mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-22 03:04:34 +01:00
42acb16bb8
Rationale for this change: - ipf is already there - if the kernel is configured with a packet filter which drops packets by default, pfctl or ipfw will be required in the rescue environment to make the network functional. - rescue's stated purpose is to be useful for small/embedded systems (and is also quite useful for small jails); a rescue-based router would want these binaries. On amd64, this increases the size of rescue from 17346200 to 17907248, or 561048 bytes (3.2%). Reviewed by: imp Pull Request: https://github.com/freebsd/freebsd-src/pull/1169 |
||
|---|---|---|
| .. | ||
| librescue | ||
| rescue | ||
| Makefile | ||
| README | ||
The /rescue build system here has three goals: 1) Produce a reliable standalone set of /rescue tools. The contents of /rescue are all statically linked and do not depend on anything in /bin or /sbin. In particular, they'll continue to function even if you've hosed your dynamic /bin and /sbin. For example, note that /rescue/mount runs /rescue/mount_nfs and not /sbin/mount_nfs. This is more subtle than it looks. As an added bonus, /rescue is fairly small (thanks to crunchgen) and includes a number of tools (such as gzip, bzip2, vi) that are not normally found in /bin and /sbin. 2) Demonstrate robust use of crunchgen. These Makefiles recompile each of the crunchgen components and include support for overriding specific library entries. Such techniques should be useful elsewhere. 3) Produce a toolkit suitable for small distributions. Install /rescue on a CD or CompactFlash disk, and symlink /bin and /sbin to /rescue to produce a small and fairly complete FreeBSD system. These tools have one big disadvantage: being statically linked, they cannot use some advanced library functions that rely on dynamic linking. In particular, nsswitch, locales, and pam all rely on dynamic linking. To compile: # cd /usr/src/rescue # make obj # make # make install Note that rebuilds don't always work correctly; if you run into trouble, try 'make clean' before recompiling.