstream. - * 61-cdrom.rules: Remove as upstream has a replacement. - * doc/*: Cleanup and rewrite now that the rules are much simpler. +2010-01-26 Matt Burgess + * 55-lfs.rules: Remove lots of rules that have been merged upstream. + * 61-cdrom.rules: Remove as upstream has a replacement. + * doc/*: Cleanup and rewrite now that the rules are much simpler. -2009-09-25 Bryan Kadzban - * 55-lfs.rules: Make the RTC rule (which runs setclock) work for people - that don't use the RTC-class driver -- add another copy of the rule, - using KERNEL=="rtc" instead of SUBSYSTEM=="rtc". Also move the ACTION - match before the assignment to MODE. +2009-09-25 Bryan Kadzban + * 55-lfs.rules: Make the RTC rule (which runs setclock) work for people + that don't use the RTC-class driver -- add another copy of the rule, + using KERNEL=="rtc" instead of SUBSYSTEM=="rtc". Also move the ACTION + match before the assignment to MODE. -2009-05-23 Bruce Dubbs - * 55-lfs.rules: Set the rtc by udev upon boot. Removed aio device from - udev configuration so defaults are used. +2009-05-23 Bruce Dubbs + * 55-lfs.rules: Set the rtc by udev upon boot. Removed aio device from + udev configuration so defaults are used. -2009-05-16 Bryan Kadzban - * 55-lfs.rules: Adopt udev permissions for random, urandom, kmsg, and - input devices (including psaux, which probably doesn't exist anymore - anyway). +2009-05-16 Bryan Kadzban + * 55-lfs.rules: Adopt udev permissions for random, urandom, kmsg, and + input devices (including psaux, which probably doesn't exist anymore + anyway). -2009-05-16 Matt Burgess - * 55-lfs.rules: Remove the block rule as it was only setting - permissions that Udev will set by default - * 55-lfs.rules: Remove the rfcomm rule as the group it sets is already - included in upstream's rule - * 55-lfs-rules: Remove the tape rules as the group they sets is already - included in upstream's rules +2009-05-16 Matt Burgess + * 55-lfs.rules: Remove the block rule as it was only setting + permissions that Udev will set by default + * 55-lfs.rules: Remove the rfcomm rule as the group it sets is already + included in upstream's rule + * 55-lfs-rules: Remove the tape rules as the group they sets is already + included in upstream's rules -2009-03-15 Bryan Kadzban - * 55-lfs.rules: Remove the ISDN-handling rules (replaced with upstream's - version, which has a better match via SUBSYSTEM). - * 55-lfs.rules: Replace "uucp" with "dialout" now that udev has decided - to standardize on a Debian-like setup (uucp is for UUCP daemons to use - for privilege separation; dialout is for users and devices). +2009-03-15 Bryan Kadzban + * 55-lfs.rules: Remove the ISDN-handling rules (replaced with upstream's + version, which has a better match via SUBSYSTEM). + * 55-lfs.rules: Replace "uucp" with "dialout" now that udev has decided + to standardize on a Debian-like setup (uucp is for UUCP daemons to use + for privilege separation; dialout is for users and devices). 2008-12-07 Bruce Dubbs - * 55-lfs.rules: Change one line to use continuation so it does - not overflow the book's width. + * 55-lfs.rules: Change one line to use continuation so it does + not overflow the book's width. 2008-12-07 Bryan Kadzban - * 55-lfs.rules: Remove several rules that are either provided by upstream, - or that don't have any effect (there is no /dev/js or /dev/djs according - to devices.txt). - * 55-lfs.rules, 61-cdrom.rules: Replace ACTION=="add" with "add|change" - everywhere, per upstream's general request. + * 55-lfs.rules: Remove several rules that are either provided by upstream, + or that don't have any effect (there is no /dev/js or /dev/djs according + to devices.txt). + * 55-lfs.rules, 61-cdrom.rules: Replace ACTION=="add" with "add|change" + everywhere, per upstream's general request. 