Ok, I want to compile 32-bit C application with clang 6 for CentOS 7 on my 64-bit Ubuntu 18.04. glibc on Ubuntu is 2.27, very custom 2.17 on CentOS 7 (full version - 2.17-222.el7), and some other potential dependencies.
Prerequisites
Installed clang and lld (to compile and link), yum and rpm.Sysroot
- wget -c http://mirror.centos.org/altarch/7/os/i386/Packages/centos-release-7-5.1804.el7.centos.i.i686.rpm
- for 64-bit: http://mirror.centos.org/centos/7/os/x86_64/Packages/centos-release-7-5.1804.el7.centos.x86_64.rpm
- mkdir centos7sysroot
- cd centos7sysroot
- sudo rpm -i --root=$PWD --nodeps ../centos-release-7-5.1804.el7.centos.i.i686.rpm
- Output:
rpm: RPM should not be used directly install RPM packages, use Alien instead! rpm: However assuming you know what you are doing... warning: ../centos-release-7-5.1804.el7.centos.i.i686.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY warning: %post(centos-release-7-5.1804.el7.centos.i.i686) scriptlet failed, exit status 127
- sudo sed -i "s/\$basearch/i386/g" etc/yum.repos.d/CentOS-Base.repo
- for 32 bits, as otherwise host yum will use x86_64
- sudo sed -i "s/gpgcheck=1/gpgcheck=0/g" etc/yum.repos.d/CentOS-Base.repo
- sudo yum --installroot=$PWD install -y glibc-devel glibc-headers
- Output:
... Running Transaction ** Found 3 pre-existing rpmdb problem(s), 'yum check' output follows: centos-release-7-5.1804.el7.centos.i.i686 has missing requires of /bin/sh centos-release-7-5.1804.el7.centos.i.i686 has missing requires of coreutils centos-release-7-5.1804.el7.centos.i.i686 has missing requires of grep ... Installed: glibc-devel.i686 0:2.17-222.el7 glibc-headers.i686 0:2.17-222.el7 Dependency Installed: basesystem.noarch 0:10.0-7.el7.centos bash.i686 0:4.2.46-30.el7 filesystem.i686 0:3.2-25.el7 glibc.i686 0:2.17-222.el7 glibc-common.i686 0:2.17-222.el7 info.i686 0:5.1-5.el7 kernel-headers.i686 0:3.10.0-862.3.2.el7.centos.plus libgcc.i686 0:4.8.5-28.el7_5.1 libselinux.i686 0:2.5-12.el7 libsepol.i686 0:2.5-8.1.el7 libstdc++.i686 0:4.8.5-28.el7_5.1 ncurses-base.noarch 0:5.9-14.20130511.el7_4 ncurses-libs.i686 0:5.9-14.20130511.el7_4 nspr.i686 0:4.19.0-1.el7_5 nss-softokn-freebl.i686 0:3.36.0-5.el7_5 nss-util.i686 0:3.36.0-1.el7_5 pcre.i686 0:8.32-17.el7 setup.noarch 0:2.8.71-9.el7 tzdata.noarch 0:2018e-3.el7 zlib.i686 0:1.2.7-17.el7 Complete!
Compiler settings
CC = clang-6.0 -m32 --sysroot=sysroot_pathLD = $(CC) -fuse-ld=lld
or
LD = clang-6.0 -m32 --sysroot=sysroot_path -fuse-ld=lld
Some hardening clang options:
CHARDENING = -D_FORTIFY_SOURCE=2 -D_GLIBCXX_ASSERTIONS -fasynchronous-unwind-tables -fexceptions -fPIC \
-grecord-gcc-switches -g -O2 -pipe -Wall -Werror=format-security -Werror=implicit-function-declaration \
-fstack-protector-strong -fsanitize=safe-stack -fsanitize=cfi -fvisibility=hidden -flto
LHARDENING = $(CHARDENING) -Wl,-z,defs -Wl,-z,now -Wl,-z,relro
(-Wall and so on are enabled by default)
That's all.
