Linux From Scratch(Redirected from Hardened Linux From Scratch)
This article relies too much on references to primary sources. (October 2013) (Learn how and when to remove this template message)
Linux From Scratch (LFS) is a type of a Linux installation and the name of a book written by Gerard Beekmans, and currently mainly maintained by Bruce Dubbs. The book gives readers instructions on how to build a Linux system from source. The book is available freely from the Linux From Scratch site.
|Developer||Gerard Beekmans et al.|
|Source model||Open source|
|Initial release||December 1999|
|Latest release||8.3 / 1 September 2018|
|Package manager||None (source-based)|
|Default user interface||Bash|
|License||Creative Commons licenses and MIT License|
Projects under LFSEdit
Linux From Scratch is a way to install a working Linux system by building all components of it manually. This is, naturally, a longer process than installing a pre-compiled Linux distribution. According to the Linux From Scratch site, the advantages to this method are a compact, flexible and secure system and a greater understanding of the internal workings of the Linux-based operating systems.
To keep LFS small and focused, the book Beyond Linux From Scratch (BLFS) was created, which presents instructions on how to further develop the basic Linux system that was created in LFS. It introduces and guides the reader through additions to the system including networking, X, sound, printer and scanner support. Since Release 5.0, the BLFS book version matches the LFS book version.
The book Cross Linux from Scratch (CLFS) focuses on cross compiling, including compiling for headless or embedded systems that can run Linux, but lack the resources needed to compile Linux. CLFS supports a broad range of processors and addresses advanced techniques not included in the LFS book such as cross-build toolchains, multilibrary support (32 & 64-bit libraries side-by-side), and alternative instruction set architectures such as Itanium, SPARC, MIPS, and Alpha.
The book Hardened Linux From Scratch (HLFS) focuses on security enhancements such as hardened kernel patches, mandatory access control policies, stack-smashing protection, and address space layout randomization. Besides its main purpose of creating a security-focused operating system, HLFS has the secondary goal of being a security teaching tool.
Automated Linux From Scratch (ALFS) is a project designed to automate the process of creating an LFS system. It is aimed at users who have gone through the LFS and BLFS books several times and wish to reduce the amount of work involved. A secondary goal is to act as a test of the LFS and BLFS books by directly extracting and running instructions from the XML sources of the LFS and BLFS books.
Requirements and procedureEdit
A clean partition and a working Linux system with a compiler and some essential software libraries are required to build LFS. Instead of installing from an existing Linux system, one can also use a Live CD to build an LFS system.
The project formerly maintained the Linux From Scratch Live CD. LFS Live CD contains all the source packages (in the full version of the Live CD only), the LFS book, automated building tools and (except for the minimal Live CD version) an Xfce GUI environment to work in. The official LFS Live CD is no longer maintained, and cannot be used to build the LFS version7 or later. There are, however, two unofficial builds that can be used to build a 32-bit or 64-bit kernel and userspace respectively for LFS 7.x.
First, a toolchain must be compiled consisting of the tools used to compile LFS, like GCC, glibc, binutils and other necessary utilities. Then, the root directory must be changed, (using chroot), to the toolchain's partition to start building the final system. One of the first packages to compile is glibc; after that, the toolchain's linker must be adjusted to link against the newly built glibc, so that all other packages that will make up the finished system can be linked against it as well. During the chroot phase, bash's hashing feature is turned off and the temporary toolchain's bin directory moved to the end of PATH. This way the newly compiled programs come first in PATH and the new system builds on its own new components.
