As we've already concluded, overwriting a shared object can crash
running processes using code or data from this shared object. For
example if gdm is crashed, we may leave the system unusable :(.
I spent some time investigating the difference of vim test results from
different editors. It turns out the value of TERM can affect the test
results in a deterministic way: when TERM=xterm-256color all tests pass,
when TERM=linux one test fails, and when TERM=vt100 20+ tests fail.
As we are redirecting the output to a file, the actual type of the
terminal does not matter and we can just specify a value known to work.
Glibc tests occansionally fail due to a timeout because:
1. The hardware is slower than the developers expected.
2. Some tests use multiple or even all CPU cores internally, for e.g.
with 8 active CPU cores we may end up running 8 tests (due to -j8)
each of them uses 8 cores in the worst case, resulting a severe
congestion.
I'm almost sure nptl/tst-thread-affinity* are cases of 2.
Let's document how to rule out the timed out tests instead of making the
list of known failures longer and longer.
Update to shadow-4.14.4.
Update to setuptools-69.1.0 (Python module).
Update to python-3.12.2.
Update to pkgconf-2.1.1.
Update to MarkupSafe-2.1.5 (Python module).
Update to man-pages-6.06.
Update to expat-2.6.0.
Update to linux-6.7.4.
We want expect to return the return code of "make test" (stored in
$value), but $value is expanded too early to nothing by Bash. Quote EOF
so Bash won't expand $xxx.
We used to run "expect -c 'spawn ls'" for this in Binutils, but then we
thought expect test suite was enough as such a simple PTY test. However
expect test can fail due to some different reason, so add back a simple
test using Python pty module before building expect. Now we no longer
need to consider expect test critical (IIRC there was a report saying
one expect test failed for unknown reason but all other things OK).
A Glibc update may contain locale updates, so keep
/usr/lib/locale/locale-archive synced.
Other distros are also doing this when Glibc is updated with the package
manager.
It does no good: normally we have -v for chown so once it no longer has
an effect we can know, but in this case these chown commands will never
have no effect. And a huge amount of output with -v wastes the server
storage and bandwidth (for both the server and the people reading the
build logs).
Let's change our policy to match other "rolling release" distros and
ease the procedure to fix Glibc security vulnerabilities.
Squashed the commits in xry111/update-glibc branch to keep the history
clean.
Co-Authored-By: Pierre Labastie <pierre.labastie@neuf.fr>
Co-Authored-By: Douglas R. Reno <renodr@linuxfromscratch.org>
Per a discussion in the team, we only consider an upgradation dangerous
if it may render the system unusable. "Causing something not able to
build" is never considered dangerous. Thus upgrading some headers
cannot be dangerous.
The Glibc portion will need an update too (it can be upgraded safely
with some caution) to ease security updates. But let's do the easy
change first...
Update to openssl-3.2.1.
Update to zlib-1.3.1.
Update to xz-5.4.6.
Update to linux-6.7.2.
Update to iana-etc-20240125.
Update to binutils-2.42.
Update to acl-2.3.2.
Update upstream fixes for readline-8.2.
Apply upstream fix for bash-5.2.21.
The Glibc INSTALL file says:
‘--with-headers=DIRECTORY’
Look for kernel header files in DIRECTORY, not ‘/usr/include’. ...
So --with-headers=/usr/include seems just doing nothing.
Use <quote> instead of '"' if possible. Use <literal>,
<computeroutput>, etc. instead of <quote> if possible. Replace
<quote>alpha</quote> with a UTF-8 Greek alpha character.
BTW decorate ".link" with <filename class='extension'>.
"gcc(1)" is really not a file name.
Use <ulink> and link to the online man page on
https://man.archlinux.org/ so the user can refer to the man pages more
easily.
The change is done via a sed command and long lines are wrapped
manually.
libcpp is the preprocessor library, but it's a static library which is
only used by GCC itself and not installed.
libcc1 is actually a library for GDB to "compile" expressions, so we can
use fancy expressions in commands, like "print sin(x + 2.0)": the
expression sin(x + 2.0) needs to be "compiled" for evaluation.
- Update to jinja2-3.1.3 (#5411)
- Update to bc-6.7.5 (#5408)
- Update to attr-2.5.2 (#5412)
- Update to ncurses-6.4-20230520 (#5416)
- Update to markupsafe-2.1.4 (#5418)
- Update to linux-6.7.1 (#5406)
- Update to iproute2-6.7.0 (#5410)
- Update to vim-9.1.0041 (#4500)
- Update to iana-etc-20240117 (#5006)
- Update to shadow-4.14.3 (#5413)
The effect will not change, but with symlinks ld can save some time
invoking open(), read(), etc. syscalls and parsing the linker scripts.
Note that I've also removed "libcursesw" symlink because this library
has never existed. Instead libcurses.so is created as a symlink
direct to libncursesw.so.
instead of the 8-bit ncurses.
