9d7a3741c9
Static PIE extends address space layout randomization to static executables. It provides additional security hardening benefits at the cost of some memory and performance. Dynamic linker, ld.so, is a standalone program which can be loaded at any address. This patch adds a configure option, --enable-static-pie, to embed the part of ld.so in static executable to create static position independent executable (static PIE). A static PIE is similar to static executable, but can be loaded at any address without help from a dynamic linker. When --enable-static-pie is used to configure glibc, libc.a is built as PIE and all static executables, including tests, are built as static PIE. The resulting libc.a can be used together with GCC 8 or above to build static PIE with the compiler option, -static-pie. But GCC 8 isn't required to build glibc with --enable-static-pie. Only GCC with PIE support is needed. When an older GCC is used to build glibc with --enable-static-pie, proper input files are passed to linker to create static executables as static PIE, together with "-z text" to prevent dynamic relocations in read-only segments, which are not allowed in static PIE. The following changes are made for static PIE: 1. Add a new function, _dl_relocate_static_pie, to: a. Get the run-time load address. b. Read the dynamic section. c. Perform dynamic relocations. Dynamic linker also performs these steps. But static PIE doesn't load any shared objects. 2. Call _dl_relocate_static_pie at entrance of LIBC_START_MAIN in libc.a. crt1.o, which is used to create dynamic and non-PIE static executables, is updated to include a dummy _dl_relocate_static_pie. rcrt1.o is added to create static PIE, which will link in the real _dl_relocate_static_pie. grcrt1.o is also added to create static PIE with -pg. GCC 8 has been updated to support rcrt1.o and grcrt1.o for static PIE. Static PIE can work on all architectures which support PIE, provided: 1. Target must support accessing of local functions without dynamic relocations, which is needed in start.S to call __libc_start_main with function addresses of __libc_csu_init, __libc_csu_fini and main. All functions in static PIE are local functions. If PIE start.S can't reach main () defined in a shared object, the code sequence: pass address of local_main to __libc_start_main ... local_main: tail call to main via PLT can be used. 2. start.S is updated to check PIC instead SHARED for PIC code path and avoid dynamic relocation, when PIC is defined and SHARED isn't defined, to support static PIE. 3. All assembly codes are updated check PIC instead SHARED for PIC code path to avoid dynamic relocations in read-only sections. 4. All assembly codes are updated check SHARED instead PIC for static symbol name. 5. elf_machine_load_address in dl-machine.h are updated to support static PIE. 6. __brk works without TLS nor dynamic relocations in read-only section so that it can be used by __libc_setup_tls to initializes TLS in static PIE. NB: When glibc is built with GCC defaulted to PIE, libc.a is compiled with -fPIE, regardless if --enable-static-pie is used to configure glibc. When glibc is configured with --enable-static-pie, libc.a is compiled with -fPIE, regardless whether GCC defaults to PIE or not. The same libc.a can be used to build both static executable and static PIE. There is no need for separate PIE copy of libc.a. On x86-64, the normal static sln: text data bss dec hex filename 625425 8284 5456 639165 9c0bd elf/sln the static PIE sln: text data bss dec hex filename 657626 20636 5392 683654 a6e86 elf/sln The code size is increased by 5% and the binary size is increased by 7%. Linker requirements to build glibc with --enable-static-pie: 1. Linker supports --no-dynamic-linker to remove PT_INTERP segment from static PIE. 2. Linker can create working static PIE. The x86-64 linker needs the fix for https://sourceware.org/bugzilla/show_bug.cgi?id=21782 The i386 linker needs to be able to convert "movl main@GOT(%ebx), %eax" to "leal main@GOTOFF(%ebx), %eax" if main is defined locally. Binutils 2.29 or above are OK for i686 and x86-64. But linker status for other targets need to be verified. 3. Linker should resolve undefined weak symbols to 0 in static PIE: https://sourceware.org/bugzilla/show_bug.cgi?id=22269 4. Many ELF backend linkers incorrectly check bfd_link_pic for TLS relocations, which should check bfd_link_executable instead: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 Tested on aarch64, i686 and x86-64. Using GCC 7 and binutils master branch, build-many-glibcs.py with --enable-static-pie with all patches for static PIE applied have the following build successes: PASS: glibcs-aarch64_be-linux-gnu build PASS: glibcs-aarch64-linux-gnu build PASS: glibcs-armeb-linux-gnueabi-be8 build PASS: glibcs-armeb-linux-gnueabi build PASS: glibcs-armeb-linux-gnueabihf-be8 build PASS: glibcs-armeb-linux-gnueabihf build PASS: glibcs-arm-linux-gnueabi build PASS: glibcs-arm-linux-gnueabihf build PASS: glibcs-arm-linux-gnueabihf-v7a build PASS: