Hardened Linux From Scratch
   HOME

TheInfoList



OR:

''Linux From Scratch'' (LFS) is a type of a
Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which ...
installation and the name of a book written by Gerard Beekmans, and as of May 2021, mainly maintained by Bruce Dubbs. The book gives readers instructions on how to build a Linux system from
source Source may refer to: Research * Historical document * Historical source * Source (intelligence) or sub source, typically a confidential provider of non open-source intelligence * Source (journalism), a person, publication, publishing institute o ...
. The book is available freely from the Linux From Scratch site.


Projects under LFS

''Linux From Scratch'' is a way to install a working Linux system by building all components of it manually. This is, naturally, a longer process than installing a pre-compiled
Linux distribution A Linux distribution (often abbreviated as distro) is an operating system made from a software collection that includes the Linux kernel and, often, a package management system. Linux users usually obtain their operating system by downloading one ...
. According to the ''Linux From Scratch'' site, the advantages to this method are a compact, flexible and secure system and a greater understanding of the internal workings of the Linux-based operating systems. To keep LFS small and focused, the book ''Beyond Linux From Scratch'' (BLFS) was created, which presents instructions on how to further develop the basic Linux system that was created in LFS. It introduces and guides the reader through additions to the system including the
X Window System The X Window System (X11, or simply X) is a windowing system for bitmap displays, common on Unix-like operating systems. X provides the basic framework for a GUI environment: drawing and moving windows on the display device and interacting wit ...
,
desktop environment In computing, a desktop environment (DE) is an implementation of the desktop metaphor made of a bundle of programs running on top of a computer operating system that share a common graphical user interface (GUI), sometimes described as a graphica ...
s (
KDE KDE is an international free software community that develops free and open-source software. As a central development hub, it provides tools and resources that allow collaborative work on this kind of software. Well-known products include the ...
,
GNOME A gnome is a mythological creature and diminutive spirit in Renaissance magic and alchemy, first introduced by Paracelsus in the 16th century and later adopted by more recent authors including those of modern fantasy literature. Its characte ...
, Xfce,
LXDE LXDE (abbreviation for Lightweight X11 Desktop Environment) is a free desktop environment with comparatively low resource requirements. This makes it especially suitable for use on older or resource-constrained personal computers such as netb ...
),
productivity software Productivity software (also called personal productivity software or office productivity software) is application software used for producing information (such as documents, presentations, worksheets, databases, charts, graphs, digital paintings, ...
,
web browser A web browser is application software for accessing websites. When a user requests a web page from a particular website, the browser retrieves its files from a web server and then displays the page on the user's screen. Browsers are used on ...
s,
programming language A programming language is a system of notation for writing computer programs. Most programming languages are text-based formal languages, but they may also be graphical. They are a kind of computer language. The description of a programming ...
s and tools,
multimedia Multimedia is a form of communication that uses a combination of different content forms such as text, audio, images, animations, or video into a single interactive presentation, in contrast to tradition ...
software, and
network management Network management is the process of administering and managing computer networks. Services provided by this discipline include fault analysis, performance management, provisioning of networks and maintaining quality of service. Network managemen ...
and
system administration A system administrator, or sysadmin, or admin is a person who is responsible for the upkeep, configuration, and reliable operation of computer systems, especially multi-user computers, such as servers. The system administrator seeks to ensu ...
tools. Since Release 5.0, the BLFS book version matches the LFS book version. The book ''Cross Linux From Scratch'' (CLFS) focuses on
cross compiling A cross compiler is a compiler capable of creating executable code for a platform other than the one on which the compiler is running. For example, a compiler that runs on a PC but generates code that runs on an Android smartphone is a cross ...
