Next: , Up: Installing the GNU C Library   [Contents][Index]


C.1 Configuring and compiling the GNU C Library

The GNU C Library cannot be compiled in the source directory. You must build it in a separate build directory. For example, if you have unpacked the GNU C Library sources in /src/gnu/glibc-version, create a directory /src/gnu/glibc-build to put the object files in. This allows removing the whole build directory in case an error occurs, which is the safest way to get a fresh start and should always be done.

From your object directory, run the shell script configure located at the top level of the source tree. In the scenario above, you’d type

$ ../glibc-version/configure args…

Please note that even though you’re building in a separate build directory, the compilation may need to create or modify files and directories in the source directory.

configure takes many options, but the only one that is usually mandatory is ‘--prefix’. This option tells configure where you want the GNU C Library installed. This defaults to /usr/local, but the normal setting to install as the standard system library is ‘--prefix=/usr’ for GNU/Linux systems and ‘--prefix=’ (an empty prefix) for GNU/Hurd systems.

It may also be useful to pass ‘CC=compiler’ and CFLAGS=flags arguments to configure. CC selects the C compiler that will be used, and CFLAGS sets optimization options for the compiler. Any compiler options required for all compilations, such as options selecting an ABI or a processor for which to generate code, should be included in CC. Options that may be overridden by the GNU C Library build system for particular files, such as for optimization and debugging, should go in CFLAGS. The default value of CFLAGS is ‘-g -O2’, and the GNU C Library cannot be compiled without optimization, so if CFLAGS is specified it must enable optimization. For example:

$ ../glibc-version/configure CC="gcc -m32" CFLAGS="-O3"

The following list describes all of the available options for configure:

--prefix=directory

Install machine-independent data files in subdirectories of directory. The default is to install in /usr/local.

--exec-prefix=directory

Install the library and other machine-dependent files in subdirectories of directory. The default is to the ‘--prefix’ directory if that option is specified, or /usr/local otherwise.

--with-headers=directory

Look for kernel header files in directory, not /usr/include. The GNU C Library needs information from the kernel’s header files describing the interface to the kernel. The GNU C Library will normally look in /usr/include for them, but if you specify this option, it will look in DIRECTORY instead.

This option is primarily of use on a system where the headers in /usr/include come from an older version of the GNU C Library. Conflicts can occasionally happen in this case. You can also use this option if you want to compile the GNU C Library with a newer set of kernel headers than the ones found in /usr/include.

--enable-kernel=version

This option is currently only useful on GNU/Linux systems. The version parameter should have the form X.Y.Z and describes the smallest version of the Linux kernel the generated library is expected to support. The higher the version number is, the less compatibility code is added, and the faster the code gets.

--with-binutils=directory

Use the binutils (assembler and linker) in directory, not the ones the C compiler would default to. You can use this option if the default binutils on your system cannot deal with all the constructs in the GNU C Library. In that case, configure will detect the problem and suppress these constructs, so that the library will still be usable, but functionality may be lost—for example, you can’t build a shared libc with old binutils.

--with-nonshared-cflags=cflags

Use additional compiler flags cflags to build the parts of the library which are always statically linked into applications and libraries even with shared linking (that is, the object files contained in lib*_nonshared.a libraries). The build process will automatically use the appropriate flags, but this option can be used to set additional flags required for building applications and libraries, to match local policy. For example, if such a policy requires that all code linked into applications must be built with source fortification, ‘--with-nonshared-cflags=-Wp,-D_FORTIFY_SOURCE=2’ will make sure that the objects in libc_nonshared.a are compiled with this flag (although this will not affect the generated code in this particular case and potentially change debugging information and metadata only).

--with-rtld-early-cflags=cflags

Use additional compiler flags cflags to build the early startup code of the dynamic linker. These flags can be used to enable early dynamic linker diagnostics to run on CPUs which are not compatible with the rest of the GNU C Library, for example, due to compiler flags which target a later instruction set architecture (ISA).

--with-timeoutfactor=NUM

Specify an integer NUM to scale the timeout of test programs. This factor can be changed at run time using TIMEOUTFACTOR environment variable.

--disable-shared

Don’t build shared libraries even if it is possible. Not all systems support shared libraries; you need ELF support and (currently) the GNU linker.

--disable-default-pie

Don’t build glibc programs and the testsuite as position independent executables (PIE). By default, glibc programs and tests are created as position independent executables on targets that support it. If the toolchain and architecture support it, static executables are built as static PIE and the resulting glibc can be used with the GCC option, -static-pie, which is available with GCC 8 or above, to create static PIE.

--enable-cet
--enable-cet=permissive

Enable Intel Control-flow Enforcement Technology (CET) support. When the GNU C Library is built with --enable-cet or --enable-cet=permissive, the resulting library is protected with indirect branch tracking (IBT) and shadow stack (SHSTK). When CET is enabled, the GNU C Library is compatible with all existing executables and shared libraries. This feature is currently supported on i386, x86_64 and x32 with GCC 8 and binutils 2.29 or later. Note that when CET is enabled, the GNU C Library requires CPUs capable of multi-byte NOPs, like x86-64 processors as well as Intel Pentium Pro or newer. With --enable-cet, it is an error to dlopen a non CET enabled shared library in CET enabled application. With --enable-cet=permissive, CET is disabled when dlopening a non CET enabled shared library in CET enabled application.

NOTE: --enable-cet has been tested for i686, x86_64 and x32 on non-CET processors. --enable-cet has been tested for i686, x86_64 and x32 on CET processors.

--enable-memory-tagging

Enable memory tagging support if the architecture supports it. When the GNU C Library is built with this option then the resulting library will be able to control the use of tagged memory when hardware support is present by use of the tunable ‘glibc.mem.tagging’. This includes the generation of tagged memory when using the malloc APIs.

At present only AArch64 platforms with MTE provide this functionality, although the library will still operate (without memory tagging) on older versions of the architecture.

The default is to disable support for memory tagging.

--disable-profile

Don’t build libraries with profiling information. You may want to use this option if you don’t plan to do profiling.

--enable-static-nss

Compile static versions of the NSS (Name Service Switch) libraries. This is not recommended because it defeats the purpose of NSS; a program linked statically with the NSS libraries cannot be dynamically reconfigured to use a different name database.

--enable-hardcoded-path-in-tests

By default, dynamic tests are linked to run with the installed C library. This option hardcodes the newly built C library path in dynamic tests so that they can be invoked directly.

--disable-timezone-tools

By default, timezone related utilities (zic, zdump, and tzselect) are installed with the GNU C Library. If you are building these independently (e.g. by using the ‘tzcode’ package), then this option will allow disabling the install of these.

Note that you need to make sure the external tools are kept in sync with the versions that the GNU C Library expects as the data formats may change over time. Consult the timezone subdirectory for more details.

--enable-stack-protector
--enable-stack-protector=strong
--enable-stack-protector=all

Compile the C library and all other parts of the glibc package (including the threading and math libraries, NSS modules, and transliteration modules) using the GCC -fstack-protector, -fstack-protector-strong or -fstack-protector-all options to detect stack overruns. Only the dynamic linker and a small number of routines called directly from assembler are excluded from this protection.

--enable-bind-now

Disable lazy binding for installed shared objects and programs. This provides additional security hardening because it enables full RELRO and a read-only global offset table (GOT), at the cost of slightly increased program load times.

--enable-pt_chown

The file pt_chown is a helper binary for grantpt (see Pseudo-Terminals) that is installed setuid root to fix up pseudo-terminal ownership on GNU/Hurd. It is not required on GNU/Linux, and the GNU C Library will not use the installed pt_chown program when configured with --enable-pt_chown.

--disable-werror

By default, the GNU C Library is built with -Werror. If you wish to build without this option (for example, if building with a newer version of GCC than this version of the GNU C Library was tested with, so new warnings cause the build with -Werror to fail), you can configure with --disable-werror.

--disable-mathvec

By default for x86_64, the GNU C Library is built with the vector math library. Use this option to disable the vector math library.

--enable-crypt

Install the legacy passphrase-hashing library libcrypt and the header file crypt.h. unistd.h will declare the function crypt regardless of this option. Using this option does not change the set of programs that may need to be linked with -lcrypt; it only means that the GNU C Library will provide that library.

This option is for hackers and distributions who may not yet be able to use libcrypt alternatives such as libxcrypt and need this legacy implementation as a temporary workaround. Note that libcrypt may be removed in a future release.

--disable-scv

Disable using scv instruction for syscalls. All syscalls will use sc instead, even if the kernel supports scv. PowerPC only.

--build=build-system
--host=host-system

These options are for cross-compiling. If you specify both options and build-system is different from host-system, configure will prepare to cross-compile the GNU C Library from build-system to be used on host-system. You’ll probably need the ‘--with-headers’ option too, and you may have to override configure’s selection of the compiler and/or binutils.

If you only specify ‘--host’, configure will prepare for a native compile but use what you specify instead of guessing what your system is. This is most useful to change the CPU submodel. For example, if configure guesses your machine as i686-pc-linux-gnu but you want to compile a library for 586es, give ‘--host=i586-pc-linux-gnu’ or just ‘--host=i586-linux’ and add the appropriate compiler flags (‘-mcpu=i586’ will do the trick) to CC.