glibcs-arm-linux-gnueabihf-v7a-disable-multi-arch build PASS: glibcs-m68k-linux-gnu build PASS: glibcs-microblazeel-linux-gnu build PASS: glibcs-microblaze-linux-gnu build PASS: glibcs-mips64el-linux-gnu-n32 build PASS: glibcs-mips64el-linux-gnu-n32-nan2008 build PASS: glibcs-mips64el-linux-gnu-n32-nan2008-soft build PASS: glibcs-mips64el-linux-gnu-n32-soft build PASS: glibcs-mips64el-linux-gnu-n64 build PASS: glibcs-mips64el-linux-gnu-n64-nan2008 build PASS: glibcs-mips64el-linux-gnu-n64-nan2008-soft build PASS: glibcs-mips64el-linux-gnu-n64-soft build PASS: glibcs-mips64-linux-gnu-n32 build PASS: glibcs-mips64-linux-gnu-n32-nan2008 build PASS: glibcs-mips64-linux-gnu-n32-nan2008-soft build PASS: glibcs-mips64-linux-gnu-n32-soft build PASS: glibcs-mips64-linux-gnu-n64 build PASS: glibcs-mips64-linux-gnu-n64-nan2008 build PASS: glibcs-mips64-linux-gnu-n64-nan2008-soft build PASS: glibcs-mips64-linux-gnu-n64-soft build PASS: glibcs-mipsel-linux-gnu build PASS: glibcs-mipsel-linux-gnu-nan2008 build PASS: glibcs-mipsel-linux-gnu-nan2008-soft build PASS: glibcs-mipsel-linux-gnu-soft build PASS: glibcs-mips-linux-gnu build PASS: glibcs-mips-linux-gnu-nan2008 build PASS: glibcs-mips-linux-gnu-nan2008-soft build PASS: glibcs-mips-linux-gnu-soft build PASS: glibcs-nios2-linux-gnu build PASS: glibcs-powerpc64le-linux-gnu build PASS: glibcs-powerpc64-linux-gnu build PASS: glibcs-tilegxbe-linux-gnu-32 build PASS: glibcs-tilegxbe-linux-gnu build PASS: glibcs-tilegx-linux-gnu-32 build PASS: glibcs-tilegx-linux-gnu build PASS: glibcs-tilepro-linux-gnu build and the following build failures: FAIL: glibcs-alpha-linux-gnu build elf/sln is failed to link due to: assertion fail bfd/elf64-alpha.c:4125 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-hppa-linux-gnu build elf/sln is failed to link due to: collect2: fatal error: ld terminated with signal 11 [Segmentation fault] https://sourceware.org/bugzilla/show_bug.cgi?id=22537 FAIL: glibcs-ia64-linux-gnu build elf/sln is failed to link due to: collect2: fatal error: ld terminated with signal 11 [Segmentation fault] FAIL: glibcs-powerpc-linux-gnu build FAIL: glibcs-powerpc-linux-gnu-soft build FAIL: glibcs-powerpc-linux-gnuspe build FAIL: glibcs-powerpc-linux-gnuspe-e500v1 build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22264 FAIL: glibcs-powerpc-linux-gnu-power4 build elf/sln is failed to link due to: findlocale.c:96:(.text+0x22c): @local call to ifunc memchr This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-s390-linux-gnu build elf/sln is failed to link due to: collect2: fatal error: ld terminated with signal 11 [Segmentation fault], core dumped assertion fail bfd/elflink.c:14299 This is caused by linker bug and/or non-PIC code in PIE libc.a. FAIL: glibcs-sh3eb-linux-gnu build FAIL: glibcs-sh3-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu build FAIL: glibcs-sh4eb-linux-gnu-soft build FAIL: glibcs-sh4-linux-gnu build FAIL: glibcs-sh4-linux-gnu-soft build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 Also TLS code sequence in SH assembly syscalls in glibc doesn't match TLS code sequence expected by ld: https://sourceware.org/bugzilla/show_bug.cgi?id=22270 FAIL: glibcs-sparc64-linux-gnu build FAIL: glibcs-sparcv9-linux-gnu build FAIL: glibcs-tilegxbe-linux-gnu build FAIL: glibcs-tilegxbe-linux-gnu-32 build FAIL: glibcs-tilegx-linux-gnu build FAIL: glibcs-tilegx-linux-gnu-32 build FAIL: glibcs-tilepro-linux-gnu build elf/sln is failed to link due to: ld: read-only segment has dynamic relocations. This is caused by linker bug and/or non-PIC code in PIE libc.a. See: https://sourceware.org/bugzilla/show_bug.cgi?id=22263 [BZ #19574] * INSTALL: Regenerated. * Makeconfig (real-static-start-installed-name): New. (pic-default): Updated for --enable-static-pie. (pie-default): New for --enable-static-pie. (default-pie-ldflag): Likewise. (+link-static-before-libc): Replace $(DEFAULT-LDFLAGS-$(@F)) with $(if $($(@F)-no-pie),$(no-pie-ldflag),$(default-pie-ldflag)). Replace $(static-start-installed-name) with $(real-static-start-installed-name). (+prectorT): Updated for --enable-static-pie. (+postctorT): Likewise. (CFLAGS-.o): Add $(pie-default). (CFLAGS-.op): Likewise. * NEWS: Mention --enable-static-pie. * config.h.in (ENABLE_STATIC_PIE): New. * configure.ac (--enable-static-pie): New configure option. (have-no-dynamic-linker): New LIBC_CONFIG_VAR. (have-static-pie): Likewise. Enable static PIE if linker supports --no-dynamic-linker. (ENABLE_STATIC_PIE): New AC_DEFINE. (enable-static-pie): New LIBC_CONFIG_VAR. * configure: Regenerated. * csu/Makefile (omit-deps): Add r$(start-installed-name) and gr$(start-installed-name) for --enable-static-pie. (extra-objs): Likewise. (install-lib): Likewise. (extra-objs): Add static-reloc.o and static-reloc.os ($(objpfx)$(start-installed-name)): Also depend on $(objpfx)static-reloc.o. ($(objpfx)r$(start-installed-name)): New. ($(objpfx)g$(start-installed-name)): Also depend on $(objpfx)static-reloc.os. ($(objpfx)gr$(start-installed-name)): New. * csu/libc-start.c (LIBC_START_MAIN): Call _dl_relocate_static_pie in