, including compiling for headless or embedded systems that can ''run'' Linux, but lack the resources needed to ''compile'' Linux. CLFS supports a broad range of
processors A central processing unit (CPU), also called a central processor, main processor or just processor, is the electronic circuitry that executes instructions comprising a computer program. The CPU performs basic arithmetic, logic, controlling, ...
and addresses advanced techniques not included in the LFS book such as cross-build
toolchain In software, a toolchain is a set of programming tools that is used to perform a complex software development task or to create a software product, which is typically another computer program or a set of related programs. In general, the tools form ...
s, multilibrary support (32 & 64-bit
libraries A library is a collection of materials, books or media that are accessible for use and not just for display purposes. A library provides physical (hard copies) or digital access (soft copies) materials, and may be a physical location or a vir ...
side-by-side), and alternative
instruction set architecture In computer science, an instruction set architecture (ISA), also called computer architecture, is an abstract model of a computer. A device that executes instructions described by that ISA, such as a central processing unit (CPU), is called an ' ...
s such as
Itanium Itanium ( ) is a discontinued family of 64-bit Intel microprocessors that implement the Intel Itanium architecture (formerly called IA-64). Launched in June 2001, Intel marketed the processors for enterprise servers and high-performance computin ...
,
SPARC SPARC (Scalable Processor Architecture) is a reduced instruction set computer (RISC) instruction set architecture originally developed by Sun Microsystems. Its design was strongly influenced by the experimental Berkeley RISC system developed ...
, MIPS, and
Alpha Alpha (uppercase , lowercase ; grc, ἄλφα, ''álpha'', or ell, άλφα, álfa) is the first letter of the Greek alphabet. In the system of Greek numerals, it has a value of one. Alpha is derived from the Phoenician letter aleph , whic ...
. The Linux from Scratch project, like
BitBake BitBake is a make-like build tool with the special focus of distributions and packages for embedded Linux cross compilation, although it is not limited to that. It is inspired by Portage, which is the package management system used by the Gent ...
, also supports cross-compiling Linux for
ARM In human anatomy, the arm refers to the upper limb in common usage, although academically the term specifically means the upper arm between the glenohumeral joint (shoulder joint) and the elbow joint. The distal part of the upper limb between th ...
embedded systems such as the
Raspberry Pi Raspberry Pi () is a series of small single-board computers (SBCs) developed in the United Kingdom by the Raspberry Pi Foundation in association with Broadcom. The Raspberry Pi project originally leaned towards the promotion of teaching basic ...
and
BeagleBone The BeagleBoard is a low-power open-source single-board computer produced by Texas Instruments in association with Digi-Key and Newark element14. The BeagleBoard was also designed with open source software development in mind, and as a way of de ...
. The boo
''Hardened Linux From Scratch'' (HLFS)
focuses on security enhancements such as hardened kernel patches, mandatory
access control In the fields of physical security and information security, access control (AC) is the selective restriction of access to a place or other resource, while access management describes the process. The act of ''accessing'' may mean consuming ...
policies,
stack-smashing protection Buffer overflow protection is any of various techniques used during software development to enhance the security of executable programs by detecting buffer overflows on stack-allocated variables, and preventing them from causing program misbehavior ...
, and
address space layout randomization Address space layout randomization (ASLR) is a computer security technique involved in preventing exploitation of memory corruption vulnerabilities. In order to prevent an attacker from reliably jumping to, for example, a particular exploited fu ...
. Besides its main purpose of creating a
security-focused operating system This is a list of operating systems specifically focused on security. Operating systems for general-purpose usage may be secure without having a specific focus on security. Similar concepts include security-evaluated operating systems that hav ...
, HLFS had the secondary goal of being a security teaching tool. It has not been updated since 2011.
''Automated Linux From Scratch'' (ALFS)
is a project designed to automate the process of creating an LFS system. It is aimed at users who have gone through the LFS and BLFS books several times and wish to reduce the amount of work involved. A secondary goal is to act as a test of the LFS and BLFS books by directly extracting and running instructions from the XML sources of the LFS and BLFS books.


