Running glibc programs: Difference between revisions

From Alpine Linux
m (→‎Chroot method: Fix launcher script. Log on as limited user then sudo)
(space between # and command)
(64 intermediate revisions by 15 users not shown)
Line 1: Line 1:
{{Draft}}
If you want to run [https://www.gnu.org/software/libc/ glibc] programs in Alpine Linux, there are a few ways of doing so. You can install the [https://git.adelielinux.org/adelie/gcompat gcompat] compatibility layer, you can install glibc alongside [https://musl.libc.org/ musl] (manually, as it isn't packaged), or you could do it the easy way and use either Flatpak (the easiest), containers or a chroot.<br>


If you want to run glibc programs under alpine there are a few ways to do so.You could install glibc additional to uclibc (you would have to do this manualy) or you could do the easy way and use a chroot.<br>
Because there are different use cases, this is just a slight overview about what's possible and what's sensible.<br>
Because there are different usecases I want to give a slight overview about what's possible and what is intelligent.<br>


==Your options==
= Your options =
===Using Busybox===
First the most simple approach for setting up a chroot is using a glibc build of busybox.<br>
This approach has just a few downsides:<br>
- You have to link most /bin/ and /usr/bin program against /bin/busybox and some busybox builds break if you don't configure it right.<br>
- You have to manually download every library you need for your program manually.<br><br>
But if you want a small enviroment for one simple use case this is the solution you want.


===Using a livecd===
== gcompat ==
If you prefer any special distri you can always download and extract a livecd and use it as a chroot enviroment.


===Using a stage3 gentoo archive===
gcompat is the go-to compatibility layer for Alpine users.
This is the fastest approach and you have the advantage of controlling which package version of which library you will install.<br>
Drawbacks are as follow:<br>
- Big build.You have to install a portage tree which uses up a lot of space.(It's not 100% necessary if you don't have to install any additional content you don't need it)<br>
- On slow mashines not recommended because you have to compile your packages.<br>


===Using Archlinux or Debian===
{{cmd|apk add {{pkg|gcompat}}}}
If you want a nice running system you can install Arch or Debian in a chroot.This approach isn't as easily executed as the other alternatives, but are in my opinion the cleanest and most recommended for the every day user.


==How to do it==
After that you run your binaries as normal.
Like I said this is just a quick draft so here it comes.
===Using Busybox===
First we need to download busybox.You can choose any of your favourit distros to download a prebuild version.I for instance would use Archlinux packages from http://www.archlinux.org/packages/community/i686/busybox/.<br>
wget http://www.archlinux.org/packages/community/i686/busybox/download/ -O busybox.pkg.tar.xz
wget http://www.archlinux.org/packages/core/i686/glibc/download/ -O glibc.pkg.tar.xz
mkdir -p ~/chroot/usr/bin/ ~/chroot/{dev,proc,root,etc}
for i in *.pkg.tar.xz;do
bsdtar xfJ $i -C ~/chroot
done
cp /etc/resolv.conf ~/chroot/etc/
ln -s /bin/busybox ~/chroot/bin/sh
ln -s /bin/busybox ~/chroot/bin/ln
sudo chroot ~/chroot/ /bin/sh


This creates a simple chroot enviroment which we will expand through all commands included in busybox.
== Flatpak ==
for i in $(busybox --list);do ln -s /bin/busybox /usr/bin/$i;done


===Using a livecd===
Flatpak is by far the easiest method of running any graphical glibc program on Alpine.
WIP
Firstly install it.


===Using a stage3 tar archive===
  {{cmd|apk add {{pkg|flatpak}}}}
Select a mirror from http://www.gentoo.org/main/en/mirrors2.xml , switch to /releases/x86/current-stage3/ and download the latest tar ball (for me stage3-i686-20120124.tar.bz2 ).
  wget http://de-mirror.org/gentoo/releases/x86/current-stage3/stage3-i686-20120124.tar.bz2
mkdir ~/chroot
tar xfj stage3-i686-*.tar.bz2 -C ~/chroot
sudo chroot ~/chroot
And voila you got your working gentoo chroot.<br>
You can now take a look at http://www.gentoo.org/doc/en/?catid=desktop to find out how you can configure and install your system or simply extract/copy the program you need to run in your chroot enviroment and execute it.


===Using Archlinux or Debian===
Then you can run any Flatpak application:
====Arch Linux====
Although pacstrap is included with the arch-install-scripts package it will not work unless the target directory is a mountpoint so the Arch bootstrap image must be used instead (the image is updated every month so change the date in the link as required):


  sudo apk add arch-install-scripts
{{cmd|flatpak run <flatpak name>}}
  mkdir ~/chroot && cd ~/chroot
  curl -O https://mirrors.kernel.org/archlinux/iso/latest/archlinux-bootstrap-2018.01.01-x86_64.tar.gz
  tar xzf archlinux-bootstrap-2018.01.01-x86_64.tar.gz && rm archlinux-bootstrap-2018.01.01-x86_64.tar.gz
  sed -i '/evowise/s/^#//' root.x86_64/etc/pacman.d/mirrorlist
  sudo arch-chroot root.x86_64
  [chroot]# pacman-key --init
  [chroot]# pacman-key --populate archlinux


Once that is done, update the system and install the desired package(s) (denoted by "foo" in this example):
It is recommended to enable [https://flathub.org Flathub] using its instructions [https://flatpak.org/setup/Alpine/ here], as most glibc programs you might need will be packaged there.
 
You can then install applications from it, for example:
 
{{cmd|flatpak install com.valvesoftware.Steam}}
 
== Chroot ==
 
An option that's easier to generalize to other glibc applications is installing a glibc-based distribution into a chroot. You can then either chroot into it, or use a symlink and some configuration to make its glibc (and associated libraries) usable from Alpine.
 
After setting up a chroot using any of the methods described below, the loader can be set up in Alpine like so (these instructions are for a Debian chroot in /var/chroots/debian, on x86_64, but can be adapted to other systems by using the appropriate paths):
 
{{cmd|mkdir -p /lib64
ln -s /var/chroots/debian/lib/x86_64-linux-gnu/ld-2.33.so /lib64
printf '/var/chroots/debian/lib/x86_64-linux-gnu\n/var/chroots/debian/usr/lib/x86_64-linux-gnu\n' > /etc/ld.so.conf
/var/chroots/debian/sbin/ldconfig}}
 
=== Gentoo Linux ===
 
Select a stage3 from [https://www.gentoo.org/downloads/ here] and portage latest from [https://www.gentoo.org/downloads/mirrors/ here] at gentoo/snapshots/portage-latest.tar.xz.
 
First,
 
{{cmd|doas apk add {{pkg|xz}}}}
 
Enter the chroot:
{{cmd|mkdir ~/chroot
cd ~/chroot
tar -xvf stage3-*.tar.xz
tar -xvf portage-latest.tar.xz
mv portage usr
doas mount --bind /dev dev
doas mount --bind /sys sys
doas mount -t proc proc proc
cp /etc/resolv.conf etc
doas chroot . /bin/bash}}
 
And voilà, you have your working Gentoo chroot!<br>
 
You can now take a look at [https://wiki.gentoo.org/wiki/Handbook:Main_Page Gentoo's Handbook] to find out how you can configure and install your system, or simply extract/copy the program you need to run in your chroot enviroment and execute it.
 
Here is a wrapper script that is similar to <code>arch-chroot</code> when you frequently reuse this chroot:
 
Also, create an account with the same user name as host current user to the chroot or make changes to the userspec option to chroot line.
 
{{Cat|gentoo-chroot.sh|<nowiki>!/bin/bash
CHROOT_PATH="/home/$USER/chroot"
cd $CHROOT_PATH
mount | grep $CHROOT_PATH/dev || doas mount --bind /dev dev
mount | grep $CHROOT_PATH/sys || doas mount --bind /sys sys
mount | grep $CHROOT_PATH/proc || doas mount -t proc proc proc
cp /etc/resolv.conf etc
doas chroot --userspec=$USER:users . /bin/bash
echo "You must manually unmount $CHROOT_PATH/dev, $CHROOT_PATH/sys, $CHROOT_PATH/proc."
</nowiki>
}}
 
Do at <code>chmod +x gentoo-chroot.sh</code> to get it to work.
 
