summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--sys-libs/glibc/Manifest3
-rw-r--r--sys-libs/glibc/files/2.20/glibc-2.20-gentoo-chk_fail.c299
-rw-r--r--sys-libs/glibc/files/2.20/glibc-2.20-gentoo-stack_chk_fail.c2
-rw-r--r--sys-libs/glibc/files/2.20/glibc-2.20-hardened-inittls-nosysenter.patch306
-rw-r--r--sys-libs/glibc/files/2.25/glibc-2.25-gentoo-chk_fail.c303
-rw-r--r--sys-libs/glibc/files/nscd.service15
-rw-r--r--sys-libs/glibc/files/nscd.tmpfilesd4
-rw-r--r--sys-libs/glibc/glibc-2.26-r1337.ebuild836
8 files changed, 1768 insertions, 0 deletions
diff --git a/sys-libs/glibc/Manifest b/sys-libs/glibc/Manifest
new file mode 100644
index 00000000..5175c8fc
--- /dev/null
+++ b/sys-libs/glibc/Manifest
@@ -0,0 +1,3 @@
+DIST gcc-4.7.3-r1-multilib-bootstrap.tar.bz2 8064097 SHA256 34aec5a59bb4d0ecf908c62fd418461d0f3793238296897687305fd7a1f27299 SHA512 40b93e194ad41a75d649d84d1c49070680f253a13f0617803243bc61c44fed1ca2d0a7572a97ebb79353f312b58b5f6360be916dd7435928cc53935082e15269 WHIRLPOOL bbce19e7fe5c30faa55ddd4e29070f0d1fdfca3a04e8d68e0772260fa9be89ccde63ec92badb490209008df5fee6e53dfdeec4ae51857b90ba298a79315a199f
+DIST glibc-2.26-patches-7.tar.bz2 413976 SHA256 840d6ce3dbedbe2f556b6d3dd6abc8f178eca2eba4a9129d6cc9e514aecf7a27 SHA512 0c812a343fcc68c10d92117cb2a0cf1c255470e81f0a7a04d6db2fe35445e410ef37f15162f145c2eb772b08ab55af246f5b52f5e57c2e91038181f6f027abc3 WHIRLPOOL 569eb237576e57266ae3d1b2ecb3858614be4b6b53117fc7785b77d9954ac4b02668b23d120a34d0fa63cf10f292b702747fc417840f3f65f8a1812348de767d
+DIST glibc-2.26.tar.xz 14682748 SHA256 e54e0a934cd2bc94429be79da5e9385898d2306b9eaf3c92d5a77af96190f6bd SHA512 6ed368523bc55f00976f96c5177f114e3f714b27273d7bffc252812c8b98fb81970403c1f5b5f0a61da678811532fb446530745492d2b49bfefc0d5bd71ce8c0 WHIRLPOOL 9091c3bccc9b590de6b9595aa391ba01091f0c301bd9199d7c48fbeaeeb013ec9c683c68b65b59c5a69e3905b7f842cca1b0a410431967ecb3a1229b8535486f
diff --git a/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-chk_fail.c b/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-chk_fail.c
new file mode 100644
index 00000000..a8ab9d8a
--- /dev/null
+++ b/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-chk_fail.c
@@ -0,0 +1,299 @@
+/* Copyright (C) 2004-2014 Free Software Foundation, Inc.
+ Copyright (C) 2006-2014 Gentoo Foundation Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, write to the Free
+ Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+ 02111-1307 USA. */
+
+/* Hardened Gentoo SSP and FORTIFY handler
+
+ A failure handler that does not use functions from the rest of glibc;
+ it uses the INTERNAL_SYSCALL methods directly. This helps ensure no
+ possibility of recursion into the handler.
+
+ Direct all bug reports to http://bugs.gentoo.org/
+
+ People who have contributed significantly to the evolution of this file:
+ Ned Ludd - <solar[@]gentoo.org>
+ Alexander Gabert - <pappy[@]gentoo.org>
+ The PaX Team - <pageexec[@]freemail.hu>
+ Peter S. Mazinger - <ps.m[@]gmx.net>
+ Yoann Vandoorselaere - <yoann[@]prelude-ids.org>
+ Robert Connolly - <robert[@]linuxfromscratch.org>
+ Cory Visi <cory[@]visi.name>
+ Mike Frysinger <vapier[@]gentoo.org>
+ Magnus Granberg <zorry[@]gentoo.org>
+ Kevin F. Quinn - <kevquinn[@]gentoo.org>
+ */
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <signal.h>
+
+#include <sys/types.h>
+
+#include <sysdep-cancel.h>
+#include <sys/syscall.h>
+
+#include <kernel-features.h>
+
+#include <alloca.h>
+/* from sysdeps */
+#include <socketcall.h>
+/* for the stuff in bits/socket.h */
+#include <sys/socket.h>
+#include <sys/un.h>
+
+/* Sanity check on SYSCALL macro names - force compilation
+ * failure if the names used here do not exist
+ */
+#if !defined __NR_socketcall && !defined __NR_socket
+# error Cannot do syscall socket or socketcall
+#endif
+#if !defined __NR_socketcall && !defined __NR_connect
+# error Cannot do syscall connect or socketcall
+#endif
+#ifndef __NR_write
+# error Cannot do syscall write
+#endif
+#ifndef __NR_close
+# error Cannot do syscall close
+#endif
+#ifndef __NR_getpid
+# error Cannot do syscall getpid
+#endif
+#ifndef __NR_kill
+# error Cannot do syscall kill
+#endif
+#ifndef __NR_exit
+# error Cannot do syscall exit
+#endif
+#ifdef SSP_SMASH_DUMPS_CORE
+# define ENABLE_SSP_SMASH_DUMPS_CORE 1
+# if !defined _KERNEL_NSIG && !defined _NSIG
+# error No _NSIG or _KERNEL_NSIG for rt_sigaction
+# endif
+# if !defined __NR_sigaction && !defined __NR_rt_sigaction
+# error Cannot do syscall sigaction or rt_sigaction
+# endif
+/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size
+ * of the _kernel_ sigset_t which is not the same as the user sigset_t.
+ * Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for
+ * some reason.
+ */
+# ifdef _KERNEL_NSIG
+# define _SSP_NSIG _KERNEL_NSIG
+# else
+# define _SSP_NSIG _NSIG
+# endif
+#else
+# define _SSP_NSIG 0
+# define ENABLE_SSP_SMASH_DUMPS_CORE 0
+#endif
+
+/* Define DO_SIGACTION - default to newer rt signal interface but
+ * fallback to old as needed.
+ */
+#ifdef __NR_rt_sigaction
+# define DO_SIGACTION(signum, act, oldact) \
+ INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8)
+#else
+# define DO_SIGACTION(signum, act, oldact) \
+ INLINE_SYSCALL(sigaction, 3, signum, act, oldact)
+#endif
+
+/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */
+#if defined(__NR_socket) && defined(__NR_connect)
+# define USE_OLD_SOCKETCALL 0
+#else
+# define USE_OLD_SOCKETCALL 1
+#endif
+
+/* stub out the __NR_'s so we can let gcc optimize away dead code */
+#ifndef __NR_socketcall
+# define __NR_socketcall 0
+#endif
+#ifndef __NR_socket
+# define __NR_socket 0
+#endif
+#ifndef __NR_connect
+# define __NR_connect 0
+#endif
+#define DO_SOCKET(result, domain, type, protocol) \
+ do { \
+ if (USE_OLD_SOCKETCALL) { \
+ socketargs[0] = domain; \
+ socketargs[1] = type; \
+ socketargs[2] = protocol; \
+ socketargs[3] = 0; \
+ result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \
+ } else \
+ result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \
+ } while (0)
+#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \
+ do { \
+ if (USE_OLD_SOCKETCALL) { \
+ socketargs[0] = sockfd; \
+ socketargs[1] = (unsigned long int)serv_addr; \
+ socketargs[2] = addrlen; \
+ socketargs[3] = 0; \
+ result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \
+ } else \
+ result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \
+ } while (0)
+
+#ifndef _PATH_LOG
+# define _PATH_LOG "/dev/log"
+#endif
+
+static const char path_log[] = _PATH_LOG;
+
+/* For building glibc with SSP switched on, define __progname to a
+ * constant if building for the run-time loader, to avoid pulling
+ * in more of libc.so into ld.so
+ */
+#ifdef IS_IN_rtld
+static const char *__progname = "<ldso>";
+#else
+extern const char *__progname;
+#endif
+
+#ifdef GENTOO_SSP_HANDLER
+# define ERROR_MSG "stack smashing"
+#else
+# define ERROR_MSG "buffer overflow"
+#endif
+
+/* Common handler code, used by chk_fail
+ * Inlined to ensure no self-references to the handler within itself.
+ * Data static to avoid putting more than necessary on the stack,
+ * to aid core debugging.
+ */
+__attribute__ ((__noreturn__, __always_inline__))
+static inline void
+__hardened_gentoo_fail(void)
+{
+#define MESSAGE_BUFSIZ 512
+ static pid_t pid;
+ static int plen, i, hlen;
+ static char message[MESSAGE_BUFSIZ];
+ /* <11> is LOG_USER|LOG_ERR. A dummy date for loggers to skip over. */
+ static const char msg_header[] = "<11>" __DATE__ " " __TIME__ " glibc-gentoo-hardened-check: ";
+ static const char msg_ssd[] = "*** " ERROR_MSG " detected ***: ";
+ static const char msg_terminated[] = " terminated; ";
+ static const char msg_report[] = "report to " REPORT_BUGS_TO "\n";
+ static const char msg_unknown[] = "<unknown>";
+ static int log_socket, connect_result;
+ static struct sockaddr_un sock;
+ static unsigned long int socketargs[4];
+
+ /* Build socket address */
+ sock.sun_family = AF_UNIX;
+ i = 0;
+ while (path_log[i] != '\0' && i < sizeof(sock.sun_path) - 1) {
+ sock.sun_path[i] = path_log[i];
+ ++i;
+ }
+ sock.sun_path[i] = '\0';
+
+ /* Try SOCK_DGRAM connection to syslog */
+ connect_result = -1;
+ DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0);
+ if (log_socket != -1)
+ DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
+ if (connect_result == -1) {
+ if (log_socket != -1)
+ INLINE_SYSCALL(close, 1, log_socket);
+ /* Try SOCK_STREAM connection to syslog */
+ DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0);
+ if (log_socket != -1)
+ DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
+ }
+
+ /* Build message. Messages are generated both in the old style and new style,
+ * so that log watchers that are configured for the old-style message continue
+ * to work.
+ */
+#define strconcat(str) \
+ ({ \
+ i = 0; \
+ while ((str[i] != '\0') && ((i + plen) < (MESSAGE_BUFSIZ - 1))) { \
+ message[plen + i] = str[i]; \
+ ++i; \
+ } \
+ plen += i; \
+ })
+
+ /* Tersely log the failure */
+ plen = 0;
+ strconcat(msg_header);
+ hlen = plen;
+ strconcat(msg_ssd);
+ if (__progname != NULL)
+ strconcat(__progname);
+ else
+ strconcat(msg_unknown);
+ strconcat(msg_terminated);
+ strconcat(msg_report);
+
+ /* Write out error message to STDERR, to syslog if open */
+ INLINE_SYSCALL(write, 3, STDERR_FILENO, message + hlen, plen - hlen);
+ if (connect_result != -1) {
+ INLINE_SYSCALL(write, 3, log_socket, message, plen);
+ INLINE_SYSCALL(close, 1, log_socket);
+ }
+
+ /* Time to kill self since we have no idea what is going on */
+ pid = INLINE_SYSCALL(getpid, 0);
+
+ if (ENABLE_SSP_SMASH_DUMPS_CORE) {
+ /* Remove any user-supplied handler for SIGABRT, before using it. */
+#if 0
+ /*
+ * Note: Disabled because some programs catch & process their
+ * own crashes. We've already enabled this code path which
+ * means we want to let core dumps happen.
+ */
+ static struct sigaction default_abort_act;
+ default_abort_act.sa_handler = SIG_DFL;
+ default_abort_act.sa_sigaction = NULL;
+ __sigfillset(&default_abort_act.sa_mask);
+ default_abort_act.sa_flags = 0;
+ if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0)
+#endif
+ INLINE_SYSCALL(kill, 2, pid, SIGABRT);
+ }
+
+ /* SIGKILL is only signal which cannot be caught */
+ INLINE_SYSCALL(kill, 2, pid, SIGKILL);
+
+ /* In case the kill didn't work, exit anyway.
+ * The loop prevents gcc thinking this routine returns.
+ */
+ while (1)
+ INLINE_SYSCALL(exit, 1, 137);
+}
+
+__attribute__ ((__noreturn__))
+#ifdef GENTOO_SSP_HANDLER
+void __stack_chk_fail(void)
+#else
+void __chk_fail(void)
+#endif
+{
+ __hardened_gentoo_fail();
+}
diff --git a/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-stack_chk_fail.c b/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-stack_chk_fail.c
new file mode 100644
index 00000000..4a537bb5
--- /dev/null
+++ b/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-stack_chk_fail.c
@@ -0,0 +1,2 @@
+#define GENTOO_SSP_HANDLER
+#include <debug/chk_fail.c>
diff --git a/sys-libs/glibc/files/2.20/glibc-2.20-hardened-inittls-nosysenter.patch b/sys-libs/glibc/files/2.20/glibc-2.20-hardened-inittls-nosysenter.patch
new file mode 100644
index 00000000..35eabe94
--- /dev/null
+++ b/sys-libs/glibc/files/2.20/glibc-2.20-hardened-inittls-nosysenter.patch
@@ -0,0 +1,306 @@
+When building glibc PIE (which is not something upstream support),
+several modifications are necessary to the glibc build process.
+
+First, any syscalls in PIEs must be of the PIC variant, otherwise
+textrels ensue. Then, any syscalls made before the initialisation
+of the TLS will fail on i386, as the sysenter variant on i386 uses
+the TLS, giving rise to a chicken-and-egg situation. This patch
+defines a PIC syscall variant that doesn't use sysenter, even when the sysenter
+version is normally used, and uses the non-sysenter version for the brk
+syscall that is performed by the TLS initialisation. Further, the TLS
+initialisation is moved in this case prior to the initialisation of
+dl_osversion, as that requires further syscalls.
+
+csu/libc-start.c: Move initial TLS initialization to before the
+initialisation of dl_osversion, when INTERNAL_SYSCALL_PRE_TLS is defined
+
+csu/libc-tls.c: Use the no-sysenter version of sbrk when
+INTERNAL_SYSCALL_PRE_TLS is defined.
+
+misc/sbrk.c: Define a no-sysenter version of sbrk, using the no-sysenter
+version of brk - if INTERNAL_SYSCALL_PRE_TLS is defined.
+
+misc/brk.c: Define a no-sysenter version of brk if
+INTERNAL_SYSCALL_PRE_TLS is defined.
+
+sysdeps/unix/sysv/linux/i386/sysdep.h: Define INTERNAL_SYSCALL_PRE_TLS
+Make INTERNAL_SYSCALL always use the PIC variant, even if not SHARED.
+
+Patch by Kevin F. Quinn <kevquinn@gentoo.org>
+Fixed for 2.10 by Magnus Granberg <zorry@ume.nu>
+Fixed for 2.18 by Magnus Granberg <zorry@gentoo.org>
+Fixed for 2.20 by Francisco Blas Izquierdo Riera <klondike@gentoo.org>
+
+--- a/csu/libc-start.c
++++ b/csu/libc-start.c
+@@ -28,6 +28,7 @@
+ extern int __libc_multiple_libcs;
+
+ #include <tls.h>
++#include <sysdep.h>
+ #ifndef SHARED
+ # include <dl-osinfo.h>
+ extern void __pthread_initialize_minimal (void);
+@@ -170,6 +171,11 @@ LIBC_START_MAIN (int (*main) (int, char
+ }
+ }
+
++# ifdef INTERNAL_SYSCALL_PRE_TLS
++ /* Do the initial TLS initialization before _dl_osversion,
++ since the latter uses the uname syscall. */
++ __pthread_initialize_minimal ();
++# endif
+ # ifdef DL_SYSDEP_OSCHECK
+ if (!__libc_multiple_libcs)
+ {
+@@ -138,10 +144,12 @@
+ }
+ # endif
+
++# ifndef INTERNAL_SYSCALL_PRE_TLS
+ /* Initialize the thread library at least a bit since the libgcc
+ functions are using thread functions if these are available and
+ we need to setup errno. */
+ __pthread_initialize_minimal ();
++# endif
+
+ /* Set up the stack checker's canary. */
+ uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard ();
+--- a/csu/libc-tls.c
++++ b/csu/libc-tls.c
+@@ -22,12 +22,17 @@
+ #include <unistd.h>
+ #include <stdio.h>
+ #include <sys/param.h>
++#include <sysdep.h>
+
+
+ #ifdef SHARED
+ #error makefile bug, this file is for static only
+ #endif
+
++#ifdef INTERNAL_SYSCALL_PRE_TLS
++extern void *__sbrk_nosysenter (intptr_t __delta);
++#endif
++
+ dtv_t _dl_static_dtv[2 + TLS_SLOTINFO_SURPLUS];
+
+
+@@ -139,20 +144,29 @@ __libc_setup_tls (size_t tcbsize, size_t
+
+ The initialized value of _dl_tls_static_size is provided by dl-open.c
+ to request some surplus that permits dynamic loading of modules with
+- IE-model TLS. */
++ IE-model TLS.
++
++ Where the normal sbrk would use a syscall that needs the TLS (i386)
++ use the special non-sysenter version instead. */
++#ifdef INTERNAL_SYSCALL_PRE_TLS
++# define __sbrk __sbrk_nosysenter
++#endif
+ #if TLS_TCB_AT_TP
+ tcb_offset = roundup (memsz + GL(dl_tls_static_size), tcbalign);
+ tlsblock = __sbrk (tcb_offset + tcbsize + max_align);
+ #elif TLS_DTV_AT_TP
+ tcb_offset = roundup (tcbsize, align ?: 1);
+ tlsblock = __sbrk (tcb_offset + memsz + max_align
+ + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size));
+ tlsblock += TLS_PRE_TCB_SIZE;
+ #else
+ /* In case a model with a different layout for the TCB and DTV
+ is defined add another #elif here and in the following #ifs. */
+ # error "Either TLS_TCB_AT_TP or TLS_DTV_AT_TP must be defined"
+ #endif
++#ifdef INTERNAL_SYSCALL_PRE_TLS
++# undef __sbrk
++#endif
+
+ /* Align the TLS block. */
+ tlsblock = (void *) (((uintptr_t) tlsblock + max_align - 1)
+--- a/misc/sbrk.c
++++ b/misc/sbrk.c
+@@ -18,6 +18,7 @@
+ #include <errno.h>
+ #include <stdint.h>
+ #include <unistd.h>
++#include <sysdep.h>
+
+ /* Defined in brk.c. */
+ extern void *__curbrk;
+@@ -29,6 +30,35 @@
+ /* Extend the process's data space by INCREMENT.
+ If INCREMENT is negative, shrink data space by - INCREMENT.
+ Return start of new space allocated, or -1 for errors. */
++#ifdef INTERNAL_SYSCALL_PRE_TLS
++/* This version is used by csu/libc-tls.c whem initialising the TLS
++ if the SYSENTER version requires the TLS (which it does on i386).
++ Obviously using the TLS before it is initialised is broken. */
++extern int __brk_nosysenter (void *addr);
++void *
++__sbrk_nosysenter (intptr_t increment)
++{
++ void *oldbrk;
++
++ /* If this is not part of the dynamic library or the library is used via
++ dynamic loading in a statically linked program update __curbrk from the
++ kernel's brk value. That way two separate instances of __brk and __sbrk
++ can share the heap, returning interleaved pieces of it. */
++ if (__curbrk == NULL || __libc_multiple_libcs)
++ if (__brk_nosysenter (0) < 0) /* Initialize the break. */
++ return (void *) -1;
++
++ if (increment == 0)
++ return __curbrk;
++
++ oldbrk = __curbrk;
++ if (__brk_nosysenter (oldbrk + increment) < 0)
++ return (void *) -1;
++
++ return oldbrk;
++}
++#endif
++
+ void *
+ __sbrk (intptr_t increment)
+ {
+--- a/sysdeps/unix/sysv/linux/i386/brk.c
++++ b/sysdeps/unix/sysv/linux/i386/brk.c
+@@ -31,6 +31,30 @@
+ linker. */
+ weak_alias (__curbrk, ___brk_addr)
+
++#ifdef INTERNAL_SYSCALL_PRE_TLS
++/* This version is used by csu/libc-tls.c whem initialising the TLS
++ if the SYSENTER version requires the TLS (which it does on i386).
++ Obviously using the TLS before it is initialised is broken. */
++int
++__brk_nosysenter (void *addr)
++{
++ void *newbrk;
++
++ INTERNAL_SYSCALL_DECL (err);
++ newbrk = (void *) INTERNAL_SYSCALL_PRE_TLS (brk, err, 1, addr);
++
++ __curbrk = newbrk;
++
++ if (newbrk < addr)
++ {
++ __set_errno (ENOMEM);
++ return -1;
++ }
++
++ return 0;
++}
++#endif
++
+ int
+ __brk (void *addr)
+ {
+--- a/sysdeps/unix/sysv/linux/i386/sysdep.h
++++ b/sysdeps/unix/sysv/linux/i386/sysdep.h
+@@ -187,7 +187,7 @@
+ /* The original calling convention for system calls on Linux/i386 is
+ to use int $0x80. */
+ #ifdef I386_USE_SYSENTER
+-# ifdef SHARED
++# ifdef __PIC__
+ # define ENTER_KERNEL call *%gs:SYSINFO_OFFSET
+ # else
+ # define ENTER_KERNEL call *_dl_sysinfo
+@@ -358,7 +358,7 @@
+ possible to use more than four parameters. */
+ #undef INTERNAL_SYSCALL
+ #ifdef I386_USE_SYSENTER
+-# ifdef SHARED
++# ifdef __PIC__
+ # define INTERNAL_SYSCALL(name, err, nr, args...) \
+ ({ \
+ register unsigned int resultvar; \
+@@ -384,6 +384,18 @@
+ : "0" (name), "i" (offsetof (tcbhead_t, sysinfo)) \
+ ASMFMT_##nr(args) : "memory", "cc"); \
+ (int) resultvar; })
++# define INTERNAL_SYSCALL_PRE_TLS(name, err, nr, args...) \
++ ({ \
++ register unsigned int resultvar; \
++ EXTRAVAR_##nr \
++ asm volatile ( \
++ LOADARGS_NOSYSENTER_##nr \
++ "movl %1, %%eax\n\t" \
++ "int $0x80\n\t" \
++ RESTOREARGS_NOSYSENTER_##nr \
++ : "=a" (resultvar) \
++ : "i" (__NR_##name) ASMFMT_##nr(args) : "memory", "cc"); \
++ (int) resultvar; })
+ # else
+ # define INTERNAL_SYSCALL(name, err, nr, args...) \
+ ({ \
+@@ -447,12 +459,20 @@
+
+ #define LOADARGS_0
+ #ifdef __PIC__
+-# if defined I386_USE_SYSENTER && defined SHARED
++# if defined I386_USE_SYSENTER && defined __PIC__
+ # define LOADARGS_1 \
+ "bpushl .L__X'%k3, %k3\n\t"
+ # define LOADARGS_5 \
+ "movl %%ebx, %4\n\t" \
+ "movl %3, %%ebx\n\t"
++# define LOADARGS_NOSYSENTER_1 \
++ "bpushl .L__X'%k2, %k2\n\t"
++# define LOADARGS_NOSYSENTER_2 LOADARGS_NOSYSENTER_1
++# define LOADARGS_NOSYSENTER_3 LOADARGS_3
++# define LOADARGS_NOSYSENTER_4 LOADARGS_3
++# define LOADARGS_NOSYSENTER_5 \
++ "movl %%ebx, %3\n\t" \
++ "movl %2, %%ebx\n\t"
+ # else
+ # define LOADARGS_1 \
+ "bpushl .L__X'%k2, %k2\n\t"
+@@ -474,11 +494,18 @@
+
+ #define RESTOREARGS_0
+ #ifdef __PIC__
+-# if defined I386_USE_SYSENTER && defined SHARED
++# if defined I386_USE_SYSENTER && defined __PIC__
+ # define RESTOREARGS_1 \
+ "bpopl .L__X'%k3, %k3\n\t"
+ # define RESTOREARGS_5 \
+ "movl %4, %%ebx"
++# define RESTOREARGS_NOSYSENTER_1 \
++ "bpopl .L__X'%k2, %k2\n\t"
++# define RESTOREARGS_NOSYSENTER_2 RESTOREARGS_NOSYSENTER_1
++# define RESTOREARGS_NOSYSENTER_3 RESTOREARGS_3
++# define RESTOREARGS_NOSYSENTER_4 RESTOREARGS_3
++# define RESTOREARGS_NOSYSENTER_5 \
++ "movl %3, %%ebx"
+ # else
+ # define RESTOREARGS_1 \
+ "bpopl .L__X'%k2, %k2\n\t"
+--- a/sysdeps/i386/nptl/tls.h
++++ b/sysdeps/i386/nptl/tls.h
+@@ -189,6 +189,15 @@
+ desc->vals[3] = 0x51;
+ }
+
++/* We have no sysenter until the tls is initialized which is a
++ problem for PIC. Thus we need to do the right call depending
++ on the situation. */
++#ifndef INTERNAL_SYSCALL_PRE_TLS
++# define TLS_INIT_SYSCALL INTERNAL_SYSCALL
++#else
++# define TLS_INIT_SYSCALL INTERNAL_SYSCALL_PRE_TLS
++#endif
++
+ /* Code to initially initialize the thread pointer. This might need
+ special attention since 'errno' is not yet available and if the
+ operation can cause a failure 'errno' must not be touched. */
+@@ -209,7 +218,7 @@
+ \
+ /* Install the TLS. */ \
+ INTERNAL_SYSCALL_DECL (err); \
+- _result = INTERNAL_SYSCALL (set_thread_area, err, 1, &_segdescr.desc); \
++ _result = TLS_INIT_SYSCALL (set_thread_area, err, 1, &_segdescr.desc); \
+ \
+ if (_result == 0) \
+ /* We know the index in the GDT, now load the segment register. \
diff --git a/sys-libs/glibc/files/2.25/glibc-2.25-gentoo-chk_fail.c b/sys-libs/glibc/files/2.25/glibc-2.25-gentoo-chk_fail.c
new file mode 100644
index 00000000..2ef96b75
--- /dev/null
+++ b/sys-libs/glibc/files/2.25/glibc-2.25-gentoo-chk_fail.c
@@ -0,0 +1,303 @@
+/* Copyright (C) 2004-2014 Free Software Foundation, Inc.
+ Copyright (C) 2006-2014 Gentoo Foundation Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, write to the Free
+ Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+ 02111-1307 USA. */
+
+/* Hardened Gentoo SSP and FORTIFY handler
+
+ A failure handler that does not use functions from the rest of glibc;
+ it uses the INTERNAL_SYSCALL methods directly. This helps ensure no
+ possibility of recursion into the handler.
+
+ Direct all bug reports to http://bugs.gentoo.org/
+
+ People who have contributed significantly to the evolution of this file:
+ Ned Ludd - <solar[@]gentoo.org>
+ Alexander Gabert - <pappy[@]gentoo.org>
+ The PaX Team - <pageexec[@]freemail.hu>
+ Peter S. Mazinger - <ps.m[@]gmx.net>
+ Yoann Vandoorselaere - <yoann[@]prelude-ids.org>
+ Robert Connolly - <robert[@]linuxfromscratch.org>
+ Cory Visi <cory[@]visi.name>
+ Mike Frysinger <vapier[@]gentoo.org>
+ Magnus Granberg <zorry[@]gentoo.org>
+ Kevin F. Quinn - <kevquinn[@]gentoo.org>
+ */
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <signal.h>
+
+#include <sys/types.h>
+
+#include <sysdep-cancel.h>
+#include <sys/syscall.h>
+
+#include <kernel-features.h>
+
+#include <alloca.h>
+/* from sysdeps */
+#include <socketcall.h>
+/* for the stuff in bits/socket.h */
+#include <sys/socket.h>
+#include <sys/un.h>
+
+/* Sanity check on SYSCALL macro names - force compilation
+ * failure if the names used here do not exist
+ */
+#if !defined __NR_socketcall && !defined __NR_socket
+# error Cannot do syscall socket or socketcall
+#endif
+#if !defined __NR_socketcall && !defined __NR_connect
+# error Cannot do syscall connect or socketcall
+#endif
+#ifndef __NR_write
+# error Cannot do syscall write
+#endif
+#ifndef __NR_close
+# error Cannot do syscall close
+#endif
+#ifndef __NR_getpid
+# error Cannot do syscall getpid
+#endif
+#ifndef __NR_kill
+# error Cannot do syscall kill
+#endif
+#ifndef __NR_exit
+# error Cannot do syscall exit
+#endif
+#ifdef SSP_SMASH_DUMPS_CORE
+# define ENABLE_SSP_SMASH_DUMPS_CORE 1
+# if !defined _KERNEL_NSIG && !defined _NSIG
+# error No _NSIG or _KERNEL_NSIG for rt_sigaction
+# endif
+# if !defined __NR_sigaction && !defined __NR_rt_sigaction
+# error Cannot do syscall sigaction or rt_sigaction
+# endif
+/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size
+ * of the _kernel_ sigset_t which is not the same as the user sigset_t.
+ * Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for
+ * some reason.
+ */
+# ifdef _KERNEL_NSIG
+# define _SSP_NSIG _KERNEL_NSIG
+# else
+# define _SSP_NSIG _NSIG
+# endif
+#else
+# define _SSP_NSIG 0
+# define ENABLE_SSP_SMASH_DUMPS_CORE 0
+#endif
+
+/* Define DO_SIGACTION - default to newer rt signal interface but
+ * fallback to old as needed.
+ */
+#ifdef __NR_rt_sigaction
+# define DO_SIGACTION(signum, act, oldact) \
+ INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8)
+#else
+# define DO_SIGACTION(signum, act, oldact) \
+ INLINE_SYSCALL(sigaction, 3, signum, act, oldact)
+#endif
+
+/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */
+#if defined(__NR_socket) && defined(__NR_connect)
+# define USE_OLD_SOCKETCALL 0
+#else
+# define USE_OLD_SOCKETCALL 1
+#endif
+
+/* stub out the __NR_'s so we can let gcc optimize away dead code */
+#ifndef __NR_socketcall
+# define __NR_socketcall 0
+#endif
+#ifndef __NR_socket
+# define __NR_socket 0
+#endif
+#ifndef __NR_connect
+# define __NR_connect 0
+#endif
+#define DO_SOCKET(result, domain, type, protocol) \
+ do { \
+ if (USE_OLD_SOCKETCALL) { \
+ socketargs[0] = domain; \
+ socketargs[1] = type; \
+ socketargs[2] = protocol; \
+ socketargs[3] = 0; \
+ result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \
+ } else \
+ result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \
+ } while (0)
+#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \
+ do { \
+ if (USE_OLD_SOCKETCALL) { \
+ socketargs[0] = sockfd; \
+ socketargs[1] = (unsigned long int)serv_addr; \
+ socketargs[2] = addrlen; \
+ socketargs[3] = 0; \
+ result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \
+ } else \
+ result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \
+ } while (0)
+
+#ifndef _PATH_LOG
+# define _PATH_LOG "/dev/log"
+#endif
+
+static const char path_log[] = _PATH_LOG;
+
+/* For building glibc with SSP switched on, define __progname to a
+ * constant if building for the run-time loader, to avoid pulling
+ * in more of libc.so into ld.so
+ */
+#ifdef IS_IN_rtld
+static const char *__progname = "<ldso>";
+#else
+extern const char *__progname;
+#endif
+
+#ifdef GENTOO_SSP_HANDLER
+# define ERROR_MSG "stack smashing"
+#else
+# define ERROR_MSG "buffer overflow"
+#endif
+
+/* Common handler code, used by chk_fail
+ * Inlined to ensure no self-references to the handler within itself.
+ * Data static to avoid putting more than necessary on the stack,
+ * to aid core debugging.
+ */
+__attribute__ ((__noreturn__, __always_inline__))
+static inline void
+__hardened_gentoo_fail(void)
+{
+#define MESSAGE_BUFSIZ 512
+ static pid_t pid;
+ static int plen, i, hlen;
+ static char message[MESSAGE_BUFSIZ];
+ /* <11> is LOG_USER|LOG_ERR. A dummy date for loggers to skip over. */
+ static const char msg_header[] = "<11>" __DATE__ " " __TIME__ " glibc-gentoo-hardened-check: ";
+ static const char msg_ssd[] = "*** " ERROR_MSG " detected ***: ";
+ static const char msg_terminated[] = " terminated; ";
+ static const char msg_report[] = "report to " REPORT_BUGS_TO "\n";
+ static const char msg_unknown[] = "<unknown>";
+ static int log_socket, connect_result;
+ static struct sockaddr_un sock;
+ static unsigned long int socketargs[4];
+
+ /* Build socket address */
+ sock.sun_family = AF_UNIX;
+ i = 0;
+ while (path_log[i] != '\0' && i < sizeof(sock.sun_path) - 1) {
+ sock.sun_path[i] = path_log[i];
+ ++i;
+ }
+ sock.sun_path[i] = '\0';
+
+ /* Try SOCK_DGRAM connection to syslog */
+ connect_result = -1;
+ DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0);
+ if (log_socket != -1)
+ DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
+ if (connect_result == -1) {
+ if (log_socket != -1)
+ INLINE_SYSCALL(close, 1, log_socket);
+ /* Try SOCK_STREAM connection to syslog */
+ DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0);
+ if (log_socket != -1)
+ DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
+ }
+
+ /* Build message. Messages are generated both in the old style and new style,
+ * so that log watchers that are configured for the old-style message continue
+ * to work.
+ */
+#define strconcat(str) \
+ ({ \
+ i = 0; \
+ while ((str[i] != '\0') && ((i + plen) < (MESSAGE_BUFSIZ - 1))) { \
+ message[plen + i] = str[i]; \
+ ++i; \
+ } \
+ plen += i; \
+ })
+
+ /* Tersely log the failure */
+ plen = 0;
+ strconcat(msg_header);
+ hlen = plen;
+ strconcat(msg_ssd);
+ if (__progname != NULL)
+ strconcat(__progname);
+ else
+ strconcat(msg_unknown);
+ strconcat(msg_terminated);
+ strconcat(msg_report);
+
+ /* Write out error message to STDERR, to syslog if open */
+ INLINE_SYSCALL(write, 3, STDERR_FILENO, message + hlen, plen - hlen);
+ if (connect_result != -1) {
+ INLINE_SYSCALL(write, 3, log_socket, message, plen);
+ INLINE_SYSCALL(close, 1, log_socket);
+ }
+
+ /* Time to kill self since we have no idea what is going on */
+ pid = INLINE_SYSCALL(getpid, 0);
+
+ if (ENABLE_SSP_SMASH_DUMPS_CORE) {
+ /* Remove any user-supplied handler for SIGABRT, before using it. */
+#if 0
+ /*
+ * Note: Disabled because some programs catch & process their
+ * own crashes. We've already enabled this code path which
+ * means we want to let core dumps happen.