2008-11-11 Bryan Kadzban - * 55-lfs.rules, 61-cdrom.rules: Fix comments to use the right rule - numbers. Thanks to Trent Shea for the fix. Closes #2278. + * 55-lfs.rules, 61-cdrom.rules: Fix comments to use the right rule + numbers. Thanks to Trent Shea for the fix. Closes #2278. 2008-10-15 DJ Lucas - * 55-lfs.rules: Override default perms on floppy disk devices provided - by 50-udev-default.rules. Thanks to Bruce Dubbs for the fix. Closes - LFS ticket #2076. + * 55-lfs.rules: Override default perms on floppy disk devices provided + by 50-udev-default.rules. Thanks to Bruce Dubbs for the fix. Closes + LFS ticket #2076. 2008-05-21 Bryan Kadzban - * 81-firmware.rules, doc/81-firmware.txt: Remove. This rule is - already handled by udev's 50-udev-default.rules file. The docs - can be added back later if needed. - * Makefile: Don't install the above deleted files. - * 55-lfs.rules: Remove the device-mapper rule, since the upstream - 50-udev-default.rules file handles it properly. + * 81-firmware.rules, doc/81-firmware.txt: Remove. This rule is + already handled by udev's 50-udev-default.rules file. The docs + can be added back later if needed. + * Makefile: Don't install the above deleted files. + * 55-lfs.rules: Remove the device-mapper rule, since the upstream + 50-udev-default.rules file handles it properly. 2008-04-02 Bryan Kadzban - * Makefile: Make the package DESTDIR-friendly by installing the docs - into a fixed $(PREFIX)/share/doc/udev-config directory, instead of - trying to figure out what version of udev was just installed. + * Makefile: Make the package DESTDIR-friendly by installing the docs + into a fixed $(PREFIX)/share/doc/udev-config directory, instead of + trying to figure out what version of udev was just installed. 2007-10-30 Bryan Kadzban - * 55-lfs.rules: Since the dialout group was renamed to uucp, delete - the rules that override upstream's assignment of the dialout group. - Replace "dialout" with "uucp" on the remaining rules. + * 55-lfs.rules: Since the dialout group was renamed to uucp, delete + the rules that override upstream's assignment of the dialout group. + Replace "dialout" with "uucp" on the remaining rules. 2007-10-29 Bryan Kadzban - * 51-lfs.rules: Move to 55-lfs.rules. - * doc/51-lfs.rules: Move to doc/55-lfs.rules. + * 51-lfs.rules: Move to 55-lfs.rules. + * doc/51-lfs.rules: Move to doc/55-lfs.rules. 2007-10-27 Bryan Kadzban - * 25-lfs.rules: Some rules in here are duplicates of rules from udev's - new 50-udev-defaults.rules file; remove them. Override permissions - where needed elsewhere (and document overrides in comments). - * 26-modprobe.rules: Provided by udev's 80-drivers.rules and built-in - modaliases for SCSI device-type modules in 2.6.22+ kernels; remove. + * 25-lfs.rules: Some rules in here are duplicates of rules from udev's + new 50-udev-defaults.rules file; remove them. Override permissions + where needed elsewhere (and document overrides in comments). + * 26-modprobe.rules: Provided by udev's 80-drivers.rules and built-in + modaliases for SCSI device-type modules in 2.6.22+ kernels; remove. - * 25-lfs.rules: Move to 51-lfs.rules. - * 27-firmware.rules: Move to 81-firmware.rules. - * 81-cdrom.rules: Move to 61-cdrom.rules. + * 25-lfs.rules: Move to 51-lfs.rules. + * 27-firmware.rules: Move to 81-firmware.rules. + * 81-cdrom.rules: Move to 61-cdrom.rules. - * doc/25-lfs.txt: Rename to 51-lfs.txt. - * doc/26-modprobe.txt: Rename to 80-drivers.txt, and modify to reflect - the upstream rules. - * doc/27-firmware.txt: Rename to 81-firmware.txt. - * doc/81-cdrom.txt: Rename to 61-cdrom.txt. + * doc/25-lfs.txt: Rename to 51-lfs.txt. + * doc/26-modprobe.txt: Rename to 80-drivers.txt, and modify to reflect + the upstream rules. + * doc/27-firmware.txt: Rename to 81-firmware.txt. + * doc/81-cdrom.txt: Rename to 61-cdrom.txt. - * Makefile: Use new filenames. + * Makefile: Use new filenames. 