If you specify just ‘--build’, configure will get confused.

--with-pkgversion=version

Specify a description, possibly including a build number or build date, of the binaries being built, to be included in --version output from programs installed with the GNU C Library. For example, --with-pkgversion='FooBar GNU/Linux glibc build 123'. The default value is ‘GNU libc’.

--with-bugurl=url

Specify the URL that users should visit if they wish to report a bug, to be included in --help output from programs installed with the GNU C Library. The default value refers to the main bug-reporting information for the GNU C Library.

--enable-fortify-source
--enable-fortify-source=LEVEL

Use -D_FORTIFY_SOURCE=LEVEL to control hardening in the GNU C Library. If not provided, LEVEL defaults to highest possible value supported by the build compiler.

Default is to disable fortification.

To build the library and related programs, type make. This will produce a lot of output, some of which may look like errors from make but aren’t. Look for error messages from make containing ‘***’. Those indicate that something is seriously wrong.

The compilation process can take a long time, depending on the configuration and the speed of your machine. Some complex modules may take a very long time to compile, as much as several minutes on slower machines. Do not panic if the compiler appears to hang.

If you want to run a parallel make, simply pass the ‘-j’ option with an appropriate numeric parameter to make. You need a recent GNU make version, though.

To build and run test programs which exercise some of the library facilities, type make check. If it does not complete successfully, do not use the built library, and report a bug after verifying that the problem is not already known. See Reporting Bugs, for instructions on reporting bugs. Note that some of the tests assume they are not being run by root. We recommend you compile and test the GNU C Library as an unprivileged user.

Before reporting bugs make sure there is no problem with your system. The tests (and later installation) use some pre-existing files of the system such as /etc/passwd, /etc/nsswitch.conf and others. These files must all contain correct and sensible content.

Normally, make check will run all the tests before reporting all problems found and exiting with error status if any problems occurred. You can specify ‘stop-on-test-failure=y’ when running make check to make the test run stop and exit with an error status immediately when a failure occurs.

To format the GNU C Library Reference Manual for printing, type make dvi. You need a working TeX installation to do this. The distribution builds the on-line formatted version of the manual, as Info files, as part of the build process. You can build them manually with make info.

The library has a number of special-purpose configuration parameters which you can find in Makeconfig. These can be overwritten with the file configparms. To change them, create a configparms in your build directory and add values as appropriate for your system. The file is included and parsed by make and has to follow the conventions for makefiles.

It is easy to configure the GNU C Library for cross-compilation by setting a few variables in configparms. Set CC to the cross-compiler for the target you configured the library for; it is important to use this same CC value when running configure, like this: ‘configure target CC=target-gcc’. Set BUILD_CC to the compiler to use for programs run on the build system as part of compiling the library. You may need to set AR to cross-compiling versions of ar if the native tools are not configured to work with object files for the target you configured for. When cross-compiling the GNU C Library, it may be tested using ‘make check test-wrapper="srcdir/scripts/cross-test-ssh.sh hostname"’, where srcdir is the absolute directory name for the main source directory and hostname is the host name of a system that can run the newly built binaries of the GNU C Library. The source and build directories must be visible at the same locations on both the build system and hostname. The ‘cross-test-ssh.sh’ script requires ‘flock’ from ‘util-linux’ to work when glibc_test_allow_time_setting environment variable is set.

It is also possible to execute tests, which require setting the date on the target machine. Following use cases are supported:

In general, when testing the GNU C Library, ‘test-wrapper’ may be set to the name and arguments of any program to run newly built binaries. This program must preserve the arguments to the binary being run, its working directory and the standard input, output and error file descriptors. If ‘test-wrapper env’ will not work to run a program with environment variables set, then ‘test-wrapper-env’ must be set to a program that runs a newly built program with environment variable assignments in effect, those assignments being specified as ‘var=value’ before the name of the program to be run. If multiple assignments to the same variable are specified, the last assignment specified must take precedence. Similarly, if ‘test-wrapper env -i’ will not work to run a program with an environment completely empty of variables except those directly assigned, then ‘test-wrapper-env-only’ must be set; its use has the same syntax as ‘test-wrapper-env’, the only difference in its semantics being starting with an empty set of environment variables rather than the ambient set.

For AArch64 with SVE, when testing the GNU C Library, ‘test-wrapper’ may be set to "srcdir/sysdeps/unix/sysv/linux/aarch64/vltest.py vector-length" to change Vector Length.


Next: Installing the C Library, Up: Installing the GNU C Library   [Contents][Index]