r928 - trunk

tushar at linuxfromscratch.org tushar at linuxfromscratch.org
Thu Jan 27 22:34:44 PST 2005


Author: tushar
Date: 2005-01-27 23:34:43 -0700 (Thu, 27 Jan 2005)
New Revision: 928

Modified:
   trunk/ssp.txt
Log:
Updated Hint: ssp

Modified: trunk/ssp.txt
===================================================================
--- trunk/ssp.txt	2005-01-17 17:37:24 UTC (rev 927)
+++ trunk/ssp.txt	2005-01-28 06:34:43 UTC (rev 928)
@@ -1,6 +1,6 @@
 AUTHOR:		Robert Connolly <robert at linuxfromscratch dot org> (ashes)
 
-DATE:		2005-01-17
+DATE:		2005-01-27
 
 LICENSE:	Public Domain
 
@@ -99,10 +99,13 @@
 	glibc-2.3.4-ssp_frandom-6.patch # This works for glibc-2.3.3 too.
 
 Optionally if you would like to build some of Glibc's libraries and utilities
-with -fstack-protector-all then use this patch:
+with -fstack-protector-all then use this patch. If you get rejected parts try
+the other patch.
 
 http://www.linuxfromscratch.org/patches/downloads/glibc/\
 	glibc-2.3.4-fstack_protector-1.patch
+or
+	glibc-20050124-fstack_protector-1.patch
 
 The sspspecs patch is depreciated. Use the Perl commands below.
 
@@ -112,6 +115,7 @@
 http://www.linuxfromscratch.org/patches/downloads/linux/\
         linux-2.4.27-frandom-2.patch # or
 	linux-2.6.9-frandom-2.patch
+	linux-2.6.10-frandom-1.patch
 
 If you are using a kernel before version 2.6.8 the above patch won't work.
 A few things changed in 2.6.8, if you are using 2.6.5, for example, then use
@@ -171,7 +175,8 @@
 No patches.
 
 - Libc-linux-headers headers
-patch -Np1 -i ../linux-libc-headers-2.6-frandom-2.patch
+patch --no-backup-if-mismatch \
+	-Np1 -i ../linux-libc-headers-2.6-frandom-2.patch
 
  - Glibc
 patch -Np1 -i ../glibc-2.3.4-ssp_frandom-6.patch # or 2.3.2's patch
@@ -204,12 +209,18 @@
 Chapter 6
 ---------
 - Libc-linux-headers headers
-patch -Np1 -i ../linux-libc-headers-2.6-frandom-2.patch
+patch --no-backup-if-mismatch \
+	-Np1 -i ../linux-libc-headers-2.6-frandom-2.patch
 
  - Glibc
 patch -Np1 -i ../glibc-2.3.4-ssp_frandom-6.patch &&
-patch -Np1 -i ../glibc-2.3.4-fstack_protector-1.patch
+patch -Np1 -i ../glibc-20050124-fstack_protector-1.patch
 
+Then modify CC. This will let some parts get skipped, but the fstack_protector
+patch above will add -fstack-protector-all on most of the utils and libs.
+
+env CC="gcc -fno-stack-protector" ../glibc-20050124/configure...
+
  - Binutils
 make CFLAGS="-fno-stack-protector" check
 
@@ -218,13 +229,15 @@
 sed -e 's at gcc.gnu.org/bugs.html at bugs.linuxfromscratch.org/@' \
         -e 's/3.4.3/3.4.3 (ssp)/' -i gcc/version.c
 
+make CFLAGS="-fstack-protector-all -O2" CXXFLAGS="-fstack-protector-all -O2"
+
 After make install run the script again to put -fstack-protector-all back in
 the specs file:
 
 /tools/bin/hardened-specs.sh
 
  - Grub
-CFLAGS="-fno-stack-protector -O2" ./configure...
+env CC="gcc -fno-stack-protector" ./configure...
 
  - GCC 2.95.3
 If you are still using gcc2:
@@ -237,12 +250,12 @@
 Linux kernel
 
 make mrproper &&
-linux-2.6.9-frandom-2.patch
+linux-2.6.10-frandom-1.patch
 
 make menuconfig
 
-make CC="/opt/gcc-2.95.3/bin/gcc -fstack-protector" dep
-make CC="/opt/gcc-2.95.3/bin/gcc -fstack-protector" bzImage
+make CC="gcc -fstack-protector" dep
+make CC="gcc -fstack-protector" bzImage
 ...
 
 ========
@@ -409,3 +422,5 @@
 * Add note for -O3 and Python.
 [2005-01-17]
 * Fixed misspellings.
+[2005-01-27]
+* Added --no-backup-if-mismatch to patch command.




More information about the hints mailing list