List of packages in LFS version 8.3Edit
|Acl||An access control list (ACL), with respect to a computer file system, is a list of permissions attached to an object.||GNU GPL||2.2.53|
|Attr||Commands for Manipulating Filesystem Extended Attributes.||GNU GPL||2.4.48|
|Autoconf||Tool for producing configure scripts for C, C++, Fortran, Fortran 77, Erlang, Objective-C software on Unix-like computer systems.||GNU GPL||2.69|
|Automake||A programming tool that produces portable makefiles for use by the make program, used in compiling software.||GNU GPL||1.16.1|
|Bash||A free software Unix shell written for the GNU Project||GNU GPL||4.4.18|
|Binutils||A collection of programming tools for the manipulation of object code in various object file formats.||GNU GPL||2.31.1|
|Bison||A parser generator that is part of the GNU Project. Bison converts a grammar description for a context-free grammar into source code for a C, C++ or Java parser.||GNU GPL||3.0.5|
|Bzip2||A free and open source lossless data compression algorithm and program developed by Julian Seward.||GNU GPL||1.0.6|
|Check||A a unit testing framework for C.||GNU GPL||0.12.0|
|Coreutils||A package of GNU software containing many of the basic tools, such as cat, ls, and rm, needed for Unix-like operating systems.||GNU GPL||8.30|
|DejaGNU||A framework for testing other programs. It has a main script called runtest that goes through a directory looking at configuration files and then runs some tests with given criteria.||GNU GPL||1.6.1|
|Diffutils||A data comparison utility that outputs the differences between two files.||GNU GPL||3.6|
|Eudev||A a fork of udev in order to avoid dependency on the systemd architecture. The resulting fork is called eudev and it makes udev functionality available without systemd.||GNU GPL||3.2.5|
|E2fsprogs||e2fsprogs (sometimes called the e2fs programs) is a set of utilities for maintaining the ext2, ext3 and ext4 file systems.||GNU GPL||1.44.3|
|Elfutils||A collection of utilities and libraries to read, create and modify ELF binary files.||GNU GPL and GNU LGPL||0.173|
|Expat||A stream-oriented XML 1.0 parser library, written in C.||MIT License||2.2.6|
|Expect||Expect is a Unix automation and testing tool as an extension to the Tcl scripting language, for interactive applications such as telnet, ftp, passwd, fsck, rlogin, tip, ssh, and others.||Public domain||5.45.4|
|File||file command is a standard Unix program for recognizing the type of data contained in a computer file.||BSD-like License||5.34|
|Findutils||The GNU Find Utilities are the basic directory searching utilities of the GNU operating system.||GNU GPL||4.6.0|
|Flex||flex (fast lexical analyzer generator) is a free software alternative to lex.||BSD license||2.6.4|
|Gawk||Gawk is a programming language that is designed for processing text-based data, either in files or data streams||GNU GPL||4.2.1|
|GCC||The GNU Compiler Collection (usually shortened to GCC) is a compiler system produced by the GNU Project supporting various programming languages||GNU GPL||8.2.0|
|GDBM||GDBM simple database engines||GNU GPL||1.17|
|Gettext||Gettext is the GNU internationalization and localization (i18n) library.||GNU GPL||0.19.8.1|
|Glibc||The GNU C Library, commonly known as glibc, is the C standard library released by the GNU Project.||GNU GPL||2.28|
|GMP||The GNU Multiple-Precision Library, also known as GMP, is a free library for arbitrary-precision arithmetic, operating on signed integers, rational numbers, and floating point numbers.||GNU GPL||6.1.2|
|Gperf||A perfect hash function generator. For a given list of strings, it produces a hash function and hash table, in form of C or C++ code, for looking up a value depending on the input string. The hash function is perfect, which means that the hash table has no collisions, and the hash table lookup needs a single string comparison only.||GNU GPL||3.1|
|Groff||Groff is the GNU replacement for the troff and nroff text formatters.||GNU GPL||1.22.3|
|GRUB||GNU GRUB (short for GNU GRand Unified Bootloader) is a boot loader package from the GNU Project.||GNU GPL||2.02|
|Gzip||Gzip is a software application used for file compression. gzip is short for GNU zip||GNU GPL||1.9|
|iana-etc.||iana-etc. installs services and protocols using data from the Internet Assigned Numbers Authority. Included are snapshots of the data from the IANA, scripts to transform that data into the needed formats, and scripts to fetch the latest data.||Open Software License||2.30|
|Inetutils||Lists notable software packages developed for or maintained by the Free Software Foundation as part of the GNU Project||GNU GPL||1.9.4|
|Intltool||A set of tools to centralize translation of many different file formats using GNU gettext-compatible PO files.||GNU GPL||0.51.0|
