Running glibc programs: Difference between revisions
m (→Chroot method: Remove PulseAudio packages) |
(Added and/or updated various links; amended expressions, styles, heading levels) |
||
| Line 1: | Line 1: | ||
{{Draft}} | {{Draft}} | ||
If you want to run glibc programs | If you want to run [https://www.gnu.org/software/libc/ glibc] programs in Alpine Linux, there are a few ways of doing so. You could install glibc as additional to [https://uclibc.org/about.html uclibc] (you would have to do this manually), or you could do it the easy way and use a chroot.<br> | ||
Because there are different use cases, this is just a slight overview about what's possible and what's intelligent.<br> | |||
== | = Your options = | ||
===Using | == Using BusyBox == | ||
If you want a nice running system you can install Arch or Debian in a chroot.This approach isn't as easily executed as the other alternatives, but | |||
First, the most simple approach for setting up a chroot is by using a glibc build of [https://www.busybox.net/about.html BusyBox]. | |||
This approach has just a few downsides:- | |||
* You have to link most <code>/bin/</code> and <code>/usr/bin</code> programs against <code>/bin/busybox</code>, and some BusyBox builds break if you don't configure them correctly. | |||
* You have to manually download every library you need for your program manually. | |||
However, if you want a small environment for one simple use case, then this is the solution you want. | |||
== Using a live CD == | |||
If you prefer using any special distro, you can always download and extract a live CD and use it as a chroot enviroment. | |||
== Using a stage3 Gentoo archive == | |||
This is the fastest approach, and you have the advantage of controlling the package version of whichever library you will install. | |||
Drawbacks are as follows:- | |||
* A big build. You have to install a Portage tree, which uses up a lot of space. (It's not 100% necessary if you don't have to install any additional content that you won't need.)<br> | |||
* On slow machines, it is not recommended because you need to compile your packages.<br> | |||
== Using Arch Linux or Debian == | |||
If you want a nice running system, you can install Arch or Debian in a chroot. This approach isn't as easily executed as the other alternatives, but this may be the cleanest and most recommended one for the every day user. | |||
= How to do it = | |||
This is just a quick draft, so here it comes. | |||
== Using BusyBox == | |||
First, we need to download BusyBox. You can choose any of your favourite distros to download a prebuilt version. For instance, you could use Arch Linux [https://www.archlinux.org/packages/?q=busybox packages], as follows: | |||
wget http://www.archlinux.org/packages/community/i686/busybox/download/ -O busybox.pkg.tar.xz | wget http://www.archlinux.org/packages/community/i686/busybox/download/ -O busybox.pkg.tar.xz | ||
wget http://www.archlinux.org/packages/core/i686/glibc/download/ -O glibc.pkg.tar.xz | wget http://www.archlinux.org/packages/core/i686/glibc/download/ -O glibc.pkg.tar.xz | ||
| Line 39: | Line 54: | ||
sudo chroot ~/chroot/ /bin/sh | sudo chroot ~/chroot/ /bin/sh | ||
This creates a simple chroot enviroment which we will expand through all commands included in | This creates a simple chroot enviroment, which we will expand through all the commands included in BusyBox: | ||
for i in $(busybox --list);do ln -s /bin/busybox /usr/bin/$i;done | for i in $(busybox --list);do ln -s /bin/busybox /usr/bin/$i;done | ||
===Using a stage3 tar archive== | == Using a live CD == | ||
Select a mirror from http://www.gentoo.org/main/en/mirrors2.xml , switch to /releases/x86/current-stage3/ and download the latest tar ball (for | {{Draft|Contributions welcome}} | ||
== Using a stage3 tar archive == | |||
Select a mirror from [http://www.gentoo.org/main/en/mirrors2.xml here], switch to <code>/releases/x86/current-stage3/</code> and download the latest tar ball (for example, '''stage3-i686-20120124.tar.bz2'''). | |||
wget http://de-mirror.org/gentoo/releases/x86/current-stage3/stage3-i686-20120124.tar.bz2 | wget http://de-mirror.org/gentoo/releases/x86/current-stage3/stage3-i686-20120124.tar.bz2 | ||
Enter the chroot: | |||