Requirements and procedure

A clean
partition Partition may refer to: Computing Hardware * Disk partitioning, the division of a hard disk drive * Memory partition, a subdivision of a computer's memory, usually for use by a single job Software * Partition (database), the division of a ...
and a working Linux system with a compiler and some essential
software libraries In computer science, a library is a collection of non-volatile resources used by computer programs, often for software development. These may include configuration data, documentation, help data, message templates, pre-written code and subro ...
are required to build LFS. Instead of installing from an existing Linux system, one can also use a Live CD to build an LFS system. The project formerly maintained the Linux From Scratch Live CD. LFS Live CD contains all the source packages (in the full version of the Live CD only), the LFS book, automated building tools and (except for the minimal Live CD version) an Xfce GUI environment to work in. The official LFS Live CD is no longer maintained, and cannot be used to build the LFS version7 or later. There are, however, two unofficial builds that can be used to build a 32-bit or 64-bit kernel and userspace respectively for LFS 7.x. First, a
toolchain In software, a toolchain is a set of programming tools that is used to perform a complex software development task or to create a software product, which is typically another computer program or a set of related programs. In general, the tools form ...
must be compiled consisting of the tools used to compile LFS, like GCC,
glibc The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library. Despite its name, it now also directly supports C++ (and, indirectly, other programming languages). It was started in the 1980s by ...
,
binutils The GNU Binary Utilities, or , are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code. Tools They were originally written by programmers at Cygnus Solutions. ...
, and other necessary utilities. Then, the
root directory In a computer file system, and primarily used in the Unix and Unix-like operating systems, the root directory is the first or top-most directory in a hierarchy. It can be likened to the trunk of a tree, as the starting point where all branches ...
must be changed, (using
chroot A chroot on Unix and Unix-like operating systems is an operation that changes the apparent root directory for the current running process and its children. A program that is run in such a modified environment cannot name (and therefore normall ...
), to the toolchain's
partition Partition may refer to: Computing Hardware * Disk partitioning, the division of a hard disk drive * Memory partition, a subdivision of a computer's memory, usually for use by a single job Software * Partition (database), the division of a ...
to start building the final system. One of the first packages to compile is glibc; after that, the toolchain's
linker Linker or linkers may refer to: Computing * Linker (computing), a computer program that takes one or more object files generated by a compiler or generated by an assembler and links them with libraries, generating an executable program or shar ...
must be adjusted to link against the newly built glibc, so that all other packages that will make up the finished system can be linked against it as well. During the
chroot A chroot on Unix and Unix-like operating systems is an operation that changes the apparent root directory for the current running process and its children. A program that is run in such a modified environment cannot name (and therefore normall ...
phase,
bash Bash or BASH may refer to: Arts and entertainment * ''Bash!'' (Rockapella album), 1992 * ''Bash!'' (Dave Bailey album), 1961 * '' Bash: Latter-Day Plays'', a dramatic triptych * ''BASH!'' (role-playing game), a 2005 superhero game * "Bash" ('' ...
's hashing feature is turned off and the temporary toolchain's bin directory moved to the end of PATH. This way the newly compiled programs come first in PATH and the new system builds on its own new components.


