[gentoo-amd64] Installing into a 32-bit chroot?

[gentoo-amd64] Installing into a 32-bit chroot?

[Peter Humphrey]

Hello all,

I'd like to see if I can install gambas into my 32-bit chroot jail. It's 
masked out of everything but vanilla x86 systems, which I think is what I 
have in /mnt/gentoo32 (the chroot jail).

Using emerge to install gambas brings all sorts of other things, including a 
duplicate xorg-x11 installation, which seems a bit excessive to me. How do 
I go about emerging into /mnt/gentoo32 with full X functionality etc, but 
without all the baggage? Perhaps someone's already done this and can advise 
me.

I don't really understand properly how chroots work, and in particular 
whether it's possible to install, e.g., gambas in /mnt/gentoo32 and have it 
use libraries etc. elsewhere. Or do I really have to install a virtually 
complete gentoo 32-bit system to enable it to work?

-- 
Rgds
Peter Humphrey
Linux Counter 5290, August 1993.
-- 
gentoo-amd64@gentoo.org mailing list

[gentoo-amd64] Re: Installing into a 32-bit chroot?

[Duncan]

Peter Humphrey posted <200509041702.07690.prh@gotadsl.co.uk>, excerpted
below,  on Sun, 04 Sep 2005 17:02:07 +0100:

> I'd like to see if I can install gambas into my 32-bit chroot jail. It's
> masked out of everything but vanilla x86 systems, which I think is what I
> have in /mnt/gentoo32 (the chroot jail).
> 
> Using emerge to install gambas brings all sorts of other things, including
> a duplicate xorg-x11 installation, which seems a bit excessive to me. How
> do I go about emerging into /mnt/gentoo32 with full X functionality etc,
> but without all the baggage? Perhaps someone's already done this and can
> advise me.
> 
> I don't really understand properly how chroots work, and in particular
> whether it's possible to install, e.g., gambas in /mnt/gentoo32 and have
> it use libraries etc. elsewhere. Or do I really have to install a
> virtually complete gentoo 32-bit system to enable it to work?

I don't really know what that is, but esearch says "a RAD tool for BASIC".
Is it X based?  If so, you'll need the 32-bit xlibs and whatever else it
needs, withh appropriate headers, accessible from the 32-bit chroot so it
(or whatever dependencies it has) can compile against them.

The 32-bit chroot stuff in the technotes explain a bit about how to set it
up and what you can remount in your chroot and what not.  The
compatibility packages do contain the 32-bit xlibs in binary form, but I'm
not sure they have all the headers and the like for you to actually
compile against.  Thus, I'm not sure whether you have to compile X in the
chroot or whether you can short-circuit that by making the binary compat
packages available in the chroot.  Do note, in any case, that the compat
packages aren't all that optimized, so you might be better off compiling x
in 32-bit anyway, if just to get the optimized libs.

Here's how all that works in terms of X.  You'll be running the 64-bit
X-server.  That's fine.  32-bit stuff can connect to it.  However, you
can't mix 32-bit and 64-bit executables and libraries.  You can't load
64-bit X client-libs into your 32-bit X-client app.  That just doesn't
work, for the same reason you can't load 32-bit codecs in a 64-bit mplayer
or 32-bit plugins in a 64-bit browser (tho konqueror has a plugin proxy
that does the job).  As I said, the 32-bit binary compatibility libs do
contain the necessary X client-libs.  However, they may not contain the
headers necessarily to actually compile against them, thus being useful
for 32-bit precompiled stuff only.

So... for now, you'll likely have to compile all of X in 32-bit mode as
well.

FWIW, that's going to change with xorg-7.0, the modular-X now under
development (there's an -rc in portage, hard-masked for testing). 
Upstream is splitting the monolithic package into a rather large number of
component modules, and Gentoo is doing likewise.  When it's all done,
packages won't depend on X, but on the specific X-modules they need, the
client-libs for most X client-apps, and specific other modules as needed. 
Thus, most folks will be able to avoid compiling at least all the extra
drivers for hardware they don't have, and in cases like this, only the
bare minimum necessary packages would be compiled to fill the
dependencies, likely only xlib.