mkdir ~/chroot | mkdir ~/chroot | ||
tar xfj stage3-i686-*.tar.bz2 -C ~/chroot | tar xfj stage3-i686-*.tar.bz2 -C ~/chroot | ||
sudo chroot ~/chroot | sudo chroot ~/chroot | ||
And voilà, you have your working Gentoo chroot!<br> | |||
Although pacstrap is included with the arch-install-scripts package it will not work unless the target directory is a mountpoint so the Arch bootstrap image must be used instead (the image is updated every month so change the date in the link as required): | You can now take a look at [https://wiki.gentoo.org/wiki/Handbook:Main_Page Gentoo's Handbook] to find out how you can configure and install your system, or simply extract/copy the program you need to run in your chroot enviroment and execute it. | ||
== Using Arch Linux or Debian == | |||
=== Arch Linux === | |||
Although '''pacstrap''' is included with the arch-install-scripts package, it will not work unless the target directory is a mountpoint, so the Arch bootstrap image must be used instead (the image is updated every month, so change the date in the link as required): | |||
sudo apk add arch-install-scripts | sudo apk add arch-install-scripts | ||
| Line 67: | Line 93: | ||
[chroot]# pacman-key --populate archlinux | [chroot]# pacman-key --populate archlinux | ||
Once that is done, update the system and install the desired package(s) (denoted by "foo" in this example): | Once that is done, update the system and install the desired package(s) (denoted by ''"foo"'' in this example): | ||
[chroot]# pacman -Syu foo | [chroot]# pacman -Syu ''foo'' | ||
=== Debian === | |||
Use the provided debootstrap package to create the Debian chroot. <code>--arch</code> is optional, depending of your needs. | |||
Use the provided debootstrap package to create the Debian chroot. --arch is optional depending of your needs. | |||
On linux-grsec kernel you | On the '''linux-grsec''' kernel, you will need to relax chroot limitations: | ||
sudo apk add debootstrap | sudo apk add debootstrap | ||
| Line 82: | Line 110: | ||
sudo chroot ~/chroot /bin/bash | sudo chroot ~/chroot /bin/bash | ||
You can now use apt-get to install needed packages. | You can now use <code>apt-get</code> to install needed packages. | ||
== Examples == | |||
=== Source dedicated server === | |||
Here is an easy example of how you can run [http://www.srcds.com srcds] in a simple BusyBox chroot. | |||
For this server, you will only need the basic chroot and an advanced tar version (the BusyBox version is not sufficient because of the missing -U command): | |||
wget http://www.archlinux.org/packages/community/i686/busybox/download/ -O busybox.pkg.tar.xz | wget http://www.archlinux.org/packages/community/i686/busybox/download/ -O busybox.pkg.tar.xz | ||
wget http://www.archlinux.org/packages/core/i686/glibc/download/ -O glibc.pkg.tar.xz | wget http://www.archlinux.org/packages/core/i686/glibc/download/ -O glibc.pkg.tar.xz | ||
| Line 99: | Line 132: | ||
ln -s /bin/busybox ~/chroot/bin/ln | ln -s /bin/busybox ~/chroot/bin/ln | ||
sudo chroot ~/chroot/ /bin/sh | sudo chroot ~/chroot/ /bin/sh | ||
Now that you are in a working chroot you can download the server and install it.You just have to execute the following self explaining commands. | |||
Now that you are in a working chroot, you can download the server and install it. You just have to execute the following self-explaining commands... | |||
mkdir ~/work | mkdir ~/work | ||
cd ~/work | cd ~/work | ||
| Line 105: | Line 140: | ||
chmod +x hldsupdatetool.bin | chmod +x hldsupdatetool.bin | ||
ln -s /bin/busybox ./uncompress | ln -s /bin/busybox ./uncompress | ||
cp /bin/tar . #right now executing programs from $PATH is buggy soon to be fixed (no bug in | cp /bin/tar . #right now executing programs from $PATH is buggy, soon to be fixed (no bug in BusyBox, but in my script) | ||
./hdsupdatetool.bin #you can accept it or not ;) | ./hdsupdatetool.bin #you can accept it or not ;) | ||
./steam | ./steam | ||
./steam | ./steam | ||
If you think you are clever or elegant you can use the server with a bash script | ...and you should have a working chroot with '''srcds''' installed in it. | ||
If you think you are clever or elegant, you can use the server with a bash script: | |||
#!/bin/bash | #!/bin/bash | ||
chroot ~/chroot /root/work/steam $@ | chroot ~/chroot /root/work/steam $@ | ||
===MegaCli=== | Just save it (in your Alpine installation) under <code>/usr/bin/steam</code>, do a <code>chmod +x /usr/bin/steam</code> and have fun! | ||
So let's run MegaCli in a chroot | |||
First we set up a uclibc chroot :) | {{Warning|This script would let '''Steam''' run with root priviliges. This is not recommended.}} | ||
MegaCli needs more than just glibc | |||
=== MegaCli === | |||
So let's run [https://wikitech.wikimedia.org/wiki/MegaCli MegaCli] in a chroot too, shall we? ;) | |||
First we set up a uclibc chroot :) | |||
'''MegaCli''' needs more than just glibc. It needs [https://www.gnu.org/software/ncurses/ ncurses] and the gcc-libs: | |||
wget http://www.archlinux.org/packages/community/i686/busybox/download/ -O busybox.pkg.tar.xz | wget http://www.archlinux.org/packages/community/i686/busybox/download/ -O busybox.pkg.tar.xz | ||
wget http://www.archlinux.org/packages/core/i686/glibc/download/ -O glibc.pkg.tar.xz | wget http://www.archlinux.org/packages/core/i686/glibc/download/ -O glibc.pkg.tar.xz | ||
| Line 133: | Line 176: | ||
ln -s /bin/busybox ~/chroot/bin/ln | ln -s /bin/busybox ~/chroot/bin/ln | ||
After this we visit | After this, we visit [http://www.lsi.com/downloads/Public/MegaRAID%20Common%20Files/8.02.16_MegaCLI.zip this] site and download '''8.02.16_MegaCLI.zip'''. | ||
mkdir tmp | mkdir tmp | ||
cd tmp | cd tmp | ||
| Line 155: | Line 199: | ||
rm opt/MegaRAID/MegaCli/MegaCli64 # who needs 64bit? | rm opt/MegaRAID/MegaCli/MegaCli64 # who needs 64bit? | ||
cp -r opt/ ~/chroot/ | cp -r opt/ ~/chroot/ | ||
Now we | |||
Now we have a working '''MegaCli''' client in our chroot. | |||
As with '''srcds''', we do not want to operate from inside the chroot, so here is a little script that should ease you up (use at your own risk): | |||
#!/bin/bash | #!/bin/bash | ||
| Line 172: | Line 218: | ||
umount ~/chroot/dev | umount ~/chroot/dev | ||
umount ~/chroot/sys | umount ~/chroot/sys | ||
Save it under /usr/bin/MegaCli .Do a chmod +x /usr/bin/MegaCli and good luck. | |||
Save it under <code>/usr/bin/MegaCli</code>. Do a <code>chmod +x /usr/bin/MegaCli</code> and good luck. | |||
This method takes around 50mb.If you need something smaller you can strip a few files from glibc (not recommended) or work on a squashfs. | Note: This method takes around 50mb. If you need something smaller, then you can strip a few files from glibc (not recommended), or work on a squashfs. | ||
With | |||
With the following, you can create a squashfs that is around 15mb small: | |||
mksquashfs ~/chroot/ /chroot.sfs -b 65536 | mksquashfs ~/chroot/ /chroot.sfs -b 65536 | ||
===Skype on Debian chroot=== | When you add a [https://en.wikipedia.org/wiki/UnionFS unionfs] layer, you can even use it with write access, or you can bind some directories to the writeable directories before you chroot into it. | ||
This is an example on how to run Skype from a Debian 32b chroot. | I will look into it later on. | ||
You can save the chroot in another directory than your home directory, and you can even install a chroot through an APKBUILD (after someone wrote it). | |||
With this, you could use many glibc-dependent programs through one chroot, but be aware that running programs like this should not be standard. This should only be used in extreme situations, as in _closed source_ tools linked against glibc. | |||
=== Skype on Debian chroot === | |||
{{Draft|Not yet validated}} | |||
This is an example on how to run '''Skype''' from a Debian 32b chroot. | |||
sudo chroot ~/chroot | sudo chroot ~/chroot | ||
wget http://www.skype.com/go/getskype-linux-deb | wget http://www.skype.com/go/getskype-linux-deb | ||
dpkg -i getskype-linux-deb | dpkg -i getskype-linux-deb | ||
To fix | |||
To fix missing dependencies, you will want to use: | |||
apt-get -f install | apt-get -f install | ||
Then exit the chroot | |||
Then, exit the chroot: | |||
exit | exit | ||
Fix PAX flags on Skype binary - linux-grsec only. | |||
ELF marking with paxctl cannot be used | Fix PAX flags on Skype binary - '''linux-grsec''' only. | ||
CONFIG_PAX_XATTR_PAX_FLAGS is NOT yet available in linux-grsec | |||