List of packages in LFS

This is a list of the packages included in CLFS version 1.1.0. Unless otherwise noted, this list is applicable to all supported architectures. *
Autoconf GNU Autoconf is a tool for producing configure scripts for building, installing, and packaging software on computer systems where a Bourne shell is available. Autoconf is agnostic about the programming languages used, but it is often used for ...
2.61 *
Automake In software development, GNU Automake is a programming tool to automate parts of the compilation process. It eases usual compilation problems. For example, it points to needed dependencies. It automatically generates one or more ''Makefile.in' ...
1.10.1 *
Bash Bash or BASH may refer to: Arts and entertainment * ''Bash!'' (Rockapella album), 1992 * ''Bash!'' (Dave Bailey album), 1961 * '' Bash: Latter-Day Plays'', a dramatic triptych * ''BASH!'' (role-playing game), a 2005 superhero game * "Bash" ('' ...
3.2 *
Bash Bash or BASH may refer to: Arts and entertainment * ''Bash!'' (Rockapella album), 1992 * ''Bash!'' (Dave Bailey album), 1961 * '' Bash: Latter-Day Plays'', a dramatic triptych * ''BASH!'' (role-playing game), a 2005 superhero game * "Bash" ('' ...
Documentation 3.2 * Bin86 (x86_64 non-multilib only) *
Binutils The GNU Binary Utilities, or , are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code. Tools They were originally written by programmers at Cygnus Solutions. ...
2.18 *
Bison Bison are large bovines in the genus ''Bison'' (Greek: "wild ox" (bison)) within the tribe Bovini. Two extant and numerous extinct species are recognised. Of the two surviving species, the American bison, ''B. bison'', found only in North Ame ...
2.3 * Bzip2 1.0.4 *CLFS-Bootscripts 1.0pre10 *
Coreutils The GNU Core Utilities or coreutils is a package of GNU software containing implementations for many of the basic tools, such as cat, ls, and rm, which are used on Unix-like operating systems. In September 2002, the ''GNU coreutils'' were cr ...
6.9 *
DejaGNU DejaGnu is a software framework for testing other programs. It has a main script called ''runtest'' that goes through a directory looking at configuration files and then runs some tests with given criteria. The purpose of the DejaGnu package ...
1.4.4 *
Diff In computing, the utility diff is a data comparison tool that computes and displays the differences between the contents of files. Unlike edit distance notions used for other purposes, diff is line-oriented rather than character-oriented, but it ...
utils 2.8.7 *
E2fsprogs e2fsprogs (sometimes called the e2fs programs) is a set of utilities for maintaining the ext2, ext3 and ext4 file systems. Since those file systems are often the default for Linux distributions, it is commonly considered to be essential software. ...
1.40.4 * Elftoaout 2.3 (Sparc and Sparc64 only) *
Expect Expect is an extension to the Tcl scripting language written by Don Libes. The program automates interactions with programs that expose a text terminal interface. Expect, originally written in 1990 for the Unix platform, has since become availa ...
5.43.0 *
File File or filing may refer to: Mechanical tools and processes * File (tool), a tool used to ''remove'' fine amounts of material from a workpiece **Filing (metalworking), a material removal process in manufacturing ** Nail file, a tool used to gent ...
4.23 *
Find Find, FIND or Finding may refer to: Computing * find (Unix), a command on UNIX platforms * find (Windows), a command on DOS/Windows platforms Books * ''The Find'' (2010), by Kathy Page * ''The Find'' (2014), by William Hope Hodgson Film and t ...
utils 4.2.32 *
Flex Flex or FLEX may refer to: Computing * Flex (language), developed by Alan Kay * FLEX (operating system), a single-tasking operating system for the Motorola 6800 * FlexOS, an operating system developed by Digital Research * FLEX (protocol), a comm ...
2.5.35 * Gawk 3.1.6 * GCC 4.2.4 *
Gettext In computing, gettext is an internationalization and localization (i18n and l10n) system commonly used for writing multilingual programs on Unix-like computer operating systems. One of the main benefits of gettext is that it separates programmi ...
0.17 *
Glibc The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library. Despite its name, it now also directly supports C++ (and, indirectly, other programming languages). It was started in the 1980s by ...
2.7 *
Grep grep is a command-line utility for searching plain-text data sets for lines that match a regular expression. Its name comes from the ed command ''g/re/p'' (''globally search for a regular expression and print matching lines''), which has the sam ...
2.5.3 * Groff 1.19.2 *
GRUB Grub can refer to Grub (larva), of the beetle superfamily Scarabaeoidea, or as a slang term for food. It can also refer to: Places * Grub, Appenzell Ausserrhoden, Switzerland * Grub, St. Gallen, Switzerland * Grub (Amerang), a hamlet in Bavaria, ...
0.97 *
Gzip gzip is a file format and a software application used for file compression and decompression. The program was created by Jean-loup Gailly and Mark Adler as a free software replacement for the compress program used in early Unix systems, and in ...