=== Arch Linux ===
 
Either use '''pacstrap''' (included with the arch-install-scripts package) or an Arch bootstrap image:
 
{{cmd|doas apk add {{pkg|arch-install-scripts}}
mkdir ~/chroot && cd ~/chroot
curl -O https://mirrors.edge.kernel.org/archlinux/iso/latest/archlinux-bootstrap-x86_64.tar.gz
doas tar xzf archlinux-bootstrap-x86_64.tar.gz && rm archlinux-bootstrap-x86_64.tar.gz
doas sed -i '/evowise/s/^#//' root.x86_64/etc/pacman.d/mirrorlist
doas sed -i '/CheckSpace/s/^/#/' root.x86_64/etc/pacman.conf
doas arch-chroot root.x86_64
[chroot]# pacman-key --init
[chroot]# pacman-key --populate archlinux}}
 
Once that is done, update the system and install the desired package(s) (denoted by ''"foo"'' in this example):
    
    
  [chroot]# pacman -Syu foo
{{cmd|[chroot]# pacman -Syu ''foo''}}
 
=== Debian ===
{{todo|gresec referencs need to be cleanly removed from this section.}}
Use the provided debootstrap package to create the Debian chroot. <code>--arch</code> is optional, depending of your needs.


====Debian====
On the '''linux-grsec''' kernel, you will need to relax chroot limitations:
Use the provided debootstrap package to create the Debian chroot. --arch is optional depending of your needs.<br>
On linux-grsec kernel you'll need to relax chroot limitations.


   sudo apk add debootstrap
   sudo apk add debootstrap
   for i in /proc/sys/kernel/grsecurity/chroot_*; do echo 0 | sudo tee $i; done
   for i in /proc/sys/kernel/grsecurity/chroot_*; do echo 0 | sudo tee $i; done
   mkdir ~/chroot
   mkdir ~/chroot
   sudo debootstrap --arch=i386 wheezy ~/chroot http://http.debian.net/debian/
   sudo debootstrap --arch=i386 wheezy ~/chroot https://deb.debian.org/debian/
   for i in /proc/sys/kernel/grsecurity/chroot_*; do echo 1 | sudo tee $i; done
   for i in /proc/sys/kernel/grsecurity/chroot_*; do echo 1 | sudo tee $i; done
   sudo chroot ~/chroot /bin/bash
   sudo chroot ~/chroot /bin/bash


You can now use apt-get to install needed packages.
You can now use <code>apt-get</code> to install needed packages.
 
==Example==
===Source Dedicated Server===
Here is an easy example of how you can run http://www.srcds.com in a simple busybox chroot.<br>
For this server you will only need the basic chroot and a advanced tar version (the busybox version is not sufficient because of the missing -U command).<br>
wget http://www.archlinux.org/packages/community/i686/busybox/download/ -O busybox.pkg.tar.xz
wget http://www.archlinux.org/packages/core/i686/glibc/download/ -O glibc.pkg.tar.xz
wget http://www.archlinux.org/packages/core/i686/tar/download/ -O tar.pkg.tar.xz
mkdir -p ~/chroot/usr/bin/ ~/chroot/{dev,proc,root,etc}
for i in *.pkg.tar.xz;do
bsdtar xfJ $i -C ~/chroot
done
cp /etc/resolv.conf ~/chroot/etc/
ln -s /bin/busybox ~/chroot/bin/sh
ln -s /bin/busybox ~/chroot/bin/ln
sudo chroot ~/chroot/ /bin/sh
Now that you are in a working chroot you can download the server and install it.You just have to execute the following self explaining commands.
mkdir ~/work
cd ~/work
busybox wget http://www.steampowered.com/download/hldsupdatetool.bin
chmod +x hldsupdatetool.bin
ln -s /bin/busybox ./uncompress
cp /bin/tar . #right now executing programs from $PATH is buggy soon to be fixed (no bug in busybox but in my script)
./hdsupdatetool.bin #you can accept it or not ;)
./steam
./steam
And you should have a working chroot with srcds installed in it.<br>
If you think you are clever or elegant you can use the server with a bash script.
#!/bin/bash
chroot ~/chroot /root/work/steam $@
Just save it (in your alpine installation) under /usr/bin/steam do a chmod +x /usr/bin/steam and have phun.<br>
WARNING:<br>
This script would let steam run with root priviliges.This is not recommended.
 
