1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
|
# $Id$
# Maintainer: Luke R. <g4jc@openmailbox.org> GPG: rsa4096/3EAE8697
# Maintainer (Arch): Allan McRae <allan@archlinux.org>
# toolchain build order: linux-libre-api-headers->glibc->binutils->gcc->binutils->glibc
# NOTE: valgrind requires rebuilt with each major glibc version
pkgname=glibc
pkgver=2.24
pkgrel=2.91parabola2
pkgdesc="GNU C Library"
arch=('i686' 'x86_64')
url="https://www.gnu.org/software/libc"
license=('GPL' 'LGPL')
groups=('base')
depends=('linux-libre-api-headers>=4.7' 'tzdata' 'filesystem')
makedepends=('gcc>=6' 'git')
backup=(etc/gai.conf
etc/locale.gen
etc/nscd.conf)
options=('!strip' 'staticlibs')
install=glibc.install
source=("https://ftp.gnu.org/gnu/glibc/glibc-2.24.tar.xz"{,.sig}
locale.gen.txt
locale-gen)
#0001-Revert-Avoid-an-extra-branch-to-PLT-for-z-now.patch)
validpgpkeys=('7273542B39962DF7B299931416792B4EA25340F8') # Carlos O'Donell <carlos@systemhalted.org>"
sha512sums=('a4cb28a2c51a0cc029ed69da7cba11931a615ba897235590b4f7fad2eaabec9042f8250eaac2a5860997437a69ab13304f10a634000e52c0336b5593b7969adb'
'SKIP'
'3d9facc6da5159dcd877473c8a4d77006ef5615e2619ef743255112bfa136baf65239367222e87e7ada823d5c7d747aa5204f8365a806141e5884477898ccd14'
'd92e6ba83ee86c3602e74c52bf5f99ca751f3867edb894dd22c179003cd58a1b4e11237a293a54fe126edafd5add78a65bf3368826b8bfa40451ee374e301961')
prepare() {
mkdir glibc-build
cd glibc-$pkgver
# build fails with PIE enabled toolchain
# https://sourceware.org/bugzilla/show_bug.cgi?id=20621
#patch -p1 -i $srcdir/0001-Revert-Avoid-an-extra-branch-to-PLT-for-z-now.patch
}
build() {
cd glibc-build
if [[ ${CARCH} = "i686" ]]; then
# Hack to fix NPTL issues with Xen, only required on 32bit platforms
# TODO: make separate glibc-xen package for i686
export CFLAGS="${CFLAGS} -mno-tls-direct-seg-refs"
fi
echo "slibdir=/usr/lib" >> configparms
echo "rtlddir=/usr/lib" >> configparms
echo "sbindir=/usr/bin" >> configparms
echo "rootsbindir=/usr/bin" >> configparms
# remove hardening options for building libraries
CPPFLAGS=${CPPFLAGS/-D_FORTIFY_SOURCE=2/}
CFLAGS=${CFLAGS/-fstack-protector-strong/}
# this is handled properly by --enable-bind-now
LDFLAGS=${LDFLAGS/,-z,now/}
../${pkgname}-$pkgver/configure \
--prefix=/usr \
--libdir=/usr/lib \
--libexecdir=/usr/lib \
--with-headers=/usr/include \
--with-bugurl=https://bugs.archlinux.org/ \
--enable-add-ons \
--enable-obsolete-rpc \
--enable-kernel=2.6.32 \
--enable-bind-now \
--disable-profile \
--enable-stackguard-randomization \
--enable-lock-elision \
--enable-multi-arch \
--disable-werror
# build libraries with hardening disabled
echo "build-programs=no" >> configparms
make
# re-enable hardening for programs
sed -i "/build-programs=/s#no#yes#" configparms
echo "CC += -fstack-protector-strong -D_FORTIFY_SOURCE=2" >> configparms
echo "CXX += -fstack-protector-strong -D_FORTIFY_SOURCE=2" >> configparms
make
}
check() {
cd glibc-build
# remove harding in preparation to run test-suite
sed -i '/FORTIFY/d' configparms
# some failures are "expected"
make check || true
}
package() {
cd glibc-build
install -dm755 ${pkgdir}/etc
touch ${pkgdir}/etc/ld.so.conf
make install_root=${pkgdir} install
rm -f ${pkgdir}/etc/ld.so.{cache,conf}
install -dm755 ${pkgdir}/usr/lib/{locale,systemd/system,tmpfiles.d}
install -m644 ${srcdir}/${pkgname}-$pkgver/nscd/nscd.conf ${pkgdir}/etc/nscd.conf
install -m644 ${srcdir}/${pkgname}-$pkgver/nscd/nscd.service ${pkgdir}/usr/lib/systemd/system
install -m644 ${srcdir}/${pkgname}-$pkgver/nscd/nscd.tmpfiles ${pkgdir}/usr/lib/tmpfiles.d/nscd.conf
install -m644 ${srcdir}/${pkgname}-$pkgver/posix/gai.conf ${pkgdir}/etc/gai.conf
install -m755 ${srcdir}/locale-gen ${pkgdir}/usr/bin
# create /etc/locale.gen
install -m644 ${srcdir}/locale.gen.txt ${pkgdir}/etc/locale.gen
sed -e '1,3d' -e 's|/| |g' -e 's|\\| |g' -e 's|^|#|g' \
${srcdir}/glibc-$pkgver/localedata/SUPPORTED >> ${pkgdir}/etc/locale.gen
# Do not strip the following files for improved debugging support
# ("improved" as in not breaking gdb and valgrind...):
# ld-${pkgver}.so
# libc-${pkgver}.so
# libpthread-${pkgver}.so
# libthread_db-1.0.so
cd $pkgdir
strip $STRIP_BINARIES usr/bin/{gencat,getconf,getent,iconv,iconvconfig} \
usr/bin/{ldconfig,locale,localedef,nscd,makedb} \
usr/bin/{pcprofiledump,pldd,rpcgen,sln,sprof} \
usr/lib/getconf/*
if [[ $CARCH = "i686" ]]; then
strip $STRIP_BINARIES usr/bin/lddlibc4
fi
strip $STRIP_STATIC usr/lib/*.a
strip $STRIP_SHARED usr/lib/lib{anl,BrokenLocale,cidn,crypt}-*.so \
usr/lib/libnss_{compat,db,dns,files,hesiod,nis,nisplus}-*.so \
usr/lib/lib{dl,m,nsl,resolv,rt,util}-*.so \
usr/lib/lib{memusage,pcprofile,SegFault}.so \
usr/lib/{audit,gconv}/*.so || true
if [[ $CARCH = "x86_64" ]]; then
strip $STRIP_SHARED usr/lib/libmvec-*.so
fi
}
|