We don't provide the 8-bit ncurses library and we are "faking" it using
ncursesw. Thus innocent package may be compiled with the 8-bit ABI
(because it does not know what we are doing and so it does not use
the "expected" preprocessor definitions to enable the wide ABI) but
linked against ncursesw, causing a potential ABI mismatch.
- according to our typography, referring to a manual page should be
<filename>page(x)</filename>
- don't enclose punctuation into quotes
- use <option> for option
Since it is needed for both building and installing, exporting it
allows to have it defined even if building as a regular user (so that
sudo is run for installing) or using a package manager (which usually
runs in a new shell and forgets unexported variables)
- Update to meson-1.3.1 (#5402)
- Update to vim-9.0.2189 (#4500)
- Update to inetutils-2.5 (#5404)
- Update to xml-parser-2.47 (#5403)
- Update to linux-6.6.8 (#5397)
- Update to tzdata-2023d (#5399)
- Update to setuptools-69.0.3 (#5400)
- Update to iana-etc-20231205 (#5006)
- Update to autoconf-2.72 (#5398)
- Update to grub-2.12 (#5396)
The sed command has changed ../rules.d/70-power-switch.rules to
"../rules.d", causing the install command to fail.
Change the command enumerating ../rules.d/*.rules but
70-power-switch.rules to a "find" command. Edit another "find" command
so the styles of them are the same.
There are some suspicious "nptl/tst-robust" test failures in Glibc, but
all other test results are clean. To be diagnosed...
And note that jhalfs needs an update to work with the merged parallelism
changes.
Set -Dlogind=false -Dvconsole=false to disable out-of-scope udev rules.
Use "ninja -n" to list the targets, so the disabled udev rules won't
show up then we can remove some "rm" commands. Do not remove
70-power-switch.rules from the source directory so we won't break
multilib.
There seems some guy overusing this method so we should add more
caveats.
- Use /opt/foo-x.y instead of /usr/pkg/foo-x.y. /opt/foo-x.y is used in
BLFS for Rustc, Qt5, etc. and /usr/pkg is not FHS-compliant.
- Use /etc/ld.so.conf and LDFLAGS instead of LD_LIBRARY_PATH. Relying
on LD_LIBRARY_PATH is generally a bad idea, and we also don't use it
in BLFS for /opt packages.
- Discourage this method for general use, mention it may not work for
vital packages like Glibc.
We'd fixed#5180 by forcing LN='ln -f'. But this has stopped to work
with gawk-5.2.2 (and 5.3.0) because now the building system explicitly
checks the existence of gawk-&gawk-version; and refuses to update it if
it exists.
Now removing the file before "make install" seems the easiest solution.
Link: https://git.savannah.gnu.org/cgit/gawk.git/commit/?id=11762f4c0685
Update to iana-etc-20231019.
Update to wheel-0.41.3.
Update to shadow-4.14.2.
Update to openssl-3.1.4.
Update to texinfo-7.1.
Update to meson-1.2.3.
Update to bc-6.7.2.
Update to linux-6.5.9.
Update to Python-3.12.0.
Add setuptools-68.2.2.
Disable building nscd in glibc.
Update to iana-etc-20230929.
Update to vim-9.0.1968.
Update to openssl-3.1.3.
Update to meson-1.2.2.
Update to man-db-2.12.0.
Update to linux-6.5.5.
Update to kmod-31.
Update to kbd-2.6.3.
Update to gettext-0.22.2.
Update to bc-6.7.0.
It allows binutils to link to zstd, so binutils will have
zstd-compressed debug section support (the compression is not enabled
by default but can be enabled via LDFLAGS etc. if wanted).
We also need to add libzstd.so.&zstd-version; into online_usrlib to
prevent a crash in stripping.
Update to vim-1837.$
Update to zlib-1.3.$
Update to wheel-0.41.2 (Python Module).$
Update to util-linux-2.39.2.$
Update to sysvinit-3.08.$
Update to shadow-4.14.0.$
Update to Python-3.11.5.$
Update to procps-ng-4.0.4.$
Update to pkgconf-2.0.2.$
Update to mpfr-4.2.1.$
Update to kbd-2.6.2.$
Update to gzip-1.13.$
Update to coreutils-9.4.$
Specify the 'nobody-group' for systemd.$
Remove unused usb group.$
Update to xz-5.4.4.
Update to less-643.
Update to meson-1.2.1.
Update to linux-6.4.10.
Update to iana-etc-20230810.
Update to pkgconf-2.0.1.
All build times and sizes were also checked and updated as needed.
They look better than "echo >>" and "sed -i". And I think an example
showing how to use groupadd/groupdel is good anyway. The format of
/etc/group is already shown in chapter 7.
Specifying --modversion with multiple packages just does not make sense.
The real problem here is it's erroring out even if the multiple
arguments are for the same package.
Update to xz-5.4.4.
Update to wheel-0.41.1 (Python Module).
Update to man-pages-6.05.01.
Update to linux-6.4.8.
Update to iana-etc-20230804.
Update to pkgconf 2.0.0.