ELF marking with paxctl cannot be used because Skype binary refuses to run if modified. | |||
<code>CONFIG_PAX_XATTR_PAX_FLAGS</code> is NOT yet available in '''linux-grsec'''. | |||
sudo apk add attr | sudo apk add attr | ||
sudo setfattr -n user.pax.flags -v "em" ~/chroot/usr/bin/skype | sudo setfattr -n user.pax.flags -v "em" ~/chroot/usr/bin/skype | ||
Mount needed directories in the chroot read-only to limit access to the system devices. | |||
Give write access to /dev/v4l and /dev/snd to let Skype use webcam device | Mount needed directories in the chroot read-only to limit access to the system devices. | ||
Give write access to <code>/dev/v4l</code> and to <code>/dev/snd</code> in order to let Skype use the webcam device: Skype is not compatible with Alsa anymore and requires Pulseaudio to be running. | |||
sudo mount -o bind /proc ~/chroot/proc | sudo mount -o bind /proc ~/chroot/proc | ||
sudo mount -o bind,ro,remount /proc ~/chroot/proc | sudo mount -o bind,ro,remount /proc ~/chroot/proc | ||
| Line 208: | Line 273: | ||
sudo mount -o bind /dev/v4l ~/chroot/dev/v4l | sudo mount -o bind /dev/v4l ~/chroot/dev/v4l | ||
sudo mount -t tmpfs -o nodev,nosuid,noexec shm $CHROOT_PATH/dev/shm | sudo mount -t tmpfs -o nodev,nosuid,noexec shm $CHROOT_PATH/dev/shm | ||
Enter the chroot and create a user | |||
Enter the chroot and create a user: | |||
sudo chroot ~/chroot | sudo chroot ~/chroot | ||
useradd -G audio,video <username> | useradd -G audio,video <username> | ||
exit | exit | ||
Then run | |||
Then run Skype as your newly created user: | |||
sudo chroot ~/chroot /bin/su - <username> -c /usr/bin/skype | sudo chroot ~/chroot /bin/su - <username> -c /usr/bin/skype | ||
===Dungeon Crawl (Stone Soup) on Arch=== | |||
Once the Arch system is laid down (to ~/chroot/root.x86_64 in this example), install the game: | === Dungeon Crawl (Stone Soup) on Arch === | ||
Once the Arch system is laid down (to <code>~/chroot/root.x86_64</code> in this example), install the game: | |||
sudo arch-chroot ~/chroot/root.x86_64 | sudo arch-chroot ~/chroot/root.x86_64 | ||
[chroot]# pacman -Syu crawl-tiles | [chroot]# pacman -Syu crawl-tiles | ||
Then exit the chroot and run it with this command: | Then exit the chroot and run it with this command: | ||
sudo arch-chroot ~/chroot/root.x86_64 /bin/su -c 'DISPLAY=:0 crawl-tiles' | sudo arch-chroot ~/chroot/root.x86_64 /bin/su -c 'DISPLAY=:0 crawl-tiles' | ||
A separate user can also be created to run the game, if preferred. | A separate user can also be created to run the game, if preferred. | ||
====Docker method==== | === Spotify === | ||
==== Docker method ==== | |||
Read the [[Docker]] page to install it. Then | Read the [[Docker]] page to install it. Then clone the repository, as shown below. It will automate the process of pulling all the dependencies, and '''PaX''' marks it for the hardened kernel. The advantage of this container is that it is ready-to-use and has stripped down many of the <code>/usr/bin</code> executables. The downside is that is unstable. | ||
git clone https://github.com/orsonteodoro/docker-arch-spotify-PaXmarked | git clone https://github.com/orsonteodoro/docker-arch-spotify-PaXmarked | ||
Follow the instructions in the README.md | Follow the instructions in the <code>README.md</code> | ||
==== Chroot method ==== | |||
The Chroot method the preferred method; it doesn't have the black screen bug and is more stable. Just translate the [https://github.com/orsonteodoro/docker-arch-spotify-PaXmarked/blob/master/Dockerfile Dockerfile instructions] into native '''sh''' (Bourne shell). The trick again is to run Spotify as root with sudo inside the chroot – not as regular user. | |||
Use <code>sudo aplay -l</code> to verify that the soundcard is detected. When you use either this or the Docker method, which relies on ALSA, there could be a conflict depending on who grabs the sound card. Stop all browsers or programs using the sound device outside of the chroot or the docker image so that Spotify can use it. | |||
I did some translation. You may need make changes. | I did some translation. You may need to make changes. | ||