+ */
+ static struct sigaction default_abort_act;
+ default_abort_act.sa_handler = SIG_DFL;
+ default_abort_act.sa_sigaction = NULL;
+ __sigfillset(&default_abort_act.sa_mask);
+ default_abort_act.sa_flags = 0;
+ if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0)
+#endif
+ INLINE_SYSCALL(kill, 2, pid, SIGABRT);
+ }
+
+ /* SIGKILL is only signal which cannot be caught */
+ INLINE_SYSCALL(kill, 2, pid, SIGKILL);
+
+ /* In case the kill didn't work, exit anyway.
+ * The loop prevents gcc thinking this routine returns.
+ */
+ while (1)
+ INLINE_SYSCALL(exit, 1, 137);
+}
+
+__attribute__ ((__noreturn__))
+#ifdef GENTOO_SSP_HANDLER
+void __stack_chk_fail(void)
+#else
+void __chk_fail(void)
+#endif
+{
+ __hardened_gentoo_fail();
+}
+
+#ifdef GENTOO_SSP_HANDLER
+strong_alias (__stack_chk_fail, __stack_chk_fail_local)
+#endif
diff --git a/sys-libs/glibc/files/nscd.service b/sys-libs/glibc/files/nscd.service
new file mode 100644
index 00000000..25a3b1d9
--- /dev/null
+++ b/sys-libs/glibc/files/nscd.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=Name Service Cache Daemon
+After=network.target
+
+[Service]
+ExecStart=/usr/sbin/nscd -F
+ExecStop=/usr/sbin/nscd --shutdown
+ExecReload=/usr/sbin/nscd -i passwd
+ExecReload=/usr/sbin/nscd -i group
+ExecReload=/usr/sbin/nscd -i hosts
+ExecReload=/usr/sbin/nscd -i services
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
diff --git a/sys-libs/glibc/files/nscd.tmpfilesd b/sys-libs/glibc/files/nscd.tmpfilesd
new file mode 100644
index 00000000..52edbba6
--- /dev/null
+++ b/sys-libs/glibc/files/nscd.tmpfilesd
@@ -0,0 +1,4 @@
+# Configuration to create /run/nscd directory
+# Used as part of systemd's tmpfiles
+
+d /run/nscd 0755 root root
diff --git a/sys-libs/glibc/glibc-2.26-r1337.ebuild b/sys-libs/glibc/glibc-2.26-r1337.ebuild
new file mode 100644
index 00000000..e04e8dd3
--- /dev/null
+++ b/sys-libs/glibc/glibc-2.26-r1337.ebuild
@@ -0,0 +1,836 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit prefix toolchain-glibc
+
+DESCRIPTION="GNU libc C library"
+HOMEPAGE="https://www.gnu.org/software/libc/"
+
+LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE"
+RESTRICT="strip" # Strip ourself #46186
+EMULTILIB_PKG="true"
+
+# Configuration variables
+
+if [[ ${PV} == 9999* ]]; then
+ EGIT_REPO_URI="git://sourceware.org/git/glibc.git"
+ inherit git-r3
+else
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+ SRC_URI="mirror://gnu/glibc/${P}.tar.xz"
+fi
+
+RELEASE_VER=${PV}
+
+GCC_BOOTSTRAP_VER="4.7.3-r1"
+
+# Gentoo patchset
+PATCH_VER=7
+
+SRC_URI+=" https://dev.gentoo.org/~dilfridge/distfiles/${P}-patches-${PATCH_VER}.tar.bz2"
+SRC_URI+=" multilib? ( https://dev.gentoo.org/~dilfridge/distfiles/gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2 )"
+
+IUSE="audit caps debug doc gd hardened multilib nscd selinux systemtap profile suid vanilla headers-only"
+
+# Min kernel version glibc requires
+: ${NPTL_KERN_VER:="3.2.0"}
+
+# Here's how the cross-compile logic breaks down ...
+# CTARGET - machine that will target the binaries
+# CHOST - machine that will host the binaries
+# CBUILD - machine that will build the binaries
+# If CTARGET != CHOST, it means you want a libc for cross-compiling.
+# If CHOST != CBUILD, it means you want to cross-compile the libc.
+# CBUILD = CHOST = CTARGET - native build/install
+# CBUILD != (CHOST = CTARGET) - cross-compile a native build
+# (CBUILD = CHOST) != CTARGET - libc for cross-compiler
+# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler
+# For install paths:
+# CHOST = CTARGET - install into /
+# CHOST != CTARGET - install into /usr/CTARGET/
+
+export CBUILD=${CBUILD:-${CHOST}}
+export CTARGET=${CTARGET:-${CHOST}}
+if [[ ${CTARGET} == ${CHOST} ]] ; then
+ if [[ ${CATEGORY} == cross-* ]] ; then
+ export CTARGET=${CATEGORY#cross-}
+ fi
+fi
+
+is_crosscompile() {
+ [[ ${CHOST} != ${CTARGET} ]]
+}
+
+SLOT="2.2"
+
+# General: We need a new-enough binutils/gcc to match upstream baseline.
+# arch: we need to make sure our binutils/gcc supports TLS.
+COMMON_DEPEND="
+ nscd? ( selinux? (
+ audit? ( sys-process/audit )
+ caps? ( sys-libs/libcap )
+ ) )
+ suid? ( caps? ( sys-libs/libcap ) )
+ selinux? ( sys-libs/libselinux )
+ systemtap? ( dev-util/systemtap )
+"
+DEPEND="${COMMON_DEPEND}
+ >=app-misc/pax-utils-0.1.10
+ !<sys-apps/sandbox-1.6
+ !<sys-apps/portage-2.1.2
+ doc? ( sys-apps/texinfo )
+"
+RDEPEND="${COMMON_DEPEND}
+ !sys-kernel/ps3-sources
+ sys-apps/gentoo-functions
+ !sys-libs/nss-db
+"
+
+if [[ ${CATEGORY} == cross-* ]] ; then
+ DEPEND+=" !headers-only? (
+ >=${CATEGORY}/binutils-2.24
+ >=${CATEGORY}/gcc-4.9
+ )"
+ [[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers"
+else
+ DEPEND+="
+ >=sys-devel/binutils-2.24
+ >=sys-devel/gcc-4.9
+ virtual/os-headers
+ "
+ RDEPEND+=" vanilla? ( !sys-libs/timezone-data )"
+ PDEPEND+=" !vanilla? ( sys-libs/timezone-data )"
+fi
+
+#
+# the phases
+#
+
+pkg_pretend() {
+ # Make sure devpts is mounted correctly for use w/out setuid pt_chown
+ check_devpts
+
+ # Prevent native builds from downgrading
+ if [[ ${MERGE_TYPE} != "buildonly" ]] && \
+ [[ ${ROOT} == "/" ]] && \
+ [[ ${CBUILD} == ${CHOST} ]] && \
+ [[ ${CHOST} == ${CTARGET} ]] ; then
+ # The high rev # is to allow people to downgrade between -r# versions.
+ # We want to block 2.20->2.19, but 2.20-r3->2.20-r2 should be fine.
+ # Hopefully we never actually use a r# this high.
+ if has_version ">${CATEGORY}/${P}-r10000" ; then
+ eerror "Sanity check to keep you from breaking your system:"
+ eerror " Downgrading glibc is not supported and a sure way to destruction"
+ die "Aborting to save your system"
+ fi
+
+ if ! glibc_run_test '#include <pwd.h>\nint main(){return getpwuid(0)==0;}\n'
+ then
+ eerror "Your patched vendor kernel is broken. You need to get an"
+ eerror "update from whoever is providing the kernel to you."
+ eerror "https://sourceware.org/bugzilla/show_bug.cgi?id=5227"
+ eerror "https://bugs.gentoo.org/262698"
+ die "Keeping your system alive, say thank you"
+ fi
+
+ if ! glibc_run_test '#include <unistd.h>\n#include <sys/syscall.h>\nint main(){return syscall(1000)!=-1;}\n'
+ then
+ eerror "Your old kernel is broken. You need to update it to"
+ eerror "a newer version as syscall(<bignum>) will break."
+ eerror "https://bugs.gentoo.org/279260"
+ die "Keeping your system alive, say thank you"
+ fi
+ fi
+
+ # Users have had a chance to phase themselves, time to give em the boot
+ if [[ -e ${EROOT}/etc/locale.gen ]] && [[ -e ${EROOT}/etc/locales.build ]] ; then
+ eerror "You still haven't deleted ${EROOT}/etc/locales.build."
+ eerror "Do so now after making sure ${EROOT}/etc/locale.gen is kosher."
+ die "Lazy upgrader detected"
+ fi
+
+ if [[ ${CTARGET} == i386-* ]] ; then
+ eerror "i386 CHOSTs are no longer supported."
+ eerror "Chances are you don't actually want/need i386."
+ eerror "Please read https://www.gentoo.org/doc/en/change-chost.xml"
+ die "Please fix your CHOST"
+ fi
+
+ if [[ -e /proc/xen ]] && [[ $(tc-arch) == "x86" ]] && ! is-flag -mno-tls-direct-seg-refs ; then
+ ewarn "You are using Xen but don't have -mno-tls-direct-seg-refs in your CFLAGS."
+ ewarn "This will result in a 50% performance penalty when running with a 32bit"
+ ewarn "hypervisor, which is probably not what you want."
