#!/bin/bash #Copyright 2003 William Stearns MSIVer='0.1.3' #Preferred first, space separated rsync or /path/ dirs (future ftp/http) Sources="/usr/src/staticiso-sources/ zaphod.stearns.org::redhatmirror/pub/redhat/linux/updates/7.3/en/os/SRPMS/ zaphod.stearns.org::redhatmirror/pub/redhat/linux/7.3/en/os/i386/SRPMS/" #Sources="/usr/src/staticiso-sources/ # zaphod.stearns.org::redhatmirror/pub/redhat/linux/beta/phoebe/en/os/i386/SRPMS # zaphod.stearns.org::redhatmirror/pub/redhat/linux/updates/8.0/en/os/SRPMS/ # zaphod.stearns.org::redhatmirror/pub/redhat/linux/8.0/en/os/i386/SRPMS/" Cache=/usr/src/staticiso-sources/ RpmDir='/home/wstearns/rpm/RPMS/i386/' WorkDir="$HOME/staticiso-build" if rpm -q libpcap >/dev/null 2>&1 ; then echo WARNING - Redhats libpcap may be installed, are you sure you want to continue? echo Press Ctrl-C to exit, enter to continue. read junk fi if [ -f /usr/lib/samlib/samlib ]; then . /usr/lib/samlib/samlib else echo "/usr/lib/samlib/samlib is missing - please get it from" >/dev/stderr echo "http://www.pobox.com/~wstearns/" >/dev/stderr echo "Exiting." >/dev/stderr exit 1 fi for ONEFUNC in substline ; do if ! type $ONEFUNC >/dev/null 2>/dev/null ; then echo "Missing $ONEFUNC , please update samlib from" >/dev/stderr echo "http://www.stearns.org/samlib/" >/dev/stderr echo "Exiting." >/dev/stderr exit 1 fi done #To add a new package, put in approriate sections everywhere you see #ADD #FIXME - check for more than one i386 rpm. Banner () { echo "======== $* ========" } Debug () { echo "$*" >&2 } RequireUtil () { while [ -n "$1" ]; do if ! type -path "$1" >/dev/null 2>/dev/null ; then echo Missing utility "$1". Please install it. >&2 return 1 #False, app is not available. fi shift done return 0 #True, app is there. } #End of RequireUtil GetFile () { if [ -n "$1" ]; then for OneSource in $Sources ; do case $OneSource in /*) #Local path if [ -n "`ls -A1rt $OneSource/$1 2>/dev/null`" ]; then Debug $1 found in $OneSource if [ "$OneSource" = "$Cache" ]; then Debug $1 already in cache break else Debug Copying $1 from $OneSource cp -p $OneSource/$1 $Cache >/dev/null && break #Exit if successful fi fi ;; *::*) #Rsync if rsync "$OneSource/$1" >/dev/null 2>&1 ; then #Return code 0=file exists, 23, not there. Works with wildcards. Debug Rsyncing $1 down from $OneSource rsync -a "$OneSource/$1" "$Cache" >/dev/null && break #Exits from innermost for/while/until loop. else Debug Rsync $OneSource doesn\'t have $1 fi ;; http*|ftp*) Debug http/ftp unimplemented. # cd "$WorkDir/sources/" # wget "$1" # cd - ;; esac done else Debug Nothing requested in GetFile fi BestRpm=`ls -A1rt $Cache/$1 2>/dev/null | tail -1` #Most recent cached rpm if ! rpm --checksig $BestRpm >/dev/null 2>&1 ; then echo Source RPM signature failed for $BestRpm, exiting. >&2 exit 1 fi echo $BestRpm } BuildRpm () { Banner Building $1 if [ "$build" = 'yes' ]; then MyRpm=`GetFile $1-*.src.rpm` Debug Source RPM is $MyRpm rpm --rebuild "$MyRpm" return $? fi } InstallRpm () { #FIXME - only do *, not *-devel, etc. Banner Installing $1 cd "$WorkDir/unpack/" rpm2cpio $RpmDir/$1-*.i386.rpm | cpio -i -d -m rpm -qp $RpmDir/$1-*.i386.rpm --queryformat '%-30{NAME} %{LICENSE}\n' >>"$WorkDir/unpack/LICENSES" } echo "mkstaticiso Version $MSIVer" echo "Copyright 2003 William Stearns " echo #Recheck list RequireUtil [ bzip2 cc cd chmod cp cpio date gcc gpg grep ls mkdir mkisofs mktemp rm rmdir rpm rpm2cpio rsync tail wget || exit 1 build='yes' for OneRequest in $* ; do case $OneRequest in --build) build='yes' ;; --nobuild) build='no' ;; #ADD #Template #packagename|oneapp|anotherapp) # packagename='yes' # ;; bash) bash='yes' ;; bind-utils|dig|host|nslookup) bind='yes' ;; binutils|addr2line|ar|as|gasp|gprof|ld|nm|objcopy|objdump|ranlib|readelf|size|strings|strip) binutils='yes' ;; bzip2|bunzip2) bzip2='yes' ;; chkrootkit) #FIXME - binlist chkrootkit='yes' ;; cpio) cpio='yes' ;; diffutils|cmp|diff|diff3|sdiff) diffutils='yes' ;; dump|dump.static|rdump|rdump.static|restore|restore.static|rrestore|rrestore.static) dump='yes' ;; e2fsprogs|badblocks|debugfs|dumpe2fs|e2fsck|e2image|e2label|fsck|fsck.ext2|fsck.ext3|mke2fs|mkfs.ext2|mkfs.ext3|resize2fs|tune2fs|chattr|lsattr|uuidgen|mklost+found) e2fsprogs='yes' ;; ethereal|editcap|idl2eth|mergecap|tethereal|text2pcap) ethereal='yes' ;; ethtool) ethtool='yes' ;; eject|volname) eject='yes' ;; file) file='yes' ;; fileutils|chgrp|chmod|chown|cp|dd|df|ln|ls|mkdir|mknod|mv|rm|rmdir|sync|touch|dir|dircolors|du|install|mkfifo|shred|vdir) fileutils='yes' ;; findutils|find|xargs) findutils='yes' ;; ftp|pftp) ftp='yes' ;; gawk|awk|igawk|pgawk) gawk='yes' ;; gdb) gdb='yes' ;; gnupg|gpg|gpgv|lspgpot) gnupg='yes' ;; grep|egrep|fgrep) grep='yes' ;; gzip) gzip='yes' ;; hexedit) hexedit='yes' ;; iputils|ping|arping|ifenslave|clockdiff|ping6|rdisc|tracepath|tracepath6|traceroute6) iputils='yes' ;; less) less='yes' ;; lrzsz|rb|rx|rz|sb|sx|sz) lrzsz='yes' ;; lslk) lslk='yes' ;; lsof) lsof='yes' ;; lynx) lynx='yes' ;; mailx|mail|Mail) mailx='yes' ;; man|apropos|man2html|manpath|whatis|makewhatis) man='yes' ;; mktemp) mktemp='yes' ;; modutils|depmod|genksyms|insmod|insmod.static|insmod_ksymoops_clean|kallsyms|kernelversion|ksyms|lsmod|modinfo|modprobe|rmmod) modutils='yes' ;; nc) nc='yes' ;; ncompress|compress|uncompress) ncompress='yes' ;; net-tools|dnsdomainname|domainname|hostname|netstat|nisdomainname|ypdomainname|arp|ether-wake|ifconfig|ipmaddr|iptunnel|mii-tool|nameif|plipconfig|route|slattach) nettools='yes' ;; ngrep) ngrep='yes' ;; nmap|nmapfe|xnmap) nmap='yes' ;; openssh|sftp|slogin|ssh|ssh-add|ssh-agent|ssh-keyscan|sshd|scp|ssh-keygen) openssh='yes' ;; passwd) passwd='yes' ;; patch) patch='yes' ;; pdksh|ksh) pdksh='yes' ;; procps|ps|sysctl|free|oldps|pgrep|pkill|skill|snice|tload|top|uptime|vmstat|w|watch) procps='yes' ;; psmisc|fuser|killall|pstree) psmisc='yes' ;; quota|convertquota|quotacheck|quotaoff|quotaon|edquota|quotastats|repquota|rpc.rquotad|setquota|warnquota) quota='yes' ;; rpm|gendiff|rpm2cpio|rpmdb|rpmquery|rpmsign|rpmverify) rpm='yes' ;; rsync) rsync='yes' ;; screen) screen='yes' ;; sed) sed='yes' ;; sh-utils|basename|date|echo|false|nice|pwd|sleep|stty|su|true|uname|[|dirname|env|expr|factor|groups|hostid|id|logname|nohup|pathchk|pinky|printenv|printf|seq|tee|test|tty|users|who|whoami|yes|chroot) shutils='yes' ;; sharutils|mail-files|mailshar|remsync|shar|unshar|uudecode|uuencode) sharutils='yes' ;; stat) stat='yes' ;; strace) strace='yes' ;; stunnel) stunnel='yes' ;; sudo|visudo) sudo='yes' ;; sysvinit|SysVinit|halt|init|killall5|pidof|poweroff|reboot|runlevel|shutdown|sulogin|telinit|last|lastb|mesg|utmpdump|wall) sysvinit=yes ;; tar|gtar) tar='yes' ;; tcpdump|tcpslice) tcpdump='yes' ;; tcsh|csh) tcsh='yes' ;; telnet) telnet='yes' ;; textutils|cat|cut|sort|cksum|comm|csplit|cut|expand|fmt|fold|head|join|md5sum|nl|od|paste|pr|ptx|sha1sum|split|sum|tac|tail|tr|tsort|unexpand|uniq|wc) textutils='yes' ;; time) time='yes' ;; traceroute) traceroute='yes' ;; tripwire|siggen|twadmin|twprint) tripwire='yes' ;; util-linux|arch|dmesg|kill|login|more|addpart|agetty|blockdev|clock|ctrlaltdel|delpart|elvtune|fdisk|fsck.minix|hwclock|kbdrate|mkfs|mkfs.bfs|mkfs.minix|mkswap|nologin|partx|pivot_root|rescuept|sfdisk|cal|chfn|chsh|col|colcrt|colrm|column|cytune|ddate|fdformat|getopt|hexdump|ipcrm|ipcs|kbdrate|logger|look|mcookie|mkcramfs|namei|newgrp|raw|rename|renice|rev|script|setfdprm|setsid|setterm|ul|whereis|write|hwclock|ramsize|rdev|readprofile|rootflags|tunelp|vidmode|vigr|vipw|mount|umount|swapoff|swapon) utillinux='yes' ;; vim|ex|rvim|vimdiff|vimtutor) vim='yes' ;; vlock) vlock='yes' ;; wget) wget='yes' ;; which) which='yes' ;; *) Debug 