To update, just delete it and call alpine-spotify-installer.sh again. You still need the Arch Linux bootstrap image. | To update, just delete it and call <code>alpine-spotify-installer.sh</code> again. You will still need the Arch Linux bootstrap image. Extract the image, and then run <code>sudo arch-chroot root.x86_64</code>. Next, copy and paste the code shown below; <code>chmod +x alpine-spotify-installer.sh</code> and run <code>./alpine-spotify-installer.sh</code>. | ||
{{Cat|alpine-spotify-installer.sh|<nowiki> | {{Cat|alpine-spotify-installer.sh|<nowiki> | ||
| Line 317: | Line 395: | ||
}} | }} | ||
To make easier create a launcher script: | To make this easier, create a launcher script: | ||
{{Cat|run.sh|<nowiki>!/bin/bash | {{Cat|run.sh|<nowiki>!/bin/bash | ||
| Line 327: | Line 405: | ||
You may want to look at https://github.com/orsonteodoro/docker-arch-spotify-PaXmarked/blob/master/deflate.sh to learn how to lock it down removing the unnecessary cruft in your chroot collections | You may want to look at [https://github.com/orsonteodoro/docker-arch-spotify-PaXmarked/blob/master/deflate.sh this script] to learn how to lock it down by removing the unnecessary cruft in your chroot collections that may be abused. | ||
[[Category:Development]] | [[Category:Development]] | ||
[[Category:Installation]] | [[Category:Installation]] | ||
Revision as of 04:24, 1 February 2018
 Do not follow instructions here until this notice is removed. |
If you want to run glibc programs in Alpine Linux, there are a few ways of doing so. You could install glibc as additional to uclibc (you would have to do this manually), or you could do it the easy way and use a chroot.
Because there are different use cases, this is just a slight overview about what's possible and what's intelligent.
Your options
Using BusyBox
First, the most simple approach for setting up a chroot is by using a glibc build of BusyBox.
This approach has just a few downsides:-
- You have to link most
/bin/and/usr/binprograms against/bin/busybox, and some BusyBox builds break if you don't configure them correctly. - You have to manually download every library you need for your program manually.
However, if you want a small environment for one simple use case, then this is the solution you want.
Using a live CD
If you prefer using any special distro, you can always download and extract a live CD and use it as a chroot enviroment.
Using a stage3 Gentoo archive
This is the fastest approach, and you have the advantage of controlling the package version of whichever library you will install.
Drawbacks are as follows:-
- A big build. You have to install a Portage tree, which uses up a lot of space. (It's not 100% necessary if you don't have to install any additional content that you won't need.)
- On slow machines, it is not recommended because you need to compile your packages.
Using Arch Linux or Debian
If you want a nice running system, you can install Arch or Debian in a chroot. This approach isn't as easily executed as the other alternatives, but this may be the cleanest and most recommended one for the every day user.
How to do it
This is just a quick draft, so here it comes.
Using BusyBox
First, we need to download BusyBox. You can choose any of your favourite distros to download a prebuilt version. For instance, you could use Arch Linux packages, as follows:
wget http://www.archlinux.org/packages/community/i686/busybox/download/ -O busybox.pkg.tar.xz wget http://www.archlinux.org/packages/core/i686/glibc/download/ -O glibc.pkg.tar.xz mkdir -p ~/chroot/usr/bin/ ~/chroot/{dev,proc,root,etc} for i in *.pkg.tar.xz;do bsdtar xfJ $i -C ~/chroot done cp /etc/resolv.conf ~/chroot/etc/ ln -s /bin/busybox ~/chroot/bin/sh ln -s /bin/busybox ~/chroot/bin/ln sudo chroot ~/chroot/ /bin/sh
This creates a simple chroot enviroment, which we will expand through all the commands included in BusyBox:
for i in $(busybox --list);do ln -s /bin/busybox /usr/bin/$i;done
Using a live CD
Contributions welcome |
Using a stage3 tar archive
Select a mirror from here, switch to /releases/x86/current-stage3/ and download the latest tar ball (for example, stage3-i686-20120124.tar.bz2).
wget http://de-mirror.org/gentoo/releases/x86/current-stage3/stage3-i686-20120124.tar.bz2
Enter the chroot:
mkdir ~/chroot tar xfj stage3-i686-*.tar.bz2 -C ~/chroot sudo chroot ~/chroot
And voilà, you have your working Gentoo chroot!