This will install dbus.service and dbus.socket into
/usr/lib/systemd/user. In a base LFS installation the systemd per-user
daemon is not usable at all, so they may seem useless. But if we
install them, we can start to use them once systemd is rebuilt with PAM
in BLFS (without rebuilding dbus).
Well, the analyzer failures are introduced by literally *my* Glibc
change [1] and I'll sort them out for GCC 14...
And the ASAN failures seem caused by the introduction of
__isoc23_strtol (the libsanitizer does not know to intercept it). I'll
test with LLVM once I reach it in BLFS (LLVM is the upstream of
libsanitizer) and make a bug report.
limits-exprparen.c also fails to me, it needs "ulimit -s 65536" instead
of "ulimit -s 32768" in my build but maybe it's caused by my custom
*FLAGS.
[1]:https://sourceware.org/git/?p=glibc.git;a=commit;h=71d9e0fe766a
Well, I forgot to create the man pages tarball as root, so if we don't
use --no-same-owner the man pages will be owned by UID 1000 :(.
Instead of regenerating the tarball again let's just fix this in the
book.
Update udev-lfs tarball to remove obsolete
cdrom rules and references to ISDN devices.
Update to wheel-0.41.0 (Python Module).
Update to tar-1.35.
Update to systemd-254.
Update to meson-1.2.0.
Update to linux-6.4.7.
Update to gcc-13.2.0.
Update to file-5.45.
This partially reverts commit 1053282e5f.
There is actually only one test suite in LFS build even with -k, but on
my complete system there are many test failures with "-k". I guess some
tests depend on non-LFS packages.
The text change is reverted, but the command change is preserved as
generally we should use -k for any make check command known to fail.
I've not bothered to write an explanation for --disable-crypt because it
will likely be the default of Glibc-2.38, then we may drop it from the
command lines.
Update the rationale for min-kernel in hostreqs. Add a note in
general.ent about the EOL of current min-kernel. Realign the
backslashes in glibc instructions.
Use "library name" (instead of "library version") for SONAME (for now).
And "conflicting locations" may not be a problem if the symbol is at two
locations but they are exactly same (or ABI compatible).
For the details see lfs-dev discussion.
The current word is still not perfect (we've not defined "the name of a
shared library" at all), so I guess we'll need to make a major revision
for the entire "upgrading issue with shared libraries" thing in the
future.
remap="configure" means it is for configuring the build before
running make (or ninja), not for configuring the system
after the package is installed. We don't have a special attribute
for that.
TODO: HWAsan needs Linux 6.4 (not released yet) and a recent Intel CPU.
So it the kernel and hardware support is available, we may see more
test failures. I'll try it out on my new system...
This reverts commit 01a8a15a96.
We don't list the versioned SONAME symlink for any shared libraries.
TODO: should we remove libelf-0.189.so from the list as well? It sounds
like "libz.so.1.2.13" which is not listed too.
The default /dev/kvm mode is 0666 and we consider it "not so safe".
Like Tim said: "I'm also authenticating to my system all the time and
don't do a chmod -R 777 / after every boot."
With this option, the /dev/kvm mode is set to 0660 and it's tagged
"uaccess" so systemd-logind will add an ACL entry for users logged-in
locally.
The thread functions are in POSIX.1c, not POSIX.1b.
Both POSIX.1b and POSIX.1c are named "extensions" (plural form). And
POSIX.1b is titled "Real-time" instead of "Realtime".
Update to linux-6.2.8 (#5230)
Update to xz-5.4.2 (#5233)
Update to coreutils-9.2 (#5232)
Update to libcap-2.68 (#5236)
Update to bc-6.5.0 (#5228)
Update to openssl-3.1.0 (#5227)
Update to texinfo-7.0.3 (#5235)
Update to grep-3.10 (#5234)
Update to tzdata-2023c (#5237)
Update to wheel-0.40.0 (#5229)
Add flit-core-3.8.0
1. Declare UNIX98 PTY requirement in host system requirements and check
it in the script. All desktop or server distros should have it now,
but let's stop anyone from building on a embedded distro w/o UNIX98
PTY early...
2. Use Expect test suite as a guard against mishandled $LFS/dev/pts.
3. No need to test the basic function of Expect in Binutils anymore
because if ($LFS)/dev/pts is not good, the Expect test suite would
have failed.
- Update to systemd-253
- Update to bc-6.3.1
- Update to linux-6.2.2
- Update to procps-ng-4.0.3
- Update to iproute2-6.2.0
- Update to meson-1.0.1
- Update to make-4.4.1
- Update to elfutils-0.189
This update changes the default number of cores used to build
packages to 4. A section is also added to host requirements
to recommend a minumum number of cores and memory size.
Update to iana-etc-20230202.
Update to zstd-1.5.4.
Update to Python3-3.11.2.
Update to e2fsprogs-1.47.0.
Update to dbus-1.14.6.
Update to linux-6.1.11.
Update to libcap-2.67.
Update to bc-6.2.4.