|IPRoute2||A collection of userspace utilities for controlling and monitoring various aspects of networking in the Linux kernel, including Routing, network interfaces, tunnels, traffic control, and network-related device drivers.||GNU GPL||4.18.0|
|Kbd||A package contains tools for managing the Linux console (Linux console, virtual terminals on it, keyboard, etc.). Mainly, what they do is loading console fonts and keyboard maps. Also this package contains a set of various fonts and keyboard maps.||GNU GPL||2.0.4|
|Kmod||A multi-call binary which implements the programs used to control Linux Kernel modules.||GNU LGPL||25|
||Dual: either GPL or BSD-like License||530|
|LFS-Bootscripts||The LFS-Bootscripts package contains a set of scripts to start/stop the LFS system at bootup/shutdown. The configuration files and procedures needed to customize the boot process are described in the following sections.||Creative Commons licenses and MIT License||8.3 (20180820)|
|Libcap||An alternative to the superuser model of privilege under Linux.||2.25|
|Libffi||A Portable Foreign Function Interface Library.||MIT License||3.2.1|
|Libpipeline||Libpipeline is a C library for manipulating pipelines of subprocesses in a flexible and convenient way.||GNU GPL||1.5.0|
|Libtool||GNU Libtool is a GNU programming tool from the GNU build system used for creating portable compiled libraries.||GNU GPL||2.4.6|
|Linux||The Linux kernel is an operating system kernel used by the Linux family of Unix-like operating systems.||GNU GPL||4.18.5|
|GNU m4||GNU m4 is the GNU version of the m4 macro preprocessor.||GNU GPL||1.4.18|
|make||Make is a utility for automatically building executable programs and libraries from source code.||GNU GPL||4.2.1|
|Man-DB||Man-DB is an implementation of the standard Unix documentation system accessed using the man command. It uses a Berkeley DB database in place of the traditional flat-text whatis databases.||GNU GPL||2.8.4|
|Man-pages||A man page (short for manual page) is a form of online software documentation usually found on a Unix or Unix-like operating system.||Multiple Licenses.||4.16|
|Meson||an open source build system meant to be both extremely fast, and, even more importantly, as user friendly as possible.||Apache License||0.47.1|
|MPC||A C library for the arithmetic of complex numbers with arbitrarily high precision||GNU LGPL||1.1.0|
|MPFR||GNU C library for multiple-precision floating-point computations with correct rounding.||GNU LGPL and GNU GPL for special exception part of the source code||4.0.1|
|Ninja||A small build system with a focus on speed.||Apache License||1.8.2|
|ncurses||A programming library for writing text user interfaces in a terminal-independent manner||X11 License||6.1|
|OpenSSL||Apache License 1.0 and four-clause BSD License||1.1.0i|
|Patch||A computer tool for Unix programs that updates text files according to instructions contained in a separate file, called a patch file.||GNU GPL||2.7.6|
|Perl||A dynamic interpreted programming language||Artistic License 1.0 or GNU GPL||5.28.0|
|Pkg-config||A computer program that provides a unified interface for querying installed libraries for the purpose of compiling software from its source code.||GNU GPL||0.29.2|
|Procps||A set of command line and full-screen utilities that provide information out of the pseudo-filesystem most commonly located at /proc. This filesystem provides a simple interface to the kernel data structures. The programs of procps generally concentrate on the structures that describe the processess running on the system.||GNU GPL and GNU LGPL||3.3.15|
|Psmisc||A set of some small useful utilities that use the proc filesystem.||GNU GPL||23.1|
|Python||An open source interpreted high-level programming language for general-purpose programming||Python Software Foundation License||3.7.0|
|Python Documentation||Package contains the Python development environment.||Python Software Foundation License||3.7.0|
|Readline||GNU readline is a software library created and maintained by the GNU Project.||GNU GPL||7.0|
|Shadow||A tool on most Unix and Unix-like operating systems used to change a user's password. The password entered by the user is run through a key derivation function to create a hashed version of the new password, which is saved. Only the hashed version is stored; the entered password is not saved for security reasons.||Artistic License or BSD-like License||4.6|
|Sysklogd||A Kernel and system logging daemons that provides two system utilities which provide support for system logging and kernel message trapping. Support of both internet and unix domain sockets enables this utility package to support both local and remote logging.||GNU GPL||1.5.1|