libc.a. * csu/libc-tls.c (__libc_setup_tls): Add main_map->l_addr to initimage. * csu/static-reloc.c: New file. * elf/Makefile (routines): Add dl-reloc-static-pie. (elide-routines.os): Likewise. (DEFAULT-LDFLAGS-tst-tls1-static-non-pie): Removed. (tst-tls1-static-non-pie-no-pie): New. * elf/dl-reloc-static-pie.c: New file. * elf/dl-support.c (_dl_get_dl_main_map): New function. * elf/dynamic-link.h (ELF_DURING_STARTUP): Also check STATIC_PIE_BOOTSTRAP. * elf/get-dynamic-info.h (elf_get_dynamic_info): Likewise. * gmon/Makefile (tests): Add tst-gmon-static-pie. (tests-static): Likewise. (DEFAULT-LDFLAGS-tst-gmon-static): Removed. (tst-gmon-static-no-pie): New. (CFLAGS-tst-gmon-static-pie.c): Likewise. (CRT-tst-gmon-static-pie): Likewise. (tst-gmon-static-pie-ENV): Likewise. (tests-special): Likewise. ($(objpfx)tst-gmon-static-pie.out): Likewise. (clean-tst-gmon-static-pie-data): Likewise. ($(objpfx)tst-gmon-static-pie-gprof.out): Likewise. * gmon/tst-gmon-static-pie.c: New file. * manual/install.texi: Document --enable-static-pie. * sysdeps/generic/ldsodefs.h (_dl_relocate_static_pie): New. (_dl_get_dl_main_map): Likewise. * sysdeps/i386/configure.ac: Check if linker supports static PIE. * sysdeps/x86_64/configure.ac: Likewise. * sysdeps/i386/configure: Regenerated. * sysdeps/x86_64/configure: Likewise. * sysdeps/mips/Makefile (ASFLAGS-.o): Add $(pie-default). (ASFLAGS-.op): Likewise.
649 lines
29 KiB
Plaintext
649 lines
29 KiB
Plaintext
@include macros.texi
|
|
@include pkgvers.texi
|
|
|
|
@ifclear plain
|
|
@node Installation, Maintenance, Library Summary, Top
|
|
@end ifclear
|
|
|
|
@c %MENU% How to install the GNU C Library
|
|
@appendix Installing @theglibc{}
|
|
|
|
Before you do anything else, you should read the FAQ at
|
|
@url{https://sourceware.org/glibc/wiki/FAQ}. It answers common
|
|
questions and describes problems you may experience with compilation
|
|
and installation.
|
|
|
|
You will need recent versions of several GNU tools: definitely GCC and
|
|
GNU Make, and possibly others. @xref{Tools for Compilation}, below.
|
|
|
|
@ifclear plain
|
|
@menu
|
|
* Configuring and compiling:: How to compile and test GNU libc.
|
|
* Running make install:: How to install it once you've got it
|
|
compiled.
|
|
* Tools for Compilation:: You'll need these first.
|
|
* Linux:: Specific advice for GNU/Linux systems.
|
|
* Reporting Bugs:: So they'll get fixed.
|
|
@end menu
|
|
@end ifclear
|
|
|
|
@node Configuring and compiling
|
|
@appendixsec Configuring and compiling @theglibc{}
|
|
@cindex configuring
|
|
@cindex compiling
|
|
|
|
@Theglibc{} cannot be compiled in the source directory. You must build
|
|
it in a separate build directory. For example, if you have unpacked
|
|
the @glibcadj{} sources in @file{/src/gnu/glibc-@var{version}},
|
|
create a directory
|
|
@file{/src/gnu/glibc-build} to put the object files in. This allows
|
|
removing the whole build directory in case an error occurs, which is
|
|
the safest way to get a fresh start and should always be done.
|
|
|
|
From your object directory, run the shell script @file{configure} located
|
|
at the top level of the source tree. In the scenario above, you'd type
|
|
|
|
@smallexample
|
|
$ ../glibc-@var{version}/configure @var{args@dots{}}
|
|
@end smallexample
|
|
|
|
Please note that even though you're building in a separate build
|
|
directory, the compilation may need to create or modify files and
|
|
directories in the source directory.
|
|
|
|
@noindent
|
|
@code{configure} takes many options, but the only one that is usually
|
|
mandatory is @samp{--prefix}. This option tells @code{configure}
|
|
where you want @theglibc{} installed. This defaults to @file{/usr/local},
|
|
but the normal setting to install as the standard system library is
|
|
@samp{--prefix=/usr} for @gnulinuxsystems{} and @samp{--prefix=} (an
|
|
empty prefix) for @gnuhurdsystems{}.
|
|
|
|
It may also be useful to set the @var{CC} and @var{CFLAGS} variables in
|
|
the environment when running @code{configure}. @var{CC} selects the C
|
|
compiler that will be used, and @var{CFLAGS} sets optimization options
|
|
for the compiler.
|
|
|
|
The following list describes all of the available options for
|
|
@code{configure}:
|
|
|
|
@table @samp
|
|
@item --prefix=@var{directory}
|
|
Install machine-independent data files in subdirectories of
|
|
@file{@var{directory}}. The default is to install in @file{/usr/local}.
|
|
|
|
@item --exec-prefix=@var{directory}
|
|
Install the library and other machine-dependent files in subdirectories
|
|
of @file{@var{directory}}. The default is to the @samp{--prefix}
|
|
directory if that option is specified, or @file{/usr/local} otherwise.
|
|
|
|
@item --with-headers=@var{directory}
|
|
Look for kernel header files in @var{directory}, not
|
|
@file{/usr/include}. @Theglibc{} needs information from the kernel's header
|
|
files describing the interface to the kernel. @Theglibc{} will normally
|
|
look in @file{/usr/include} for them,
|
|
but if you specify this option, it will look in @var{DIRECTORY} instead.
