Aug 10, 2012
UEFI Secure Boot and openSUSE
UEFI Secure Boot is a feature that is coming soon with new PCs. Traditional BIOS booting is getting replaced now with UEFI and now hardware vendors are going - following requirements from Windows 8 - to use UEFI for booting and enable UEFI Secure Boot. This cases a number of problems and challenges for Open Source users.
My colleagues Vojtech Pavlik and Olaf Kirch have been looking into what UEFI Secure Boot is, what their effect on SUSE and openSUSE is and they propose a solution to handle it.
They have written three blog posts explaing SUSE's approach to secure boot:
Matthew Garret from Red Hat is driving the Fedora implementation of Secure Boot and he blogged as well about the solution and called it "elegant" - and expects to use it for Fedora as well.
Thorsten Leemhuis has summarized this in a nice article at the H (German original at Heise).
The openSUSE community is now discussing whether we can use the SUSE proposal also for openSUSE and the first reactions seems that this is the way to go.
There's not much sense in summarizing the articles further, Thorsten did a great job, so read his article - or read the full three posts plus Matthew's comment for all the details.
Aug 3, 2012
Glibc 2.16 for openSUSE Factory
The GNU C Library (glibc 2.16) has been released a couple of weeks ago and is the first release after the changed glibc development model. It looks like the release with the most bug fixes and most contributors.
The most significant developer visible changes are IMO:
While the focus of openSUSE is on getting 12.2 out of the door, I worked on getting glibc 2.16 ready for the next release in a side project. The library itself builds fine and Coolo has setup a staging project called openSUSE:Factory:Staging:Glibc where the whole distribution is build with the new glibc (in this case we use 12.2 as a base since that one is moving slower).
The issues I encountered and fixed where:
The build failure looks like:
The packages that failed where packages using gnulib that issued a warning when gets was used - and this warning code works only if gets is declared. Once these packages update their gnulib code, everything is fine, for now the warning could just be disabled or only enabled when there is a declaration.
glibc 2.16 removes the undocumented definition of 'struct siginfo'
from <bits/siginfo.h>. This struct was always a typedef for 'siginfo_t' which is required by POSIX, so 'siginfo_t' should be used instead.
So, boost and all packages using boost's boost::TIME_UTC needed fixing.
There were two packages that contained -O0 for a few files that were easily fixed.
The most significant developer visible changes are IMO:
- Support for ISO C11
- Many bug fixes for the math library thanks to a thorough audit of all open math library bugs. The results are mor accurate exceptions and function results.
- Support for the x32 ABI on x86-64 which also brings unified headers for x86 and x86-64 - so there are really the same headers for all three ABIs on x86-64.
While the focus of openSUSE is on getting 12.2 out of the door, I worked on getting glibc 2.16 ready for the next release in a side project. The library itself builds fine and Coolo has setup a staging project called openSUSE:Factory:Staging:Glibc where the whole distribution is build with the new glibc (in this case we use 12.2 as a base since that one is moving slower).
Fixing Packages
I've had to fix a small number of packages to get them building with glibc 2.16 and pushed everything directly to factory.The issues I encountered and fixed where:
Missing <sys/resource.h>
The include files have been updated and some programs did not have an include on <sys/resource.h> and instead include some other file that included it.The build failure looks like:
[ 89s] util_exec.cpp: In function 'void dmtcp::Util::adjustRlimitStack()': [ 89s] util_exec.cpp:374:19: error: aggregate 'dmtcp::Util::adjustRlimitStack()::rlimit rlim' has incomplete type and cannot be defined [ 89s] util_exec.cpp:375:15: error: 'RLIMIT_STACK' was not declared in this scope [ 89s] util_exec.cpp:375:34: error: 'getrlimit' was not declared in this scope [ 89s] util_exec.cpp:376:26: error: 'RLIM_INFINITY' was not declared in this scope [ 89s] util_exec.cpp:384:36: error: 'setrlimit' was not declared in this scope
No declaration anymore for gets
gets is not declared anymore as part of ISO C11 and therefore code using gets needs to be compiled using older standards - or better do not build with gets.The packages that failed where packages using gnulib that issued a warning when gets was used - and this warning code works only if gets is declared. Once these packages update their gnulib code, everything is fine, for now the warning could just be disabled or only enabled when there is a declaration.
No more 'struct siginfo'
glibc 2.16 removes the undocumented definition of 'struct siginfo'
from <bits/siginfo.h>. This struct was always a typedef for 'siginfo_t' which is required by POSIX, so 'siginfo_t' should be used instead.
TIME_UTC from ISO C11 in boost
ISO C11 introduced the constant TIME_UTC - and boost also declares this value. This breaks building with boost and thus upstream boost now renamed its value to 'TIME_UTC_' which is an API change.So, boost and all packages using boost's boost::TIME_UTC needed fixing.
_FORTIFY_SOURCE requires compilation with optimization
Building with -D_FORTIFY_SOURCE is done by default for openSUSE but the extra features are defined in a way that they only work with optimization. Now glibc complains if a file is compiled without optimization but with this feature macro.There were two packages that contained -O0 for a few files that were easily fixed.
Fixing packages in the Build Service
To build locally a package with the new glibc, just issue the following osc command:osc build --alternative-project=openSUSE:Factory:Staging:Glibc standard x86_64
Next step: Factory
Once all packages are building fine (so far I had to fix 50+ packages, the other 5000+ are fine), I'll discuss with Coolo when and how to submit this to Factory.
Subscribe to:
Posts (Atom)