'Unknown request '$OneRequest', what rpm has that? Exiting.' exit 1 ;; esac done #ADD - put in $packagename inside the double quotes if [ -z "$bash$bind$binutils$bzip2$chkrootkit$cpio$diffutils$dump$e2fsprogs$eject$ethereal$ethtool$file$fileutils$findutils$ftp$gawk$gdb$gnupg$grep$gzip$hexedit$iputils$less$lrzsz$lslk$lsof$lynx$mailx$man$mktemp$modutils$nc$ncompress$nettools$ngrep$nmap$openssh$passwd$patch$pdksh$procps$psmisc$quota$rpm$rsync$screen$sed$sharutils$shutils$stat$strace$stunnel$sudo$sysvinit$tar$tcpdump$tcsh$telnet$textutils$time$traceroute$tripwire$utillinux$vim$vlock$wget$which" ]; then #If no requests made, build everything #ADD #Template #packagename='yes' bash='yes' bind='yes' binutils='yes' bzip2='yes' chkrootkit='yes' cpio='yes' diffutils='yes' dump='yes' e2fsprogs='yes' eject='yes' ethereal='yes' ethtool='yes' file='yes' fileutils='yes' findutils='yes' ftp='yes' gawk='yes' gdb='yes' gnupg='yes' grep='yes' gzip='yes' hexedit='yes' iputils='yes' less='yes' lrzsz='yes' lslk='yes' lsof='yes' lynx='yes' mailx='yes' man='yes' mktemp='yes' modutils='yes' nc='yes' ncompress='yes' nettools='yes' ngrep='yes' nmap='yes' openssh='yes' passwd='yes' patch='yes' pdksh='yes' procps='yes' psmisc='yes' quota='yes' rpm='yes' rsync='yes' screen='yes' sed='yes' sharutils='yes' shutils='yes' stat='yes' strace='yes' stunnel='yes' sudo='yes' sysvinit='yes' tar='yes' tcpdump='yes' tcsh='yes' telnet='yes' textutils='yes' time='yes' traceroute='yes' tripwire='yes' utillinux='yes' vim='yes' vlock='yes' wget='yes' which='yes' fi #FIXME - mktemp'ed workdir if [ -z "$WorkDir" ]; then WorkDir="$HOME/staticiso-build/" fi mkdir --parents "$Cache" if [ -d "$WorkDir" ]; then echo "$WorkDir exists, exiting." exit 1 fi mkdir --parents "$WorkDir" mkdir --parents "$WorkDir/unpack/" if ! cd "$WorkDir" 2>/dev/null ; then echo "Unable to change to $WorkDir, exiting." exit 1 fi if [ "$build" = 'yes' ]; then Debug Installing build variables and wrappers #Approach 1 #This works for most, but I'd like to see the gcc/cc wrappers universally do the work. They don't, of course. if [ -z "$CFLAGS" ]; then export CFLAGS='-static' else export CFLAGS="$CFLAGS -static" fi if [ -z "$LDFLAGS" ]; then export LDFLAGS='-static' else export LDFLAGS="$LDFLAGS -static" fi if [ -z "$CCOPTS" ]; then export CCOPTS='-static' else export CCOPTS="$CCOPTS -static" fi #Ethereal doesn't like this one # export MAKE="/usr/bin/make CFLAGS=$CFLAGS LDFLAGS=$LDFLAGS" #Approach 2 #Doesn't appear to help at first glance. #gcc () { # /usr/bin/gcc -static $* #} #export -f gcc #cc () { # /usr/bin/cc -static $* #} #export -f cc #Approach 3 BinDir=`mktemp -d -q $HOME/bin.XXXXXX` if [ $? -ne 0 ]; then echo "$0: Can't create temp directory $HOME/bin.XXXXXX, exiting..." >&2 exit 1 fi Debug Installing BinDir $BinDir chmod 700 $BinDir export PATH="$BinDir:$PATH" Debug Path is now $PATH cat >$BinDir/README <$BinDir/dlstubs.c < #include /* dl*() stub routines for static compilation. Originally prepared for Solaris from /usr/include/dlfcn.h by Hal Pomeranz , see http://www.deer-run.com/~hal/sol-static.txt . Minor Linux tweaks by Bill Stearns. */ void *dlopen(const char *__file, int __mode) {} void *dlsym(void *ptr, const char *str) {} int dlclose(void *ptr) {} char *dlerror() {} /* void *dlmopen(Lmid_t a, const char *str, int x) {} */ /* int dladdr(void *ptr1, Dl_info *ptr2) {} */ int dldump(const char *str1, const char *str2, int x) {} int dlinfo(void *ptr1, int x, void *ptr2) {} EOF cd "$BinDir" gcc -c -O2 -g dlstubs.c cat >$BinDir/gcc <>$BinDir/gcc-called exec /usr/bin/gcc -static "\$@" EOF cat >$BinDir/cc <>$BinDir/cc-called exec /usr/bin/cc -static "\$@" EOF #Needed? Doesn't seem to help with procps cat >$BinDir/ld <>$BinDir/ld-called exec /usr/bin/ld -static -z muldefs $BinDir/dlstubs.o "\$@" EOF cat >$BinDir/i386-redhat-linux-gcc <>$BinDir/i386-redhat-linux-gcc-called exec /usr/bin/i386-redhat-linux-gcc -static "\$@" EOF chmod 755 $BinDir/cc $BinDir/gcc $BinDir/ld $BinDir/i386-redhat-linux-gcc #export CC=$BinDir/gcc #Doesn't seem to help else Debug Not building, so not installing build variables and wrappers fi #if building cd "$WorkDir" #ADD #[ "$ZZ" = 'yes' ] && BuildRpm ZZ && InstallRpm ZZ # [ "$bash" = 'yes' ] && BuildRpm bash && InstallRpm bash #Static if [ "$bind" = 'yes' ]; then #Static #BuildRpm bind if [ "$build" = 'yes' ]; then MyRpm=`GetFile bind-*.src.rpm` Debug Source RPM is $MyRpm rpm -ivh "$MyRpm" substline /home/wstearns/rpm/SPECS/bind.spec '\(^%{_libdir}/libisccc\.so\.\*\)' "#\1" substline /home/wstearns/rpm/SPECS/bind.spec '\(^%{_libdir}/libisccfg\.so\.\*\)' "#\1" substline /home/wstearns/rpm/SPECS/bind.spec '\(^%{_libdir}/liblwres\.so\.\*\)' "#\1" substline /home/wstearns/rpm/SPECS/bind.spec '\(^%{_libdir}/libdns\.so\.\*\)' "#\1" substline /home/wstearns/rpm/SPECS/bind.spec '\(^%{_libdir}/libisc\.so\.\*\)' "#\1" substline /home/wstearns/rpm/SPECS/bind.spec '\(^%{_libdir}/\*\.so\)' "#\1" #substline /home/wstearns/rpm/SPECS/bind.spec '\(^%{_libdir}/libisccc\.so\.\*\)' "#\1" rpm -ba /home/wstearns/rpm/SPECS/bind.spec fi InstallRpm bind-utils fi if [ "$binutils" = 'yes' ]; then #Static #BuildRpm binutils if [ "$build" = 'yes' ]; then MyRpm=`GetFile binutils-*.src.rpm` Debug Source RPM is $MyRpm rpm -ivh "$MyRpm" substline /home/wstearns/rpm/SPECS/binutils.spec '\(^chmod +x ${RPM_BUILD_ROOT}%{_prefix}/%{_lib}/lib\*\.so\*$\)' "#\1" rpm -ba /home/wstearns/rpm/SPECS/binutils.spec fi InstallRpm binutils fi if [ "$bzip2" = 'yes' ]; then #Static #BuildRpm bzip2 if [ "$build" = 'yes' ]; then MyRpm=`GetFile bzip2-*.src.rpm` Debug Source RPM is $MyRpm rpm -ivh "$MyRpm" substline /home/wstearns/rpm/SPECS/bzip2.spec '\(^make -f Makefile-libbz2_so CFLAGS="$RPM_OPT_FLAGS -D_FILE_OFFSET_BITS=64 -fpic -fPIC" all\)' '#\1' substline /home/wstearns/rpm/SPECS/bzip2.spec '\(^rm -f \*.o\)' '#\1' substline /home/wstearns/rpm/SPECS/bzip2.spec '\(^make CFLAGS="$RPM_OPT_FLAGS -D_FILE_OFFSET_BITS=64" all\)' 'make CFLAGS="$RPM_OPT_FLAGS -D_FILE_OFFSET_BITS=64 -static" all' substline /home/wstearns/rpm/SPECS/bzip2.spec '\(^install -m 755 libbz2.so.1.0.2 $RPM_BUILD_ROOT/%{_libdir}\)' '#\1' substline /home/wstearns/rpm/SPECS/bzip2.spec '\(^ln -s libbz2.so.1.0.2 $RPM_BUILD_ROOT/%{_libdir}/libbz2.so.1\)' '#\1' substline /home/wstearns/rpm/SPECS/bzip2.spec '\(^ln -s libbz2.so.1 $RPM_BUILD_ROOT/%{_libdir}/libbz2.so\)' '#\1' substline /home/wstearns/rpm/SPECS/bzip2.spec '\(^%{_libdir}/\*so\.