You can now take a look at Gentoo's Handbook to find out how you can configure and install your system, or simply extract/copy the program you need to run in your chroot enviroment and execute it.
Using Arch Linux or Debian
Arch Linux
Although pacstrap is included with the arch-install-scripts package, it will not work unless the target directory is a mountpoint, so the Arch bootstrap image must be used instead (the image is updated every month, so change the date in the link as required):
sudo apk add arch-install-scripts mkdir ~/chroot && cd ~/chroot curl -O https://mirrors.kernel.org/archlinux/iso/latest/archlinux-bootstrap-2018.01.01-x86_64.tar.gz tar xzf archlinux-bootstrap-2018.01.01-x86_64.tar.gz && rm archlinux-bootstrap-2018.01.01-x86_64.tar.gz sed -i '/evowise/s/^#//' root.x86_64/etc/pacman.d/mirrorlist sudo arch-chroot root.x86_64 [chroot]# pacman-key --init [chroot]# pacman-key --populate archlinux
Once that is done, update the system and install the desired package(s) (denoted by "foo" in this example):
[chroot]# pacman -Syu foo
Debian
Use the provided debootstrap package to create the Debian chroot. --arch is optional, depending of your needs.
On the linux-grsec kernel, you will need to relax chroot limitations:
sudo apk add debootstrap for i in /proc/sys/kernel/grsecurity/chroot_*; do echo 0 | sudo tee $i; done mkdir ~/chroot sudo debootstrap --arch=i386 wheezy ~/chroot http://http.debian.net/debian/ for i in /proc/sys/kernel/grsecurity/chroot_*; do echo 1 | sudo tee $i; done sudo chroot ~/chroot /bin/bash
You can now use apt-get to install needed packages.
Examples
Source dedicated server
Here is an easy example of how you can run srcds in a simple BusyBox chroot.
For this server, you will only need the basic chroot and an advanced tar version (the BusyBox version is not sufficient because of the missing -U command):
wget http://www.archlinux.org/packages/community/i686/busybox/download/ -O busybox.pkg.tar.xz wget http://www.archlinux.org/packages/core/i686/glibc/download/ -O glibc.pkg.tar.xz wget http://www.archlinux.org/packages/core/i686/tar/download/ -O tar.pkg.tar.xz mkdir -p ~/chroot/usr/bin/ ~/chroot/{dev,proc,root,etc} for i in *.pkg.tar.xz;do bsdtar xfJ $i -C ~/chroot done cp /etc/resolv.conf ~/chroot/etc/ ln -s /bin/busybox ~/chroot/bin/sh ln -s /bin/busybox ~/chroot/bin/ln sudo chroot ~/chroot/ /bin/sh
Now that you are in a working chroot, you can download the server and install it. You just have to execute the following self-explaining commands...
mkdir ~/work cd ~/work busybox wget http://www.steampowered.com/download/hldsupdatetool.bin chmod +x hldsupdatetool.bin ln -s /bin/busybox ./uncompress cp /bin/tar . #right now executing programs from $PATH is buggy, soon to be fixed (no bug in BusyBox, but in my script) ./hdsupdatetool.bin #you can accept it or not ;) ./steam ./steam
...and you should have a working chroot with srcds installed in it.
If you think you are clever or elegant, you can use the server with a bash script:
#!/bin/bash chroot ~/chroot /root/work/steam $@
Just save it (in your Alpine installation) under /usr/bin/steam, do a chmod +x /usr/bin/steam and have fun!
Warning: This script would let Steam run with root priviliges. This is not recommended.
MegaCli
So let's run MegaCli in a chroot too, shall we? ;)
First we set up a uclibc chroot :)
MegaCli needs more than just glibc. It needs ncurses and the gcc-libs:
wget http://www.archlinux.org/packages/community/i686/busybox/download/ -O busybox.pkg.tar.xz wget http://www.archlinux.org/packages/core/i686/glibc/download/ -O glibc.pkg.tar.xz wget http://www.archlinux.org/packages/core/i686/ncurses/download/ -O ncurses.pkg.tar.xz wget http://www.archlinux.org/packages/core/i686/gcc-libs/download/ -O gcc-libs.pkg.tar.xz mkdir -p ~/chroot/usr/bin/ ~/chroot/{dev,proc,root,etc,sys} cp /etc/resolv.conf ~/chroot/etc/ for i in *.pkg.tar.xz;do bsdtar xfJ $i -C ~/chroot done ln -s /bin/busybox ~/chroot/bin/sh ln -s /bin/busybox ~/chroot/bin/ln
After this, we visit this site and download 8.02.16_MegaCLI.zip.
mkdir tmp cd tmp unzip ../8.02.16_MegaCLI.zip cd LINUX unzip MegaCliLin.zip #Now comes code stolen from rpm2cpio o=`expr 96 + 8` set `od -j $o -N 8 -t u1 MegaCli-8.02.16-1.i386.rpm` il=`expr 256 \* \( 256 \* \( 256 \* $2 + $3 \) + $4 \) + $5` dl=`expr 256 \* \( 256 \* \( 256 \* $6 + $7 \) + $8 \) + $9` sigsize=`expr 8 + 16 \* $il + $dl` o=`expr $o + $sigsize + \( 8 - \( $sigsize \% 8 \) \) \% 8 + 8` set `od -j $o -N 8 -t u1 MegaCli-8.02.16-1.i386.rpm` il=`expr 256 \* \( 256 \* \( 256 \* $2 + $3 \) + $4 \) + $5` dl=`expr 256 \* \( 256 \* \( 256 \* $6 + $7 \) + $8 \) + $9` hdrsize=`expr 8 + 16 \* $il + $dl` o=`expr $o + $hdrsize` dd if=MegaCli-8.02.16-1.i386.rpm ibs=$o skip=1 2>/dev/null |bsdtar -xf - #wow ... rm opt/MegaRAID/MegaCli/MegaCli64 # who needs 64bit? cp -r opt/ ~/chroot/
Now we have a working MegaCli client in our chroot.
As with srcds, we do not want to operate from inside the chroot, so here is a little script that should ease you up (use at your own risk):
#!/bin/bash user=$(whoami) if [ "$user" != "root" ];then echo "This script needs root access" exit fi mount -t proc proc ~/chroot/proc/ mount --bind /dev/ ~/chroot/dev/ mount --bind /sys/ ~/chroot/sys/ #we may need dev and maybe proc too to use this program chroot ~/chroot /opt/MegaRAID/MegaCli/MegaCli $@ umount ~/chroot/proc umount ~/chroot/dev umount ~/chroot/sys
Save it under /usr/bin/MegaCli. Do a chmod +x /usr/bin/MegaCli and good luck.
Note: This method takes around 50mb. If you need something smaller, then you can strip a few files from glibc (not recommended), or work on a squashfs.
With the following, you can create a squashfs that is around 15mb small:
mksquashfs ~/chroot/ /chroot.sfs -b 65536
When you add a unionfs layer, you can even use it with write access, or you can bind some directories to the writeable directories before you chroot into it.
I will look into it later on.
You can save the chroot in another directory than your home directory, and you can even install a chroot through an APKBUILD (after someone wrote it).
With this, you could use many glibc-dependent programs through one chroot, but be aware that running programs like this should not be standard. This should only be used in extreme situations, as in _closed source_ tools linked against glibc.
Skype on Debian chroot
Not yet validated |
This is an example on how to run Skype from a Debian 32b chroot.
sudo chroot ~/chroot wget http://www.skype.com/go/getskype-linux-deb dpkg -i getskype-linux-deb
To fix missing dependencies, you will want to use:
apt-get -f install
Then, exit the chroot:
exit
Fix PAX flags on Skype binary - linux-grsec only.
ELF marking with paxctl cannot be used because Skype binary refuses to run if modified.
CONFIG_PAX_XATTR_PAX_FLAGS is NOT yet available in linux-grsec.
sudo apk add attr sudo setfattr -n user.pax.flags -v "em" ~/chroot/usr/bin/skype
Mount needed directories in the chroot read-only to limit access to the system devices.