2007-07-31 Dan Nicholson - * 25-lfs.rules: Changed the usb_device rule tto create /dev/bus/usb - nodes if the usb_device in 2.6.22+ kernels. The rule was also changed - to only trigger on "add" events. This change is not backwards - compatible with older kernels. + * 25-lfs.rules: Changed the usb_device rule tto create /dev/bus/usb + nodes if the usb_device in 2.6.22+ kernels. The rule was also changed + to only trigger on "add" events. This change is not backwards + compatible with older kernels. 2007-06-12 Dan Nicholson - * 25-lfs.rules: Fix the CPUID nodes from cpu/%n/cpu to cpu/%n/cpuid, - which is what's expected in userspace apps such as x86info. + * 25-lfs.rules: Fix the CPUID nodes from cpu/%n/cpu to cpu/%n/cpuid, + which is what's expected in userspace apps such as x86info. 2007-06-08 Bryan Kadzban - * 25-lfs.rules: Add rules for DVB devices (create nodes in /dev/dvb/) - and floppies (create extra nodes based on CMOS type), copied from - the SuSE rules file. Thanks to Alexander Patrakov for the bugreport. + * 25-lfs.rules: Add rules for DVB devices (create nodes in /dev/dvb/) + and floppies (create extra nodes based on CMOS type), copied from + the SuSE rules file. Thanks to Alexander Patrakov for the bugreport. -2007-03-04 Matthew Burgess - * Makefile: Use `udevd --version' to work out what version of Udev is - installed (requires Udev >= 106) +2007-03-04 Matthew Burgess + * Makefile: Use `udevd --version' to work out what version of Udev is + installed (requires Udev >= 106) 2007-01-02 Bryan Kadzban - * 25-lfs.rules: Change CPU devices (cpu, msr, microcode) to be in - /dev/cpu/ and /dev/cpu/N/, to match Documentation/devices.txt. + * 25-lfs.rules: Change CPU devices (cpu, msr, microcode) to be in + /dev/cpu/ and /dev/cpu/N/, to match Documentation/devices.txt. 2006-10-21 Bryan Kadzban - * Makefile: Add a missing backslash in install-extra-doc. + * Makefile: Add a missing backslash in install-extra-doc. - * 05-udev-early.rules, 60-persistent-input.rules, - 60-persistent-storage.rules, 95-udev-late.rules: Remove. The book - will install these files from udev's etc/udev/rules.d directory - instead. - * Makefile: Don't install these rules files after all. Also, only - install corresponding docs if requested. + * 05-udev-early.rules, 60-persistent-input.rules, + 60-persistent-storage.rules, 95-udev-late.rules: Remove. The book + will install these files from udev's etc/udev/rules.d directory + instead. + * Makefile: Don't install these rules files after all. Also, only + install corresponding docs if requested. 2006-10-20 Bryan Kadzban - * Makefile: Added; contains targets to install rules and doc files. - From Dan Nicholson. + * Makefile: Added; contains targets to install rules and doc files. + From Dan Nicholson. 