Running glibc programs: Difference between revisions

From Alpine Linux
m (→‎Archlinux: tidy)
(→‎Example: Add Spotify)
Line 222: Line 222:
   sudo arch-chroot ~/chroot/root.x86_64 /bin/su -c 'DISPLAY=:0 crawl-tiles'
   sudo arch-chroot ~/chroot/root.x86_64 /bin/su -c 'DISPLAY=:0 crawl-tiles'
A separate user can also be created to run the game, if preferred.
A separate user can also be created to run the game, if preferred.
===Spotify===
Read the [[Docker]] page to install it.  Then, clone the repository below.  It will automate the process of pulling all the dependencies it and PaX mark it for the hardened kernel.
git clone https://github.com/orsonteodoro/docker-arch-spotify-PaXmarked
Follow the instructions in the README.md


[[Category:Development]]
[[Category:Development]]
[[Category:Installation]]
[[Category:Installation]]

Revision as of 01:26, 29 January 2018

This material is work-in-progress ...

Do not follow instructions here until this notice is removed.
(Last edited by Orson Teodoro on 29 Jan 2018.)

If you want to run glibc programs under alpine there are a few ways to do so.You could install glibc additional to uclibc (you would have to do this manualy) or you could do the easy way and use a chroot.
Because there are different usecases I want to give a slight overview about what's possible and what is intelligent.

Your options

Using Busybox

First the most simple approach for setting up a chroot is using a glibc build of busybox.
This approach has just a few downsides:
- You have to link most /bin/ and /usr/bin program against /bin/busybox and some busybox builds break if you don't configure it right.
- You have to manually download every library you need for your program manually.

But if you want a small enviroment for one simple use case this is the solution you want.

Using a livecd

If you prefer any special distri you can always download and extract a livecd and use it as a chroot enviroment.

Using a stage3 gentoo archive

This is the fastest approach and you have the advantage of controlling which package version of which library you will install.
Drawbacks are as follow:
- Big build.You have to install a portage tree which uses up a lot of space.(It's not 100% necessary if you don't have to install any additional content you don't need it)
- On slow mashines not recommended because you have to compile your packages.

Using Archlinux or Debian

If you want a nice running system you can install Arch or Debian in a chroot.This approach isn't as easily executed as the other alternatives, but are in my opinion the cleanest and most recommended for the every day user.

How to do it

Like I said this is just a quick draft so here it comes.

Using Busybox

First we need to download busybox.You can choose any of your favourit distros to download a prebuild version.I for instance would use Archlinux packages from http://www.archlinux.org/packages/community/i686/busybox/.

wget http://www.archlinux.org/packages/community/i686/busybox/download/ -O busybox.pkg.tar.xz
wget http://www.archlinux.org/packages/core/i686/glibc/download/ -O glibc.pkg.tar.xz
mkdir -p ~/chroot/usr/bin/ ~/chroot/{dev,proc,root,etc}
for i in *.pkg.tar.xz;do
bsdtar xfJ $i -C ~/chroot
done
cp /etc/resolv.conf ~/chroot/etc/
ln -s /bin/busybox ~/chroot/bin/sh
ln -s /bin/busybox ~/chroot/bin/ln
sudo chroot ~/chroot/ /bin/sh

This creates a simple chroot enviroment which we will expand through all commands included in busybox.

for i in $(busybox --list);do ln -s /bin/busybox /usr/bin/$i;done

Using a livecd

WIP

Using a stage3 tar archive

Select a mirror from http://www.gentoo.org/main/en/mirrors2.xml , switch to /releases/x86/current-stage3/ and download the latest tar ball (for me stage3-i686-20120124.tar.bz2 ).

wget http://de-mirror.org/gentoo/releases/x86/current-stage3/stage3-i686-20120124.tar.bz2
mkdir ~/chroot
tar xfj stage3-i686-*.tar.bz2 -C ~/chroot
sudo chroot ~/chroot

And voila you got your working gentoo chroot.
You can now take a look at http://www.gentoo.org/doc/en/?catid=desktop to find out how you can configure and install your system or simply extract/copy the program you need to run in your chroot enviroment and execute it.

Using Archlinux or Debian

Arch Linux

Although pacstrap is included with the arch-install-scripts package it will not work unless the target directory is a mountpoint so the Arch bootstrap image must be used instead (the image is updated every month so change the date in the link as required):

 sudo apk add arch-install-scripts
 mkdir ~/chroot && cd ~/chroot
 curl -O https://mirrors.kernel.org/archlinux/iso/latest/archlinux-bootstrap-2018.01.01-x86_64.tar.gz
 tar xzf archlinux-bootstrap-2018.01.01-x86_64.tar.gz && rm archlinux-bootstrap-2018.01.01-x86_64.tar.gz
 sed -i '/evowise/s/^#//' root.x86_64/etc/pacman.d/mirrorlist
 sudo arch-chroot root.x86_64
 [chroot]# pacman-key --init
 [chroot]# pacman-key --populate archlinux

Once that is done, update the system and install the desired package(s) (denoted by "foo" in this example):

 [chroot]# pacman -Syu foo

Debian

Use the provided debootstrap package to create the Debian chroot. --arch is optional depending of your needs.
On linux-grsec kernel you'll need to relax chroot limitations.

 sudo apk add debootstrap
 for i in /proc/sys/kernel/grsecurity/chroot_*; do echo 0 | sudo tee $i; done
 mkdir ~/chroot
 sudo debootstrap --arch=i386 wheezy ~/chroot http://http.debian.net/debian/
 for i in /proc/sys/kernel/grsecurity/chroot_*; do echo 1 | sudo tee $i; done
 sudo chroot ~/chroot /bin/bash

You can now use apt-get to install needed packages.