|
|
|
|
This option is primarily of use on a system where the headers in
|
|
@file{/usr/include} come from an older version of @theglibc{}. Conflicts can
|
|
occasionally happen in this case. You can also use this option if you want to
|
|
compile @theglibc{} with a newer set of kernel headers than the ones found in
|
|
@file{/usr/include}.
|
|
|
|
@item --enable-kernel=@var{version}
|
|
This option is currently only useful on @gnulinuxsystems{}. The
|
|
@var{version} parameter should have the form X.Y.Z and describes the
|
|
smallest version of the Linux kernel the generated library is expected
|
|
to support. The higher the @var{version} number is, the less
|
|
compatibility code is added, and the faster the code gets.
|
|
|
|
@item --with-binutils=@var{directory}
|
|
Use the binutils (assembler and linker) in @file{@var{directory}}, not
|
|
the ones the C compiler would default to. You can use this option if
|
|
the default binutils on your system cannot deal with all the constructs
|
|
in @theglibc{}. In that case, @code{configure} will detect the
|
|
problem and suppress these constructs, so that the library will still be
|
|
usable, but functionality may be lost---for example, you can't build a
|
|
shared libc with old binutils.
|
|
|
|
@c disable static doesn't work currently
|
|
@c @item --disable-static
|
|
@c Don't build static libraries. Static libraries aren't that useful these
|
|
@c days, but we recommend you build them in case you need them.
|
|
|
|
@item --disable-shared
|
|
Don't build shared libraries even if it is possible. Not all systems
|
|
support shared libraries; you need ELF support and (currently) the GNU
|
|
linker.
|
|
|
|
@item --enable-static-pie
|
|
Enable static position independent executable (static PIE) support.
|
|
Static PIE is similar to static executable, but can be loaded at any
|
|
address without help from a dynamic linker. All static programs as
|
|
well as static tests are built as static PIE, except for those marked
|
|
with no-pie. The resulting glibc can be used with the GCC option,
|
|
-static-pie, which is available with GCC 8 or above, to create static
|
|
PIE.
|
|
|
|
@item --disable-profile
|
|
Don't build libraries with profiling information. You may want to use
|
|
this option if you don't plan to do profiling.
|
|
|
|
@item --enable-static-nss
|
|
Compile static versions of the NSS (Name Service Switch) libraries.
|
|
This is not recommended because it defeats the purpose of NSS; a program
|
|
linked statically with the NSS libraries cannot be dynamically
|
|
reconfigured to use a different name database.
|
|
|
|
@item --enable-hardcoded-path-in-tests
|
|
By default, dynamic tests are linked to run with the installed C library.
|
|
This option hardcodes the newly built C library path in dynamic tests
|
|
so that they can be invoked directly.
|
|
|
|
@item --disable-timezone-tools
|
|
By default, timezone related utilities (@command{zic}, @command{zdump},
|
|
and @command{tzselect}) are installed with @theglibc{}. If you are building
|
|
these independently (e.g. by using the @samp{tzcode} package), then this
|
|
option will allow disabling the install of these.
|
|
|
|
Note that you need to make sure the external tools are kept in sync with
|
|
the versions that @theglibc{} expects as the data formats may change over
|
|
time. Consult the @file{timezone} subdirectory for more details.
|
|
|
|
@item --enable-stack-protector
|
|
@itemx --enable-stack-protector=strong
|
|
@itemx --enable-stack-protector=all
|
|
Compile the C library and all other parts of the glibc package
|
|
(including the threading and math libraries, NSS modules, and
|
|
transliteration modules) using the GCC @option{-fstack-protector},
|
|
@option{-fstack-protector-strong} or @option{-fstack-protector-all}
|
|
options to detect stack overruns. Only the dynamic linker and a small
|
|
number of routines called directly from assembler are excluded from this
|
|
protection.
|
|
|
|
@item --enable-bind-now
|
|
Disable lazy binding for installed shared objects. This provides
|
|
additional security hardening because it enables full RELRO and a
|
|
read-only global offset table (GOT), at the cost of slightly increased
|
|
program load times.
|
|
|
|
@pindex pt_chown
|
|
@findex grantpt
|
|
@item --enable-pt_chown
|
|
The file @file{pt_chown} is a helper binary for @code{grantpt}
|
|
(@pxref{Allocation, Pseudo-Terminals}) that is installed setuid root to
|
|
fix up pseudo-terminal ownership. It is not built by default because
|
|
systems using the Linux kernel are commonly built with the @code{devpts}
|
|
filesystem enabled and mounted at @file{/dev/pts}, which manages
|
|
pseudo-terminal ownership automatically. By using
|
|
@samp{--enable-pt_chown}, you may build @file{pt_chown} and install it
|
|
setuid and owned by @code{root}. The use of @file{pt_chown} introduces
|
|
additional security risks to the system and you should enable it only if
|
|
you understand and accept those risks.
|
|
|
|
@item --disable-werror
|
|
By default, @theglibc{} is built with @option{-Werror}. If you wish
|
|
to build without this option (for example, if building with a newer
|
|
version of GCC than this version of @theglibc{} was tested with, so
|
|
new warnings cause the build with @option{-Werror} to fail), you can
|
|
configure with @option{--disable-werror}.
|
|
|
|
@item --disable-mathvec
|
|
By default for x86_64, @theglibc{} is built with the vector math library.
|
|
Use this option to disable the vector math library.