+ fi
+
+ use hardened && ! tc-enables-pie && \
+ ewarn "PIE hardening not applied, as your compiler doesn't default to PIE"
+
+ # Make sure host system is up to date #394453
+ if has_version '<sys-libs/glibc-2.13' && \
+ [[ -n $(scanelf -qys__guard -F'#s%F' "${EROOT}"/lib*/l*-*.so) ]]
+ then
+ ebegin "Scanning system for __guard to see if you need to rebuild first ..."
+ local files=$(
+ scanelf -qys__guard -F'#s%F' \
+ "${EROOT}"/*bin/ \
+ "${EROOT}"/lib* \
+ "${EROOT}"/usr/*bin/ \
+ "${EROOT}"/usr/lib* | \
+ egrep -v \
+ -e "^${EROOT}/lib.*/(libc|ld)-2.*.so$" \
+ -e "^${EROOT}/sbin/(ldconfig|sln)$"
+ )
+ [[ -z ${files} ]]
+ if ! eend $? ; then
+ eerror "Your system still has old SSP __guard symbols. You need to"
+ eerror "rebuild all the packages that provide these files first:"
+ eerror "${files}"
+ die "old __guard detected"
+ fi
+ fi
+
+ # Check for sanity of /etc/nsswitch.conf
+ if [[ -e ${EROOT}/etc/nsswitch.conf ]] ; then
+ local entry
+ for entry in passwd group shadow; do
+ if ! egrep -q "^[ \t]*${entry}:.*files" "${EROOT}"/etc/nsswitch.conf; then
+ eerror "Your ${EROOT}/etc/nsswitch.conf is out of date."
+ eerror "Please make sure you have 'files' entries for"
+ eerror "'passwd:', 'group:' and 'shadow:' databases."
+ eerror "For more details see:"
+ eerror " https://wiki.gentoo.org/wiki/Project:Toolchain/nsswitch.conf_in_glibc-2.26"
+ die "nsswitch.conf has no 'files' provider in '${entry}'."
+ fi
+ done
+ fi
+}
+
+src_unpack() {
+ use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2
+
+ setup_env
+
+ # Check NPTL support _before_ we unpack things to save some time
+ check_nptl_support
+
+ if [[ -n ${EGIT_REPO_URI} ]] ; then
+ git-r3_src_unpack
+ else
+ unpack ${P}.tar.xz
+ fi
+
+ cd "${S}"
+ touch locale/C-translit.h #185476 #218003
+
+ cd "${WORKDIR}"
+ unpack glibc-${RELEASE_VER}-patches-${PATCH_VER}.tar.bz2
+}
+
+src_prepare() {
+ if ! use vanilla ; then
+ elog "Applying Gentoo Glibc Patchset ${RELEASE_VER}-${PATCH_VER}"
+ eapply "${WORKDIR}"/patches
+ einfo "Done."
+ fi
+
+ if just_headers ; then
+ if [[ -e ports/sysdeps/mips/preconfigure ]] ; then
+ # mips peeps like to screw with us. if building headers,
+ # we don't have a real compiler, so we can't let them
+ # insert -mabi on us.
+ sed -i '/CPPFLAGS=.*-mabi/s|.*|:|' ports/sysdeps/mips/preconfigure || die
+ find ports/sysdeps/mips/ -name Makefile -exec sed -i '/^CC.*-mabi=/s:-mabi=.*:-D_MIPS_SZPTR=32:' {} +
+ fi
+ fi
+
+ default
+
+ gnuconfig_update
+
+ cd "${WORKDIR}"
+ find . -name configure -exec touch {} +
+
+ eprefixify extra/locale/locale-gen
+
+ # Fix permissions on some of the scripts.
+ chmod u+x "${S}"/scripts/*.sh
+
+ cd "${S}"
+
+ if use hardened ; then
+ # We don't enable these for non-hardened as the output is very terse --
+ # it only states that a crash happened. The default upstream behavior
+ # includes backtraces and symbols.
+ einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler"
+ cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-stack_chk_fail.c debug/stack_chk_fail.c || die
+ cp "${FILESDIR}"/2.25/glibc-2.25-gentoo-chk_fail.c debug/chk_fail.c || die
+
+ if use debug ; then
+ # Allow SIGABRT to dump core on non-hardened systems, or when debug is requested.
+ sed -i \
+ -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
+ -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
+ debug/Makefile || die
+ fi
+ fi
+}
+
+glibc_do_configure() {
+ # Glibc does not work with gold (for various reasons) #269274.
+ tc-ld-disable-gold
+
+ # CXX isnt handled by the multilib system, so if we dont unset here
+ # we accumulate crap across abis
+ unset CXX
+
+ einfo "Configuring glibc for $1"
+
+ if use doc ; then
+ export MAKEINFO=makeinfo
+ else
+ export MAKEINFO=/dev/null
+ fi
+
+ local v
+ for v in ABI CBUILD CHOST CTARGET CBUILD_OPT CTARGET_OPT CC CXX LD {AS,C,CPP,CXX,LD}FLAGS MAKEINFO ; do
+ einfo " $(printf '%15s' ${v}:) ${!v}"
+ done
+
+ # The glibc configure script doesn't properly use LDFLAGS all the time.
+ export CC="$(tc-getCC ${CTARGET}) ${LDFLAGS}"
+ einfo " $(printf '%15s' 'Manual CC:') ${CC}"
+
+ # Some of the tests are written in C++, so we need to force our multlib abis in, bug 623548
+ export CXX="$(tc-getCXX ${CTARGET}) $(get_abi_CFLAGS)"
+ einfo " $(printf '%15s' 'Manual CXX:') ${CXX}"
+
+ echo
+
+ local myconf=()
+
+ # set addons
+ pushd "${S}" > /dev/null
+ local addons=$(echo */configure | sed \
+ -e 's:/configure::g' \
+ -e 's:\(linuxthreads\|nptl\|rtkaio\|glibc-compat\)\( \|$\)::g' \
+ -e 's: \+$::' \
+ -e 's! !,!g' \
+ -e 's!^!,!' \
+ -e '/^,\*$/d')
+ [[ -d ports ]] && addons+=",ports"
+ popd > /dev/null
+
+ case ${CTARGET} in
+ powerpc-*)
+ # Currently gcc on powerpc32 generates invalid code for
+ # __builtin_return_address(0) calls. Normally programs
+ # don't do that but malloc hooks in glibc do:
+ # https://gcc.gnu.org/PR81996
+ # https://bugs.gentoo.org/629054
+ myconf+=( --enable-stack-protector=no )
+ ;;
+ *)
+ myconf+=( --enable-stack-protector=all )
+ ;;
+ esac
+ myconf+=( --enable-stackguard-randomization )
+
+ # Keep a whitelist of targets supporing IFUNC. glibc's ./configure
+ # is not robust enough to detect proper support:
+ # https://bugs.gentoo.org/641216
+ # https://sourceware.org/PR22634#c0
+ case $(tc-arch ${CTARGET}) in
+ # Keep whitelist of targets where autodetection mostly works.
+ amd64|x86|sparc|ppc|ppc64|arm|arm64|s390) ;;
+ # Blacklist everywhere else
+ *) myconf+=( libc_cv_ld_gnu_indirect_function=no ) ;;
+ esac
+
+ [[ $(tc-is-softfloat) == "yes" ]] && myconf+=( --without-fp )
+
+ if [[ $1 == "nptl" ]] ; then
+ myconf+=( --enable-kernel=${NPTL_KERN_VER} )
+ else
+ die "invalid pthread option"
+ fi
+ myconf+=( --enable-add-ons="${addons#,}" )
+
+ # Since SELinux support is only required for nscd, only enable it if:
+ # 1. USE selinux
+ # 2. only for the primary ABI on multilib systems
+ # 3. Not a crosscompile
+ if ! is_crosscompile && use selinux ; then
+ if use multilib ; then
+ if is_final_abi ; then
+ myconf+=( --with-selinux )
+ else
+ myconf+=( --without-selinux )
+ fi
+ else
+ myconf+=( --with-selinux )
+ fi
+ else
+ myconf+=( --without-selinux )
+ fi
+
+ # Force a few tests where we always know the answer but
+ # configure is incapable of finding it.
+ if is_crosscompile ; then
+ export \
+ libc_cv_c_cleanup=yes \
+ libc_cv_forced_unwind=yes
+ fi
+
+ myconf+=(
+ --without-cvs
+ --disable-werror
+ --enable-bind-now
+ --build=${CBUILD_OPT:-${CBUILD}}
+ --host=${CTARGET_OPT:-${CTARGET}}
+ $(use_enable profile)
+ $(use_with gd)
+ --with-headers=$(alt_build_headers)
+ --prefix="${EPREFIX}/usr"
+ --sysconfdir="${EPREFIX}/etc"
+ --localstatedir="${EPREFIX}/var"
+ --libdir='$(prefix)'/$(get_libdir)
+ --mandir='$(prefix)'/share/man
+ --infodir='$(prefix)'/share/info
+ --libexecdir='$(libdir)'/misc/glibc
+ --with-bugurl=https://bugs.gentoo.org/
+ --with-pkgversion="$(glibc_banner)"
+ $(use_multiarch || echo --disable-multi-arch)
+ $(in_iuse systemtap && use_enable systemtap)
+ $(in_iuse nscd && use_enable nscd)
+ ${EXTRA_ECONF}
+ )
+
+ # We rely on sys-libs/timezone-data for timezone tools normally.