1.3.12 * Hfsutils 3.2.6 (PowerPC and PowerPC64 only) *Iana-Etc. 2.20 *Inetutils 1.5 *
IPRoute2 iproute2 is a collection of userspace utilities for controlling and monitoring various aspects of networking in the Linux kernel, including routing, network interfaces, tunnels, traffic control, and network-related device drivers. iproute2 ...
2.6.23 *Kbd 1.13 *
Less Less or LESS may refer to: fewer than,: not as much. Computing * less (Unix), a Unix utility program * Less (stylesheet language), a dynamic stylesheet language * Large-Scale Scrum (LeSS), a product development framework that extends Scrum Othe ...
418 * LILO 22.8 (x86_64 non-multilib only) *
Libtool In computer programming, GNU Libtool is a software development tool, part of the GNU build system, consisting of a shell script created to address the software portability problem when compiling shared libraries from source code. It hides t ...
1.5.26 *
Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which ...
2.6.24.7 *
GNU m4 m4 is a general-purpose macro processor included in most Unix-like operating systems, and is a component of the POSIX standard. The language was designed by Brian Kernighan and Dennis Ritchie for the original versions of UNIX. It is an extensio ...
1.4.10 *
Make Make or MAKE may refer to: * Make (magazine), a tech DIY periodical *Make (software), a software build tool *Make, Botswana, in the Kalahari Desert *Make Architects Make Architects is an international architecture practice headquartered in Londo ...
3.81 *Man 1.6e * Man-pages 3.01 *Mktemp 1.5 *Module-Init-Tools 3.4 *
Ncurses ncurses (new curses) is a programming library providing an application programming interface (API) that allows the programmer to write text-based user interfaces (TUI) in a terminal-independent manner. It is a toolkit for developing "GUI-like" ...
5.6 *
Parted GNU Parted (the name being the conjunction of the two words PARTition and EDitor) is a free partition editor, used for creating and deleting partitions. This is useful for creating space for new operating systems, reorganising hard disk usage, ...
1.8.8 (PowerPC and PowerPC64 only) *
Patch Patch or Patches may refer to: Arts, entertainment and media * Patch Johnson, a fictional character from ''Days of Our Lives'' * Patch (''My Little Pony''), a toy * "Patches" (Dickey Lee song), 1962 * "Patches" (Chairmen of the Board song) ...
2.5.9 *
Perl Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages. "Perl" refers to Perl 5, but from 2000 to 2019 it also referred to its redesigned "sister language", Perl 6, before the latter's name was offici ...
5.8.8 * PowerPC Utils 1.1.3 (PowerPC and PowerPC64 only) *Procps 3.2.7 *Psmisc 22.6 * Readline 5.2 *
Sed sed ("stream editor") is a Unix utility that parses and transforms text, using a simple, compact programming language. It was developed from 1973 to 1974 by Lee E. McMahon of Bell Labs, and is available today for most operating systems. sed w ...
4.1.5 *
Shadow A shadow is a dark area where light from a light source is blocked by an opaque object. It occupies all of the three-dimensional volume behind an object with light in front of it. The cross section of a shadow is a two-dimensional silhouette, o ...
4.1.2 *Silo 1.4.13 (Sparc and Sparc64 only) * Sysklogd 1.5 * Sysvinit 2.86 *
tar Tar is a dark brown or black viscous liquid of hydrocarbons and free carbon, obtained from a wide variety of organic materials through destructive distillation. Tar can be produced from coal, wood, petroleum, or peat. "a dark brown or black bit ...
1.20 *
Tcl TCL or Tcl or TCLs may refer to: Business * TCL Technology, a Chinese consumer electronics and appliance company **TCL Electronics, a subsidiary of TCL Technology * Texas Collegiate League, a collegiate baseball league * Trade Centre Limited ...
8.4.16 *
Texinfo Texinfo is a typesetting syntax used for generating documentation in both on-line and printed form (creating filetypes as , , , etc., and its own hypertext format, ) with a single source file. It is implemented by a computer program released as fr ...
4.11 *Tree 1.5.1.1 *
Udev udev (userspace ) is a device manager for the Linux kernel. As the successor of devfsd and hotplug, udev primarily manages device nodes in the directory. At the same time, udev also handles all user space events raised when hardware devices ...
124 * Util-linux-ng 2.14 * Vim 7.1 * Vim 7.1
language Language is a structured system of communication. The structure of a language is its grammar and the free components are its vocabulary. Languages are the primary means by which humans communicate, and may be conveyed through a variety of met ...
files (optional) *
Yaboot Yaboot (yet another boot loader) is a bootloader for PowerPC-based hardware running Linux. History In 2009, maintenance by Paul Nasrat was handed over to Tony Breeds. Hardware support Support includes the New World ROM Macintosh and IBM RS/6 ...
1.3.13 (PowerPC and PowerPC64 only) *
Zlib zlib ( or "zeta-lib", ) is a software library used for data compression. zlib was written by Jean-loup Gailly and Mark Adler and is an abstraction of the DEFLATE compression algorithm used in their gzip file compression program. zlib is also ...
1.2.3