Give write access to /dev/v4l and to /dev/snd in order to let Skype use the webcam device: Skype is not compatible with Alsa anymore and requires Pulseaudio to be running.
sudo mount -o bind /proc ~/chroot/proc sudo mount -o bind,ro,remount /proc ~/chroot/proc sudo mount -o bind /sys ~/chroot/sys sudo mount -o bind,ro,remount /sys ~/chroot/sys sudo mount -o bind /dev ~/chroot/dev sudo mount -o bind,ro,remount /dev ~/chroot/dev sudo mount -o bind /dev/v4l ~/chroot/dev/v4l sudo mount -t tmpfs -o nodev,nosuid,noexec shm $CHROOT_PATH/dev/shm
Enter the chroot and create a user:
sudo chroot ~/chroot useradd -G audio,video <username> exit
Then run Skype as your newly created user:
sudo chroot ~/chroot /bin/su - <username> -c /usr/bin/skype
Dungeon Crawl (Stone Soup) on Arch
Once the Arch system is laid down (to ~/chroot/root.x86_64 in this example), install the game:
sudo arch-chroot ~/chroot/root.x86_64 [chroot]# pacman -Syu crawl-tiles
Then exit the chroot and run it with this command:
sudo arch-chroot ~/chroot/root.x86_64 /bin/su -c 'DISPLAY=:0 crawl-tiles'
A separate user can also be created to run the game, if preferred.
Spotify
Docker method
Read the Docker page to install it. Then clone the repository, as shown below. It will automate the process of pulling all the dependencies, and PaX marks it for the hardened kernel. The advantage of this container is that it is ready-to-use and has stripped down many of the /usr/bin executables. The downside is that is unstable.
git clone https://github.com/orsonteodoro/docker-arch-spotify-PaXmarked
Follow the instructions in the README.md
Chroot method
The Chroot method the preferred method; it doesn't have the black screen bug and is more stable. Just translate the Dockerfile instructions into native sh (Bourne shell). The trick again is to run Spotify as root with sudo inside the chroot – not as regular user.
Use sudo aplay -l to verify that the soundcard is detected. When you use either this or the Docker method, which relies on ALSA, there could be a conflict depending on who grabs the sound card. Stop all browsers or programs using the sound device outside of the chroot or the docker image so that Spotify can use it.
I did some translation. You may need to make changes.
To update, just delete it and call alpine-spotify-installer.sh again. You will still need the Arch Linux bootstrap image. Extract the image, and then run sudo arch-chroot root.x86_64. Next, copy and paste the code shown below; chmod +x alpine-spotify-installer.sh and run ./alpine-spotify-installer.sh.
Contents of alpine-spotify-installer.sh
# Copyright (c) 2018 Orson Teodoro <orsonteodoro@hotmail.com>
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in all
# copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
pacman --noconfirm -Syu
pacman --noconfirm -S base-devel
pacman --noconfirm -S xorg-server
pacman --noconfirm -S shadow
pacman --noconfirm -S sudo
pacman --noconfirm -S git
chmod 0660 /etc/sudoers
sed -i -e 's|# %wheel ALL=(ALL) NOPASSWD: ALL|%wheel ALL=(ALL) NOPASSWD: ALL\nspotify ALL=(ALL:ALL) NOPASSWD:ALL\n|g' /etc/sudoers || return 1
chmod 0440 /etc/sudoers
echo "Creating user spotify"
useradd -m spotify
echo "Deleting password for spotify"
passwd -d spotify
gpasswd -a spotify users
gpasswd -a spotify audio
gpasswd -a spotify video
gpasswd -a spotify wheel
echo "switching to spotify nix account"
su spotify
cd /home/spotify
mkdir aur
cd aur
cd /home/spotify/aur
git clone https://aur.archlinux.org/spotify.git
cd /home/spotify/aur/spotify
sudo -u spotify makepkg --noconfirm -si
cd /home/spotify/aur/
git clone https://aur.archlinux.org/paxctl.git
cd /home/spotify/aur/paxctl
sudo -u spotify makepkg --noconfirm -si
#for grsecurity kernels like Alpine
sudo paxctl -C /usr/share/spotify/spotify
sudo paxctl -z /usr/share/spotify/spotify
sudo paxctl -m /usr/share/spotify/spotify
sudo pacman --noconfirm -S alsa-lib
sudo pacman --noconfirm -S alsa-utils
#confirm that the sound card(s) shows up
sudo aplay -l
sudo spotify
To make this easier, create a launcher script:
Contents of run.sh
!/bin/bash
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
cd $DIR
sudo arch-chroot root.x86_64 /bin/sh -c "su spotify -c 'sudo spotify'"
You may want to look at this script to learn how to lock it down by removing the unnecessary cruft in your chroot collections that may be abused.