+ myconf+=( $(use_enable vanilla timezone-tools) )
+
+ # These libs don't have configure flags.
+ ac_cv_lib_audit_audit_log_user_avc_message=$(in_iuse audit && usex audit || echo no)
+ ac_cv_lib_cap_cap_init=$(in_iuse caps && usex caps || echo no)
+
+ # There is no configure option for this and we need to export it
+ # since the glibc build will re-run configure on itself
+ export libc_cv_rootsbindir="${EPREFIX}/sbin"
+ export libc_cv_slibdir="${EPREFIX}/$(get_libdir)"
+
+ # We take care of patching our binutils to use both hash styles,
+ # and many people like to force gnu hash style only, so disable
+ # this overriding check. #347761
+ export libc_cv_hashstyle=no
+
+ local builddir=$(builddir "$1")
+ mkdir -p "${builddir}"
+ cd "${builddir}"
+ set -- "${S}"/configure "${myconf[@]}"
+ echo "$@"
+ "$@" || die "failed to configure glibc"
+
+ # ia64 static cross-compilers are a pita in so much that they
+ # can't produce static ELFs (as the libgcc.a is broken). so
+ # disable building of the programs for those targets if it
+ # doesn't work.
+ # XXX: We could turn this into a compiler test, but ia64 is
+ # the only one that matters, so this should be fine for now.
+ if is_crosscompile && [[ ${CTARGET} == ia64* ]] ; then
+ sed -i '1i+link-static = touch $@' config.make
+ fi
+
+ # If we're trying to migrate between ABI sets, we need
+ # to lie and use a local copy of gcc. Like if the system
+ # is built with MULTILIB_ABIS="amd64 x86" but we want to
+ # add x32 to it, gcc/glibc don't yet support x32.
+ if [[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib ; then
+ echo 'main(){}' > "${T}"/test.c
+ if ! $(tc-getCC ${CTARGET}) ${CFLAGS} ${LDFLAGS} "${T}"/test.c -Wl,-emain -lgcc 2>/dev/null ; then
+ sed -i -e '/^CC = /s:$: -B$(objdir)/../'"gcc-${GCC_BOOTSTRAP_VER}/${ABI}:" config.make || die
+ fi
+ fi
+}
+
+glibc_headers_configure() {
+ export ABI=default
+
+ local builddir=$(builddir "headers")
+ mkdir -p "${builddir}"
+ cd "${builddir}"
+
+ # if we don't have a compiler yet, we can't really test it now ...
+ # hopefully they don't affect header generation, so let's hope for
+ # the best here ...
+ local v vars=(
+ ac_cv_header_cpuid_h=yes
+ libc_cv_{386,390,alpha,arm,hppa,ia64,mips,{powerpc,sparc}{,32,64},sh,x86_64}_tls=yes
+ libc_cv_asm_cfi_directives=yes
+ libc_cv_broken_visibility_attribute=no
+ libc_cv_c_cleanup=yes
+ libc_cv_forced_unwind=yes
+ libc_cv_gcc___thread=yes
+ libc_cv_mlong_double_128=yes
+ libc_cv_mlong_double_128ibm=yes
+ libc_cv_ppc_machine=yes
+ libc_cv_ppc_rel16=yes
+ libc_cv_predef_fortify_source=no
+ libc_cv_visibility_attribute=yes
+ libc_cv_z_combreloc=yes
+ libc_cv_z_execstack=yes
+ libc_cv_z_initfirst=yes
+ libc_cv_z_nodelete=yes
+ libc_cv_z_nodlopen=yes
+ libc_cv_z_relro=yes
+ libc_mips_abi=${ABI}
+ libc_mips_float=$([[ $(tc-is-softfloat) == "yes" ]] && echo soft || echo hard)
+ # These libs don't have configure flags.
+ ac_cv_lib_audit_audit_log_user_avc_message=no
+ ac_cv_lib_cap_cap_init=no
+ )
+
+ einfo "Forcing cached settings:"
+ for v in "${vars[@]}" ; do
+ einfo " ${v}"
+ export ${v}
+ done
+
+ # Blow away some random CC settings that screw things up. #550192
+ if [[ -d ${S}/sysdeps/mips ]]; then
+ pushd "${S}"/sysdeps/mips >/dev/null
+ sed -i -e '/^CC +=/s:=.*:= -D_MIPS_SZPTR=32:' mips32/Makefile mips64/n32/Makefile || die
+ sed -i -e '/^CC +=/s:=.*:= -D_MIPS_SZPTR=64:' mips64/n64/Makefile || die
+
+ # Force the mips ABI to the default. This is OK because the set of
+ # installed headers in this phase is the same between the 3 ABIs.
+ # If this ever changes, this hack will break, but that's unlikely
+ # as glibc discourages that behavior.
+ # https://crbug.com/647033
+ sed -i -e 's:abiflag=.*:abiflag=_ABIO32:' preconfigure || die
+
+ popd >/dev/null
+ fi
+
+ local myconf=()
+ myconf+=(
+ --disable-sanity-checks
+ --enable-hacker-mode
+ --without-cvs
+ --disable-werror
+ --enable-bind-now
+ --build=${CBUILD_OPT:-${CBUILD}}
+ --host=${CTARGET_OPT:-${CTARGET}}
+ --with-headers=$(alt_build_headers)
+ --prefix="${EPREFIX}/usr"
+ ${EXTRA_ECONF}
+ )
+
+ local addons
+ [[ -d ${S}/ports ]] && addons+=",ports"
+ myconf+=( --enable-add-ons="${addons#,}" )
+
+ # Nothing is compiled here which would affect the headers for the target.
+ # So forcing CC/CFLAGS is sane.
+ set -- "${S}"/configure "${myconf[@]}"
+ echo "$@"
+ CC="$(tc-getBUILD_CC)" \
+ CFLAGS="-O1 -pipe" \
+ CPPFLAGS="-U_FORTIFY_SOURCE" \
+ LDFLAGS="" \
+ "$@" || die "failed to configure glibc"
+}
+
+do_src_configure() {
+ if just_headers ; then
+ glibc_headers_configure
+ else
+ glibc_do_configure nptl
+ fi
+}
+
+src_configure() {
+ foreach_abi do_src_configure
+}
+
+do_src_compile() {
+ emake -C "$(builddir nptl)" || die "make nptl for ${ABI} failed"
+}
+
+src_compile() {
+ if just_headers ; then
+ return
+ fi
+
+ foreach_abi do_src_compile
+}
+
+glibc_src_test() {
+ cd "$(builddir $1)"
+ emake check
+}
+
+do_src_test() {
+ local ret=0
+
+ glibc_src_test nptl
+ : $(( ret |= $? ))
+
+ return ${ret}
+}
+
+src_test() {
+ # Give tests more time to complete.
+ export TIMEOUTFACTOR=5
+
+ foreach_abi do_src_test || die "tests failed"
+}
+
+glibc_do_src_install() {
+ local builddir=$(builddir nptl)
+ cd "${builddir}"
+
+ emake install_root="${D}$(alt_prefix)" install || die
+
+ # This version (2.26) provides some compatibility libraries for the NIS/NIS+ support
+ # which come without headers etc. Only needed for binary packages since the
+ # external net-libs/libnsl has increased soversion. Keep only versioned libraries.
+ find "${D}" -name "libnsl.a" -delete
+ find "${D}" -name "libnsl.so" -delete
+
+ # Normally upstream_pv is ${PV}. Live ebuilds are exception, there we need
+ # to infer upstream version:
+ # '#define VERSION "2.26.90"' -> '2.26.90'
+ local upstream_pv=$(sed -n -r 's/#define VERSION "(.*)"/\1/p' "${S}"/version.h)
+
+ if [[ -e ${ED}$(alt_usrlibdir)/libm-${upstream_pv}.a ]] ; then
+ # Move versioned .a file out of libdir to evade portage QA checks
+ # instead of using gen_usr_ldscript(). We fix ldscript as:
+ # "GROUP ( /usr/lib64/libm-<pv>.a ..." -> "GROUP ( /usr/lib64/glibc-<pv>/libm-<pv>.a ..."
+ sed -i "s@\(libm-${upstream_pv}.a\)@${P}/\1@" "${ED}"$(alt_usrlibdir)/libm.a || die
+ dodir $(alt_usrlibdir)/${P}
+ mv "${ED}"$(alt_usrlibdir)/libm-${upstream_pv}.a "${ED}"$(alt_usrlibdir)/${P}/libm-${upstream_pv}.a || die
+ fi
+
+ # We'll take care of the cache ourselves
+ rm -f "${ED}"/etc/ld.so.cache
+
+ # Everything past this point just needs to be done once ...