2006-10-14 Bryan Kadzban - * 05-udev-early.rules, 60-persistent-storage.rules: Sync up with - upstream sample rules files (from udev-102), except for one rule - which is more specific in our tarball and should probably be changed - upstream. - * doc/60-persistent-storage.txt: Modify to match the changes. Also - fix a couple typos. + * 05-udev-early.rules, 60-persistent-storage.rules: Sync up with + upstream sample rules files (from udev-102), except for one rule + which is more specific in our tarball and should probably be changed + upstream. + * doc/60-persistent-storage.txt: Modify to match the changes. Also + fix a couple typos. - * 25-lfs.rules: Remove duplicate rules (ttyS[0-9]* is also matched by - tty[BC...S...][0-9]*, and ttyUSB[0-9]* is in there twice). + * 25-lfs.rules: Remove duplicate rules (ttyS[0-9]* is also matched by + tty[BC...S...][0-9]*, and ttyUSB[0-9]* is in there twice). - * 25-lfs.rules: Fix Alsa device KERNEL rules. Udev uses shell-style - glob matching, not regular expressions, so the old rules would match - nonsense device names like hw0asdf and pcmDzxcv. As long as the first - character after the "fixed" portion was in the list, the rule would - match; it wouldn't apply the same character range to later characters. + * 25-lfs.rules: Fix Alsa device KERNEL rules. Udev uses shell-style + glob matching, not regular expressions, so the old rules would match + nonsense device names like hw0asdf and pcmDzxcv. As long as the first + character after the "fixed" portion was in the list, the rule would + match; it wouldn't apply the same character range to later characters. - * doc/25-lfs.txt: Add a note on interaction between permissions and - symlinks. + * doc/25-lfs.txt: Add a note on interaction between permissions and + symlinks. 2006-10-09 Bryan Kadzban - * 25-lfs.rules: Fix fb[0-9]* device permissions (should use the default - 0660). + * 25-lfs.rules: Fix fb[0-9]* device permissions (should use the default + 0660). - * doc/25-lfs.txt: Fix typo: /dev/ptmx is given mode 0666, not 0660. - Also tweak the comment about other TTY devices. + * doc/25-lfs.txt: Fix typo: /dev/ptmx is given mode 0666, not 0660. + Also tweak the comment about other TTY devices. 2006-10-04 Bryan Kadzban - * 05-udev-early.rules: Remove WAIT_FOR_SYSFS="bus" rule. With kernel - 2.6.18, this rule is no longer required. + * 05-udev-early.rules: Remove WAIT_FOR_SYSFS="bus" rule. With kernel + 2.6.18, this rule is no longer required. - * doc/05-udev-early.txt: Update to match. + * doc/05-udev-early.txt: Update to match. 2006-09-28 Bryan Kadzban - * doc/60-persistent-storage.txt: Explain persistent storage rules, or - at least the parts I understand. (I don't use DASD or netblock or - several other supported configurations.) + * doc/60-persistent-storage.txt: Explain persistent storage rules, or + at least the parts I understand. (I don't use DASD or netblock or + several other supported configurations.) - * doc/81-cdrom.txt: Explain 81-cdrom.rules. + * doc/81-cdrom.txt: Explain 81-cdrom.rules. - * doc/95-udev-late.txt: Explain 95-udev-late.rules. Documentation is - now finished. + * doc/95-udev-late.txt: Explain 95-udev-late.rules. Documentation is + now finished. 2006-09-26 Bryan Kadzban - * doc/60-persistent-input.txt: Explain (in probably too much detail) - 60-persistent-input.rules. + * doc/60-persistent-input.txt: Explain (in probably too much detail) + 60-persistent-input.rules. 2006-09-24 Bryan Kadzban - * doc/05-udev-early.txt: Rewrap to fit 80 columns. + * doc/05-udev-early.txt: Rewrap to fit 80 columns. - * doc/26-modprobe.txt: Explain 26-modprobe.rules, and modaliases. + * doc/26-modprobe.txt: Explain 26-modprobe.rules, and modaliases. - * doc/27-firmware.txt: Explain 27-firmware.rules. + * doc/27-firmware.txt: Explain 27-firmware.rules. 