|
|
|
|
@item --enable-tunables
|
|
Tunables support allows additional library parameters to be customized at
|
|
runtime. This feature is enabled by default. This option can take the
|
|
following values:
|
|
|
|
@table @code
|
|
@item yes
|
|
This is the default if no option is passed to configure. This enables tunables
|
|
and selects the default frontend (currently @samp{valstring}).
|
|
|
|
@item no
|
|
This option disables tunables.
|
|
|
|
@item valstring
|
|
This enables tunables and selects the @samp{valstring} frontend for tunables.
|
|
This frontend allows users to specify tunables as a colon-separated list in a
|
|
single environment variable @env{GLIBC_TUNABLES}.
|
|
@end table
|
|
|
|
@item --enable-obsolete-nsl
|
|
By default, libnsl is only built as shared library for backward
|
|
compatibility and the NSS modules libnss_compat, libnss_nis and
|
|
libnss_nisplus are not built at all.
|
|
Use this option to enable libnsl with all depending NSS modules and
|
|
header files.
|
|
|
|
@item --disable-experimental-malloc
|
|
By default, a per-thread cache is enabled in @code{malloc}. While
|
|
this cache can be disabled on a per-application basis using tunables
|
|
(set glibc.malloc.tcache_count to zero), this option can be used to
|
|
remove it from the build completely.
|
|
|
|
@item --build=@var{build-system}
|
|
@itemx --host=@var{host-system}
|
|
These options are for cross-compiling. If you specify both options and
|
|
@var{build-system} is different from @var{host-system}, @code{configure}
|
|
will prepare to cross-compile @theglibc{} from @var{build-system} to be used
|
|
on @var{host-system}. You'll probably need the @samp{--with-headers}
|
|
option too, and you may have to override @var{configure}'s selection of
|
|
the compiler and/or binutils.
|
|
|
|
If you only specify @samp{--host}, @code{configure} will prepare for a
|
|
native compile but use what you specify instead of guessing what your
|
|
system is. This is most useful to change the CPU submodel. For example,
|
|
if @code{configure} guesses your machine as @code{i686-pc-linux-gnu} but
|
|
you want to compile a library for 586es, give
|
|
@samp{--host=i586-pc-linux-gnu} or just @samp{--host=i586-linux} and add
|
|
the appropriate compiler flags (@samp{-mcpu=i586} will do the trick) to
|
|
@var{CFLAGS}.
|
|
|
|
If you specify just @samp{--build}, @code{configure} will get confused.
|
|
|
|
@item --with-pkgversion=@var{version}
|
|
Specify a description, possibly including a build number or build
|
|
date, of the binaries being built, to be included in
|
|
@option{--version} output from programs installed with @theglibc{}.
|
|
For example, @option{--with-pkgversion='FooBar GNU/Linux glibc build
|
|
123'}. The default value is @samp{GNU libc}.
|
|
|
|
@item --with-bugurl=@var{url}
|
|
Specify the URL that users should visit if they wish to report a bug,
|
|
to be included in @option{--help} output from programs installed with
|
|
@theglibc{}. The default value refers to the main bug-reporting
|
|
information for @theglibc{}.
|
|
@end table
|
|
|
|
To build the library and related programs, type @code{make}. This will
|
|
produce a lot of output, some of which may look like errors from
|
|
@code{make} but aren't. Look for error messages from @code{make}
|
|
containing @samp{***}. Those indicate that something is seriously wrong.
|
|
|
|
The compilation process can take a long time, depending on the
|
|
configuration and the speed of your machine. Some complex modules may
|
|
take a very long time to compile, as much as several minutes on slower
|
|
machines. Do not panic if the compiler appears to hang.
|
|
|
|
If you want to run a parallel make, simply pass the @samp{-j} option
|
|
with an appropriate numeric parameter to @code{make}. You need a recent
|
|
GNU @code{make} version, though.
|
|
|
|
To build and run test programs which exercise some of the library
|
|
facilities, type @code{make check}. If it does not complete
|
|
successfully, do not use the built library, and report a bug after
|
|
verifying that the problem is not already known. @xref{Reporting Bugs},
|
|
for instructions on reporting bugs. Note that some of the tests assume
|
|
they are not being run by @code{root}. We recommend you compile and
|
|
test @theglibc{} as an unprivileged user.
|
|
|
|
Before reporting bugs make sure there is no problem with your system.
|
|
The tests (and later installation) use some pre-existing files of the
|
|
system such as @file{/etc/passwd}, @file{/etc/nsswitch.conf} and others.
|
|
These files must all contain correct and sensible content.
|
|
|
|
Normally, @code{make check} will run all the tests before reporting
|
|
all problems found and exiting with error status if any problems
|
|
occurred. You can specify @samp{stop-on-test-failure=y} when running
|
|
@code{make check} to make the test run stop and exit with an error
|
|
status immediately when a failure occurs.
|
|
|
|
The @glibcadj{} pretty printers come with their own set of scripts for testing,
|
|
which run together with the rest of the testsuite through @code{make check}.
|
|
These scripts require the following tools to run successfully:
|
|
|
|
@itemize @bullet
|
|
@item
|
|
Python 2.7.6/3.4.3 or later
|
|
|
|
Python is required for running the printers' test scripts.
|
|
|
|
@item PExpect 4.0
|
|
|
|
The printer tests drive GDB through test programs and compare its output
|
|
to the printers'. PExpect is used to capture the output of GDB, and should be
|
|
compatible with the Python version in your system.