\*\)' '#\1' substline /home/wstearns/rpm/SPECS/bzip2.spec '\(^%{_libdir}/\*so\)' '#\1' substline /home/wstearns/rpm/SPECS/bzip2.spec '\(^install -m 755 bzip2-shared $RPM_BUILD_ROOT/%{_bindir}/bzip2\)' 'install -m 755 bzip2 $RPM_BUILD_ROOT/%{_bindir}/bzip2' #substline /home/wstearns/rpm/SPECS/bzip2.spec '\(^\)' '' rpm -ba /home/wstearns/rpm/SPECS/bzip2.spec fi InstallRpm bzip2 fi [ "$cpio" = 'yes' ] && BuildRpm cpio && InstallRpm cpio #Static [ "$diffutils" = 'yes' ] && BuildRpm diffutils && InstallRpm diffutils #Static [ "$dump" = 'yes' ] && InstallRpm dump #Including Redhat's native dump package. FIXME - use GetFile. all binaries already static if [ "$e2fsprogs" = 'yes' ]; then #Static #BuildRpm e2fsprogs if [ "$build" = 'yes' ]; then MyRpm=`GetFile e2fsprogs-*.src.rpm` Debug Source RPM is $MyRpm rpm -ivh "$MyRpm" substline /home/wstearns/rpm/SPECS/e2fsprogs.spec '^%configure --enable-elf-shlibs' '%configure --with-ldopts=-static' substline /home/wstearns/rpm/SPECS/e2fsprogs.spec '\(^%{_root_libdir}/libcom_err.so.*\)' '#\1' substline /home/wstearns/rpm/SPECS/e2fsprogs.spec '\(^%{_root_libdir}/libe2p.so.*\)' '#\1' substline /home/wstearns/rpm/SPECS/e2fsprogs.spec '\(^%{_root_libdir}/libext2fs.so.*\)' '#\1' substline /home/wstearns/rpm/SPECS/e2fsprogs.spec '\(^%{_root_libdir}/libss.so.*\)' '#\1' substline /home/wstearns/rpm/SPECS/e2fsprogs.spec '\(^%{_root_libdir}/libuuid.so.*\)' '#\1' rpm -ba /home/wstearns/rpm/SPECS/e2fsprogs.spec fi InstallRpm e2fsprogs fi [ "$eject" = 'yes' ] && BuildRpm eject && InstallRpm eject #Static if [ "$ethereal" = 'yes' ]; then #BuildRpm ethereal if [ "$build" = 'yes' ]; then MyRpm=`GetFile ethereal-*.src.rpm` Debug Source RPM is $MyRpm rpm -ivh "$MyRpm" substline /home/wstearns/rpm/SPECS/ethereal.spec '\(^BuildRequires:\W*libpcap >= 0\.6\)' "#\1" substline /home/wstearns/rpm/SPECS/ethereal.spec '^ --with-ucdsnmp ' ' --without-ucdsnmp ' substline /home/wstearns/rpm/SPECS/ethereal.spec '^ --enable-snmp ' ' --disable-snmp ' substline /home/wstearns/rpm/SPECS/ethereal.spec '^ --disable-static ' ' --enable-static ' substline /home/wstearns/rpm/SPECS/ethereal.spec '^ --with-plugindir=%{_libdir}/%{name}/plugins/%{version}' ' --without-plugins' substline /home/wstearns/rpm/SPECS/ethereal.spec '\(^%{_libdir}/ethereal\)' '#\1' substline /home/wstearns/rpm/SPECS/ethereal.spec '\(^%{_bindir}/ethereal\)' '#\1' substline /home/wstearns/rpm/SPECS/ethereal.spec '\(^%{_sbindir}/ethereal\)' '#\1' rpm -ba /home/wstearns/rpm/SPECS/ethereal.spec fi InstallRpm ethereal fi [ "$ethtool" = 'yes' ] && BuildRpm ethtool && InstallRpm ethtool #Static [ "$file" = 'yes' ] && BuildRpm file && InstallRpm file #Static [ "$gawk" = 'yes' ] && BuildRpm gawk && InstallRpm gawk #Static [ "$gdb" = 'yes' ] && BuildRpm gdb && InstallRpm gdb #Static [ "$gnupg" = 'yes' ] && BuildRpm gnupg && InstallRpm gnupg #Static [ "$grep" = 'yes' ] && BuildRpm grep && InstallRpm grep #Static [ "$gzip" = 'yes' ] && BuildRpm gzip && InstallRpm gzip #Static [ "$fileutils" = 'yes' ] && BuildRpm fileutils && InstallRpm fileutils #Static (CFLAGS) [ "$findutils" = 'yes' ] && BuildRpm findutils && InstallRpm findutils #Static [ "$ftp" = 'yes' ] && BuildRpm ftp && InstallRpm ftp #Static [ "$hexedit" = 'yes' ] && BuildRpm hexedit && InstallRpm hexedit #Static (needs i386-redhat-linux-gcc wrapper) [ "$iputils" = 'yes' ] && BuildRpm iputils && InstallRpm iputils #Static [ "$less" = 'yes' ] && BuildRpm less && InstallRpm less #Static [ "$lrzsz" = 'yes' ] && BuildRpm lrzsz && InstallRpm lrzsz #Static [ "$lslk" = 'yes' ] && BuildRpm lslk && InstallRpm lslk #Static [ "$lsof" = 'yes' ] && BuildRpm lsof && InstallRpm lsof #Static [ "$lynx" = 'yes' ] && BuildRpm lynx && InstallRpm lynx #Static [ "$mailx" = 'yes' ] && BuildRpm mailx && InstallRpm mailx #Static [ "$man" = 'yes' ] && BuildRpm man && InstallRpm man #Static [ "$mktemp" = 'yes' ] && BuildRpm mktemp && InstallRpm mktemp #Static [ "$modutils" = 'yes' ] && BuildRpm modutils && InstallRpm modutils #Static [ "$nc" = 'yes' ] && BuildRpm nc && InstallRpm nc #Static (CFLAGS doesn't work, needs cc wrapper) [ "$ncompress" = 'yes' ] && BuildRpm ncompress && InstallRpm ncompress #Static [ "$nettools" = 'yes' ] && BuildRpm net-tools && InstallRpm net-tools #Static [ "$nmap" = 'yes' ] && BuildRpm nmap && InstallRpm nmap && InstallRpm nmap-frontend #Static if [ "$openssh" = 'yes' ]; then #Static #BuildRpm openssh if [ "$build" = 'yes' ]; then MyRpm=`GetFile openssh-*.src.rpm` Debug Source RPM is $MyRpm #The define would be OK, except we need to apply another patch to fix the "multiple definitions of optind; see #http://www.der-keiler.de/Newsgroups/comp.security.ssh/2002-06/0039.html #rpm --rebuild "$MyRpm" --define "static_openssl 1" rpm -ivh "$MyRpm" #adding '--define "static_openssl 1"'to the rpm build line is supposed to be the equivalent of the following: #substline /home/wstearns/rpm/SPECS/openssh.spec '\(^%define static_libcrypto 0\)' '%define static_libcrypto 1' substline /home/wstearns/rpm/SPECS/openssh.spec '\(^Patch13: http://bugzilla.mindrot.org/showattachment.cgi?attach_id=37\)' '\1\ Patch90: openssh-optind-static.patch' substline /home/wstearns/rpm/SPECS/openssh.spec '\(^%build\)' '%patch90 -p1\ \1' rpm -ba /home/wstearns/rpm/SPECS/openssh.spec --define "static_openssl 1" fi InstallRpm openssh InstallRpm openssh-askpass InstallRpm openssh-askpass-gnome InstallRpm openssh-clients InstallRpm openssh-server fi [ "$patch" = 'yes' ] && BuildRpm patch && InstallRpm patch #Static [ "$pdksh" = 'yes' ] && BuildRpm pdksh && InstallRpm pdksh #Static if [ "$procps" = 'yes' ]; then #FIXME Some static, some are not #BuildRpm procps if [ "$build" = 'yes' ]; then MyRpm=`GetFile procps-*.src.rpm` Debug Source RPM is $MyRpm rpm -ivh "$MyRpm" #substline /home/wstearns/rpm/SPECS/procps.spec '^make CC="gcc $RPM_OPT_FLAGS" LDFLAGS=-s MANDIR=%{_mandir}' 'make CC="gcc $RPM_OPT_FLAGS" LDFLAGS=-static MANDIR=%{_mandir}' #Just the following gets pgrep, pkill, ps, sysctl, and watch static, rest are against libc.so.1 substline /home/wstearns/rpm/SPECS/procps.spec '^make CC="gcc $RPM_OPT_FLAGS" LDFLAGS=-s MANDIR=%{_mandir}' 'make SHARED=0 CC="gcc $RPM_OPT_FLAGS" LDFLAGS=-s MANDIR=%{_mandir}' #substline /home/wstearns/rpm/SPECS/procps.spec '^make CC="gcc $RPM_OPT_FLAGS" LDFLAGS=-s MANDIR=%{_mandir}' 'make SHARED=0 CC="gcc $RPM_OPT_FLAGS -static" LDFLAGS=-static MANDIR=%{_mandir} SHLIBDIR=' rpm -ba /home/wstearns/rpm/SPECS/procps.spec fi InstallRpm procps fi [ "$psmisc" = 'yes' ] && BuildRpm psmisc && InstallRpm psmisc #Static [ "$quota" = 'yes' ] && BuildRpm quota && InstallRpm quota #Static [ "$rpm" = 'yes' ] && InstallRpm rpm #Including Redhat's native rpm package. FIXME - use GetFile. rpm is static, rpm2cpio is dynamic [ "$rsync" = 'yes' ] && BuildRpm rsync && InstallRpm rsync #Static [ "$sed" = 'yes' ] && BuildRpm sed && InstallRpm sed #Static [ "$sharutils" = 'yes' ] && BuildRpm sharutils && InstallRpm sharutils #Static [ "$stat" = 'yes' ] && BuildRpm stat && InstallRpm stat #Static [ "$strace" = 'yes' ] && BuildRpm strace && InstallRpm strace #Static [ "$sysvinit" = 'yes' ] && BuildRpm SysVinit && InstallRpm SysVinit #Static [ "$tar" = 'yes' ] && BuildRpm tar && InstallRpm tar #Static [ "$tcpdump" = 'yes' ] && BuildRpm tcpdump && InstallRpm tcpdump #Static [ "$tcsh" = 'yes' ] && BuildRpm tcsh && InstallRpm tcsh #Static [ "$telnet" = 'yes' ] && BuildRpm telnet && InstallRpm telnet #Static [ "$textutils" = 'yes' ] && BuildRpm textutils && InstallRpm textutils #Static (CFLAGS) [ "$time" = 'yes' ] && BuildRpm time && InstallRpm time #Static [ "$traceroute" = 'yes' ] && BuildRpm traceroute && InstallRpm traceroute #Static [ "$tripwire" = 'yes' ] && BuildRpm tripwire && InstallRpm tripwire #Static [ "$utillinux" = 'yes' ] && BuildRpm util-linux && InstallRpm util-linux && InstallRpm mount && InstallRpm losetup #Static [ "$wget" = 'yes' ] && BuildRpm wget && InstallRpm wget #Static [ "$which" = 'yes' ] && BuildRpm which && InstallRpm which #Static #The following packages whine about dlopen errors. This replacement for #ld puts in hals dlstubs.o #FIXME - do we need -z muldefs? if [ "$build" = 'yes' ]; then cat >$BinDir/ld <>$BinDir/ld-called exec /usr/bin/ld -static -z muldefs $BinDir/dlstubs.o "\$@" EOF fi [ "$shutils" = 'yes' ] && BuildRpm sh-utils && InstallRpm sh-utils #Static [ "$sudo" = 'yes' ] && BuildRpm sudo && InstallRpm sudo #Static #FIXME - sudo file mode. :-) #These don't build yet. if false ; then [ "$chkrootkit" = 'yes' ] && BuildRpm chkrootkit && InstallRpm chkrootkit # #FIXME - full url to src.rpm #Both pld and conectiva's versions require glibc-devel-static [ "$ngrep" = 'yes' ] && BuildRpm ngrep && InstallRpm ngrep # #from wstearns, rebuild for 1.40.1 [ "$passwd" = 'yes' ] && BuildRpm passwd && InstallRpm passwd #Doesn't build. FIXME #Without wrappers: #dynamic [ "$screen" = 'yes' ] && BuildRpm screen && InstallRpm screen # #checking for PAM support... no #configure: error: Can't run the compiler - internal error. Sorry. #error: Bad exit status from /var/tmp/rpm-tmp.15247 (%build) [ "$stunnel" = 'yes' ] && BuildRpm stunnel && InstallRpm stunnel #Doesn't build. FIXME #dlstubs.o fixed the dlopen* errors. #i386-redhat-linux-gcc -static -o stunnel client.o stunnel.o ssl.o protocol.o sthreads.o pty.o log.o options.o -lutil -lpthread -lnsl -ldl -L/usr/lib -lssl -lcrypto -lwrap #/usr/lib/libwrap.a(hosts_access.o): In function `host_match': #hosts_access.o(.text+0x606): undefined reference to `yp_get_default_domain' #collect2: ld returned 1 exit status #A lot of people say this means one need -lnsl on the command line, which we have. [ "$vim" = 'yes' ] && BuildRpm vim && InstallRpm vim #Doesn't build. FIXME #Without wrappers: #/usr/lib/libieee.a(.data+0x0): multiple definition of `_LIB_VERSION' #/usr/lib/libm.a(s_lib_version.o)(.data+0x0): first defined here [ "$vlock" = 'yes' ] && BuildRpm vlock && InstallRpm vlock #Doesn't build #With wrappers: #pam errors #Without wrappers: #dynamic fi #Remove the wrapper scripts and hacks. [ -f "$BinDir/gcc" ] && rm -f "$BinDir/gcc" [ -f "$BinDir/cc" ] && rm -f "$BinDir/cc" [ -f "$BinDir/ld" ] && rm -f "$BinDir/ld" [ -f "$BinDir/i386-redhat-linux-gcc" ] && rm -f "$BinDir/i386-redhat-linux-gcc" [ -f "$BinDir/README" ] && rm -f "$BinDir/README" [ -f "$BinDir/dlstubs.c" ] && rm -f "$BinDir/dlstubs.c" [ -f "$BinDir/dlstubs.o" ] && rm -f "$BinDir/dlstubs.o" [ -d "$BinDir" ] && rmdir "$BinDir" cd "$WorkDir/unpack" ThisDate=`date` cat >README </dev/null ; then for OneFile in * ; do #echo '-- ' $OneDir/$OneFile if [ -e "$WorkDir/unpack/bin/$OneFile" ]; then if [ -L "$WorkDir/unpack/$OneDir/$OneFile" ]; then echo Removing `ls -al "$WorkDir/unpack/$OneDir/$OneFile"` rm -f "$WorkDir/unpack/$OneDir/$OneFile" else echo Collision on $OneDir/$OneFile and bin/$OneFile, exiting. exit 1 fi else mv "$WorkDir/unpack/$OneDir/$OneFile" "$WorkDir/unpack/bin" fi done cd "$WorkDir/unpack" rmdir "$WorkDir/unpack/$OneDir" fi done cd "$WorkDir/unpack/bin" #Fix relative links [ -L rpmdb ] && rm -f