===MegaCli===
So let's run MegaCli in a chroot to shall we? ;)<br>
First we set up a uclibc chroot :)<br>
MegaCli needs more than just glibc it needs ncurses and the gcc-libs.
wget http://www.archlinux.org/packages/community/i686/busybox/download/ -O busybox.pkg.tar.xz
wget http://www.archlinux.org/packages/core/i686/glibc/download/ -O glibc.pkg.tar.xz
wget http://www.archlinux.org/packages/core/i686/ncurses/download/ -O ncurses.pkg.tar.xz
wget http://www.archlinux.org/packages/core/i686/gcc-libs/download/ -O gcc-libs.pkg.tar.xz
mkdir -p ~/chroot/usr/bin/ ~/chroot/{dev,proc,root,etc,sys}
cp /etc/resolv.conf ~/chroot/etc/
for i in *.pkg.tar.xz;do
bsdtar xfJ $i -C ~/chroot
done
ln -s /bin/busybox ~/chroot/bin/sh
ln -s /bin/busybox ~/chroot/bin/ln
 
After this we visit this site http://www.lsi.com/downloads/Public/MegaRAID%20Common%20Files/8.02.16_MegaCLI.zip and download 8.02.16_MegaCLI.zip.<br>
mkdir tmp
cd tmp
unzip ../8.02.16_MegaCLI.zip
cd LINUX
unzip MegaCliLin.zip
#Now comes code stolen from rpm2cpio
o=`expr 96 + 8`
set `od -j $o -N 8 -t u1 MegaCli-8.02.16-1.i386.rpm`
il=`expr 256 \* \( 256 \* \( 256 \* $2 + $3 \) + $4 \) + $5`
dl=`expr 256 \* \( 256 \* \( 256 \* $6 + $7 \) + $8 \) + $9`
sigsize=`expr 8 + 16 \* $il + $dl`
o=`expr $o + $sigsize + \( 8 - \( $sigsize \% 8 \) \) \% 8 + 8`
set `od -j $o -N 8 -t u1 MegaCli-8.02.16-1.i386.rpm`
il=`expr 256 \* \( 256 \* \( 256 \* $2 + $3 \) + $4 \) + $5`
dl=`expr 256 \* \( 256 \* \( 256 \* $6 + $7 \) + $8 \) + $9`
hdrsize=`expr 8 + 16 \* $il + $dl`
o=`expr $o + $hdrsize`
dd if=MegaCli-8.02.16-1.i386.rpm ibs=$o skip=1 2>/dev/null |bsdtar -xf -
#wow ...
rm opt/MegaRAID/MegaCli/MegaCli64 # who needs 64bit?
cp -r opt/ ~/chroot/
Now we got a working MegaCli client in our chroot.<br>
Like with srcds we don't want to operate from inside the chroot so here is a little script that should ease you up. (use at your own risk)
 
#!/bin/bash
user=$(whoami)
if [ "$user" != "root" ];then
echo "This script needs root access"
exit
fi
mount -t proc proc ~/chroot/proc/
mount --bind /dev/ ~/chroot/dev/
mount --bind /sys/ ~/chroot/sys/
#we may need dev and maybe proc too to use this program
chroot ~/chroot /opt/MegaRAID/MegaCli/MegaCli $@
umount ~/chroot/proc
umount ~/chroot/dev
umount ~/chroot/sys
Save it under /usr/bin/MegaCli .Do a chmod +x /usr/bin/MegaCli and good luck.
Hf
PS
This method takes around 50mb.If you need something smaller you can strip a few files from glibc (not recommended) or work on a squashfs.<br>
With
mksquashfs ~/chroot/ /chroot.sfs -b 65536
you can create a squashfs that is around 15mb small.When you add an unionfs layer you can even use it with write access or you can bind some dirs to the writeable dirs before you chroot into it.<br>
I will look into it later on.<br>
You can save the chroot in another dir than your home dir and you an even install a chroot through a APKBUILD (after someone wrote it).<br>
Through this you could use many glibc dependend programs through one chroot, but be aware that running programs like this should not be standard but only be used in extreme situations like for _closed source_ tools linked against glibc.
 