|
|
|
|
@item
|
|
GDB 7.8 or later with support for Python 2.7.6/3.4.3 or later
|
|
|
|
GDB itself needs to be configured with Python support in order to use the
|
|
pretty printers. Notice that your system having Python available doesn't imply
|
|
that GDB supports it, nor that your system's Python and GDB's have the same
|
|
version.
|
|
@end itemize
|
|
|
|
@noindent
|
|
If these tools are absent, the printer tests will report themselves as
|
|
@code{UNSUPPORTED}. Notice that some of the printer tests require @theglibc{}
|
|
to be compiled with debugging symbols.
|
|
|
|
To format the @cite{GNU C Library Reference Manual} for printing, type
|
|
@w{@code{make dvi}}. You need a working @TeX{} installation to do
|
|
this. The distribution builds the on-line formatted version of the
|
|
manual, as Info files, as part of the build process. You can build
|
|
them manually with @w{@code{make info}}.
|
|
|
|
The library has a number of special-purpose configuration parameters
|
|
which you can find in @file{Makeconfig}. These can be overwritten with
|
|
the file @file{configparms}. To change them, create a
|
|
@file{configparms} in your build directory and add values as appropriate
|
|
for your system. The file is included and parsed by @code{make} and has
|
|
to follow the conventions for makefiles.
|
|
|
|
It is easy to configure @theglibc{} for cross-compilation by
|
|
setting a few variables in @file{configparms}. Set @code{CC} to the
|
|
cross-compiler for the target you configured the library for; it is
|
|
important to use this same @code{CC} value when running
|
|
@code{configure}, like this: @samp{CC=@var{target}-gcc configure
|
|
@var{target}}. Set @code{BUILD_CC} to the compiler to use for programs
|
|
run on the build system as part of compiling the library. You may need to
|
|
set @code{AR} to cross-compiling versions of @code{ar}
|
|
if the native tools are not configured to work with
|
|
object files for the target you configured for. When cross-compiling
|
|
@theglibc{}, it may be tested using @samp{make check
|
|
test-wrapper="@var{srcdir}/scripts/cross-test-ssh.sh @var{hostname}"},
|
|
where @var{srcdir} is the absolute directory name for the main source
|
|
directory and @var{hostname} is the host name of a system that can run
|
|
the newly built binaries of @theglibc{}. The source and build
|
|
directories must be visible at the same locations on both the build
|
|
system and @var{hostname}.
|
|
|
|
In general, when testing @theglibc{}, @samp{test-wrapper} may be set
|
|
to the name and arguments of any program to run newly built binaries.
|
|
This program must preserve the arguments to the binary being run, its
|
|
working directory and the standard input, output and error file
|
|
descriptors. If @samp{@var{test-wrapper} env} will not work to run a
|
|
program with environment variables set, then @samp{test-wrapper-env}
|
|
must be set to a program that runs a newly built program with
|
|
environment variable assignments in effect, those assignments being
|
|
specified as @samp{@var{var}=@var{value}} before the name of the
|
|
program to be run. If multiple assignments to the same variable are
|
|
specified, the last assignment specified must take precedence.
|
|
Similarly, if @samp{@var{test-wrapper} env -i} will not work to run a
|
|
program with an environment completely empty of variables except those
|
|
directly assigned, then @samp{test-wrapper-env-only} must be set; its
|
|
use has the same syntax as @samp{test-wrapper-env}, the only
|
|
difference in its semantics being starting with an empty set of
|
|
environment variables rather than the ambient set.
|
|
|
|
|
|
@node Running make install
|
|
@appendixsec Installing the C Library
|
|
@cindex installing
|
|
|
|
To install the library and its header files, and the Info files of the
|
|
manual, type @code{make install}. This will
|
|
build things, if necessary, before installing them; however, you should
|
|
still compile everything first. If you are installing @theglibc{} as your
|
|
primary C library, we recommend that you shut the system down to
|
|
single-user mode first, and reboot afterward. This minimizes the risk
|
|
of breaking things when the library changes out from underneath.
|
|
|
|
@samp{make install} will do the entire job of upgrading from a
|
|
previous installation of @theglibc{} version 2.x. There may sometimes
|
|
be headers
|
|
left behind from the previous installation, but those are generally
|
|
harmless. If you want to avoid leaving headers behind you can do
|
|
things in the following order.
|
|
|
|
You must first build the library (@samp{make}), optionally check it
|
|
(@samp{make check}), switch the include directories and then install
|
|
(@samp{make install}). The steps must be done in this order. Not moving
|
|
the directory before install will result in an unusable mixture of header
|
|
files from both libraries, but configuring, building, and checking the
|
|
library requires the ability to compile and run programs against the old
|
|
library. The new @file{/usr/include}, after switching the include
|
|
directories and before installing the library should contain the Linux
|
|
headers, but nothing else. If you do this, you will need to restore
|
|
any headers from libraries other than @theglibc{} yourself after installing the
|
|
library.
|
|
|
|
You can install @theglibc{} somewhere other than where you configured
|
|
it to go by setting the @code{DESTDIR} GNU standard make variable on
|
|
the command line for @samp{make install}. The value of this variable
|
|
is prepended to all the paths for installation. This is useful when
|
|
setting up a chroot environment or preparing a binary distribution.
|
|
The directory should be specified with an absolute file name. Installing
|
|
with the @code{prefix} and @code{exec_prefix} GNU standard make variables
|
|
set is not supported.
|
|
|
|
@Theglibc{} includes a daemon called @code{nscd}, which you
|
|
may or may not want to run. @code{nscd} caches name service lookups; it
|
|
can dramatically improve performance with NIS+, and may help with DNS as
|
|
well.