Back to the now.  If gambas isn't an X app, the dependency may be down the
dependency chain a bit.  It's  possible you could avoid it by tweaking
your 32-bit chroot USE flags.  You'll probably want them fairly minimal,
anyway, certainly in the 32-bit make.conf, and make use of  package.use to
turn on specific flags where you /do/ want them.

-- 
Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman in
http://www.linuxdevcenter.com/pub/a/linux/2004/12/22/rms_interview.html


-- 
gentoo-amd64@gentoo.org mailing list

Re: [gentoo-amd64] Installing into a 32-bit chroot?

[David Fellows]

> Hello all,
> 
> I'd like to see if I can install gambas into my 32-bit chroot jail. It's 
> masked out of everything but vanilla x86 systems, which I think is what I 
> have in /mnt/gentoo32 (the chroot jail).
> 
> Using emerge to install gambas brings all sorts of other things, including a 
> duplicate xorg-x11 installation, which seems a bit excessive to me. How do 
> I go about emerging into /mnt/gentoo32 with full X functionality etc, but 
> without all the baggage? Perhaps someone's already done this and can advise 
> me.

A year ago I made a chroot to run gnucash in.  I just did an emerge in the 
chroot and made all of xorg - ate the compile time and disk space.  You just 
need the Xclient libraries, but it wasn't worth the effort to figure out 
what could be pruned. 

To run gnucash  I start an sshd service in the chroot listening on port 2232
( and leave it running indefinitely). SSHD is configured to do X forwarding.
You do NOT start the X server in the chroot.
In 64 bit I created a /home/me/home32 directory in my 64 bit home directory
/home/me. Then I made /home available to the chroot.
As per the the 32 bit chroot instructions I created a user id for myself that
matches the 64 bit UID with home directory /home/me/home32.
I also had to set up the ssh  keys, known hosts files, etc.

Then I use the command 
ssh -X -p2232 localhost
to connect to the chroot
and execute gnucash.

I have discovered that not all X clients are happy to talk to an X server that
is running on a machine with a different word size.  This is not chroot 
specific and it affects both 32 bit client to 64 bit server and 64 bit client 
to 32 bit server.  My short list, from experience is
  gnome xterm - OK 
  emacs - dies on first mouse click
  xeyes - OK
  gnucash - spews a steady stream of X errors/warnings, but does its thing.
	  (sometimes you are lucky)
  wine - dies on startup IRCC

So you roll the dice with gambas.

If any X perts can explain how to overcome this, I'd like to know. I vaguely 
recall looking briefly and deciding that each client had to be modified.

Perhaps VNC would work better than X through ssh. Anybody have any experience?

> 
> I don't really understand properly how chroots work, and in particular 
> whether it's possible to install, e.g., gambas in /mnt/gentoo32 and have it 
> use libraries etc. elsewhere. Or do I really have to install a virtually 
> complete gentoo 32-bit system to enable it to work?
> 
> -- 
> Rgds
> Peter Humphrey
> Linux Counter 5290, August 1993.
> -- 
> gentoo-amd64@gentoo.org mailing list
> 

Dave F

-- 
gentoo-amd64@gentoo.org mailing list

Re: [gentoo-amd64] Installing into a 32-bit chroot?

[Barry.SCHWARTZ]

[-- Attachment #1: Type: text/plain, Size: 1741 bytes --]

David Fellows <fellows@unb.ca> skribis:
> To run gnucash  I start an sshd service in the chroot listening on port 2232
> ( and leave it running indefinitely). SSHD is configured to do X forwarding.
> You do NOT start the X server in the chroot.
> In 64 bit I created a /home/me/home32 directory in my 64 bit home directory
> /home/me. Then I made /home available to the chroot.
> As per the the 32 bit chroot instructions I created a user id for myself that
> matches the 64 bit UID with home directory /home/me/home32.
> I also had to set up the ssh  keys, known hosts files, etc.
> 
> Then I use the command 
> ssh -X -p2232 localhost
> to connect to the chroot
> and execute gnucash.
> 
> I have discovered that not all X clients are happy to talk to an X server that
> is running on a machine with a different word size.  This is not chroot 
> specific and it affects both 32 bit client to 64 bit server and 64 bit client 
> to 32 bit server.  My short list, from experience is
>   gnome xterm - OK 
>   emacs - dies on first mouse click
>   xeyes - OK
>   gnucash - spews a steady stream of X errors/warnings, but does its thing.
> 	  (sometimes you are lucky)
>   wine - dies on startup IRCC

I think those may be problems with ssh's X forwarding.

