Project:Musl
| musl | |
|---|---|
| Description | This subproject aims to port the hardened tool chain to musl based systems for a variety of architectures. The project treats musl as an alternative to glibc, and not necessarily as "embedded". |
| Project email | [email protected] |
| Packages | p.g.o/[email protected]
|
| IRC channel | #gentoo-hardened (webchat) |
| Bugs | Related bugs |
| Lead(s) |
Last elected: 2019-08-27 |
| Member(s) |
|
| Subproject(s) (and inherited member(s)) |
(none) |
| Parent Project | Hardened |
| Project listing | |
The musl project has a goal similar to its sister subproject, Hardened uClibc, but with the intention of using musl to replace glibc as the system's "standard C library" or "libc" for short.
A system's libc forms an integral part of the toolchain, but unlike the other components, it remains a runtime dependency of nearly every dynamically linked object in the system, or becomes incorporated into statically linked executables.
For embedded systems, the size and speed of your libc become important issues which are better addressed by libcs designed with that purpose in mind. uClibc addresses at least the size issue by being very configurable, so any unneeded code can be turned off. Whether a function is required by POSIX standards or not doesn't matter if you are not using it for some targetted application. musl takes a different approach: it is written with static linking in mind, but also with fast dynamic linking capabilities, while remaining close to standards and conscious of security issues. However, unlike uClibc, it is not configurable. How glibc, uClibc and musl compare on the various points of interest is complex and something that will probably be debated forever.
The musl team does provide a table of C/POSIX standard library implementations for Linux that you can browse.
Since there are different needs for different folks, in Gentoo we are not afraid to target anything and everything: all arches, all libcs, hardened/vanilla userland, hardened/vanilla Linux kernel, and even different kernels.
musl's completeness, including a robust implementation of POSIX threads, means that we can include all of Gentoo's Hardened toolchain goodies without any problems:
- Stack Smashing Protection (SSP), which requires threads but doesn't work with the old NPTL or LinuxThreads that uClibc provides.
- Position Independent Execution (PIE).
- Bind now and relro, linker hardening to protect the global offset table.
These are augmented by the kernel hardening, especially PaX's enhanced address space layout randomization (ASLR).
This subproject aims to support musl more as a drop in alternative to glibc, and not necessarily as a single purpose embedded systems as found in other Linux projects. This is not at the exclusion of the concerns of embedded systems, but rather to make our userland tarballs as flexible as possible. This allows Gentoo to aim for complete package support both hardened and musl where reasonable possible.
For an end user focused article and simple check to see if musl is suitable for the needs of the system, please see Musl
Goals
The project goals can be best summarized by the following chart:
| Arch | Subarchs | Tool Chain Hardening | Status | Downloads |
|---|---|---|---|---|
| amd64 | Generic | Yes | Development | stage3-amd64-musl-{hardened,vanilla} |
| arm | armv7a-hardfp | Yes | Development | stage3-armv7a_hardfp-musl-{hardened,vanilla} |
| arm | armv6j-hardfp | Yes | Development | stage3-armv6j_hardfp-musl-{hardened,vanilla} |
| m68k | m68k | No | Development | stage3-m68k-musl-vanilla |
| mips | mips2 | No | Development | stage3-mips2-musl-vanilla |
| mips | mipsel2 | No | Development | stage3-mipsel2-musl-vanilla |
| ppc | classic | Yes | Development | stage3-ppc-musl-hardened-openrc |
| ppc64 | ppc64/ppc64le | Yes | Development | stage3-ppc64-musl-hardened-openrc / stage3-ppc64le-musl-hardened-openrc |
| x86 | i686 | Yes | Development | stage3-i686-musl |
Contributors
The following people have contributed noteworthy improvements to the project :
| Contributor | Still active? | |
|---|---|---|
| Felix Janda | [email protected] | Yes |
| Vimproved | [email protected] | Yes |
Participation
To participate in the musl project join the mailing list at [email protected] and visit our IRC channel at #gentoo-hardened (webchat) on Libera.Chat.
See also
- End user musl article — a standard C library implementation that strives to be lightweight and correct in the sense of standards
- Project:Musl/Bluedragon — covers using a hardened musl XFCE desktop
- musl porting notes — pointers on getting software to compile with musl
- musl stage creation for RelEng — intended for those that wish to build musl stages on architectures that don't have them built by the official Gentoo build server.