Standard build unit

A "standard build unit" ("SBU") is a term used during initial bootstrapping of the system, and represents the amount of time required to build the first package in LFS on a given computer. Its creation was prompted by the long time required to build an LFS system, and the desire of many users to know how long a source tarball will take to build ahead of time. As of Linux From Scratch version 10.1, the first package built by the user is GNU binutils. When building it, users are encouraged to measure the build process using shell constructs and dub that time the system's "standard build unit". Once this number is known, an estimate of the time required to build later packages is expressed relative to the known SBU. Several packages built during compilation take much longer to build than binutils, including the
GNU C Library The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library. Despite its name, it now also directly supports C++ (and, indirectly, other programming languages). It was started in the 1980s by ...
(rated at 4.2 SBUs) and the
GNU Compiler Collection The GNU Compiler Collection (GCC) is an optimizing compiler produced by the GNU Project supporting various programming languages, hardware architectures and operating systems. The Free Software Foundation (FSF) distributes GCC as free software ...
(rated at 11 SBUs). The unit must be interpreted as an approximation; various factors influence the actual time required to build a package.


Reception

LWN.net LWN.net is a computing webzine with an emphasis on free software and software for Linux and other Unix-like operating systems. It consists of a weekly issue, separate stories which are published most days, and threaded discussion attached to ...
reviewed LFS in 2004: Tux Machines wrote a review about Linux From Scratch 6.1 in 2005: Tux Machines also has a second and a third part of the review.


See also

Other source-based Linux distributions: *
Gentoo Linux Gentoo Linux (pronounced ) is a Linux distribution built using the Portage package management system. Unlike a binary software distribution, the source code is compiled locally according to the user's preferences and is often optimized for the ...
* Sorcerer *
Source Mage Source Mage is a Linux distribution. As a package is being installed, its source code is automatically downloaded, compiled, and installed. Source Mage is descended from Sorcerer. Notable features Source Mage is, as its name suggests, a sourc ...
*
GoboLinux GoboLinux is a Linux distribution whose most prominent feature is a reorganization of the traditional Linux file system. Rather than following the Filesystem Hierarchy Standard like most Unix-like systems, each program in a GoboLinux system has i ...
*
CRUX Crux () is a constellation of the southern sky that is centred on four bright stars in a cross-shaped asterism commonly known as the Southern Cross. It lies on the southern end of the Milky Way's visible band. The name ''Crux'' is Latin for c ...


References

*


External links

* *
Interview with Gerard Beekmans

Another interview with Gerard Beekmans
{{Linux Books about Linux Free software Works about free software Linux distributions without systemd