You don't need to use ssh. If you make the tmp directories for the
chroot bind-mounts to the outer tmp directories, then X can make Unix
domain socket connections. You can run X clients from inside the
chroot, then.



-- 
Barry.SCHWARTZ@chemoelectric.org   http://www.chemoelectric.org
Esperantistoj rajtas skribi al Barijo.SXVARCO@chemoelectric.org
     'We're going to have a temporary disruption
      of gasoline product.' -- George W. Bush

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-amd64] Re: Installing into a 32-bit chroot?

[Tres Melton]

On Sun, 2005-09-04 at 14:14 -0700, Duncan wrote:
> Peter Humphrey posted <200509041702.07690.prh@gotadsl.co.uk>, excerpted
> below,  on Sun, 04 Sep 2005 17:02:07 +0100:
> 
> > I'd like to see if I can install gambas into my 32-bit chroot jail. It's
> > masked out of everything but vanilla x86 systems, which I think is what I
> > have in /mnt/gentoo32 (the chroot jail).
> > 
> > Using emerge to install gambas brings all sorts of other things, including
> > a duplicate xorg-x11 installation, which seems a bit excessive to me. How
> > do I go about emerging into /mnt/gentoo32 with full X functionality etc,
> > but without all the baggage? Perhaps someone's already done this and can
> > advise me.
> > 
> > I don't really understand properly how chroots work, and in particular
> > whether it's possible to install, e.g., gambas in /mnt/gentoo32 and have
> > it use libraries etc. elsewhere. Or do I really have to install a
> > virtually complete gentoo 32-bit system to enable it to work?

You don't need to install the complete 32 bit system if you want to take
the time to dig through it and remove the unneeded stuff.  In fact you
don't really need any X-server stuff in the 32 bit chroot jail if you
enable sharing the /tmp directory the gambas will use the 64 bit
libraries to do the drawing via X calls.  Compiling may be difficult
though as Duncan points out below.  chroot is a command that can only be
executed by root since if you could (as a user) create your own chroot
jail it would be easy to compromise the system from there.  The only
real thing it does is change the root of the file system to prevent
unauthorized access to other parts of the filesystem (outside the
chroot) by things running inside the jail.  You have to be root to enter
the jail but it is a good idea to drop root privs shortly after.

> I don't really know what that is, but esearch says "a RAD tool for BASIC".
> Is it X based?  If so, you'll need the 32-bit xlibs and whatever else it
> needs, withh appropriate headers, accessible from the 32-bit chroot so it
> (or whatever dependencies it has) can compile against them.
> 
> The 32-bit chroot stuff in the technotes explain a bit about how to set it
> up and what you can remount in your chroot and what not.  The
> compatibility packages do contain the 32-bit xlibs in binary form, but I'm
> not sure they have all the headers and the like for you to actually
> compile against.  Thus, I'm not sure whether you have to compile X in the
> chroot or whether you can short-circuit that by making the binary compat
> packages available in the chroot.  Do note, in any case, that the compat
> packages aren't all that optimized, so you might be better off compiling x
> in 32-bit anyway, if just to get the optimized libs.

Opinion seconded.

> Here's how all that works in terms of X.  You'll be running the 64-bit
> X-server.  That's fine.  32-bit stuff can connect to it.  However, you
> can't mix 32-bit and 64-bit executables and libraries.  You can't load
> 64-bit X client-libs into your 32-bit X-client app.  That just doesn't
> work, for the same reason you can't load 32-bit codecs in a 64-bit mplayer
> or 32-bit plugins in a 64-bit browser (tho konqueror has a plugin proxy
> that does the job).  As I said, the 32-bit binary compatibility libs do
> contain the necessary X client-libs.  However, they may not contain the
> headers necessarily to actually compile against them, thus being useful
> for 32-bit precompiled stuff only.
> 
> So... for now, you'll likely have to compile all of X in 32-bit mode as
> well.