===Skype on Debian chroot===
WIP - Not yet validated<br>
This is an example on how to run Skype from a Debian 32b chroot.
  sudo chroot ~/chroot
  wget http://www.skype.com/go/getskype-linux-deb
  dpkg -i getskype-linux-deb
To fix missings deps you'll want to use:
  apt-get -f install
Then exit the chroot
  exit
Fix PAX flags on Skype binary - linux-grsec only.<br>
ELF marking with paxctl cannot be used cause Skype binary refuses to run if modified<br>
CONFIG_PAX_XATTR_PAX_FLAGS is NOT yet available in linux-grsec
  sudo apk add attr
  sudo setfattr -n user.pax.flags -v "em" ~/chroot/usr/bin/skype
Mount needed directories in the chroot read-only to limit access to the system devices.<br>
Give write access to /dev/v4l and /dev/snd to let Skype use webcam device - Skype is not compatible with Alsa anymore and requires Pulseaudio running.
  sudo mount -o bind /proc ~/chroot/proc
  sudo mount -o bind,ro,remount /proc ~/chroot/proc
  sudo mount -o bind /sys ~/chroot/sys
  sudo mount -o bind,ro,remount /sys ~/chroot/sys
  sudo mount -o bind /dev ~/chroot/dev
  sudo mount -o bind,ro,remount /dev ~/chroot/dev
  sudo mount -o bind /dev/v4l ~/chroot/dev/v4l
  sudo mount -t tmpfs -o nodev,nosuid,noexec shm $CHROOT_PATH/dev/shm
Enter the chroot and create a user
  sudo chroot ~/chroot
  useradd -G audio,video <username>
  exit
Then run skype as your newly created user
  sudo chroot ~/chroot /bin/su - <username> -c /usr/bin/skype


===Dungeon Crawl (Stone Soup) on Arch===
== Containers ==
Once the Arch system is laid down (to ~/chroot/root.x86_64 in this example), install the game:
  sudo arch-chroot ~/chroot/root.x86_64
  [chroot]# pacman -Syu crawl-tiles
Then exit the chroot and run it with this command:
  sudo arch-chroot ~/chroot/root.x86_64 /bin/su -c 'DISPLAY=:0 crawl-tiles'
A separate user can also be created to run the game, if preferred.


===Spotify===
It's also possible to use Docker or Podman containers with a helper like Distrobox. This allows using graphical programs easily and doesn't require root privileges once set up.


====Docker method====
{{cmd|# apk add {{pkg|distrobox}}}}


Read the [[Docker]] page to install it.  Then, clone the repository below.  It will automate the process of pulling all the dependencies and PaX mark it for the hardened kernel.  The advantage of this container is that it is ready to use and has stripped down many of the /usr/bin executables.  The bad thing is that is unstable.
=== Distrobox + Podman ===


git clone https://github.com/orsonteodoro/docker-arch-spotify-PaXmarked
{{cmd|# apk add {{pkg|podman}}}}


Follow the instructions in the README.md
Then set up rootless Podman, following [[Podman|these steps]].
You'll need to mount your root as shared for Distrobox to function.


====Chroot method====
Fill in {{path|/etc/local.d/mount-rshared.start}} like so:


The Chroot method the preferred method and doesn't have the black screen bug and more stable.  Just translate the Dockerfile instructions (https://github.com/orsonteodoro/docker-arch-spotify-PaXmarked/blob/master/Dockerfile) into native sh (Bourne shell).  The trick again is to run Spotify as root inside the chroot not as regular user with sudo.  Use aplay -l to verify that the soundcard is detected.  When you use this or the docker method which relies on ALSA, there could be a conflict on who grabs the sound card.  Stop all browsers or programs using the sound device outside the chroot or the docker image so that Spotify can use it.
{{cmd|#!/bin/sh
mount --make-rshared /}}


I did some translation.  You may need make changes.
Mark it as executable.