|Sysvinit||System V style init programs that control the booting and shutdown system.||GNU GPL||2.90|
|Tcl||Tool Command Language is a dynamic scripting language.||BSD-like License||8.6.8|
|Texinfo||A typesetting syntax used for generating documentation in both on-line also printed form and the official documentation format of the GNU project.||GNU GPL||6.5|
|tzdata||The public-domain time zone database contains code and data that represent the history of local time for many representative locations around the globe.||Public domain and BSD||2018e|
|Udev Configuration Tarball||The Udev package contains programs for dynamic creation of device nodes. The development of udev has been merged with systemd, but most of systemd is incompatible with LFS. Here we build and install just the needed udev files.||Creative Commons licenses and MIT License||udev-lfs-20171102|
|util-linux||The Util-linux package contains miscellaneous utility programs. Among them are utilities for handling file systems, consoles, partitions, and messages.||GNU GPL||2.32.1|
|Vim language files (recommended)||A text editor built to create and change any kind of text.||Free software (Vim License), charityware||8.1|
|XZ Utils||A general-purpose data compression software with a high compression ratio. XZ Utils were written for POSIX-like systems, but also work on some not-so-POSIX systems. XZ Utils are the successor to LZMA Utils.||GNU GPL and GNU LGPL||5.2.4|
|Zlib||Zlib is a software library used for data compression.||zlib license||1.2.11|
 This is a list of the packages included in CLFS version 1.1.0. Unless otherwise noted, this list is applicable to all supported architectures.
Standard build unitEdit
A "standard build unit" ("SBU") is a term used during initial bootstrapping of the system, and represents the amount of time required to build the first package in LFS on a given computer. Its creation was prompted by the long time required to build an LFS system, and the desire of many users to know how long a source tarball will take to build ahead of time.
As of Linux From Scratch version 6.3, the first package built by the user is GNU binutils. When building it, users are encouraged to time that build process using shell constructs and dub that time that system's "standard build unit". Once this number is known, an estimate of the time required to build later packages is expressed relative to the known SBU.
Several packages built during compilation take much longer to build than binutils, including the GNU C Library (rated at 4.1 SBUs) and the GNU Compiler Collection (rated at 8.4 SBUs). The unit must be interpreted as an approximation; various factors influence the actual time required to build a package.
Linux From Scratch is a wonderful project. It should become a compulsory reading material for all Linux training courses, and something that every Linux enthusiast should complete at least once. This would also create another interesting side effect: people who tend to be quick in expressing dissatisfaction on the distributions' mailing lists and forums would probably show a lot more respect for the developers. Installing a ready-made distribution is a trivial task. Building up a set of 4 CDs containing a stable, secure and reliable operating system, plus thousands of applications, is most definitely not.
Tux Machines wrote review about Linux From Scratch 6.1 in 2005:
Now on to BLFS. Unfortunately Beyond Linux From Scratch is always a book behind it seems. To me it's not a real install until one can log into a window manager.
Other source-based Linux distributions:
- LFS News, Linux From Scratch
- Preface:LFS Target Architectures, Linux From Scratch
- What is Linux From Scratch?, LFS Project Homepage
- Gerard Beekmans: Beyond Linux From Scratch, Version 6.3 (August 2008)
- "LFS LiveCD Project Homepage". www.linuxfromscratch.org. Retrieved 25 May 2018.
- "Index of /~kb0iic/livecdupd". clfs.org. Retrieved 25 May 2018.
- "Licenses for manual pages". www.kernel.org. Retrieved 25 May 2018.
- "NCURSES — Licensing". Retrieved July 9, 2013.
- "The "Artistic License" - dev.perl.org". dev.perl.org. Retrieved 25 May 2018.
- Artistic - file on the Perl 5 git repository
- "Perl Licensing". dev.perl.org. Retrieved 2011-01-08.
- "Tcl/Tk Licensing Terms". http://www.tcl.tk/. Retrieved 2011-01-08. External link in
- Learning with Linux From Scratch [LWN.net]
- Linux From Scratch 6.1 (part 1?) | Tux Machines
- Linux From Scratch 6.1 - Part 2 - BLFS | Tux Machines
- Beyond Beyond Linux from Scratch (lfs - part 3) | Tux Machines
- "LFS Project Homepage". Linux From Scratch. Gerard Beekmans. 17 March 2008. Retrieved 17 March 2008.