2006-09-24 Bryan Kadzban - * doc/25-lfs.txt: Explain 25-lfs.rules. + * doc/25-lfs.txt: Explain 25-lfs.rules. - * 25-lfs.rules: Use SYMLINK+= for isdn/capi20 also. + * 25-lfs.rules: Use SYMLINK+= for isdn/capi20 also. 2006-09-23 Bryan Kadzban - * doc: New subdirectory to contain documentation of rules - * doc/README: New file, top-level documentation - * doc/*.txt: New documentation files, one for each rules file. Only - 05-udev-early.txt has anything in it. + * doc: New subdirectory to contain documentation of rules + * doc/README: New file, top-level documentation + * doc/*.txt: New documentation files, one for each rules file. Only + 05-udev-early.txt has anything in it. 2006-09-23 Bryan Kadzban - * 25-lfs.rules: Add "ignore_device" to OPTIONS for DRI devices, instead - of setting NAME to an empty string. This matches the way we ignore - devmapper / LVM devices. + * 25-lfs.rules: Add "ignore_device" to OPTIONS for DRI devices, instead + of setting NAME to an empty string. This matches the way we ignore + devmapper / LVM devices. 2006-09-22 Bryan Kadzban - * 60-persistent-input.rules, 95-udev-late.rules: Import from udev-100. - 60-persistent-input.rules creates persistent symlinks for input - devices, and 95-udev-late.rules enables udevmonitor. + * 60-persistent-input.rules, 95-udev-late.rules: Import from udev-100. + 60-persistent-input.rules creates persistent symlinks for input + devices, and 95-udev-late.rules enables udevmonitor. - * 60-persistent-storage.rules: Replace ATTRS{../removable} with just - ATTRS{removable} on partition devices. Replace ATTRS{removable} - with ATTR{removable} on whole-disk devices. + * 60-persistent-storage.rules: Replace ATTRS{../removable} with just + ATTRS{removable} on partition devices. Replace ATTRS{removable} + with ATTR{removable} on whole-disk devices. 2006-09-20 Bryan Kadzban - * 05-early.rules: Missed a rule in the last change. ENV{PHYSDEVBUS} - in the rule that waits for the "bus" symlink should be replaced by - SUBSYSTEMS. + * 05-early.rules: Missed a rule in the last change. ENV{PHYSDEVBUS} + in the rule that waits for the "bus" symlink should be replaced by + SUBSYSTEMS. 2006-09-20 Bryan Kadzban - * Adapted rules to the new matches used in udev-098 and above (e.g., - SYSFS becomes ATTRS). Prevents warnings, and support for the old - matches will be removed eventually. These rules will not work with - udev-097 and before! - * Fixed several bugs in the rules left over from previous udev - versions (missing commas, overwriting user symlinks using ="..." - instead of +="...", and matching against "*" instead of "?*"). + * Adapted rules to the new matches used in udev-098 and above (e.g., + SYSFS becomes ATTRS). Prevents warnings, and support for the old + matches will be removed eventually. These rules will not work with + udev-097 and before! + * Fixed several bugs in the rules left over from previous udev + versions (missing commas, overwriting user symlinks using ="..." + instead of +="...", and matching against "*" instead of "?*"). - * Renamed CHANGELOG to ChangeLog, started using pseudo-GNU-format - entries. (See standards.info; search it for "changelog" to get - the general gist.) + * Renamed CHANGELOG to ChangeLog, started using pseudo-GNU-format + entries. (See standards.info; search it for "changelog" to get + the general gist.) dnicholson - Jul 14, 2006 - * Fixed usbdev PROGRAM so that it works with the BusyBox sh. Thanks - to Anthony Wright. + * Fixed usbdev PROGRAM so that it works with the BusyBox sh. Thanks + to Anthony Wright. n/a - Jul 12, 2006 - * Added options so temporary nodes are not created with device-mapper - * Adapted