Hardened_Linux_From_Scratch
Linux From Scratch
Type of Linux installation
Linux From Scratch (LFS) is a type of a Linux installation and the name of a book written by Gerard Beekmans, and as of May 2021, mainly maintained by Bruce Dubbs. The book gives readers instructions on how to build a Linux system from source. The book is available freely from the Linux From Scratch site.[1]
 |
| Developer | Gerard Beekmans et al. |
|---|---|
| OS family | Unix-like |
| Working state | Current |
| Source model | Open source |
| Initial release | December 1999; 24 years ago (1999-12) |
| Latest release | 12.0 / 1 September 2023; 7 months ago (2023-09-01)[1][2] |
| Update method | Source-based |
| Package manager | None (source-based) |
| Platforms | IA-32, x86-64[3] |
| Kernel type | Monolithic |
| Default user interface | CLI |
| License | Creative Commons licenses Mainly CC BY-NC-SA [4] and MIT License |
| Official website | www |
Linux From Scratch is a way to install a working Linux system by building all components of it manually. This is, naturally, a longer process than installing a pre-compiled Linux distribution. According to the Linux From Scratch site, the advantages to this method are a compact, flexible and secure system and a greater understanding of the internal workings of the Linux-based operating systems.[5]
To keep LFS small and focused, the book Beyond Linux From Scratch (BLFS) was created, which presents instructions on how to further develop the basic Linux system that was created in LFS. It introduces and guides the reader through additions to the system including the X Window System, desktop environments (KDE, GNOME, Xfce, LXDE), productivity software, web browsers, programming languages and tools, multimedia software, and network management and system administration tools. Since Release 5.0, the BLFS book version matches the LFS book version.[6]
The book Cross Linux From Scratch (CLFS) focuses on cross compiling, including compiling for headless or embedded systems that can run Linux, but lack the resources needed to compile Linux. CLFS supports a broad range of processors and addresses advanced techniques not included in the LFS book such as cross-build toolchains, multilibrary support (32 & 64-bit libraries side-by-side), and alternative instruction set architectures such as Itanium, SPARC, MIPS, and Alpha.
The Linux from Scratch project, like BitBake, also supports cross-compiling Linux for ARM embedded systems such as the Raspberry Pi and BeagleBone.[7][8]
The book Hardened Linux From Scratch (HLFS) focuses on security enhancements such as hardened kernel patches, mandatory access control policies, stack-smashing protection, and address space layout randomization. Besides its main purpose of creating a security-focused operating system, HLFS had the secondary goal of being a security teaching tool. It has not been updated since 2011.
Automated Linux From Scratch (ALFS) is a project designed to automate the process of creating an LFS system. It is aimed at users who have gone through the LFS and BLFS books several times and wish to reduce the amount of work involved. A secondary goal is to act as a test of the LFS and BLFS books by directly extracting and running instructions from the XML sources of the LFS and BLFS books.
A clean partition and a working Linux system with a compiler and some essential software libraries are required to build LFS. Instead of installing from an existing Linux system, one can also use a Live CD to build an LFS system.
The project formerly maintained the Linux From Scratch Live CD.[9] LFS Live CD contains all the source packages (in the full version of the Live CD only), the LFS book, automated building tools and (except for the minimal Live CD version) an Xfce GUI environment to work in. The official LFS Live CD is no longer maintained, and cannot be used to build the LFS version7 or later.[9] There are, however, two unofficial builds that can be used to build a 32-bit or 64-bit kernel and userspace respectively for LFS 7.x.[10]
First, a toolchain must be compiled consisting of the tools used to compile LFS, like GCC, glibc, binutils, and other necessary utilities. Then, the root directory must be changed, (using chroot), to the toolchain's partition to start building the final system. One of the first packages to compile is glibc; after that, the toolchain's linker must be adjusted to link against the newly built glibc, so that all other packages that will make up the finished system can be linked against it as well. During the chroot phase, bash's hashing feature is turned off and the temporary toolchain's bin directory moved to the end of PATH. This way the newly compiled programs come first in PATH and the new system builds on its own new components.
