[prev in list] [next in list] [prev in thread] [next in thread]
List: stackguard
Subject: Re: Immunix & RNA -- what provisions for building extra linux tools?
From: Carl Anthony-Uzoeto <carl () zeto ! net>
Date: 2001-06-01 20:15:52
[Download RAW message or body]
A million thanks for the clarification -- you have really saved me hours of
tinkering about.
thanks,
--carl
Carl Anthony-Uzoeto wrote:
> Hey,
>
> This is great. Thanks for the quick responses. Rest of my comments are in-line
> ..
>
> Crispin Cowan wrote:
>
> > > -- I need to buld/install some other linux packages. Are
> > > there any known issues, gotchas, etc that I ought to know
> > > about?
> >
> > I believe all of the known "gotchas" are in the README.Immunix file in /
> > on the CD. To summarize:
>
> I read & re-read, then printed the README.Immunix file, but it didn't clarify
> the issues for me. I guess because I have the green CD, some things seem to be
> different. It was probably really intended for the RNA market. For instance,
> of all the tools listed in the README under the section titled "Packages needed
> to begin protecting RedHat 7.0 with stackguard and FormatGuard ...", none of
> the packages with stout in their names is included on the CD. Neither is the
> glibc_devel or glibc-profile packages installed. In fact, out of this list,
> only glibc-2.2-12_imnx_7.i386.rpm, libstdc++<blah>, and nscd<blah> are
> installed.
>
> In other words, no compilers have been installed (stackguarded or not), and much
> of the pkgs required for stackguarding other RedHat 7.0 pkgs were not there.
> Hence, my confusion.
>
> I made an assumption about the egcs under extras/egcs/clean being stackguarded
> and tried to install the egcs, but ran into dependency issues -- glibc-devel &
> binutils were required.
>
> I am now downloading egcs-1.1.2-30_SG201_stout.src.rpm, and I have also pulled
> down glibc-2.2-12_imnx_7.src.rpm & binutils-2.10.0.18-1_imnx.src.rpm. However,
> I am uncertain as to the order I should build these tools and which compilers I
> should use & when. I can eventually figure these things out, but have only got
> this night to get this server ready and shipped to an ISP. Please, if you have
> got a moment, can you fill in the gaps in my understanding as expressed above.
>
> >
> > * Don't complile kernels or kernel modules with the StackGuard
> > compiler.
>
> I am not likely to be compiling any kernel pkgs, yet. If I need to in future,
> the info' you have provided here is more than enough to get me started.
>
> > > -- I would like to stick with using RPM packaging for
> > > building/installing some much needed extra pkgs/tools.
> > > Trouble is, rpm seems to have been built without the options
> > > required for building from SRPMs (--rebuild, --recompile,
> > > -bb, -ba, etc). Is this a correct observation? If it is,
> > > whats the best way to work around this?
> >
> > I'm running Immunix OS on my laptop, use RPM regularly, and have not
> > experienced these problems. Can you elaborate?
>
> I suspect its because of the missing compilers -- haven't had a chance to do a
> thorough investigation. The symptoms are that every other rpm command would
> succeed, but the commands to build from source rpms all fail silently and print
> out a usage help screen. The usage help seems to suggest that the options to
> build from source rpms are not valid options. So, I began to think that the rpm
> pkg may have been deliberately crippled, perhaps, for security.
>
> The rpm packages installed are: rpm-4.0-4_imnx & rpm-python-4.0-4_imnx.
>
> Any ideas/suggestions?
>
> > > there are compiler tools on the CD, in the tree
> > > extras/clean. Does this mean the compilers have been fully
> > > stackguarded.
> >
> > There are two versions of the StackGuard compiler:
> >
> > * "Stout": this is the one you want to use most of the time.
>
> The *stout* ones are missing on the distro I have, but I am downloading the
> source rpm.
>
> > * "Lite": this is the one you need to use to compile glibc. glibc's
> > build sequence includes some very complex procedures, and for
> > arcane reasons, it won't build if the StackGuard compiler provides
> > a __canary_death_handler() function. The "Lite" compiler does not
> > provide one, while the "stout" does provide one.
>
> Is there any reason I shouldn't use the *lite* versions for everything?
>
> Once again, I thank you very much for taking the time to address some of the
> issues I have raised here, and hope you may be able to help me some more with
> these ones.
>
> thanks,
> --carl
>
> _______________________________________________
> Immunix-users mailing list
> Immunix-users@mail.wirex.com
> http://mail.wirex.com/mailman/listinfo/immunix-users
_______________________________________________
Immunix-users mailing list
Immunix-users@mail.wirex.com
http://mail.wirex.com/mailman/listinfo/immunix-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic