[not4n00bs] a secure "runtime" userland...

Post tutorials, HOWTO's and other useful resources here.
Post Reply
User avatar
fu11m00nremix
White ninja
White ninja
Posts: 21
Joined: 08 Oct 2020, 19:49
Distribution: fu11m00nremix

[not4n00bs] a secure "runtime" userland...

Post#1 by fu11m00nremix » 13 Oct 2020, 07:33

Musl is a highly secure 'suckless' (Unix philosophy: Do One Thing and Do It Well )... runtime ONLY alternative to glibc.
see... https://suckless.org/philosophy/

This thread explores Musl's non-"GNU" (eg... non-toolchain) userland implementation.

Let's start with the faq...
https://wiki.musl-libc.org/guidelines-f ... tions.html

Repo...
https://slackware.pkgs.org/current/slac ... y.txz.html

Project...
https://musl.libc.org

Download...
https://packages.slackonly.com/pub/pack ... slonly.txz (package)
https://musl.libc.org/releases/musl-1.2.1.tar.gz (source)

These projects use it...
https://www.adelielinux.org/about/compare.html

How it compares to glibc...
http://www.etalabs.net/compare_libcs.html

This appears to be the best solution to implement it...
https://github.com/AdelieLinux/gcompat

Another way to implement it...
What could be done in theory is replacing /lib/ld-linux.so.2 with a symlink to musl.
https://news.ycombinator.com/item?id=7434554
Hmmm...

Ok... but I chose instead to replace /usr/bin/ldd and /usr/lib64/libc.so with a symlink.

Then when I'm compiling... I use the porteus.cfg cheatcode (noload) to exclude the module that loads the symlink.

Understandably... because Musl does not play well with GCC (or Tiny C Compiler which I sometimes use).

Caveat...
Ok... but I chose instead to replace /usr/bin/ldd and /usr/lib64/libc.so with a symlink.

**Pls Note... this ONLY applies to the SlackOnly package directory path.

The Musl source 'makefile' and 'configure' default path is not the same.
These files require... editing to get the same package directory path.

**Also Note... I symlink my Musl (TCC) package w/ a module using similar symlinks.

Welcome... to any helpful positive input in advance.

More to follow...
Last edited by fu11m00nremix on 22 Oct 2020, 09:11, edited 12 times in total.
I receive no compensation and offer only ideas and info to consider... the rest is on you. If you have concerns... then do the right thing and reach out through PM.

User avatar
fu11m00nremix
White ninja
White ninja
Posts: 21
Joined: 08 Oct 2020, 19:49
Distribution: fu11m00nremix

[not4n00bs] a secure "runtime" userland...

Post#2 by fu11m00nremix » 15 Oct 2020, 11:38

To compile w/ TCC there had to be changes...

... musl makefile (fu11m00nremix)

Code: Select all

#
# Makefile for musl (requires GNU make)
#
# This is how simple every makefile should be...
# No, I take that back - actually most should be less than half this size.
#
# Use config.mak to override any of the following variables.
# Do not make changes here.
#

srcdir = .
exec_prefix = /usr
bindir = $(exec_prefix)/bin

prefix = /usr
includedir = $(prefix)/include
libdir = $(prefix)/lib64/musl
syslibdir = $(prefix)/lib64/musl

MALLOC_DIR = mallocng
SRC_DIRS = $(addprefix $(srcdir)/,src/* src/malloc/$(MALLOC_DIR) crt ldso $(COMPAT_SRC_DIRS))
BASE_GLOBS = $(addsuffix /*.c,$(SRC_DIRS))
ARCH_GLOBS = $(addsuffix /$(ARCH)/*.[csS],$(SRC_DIRS))
BASE_SRCS = $(sort $(wildcard $(BASE_GLOBS)))
ARCH_SRCS = $(sort $(wildcard $(ARCH_GLOBS)))
BASE_OBJS = $(patsubst $(srcdir)/%,%.o,$(basename $(BASE_SRCS)))
ARCH_OBJS = $(patsubst $(srcdir)/%,%.o,$(basename $(ARCH_SRCS)))
REPLACED_OBJS = $(sort $(subst /$(ARCH)/,/,$(ARCH_OBJS)))
ALL_OBJS = $(addprefix obj/, $(filter-out $(REPLACED_OBJS), $(sort $(BASE_OBJS) $(ARCH_OBJS))))

LIBC_OBJS = $(filter obj/src/%,$(ALL_OBJS)) $(filter obj/compat/%,$(ALL_OBJS))
LDSO_OBJS = $(filter obj/ldso/%,$(ALL_OBJS:%.o=%.lo))
CRT_OBJS = $(filter obj/crt/%,$(ALL_OBJS))

AOBJS = $(LIBC_OBJS)
LOBJS = $(LIBC_OBJS:.o=.lo)
GENH = obj/include/bits/alltypes.h obj/include/bits/syscall.h
GENH_INT = obj/src/internal/version.h
IMPH = $(addprefix $(srcdir)/, src/internal/stdio_impl.h src/internal/pthread_impl.h src/internal/locale_impl.h src/internal/libc.h)

LDFLAGS =
LDFLAGS_AUTO =
LIBCC = -ltcc
CPPFLAGS =
CFLAGS =
CFLAGS_AUTO = -O3 -pipe
CFLAGS_C99FSE = -std=c99 -ffreestanding -nostdinc 

CFLAGS_ALL = $(CFLAGS_C99FSE)
CFLAGS_ALL += -D_XOPEN_SOURCE=700 -I$(srcdir)/arch/$(ARCH) -I$(srcdir)/arch/generic -Iobj/src/internal -I$(srcdir)/src/include -I$(srcdir)/src/internal -Iobj/include -I$(srcdir)/include
CFLAGS_ALL += $(CPPFLAGS) $(CFLAGS_AUTO) $(CFLAGS)

LDFLAGS_ALL = $(LDFLAGS_AUTO) $(LDFLAGS)

AR      = $(CROSS_COMPILE)ar
RANLIB  = $(CROSS_COMPILE)ranlib
INSTALL = $(srcdir)/tools/install.sh

ARCH_INCLUDES = $(wildcard $(srcdir)/arch/$(ARCH)/bits/*.h)
GENERIC_INCLUDES = $(wildcard $(srcdir)/arch/generic/bits/*.h)
INCLUDES = $(wildcard $(srcdir)/include/*.h $(srcdir)/include/*/*.h)
ALL_INCLUDES = $(sort $(INCLUDES:$(srcdir)/%=%) $(GENH:obj/%=%) $(ARCH_INCLUDES:$(srcdir)/arch/$(ARCH)/%=include/%) $(GENERIC_INCLUDES:$(srcdir)/arch/generic/%=include/%))

EMPTY_LIB_NAMES = m rt pthread crypt util xnet resolv dl
EMPTY_LIBS = $(EMPTY_LIB_NAMES:%=lib/lib%.a)
CRT_LIBS = $(addprefix lib/,$(notdir $(CRT_OBJS)))
STATIC_LIBS = lib64/libc.a
SHARED_LIBS = lib64/libc.so
TOOL_LIBS = lib64/musl-gcc.specs
ALL_LIBS = $(CRT_LIBS) $(STATIC_LIBS) $(SHARED_LIBS) $(EMPTY_LIBS) $(TOOL_LIBS)
ALL_TOOLS = obj/musl-gcc

WRAPCC_GCC = tcc
WRAPCC_CLANG = clang

LDSO_PATHNAME = $(syslibdir)/ld-musl-$(ARCH)$(SUBARCH).so.1

-include config.mak
-include $(srcdir)/arch/$(ARCH)/arch.mak

ifeq ($(ARCH),)

all:
	@echo "Please set ARCH in config.mak before running make."
	@exit 1

else

all: $(ALL_LIBS) $(ALL_TOOLS)

OBJ_DIRS = $(sort $(patsubst %/,%,$(dir $(ALL_LIBS) $(ALL_TOOLS) $(ALL_OBJS) $(GENH) $(GENH_INT))) obj/include)

$(ALL_LIBS) $(ALL_TOOLS) $(ALL_OBJS) $(ALL_OBJS:%.o=%.lo) $(GENH) $(GENH_INT): | $(OBJ_DIRS)

$(OBJ_DIRS):
	mkdir -p $@

obj/include/bits/alltypes.h: $(srcdir)/arch/$(ARCH)/bits/alltypes.h.in $(srcdir)/include/alltypes.h.in $(srcdir)/tools/mkalltypes.sed
	sed -f $(srcdir)/tools/mkalltypes.sed $(srcdir)/arch/$(ARCH)/bits/alltypes.h.in $(srcdir)/include/alltypes.h.in > $@

obj/include/bits/syscall.h: $(srcdir)/arch/$(ARCH)/bits/syscall.h.in
	cp $< $@
	sed -n -e s/__NR_/SYS_/p < $< >> $@

obj/src/internal/version.h: $(wildcard $(srcdir)/VERSION $(srcdir)/.git)
	printf '#define VERSION "%s"\n' "$$(cd $(srcdir); sh tools/version.sh)" > $@

obj/src/internal/version.o obj/src/internal/version.lo: obj/src/internal/version.h

obj/crt/rcrt1.o obj/ldso/dlstart.lo obj/ldso/dynlink.lo: $(srcdir)/src/internal/dynlink.h $(srcdir)/arch/$(ARCH)/reloc.h

obj/crt/crt1.o obj/crt/scrt1.o obj/crt/rcrt1.o obj/ldso/dlstart.lo: $(srcdir)/arch/$(ARCH)/crt_arch.h

obj/crt/rcrt1.o: $(srcdir)/ldso/dlstart.c

obj/crt/Scrt1.o obj/crt/rcrt1.o: CFLAGS_ALL += -fPIC

OPTIMIZE_SRCS = $(wildcard $(OPTIMIZE_GLOBS:%=$(srcdir)/src/%))
$(OPTIMIZE_SRCS:$(srcdir)/%.c=obj/%.o) $(OPTIMIZE_SRCS:$(srcdir)/%.c=obj/%.lo): CFLAGS += -O3

MEMOPS_OBJS = $(filter %/memcpy.o %/memmove.o %/memcmp.o %/memset.o, $(LIBC_OBJS))
$(MEMOPS_OBJS) $(MEMOPS_OBJS:%.o=%.lo): CFLAGS_ALL += $(CFLAGS_MEMOPS)

NOSSP_OBJS = $(CRT_OBJS) $(LDSO_OBJS) $(filter \
	%/__libc_start_main.o %/__init_tls.o %/__stack_chk_fail.o \
	%/__set_thread_area.o %/memset.o %/memcpy.o \
	, $(LIBC_OBJS))
$(NOSSP_OBJS) $(NOSSP_OBJS:%.o=%.lo): CFLAGS_ALL += $(CFLAGS_NOSSP)

$(CRT_OBJS): CFLAGS_ALL += -DCRT

$(LOBJS) $(LDSO_OBJS): CFLAGS_ALL += -fPIC

CC_CMD = $(CC) $(CFLAGS_ALL) -c -o $@ $<

# Choose invocation of assembler to be used
ifeq ($(ADD_CFI),yes)
	AS_CMD = LC_ALL=C awk -f $(srcdir)/tools/add-cfi.common.awk -f $(srcdir)/tools/add-cfi.$(ARCH).awk $< | $(CC) $(CFLAGS_ALL) -x assembler -c -o $@ -
else
	AS_CMD = $(CC_CMD)
endif

obj/%.o: $(srcdir)/%.s
	$(AS_CMD)

obj/%.o: $(srcdir)/%.S
	$(CC_CMD)

obj/%.o: $(srcdir)/%.c $(GENH) $(IMPH)
	$(CC_CMD)

obj/%.lo: $(srcdir)/%.s
	$(AS_CMD)

obj/%.lo: $(srcdir)/%.S
	$(CC_CMD)

obj/%.lo: $(srcdir)/%.c $(GENH) $(IMPH)
	$(CC_CMD)

lib/libc.so: $(LOBJS) $(LDSO_OBJS)
	$(CC) $(CFLAGS_ALL) $(LDFLAGS_ALL) -nostdlib -shared \
	-Wl,-e,_dlstart -o $@ $(LOBJS) $(LDSO_OBJS) $(LIBCC)

lib/libc.a: $(AOBJS)
	rm -f $@
	$(AR) rc $@ $(AOBJS)
	$(RANLIB) $@

$(EMPTY_LIBS):
	rm -f $@
	$(AR) rc $@

lib/%.o: obj/crt/$(ARCH)/%.o
	cp $< $@

lib/%.o: obj/crt/%.o
	cp $< $@

lib/musl-gcc.specs: $(srcdir)/tools/musl-gcc.specs.sh config.mak
	sh $< "$(includedir)" "$(libdir)" "$(LDSO_PATHNAME)" > $@

obj/musl-gcc: config.mak
	printf '#!/bin/sh\nexec "$${REALGCC:-$(WRAPCC_GCC)}" "$$@" -specs "%s/musl-gcc.specs"\n' "$(libdir)" > $@
	chmod +x $@

obj/%-clang: $(srcdir)/tools/%-clang.in config.mak
	sed -e 's!@CC@!$(WRAPCC_CLANG)!g' -e 's!@PREFIX@!$(prefix)!g' -e 's!@INCDIR@!$(includedir)!g' -e 's!@LIBDIR@!$(libdir)!g' -e 's!@LDSO@!$(LDSO_PATHNAME)!g' $< > $@
	chmod +x $@

$(DESTDIR)$(bindir)/%: obj/%
	$(INSTALL) -D $< $@

$(DESTDIR)$(libdir)/%.so: lib/%.so
	$(INSTALL) -D -m 755 $< $@

$(DESTDIR)$(libdir)/%: lib/%
	$(INSTALL) -D -m 644 $< $@

$(DESTDIR)$(includedir)/bits/%: $(srcdir)/arch/$(ARCH)/bits/%
	$(INSTALL) -D -m 644 $< $@

$(DESTDIR)$(includedir)/bits/%: $(srcdir)/arch/generic/bits/%
	$(INSTALL) -D -m 644 $< $@

$(DESTDIR)$(includedir)/bits/%: obj/include/bits/%
	$(INSTALL) -D -m 644 $< $@

$(DESTDIR)$(includedir)/%: $(srcdir)/include/%
	$(INSTALL) -D -m 644 $< $@

$(DESTDIR)$(LDSO_PATHNAME): $(DESTDIR)$(libdir)/libc.so
	$(INSTALL) -D -l $(libdir)/libc.so $@ || true

install-libs: $(ALL_LIBS:lib/%=$(DESTDIR)$(libdir)/%) $(if $(SHARED_LIBS),$(DESTDIR)$(LDSO_PATHNAME),)

install-headers: $(ALL_INCLUDES:include/%=$(DESTDIR)$(includedir)/%)

install-tools: $(ALL_TOOLS:obj/%=$(DESTDIR)$(bindir)/%)

install: install-libs install-headers install-tools

musl-git-%.tar.gz: .git
	 git --git-dir=$(srcdir)/.git archive --format=tar.gz --prefix=$(patsubst %.tar.gz,%,$@)/ -o $@ $(patsubst musl-git-%.tar.gz,%,$@)

musl-%.tar.gz: .git
	 git --git-dir=$(srcdir)/.git archive --format=tar.gz --prefix=$(patsubst %.tar.gz,%,$@)/ -o $@ v$(patsubst musl-%.tar.gz,%,$@)

endif

clean:
	rm -rf obj lib

distclean: clean
	rm -f config.mak

.PHONY: all clean install install-libs install-headers install-tools

... musl configure (fu11m00nremix)

Code: Select all

#!/bin/sh

usage () {
cat <<EOF
Usage: $0 [OPTION]... [VAR=VALUE]... [TARGET]

To assign environment variables (e.g., CC, CFLAGS...), specify them as
VAR=VALUE.  See below for descriptions of some of the useful variables.

Defaults for the options are specified in brackets.

Configuration:
  --srcdir=DIR            source directory [detected]

Installation directories:
  --prefix=PREFIX         main installation prefix [/usr/local/musl]
  --exec-prefix=EPREFIX   installation prefix for executable files [PREFIX]

Fine tuning of the installation directories:
  --bindir=DIR            user executables [EPREFIX/bin]
  --libdir=DIR            library files for the linker [PREFIX/lib]
  --includedir=DIR        include files for the C compiler [PREFIX/include]
  --syslibdir=DIR         location for the dynamic linker [/lib]

System types:
  --target=TARGET         configure to run on target TARGET [detected]
  --host=HOST             same as --target
  --build=BUILD           build system type; used only to infer cross-compiling

Optional features:
  --enable-optimize=...   optimize listed components for speed over size [auto]
  --enable-debug          build with debugging information [disabled]
  --enable-warnings       build with recommended warnings flags [disabled]
  --enable-wrapper=...    build given musl toolchain wrapper [auto]
  --disable-shared        inhibit building shared library [enabled]
  --disable-static        inhibit building static library [enabled]

Optional packages:
  --with-malloc=...       choose malloc implementation [mallocng]

Some influential environment variables:
  CC                      C compiler command [detected]
  CFLAGS                  C compiler flags [-Os -pipe ...]
  CROSS_COMPILE           prefix for cross compiler and tools [none]
  LIBCC                   compiler runtime library [detected]

Use these variables to override the choices made by configure.

EOF
exit 0
}

# Helper functions

quote () {
tr '\n' ' ' <<EOF | grep '^[-[:alnum:]_=,./:]* $' >/dev/null 2>&1 && { echo "$1" ; return 0 ; }
$1
EOF
printf %s\\n "$1" | sed -e "s/'/'\\\\''/g" -e "1s/^/'/" -e "\$s/\$/'/" -e "s#^'\([-[:alnum:]_,./:]*\)=\(.*\)\$#\1='\2#"
}
echo () { printf "%s\n" "$*" ; }
fail () { echo "$*" ; exit 1 ; }
fnmatch () { eval "case \"\$2\" in $1) return 0 ;; *) return 1 ;; esac" ; }
cmdexists () { type "$1" >/dev/null 2>&1 ; }
trycc () { test -z "$CC" && cmdexists "$1" && CC=$1 ; }

stripdir () {
while eval "fnmatch '*/' \"\${$1}\"" ; do eval "$1=\${$1%/}" ; done
}

trycppif () {
printf "checking preprocessor condition %s... " "$1"
echo "typedef int x;" > "$tmpc"
echo "#if $1" >> "$tmpc"
echo "#error yes" >> "$tmpc"
echo "#endif" >> "$tmpc"
if $CC $2 -c -o /dev/null "$tmpc" >/dev/null 2>&1 ; then
printf "false\n"
return 1
else
printf "true\n"
return 0
fi
}

tryflag () {
printf "checking whether compiler accepts %s... " "$2"
echo "typedef int x;" > "$tmpc"
if $CC $CFLAGS_TRY $2 -c -o /dev/null "$tmpc" >/dev/null 2>&1 ; then
printf "yes\n"
eval "$1=\"\${$1} \$2\""
eval "$1=\${$1# }"
return 0
else
printf "no\n"
return 1
fi
}

tryldflag () {
printf "checking whether linker accepts %s... " "$2"
echo "typedef int x;" > "$tmpc"
if $CC $LDFLAGS_TRY -nostdlib -shared "$2" -o /dev/null "$tmpc" >/dev/null 2>&1 ; then
printf "yes\n"
eval "$1=\"\${$1} \$2\""
eval "$1=\${$1# }"
return 0
else
printf "no\n"
return 1
fi
}



# Beginning of actual script

CFLAGS_C99FSE=
CFLAGS_AUTO=
CFLAGS_MEMOPS=
CFLAGS_NOSSP=
CFLAGS_TRY=
LDFLAGS_AUTO=
LDFLAGS_TRY=
OPTIMIZE_GLOBS=
srcdir=
prefix=/usr
exec_prefix='$(prefix)'
bindir='$(exec_prefix)/bin'
libdir='$(prefix)/lib64/musl'
includedir='$(prefix)/include'
syslibdir='$(prefix)/lib64/musl'
tools=
tool_libs=
build=
target=
optimize=auto
debug=no
warnings=no
shared=auto
static=yes
wrapper=auto
gcc_wrapper=no
clang_wrapper=no
malloc_dir=mallocng

for arg ; do
case "$arg" in
--help|-h) usage ;;
--srcdir=*) srcdir=${arg#*=} ;;
--prefix=*) prefix=${arg#*=} ;;
--exec-prefix=*) exec_prefix=${arg#*=} ;;
--bindir=*) bindir=${arg#*=} ;;
--libdir=*) libdir=${arg#*=} ;;
--includedir=*) includedir=${arg#*=} ;;
--syslibdir=*) syslibdir=${arg#*=} ;;
--enable-shared|--enable-shared=yes) shared=yes ;;
--disable-shared|--enable-shared=no) shared=no ;;
--enable-static|--enable-static=yes) static=yes ;;
--disable-static|--enable-static=no) static=no ;;
--enable-optimize) optimize=yes ;;
--enable-optimize=*) optimize=${arg#*=} ;;
--disable-optimize) optimize=no ;;
--enable-debug|--enable-debug=yes) debug=yes ;;
--disable-debug|--enable-debug=no) debug=no ;;
--enable-warnings|--enable-warnings=yes) warnings=yes ;;
--disable-warnings|--enable-warnings=no) warnings=no ;;
--enable-wrapper|--enable-wrapper=yes) wrapper=detect ;;
--enable-wrapper=all) wrapper=yes ; gcc_wrapper=yes ; clang_wrapper=yes ;;
--enable-wrapper=gcc) wrapper=yes ; gcc_wrapper=yes ;;
--enable-wrapper=clang) wrapper=yes ; clang_wrapper=yes ;;
--disable-wrapper|--enable-wrapper=no) wrapper=no ;;
--enable-gcc-wrapper|--enable-gcc-wrapper=yes) wrapper=yes ; gcc_wrapper=yes ;;
--disable-gcc-wrapper|--enable-gcc-wrapper=no) wrapper=no ;;
--with-malloc=*) malloc_dir=${arg#*=} ;;
--enable-*|--disable-*|--with-*|--without-*|--*dir=*) ;;
--host=*|--target=*) target=${arg#*=} ;;
--build=*) build=${arg#*=} ;;
-* ) echo "$0: unknown option $arg" ;;
AR=*) AR=${arg#*=} ;;
RANLIB=*) RANLIB=${arg#*=} ;;
CC=*) CC=${arg#*=} ;;
CFLAGS=*) CFLAGS=${arg#*=} ;;
CPPFLAGS=*) CPPFLAGS=${arg#*=} ;;
LDFLAGS=*) LDFLAGS=${arg#*=} ;;
CROSS_COMPILE=*) CROSS_COMPILE=${arg#*=} ;;
LIBCC=*) LIBCC=${arg#*=} ;;
*=*) ;;
*) build=$arg ; target=$arg ;;
esac
done

for i in srcdir prefix exec_prefix bindir libdir includedir syslibdir ; do
stripdir $i
done

#
# Get the source dir for out-of-tree builds
#
if test -z "$srcdir" ; then
srcdir="${0%/configure}"
stripdir srcdir
fi
abs_builddir="$(pwd)" || fail "$0: cannot determine working directory"
abs_srcdir="$(cd $srcdir && pwd)" || fail "$0: invalid source directory $srcdir"
test "$abs_srcdir" = "$abs_builddir" && srcdir=.
test "$srcdir" != "." -a -f Makefile -a ! -h Makefile && fail "$0: Makefile already exists in the working directory"

#
# Get a temp filename we can use
#
i=0
set -C
while : ; do i=$(($i+1))
tmpc="./conf$$-$PPID-$i.c"
2>|/dev/null > "$tmpc" && break
test "$i" -gt 50 && fail "$0: cannot create temporary file $tmpc"
done
set +C
trap 'rm "$tmpc"' EXIT INT QUIT TERM HUP

#
# Check that the requested malloc implementation exists
#
test -d "$srcdir/src/malloc/$malloc_dir" \
|| fail "$0: error: chosen malloc implementation '$malloc_dir' does not exist"

#
# Check whether we are cross-compiling, and set a default
# CROSS_COMPILE prefix if none was provided.
#
test "$target" && \
test "$target" != "$build" && \
test -z "$CROSS_COMPILE" && \
CROSS_COMPILE="$target-"

#
# Find a C compiler to use
#
printf "checking for C compiler... "
trycc ${CROSS_COMPILE}gcc
trycc ${CROSS_COMPILE}c99
trycc ${CROSS_COMPILE}cc
printf "%s\n" "$CC"
test -n "$CC" || { echo "$0: cannot find a C compiler" ; exit 1 ; }

printf "checking whether C compiler works... "
echo "typedef int x;" > "$tmpc"
if output=$($CC $CPPFLAGS $CFLAGS -c -o /dev/null "$tmpc" 2>&1) ; then
printf "yes\n"
else
printf "no; compiler output follows:\n%s\n" "$output"
exit 1
fi

#
# Figure out options to force errors on unknown flags.
#
tryflag   CFLAGS_TRY  -Werror=unknown-warning-option
tryflag   CFLAGS_TRY  -Werror=unused-command-line-argument
tryflag   CFLAGS_TRY  -Werror=ignored-optimization-argument
tryldflag LDFLAGS_TRY -Werror=unknown-warning-option
tryldflag LDFLAGS_TRY -Werror=unused-command-line-argument

#
# Need to know if the compiler is gcc or clang to decide which toolchain
# wrappers to build.
#
printf "checking for C compiler family... "
cc_ver="$(LC_ALL=C $CC -v 2>&1)"
cc_family=unknown
if fnmatch '*gcc\ version*' "$cc_ver" ; then
cc_family=gcc
elif fnmatch '*clang\ version*' "$cc_ver" ; then
cc_family=clang
fi
echo "$cc_family"

#
# Figure out toolchain wrapper to build
#
if test "$wrapper" = auto -o "$wrapper" = detect ; then
echo "#include <stdlib.h>" > "$tmpc"
echo "#if ! __GLIBC__" >> "$tmpc"
echo "#error no" >> "$tmpc"
echo "#endif" >> "$tmpc"
printf "checking for toolchain wrapper to build... "
if test "$wrapper" = auto && ! $CC -c -o /dev/null "$tmpc" >/dev/null 2>&1 ; then
echo "none"
elif test "$cc_family" = gcc ; then
gcc_wrapper=yes
echo "gcc"
elif test "$cc_family" = clang ; then
clang_wrapper=yes
echo "clang"
else
echo "none"
if test "$wrapper" = detect ; then
fail "$0: could not find an appropriate toolchain wrapper"
fi
fi
fi

if test "$gcc_wrapper" = yes ; then
tools="$tools obj/musl-gcc"
tool_libs="$tool_libs lib/musl-gcc.specs"
fi
if test "$clang_wrapper" = yes ; then
tools="$tools obj/musl-clang obj/ld.musl-clang"
fi

#
# Find the target architecture
#
printf "checking target system type... "
test -n "$target" || target=$($CC -dumpmachine 2>/dev/null) || target=unknown
printf "%s\n" "$target"

#
# Convert to just ARCH
#
case "$target" in
# Catch these early to simplify matching for 32-bit archs
arm*) ARCH=arm ;;
aarch64*) ARCH=aarch64 ;;
i?86-nt32*) ARCH=nt32 ;;
i?86*) ARCH=i386 ;;
x86_64-x32*|x32*|x86_64*x32) ARCH=x32 ;;
x86_64-nt64*) ARCH=nt64 ;;
x86_64*) ARCH=x86_64 ;;
m68k*) ARCH=m68k ;;
mips64*|mipsisa64*) ARCH=mips64 ;;
mips*) ARCH=mips ;;
microblaze*) ARCH=microblaze ;;
or1k*) ARCH=or1k ;;
powerpc64*|ppc64*) ARCH=powerpc64 ;;
powerpc*|ppc*) ARCH=powerpc ;;
riscv64*) ARCH=riscv64 ;;
sh[1-9bel-]*|sh|superh*) ARCH=sh ;;
s390x*) ARCH=s390x ;;
unknown) fail "$0: unable to detect target arch; try $0 --target=..." ;;
*) fail "$0: unknown or unsupported target \"$target\"" ;;
esac

#
# Try to get a conforming C99 freestanding environment
#
tryflag CFLAGS_C99FSE -std=c99
tryflag CFLAGS_C99FSE -nostdinc
tryflag CFLAGS_C99FSE -ffreestanding \
|| tryflag CFLAGS_C99FSE -fno-builtin
tryflag CFLAGS_C99FSE -fexcess-precision=standard \
|| { test "$ARCH" = i386 && tryflag CFLAGS_C99FSE -ffloat-store ; }
tryflag CFLAGS_C99FSE -frounding-math

#
# We may use the may_alias attribute if __GNUC__ is defined, so
# if the compiler defines __GNUC__ but does not provide it,
# it must be defined away as part of the CFLAGS.
#
printf "checking whether compiler needs attribute((may_alias)) suppression... "
cat > "$tmpc" <<EOF
typedef int
#ifdef __GNUC__
__attribute__((__may_alias__))
#endif
x;
EOF
if $CC $CFLAGS_C99FSE $CPPFLAGS $CFLAGS \
  -c -o /dev/null "$tmpc" >/dev/null 2>&1 ; then
printf "no\n"
else
printf "yes\n"
CFLAGS_C99FSE="$CFLAGS_C99FSE -D__may_alias__="
fi

#
# The GNU toolchain defaults to assuming unmarked files need an
# executable stack, potentially exposing vulnerabilities in programs
# linked with such object files. Fix this.
#
tryflag CFLAGS_C99FSE -Wa,--noexecstack

#
# Check for options to disable stack protector, which needs to be
# disabled for a few early-bootstrap translation units. If not found,
# this is not an error; we assume the toolchain does not do ssp.
#
tryflag CFLAGS_NOSSP -fno-stack-protector

#
# Check for options that may be needed to prevent the compiler from
# generating self-referential versions of memcpy,, memmove, memcmp,
# and memset. Really, we should add a check to determine if this
# option is sufficient, and if not, add a macro to cripple these
# functions with volatile...
#
tryflag CFLAGS_MEMOPS -fno-tree-loop-distribute-patterns

#
# Enable debugging if requessted.
#
test "$debug" = yes && CFLAGS_AUTO=-g

#
# Preprocess asm files to add extra debugging information if debug is
# enabled, our assembler supports the needed directives, and the
# preprocessing script has been written for our architecture.
#
printf "checking whether we should preprocess assembly to add debugging information... "
if fnmatch '-g*|*\ -g*' "$CFLAGS_AUTO $CFLAGS" &&
   test -f "tools/add-cfi.$ARCH.awk" &&
   printf ".file 1 \"srcfile.s\"\n.line 1\n.cfi_startproc\n.cfi_endproc" | $CC -g -x assembler -c -o /dev/null 2>/dev/null -
then
  ADD_CFI=yes
else
  ADD_CFI=no
fi
printf "%s\n" "$ADD_CFI"

#
# Possibly add a -O option to CFLAGS and select modules to optimize with
# -O3 based on the status of --enable-optimize and provided CFLAGS.
#
printf "checking for optimization settings... "
case "x$optimize" in
xauto)
if fnmatch '-O*|*\ -O*' "$CFLAGS_AUTO $CFLAGS" ; then
printf "using provided CFLAGS\n" ;optimize=no
else
printf "using defaults\n" ; optimize=yes
fi
;;
xsize|xnone) printf "minimize size\n" ; optimize=size ;;
xno|x) printf "disabled\n" ; optimize=no ;;
*) printf "custom\n" ;;
esac

test "$optimize" = no || tryflag CFLAGS_AUTO -Os || tryflag CFLAGS_AUTO -O2
test "$optimize" = yes && optimize="internal,malloc,string"

if fnmatch 'no|size' "$optimize" ; then :
else
printf "components to be optimized for speed:"
while test "$optimize" ; do
case "$optimize" in
*,*) this=${optimize%%,*} optimize=${optimize#*,} ;;
*) this=$optimize optimize=
esac
printf " $this"
case "$this" in
*/*.c) ;;
*/*) this=$this*.c ;;
*) this=$this/*.c ;;
esac
OPTIMIZE_GLOBS="$OPTIMIZE_GLOBS $this"
done
OPTIMIZE_GLOBS=${OPTIMIZE_GLOBS# }
printf "\n"
fi

# Always try -pipe
tryflag CFLAGS_AUTO -pipe

#
# If debugging is disabled, omit frame pointer. Modern GCC does this
# anyway on most archs even when debugging is enabled since the frame
# pointer is no longer needed for debugging.
#
if fnmatch '-g*|*\ -g*' "$CFLAGS_AUTO $CFLAGS" ; then :
else 
tryflag CFLAGS_AUTO -fomit-frame-pointer
fi

#
# Modern GCC wants to put DWARF tables (used for debugging and
# unwinding) in the loaded part of the program where they are
# unstrippable. These options force them back to debug sections (and
# cause them not to get generated at all if debugging is off).
#
tryflag CFLAGS_AUTO -fno-unwind-tables
tryflag CFLAGS_AUTO -fno-asynchronous-unwind-tables

#
# Attempt to put each function and each data object in its own
# section. This both allows additional size optimizations at link
# time and works around a dangerous class of compiler/assembler bugs
# whereby relative address expressions are constant-folded by the
# assembler even when one or more of the symbols involved is
# replaceable. See gas pr 18561 and gcc pr 66609, 68178, etc.
#
tryflag CFLAGS_AUTO -ffunction-sections
tryflag CFLAGS_AUTO -fdata-sections

#
# On x86, make sure we don't have incompatible instruction set
# extensions enabled by default. This is bad for making static binaries.
# We cheat and use i486 rather than i386 because i386 really does not
# work anyway (issues with atomic ops).
# Some build environments pass -march and -mtune options via CC, so
# check both CC and CFLAGS.
#
if test "$ARCH" = "i386" ; then
fnmatch '-march=*|*\ -march=*' "$CC $CFLAGS" || tryldflag CFLAGS_AUTO -march=i486
fnmatch '-mtune=*|*\ -mtune=*' "$CC $CFLAGS" || tryldflag CFLAGS_AUTO -mtune=generic
fi

#
# GCC defines -w as overriding any -W options, regardless of order, but
# clang has a bunch of annoying warnings enabled by default and needs -w
# to start from a clean slate. So use -w if building with clang.
#
test "$cc_family" = clang && tryflag CFLAGS_AUTO -w

#
# Even with -std=c99, gcc accepts some constructs which are constraint
# violations. We want to treat these as errors regardless of whether
# other purely stylistic warnings are enabled -- especially implicit
# function declarations, which are a dangerous programming error.
#
tryflag CFLAGS_AUTO -Werror=implicit-function-declaration
tryflag CFLAGS_AUTO -Werror=implicit-int
tryflag CFLAGS_AUTO -Werror=pointer-sign
tryflag CFLAGS_AUTO -Werror=pointer-arith

#
# GCC ignores unused arguements by default, but Clang needs this extra
# parameter to stop printing warnings about LDFLAGS passed during
# compiling stage and CFLAGS passed during linking stage.
#
test "$cc_family" = clang && tryflag CFLAGS_AUTO -Qunused-arguments

if test "x$warnings" = xyes ; then
tryflag CFLAGS_AUTO -Wall
tryflag CFLAGS_AUTO -Wno-parentheses
tryflag CFLAGS_AUTO -Wno-uninitialized
tryflag CFLAGS_AUTO -Wno-missing-braces
tryflag CFLAGS_AUTO -Wno-unused-value
tryflag CFLAGS_AUTO -Wno-unused-but-set-variable
tryflag CFLAGS_AUTO -Wno-unknown-pragmas
tryflag CFLAGS_AUTO -Wno-pointer-to-int-cast
fi

# Determine if the compiler produces position-independent code (PIC)
# by default. If so, we don't need to compile separate object files
# for libc.a and libc.so.
if trycppif __PIC__ "$CFLAGS_C99FSE $CPPFLAGS $CFLAGS" ; then
pic_default=yes
else
pic_default=no
fi

# Reduce space lost to padding for alignment purposes by sorting data
# objects according to their alignment reqirements. This approximates
# optimal packing.
tryldflag LDFLAGS_AUTO -Wl,--sort-section,alignment
tryldflag LDFLAGS_AUTO -Wl,--sort-common

# When linking shared library, drop dummy weak definitions that were
# replaced by strong definitions from other translation units.
tryldflag LDFLAGS_AUTO -Wl,--gc-sections

# Some patched GCC builds have these defaults messed up...
tryldflag LDFLAGS_AUTO -Wl,--hash-style=both

# Prevent linking if there are undefined symbols; if any exist,
# libc.so will crash at runtime during relocation processing.
# The common way this can happen is failure to link the compiler
# runtime library; implementation error is also a possibility.
tryldflag LDFLAGS_AUTO -Wl,--no-undefined

# Avoid exporting symbols from compiler runtime libraries. They
# should be hidden anyway, but some toolchains including old gcc
# versions built without shared library support and pcc are broken.
tryldflag LDFLAGS_AUTO -Wl,--exclude-libs=ALL

# Public data symbols must be interposable to allow for copy
# relocations, but otherwise we want to bind symbols at libc link
# time to eliminate startup relocations and PLT overhead. Use
# --dynamic-list rather than -Bsymbolic-functions for greater
# control over what symbols are left unbound.
tryldflag LDFLAGS_AUTO -Wl,--dynamic-list="$srcdir/dynamic.list"

# Find compiler runtime library
test -z "$LIBCC" && tryldflag LIBCC -lgcc && tryldflag LIBCC -lgcc_eh
test -z "$LIBCC" && tryldflag LIBCC -lcompiler_rt
test -z "$LIBCC" && try_libcc=`$CC -print-libgcc-file-name 2>/dev/null` \
                 && tryldflag LIBCC "$try_libcc"
test -z "$LIBCC" && try_libcc=`$CC -print-file-name=libpcc.a 2>/dev/null` \
                 && tryldflag LIBCC "$try_libcc"
printf "using compiler runtime libraries: %s\n" "$LIBCC"

# Figure out arch variants for archs with variants
SUBARCH=
t="$CFLAGS_C99FSE $CPPFLAGS $CFLAGS"

if test "$ARCH" = "i386" ; then
printf "checking whether compiler can use ebx in PIC asm constraints... "
cat > "$tmpc" <<EOF
int foo(int x) { __asm__ ( "" : "+b"(x) ); return x; }
EOF
if $CC $CFLAGS_C99FSE $CPPFLAGS $CFLAGS -fPIC \
  -c -o /dev/null "$tmpc" >/dev/null 2>&1 ; then
printf "yes\n"
else
printf "no\n"
CFLAGS_AUTO="$CFLAGS_AUTO -DBROKEN_EBX_ASM"
fi
fi

if test "$ARCH" = "x86_64" ; then
trycppif __ILP32__ "$t" && ARCH=x32
fi

if test "$ARCH" = "arm" ; then
if trycppif __thumb2__ "$t" ; then
tryflag CFLAGS_AUTO -mimplicit-it=always
tryflag CFLAGS_AUTO -Wa,-mimplicit-it=always
tryflag CFLAGS_AUTO -Wa,-mthumb
fi
trycppif __ARMEB__ "$t" && SUBARCH=${SUBARCH}eb
trycppif __ARM_PCS_VFP "$t" && SUBARCH=${SUBARCH}hf
# Versions of clang up until at least 3.8 have the wrong constraint codes
# for floating point operands to inline asm. Detect this so the affected
# source files can just disable the asm.
if test "$cc_family" = clang ; then
printf "checking whether clang's vfp asm constraints work... "
echo 'float f(float x) { __asm__("":"+t"(x)); return x; }' > "$tmpc"
if $CC $CFLAGS_C99FSE $CPPFLAGS $CFLAGS -c -o /dev/null "$tmpc" >/dev/null 2>&1 ; then
printf "yes\n"
else
printf "no\n"
CFLAGS_AUTO="$CFLAGS_AUTO -DBROKEN_VFP_ASM"
CFLAGS_AUTO="${CFLAGS_AUTO# }"
fi
fi
fi

if test "$ARCH" = "aarch64" ; then
trycppif __AARCH64EB__ "$t" && SUBARCH=${SUBARCH}_be
fi

if test "$ARCH" = "m68k" ; then
if trycppif "__HAVE_68881__" ; then : ;
elif trycppif "__mcffpu__" ; then SUBARCH="-fp64"
else SUBARCH="-sf"
fi
fi

if test "$ARCH" = "mips" ; then
trycppif "__mips_isa_rev >= 6" "$t" && SUBARCH=${SUBARCH}r6
trycppif "_MIPSEL || __MIPSEL || __MIPSEL__" "$t" && SUBARCH=${SUBARCH}el
trycppif __mips_soft_float "$t" && SUBARCH=${SUBARCH}-sf
fi

if test "$ARCH" = "mips64" ; then
trycppif "_MIPS_SIM != _ABI64" "$t" && ARCH=mipsn32
trycppif "__mips_isa_rev >= 6" "$t" && SUBARCH=${SUBARCH}r6
trycppif "_MIPSEL || __MIPSEL || __MIPSEL__" "$t" && SUBARCH=${SUBARCH}el
trycppif __mips_soft_float "$t" && SUBARCH=${SUBARCH}-sf
fi

if test "$ARCH" = "powerpc" ; then
trycppif "__NO_FPRS__ && !_SOFT_FLOAT" "$t" && fail \
  "$0: error: compiler's floating point configuration is unsupported"
trycppif _SOFT_FLOAT "$t" && SUBARCH=${SUBARCH}-sf
printf "checking whether compiler can use 'd' constraint in asm... "
echo 'double f(double x) { __asm__ ("fabs %0, %1" : "=d"(x) : "d"(x)); return x; }' > "$tmpc"
if $CC $CFLAGS_C99FSE $CPPFLAGS $CFLAGS -c -o /dev/null "$tmpc" >/dev/null 2>&1 ; then
printf "yes\n"
else
printf "no\n"
CFLAGS_AUTO="$CFLAGS_AUTO -DBROKEN_PPC_D_ASM"
CFLAGS_AUTO="${CFLAGS_AUTO# }"
fi
fi

test "$ARCH" = "microblaze" && trycppif __MICROBLAZEEL__ "$t" \
&& SUBARCH=${SUBARCH}el

if test "$ARCH" = "powerpc64" ; then
trycppif "_CALL_ELF == 2" "$t" || fail "$0: error: unsupported powerpc64 ABI"
trycppif __LITTLE_ENDIAN__ "$t" && SUBARCH=${SUBARCH}le
trycppif _SOFT_FLOAT "$t" && fail "$0: error: soft-float not supported on powerpc64"
fi

if test "$ARCH" = "riscv64" ; then
trycppif __riscv_float_abi_soft "$t" && SUBARCH=${SUBARCH}-sf
trycppif __riscv_float_abi_single "$t" && SUBARCH=${SUBARCH}-sp
fi

if test "$ARCH" = "sh" ; then
tryflag CFLAGS_AUTO -Wa,--isa=any
trycppif __BIG_ENDIAN__ "$t" && SUBARCH=${SUBARCH}eb
if trycppif "__SH_FPU_ANY__ || __SH4__" "$t" ; then
# Some sh configurations are broken and replace double with float
# rather than using softfloat when the fpu is present but only
# supports single precision. Reject them.
printf "checking whether compiler's double type is IEEE double... "
echo 'typedef char dblcheck[(int)sizeof(double)-5];' > "$tmpc"
if $CC $CFLAGS_C99FSE $CPPFLAGS $CFLAGS -c -o /dev/null "$tmpc" >/dev/null 2>&1 ; then
printf "yes\n"
else
printf "no\n"
fail "$0: error: compiler's floating point configuration is unsupported"
fi
else
SUBARCH=${SUBARCH}-nofpu
fi
if trycppif __SH_FDPIC__ "$t" ; then
SUBARCH=${SUBARCH}-fdpic
fi
fi

test "$SUBARCH" \
&& printf "configured for %s variant: %s\n" "$ARCH" "$ARCH$SUBARCH"

case "$ARCH$SUBARCH" in
arm) ASMSUBARCH=el ;;
*) ASMSUBARCH=$SUBARCH ;;
esac

#
# Some archs (powerpc) have different possible long double formats
# that the compiler can be configured for. The logic for whether this
# is supported is in bits/float.h; in general, it is not. We need to
# check for mismatches here or code in printf, strotd, and scanf will
# be dangerously incorrect because it depends on (1) the macros being
# correct, and (2) IEEE semantics.
#
printf "checking whether compiler's long double definition matches float.h... "
echo '#include <float.h>' > "$tmpc"
echo '#define C(m,s) (m==LDBL_MANT_DIG && s==sizeof(long double))' >> "$tmpc"
echo 'typedef char ldcheck[(C(53,8)||C(64,12)||C(64,16)||C(113,16))*2-1];' >> "$tmpc"
if $CC $CFLAGS_C99FSE \
  -I$srcdir/arch/$ARCH -I$srcdir/arch/generic -I$srcdir/include \
  $CPPFLAGS $CFLAGS -c -o /dev/null "$tmpc" >/dev/null 2>&1 ; then
printf "yes\n"
else
printf "no\n"
fail "$0: error: unsupported long double type"
fi

#
# Some build systems globally pass in broken CFLAGS like -ffast-math
# for all packages. On recent GCC we can detect this and error out
# early rather than producing a seriously-broken math library.
#
if trycppif "__FAST_MATH__" \
  "$CFLAGS_C99FSE $CPPFLAGS $CFLAGS" ; then
fail "$0: error: compiler has broken floating point; check CFLAGS"
fi

printf "creating config.mak... "

cmdline=$(quote "$0")
for i ; do cmdline="$cmdline $(quote "$i")" ; done

exec 3>&1 1>config.mak


cat << EOF
# This version of config.mak was generated by:
# $cmdline
# Any changes made here will be lost if configure is re-run
AR = ${AR:-\$(CROSS_COMPILE)ar}
RANLIB = ${RANLIB:-\$(CROSS_COMPILE)ranlib}
ARCH = $ARCH
SUBARCH = $SUBARCH
ASMSUBARCH = $ASMSUBARCH
srcdir = $srcdir
prefix = $prefix
exec_prefix = $exec_prefix
bindir = $bindir
libdir = $libdir
includedir = $includedir
syslibdir = $syslibdir
CC = $CC
CFLAGS = $CFLAGS
CFLAGS_AUTO = $CFLAGS_AUTO
CFLAGS_C99FSE = $CFLAGS_C99FSE
CFLAGS_MEMOPS = $CFLAGS_MEMOPS
CFLAGS_NOSSP = $CFLAGS_NOSSP
CPPFLAGS = $CPPFLAGS
LDFLAGS = $LDFLAGS
LDFLAGS_AUTO = $LDFLAGS_AUTO
CROSS_COMPILE = $CROSS_COMPILE
LIBCC = $LIBCC
OPTIMIZE_GLOBS = $OPTIMIZE_GLOBS
ALL_TOOLS = $tools
TOOL_LIBS = $tool_libs
ADD_CFI = $ADD_CFI
MALLOC_DIR = $malloc_dir
EOF
test "x$static" = xno && echo "STATIC_LIBS ="
test "x$shared" = xno && echo "SHARED_LIBS ="
test "x$cc_family" = xgcc && echo 'WRAPCC_GCC = $(CC)'
test "x$cc_family" = xclang && echo 'WRAPCC_CLANG = $(CC)'
test "x$pic_default" = xyes && echo 'AOBJS = $(LOBJS)'
exec 1>&3 3>&-

test "$srcdir" = "." || ln -sf $srcdir/Makefile .

printf "done\n"
**Pls Note: I also had to patch TCC...
https://svnweb.freebsd.org/ports?view=r ... ion=393585
https://repo.or.cz/w/tinycc.git
Last edited by fu11m00nremix on 20 Oct 2020, 06:16, edited 4 times in total.
I receive no compensation and offer only ideas and info to consider... the rest is on you. If you have concerns... then do the right thing and reach out through PM.

User avatar
fu11m00nremix
White ninja
White ninja
Posts: 21
Joined: 08 Oct 2020, 19:49
Distribution: fu11m00nremix

[not4n00bs] a secure "runtime" userland...

Post#3 by fu11m00nremix » 15 Oct 2020, 12:01

The following parameters successfully compiled Musl (using modified source w/ tcc)...
@ https://slackbuilds.org/repository/14.1 ... pment/tcc/

**Pls Note (src2pkg parameters)...
# ===================================================["fullmoonremix"]

# Pls Note: Mileage may vary... so take the following parameters w/ a grain of salt.

# (...package)
PACKAGER="fullmoonremix"
SIG="_tcc4"
QUIET="NO"
PREFIX=/usr
LIBDIR=${PREFIX}/lib64
CREATE_MD5_CHECKSUM="YES"
BIN_COMPRESSOR=upx
COMPRESS_BINS=YES

# (...path)
SOURCES_DIR="$CWD"
PKG_DEST_DIR="$CWD"
LOG_DIR="/tmp/src2pkg/log"
SRC_BUILDS_DIR="/src2pkg/builds/source"
PKG_BUILDS_DIR="/src2pkg/builds/package"

# pls note: you might need to create the,
# following "current directory" subfolders...
BACKUPS_SAVE_DIR="/tmp/src2pkg/save"
PATCHES_DIR="/tmp/src2pkg/patches"
CONFIG_DIR="/tmp/src2pkg/configure"
BACKUP_DIR="/tmp/src2pkg/backup"

# (...autoconf)
AUTO_CONFIG=NATIVE
AUTO_CONFIG_OPTIONS="sysconfdir, bindir, libdir"
AC_DEFAULT_PREFIX=${PREFIX}

# (...compiler)
CC=tcc
ADD_EXPLICIT_HOST=YES
CFLAGS="-O2 -m64 -march=native --build=x86_64-slackware-linux --host=x86_64-slackware-linux"

# (...linker)
LD=tcc
# LDLIBS=-lm
LD_FLAGS="-L${PREFIX}/lib64"
LD_LIBRARY_PATH="${PREFIX}/lib64"

# (...flags)
CC=tcc
CFLAGS="-O3"

# (...install)
INSTALL_TYPE=REAL
# INSTALL_TYPE=JAIL
# INSTALL_TYPE=DESTDIR
INSTALL_LINE="make -i install"

# (...options)
JOBS='-j2'
LINK_LICENSES=YES
COMPRESS_DOCS=YES
DOCLIST=MINIMAL
LOG_COMMANDS=YES
AUTO_DESKTOP=YES
FAIL_ON_BAD_DIRS=YES

# (...optional)
EXTRA_CONFIGS="-sysconfdir=/etc bindir=${PREFIX}/bin libdir=${PREFIX}/lib64 --with-x --x-libraries=${PREFIX}/X11R6/lib64 --x-includes=${PREFIX}/include"
... modified src2pkg (fu11m00nremix)

Code: Select all

# /etc/src2pkg/src2pkg.conf Version 2.9
# This file is part of the src2pkg program:
# src2pkg - Copyright 2005-2013 Gilbert Ashley <amigo@ibilio.org>
# src2pkg is released under the GNU General Public License Version 2

# Only change stuff here that you want to *always* apply.
# Most configuration options are set up with sane defaults
# in the file /usr/libexec/src2pkg/DEFINES.
# This src2pkg.conf file is not required for src2pkg to work
# You can use any src2pkg variable in this file, but it really
# should only be used for options which are non package-specific.
# 
# Individual users can also have their own src2pkg.conf file.
# It should be named .src2pkg.conf and placed in their $HOME directory
# - that is the file should be: ~/.src2pkg.conf
# Since the GLOBAL_CONF file in /etc/src2pkg/src2pkg.conf is read
# afterwards, this gives the system administrator a chance to
# override any risky or unwanted settings by using the proper syntax
# which declares variables unconditionally, like this(without #):
# SRC_BUILDS_DIR="/tmp"  instead of:
# '[[ $SRC_BUILDS_DIR ]] || SRC_BUILDS_DIR="$CWD"'
# SOURCES_DIR=${SOURCES_DIR:-$CWD}

# Signature for line 11 of automatically created slack-desc files
# PACKAGER="src2pkg"
# SIGNATURE="Packaged by $PACKAGER"

# SIG is a suffix to BUILD for 'signing' package names
# [[ $SIG ]] || SIG=""

# Uncomment to turn off color prompting
# COLOR_PROMPT="NO"

# Uncomment to always see all ouput from commands
# QUIET="NO"

# src2pkg defaults to using prefix=/usr, but you can
# uncomment and edit the next line to change this (not recommended)
# [[ $PRE_FIX ]] || PRE_FIX=/usr

# specify the program for downloading files 
# wget, rsync, curl and lynx are supported --wget is used by default
# DOWNLOADER=wget
# specify options to the downloader program (only for wget or aria2c)
# the options shown are the defaults which are used for wget
# DOWNLOADER_OPTIONS="--tries=3 --timeout=15 -O"

# Do not create md5 schecksums by default
# uncomment if you want src2pkg to create md5 checksums for each package
# CREATE_MD5_CHECKSUM="YES"

## Extended database features:
## src2pkg can generate files to include in the package which list the package
## dependencies and/or the list of libraries supplied by the package
## Setting EXTENDED_DATABASE="YES" causes both features to be enabled
## Or, they can be controlled individually
# [[ $EXTENDED_DATABASE ]] || EXTENDED_DATABASE="YES"
# Do not generate a PKG_REQUIRED (slack-required) file by default
# uncomment if you want to create slack-required files in the package
# [[ $ADD_REQUIRED_FILE ]] || ADD_REQUIRED_FILE="YES"
# by default only simple package names are listed in the PKG_REQUIRED file
# [[ $INCLUDE_DEP_VERSIONS ]] || INCLUDE_DEP_VERSIONS="NO"
# by default, the base packages glibc, aaa_elflibs and gcc are left out of  the PKG_REQUIRED file
# [[ $INCLUDE_BASE_LIBS ]] || EXCLUDE_BASE_LIBS=NO

# Do not generate a PKG_PROVIDES (slack-provides) file by default
# uncomment if you want to create slack-provides files in the package
# [[ $ADD_PROVIDES_FILE ]] || ADD_PROVIDES_FILE="YES"
# you can specify the names to use for the 'required' and 'provides' files
# or they will be named 'slack-required' and 'slack-provides' by default
# [[ $PKG_REQUIRED ]] || PKG_REQUIRED='slack-required'
#  [[ $PKG_PROVIDES ]] || PKG_PROVIDES='slack-provides'
# note that the standard Slackware pkgtools does not support these features.
# However, if the files use the default 'slack-*' name this will not cause
# any problems. If you choose another name, installpkg will not remove
# them when the package is installed and will fail to remove the  /install directory
# The 'slack-required' files are used by package managers like slapt-get to
# resolve dependencies when installing packages. The slack-provides
# are only used to provide a complete listing of libraries installed by the package.
# the slack-provides files can only be used with a package installer which
# supports them.

# options for inclusion of src2pkg scripts inside the package
# by default src2pkg build scripts are not included in the package
# if you want them to be included uncomment the next line
# [[ $ADD_SRC2PKG_SCRIPT ]] || ADD_SRC2PKG_SCRIPT="YES"
# The default directory for including src2pkg build scripts if ADD_SRC2PKG_SCRIPT="YES"
# By default the scripts are placed in the same directory with the package documents (DOC_DIR)
# opinions vary greatly as to what is the best place to put them if they are included.
# src2pkg provides a directory structure under /user/src/src2pkg where they can be placed
# To use that location, uncomment the following line or edit to your preference for another location
# [[ $SRC2PKG_SCRIPT_DIR ]] || SRC2PKG_SCRIPT_DIR="/usr/src/src2pkg/scripts"
# Do not use program  version numbers by default when placing scripts somewhere besides DOC_DIR
# uncomment the following line to include the version number
# [[ $USE_VERSION_NUMBERS ]] || USE_VERSION_NUMBERS="YES"
# By default, if src2pkg scripts are stored outside of DOC_DIR, do not link to them in DOC_DIR
# uncomment the following line to have links created
# [[ $LINK_SCRIPT_TO_DOC_DIR ]] || LINK_SCRIPT_TO_DOC_DIR="YES"
# Summary: if you don't want src2pkg scripts included in your packages leave all the above commented out
# If you want to include scripts with the documents, uncomment the ADD_SRC2PKG_SCRIPT="YES" line
# If you want to include scripts but in some other location, uncomment the ADD_SRC2PKG_SCRIPT="YES" line
# and edit the SRC2PKG_SCRIPT_DIR line to suit your preferences. The directory given should be a
# base directory where a directory for each program will exist. By default, each directory will be named
# simply with the program NAME. If you want to include the version number in the directory name
# uncomment the USE_VERSION_NUMBERS="YES" line.
# If you are using any directory other than the DOC_DIR and want links to be created in the DOC_DIR
# to the included src2pkg scripts, uncomment the LINK_SCRIPT_TO_DOC_DIR="YES" line

# compatibility options
# src2pkg normally does quite a few checks and corrections to make sure that
# documents, man-pages, info pages and other files are in the 'proper' location
# according to the standard Slackware directory layout. The variable FHS_POLICY
# allows this to be changed or limited. The default setting is FHS_POLICY=SLACK
# setting this to FHS_POLICY=LSB allows for lsb-compliant locations for docs,
# man-pages and info pages. Setting this to FHS_POLICY=NONE allows for
# all files in a package to be located under a single directory. Do not change this
# option unless you have a very good reason and have studied what it does.
# [[ $FHS_POLICY  ]] || FHS_POLICY=SLACK

# PKG_FORMAT
# src2pkg can create packages using bzip2 or lzma instead of gzip. These packages
# are not compatible with standard Slackware pkgtools, but can be installed using
# the tukaani pkgtools or other installers which support them. This defaults to
# the normal 'tgz' packages, or can be set to 'tbz' for bzip2 or 'tlz' for lzma
# [[ $PKG_FORMAT ]] || PKG_FORMAT="tgz"

# COMPRESS_BINS 
# src2pkg can automatically compress binaries  in the package, using upx, upx-ucl or exepak, if
# available on your system. This can save a lot of space in your packages and on your hard-drive.
# It may  occasionally cause problems, but most binary executables work fine compressed. You need 
# to have upx-ucl,upx or exepak  installed on your system for this to work -src2pkg does not supply them.
# BIN_COMPRESSOR
# You can choose which compressor to ues. The default is to use upx-ucl since it is open source.
# uncomment the following line to use upx (or edit to use some other program like exepak)
# [[ $BIN_COMPRESSOR ]] || BIN_COMPRESSOR=upx
# You can set the options to upx/upx-ucl here. Possible options include -1 to -9, --best, --brute, --ultra-brute
# The default is '--brute' which seems to be the fastest way to achieve the best compression
# [[ $BIN_COMPRESSOR_OPTIONS ]] || BIN_COMPRESSOR_OPTIONS="--brute"
# If you use 'exepak' as the BIN_COMPRESSOR, the only option is '-b#', where # is the block size.
# src2pkg will not attempt to compress files smaller than the COMPRESSION_SIZE_LIMIT
# the default size limit is 50K. Files smaller than ~50K may be *larger* after compression. exepak
# doesn't compress programs as well as either upx or upx-ucl, but works with files down to 5K.
# [[ $COMPRESSION_SIZE_LIMIT ]] || COMPRESSION_SIZE_LIMIT=50
# Uncomment the following line to have binaries compressed
# [[ $COMPRESS_BINS ]] || COMPRESS_BINS=YES
# Be sure to test compressed programs to be sure they work!

# Preferred type of installation -this allows you to set the default method to use
# for creating package content. The JAIL installation method uses
# the libsentry libraries to install files directly into the PKG_DIR in much
# the same was as using the DESTDIR variable -except that this method can
# be used with Makefiles that don't support the DESTDIR variable. You can also
# set this to REAL to  use the method that used to be the src2pkg default.
# Using REAL lets the 'make install' command write files directly to your
# real root '/' directory. But files which are about to be overwritten are backed up
# first and then restored before package creation is finished.
# Using DESTDIR is familiar to and trusted by many people. If you choose this
# method and it is not supported by the Makefile(s) for a package you are building,
# src2pkg will revert to using the JAIL method.
# Using the DESTDIR or JAIL method and building packages while logged in
# a normal user is probably the safest way to make packages. 
# The REAL method can only be used while logged in as root, but it is the most 
# precise -that is it is the most likely to install all the files that are supposed to be
# installed and in the right place. Use it when you are having problems with the
# other two methods. Some packages can only be built correctly by using the -REAL
# option. When possible, avoid using this option to build packages of software which
# is already installed to your system. The backup feature works very well with real
# directories and files, but may not correctly backup some links.
#  [[ $INSTALL_TYPE ]] || INSTALL_TYPE=JAIL

## Options for interactivity
# QUERY_FOR_EXTRA_CONFIGS lets you configure sources interactively
# by first running './configure --help' to let you see available options and then
# waiting for input from the user which will be set in the EXTRA_CONFIGS variable
# uncomment the following line for interactive mode
# QUERY_FOR_EXTRA_CONFIGS=YES
# CONFIRM_BUILD lets you pause after configuring the sources to confirm whether
# you want to continue by compiling the sources and creating the package
# CONFIRM_BUILD=YES
# QUERY_FOR _PKG_DESC lets you pause to add a package description whenever
# a default slack-desc (PKG_DESC) is being created
# QUERY_FOR_PKG_DESC=YES
# You can set the above three options individually by uncommenting the line or lines you want
# or use all the interactive features together by uncommenting the line below:
# INTERACTIVE_MODE="ALL"

## Working Directories
# The default settings for these are like for Slackware SlackBuilds:
#
# The tarball, or link to it, is in the current directory 
# SOURCES_DIR="$CWD"
# Sources are unpacked and built in /tmp
# SRC_BUILDS_DIR="/tmp"
# The package build tree is also in /tmp
# PKG_BUILDS_DIR="/tmp"
# Finished packages are left in /tmp
# PKG_DEST_DIR="/tmp"
#
# libsentry needs a directory to backup overwritten files:
# BACKUP_DIR=/tmp
# If you keep backup archives they will saved to this directory:
# BACKUPS_SAVE_DIR=/tmp

# You can create a separate directory for each package
# and then do everything in the current directory:
# This is the way that I use src2pkg so that I can
# easily see both the compiled sources directory
# and the uncompressed package tree.
# [[ $SOURCES_DIR ]] || SOURCES_DIR="$CWD"
# [[ $SRC_BUILDS_DIR ]] || SRC_BUILDS_DIR="$CWD"
# [[ $PKG_BUILDS_DIR ]] || PKG_BUILDS_DIR="$CWD"
# [[ $PKG_DEST_DIR ]] || PKG_DEST_DIR="$CWD"
# [[ $BACKUP_DIR ]] || BACKUP_DIR="$CWD"
#
# You can also set it up like rpm does and use the build area
# in /usr/src/src2pkg. There are subdirectories with the names
# 'packages', 'sources' and 'scripts'. You can place all source
# archives in the 'sources' directory. Then for each package
# you want to build, create a new directory under the 'scripts'
# directory. And you can have all the finished packages placed
# in the 'packages directory. If plan to build packages as a normal
# user you'll have to make sure that user has permission to
# read and write to all these directories. Then you can set up the
# directory variables like this:
# [[ $SOURCES_DIR ]] || SOURCES_DIR="/usr/src/src2pkg/sources"
# [[ $SRC_BUILDS_DIR ]] || SRC_BUILDS_DIR="/tmp"
# [[ $PKG_BUILDS_DIR ]] || PKG_BUILDS_DIR="/tmp"
# [[ $PKG_DEST_DIR ]] || PKG_DEST_DIR="/usr/src/scr2pkg/packages"
# [[ $BACKUP_DIR ]] || BACKUP_DIR="$CWD"
# PATCHES_DIR - You can put patches in a common dir
# [[ $PATCHES_DIR ]] || PATCHES_DIR="$CWD"

# If you are using some architecture besides ix86, you may want to
# change the defaults for these. See the DEFINES file for more
# info on how these are set by src2pkg
# [[ $STD_CONFIGS  ]]  ||  STD_CONFIGS=
# [[ $STD_FLAGS ]] || STD_FLAGS=
# This is a better place to put extra compiler flags -for example '-pipe'
# [[ $EXTRA_FLAGS ]] || EXTRA_FLAGS="-pipe"
# Here's an example for building really small binaries
# [[ $EXTRA_FLAGS ]] || EXTRA_FLAGS="-pipe -momit-leaf-frame-pointer -fomit-frame-pointer -fmerge-all-constants -mpreferred-stack-boundary=2"
# You can use EXTRA_LDFLAGS to pass extra options to the linker
# This example helps keep binaries smaller
# [[ $EXTRA_LDFLAGS ]] || EXTRA_LDFLAGS="-relax,--sort-common,--no-keep-memory"

# DEFAULT_CONFIG_COMMAND
# you may wish to use something else like 'linux32 ./configure'
# [[ $DEFAULT_CONFIG_COMMAND ]] || DEFAULT_CONFIG_COMMAND='./configure'

# DEFAULT_ MAKE_COMMAND
# you may wish to use something else like 'remake', 'pmake'
# [[ $DEFAULT_MAKE_COMMAND ]] || DEFAULT_MAKE_COMMAND='make'
# JOBS  (MAKE_COMMAND)
# the default number of concurrent jobs to use with the make command
# This is blank by default. If you have a fast processor set it to '-j3' or more
# [[ $JOBS ]] || JOBS='-j3'

## User and user conf file authorizations
## To use the following authorization options, the system administrator must
# create a new group called 'src2pkg'. Adding a normal user to the group
# then allows them to use src2pkg and/or personal src2pkg.conf files in their HOME.
# AUTHORIZE_USERS="YES" only allows users in the src2pkg group to run src2pkg
# AUTHORIZE_USER_CONF="YES" only disallows the use of personal conf files
# for users who are not in the src2pkg group.
# uncomment the following line to enable authorization of users
# AUTHORIZE_USERS="YES"
# uncomment the following line to enable authorization of personal conf files
# AUTHORIZE_USER_CONF="YES"
## Both of the options are off (set to NO) by default.

## ALLOW_USER_EXTENSIONS
## this option allows users to extend the src2pkg functions by adding code to
# files in their $HOME/.src2pkg/extensions directory. The default setting  
# for this setting is NO. Uncomment the following line to allow extensions
# ALLOW_USER_EXTENSIONS="YES"

## AUTO_CONFIG
## src2pkg can search for options to the configure script and add them automatically
# The option AUTO_CONFIG can be set to either FOREIGN or NATIVE
# If set to FOREIGN, then src2pkg will try to retrieve options from any RPM *.spec file
# or debian/rules file which is found in the sources
# If AUTO_CONFIG is set to NATIVE, then src2pkg checks the configure script located
# in the sources and adds some valid options among those found there.
# Otherwise, src2pkg skips AUTO_CONFIG
# AUTO_CONFIG=FOREIGN
## AUTO_CONFIG_OPTIONS
## When using AUTO_CONFIG=NATIVE, src2pkg will search the configure script for
# a list of possible configure options. You can se the list of options that it should search for.
# The default list is very short: AUTO_CONFIG_OPTIONS="sysconfdir localstatedir"
# This is because many of these options will not always be the same from one package
# to the next. Also, setting these when not really needed can make your scripts less
# portable to other platforms or FHS policy standards. The two defaults listed above are
# the ones that most commonly cause problems if not set. Another pretty safe one is datadir
# You might also set: docdir, infodir and mandir, but this will make your scripts less portable
# by hard-coding these into the script, and these can all be handled automatically anway
# by setting FHS_POLICY. Here's a full list of the options which can be searched for:
# bindir, sbindir, libexecdir, sysconfdir. sharedstatedir, localstatedir, libdir,
# includedir,  oldincludedir, datarootdir, datadir, infodir, localedir, mandir,
# docdir, htmldir, dvidir. pdfdir, psidir, gamesbindir, gamesdatadir
# The default values for these are set in 01-pre_process according to your choice
# of FHS_POLICY. Though they can also be set manually inside your scripts
# you'll find it much easier to just set them using EXTRA_CONFIGS or the '-e=??' option
#AUTO_CONFIG_OPTIONS="sysconfdir localstatedir"

## LINK_LICENSES
# Setting this to YES causes src2pkg to create a link to common licenses like GPL or LGPL
# src2pkg looks through the document directory to locate copies of the GPL, LGPL and Artistic license
# It then identifies the version of the license and moves it into a common-license directory and
# creates a link to it from the regular document directory. This doesn't make the package any
# smaller, but saves space on the disk being installed to. Saves a few MB on most systems.
# Uncomment and set to YES to have the licenses linked in your packages.
# LINK_LICENSES=NO

## COMPRESS_DOCS
# If you want to have the package documents compressed, uncomment this and set this to YES
# Note that if you used LINK_LICENSES above, the link will remain apart from the docs archive.
# COMPRESS_DOCS=NO
## DOC_COMPRESSOR
# Specify which compression method to use for compressing docs: gzip, bzip2 or lzma (default gzip)
# DOC_COMPRESSOR=gzip
## DOCLIST
# Setting DOCLIST=MINIMAL will cause only a small subset of the possible documents
# DOCLIST=MINIMAL 

# DESC_WRAP_LENGTH
# this variable tells text_wrapper how characters to use for each line
# in the PKG_DESC files created -normal range is 70-80. Default is 80
# [[ $DESC_WRAP_LENGTH ]] || DESC_WRAP_LENGTH=70
# [[ $HANDY_RULER_TEXT ]] || HANDY_RULER_TEXT="Use this guide to format your text with"
# this variable tells the text wrapper how many lines to pad the PKG_DESC file.

## DESC_MAX_LINES
# PKG_DESC files can have from 9 to 13 lines with the default being 11 lines
# You can set this to any value from 9-13
# [[ $DESC_MAX_LINES ]] || DESC_MAX_LINES=11

## EXIT_ON_PATCH_FAILURE
## By default, src2pkg only warns you when patching fails.
## If you want src2pkg to exit when patches fail, uncomment the following line
# [[ $EXIT_ON_PATCH_FAILURE ]] || EXIT_ON_PATCH_FAILURE="YES"

## LOG_COMMANDS
## If you don't want src2pkg to keep logs of the output from the 'configure',
## 'make'  and 'make install' commands uncomment the following line
# [[ $LOG_COMMANDS ]] || LOG_COMMANDS="NO"

# By default, logs are written to the $OBJ_DIR. You can change the default here, but you can only use
# $CWD or an absolute path
# [[ $LOG_DIR ]] || LOG_DIR="$CWD"

## AUTO_DESKTOP
## Setting this to YES makes src2pkg try to create a *.desktop menu file when applicable.
# [[ $AUTO_DESKTOP  ]] || AUTO_DESKTOP=YES

## AUDIO_NOTIFICATION
## Now a little fun -src2pkg can notify you when a build is succesful or has failed
## There are three modes: BEEP, PLAY and SAY. In 'beep' mode, src2pkg plays a beep sound
## on the PC speaker. In 'play' mode, a recorded sound is played. In 'say' mode, src2pkg
## uses flite or festival to speak a sentence. Notification takes place when a build has finished
## successfully, when the build has failed or when the build is cancelled.
## Various sounds are provided in /usr/share/src2pkg/sounds. See the README file there
## if you want to change which sound is played for each event.
## AUDIO_NOTIFICATION is off by default.
# AUDIO_NOTIFICATION=SAY

## TTS_ENGINE
## If using AUDIO_NOTIFICATION=SAY,
## you can specify which Text-To-Speech engine to use. 
## 'flite' and 'festival' are supported. Defaults to 'flite'.
# TTS_ENGINE="flite"

######################################################################################
## HOST_OS,  BUILD_OS and TARGET_OS
## You can set these individually or all three will be set automatically set
## The default value is the same as the output from the command 'gcc -dumpmachine'
## That means they will match the native 'target' of the gcc compiler being used.
## If you are using src2pkg to cross-compile programs, you may need to set
## each of these variables to the appropriate values. These variables are not used
## unless you uncomment one of the options below: ADD_EXPLICIT_HOST or ADD_HOST

## ADD_EXPLICIT_HOST
## Set this to YES to have the explicit BUILD_OS HOST_OS and TARGET_OS 
## added to the configuration options where applicable. Using this option means that
## the options are passed to the configure script explicitly as seen below:
## CFLAGS=-O2 -march=i486 -mtune=i686 ./configure --prefix=/usr --build=i486-slackware-linux --host=i486-slackware-linux
## Normally the --target=?? option does not apply so don't expect to always see it.
# ADD_EXPLICIT_HOST=YES

## ADD_HOST
## Set this to YES to have the HOST_OS added to the configuration options
## This is the simple way to add the HOST to the configure options. Using this option
## adds the HOST_OS string at the end of the configure options. Here's an example
## of the optioons to configure that you'd see using this option:
## CFLAGS=-O2 -march=i486 -mtune=i686 ./configure --prefix=/usr i486-slackware-linux
## This is the syntax seen in most Slackbuild scripts, and unless you are cross-compiling
## you should never need to use any other settings beside setting this to YES:
# ADD_HOST=YES

## Adding the HOST string to the configure options is standard practice for most
## SlackBuild scripts, but is rarely needed and only in a few cases will it
## have any effect on the compiled program. Programs like 'bash', the Xorg server
## browser or email clients pick up the HOST information and include it in the
## text which is printed out when running the program with the --version option
## or may be displayed when the program is started.
## The inclusion of these variables is kept separate from the normal configuration
## options to make your src2pkg scripts more portable. These variables and
## their values do not get written into any generated src2pkg scripts. Instead,
## these values are treated as 'transient' values which depend on which machine
## they are being run on. Including them in the src2pkg build scripts would
## mean that the script would have to be edited to use on another architecture.
## For that reason, I discourage you from manually adding these options
## to the EXTRA_CONFIGS variable.
######################################################################################

# UNIONFS_TYPE
# You only need to set this if you use the -UNION (INSTALL_TYPE=UNION)  option
# By default, src2pkg will use unionfs-fuse. If you'd rather use the unionfs kernel
# module, uncomment the following line
# [[ $UNIONFS_TYPE ]] || UNIONFS_TYPE=unionfs

## COMPAT_NAME_SUFFIX
# If building on a 64-bit multilib system, 32-bit compatibility packages should have
# a unique name to avoid name conflicts with the normal packages. On Slackware,
# the 32-bit compatibility packages add -compat32 to the name. On Slamd64, it's '32'
# Uncomment and edit the following line to use anything other than '-compat32'
# [[ $COMPAT_NAME_SUFFIX ]] || COMPAT_NAME_SUFFIX='-compat32'

## COMPAT_NAME_PREFIX
# Similarly, some multi-lib systems may name 32-bit packages using a prefix to the name
# [[ $COMPAT_NAME_PREFIX ]] || COMPAT_NAME_PREFIX='ia32-'

## FAIL_ON_BAD_DIRS
# If a build installs 'incorrect' or potentially dangerous directories, src2pkg will, by default
# abort the package build. Uncomment the following line to allow builds to continue anyway.
# [[ $FAIL_ON_BAD_DIRS ]] || FAIL_ON_BAD_DIRS=NO

### Settings for creating debian *.deb packages
## DEB_COMPAT
# set the binary compat level for debian packages( defaults to 2.0)
# DEB_COMPAT=2.0

## PKG_COMPRESSOR
# Set the compressor to use for data.tar (defaults to gzip)
# Possible choices: gzip, bzip2, lzma, xz
# PKG_COMPRESSOR=gzip

## EXTRA_CMAKE_OPTIONS
# Set any extra options to be used by cmake -excluding CMAKE_INSTALL_PREFIX, DLIB_SUFFIX
# SYSCONF_INSTALL_DIR and LOCALSTATE_INSTALL_DIR
# the defult setting for this is: "-DCMAKE_BUILD_TYPE=Release"
# [[ $EXTRA_CMAKE_OPTIONS ]] || EXTRA_CMAKE_OPTIONS="-DCMAKE_BUILD_TYPE=Release"

## EXIT_ON_CHECK_FAILURE
# Uncomment if you want builds to abort when 'make check' (or TEST_COMMAND) fails
# [[ $EXIT_ON_CHECK_FAILURE ]] || EXIT_ON_CHECK_FAILURE="YES"

## DOC_SPLIT_SIZE
# When using SPLIT_PACKAGE, only create a 'NAME-docs' package if the documents contents
# are above this limit. The total size of documents in the package is calculated from the sizes of
# DOC_DIR, MAN_DIR, INFO_DIR and PKG_DIR/usr/share/gtk-doc.
# The figure you give here should be how many KB (kilobytes) to set the limit to.
# [[ $DOC_SPLIT_SIZE ]] || DOC_SPLIT_SIZE=100

# MOVE_LIBTOOL_FILES
# If you want to preserve libtool *.la files, but not have copies
# left in a split binary package, then uncomment this
# [[ $MOVE_LIBTOOL_FILES ]] || MOVE_LIBTOOL_FILES="YES"

# PKG_EXCLUDES
# PKG_EXCLUDES lets you 'blacklist' certain files or directories from a package
# If you want to always check packages for certain items and remove them,
# then uncomment and edit the following line:
# ! [[ $PKG_EXCLUDES ]] && PKG_EXCLUDES=/dev,/proc,/sys
# A more aggressive example might include: /dev,/proc,/sys,/tmp,/var/tmp,/initrd
# Otherwise, you can use PKG_EXCLUDES as an environmental variable or place it in a *.src2pkg build script

# ===================================================["fullmoonremix"]

# Pls Note:  Mileage may vary... so take the following parameters w/ a grain of salt.

# (...package)
PACKAGER="fullmoonremix"
SIG="_tcc4"
QUIET="NO"
PREFIX=/usr
LIBDIR=${PREFIX}/lib64
CREATE_MD5_CHECKSUM="YES"
BIN_COMPRESSOR=upx
COMPRESS_BINS=YES

# (...path)
SOURCES_DIR="$CWD"
PKG_DEST_DIR="$CWD"
LOG_DIR="/tmp/src2pkg/log"
SRC_BUILDS_DIR="/src2pkg/builds/source"
PKG_BUILDS_DIR="/src2pkg/builds/package"

# pls note: you might need to create the, 
# following "current directory" subfolders...
BACKUPS_SAVE_DIR="/tmp/src2pkg/save"
PATCHES_DIR="/tmp/src2pkg/patches"
CONFIG_DIR="/tmp/src2pkg/configure"
BACKUP_DIR="/tmp/src2pkg/backup"

# (...autoconf)
AUTO_CONFIG=NATIVE
AUTO_CONFIG_OPTIONS="sysconfdir, bindir, libdir"
AC_DEFAULT_PREFIX=${PREFIX}

# (...compiler)
CC=tcc
ADD_EXPLICIT_HOST=YES
CFLAGS="-O2 -m64 -march=native --build=x86_64-slackware-linux --host=x86_64-slackware-linux" 

# (...linker)
LD=tcc
# LDLIBS=-lm
LD_FLAGS="-L${PREFIX}/lib64"
LD_LIBRARY_PATH="${PREFIX}/lib64"

# (...flags)
CC=tcc
CFLAGS="-O3" 

# (...install)
INSTALL_TYPE=REAL
# INSTALL_TYPE=JAIL
# INSTALL_TYPE=DESTDIR
INSTALL_LINE="make -i install"

# (...options)
JOBS='-j2'
LINK_LICENSES=YES
COMPRESS_DOCS=YES
DOCLIST=MINIMAL 
LOG_COMMANDS=YES
AUTO_DESKTOP=YES
FAIL_ON_BAD_DIRS=YES

# (...optional)
EXTRA_CONFIGS="-sysconfdir=/etc bindir=${PREFIX}/bin libdir=${PREFIX}/lib64 --with-x --x-libraries=${PREFIX}/X11R6/lib64 --x-includes=${PREFIX}/include"
Last edited by fu11m00nremix on 20 Oct 2020, 04:06, edited 5 times in total.
I receive no compensation and offer only ideas and info to consider... the rest is on you. If you have concerns... then do the right thing and reach out through PM.

User avatar
fanthom
Site Admin
Site Admin
Posts: 5318
Joined: 28 Dec 2010, 02:42
Distribution: Porteus Kiosk
Location: Poland
Contact:

[not4n00bs] a secure userland...

Post#4 by fanthom » 17 Oct 2020, 10:55

Hello fu11m00nremix,

I guess Porteus Desktop (and Kiosk as well) will never switch to the musl library.

Desktop oriented linux (as the name implies) is tailored to a casual users. Casual users care about the software availability in the first place.
Casual users are not interested in hardened setups as they would not be able to run Skype, Flash, TeamViewer, Citrix Receiver and pretty much every other proprietary code on such system. Some opensource packages require functions which are present in glibc and are stripped from musl (they are incompatible as well).

Musl library fits less for a desktop class system.

So maybe Porteus is an incorrect base for your project?

I understand you are here to seek a help to build your own distro based on Porteus and musl?
Did you ever consider switching to security oriented distros like e.g. Alpine Linux?
I think Alpine uses musl by default.

I'm worried you will never receive a help from other Porteus users in reaching your goal (whatever it is).
Not because they are unkind, they are simply not interested in these topics and do not benefit from them.

I think you are targeting an incorrect audience by posting on this forum ...
Please add [Solved] to your thread title if the solution was found.

User avatar
fu11m00nremix
White ninja
White ninja
Posts: 21
Joined: 08 Oct 2020, 19:49
Distribution: fu11m00nremix

[not4n00bs] a secure "runtime" userland...

Post#5 by fu11m00nremix » 18 Oct 2020, 18:27

Hi...

I believe Porteus "official" (my focus is... derivatives) should follow the roadmap of it's project maintainers.

However... the beauty which is @ the core of the "bazaar" (Linux) as opposed to the
"cathedral" (BSD) is that innovation can come from the bottom of the food chain.

Hmmm... hardening. Well... it could be that hardening can mean many things.
In the wrong hands... it can break stuff in the right hands it can fix stuff.

In my understanding... hardening is only as good as one's skill set.

Musl is more standards compliant and secure than glibc.
Unfortunately... so much of the GNU (GCC) userland is built on glibc.

Based on his interviews... Linus Tovalds sees that lack of adoption is what makes projects like Musl marginal regardless of it's merits.
Last edited by fu11m00nremix on 22 Oct 2020, 10:13, edited 5 times in total.
I receive no compensation and offer only ideas and info to consider... the rest is on you. If you have concerns... then do the right thing and reach out through PM.

User avatar
fanthom
Site Admin
Site Admin
Posts: 5318
Joined: 28 Dec 2010, 02:42
Distribution: Porteus Kiosk
Location: Poland
Contact:

[not4n00bs] a secure userland...

Post#6 by fanthom » 18 Oct 2020, 21:21

Musl will never be accepted in Slackware and Porteus for the reasons i have explained above (incompatibly with other software).
If you are trying to convince us that its better for this project than glibc then I can assure you it wont happen.

What is your goal by posting here? Do you seek help with creating a Porteus musl derivative or .... ?
Please add [Solved] to your thread title if the solution was found.

User avatar
fu11m00nremix
White ninja
White ninja
Posts: 21
Joined: 08 Oct 2020, 19:49
Distribution: fu11m00nremix

[not4n00bs] a secure "runtime" userland...

Post#7 by fu11m00nremix » 18 Oct 2020, 22:25

Ok... that is what I just said.

Yes... a project should always follow it's roadmap.

And yes... Musl is not compatible with projects that are not interested in changing their roadmap to it.
I believe Musl is only useful for those interested in using it. And like any project... it has pro's and cons.

This thread is posted using Musl with a Porteus derivative that I have used for years with no problems.

It works for me but for others mileage my vary. So as in all things... I only speak for myself.
Musl's merit ultimately is determined by whether it produces the desired result for the person using it.

When I compile I turn Musl off because it is not compatible with GCC or Tiny C Compiler (or... PCC?).

In my viewpoint (and not @ the expense of any other)...
Musl's optimal application is @ runtime in a "GNU" (GCC) userland.

Alpine Linux is problematic because it's Musl compilation truncates it's repo.
And as Tovalds implied in some interviews... a system is only as good as the size of it's repo.

And this remains true no matter how good (or bad?) the system is.
So consequentially... popularity (Ubuntu?) is King.

This why Adelie and Void Linux made the compromise of a
glibc userland running on Musl instead of compiled with it.

Then you get the best of both worlds.

My post signature indicates that my interest is to share info to consider
with those who choose to explore it's merits (or lack thereof).

That pretty much sums up my primary focus.

I am more or less... posting a tutorial on how to do something. In my
understanding I don't see myself as making a request for how to do something.


I personally see hardening as a... tactic.

In the wrong hands... the result will be incompatibility (and vulnerability).
In the right hands... the result will be compatibility (and reduced attack vector).

If hardening is done right... it operates like a daemon in the background.
Which means the only one that should be aware of what is "under the hood" is the... mechanic.

So with that said the primary goal should be that "hardening" be...
non-intrusive to the end user but very punitive to the perpetrator.

Example given...

I change port 22 to make it appear closed (aka... Security through obscurity ).

It might not be "better" than the alternative but it could be an alternative in a toolbox of tactics.
So I really don't see Musl as being "better" than glibc... I see it as a tactic.

For me, Musl is just simply... the "right tool for the right job"
(aka... Unix philosophy: Do One Thing and Do It Well ).

With that said... if Musl is a hammer that does not mean everything is a nail..

I also believe that... Porteus has been an ideal base for the derivative (I made long ago)
that I created for my use case as an alternative to the default.

More or less from my perspective... I don't really see myself as targeting an audience.

I imagine that what I'm doing is... sharing my findings with those that might
find them useful to one degree or another (if @ all... I haven't taken a poll).

When I do look for help (for the last 20yrs) what works best for me...
has been mostly FAQs... blogs and tutorials (or developer lecture videos).

That makes for a long learning curve but... I think it's more proactive than (what I see as) being a beggar seeking to be worthy of pity.
I say this because the years I wasted panhandling could have been better spent... analyzing the rules so I could break them (hacking).

Thereby... surpassing those who would dismissively patronize me or stroke their egos (and amuse themselves) with my ignorance.

This is what I have ultimately concluded in my post Windoze years spent in the GNU+Linux ecosystem.
But in fairness... the exception to that critique have been developers like Gilbert Ashley (src2pkg) and Bill Spitzak ( FLTK ).

I owe them a debt I can never repay for their mentoring.
Last edited by fu11m00nremix on 22 Oct 2020, 19:09, edited 81 times in total.
I receive no compensation and offer only ideas and info to consider... the rest is on you. If you have concerns... then do the right thing and reach out through PM.

User avatar
fanthom
Site Admin
Site Admin
Posts: 5318
Joined: 28 Dec 2010, 02:42
Distribution: Porteus Kiosk
Location: Poland
Contact:

[not4n00bs] a secure userland...

Post#8 by fanthom » 19 Oct 2020, 07:30

OK - clear.

Any chance you could share your derivative in the "Porteus Derivatives" section of the forum?
This way the users (including myself) could try it and see the benefits it brings.

Thanks
Please add [Solved] to your thread title if the solution was found.

User avatar
fu11m00nremix
White ninja
White ninja
Posts: 21
Joined: 08 Oct 2020, 19:49
Distribution: fu11m00nremix

[not4n00bs] a secure "runtime" userland...

Post#9 by fu11m00nremix » 19 Oct 2020, 09:33

Ok done.

However... it's not production and I don't prefer half-baked.
But, I am also aware of the pitfall of "perfection" (..."perfect" is the enemy of "practical".)

So I will try to avoid "perfect" to speed things up.
I believe I should have it ready in short order.

Pls Note... I do my derivatives always as remasters (preconfiguration) because I like things set in stone (it keeps things lean).

So moving forward... I just have to attend to some real life commitments first.

I should have it ready by early November. I'm just waiting for equipment.

In any case... it sounds like a plan.

Cheers.

PS: Question... why did you choose Gentoo as a base? What is the advantage? In what way could it benefit me?

I've always compiled source using depfinder (mitigates... Dependency hell ) and src2pkg (Slackware toolchain).
If Gentoo had equivalents I could see myself doing a Gentoo build.

I have not spoken to the creator of src2pkg (Gilbert Ashley) in years.
That notwithstanding... I doubt if I could interest him in coding a Gentoo version.
I receive no compensation and offer only ideas and info to consider... the rest is on you. If you have concerns... then do the right thing and reach out through PM.

Post Reply