+ is_final_abi || return 0
+
+ # Make sure the non-native interp can be found on multilib systems even
+ # if the main library set isn't installed into the right place. Maybe
+ # we should query the active gcc for info instead of hardcoding it ?
+ local i ldso_abi ldso_name
+ local ldso_abi_list=(
+ # x86
+ amd64 /lib64/ld-linux-x86-64.so.2
+ x32 /libx32/ld-linux-x32.so.2
+ x86 /lib/ld-linux.so.2
+ # mips
+ o32 /lib/ld.so.1
+ n32 /lib32/ld.so.1
+ n64 /lib64/ld.so.1
+ # powerpc
+ ppc /lib/ld.so.1
+ ppc64 /lib64/ld64.so.1
+ # s390
+ s390 /lib/ld.so.1
+ s390x /lib/ld64.so.1
+ # sparc
+ sparc32 /lib/ld-linux.so.2
+ sparc64 /lib64/ld-linux.so.2
+ )
+ case $(tc-endian) in
+ little)
+ ldso_abi_list+=(
+ # arm
+ arm64 /lib/ld-linux-aarch64.so.1
+ )
+ ;;
+ big)
+ ldso_abi_list+=(
+ # arm
+ arm64 /lib/ld-linux-aarch64_be.so.1
+ )
+ ;;
+ esac
+ if [[ ${SYMLINK_LIB} == "yes" ]] && [[ ! -e ${ED}/$(alt_prefix)/lib ]] ; then
+ dosym $(get_abi_LIBDIR ${DEFAULT_ABI}) $(alt_prefix)/lib
+ fi
+ for (( i = 0; i < ${#ldso_abi_list[@]}; i += 2 )) ; do
+ ldso_abi=${ldso_abi_list[i]}
+ has ${ldso_abi} $(get_install_abis) || continue
+
+ ldso_name="$(alt_prefix)${ldso_abi_list[i+1]}"
+ if [[ ! -L ${ED}/${ldso_name} && ! -e ${ED}/${ldso_name} ]] ; then
+ dosym ../$(get_abi_LIBDIR ${ldso_abi})/${ldso_name##*/} ${ldso_name}
+ fi
+ done
+
+ # With devpts under Linux mounted properly, we do not need the pt_chown
+ # binary to be setuid. This is because the default owners/perms will be
+ # exactly what we want.
+ if in_iuse suid && ! use suid ; then
+ find "${ED}" -name pt_chown -exec chmod -s {} +
+ fi
+
+ #################################################################
+ # EVERYTHING AFTER THIS POINT IS FOR NATIVE GLIBC INSTALLS ONLY #
+ # Make sure we install some symlink hacks so that when we build
+ # a 2nd stage cross-compiler, gcc finds the target system
+ # headers correctly. See gcc/doc/gccinstall.info
+ if is_crosscompile ; then
+ # We need to make sure that /lib and /usr/lib always exists.
+ # gcc likes to use relative paths to get to its multilibs like
+ # /usr/lib/../lib64/. So while we don't install any files into
+ # /usr/lib/, we do need it to exist.
+ cd "${ED}"$(alt_libdir)/..
+ [[ -e lib ]] || mkdir lib
+ cd "${ED}"$(alt_usrlibdir)/..
+ [[ -e lib ]] || mkdir lib
+
+ dosym usr/include $(alt_prefix)/sys-include
+ return 0
+ fi
+
+ # Files for Debian-style locale updating
+ dodir /usr/share/i18n
+ sed \
+ -e "/^#/d" \
+ -e "/SUPPORTED-LOCALES=/d" \
+ -e "s: \\\\::g" -e "s:/: :g" \
+ "${S}"/localedata/SUPPORTED > "${ED}"/usr/share/i18n/SUPPORTED \
+ || die "generating /usr/share/i18n/SUPPORTED failed"
+ cd "${WORKDIR}"/extra/locale
+ dosbin locale-gen
+ doman *.[0-8]
+ insinto /etc
+ doins locale.gen
+
+ # Make sure all the ABI's can find the locales and so we only
+ # have to generate one set
+ local a
+ keepdir /usr/$(get_libdir)/locale
+ for a in $(get_install_abis) ; do
+ if [[ ! -e ${ED}/usr/$(get_abi_LIBDIR ${a})/locale ]] ; then
+ dosym ../$(get_libdir)/locale /usr/$(get_abi_LIBDIR ${a})/locale
+ fi
+ done
+
+ cd "${S}"
+
+ # Install misc network config files
+ insinto /etc
+ doins nscd/nscd.conf posix/gai.conf nss/nsswitch.conf
+ doins "${WORKDIR}"/extra/etc/*.conf
+
+ if use nscd ; then
+ doinitd "$(prefixify_ro "${WORKDIR}"/extra/etc/nscd)"
+
+ local nscd_args=(
+ -e "s:@PIDFILE@:$(strings "${ED}"/usr/sbin/nscd | grep nscd.pid):"
+ )
+
+ sed -i "${nscd_args[@]}" "${ED}"/etc/init.d/nscd
+
+ systemd_dounit nscd/nscd.service
+ systemd_newtmpfilesd nscd/nscd.tmpfiles nscd.conf
+ else
+ # Do this since extra/etc/*.conf above might have nscd.conf.
+ rm -f "${ED}"/etc/nscd.conf
+ fi
+
+ echo 'LDPATH="include ld.so.conf.d/*.conf"' > "${T}"/00glibc
+ doenvd "${T}"/00glibc
+
+ for d in BUGS ChangeLog* CONFORMANCE FAQ NEWS NOTES PROJECTS README* ; do
+ [[ -s ${d} ]] && dodoc ${d}
+ done
+
+ # Prevent overwriting of the /etc/localtime symlink. We'll handle the
+ # creation of the "factory" symlink in pkg_postinst().
+ rm -f "${ED}"/etc/localtime
+}
+
+glibc_headers_install() {
+ local builddir=$(builddir "headers")
+ cd "${builddir}"
+ emake install_root="${D}$(alt_prefix)" install-headers
+
+ insinto $(alt_headers)/gnu
+ doins "${S}"/include/gnu/stubs.h
+
+ # Make sure we install the sys-include symlink so that when
+ # we build a 2nd stage cross-compiler, gcc finds the target
+ # system headers correctly. See gcc/doc/gccinstall.info
+ dosym usr/include $(alt_prefix)/sys-include
+}
+
+src_install() {
+ if just_headers ; then
+ export ABI=default
+ glibc_headers_install
+ return
+ fi
+
+ foreach_abi glibc_do_src_install
+ src_strip
+}
+
+pkg_preinst() {
+ # nothing to do if just installing headers
+ just_headers && return
+
+ # prepare /etc/ld.so.conf.d/ for files
+ mkdir -p "${EROOT}"/etc/ld.so.conf.d
+
+ # Default /etc/hosts.conf:multi to on for systems with small dbs.
+ if [[ $(wc -l < "${EROOT}"/etc/hosts) -lt 1000 ]] ; then
+ sed -i '/^multi off/s:off:on:' "${ED}"/etc/host.conf
+ einfo "Defaulting /etc/host.conf:multi to on"
+ fi
+
+ [[ ${ROOT} != "/" ]] && return 0
+ [[ -d ${ED}/$(get_libdir) ]] || return 0
+ [[ -z ${BOOTSTRAP_RAP} ]] && glibc_sanity_check
+}
+
+pkg_postinst() {
+ # nothing to do if just installing headers
+ just_headers && return
+
+ if ! tc-is-cross-compiler && [[ -x ${EROOT}/usr/sbin/iconvconfig ]] ; then
+ # Generate fastloading iconv module configuration file.
+ "${EROOT}"/usr/sbin/iconvconfig --prefix="${ROOT}"
+ fi
+
+ if ! is_crosscompile && [[ ${ROOT} == "/" ]] ; then
+ # Reload init ... if in a chroot or a diff init package, ignore
+ # errors from this step #253697
+ /sbin/telinit U 2>/dev/null
+
+ # if the host locales.gen contains no entries, we'll install everything
+ local locale_list="${EROOT}etc/locale.gen"
+ if [[ -z $(locale-gen --list --config "${locale_list}") ]] ; then
+ ewarn "Generating all locales; edit /etc/locale.gen to save time/space"
+ locale_list="${EROOT}usr/share/i18n/SUPPORTED"
+ fi
+ locale-gen -j $(makeopts_jobs) --config "${locale_list}"
+ fi
+
+ # Check for sanity of /etc/nsswitch.conf, take 2
+ if [[ -e ${EROOT}/etc/nsswitch.conf ]] && ! has_version sys-auth/libnss-nis ; then
+ local entry
+ for entry in passwd group shadow; do
+ if egrep -q "^[ \t]*${entry}:.*nis" "${EROOT}"/etc/nsswitch.conf; then
+ ewarn ""
+ ewarn "Your ${EROOT}/etc/nsswitch.conf uses NIS. Support for that has been"
+ ewarn "removed from glibc and is now provided by the package"
+ ewarn " sys-auth/libnss-nis"
+ ewarn "Install it now to keep your NIS setup working."
+ ewarn ""
+ fi
+ done
+ fi
+}