To update, just delete it and call alpine-spotify-installer.sh again.  You still need the Arch Linux bootstrap image.  You extract the image, the run `sudo arch-chroot root.x86_64`.  Then, you copy paste below, `chmod +x alpine-spotify-installer.sh`, then run `./alpine-spotify-installer.sh`.
{{cmd|# chmod +x /etc/local.d/mount-rshared.start}}


{{Cat|alpine-spotify-installer.sh|<nowiki>
Then autostart its service.
# Copyright (c) 2018 Orson Teodoro <orsonteodoro@hotmail.com>
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in all
# copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.


pacman --noconfirm -Syu
{{cmd|# rc-update add local default
&#35; rc-service local start}}


pacman --noconfirm -S base-devel
Finally you can create a container using your chosen image.
pacman --noconfirm -S xorg-server
pacman --noconfirm -S shadow
pacman --noconfirm -S sudo
pacman --noconfirm -S git
chmod 0660 /etc/sudoers
sed -i -e 's|# %wheel ALL=(ALL) NOPASSWD: ALL|%wheel ALL=(ALL) NOPASSWD: ALL\nspotify ALL=(ALL:ALL) NOPASSWD:ALL\n|g' /etc/sudoers || return 1
chmod 0440 /etc/sudoers


echo "Creating user spotify"
{{cmd|$ distrobox create --image debian --name debian
useradd -m spotify
$ distrobox enter debian}}
echo "Deleting password for spotify"
passwd -d spotify


gpasswd -a spotify users
It may also be necessary to allow X authorization for GUI programs to work.
gpasswd -a spotify audio
gpasswd -a spotify video
gpasswd -a spotify wheel


echo "switching to spotify nix account"
{{cmd|$ xhost +si:localuser:$USER}}
su spotify


cd /home/spotify
== Chroot + Bubblewrap ==
mkdir aur
cd aur


cd /home/spotify/aur
It's also possible to use a Debian system chroot with Bubblewrap. This allows running programs without root.
git clone https://aur.archlinux.org/spotify.git
cd /home/spotify/aur/spotify
sudo -u spotify makepkg --noconfirm -si


cd /home/spotify/aur/
{{cmd|# apk add bubblewrap debootstrap
git clone https://aur.archlinux.org/paxctl.git
&#35; mkdir -p /var/chroots/debian
cd /home/spotify/aur/paxctl
&#35; debootstrap --arch amd64 stable /var/chroots/debian/ https://deb.debian.org/debian}}
sudo -u spotify makepkg --noconfirm -si
#for grsecurity kernels like Alpine
sudo paxctl -C /usr/share/spotify/spotify
sudo paxctl -z /usr/share/spotify/spotify
sudo paxctl -m /usr/share/spotify/spotify


sudo pacman --noconfirm -S pulseaudio
Finally we can make an alias for bwrap.
sudo pacman --noconfirm -S pulseaudio-alsa
sudo pacman --noconfirm -S alsa-lib
sudo pacman --noconfirm -S alsa-utils


#confirm that the sound card(s) shows up
{{cmd|$ alias glibc{{=}}"LANG{{=}}en_US.UTF-8 bwrap --bind /var/chroots/debian / --dev-bind /dev /dev --proc /proc --bind /sys /sys --bind /run /run --bind /home /home --ro-bind /etc/resolv.conf /etc/resolv.conf --ro-bind /etc/passwd /etc/passwd --ro-bind /etc/group /etc/group"}}
sudo aplay -l


sudo spotify
To run programs that use X11/Xorg you can use:
</nowiki>
{{cmd|$ alias glibcX11{{=}}"LANG{{=}}en_US.UTF-8 bwrap --bind /var/chroots/debian / --dev-bind /dev /dev --proc /proc --bind /sys /sys --bind /run /run --bind /home /home --ro-bind /etc/resolv.conf /etc/resolv.conf --ro-bind /etc/passwd /etc/passwd --ro-bind /etc/group /etc/group --bind /tmp/.X11-unix/X0 /tmp/.X11-unix/X0 --setenv DISPLAY :0"}}
}}


To make easier create a launcher script:
In this case you might need to use xhost to allow local connections, e.g.:
{{cmd|# xhost + local:}}


{{Cat|run.sh|<nowiki>!/bin/bash
Now we can invoke glibc-built binaries like so:
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
{{cmd|$ glibc ./binary}} or {{cmd|$ glibcX11 ./binary}}  
cd $DIR
sudo arch-chroot root.x86_64 /bin/sh -c "su spotify -c 'sudo spotify'"
</nowiki>
}}


For updating the Chroot or installing dependencies we can mount it and then login as root:
{{cmd|# mount --bind /dev /var/chroots/debian/dev
&#35; mount --bind /proc /var/chroots/debian/proc
&#35; chroot /var/chroots/debian /bin/bash
&#35; apt update && apt upgrade}}


You may want to look at https://github.com/orsonteodoro/docker-arch-spotify-PaXmarked/blob/master/deflate.sh to learn how to lock it down removing the unnecessary cruft in your chroot collections which may be abused.
After installing what you might want to umount the binds for dev and proc to avoid issues.
{{cmd|# umount /var/chroots/debian/dev}}
{{cmd|# umount /var/chroots/debian/proc}}


[[Category:Development]]
[[Category:Development]]
[[Category:Installation]]
[[Category:Installation]]

Revision as of 20:15, 6 March 2024

If you want to run glibc programs in Alpine Linux, there are a few ways of doing so. You can install the gcompat compatibility layer, you can install glibc alongside musl (manually, as it isn't packaged), or you could do it the easy way and use either Flatpak (the easiest), containers or a chroot.

Because there are different use cases, this is just a slight overview about what's possible and what's sensible.

Your options

gcompat

gcompat is the go-to compatibility layer for Alpine users.

apk add gcompat

After that you run your binaries as normal.

Flatpak

Flatpak is by far the easiest method of running any graphical glibc program on Alpine. Firstly install it.

apk add flatpak

Then you can run any Flatpak application:

flatpak run <flatpak name>

It is recommended to enable Flathub using its instructions here, as most glibc programs you might need will be packaged there.

You can then install applications from it, for example:

flatpak install com.valvesoftware.Steam

Chroot

An option that's easier to generalize to other glibc applications is installing a glibc-based distribution into a chroot. You can then either chroot into it, or use a symlink and some configuration to make its glibc (and associated libraries) usable from Alpine.

After setting up a chroot using any of the methods described below, the loader can be set up in Alpine like so (these instructions are for a Debian chroot in /var/chroots/debian, on x86_64, but can be adapted to other systems by using the appropriate paths):

mkdir -p /lib64 ln -s /var/chroots/debian/lib/x86_64-linux-gnu/ld-2.33.so /lib64 printf '/var/chroots/debian/lib/x86_64-linux-gnu\n/var/chroots/debian/usr/lib/x86_64-linux-gnu\n' > /etc/ld.so.conf /var/chroots/debian/sbin/ldconfig

Gentoo Linux

Select a stage3 from here and portage latest from here at gentoo/snapshots/portage-latest.tar.xz.

First,

doas apk add xz

Enter the chroot:

mkdir ~/chroot cd ~/chroot tar -xvf stage3-*.tar.xz tar -xvf portage-latest.tar.xz mv portage usr doas mount --bind /dev dev doas mount --bind /sys sys doas mount -t proc proc proc cp /etc/resolv.conf etc doas chroot . /bin/bash

And voilà, you have your working Gentoo chroot!

You can now take a look at Gentoo's Handbook to find out how you can configure and install your system, or simply extract/copy the program you need to run in your chroot enviroment and execute it.

Here is a wrapper script that is similar to arch-chroot when you frequently reuse this chroot:

Also, create an account with the same user name as host current user to the chroot or make changes to the userspec option to chroot line.

Contents of gentoo-chroot.sh

!/bin/bash CHROOT_PATH="/home/$USER/chroot" cd $CHROOT_PATH mount | grep $CHROOT_PATH/dev || doas mount --bind /dev dev mount | grep $CHROOT_PATH/sys || doas mount --bind /sys sys mount | grep $CHROOT_PATH/proc || doas mount -t proc proc proc cp /etc/resolv.conf etc doas chroot --userspec=$USER:users . /bin/bash echo "You must manually unmount $CHROOT_PATH/dev, $CHROOT_PATH/sys, $CHROOT_PATH/proc."

Do at chmod +x gentoo-chroot.sh to get it to work.