|
|
|
|
One auxiliary program, @file{/usr/libexec/pt_chown}, is installed setuid
|
|
@code{root} if the @samp{--enable-pt_chown} configuration option is used.
|
|
This program is invoked by the @code{grantpt} function; it sets the
|
|
permissions on a pseudoterminal so it can be used by the calling process.
|
|
If you are using a Linux kernel with the @code{devpts} filesystem enabled
|
|
and mounted at @file{/dev/pts}, you don't need this program.
|
|
|
|
After installation you might want to configure the timezone and locale
|
|
installation of your system. @Theglibc{} comes with a locale
|
|
database which gets configured with @code{localedef}. For example, to
|
|
set up a German locale with name @code{de_DE}, simply issue the command
|
|
@samp{localedef -i de_DE -f ISO-8859-1 de_DE}. To configure all locales
|
|
that are supported by @theglibc{}, you can issue from your build directory the
|
|
command @samp{make localedata/install-locales}.
|
|
|
|
To configure the locally used timezone, set the @code{TZ} environment
|
|
variable. The script @code{tzselect} helps you to select the right value.
|
|
As an example, for Germany, @code{tzselect} would tell you to use
|
|
@samp{TZ='Europe/Berlin'}. For a system wide installation (the given
|
|
paths are for an installation with @samp{--prefix=/usr}), link the
|
|
timezone file which is in @file{/usr/share/zoneinfo} to the file
|
|
@file{/etc/localtime}. For Germany, you might execute @samp{ln -s
|
|
/usr/share/zoneinfo/Europe/Berlin /etc/localtime}.
|
|
|
|
@node Tools for Compilation
|
|
@appendixsec Recommended Tools for Compilation
|
|
@cindex installation tools
|
|
@cindex tools, for installing library
|
|
|
|
We recommend installing the following GNU tools before attempting to
|
|
build @theglibc{}:
|
|
|
|
@itemize @bullet
|
|
@item
|
|
GNU @code{make} 3.79 or newer
|
|
|
|
You need the latest version of GNU @code{make}. Modifying @theglibc{}
|
|
to work with other @code{make} programs would be so difficult that
|
|
we recommend you port GNU @code{make} instead. @strong{Really.} We
|
|
recommend GNU @code{make} version 3.79. All earlier versions have severe
|
|
bugs or lack features.
|
|
|
|
@item
|
|
GCC 4.9 or newer
|
|
|
|
GCC 4.9 or higher is required. In general it is recommended to use
|
|
the newest version of the compiler that is known to work for building
|
|
@theglibc{}, as newer compilers usually produce better code. As of
|
|
release time, GCC 7.1 is the newest compiler verified to work to build
|
|
@theglibc{}.
|
|
|
|
For PowerPC 64-bits little-endian (powerpc64le), GCC 6.2 or higher is
|
|
required. This compiler version is the first to provide the features
|
|
required for building @theglibc{} with support for @code{_Float128}.
|
|
|
|
For multi-arch support it is recommended to use a GCC which has been built with
|
|
support for GNU indirect functions. This ensures that correct debugging
|
|
information is generated for functions selected by IFUNC resolvers. This
|
|
support can either be enabled by configuring GCC with
|
|
@samp{--enable-gnu-indirect-function}, or by enabling it by default by setting
|
|
@samp{default_gnu_indirect_function} variable for a particular architecture in
|
|
the GCC source file @file{gcc/config.gcc}.
|
|
|
|
You can use whatever compiler you like to compile programs that use
|
|
@theglibc{}.
|
|
|
|
Check the FAQ for any special compiler issues on particular platforms.
|
|
|
|
@item
|
|
GNU @code{binutils} 2.25 or later
|
|
|
|
You must use GNU @code{binutils} (as and ld) to build @theglibc{}.
|
|
No other assembler or linker has the necessary functionality at the
|
|
moment. As of release time, GNU @code{binutils} 2.27 is the newest
|
|
verified to work to build @theglibc{}.
|
|
|
|
@item
|
|
GNU @code{texinfo} 4.7 or later
|
|
|
|
To correctly translate and install the Texinfo documentation you need
|
|
this version of the @code{texinfo} package. Earlier versions do not
|
|
understand all the tags used in the document, and the installation
|
|
mechanism for the info files is not present or works differently.
|
|
As of release time, @code{texinfo} 6.0 is the newest verified to work
|
|
to build @theglibc{}.
|
|
|
|
@item
|
|
GNU @code{awk} 3.1.2, or higher
|
|
|
|
@code{awk} is used in several places to generate files.
|
|
Some @code{gawk} extensions are used, including the @code{asorti}
|
|
function, which was introduced in version 3.1.2 of @code{gawk}.
|
|
As of release time, @code{gawk} version 4.1.3 is the newest verified
|
|
to work to build @theglibc{}.
|
|
|
|
@item
|
|
GNU @code{bison} 2.7 or later
|
|
|
|
@code{bison} is used to generate the @code{yacc} parser code in the @file{intl}
|
|
subdirectory.
|
|
|
|
@item
|
|
Perl 5
|
|
|
|
Perl is not required, but it is used if present to test the
|
|
installation. We may decide to use it elsewhere in the future.
|
|
|
|
@item
|
|
GNU @code{sed} 3.02 or newer
|
|
|
|
@code{Sed} is used in several places to generate files. Most scripts work
|
|
with any version of @code{sed}. As of release time, @code{sed} version
|
|
4.2.2 is the newest verified to work to build @theglibc{}.