rpmdb && ln -s ../usr/lib/rpm/rpmd rpmdb [ -L rpmquery ] && rm -f rpmquery && ln -s ../usr/lib/rpm/rpmq rpmquery [ -L rpmsign ] && rm -f rpmsign && ln -s ../usr/lib/rpm/rpmk rpmsign [ -L rpmverify ] && rm -f rpmverify && ln -s ../usr/lib/rpm/rpmv rpmverify [ -L Mail ] && rm -f Mail && ln -s mail Mail [ -L pdksh ] && rm -f pdksh && ln -s ksh pdksh #strip setuid bits [ -f chfn ] && chmod 711 chfn [ -f chsh ] && chmod 711 chsh [ -f mount ] && chmod 755 mount [ -f newgrp ] && chmod 711 newgrp [ -f ping ] && chmod 755 ping [ -f ping6 ] && chmod 755 ping6 [ -f ssh ] && chmod 755 ssh [ -f su ] && chmod 755 su [ -f sudo ] && chmod 555 sudo [ -f traceroute ] && chmod 755 traceroute [ -f traceroute6 ] && chmod 755 traceroute6 [ -f umount ] && chmod 755 umount [ -f wall ] && chmod 555 wall [ -f write ] && chmod 755 write echo Verify that the system is secure and your terminal cannot be seen, and echo enter your gpg passphrase. The terminal will be completely cleared echo when you press enter, so make sure you have read any of the above echo text including scrollback text before starting to type it. read Passphrase clear ; reset for OneBinary in * ; do if [ ! -L $OneBinary ]; then case $OneBinary in *.sig) : ;; *) echo "$Passphrase" | gpg --passphrase-fd 0 --sign --detach-sign --default-key F322929D $OneBinary ;; esac fi done cd "$WorkDir/unpack" ls -A1 bin/* sbin/* usr/bin/* usr/sbin/* 2>/dev/null | grep -v '\.sig$' | sort >MANIFEST cp -p MANIFEST "$WorkDir/static.$MSIVer.`date +%y%m%d`.MANIFEST" cp -p LICENSES "$WorkDir/static.$MSIVer.`date +%y%m%d`.LICENSES" cd "$WorkDir" mkisofs -gid 0 -uid 0 -pad -r -T -o "$WorkDir/static.$MSIVer.`date +%y%m%d`.iso" unpack/ bzip2 -9 -k "$WorkDir/static.$MSIVer.`date +%y%m%d`.iso" Banner 'Done!' #Graveyard #[ "$bind" = 'yes' ] && BuildRpm bind && InstallRpm bind-utils #Doesn't build. FIXME #Without wrappers: #Dynamic _and_: #Processing files: bind-9.2.1-1.7x.2 #error: File not found by glob: /var/tmp/bind-root/usr/lib/libisccc.so.* #error: File not found by glob: /var/tmp/bind-root/usr/lib/libisccfg.so.* #error: File not found by glob: /var/tmp/bind-root/usr/lib/liblwres.so.* #Executing(%doc): /bin/sh -e /var/tmp/rpm-tmp.41176 #... #Processing files: bind-utils-9.2.1-1.7x.2 #error: File not found by glob: /var/tmp/bind-root/usr/lib/libdns.so.* #error: File not found by glob: /var/tmp/bind-root/usr/lib/libisc.so.* #... #error: File not found by glob: /var/tmp/bind-root/usr/lib/*.so #[ "$binutils" = 'yes' ] && BuildRpm binutils && InstallRpm binutils #Doesn't build. FIXME #Without wrappers: #+ chmod +x '/var/tmp/binutils-root/usr/lib/lib*.so*' #chmod: getting attributes of `/var/tmp/binutils-root/usr/lib/lib*.so*': No such file or directory #[ "$bzip2" = 'yes' ] && BuildRpm bzip2 && InstallRpm bzip2 #bzip2 not static #With wrappers: #bzip2 built against libc.so.1, others static #[ "$e2fsprogs" = 'yes' ] && BuildRpm e2fsprogs && InstallRpm e2fsprogs #Not sure. #With wrappers: #rpm created, but some binaries against libc.so.1???? #Without wrappers: #A couple are static, rest dynamic #lynx error went away #checking if we can link to ssl library... no #configure: error: Cannot link with ssl library #error: Bad exit status from /var/tmp/rpm-tmp.59916 (%build) #[ "$openssh" = 'yes' ] && BuildRpm openssh && InstallRpm openssh #Doesn't build. FIXME #Without wrappers: #checking for OpenSSL directory... configure: error: Could not find working OpenSSL library, please install or check config.log #Openssh, create-a-patch-on-the-fly isn't worth it. # cat >/home/wstearns/rpm/SOURCES/openssh-optind-static.patch <