It is easier to do so but can be avoided with a lot of work.  I took the
easier way.

> FWIW, that's going to change with xorg-7.0, the modular-X now under
> development (there's an -rc in portage, hard-masked for testing). 
> Upstream is splitting the monolithic package into a rather large number of
> component modules, and Gentoo is doing likewise.  When it's all done,
> packages won't depend on X, but on the specific X-modules they need, the
> client-libs for most X client-apps, and specific other modules as needed. 
> Thus, most folks will be able to avoid compiling at least all the extra
> drivers for hardware they don't have, and in cases like this, only the
> bare minimum necessary packages would be compiled to fill the
> dependencies, likely only xlib.

Yes, spyderous is doing amazing work here.  I've looked over some of his
stuff and Donnie is going to make X in Gentoo awesome.  There is a good
paper on the topic here:  http://www.rahul.net/kenton/module.html  There
is also a great write up on the current state of X and where it needs to
go by Jon here:  http://www.freedesktop.org/~jonsmirl/graphics.html

> Back to the now.  If gambas isn't an X app, the dependency may be down the
> dependency chain a bit.  It's  possible you could avoid it by tweaking
> your 32-bit chroot USE flags.  You'll probably want them fairly minimal,
> anyway, certainly in the 32-bit make.conf, and make use of  package.use to
> turn on specific flags where you /do/ want them.
> 
> -- 
> Duncan - List replies preferred.   No HTML msgs.
> "Every nonfree program has a lord, a master --
> and if you use the program, he is your master."  Richard Stallman in
> http://www.linuxdevcenter.com/pub/a/linux/2004/12/22/rms_interview.html
> 

Somewhere in this thread is the mention of ssh to run a 32 bit program.
That is a poor solution in my opinion.  The suggestion was made to mount
the /tmp dirs and other things and I do this at boot.  Further I have
written a program that will allow any user (approved by the sudoers file
in the chroot and the regular root) to run any program from wherever
they are without the headache of becoming root, etc..  Here ya go:

#!/bin/bash
#
#  Written and Copyright by Tres Melton (2005)
#
#  Run a 32 bit program from 64 bit space
#
#       If parameters given then execute the command instead of /bin/bash
#       If no parameters then create a new 32 bit chroot jail shell
#

JAIL_DIR="/mnt/sdb3/Gentoo-32"

if [ $# -eq 0 ] ; then
  echo "Starting 32 bit shell..."
  /bin/linux32 sudo chroot ${JAIL_DIR} /usr/bin/sudo -u "#${UID}" bash -c "( cd ~ ; /bin/bash )"
else
  echo "Starting a 32 bit shell to run \"$*\""
  /bin/linux32 sudo chroot ${JAIL_DIR} /usr/bin/sudo -u "#${UID}" bash -c "( cd ~ ; $* )"
fi

Hope that helps some.  Regards,
-- 
Tres Melton
IRC & Gentoo: RiverRat

-- 
gentoo-amd64@gentoo.org mailing list

Re: [gentoo-amd64] Re: Installing into a 32-bit chroot?

[Peter Humphrey]

Tres Melton wrote:

> Somewhere in this thread is the mention of ssh to run a 32 bit program.
> That is a poor solution in my opinion.  The suggestion was made to mount
> the /tmp dirs and other things and I do this at boot.  Further I have
> written a program that will allow any user (approved by the sudoers file
> in the chroot and the regular root) to run any program from wherever
> they are without the headache of becoming root, etc..  Here ya go:
> 
> #!/bin/bash
> #
> #  Written and Copyright by Tres Melton (2005)
> #
> #  Run a 32 bit program from 64 bit space
> #
> #       If parameters given then execute the command instead of /bin/bash
> #       If no parameters then create a new 32 bit chroot jail shell
> #
> 
> JAIL_DIR="/mnt/sdb3/Gentoo-32"
> 
> if [ $# -eq 0 ] ; then
>   echo "Starting 32 bit shell..."
>   /bin/linux32 sudo chroot ${JAIL_DIR} /usr/bin/sudo -u "#${UID}" bash -c "( cd ~ ; /bin/bash )"
> else
>   echo "Starting a 32 bit shell to run \"$*\""
>   /bin/linux32 sudo chroot ${JAIL_DIR} /usr/bin/sudo -u "#${UID}" bash -c "( cd ~ ; $* )"
> fi
> 
> Hope that helps some.  Regards,

Certainly does - thanks Tres.

-- 
Rgds
Peter Humphrey
Linux Counter 5290, Aug 93.
-- 
gentoo-amd64@gentoo.org mailing list

Re: [gentoo-amd64] Re: Installing into a 32-bit chroot?

[Billy Holmes]

Tres Melton wrote:
> the /tmp dirs and other things and I do this at boot.  Further I have
> written a program that will allow any user (approved by the sudoers file
> in the chroot and the regular root) to run any program from wherever
> they are without the headache of becoming root, etc..  Here ya go:

I actually did the same thing, but I'm combined some code from chroot 
and linux32 and made my own "l32".

install as:
# install -o root -g root -m 4555 l32 $BIN_DIR

invoke as:
$ l32 $PROGRAM

If it can't change into the CWD from the chroot (I use mount --bind for 
/home and /tmp), then it changes in to the chroot's "/" directory.

Change "LOWDIR" to point to your own 32-bit chroot.

---[snip]---
#include <linux/personality.h>
#undef personality
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <errno.h>
#include <limits.h>

/* Make --3gb the default for buggy Java */
#define STUPID_DEFAULT 1
#define  PER_LINUX32_3GB       (PER_LINUX32 | ADDR_LIMIT_32BIT)

#ifdef STUPID_DEFAULT
#define DFL_PER PER_LINUX32_3GB
#else
#define DFL_PER PER_LINUX32
#endif

const char *LOWDIR="/home/32-bit";
#define malloc_Add	64
#define malloc_Max	INT_MAX>>12	// If it's over 512 kb, then path is too big

int main(int argc,char **argv,char **envp)
{
   int per=DFL_PER;
   char *PWD;
   size_t PWD_size=malloc_Add;

   if (personality(per) < 0)
   {
     fprintf(stderr,"Can't set personality %x : %s\n",per,strerror(errno));
     exit(-1);
   }
   if (argc<2)
   {
     fprintf(stderr,"Usage: %s program (arg1 arg2 arg3 ...)\n",argv[0]);
     exit(-1);
   }
   PWD=malloc(PWD_size);
   while (NULL==getcwd(PWD,PWD_size))
   {
     if (errno==ERANGE)
     {
       if (PWD_size+malloc_Add>malloc_Max)
       {
	fprintf(stderr,"Path is too long: greater than %lu bytes\n",PWD_size);
	exit(-1);
       }
       PWD_size+=malloc_Add;
       PWD=realloc(PWD,PWD_size);
     } else {
       fprintf(stderr,"Unable to determine current working directory: 
%s\n",strerror(errno));
       exit(-1);
     }
   }
   if (chroot(LOWDIR) < 0)
   {
     fprintf(stderr,"Unable to chroot(%s): %s\n",LOWDIR,strerror(errno));
     exit(-1);
   }
   if (seteuid(getuid()) < 0)
   {
     fprintf(stderr,"Unable to suid(%d): %s\n",getuid(),strerror(errno));
     exit(-1);
   }
   // now change into current working dir with no root privs
   if (chdir(PWD) && chdir("/"))
   {
     fprintf(stderr,"Unable to set working directory: 
%s\n",strerror(errno));
     exit(-1);
   }
   free(PWD);
   execvp(argv[1],argv+1);
   exit(-1);
}
// vim: sw=2:cindent:
-- 
gentoo-amd64@gentoo.org mailing list