|
|
|
|
@end itemize
|
|
|
|
@noindent
|
|
If you change any of the @file{configure.ac} files you will also need
|
|
|
|
@itemize @bullet
|
|
@item
|
|
GNU @code{autoconf} 2.69 (exactly)
|
|
@end itemize
|
|
|
|
@noindent
|
|
and if you change any of the message translation files you will need
|
|
|
|
@itemize @bullet
|
|
@item
|
|
GNU @code{gettext} 0.10.36 or later
|
|
@end itemize
|
|
|
|
|
|
@noindent
|
|
You may also need these packages if you upgrade your source tree using
|
|
patches, although we try to avoid this.
|
|
|
|
@node Linux
|
|
@appendixsec Specific advice for @gnulinuxsystems{}
|
|
@cindex kernel header files
|
|
|
|
If you are installing @theglibc{} on @gnulinuxsystems{}, you need to have
|
|
the header files from a 3.2 or newer kernel around for reference.
|
|
(For the ia64 architecture, you need version 3.2.18 or newer because this
|
|
is the first version with support for the @code{accept4} system call.)
|
|
These headers must be installed using @samp{make headers_install}; the
|
|
headers present in the kernel source directory are not suitable for
|
|
direct use by @theglibc{}. You do not need to use that kernel, just have
|
|
its headers installed where @theglibc{} can access them, referred to here as
|
|
@var{install-directory}. The easiest way to do this is to unpack it
|
|
in a directory such as @file{/usr/src/linux-@var{version}}. In that
|
|
directory, run @samp{make headers_install
|
|
INSTALL_HDR_PATH=@var{install-directory}}. Finally, configure @theglibc{}
|
|
with the option @samp{--with-headers=@var{install-directory}/include}.
|
|
Use the most recent kernel you can get your hands on. (If you are
|
|
cross-compiling @theglibc{}, you need to specify
|
|
@samp{ARCH=@var{architecture}} in the @samp{make headers_install}
|
|
command, where @var{architecture} is the architecture name used by the
|
|
Linux kernel, such as @samp{x86} or @samp{powerpc}.)
|
|
|
|
After installing @theglibc{}, you may need to remove or rename
|
|
directories such as @file{/usr/include/linux} and
|
|
@file{/usr/include/asm}, and replace them with copies of directories
|
|
such as @file{linux} and @file{asm} from
|
|
@file{@var{install-directory}/include}. All directories present in
|
|
@file{@var{install-directory}/include} should be copied, except that
|
|
@theglibc{} provides its own version of @file{/usr/include/scsi}; the
|
|
files provided by the kernel should be copied without replacing those
|
|
provided by @theglibc{}. The @file{linux}, @file{asm} and
|
|
@file{asm-generic} directories are required to compile programs using
|
|
@theglibc{}; the other directories describe interfaces to the kernel but
|
|
are not required if not compiling programs using those interfaces.
|
|
You do not need to copy kernel headers if you did not specify an
|
|
alternate kernel header source using @samp{--with-headers}.
|
|
|
|
The Filesystem Hierarchy Standard for @gnulinuxsystems{} expects some
|
|
components of the @glibcadj{} installation to be in
|
|
@file{/lib} and some in @file{/usr/lib}. This is handled automatically
|
|
if you configure @theglibc{} with @samp{--prefix=/usr}. If you set some other
|
|
prefix or allow it to default to @file{/usr/local}, then all the
|
|
components are installed there.
|
|
|
|
@node Reporting Bugs
|
|
@appendixsec Reporting Bugs
|
|
@cindex reporting bugs
|
|
@cindex bugs, reporting
|
|
|
|
There are probably bugs in @theglibc{}. There are certainly
|
|
errors and omissions in this manual. If you report them, they will get
|
|
fixed. If you don't, no one will ever know about them and they will
|
|
remain unfixed for all eternity, if not longer.
|
|
|
|
It is a good idea to verify that the problem has not already been
|
|
reported. Bugs are documented in two places: The file @file{BUGS}
|
|
describes a number of well known bugs and the central @glibcadj{}
|
|
bug tracking system has a
|
|
WWW interface at
|
|
@url{https://sourceware.org/bugzilla/}. The WWW
|
|
interface gives you access to open and closed reports. A closed report
|
|
normally includes a patch or a hint on solving the problem.
|
|
|
|
To report a bug, first you must find it. With any luck, this will be the
|
|
hard part. Once you've found a bug, make sure it's really a bug. A
|
|
good way to do this is to see if @theglibc{} behaves the same way
|
|
some other C library does. If so, probably you are wrong and the
|
|
libraries are right (but not necessarily). If not, one of the libraries
|
|
is probably wrong. It might not be @theglibc{}. Many historical
|
|
Unix C libraries permit things that we don't, such as closing a file
|
|
twice.
|
|
|
|
If you think you have found some way in which @theglibc{} does not
|
|
conform to the ISO and POSIX standards (@pxref{Standards and
|
|
Portability}), that is definitely a bug. Report it!
|
|
|
|
Once you're sure you've found a bug, try to narrow it down to the
|
|
smallest test case that reproduces the problem. In the case of a C
|
|
library, you really only need to narrow it down to one library
|
|
function call, if possible. This should not be too difficult.
|
|
|
|
The final step when you have a simple test case is to report the bug.
|
|
Do this at @value{REPORT_BUGS_TO}.
|
|
|
|
If you are not sure how a function should behave, and this manual
|
|
doesn't tell you, that's a bug in the manual. Report that too! If the
|
|
function's behavior disagrees with the manual, then either the library
|
|
or the manual has a bug, so report the disagreement. If you find any
|
|
errors or omissions in this manual, please report them to the
|
|
bug database. If you refer to specific
|
|
sections of the manual, please include the section names for easier
|
|
identification.
|