cdrom rules to identify CD-ROM drives correctly by adding - SUBSYSTEM=="block" test. - * Added simple 81-cdrom.rules file to set cdrom group ownership + * Added options so temporary nodes are not created with device-mapper + * Adapted cdrom rules to identify CD-ROM drives correctly by adding + SUBSYSTEM=="block" test. + * Added simple 81-cdrom.rules file to set cdrom group ownership n/a - Jun 07, 2006 - * Removed nvidia rules - * Removed bug reporting rule - * Moved Debian-based persistent CD-ROM rules to contrib - * Adapted firmware rule to udev-093 + * Removed nvidia rules + * Removed bug reporting rule + * Moved Debian-based persistent CD-ROM rules to contrib + * Adapted firmware rule to udev-093 n/a - May 15, 2006 - * Part one of 25-lfs.rules rewrite - * Some minor tweaking of the layout + * Part one of 25-lfs.rules rewrite + * Some minor tweaking of the layout n/a - May 12, 2006 - * Initial import of the udev-config directory. - * Reorganized and modularized the rules files. - * Added explanatory comments + * Initial import of the udev-config directory. + * Reorganized and modularized the rules files. + * Added explanatory comments diff --git a/udev-lfs/contrib/debian/write_cd_aliases b/udev-lfs/contrib/debian/write_cd_aliases index ea8eeb7d8..d22ed9ed3 100644 --- a/udev-lfs/contrib/debian/write_cd_aliases +++ b/udev-lfs/contrib/debian/write_cd_aliases @@ -107,7 +107,7 @@ match="BUS==\"$PHYSDEVBUS\", ID==\"$id\"" comment="$ID_MODEL ($ID_PATH)" - write_rule "$match" "cdrom$link_num" "$comment" + write_rule "$match" "cdrom$link_num" "$comment" [ "$ID_CDROM_CD_RW" ] && write_rule "$match" "cdrw$link_num" [ "$ID_CDROM_DVD" ] && write_rule "$match" "dvd$link_num" [ "$ID_CDROM_DVD_RW" ] && write_rule "$match" "dvdrw$link_num" From 7bd0378b41a0c7ed7146053cb3e5e539383fd88b Mon Sep 17 00:00:00 2001 From: Pierre Labastie Date: Sun, 11 Sep 2022 18:54:49 +0200 Subject: [PATCH 8/9] Remove trailing spaces --- chapter08/gcc.xml | 2 +- chapter08/meson.xml | 2 +- chapter08/ncurses.xml | 2 +- chapter08/openssl.xml | 2 +- chapter08/util-linux.xml | 2 +- chapter09/usage.xml | 6 +- prologue/why.xml | 2 +- stylesheets/lfs-xsl/lfs.css.new | 280 ++++++++++++++++---------------- 8 files changed, 149 insertions(+), 149 deletions(-) diff --git a/chapter08/gcc.xml b/chapter08/gcc.xml index 93961626c..7a06cf461 100644 --- a/chapter08/gcc.xml +++ b/chapter08/gcc.xml @@ -133,7 +133,7 @@ cd build In this section, the test suite for GCC is considered - important, but it takes a long time. First time builders are + important, but it takes a long time. First time builders are encouraged to not skip it. The time to run the tests can be reduced significantly by adding -jx to the make command below where x is the number of cores on your system. diff --git a/chapter08/meson.xml b/chapter08/meson.xml index 6e4b006ad..0bde43856 100644 --- a/chapter08/meson.xml +++ b/chapter08/meson.xml @@ -96,7 +96,7 @@ install -vDm644 data/shell-completions/zsh/_meson /usr/share/zsh/site-functions/ meson - /usr/lib/python&python-minor;/site-packages/meson-&meson-version;.dist-info and + /usr/lib/python&python-minor;/site-packages/meson-&meson-version;.dist-info and /usr/lib/python&python-minor;/site-packages/mesonbuild diff --git a/chapter08/ncurses.xml b/chapter08/ncurses.xml index 31cd65a6c..e8d42bc7a 100644 --- a/chapter08/ncurses.xml +++ b/chapter08/ncurses.xml @@ -122,7 +122,7 @@ diff --git a/chapter08/openssl.xml b/chapter08/openssl.xml index 91e412bae..9701a0297 100644 --- a/chapter08/openssl.xml +++ b/chapter08/openssl.xml @@ -43,7 +43,7 @@ Installation of OpenSSL