| Component | Description | License | Version |
|---|---|---|---|
| Acl | An access control list (ACL), with respect to a computer file system, is a list of permissions attached to an object. | GNU GPL | 2.3.1 |
| Attr | Commands for Manipulating Filesystem Extended Attributes. | GNU GPL | 2.5.1 |
| Autoconf | Tool for producing configure scripts for C, C++, Fortran, Fortran 77, Erlang, Objective-C software on Unix-like computer systems. | GNU GPL | 2.71 |
| Automake | A programming tool that produces portable makefiles for use by the make program, used in compiling software. | GNU GPL | 1.16.5 |
| Bash | A free software Unix shell written for the GNU Project | GNU GPL | 5.1.16 |
| bc | bc is a basic calculator (often referred to as bench calculator), is "an arbitrary precision calculator language" with syntax similar to the C programming language. |
GNU GPL | 6.0.1 |
| Binutils | A collection of programming tools for the manipulation of object code in various object file formats. | GNU GPL | 2.39 |
| Bison | A parser generator that is part of the GNU Project. Bison converts a grammar description for a context-free grammar into source code for a C, C++ or Java parser. | GNU GPL | 3.8.2 |
| Bzip2 | A free and open source lossless data compression algorithm and program developed by Julian Seward. | BSD-like License | 1.0.8 |
| Check | A unit testing framework for C. | GNU GPL | 0.15.2 |
| Coreutils | A package of GNU software containing many of the basic tools, such as cat, ls, and rm, needed for Unix-like operating systems. | GNU GPL | 9.1 |
| DejaGNU | A framework for testing other programs. It has a main script called runtest that goes through a directory looking at configuration files and then runs some tests with given criteria. | GNU GPL | 1.6.3 |
| Diffutils | A data comparison utility that outputs the differences between two files. | GNU GPL | 3.8 |
| E2fsprogs | e2fsprogs (sometimes called the e2fs programs) is a set of utilities for maintaining the ext2, ext3 and ext4 file systems. | GNU GPL | 1.46.5 |
| Elfutils | A collection of utilities and libraries to read, create and modify ELF binary files. | GNU GPL and GNU LGPL | 0.187 |
| Eudev | A fork of udev in order to avoid dependency on the systemd architecture. The resulting fork is called eudev and it makes udev functionality available without systemd. | GNU GPL | 3.2.11 |
| Expat | A stream-oriented XML 1.0 parser library, written in C. | MIT License | 2.4.8 |
| Expect | Expect is a Unix automation and testing tool as an extension to the Tcl scripting language, for interactive applications such as telnet, ftp, passwd, fsck, rlogin, tip, ssh, and others. | Public domain | 5.45.4 |
| File | file command is a standard Unix program for recognizing the type of data contained in a computer file. | BSD-like License | 5.42 |
| Findutils | The GNU Find Utilities are the basic directory searching utilities of the GNU operating system. | GNU GPL | 4.9.0 |
| Flex | flex (fast lexical analyzer generator) is a free software alternative to lex. | BSD license | 2.6.4 |
| Gawk | Gawk is a programming language that is designed for processing text-based data, either in files or data streams | GNU GPL | 5.1.1 |
| GCC | The GNU Compiler Collection (usually shortened to GCC) is a compiler system produced by the GNU Project supporting various programming languages | 12.2.0 | |
| GDBM | GDBM simple database engines | 1.23 | |
| Gettext | Gettext is the GNU internationalization and localization (i18n) library. | 0.21 | |
| Glibc | The GNU C Library, commonly known as glibc, is the C standard library released by the GNU Project. | 2.36 | |
| GMP | The GNU Multiple-Precision Library, also known as GMP, is a free library for arbitrary-precision arithmetic, operating on signed integers, rational numbers, and floating point numbers. | 6.2.1 | |
| Gperf | A perfect hash function generator. For a given list of strings, it produces a hash function and hash table, in form of C or C++ code, for looking up a value depending on the input string. The hash function is perfect, which means that the hash table has no collisions, and the hash table lookup needs a single string comparison only. | 3.1 | |
| Grep | grep is a command line text search utility originally written for Unix. |
3.7 | |
| Groff | Groff is the GNU replacement for the troff and nroff text formatters. | 1.22.4 | |
| GRUB | GNU GRUB (short for GNU GRand Unified Bootloader) is a boot loader package from the GNU Project. | 2.06 | |
| Gzip | Gzip is a software application used for file compression. gzip is short for GNU zip | 1.12 | |
| iana-etc. | iana-etc. installs services and protocols using data from the Internet Assigned Numbers Authority. Included are snapshots of the data from the IANA, scripts to transform that data into the needed formats, and scripts to fetch the latest data. | Open Software License | 20220812 |
| Inetutils | A collection of network tools, including: telnet, ftp, and rsh. | GNU GPL | 2.3 |
| Intltool | A set of tools to centralize translation of many different file formats using GNU gettext-compatible PO files. | 0.51.0 | |
| IPRoute2 | A collection of userspace utilities for controlling and monitoring various aspects of networking in the Linux kernel, including routing, network interfaces, tunnels, traffic control, and network-related device drivers. | 5.19.0 | |
| Kbd | A package contains tools for managing the Linux console (Linux console, virtual terminals on it, keyboard, etc.). Mainly, what they do is loading console fonts and keyboard maps. Also this package contains a set of various fonts and keyboard maps. | 2.5.1 | |
| Kmod | A multi-call binary which implements the programs used to control Linux Kernel modules. | 30 | |
| less | less is a terminal pager program on Unix, Windows and Unix-like systems used to view (but not change) the contents of a text file one screen at a time. |
Dual: either GPL or BSD-like License | 590 |
| LFS-Bootscripts | The LFS-Bootscripts package contains a set of scripts to start/stop the LFS system at bootup/shutdown. The configuration files and procedures needed to customize the boot process are described in the following sections. | Creative Commons licenses and MIT License | 20220723 |
| Libcap | An alternative to the superuser model of privilege under Linux. | 2.65 | |
