As we've already concluded, overwriting a shared object can crash
running processes using code or data from this shared object. For
example if gdm is crashed, we may leave the system unusable :(.
I spent some time investigating the difference of vim test results from
different editors. It turns out the value of TERM can affect the test
results in a deterministic way: when TERM=xterm-256color all tests pass,
when TERM=linux one test fails, and when TERM=vt100 20+ tests fail.
As we are redirecting the output to a file, the actual type of the
terminal does not matter and we can just specify a value known to work.
The book already mentions the vlock program needs PAM to be built, but
in dependencies page we say Kbd has no external optional dependencies.
This is obviously incorrect...
Glibc tests occansionally fail due to a timeout because:
1. The hardware is slower than the developers expected.
2. Some tests use multiple or even all CPU cores internally, for e.g.
with 8 active CPU cores we may end up running 8 tests (due to -j8)
each of them uses 8 cores in the worst case, resulting a severe
congestion.
I'm almost sure nptl/tst-thread-affinity* are cases of 2.
Let's document how to rule out the timed out tests instead of making the
list of known failures longer and longer.
Update to shadow-4.14.4.
Update to setuptools-69.1.0 (Python module).
Update to python-3.12.2.
Update to pkgconf-2.1.1.
Update to MarkupSafe-2.1.5 (Python module).
Update to man-pages-6.06.
Update to expat-2.6.0.
Update to linux-6.7.4.
Upstream documentation has been changed a few years ago to point to
https rather than http, but for example ubuntu-2023.10 still has only
http in its catalog file. So use http here, and change the catalog file
in blfs to have both http and https...
We want expect to return the return code of "make test" (stored in
$value), but $value is expanded too early to nothing by Bash. Quote EOF
so Bash won't expand $xxx.
We used to run "expect -c 'spawn ls'" for this in Binutils, but then we
thought expect test suite was enough as such a simple PTY test. However
expect test can fail due to some different reason, so add back a simple
test using Python pty module before building expect. Now we no longer
need to consider expect test critical (IIRC there was a report saying
one expect test failed for unknown reason but all other things OK).
IIRC we switched from separate devpts to bind mount, and matched the UID
of tester with the host UID owning the TTY, to satisify the Bash test
suite. But now we are always using UID 101 for tester and expect to
spawn a PTY for Bash test suite (so when building LFS in a TTY owned by
the root user of the host tester won't be UID 0). Thus we can switch
back to a separate devpts mount which is cleaner and safer.
And we are already using a separate devpts mount in Chapter 11.
$(realpath /dev/shm) will return the absolute path of the target of
/dev/shm, thus the command will work for both absolute symlink and
relative symlink.
A Glibc update may contain locale updates, so keep
/usr/lib/locale/locale-archive synced.
Other distros are also doing this when Glibc is updated with the package
manager.
It does no good: normally we have -v for chown so once it no longer has
an effect we can know, but in this case these chown commands will never
have no effect. And a huge amount of output with -v wastes the server
storage and bandwidth (for both the server and the people reading the
build logs).
Let's change our policy to match other "rolling release" distros and
ease the procedure to fix Glibc security vulnerabilities.
Squashed the commits in xry111/update-glibc branch to keep the history
clean.
Co-Authored-By: Pierre Labastie <pierre.labastie@neuf.fr>
Co-Authored-By: Douglas R. Reno <renodr@linuxfromscratch.org>
Per a discussion in the team, we only consider an upgradation dangerous
if it may render the system unusable. "Causing something not able to
build" is never considered dangerous. Thus upgrading some headers
cannot be dangerous.
The Glibc portion will need an update too (it can be upgraded safely
with some caution) to ease security updates. But let's do the easy
change first...
Update to openssl-3.2.1.
Update to zlib-1.3.1.
Update to xz-5.4.6.
Update to linux-6.7.2.
Update to iana-etc-20240125.
Update to binutils-2.42.
Update to acl-2.3.2.
Update upstream fixes for readline-8.2.
Apply upstream fix for bash-5.2.21.
The Glibc INSTALL file says:
‘--with-headers=DIRECTORY’
Look for kernel header files in DIRECTORY, not ‘/usr/include’. ...
So --with-headers=/usr/include seems just doing nothing.
Use <quote> instead of '"' if possible. Use <literal>,
<computeroutput>, etc. instead of <quote> if possible. Replace
<quote>alpha</quote> with a UTF-8 Greek alpha character.
BTW decorate ".link" with <filename class='extension'>.
Do not duplicate large paragraphs of texts.
Always use C locale if running in a Linux console. Create /etc/profile
for systemd too, but reading the locale setting from /etc/locale.conf.
- remove some useless --xinclude
- write only one option per line
- use --encode UTF-8 instead of --noent (which is useless after
profiling anyway
- try to be consistent in option order
- use --output instead of -o
If in a series of commands, and not the last, true has no effect
If in the last command, it is better to exit if there is a real
error in tidy, so use "|| test $$? -le 1", but only when tidy is
the last in a series of commands
Part of a patch by Boian Berberov