Arch Linux

Either use pacstrap (included with the arch-install-scripts package) or an Arch bootstrap image:

doas apk add arch-install-scripts mkdir ~/chroot && cd ~/chroot curl -O https://mirrors.edge.kernel.org/archlinux/iso/latest/archlinux-bootstrap-x86_64.tar.gz doas tar xzf archlinux-bootstrap-x86_64.tar.gz && rm archlinux-bootstrap-x86_64.tar.gz doas sed -i '/evowise/s/^#//' root.x86_64/etc/pacman.d/mirrorlist doas sed -i '/CheckSpace/s/^/#/' root.x86_64/etc/pacman.conf doas arch-chroot root.x86_64 [chroot]# pacman-key --init [chroot]# pacman-key --populate archlinux

Once that is done, update the system and install the desired package(s) (denoted by "foo" in this example):

[chroot]# pacman -Syu foo

Debian

Todo: gresec referencs need to be cleanly removed from this section.


Use the provided debootstrap package to create the Debian chroot. --arch is optional, depending of your needs.

On the linux-grsec kernel, you will need to relax chroot limitations: 

 sudo apk add debootstrap
 for i in /proc/sys/kernel/grsecurity/chroot_*; do echo 0 | sudo tee $i; done
 mkdir ~/chroot
 sudo debootstrap --arch=i386 wheezy ~/chroot https://deb.debian.org/debian/
 for i in /proc/sys/kernel/grsecurity/chroot_*; do echo 1 | sudo tee $i; done
 sudo chroot ~/chroot /bin/bash

You can now use apt-get to install needed packages.

Containers

It's also possible to use Docker or Podman containers with a helper like Distrobox. This allows using graphical programs easily and doesn't require root privileges once set up.

# apk add distrobox

Distrobox + Podman

# apk add podman

Then set up rootless Podman, following these steps. You'll need to mount your root as shared for Distrobox to function.

Fill in /etc/local.d/mount-rshared.start like so:

#!/bin/sh mount --make-rshared /

Mark it as executable.

# chmod +x /etc/local.d/mount-rshared.start

Then autostart its service.

# rc-update add local default # rc-service local start

Finally you can create a container using your chosen image.

$ distrobox create --image debian --name debian $ distrobox enter debian

It may also be necessary to allow X authorization for GUI programs to work.

$ xhost +si:localuser:$USER

Chroot + Bubblewrap

It's also possible to use a Debian system chroot with Bubblewrap. This allows running programs without root.

# apk add bubblewrap debootstrap # mkdir -p /var/chroots/debian # debootstrap --arch amd64 stable /var/chroots/debian/ https://deb.debian.org/debian

Finally we can make an alias for bwrap.

$ alias glibc="LANG=en_US.UTF-8 bwrap --bind /var/chroots/debian / --dev-bind /dev /dev --proc /proc --bind /sys /sys --bind /run /run --bind /home /home --ro-bind /etc/resolv.conf /etc/resolv.conf --ro-bind /etc/passwd /etc/passwd --ro-bind /etc/group /etc/group"

To run programs that use X11/Xorg you can use:

$ alias glibcX11="LANG=en_US.UTF-8 bwrap --bind /var/chroots/debian / --dev-bind /dev /dev --proc /proc --bind /sys /sys --bind /run /run --bind /home /home --ro-bind /etc/resolv.conf /etc/resolv.conf --ro-bind /etc/passwd /etc/passwd --ro-bind /etc/group /etc/group --bind /tmp/.X11-unix/X0 /tmp/.X11-unix/X0 --setenv DISPLAY :0"

In this case you might need to use xhost to allow local connections, e.g.:

# xhost + local:

Now we can invoke glibc-built binaries like so:

$ glibc ./binary

or

$ glibcX11 ./binary

For updating the Chroot or installing dependencies we can mount it and then login as root:

# mount --bind /dev /var/chroots/debian/dev # mount --bind /proc /var/chroots/debian/proc # chroot /var/chroots/debian /bin/bash # apt update && apt upgrade

After installing what you might want to umount the binds for dev and proc to avoid issues.

# umount /var/chroots/debian/dev

# umount /var/chroots/debian/proc

Retrieved from "https://wiki.alpinelinux.org/w/index.php?title=Running_glibc_programs&oldid=26576"