| Libffi | A Portable Foreign Function Interface Library. | MIT License | 3.4.2 |
| Libpipeline | Libpipeline is a C library for manipulating pipelines of subprocesses in a flexible and convenient way. | GNU GPL | 1.5.6 |
| Libtool | GNU Libtool is a GNU programming tool from the GNU build system used for creating portable compiled libraries. | 2.4.7 | |
| Linux | The Linux kernel is an operating system kernel used by the Linux family of Unix-like operating systems. | 5.19.2 | |
| GNU m4 | GNU m4 is the GNU version of the m4 macro preprocessor. | 1.4.19 | |
| make | Make is a utility for automatically building executable programs and libraries from source code. | 4.3 | |
| Man-DB | Man-DB is an implementation of the standard Unix documentation system accessed using the man command. It uses a Berkeley DB database in place of the traditional flat-text whatis databases. | 2.10.2 | |
| Man-pages | A man page (short for manual page) is a form of online software documentation usually found on a Unix or Unix-like operating system. | Multiple Licenses.[11] | 5.13 |
| Meson | an open source build system meant to be both extremely fast, and, even more importantly, as user friendly as possible. | Apache License | 0.63.1 |
| MPC | A C library for the arithmetic of complex numbers with arbitrarily high precision | GNU LGPL | 1.2.1 |
| MPFR | GNU C library for multiple-precision floating-point computations with correct rounding. | GNU LGPL and GNU GPL for special exception part of the source code | 4.1.0 |
| ncurses | A programming library for writing text user interfaces in a terminal-independent manner | X11 License[12] | 6.3 |
| Ninja | A small build system with a focus on speed. | Apache License | 1.11.0 |
| OpenSSL | A software library for applications that provide secure communications over computer networks against eavesdropping, and identify the party at the other end. It is widely used by Internet servers, including the majority of HTTPS websites. | Apache License 1.0 and four-clause BSD License | 3.0.5 |
| Patch | A computer tool for Unix programs that updates text files according to instructions contained in a separate file, called a patch file. | GNU GPL | 2.7.6 |
| Perl | A dynamic interpreted programming language | Artistic License 1.0[13][14] or GNU GPL[15] | 5.36.0 |
| Pkg-config | A computer program that provides a unified interface for querying installed libraries for the purpose of compiling software from its source code. | GNU GPL | 0.29.2 |
| Procps | A set of command line and full-screen utilities that provide information out of the pseudo-filesystem most commonly located at /proc. This filesystem provides a simple interface to the kernel data structures. The programs of procps generally concentrate on the structures that describe the processes running on the system. | GNU GPL and GNU LGPL | 4.0.0 |
| Psmisc | A set of some small useful utilities that use the proc filesystem. | GNU GPL | 23.5 |
| Python | An open source interpreted high-level programming language for general-purpose programming | Python Software Foundation License | 3.10.6 |
| Python Documentation | Package contains the Python development environment. | 3.10.6 | |
| Readline | GNU readline is a software library created and maintained by the GNU Project. | GNU GPL | 8.1.2 |
| sed | sed (stream editor) is a Unix utility that (a) parses text files and (b) implements a programming language which can apply textual transformations to such files. |
4.8 | |
| Shadow | A tool on most Unix and Unix-like operating systems used to change a user's password. The password entered by the user is run through a key derivation function to create a hashed version of the new password, which is saved. Only the hashed version is stored; the entered password is not saved for security reasons. | Artistic License or BSD-like License | 4.12.2 |
| Sysklogd | A Kernel and system logging daemons that provides two system utilities which provide support for system logging and kernel message trapping. Support of both internet and unix domain sockets enables this utility package to support both local and remote logging. | GNU GPL | 1.5.1 |
| Sysvinit | System V style init programs that control the booting and shutdown system. | 3.04 | |
| tar | tar is a program that provides the ability to create tar archives, as well as various other kinds of manipulation. |
1.34 | |
| Tcl | Tool Command Language is a dynamic scripting language. | BSD-like License[16] | 8.6.12 |
| Texinfo | A typesetting syntax used for generating documentation in both on-line also printed form and the official documentation format of the GNU project. | GNU GPL | 6.8 |
| tzdata | The public-domain time zone database contains code and data that represent the history of local time for many representative locations around the globe. | Public domain and BSD | 2022c |
| Udev Configuration Tarball | The Udev package contains programs for dynamic creation of device nodes. The development of udev has been merged with systemd, but most of systemd is incompatible with LFS. Here we build and install just the needed udev files. | Creative Commons licenses and MIT License | udev-lfs-20171102 |
| util-linux | The Util-linux package contains miscellaneous utility programs. Among them are utilities for handling file systems, consoles, partitions, and messages. | GNU GPL | 2.38.1 |
| Vim language files (recommended) | A text editor built to create and change any kind of text. | Free software (Vim License), charityware | 9.0.0228 |
| Wheel | This library is the reference implementation of the Python wheel packaging standard, as defined in PEP 427. | MIT | 0.37.1 |
| XML::Parser | 2.46 | ||
| XZ Utils | A general-purpose data compression software with a high compression ratio. XZ Utils were written for POSIX-like systems, but also work on some not-so-POSIX systems. XZ Utils are the successor to LZMA Utils. | GNU GPL and GNU LGPL | 5.2.6 |
| Zlib | Zlib is a software library used for data compression. | zlib license | 1.2.12 |
| zstd | zstd a fast lossless compression algorithm and data compression tool. Compress or decompress .zst files. | BSD + GPLv2 dual license.[17] | 1.5.2 |
[18] This is a list of the packages included in CLFS version 1.1.0. Unless otherwise noted, this list is applicable to all supported architectures.
|
|
|
A "standard build unit" ("SBU") is a term used during initial bootstrapping of the system, and represents the amount of time required to build the first package in LFS on a given computer. Its creation was prompted by the long time required to build an LFS system, and the desire of many users to know how long a source tarball will take to build ahead of time.
As of Linux From Scratch version 10.1, the first package built by the user is GNU binutils. When building it, users are encouraged to measure the build process using shell constructs and dub that time the system's "standard build unit". Once this number is known, an estimate of the time required to build later packages is expressed relative to the known SBU.
Several packages built during compilation take much longer to build than binutils, including the GNU C Library (rated at 4.2 SBUs) and the GNU Compiler Collection (rated at 11 SBUs). The unit must be interpreted as an approximation; various factors influence the actual time required to build a package.
LWN.net reviewed LFS in 2004:[19]
Linux From Scratch is a wonderful project. It should become a compulsory reading material for all Linux training courses, and something that every Linux enthusiast should complete at least once. This would also create another interesting side effect: people who tend to be quick in expressing dissatisfaction on the distributions' mailing lists and forums would probably show a lot more respect for the developers. Installing a ready-made distribution is a trivial task. Building up a set of 4 CDs containing a stable, secure and reliable operating system, plus thousands of applications, is most definitely not.
Tux Machines wrote a review about Linux From Scratch 6.1 in 2005:[20]
Now on to BLFS. Unfortunately Beyond Linux From Scratch is always a book behind it seems. To me it's not a real install until one can log into a window manager.
Tux Machines also has a second[21] and a third part[22] of the review.
Other source-based Linux distributions:
- "LFS News". www.linuxfromscratch.org. Retrieved 2 September 2023.
- Beekmans, Gerard (2023). Linux From Scratch, Version 12.0 (PDF).
- Preface:LFS Target Architectures, Linux From Scratch
- "Appendix D. LFS Licenses". Retrieved 9 August 2023.
- What is Linux From Scratch?, LFS Project Homepage
- Gerard Beekmans: Beyond Linux From Scratch, Version 6.3 (August 2008)
- Brendan Horan. "Practical Raspberry Pi". 2013. p. 105.
- "LFS LiveCD Project Homepage". www.linuxfromscratch.org. Retrieved 25 May 2018.
- "Index of /~kb0iic/livecdupd". clfs.org. Retrieved 25 May 2018.
- "Licenses for manual pages". www.kernel.org. Retrieved 25 May 2018.
- "NCURSES – Licensing". Retrieved 9 July 2013.
- "The "Artistic License" - dev.perl.org". dev.perl.org. Retrieved 25 May 2018.
- "Perl Licensing". dev.perl.org. Retrieved 8 January 2011.
- "Tcl/Tk Licensing Terms". Retrieved 8 January 2011.
- "New license", GitHub "facebook/zstd"
- "Learning with Linux From Scratch [LWN.net]". lwn.net. Retrieved 28 March 2020.
- "Linux From Scratch 6.1 (part 1?) | Tux Machines". www.tuxmachines.org. Retrieved 28 March 2020.
- "Linux From Scratch 6.1 - Part 2 - BLFS | Tux Machines". www.tuxmachines.org. Retrieved 28 March 2020.
- "Beyond Beyond Linux from Scratch (lfs - part3) | Tux Machines". www.tuxmachines.org. Retrieved 28 March 2020.
- "LFS Project Homepage". Linux From Scratch. Gerard Beekmans. 17 March 2008. Retrieved 17 March 2008.