Example

Source Dedicated Server

Here is an easy example of how you can run http://www.srcds.com in a simple busybox chroot.
For this server you will only need the basic chroot and a advanced tar version (the busybox version is not sufficient because of the missing -U command).

wget http://www.archlinux.org/packages/community/i686/busybox/download/ -O busybox.pkg.tar.xz
wget http://www.archlinux.org/packages/core/i686/glibc/download/ -O glibc.pkg.tar.xz
wget http://www.archlinux.org/packages/core/i686/tar/download/ -O tar.pkg.tar.xz
mkdir -p ~/chroot/usr/bin/ ~/chroot/{dev,proc,root,etc}
for i in *.pkg.tar.xz;do
bsdtar xfJ $i -C ~/chroot
done
cp /etc/resolv.conf ~/chroot/etc/
ln -s /bin/busybox ~/chroot/bin/sh
ln -s /bin/busybox ~/chroot/bin/ln
sudo chroot ~/chroot/ /bin/sh

Now that you are in a working chroot you can download the server and install it.You just have to execute the following self explaining commands.

mkdir ~/work
cd ~/work
busybox wget http://www.steampowered.com/download/hldsupdatetool.bin
chmod +x hldsupdatetool.bin
ln -s /bin/busybox ./uncompress
cp /bin/tar . #right now executing programs from $PATH is buggy soon to be fixed (no bug in busybox but in my script)
./hdsupdatetool.bin #you can accept it or not ;)
./steam
./steam

And you should have a working chroot with srcds installed in it.
If you think you are clever or elegant you can use the server with a bash script.

#!/bin/bash
chroot ~/chroot /root/work/steam $@

Just save it (in your alpine installation) under /usr/bin/steam do a chmod +x /usr/bin/steam and have phun.
WARNING:
This script would let steam run with root priviliges.This is not recommended.

MegaCli

So let's run MegaCli in a chroot to shall we? ;)
First we set up a uclibc chroot :)
MegaCli needs more than just glibc it needs ncurses and the gcc-libs.

wget http://www.archlinux.org/packages/community/i686/busybox/download/ -O busybox.pkg.tar.xz
wget http://www.archlinux.org/packages/core/i686/glibc/download/ -O glibc.pkg.tar.xz
wget http://www.archlinux.org/packages/core/i686/ncurses/download/ -O ncurses.pkg.tar.xz
wget http://www.archlinux.org/packages/core/i686/gcc-libs/download/ -O gcc-libs.pkg.tar.xz
mkdir -p ~/chroot/usr/bin/ ~/chroot/{dev,proc,root,etc,sys}
cp /etc/resolv.conf ~/chroot/etc/
for i in *.pkg.tar.xz;do
bsdtar xfJ $i -C ~/chroot
done
ln -s /bin/busybox ~/chroot/bin/sh
ln -s /bin/busybox ~/chroot/bin/ln

After this we visit this site http://www.lsi.com/downloads/Public/MegaRAID%20Common%20Files/8.02.16_MegaCLI.zip and download 8.02.16_MegaCLI.zip.

mkdir tmp
cd tmp
unzip ../8.02.16_MegaCLI.zip
cd LINUX
unzip MegaCliLin.zip
#Now comes code stolen from rpm2cpio
o=`expr 96 + 8`
set `od -j $o -N 8 -t u1 MegaCli-8.02.16-1.i386.rpm`
il=`expr 256 \* \( 256 \* \( 256 \* $2 + $3 \) + $4 \) + $5`
dl=`expr 256 \* \( 256 \* \( 256 \* $6 + $7 \) + $8 \) + $9`
sigsize=`expr 8 + 16 \* $il + $dl`
o=`expr $o + $sigsize + \( 8 - \( $sigsize \% 8 \) \) \% 8 + 8`
set `od -j $o -N 8 -t u1 MegaCli-8.02.16-1.i386.rpm`
il=`expr 256 \* \( 256 \* \( 256 \* $2 + $3 \) + $4 \) + $5`
dl=`expr 256 \* \( 256 \* \( 256 \* $6 + $7 \) + $8 \) + $9`
hdrsize=`expr 8 + 16 \* $il + $dl`
o=`expr $o + $hdrsize`
dd if=MegaCli-8.02.16-1.i386.rpm ibs=$o skip=1 2>/dev/null |bsdtar -xf -
#wow ...
rm opt/MegaRAID/MegaCli/MegaCli64 # who needs 64bit?
cp -r opt/ ~/chroot/

Now we got a working MegaCli client in our chroot.
Like with srcds we don't want to operate from inside the chroot so here is a little script that should ease you up. (use at your own risk)

#!/bin/bash
user=$(whoami)
if [ "$user" != "root" ];then
echo "This script needs root access"
exit
fi
mount -t proc proc ~/chroot/proc/
mount --bind /dev/ ~/chroot/dev/
mount --bind /sys/ ~/chroot/sys/
#we may need dev and maybe proc too to use this program
chroot ~/chroot /opt/MegaRAID/MegaCli/MegaCli $@
umount ~/chroot/proc
umount ~/chroot/dev
umount ~/chroot/sys

Save it under /usr/bin/MegaCli .Do a chmod +x /usr/bin/MegaCli and good luck. Hf PS This method takes around 50mb.If you need something smaller you can strip a few files from glibc (not recommended) or work on a squashfs.
With

mksquashfs ~/chroot/ /chroot.sfs -b 65536

you can create a squashfs that is around 15mb small.When you add an unionfs layer you can even use it with write access or you can bind some dirs to the writeable dirs before you chroot into it.
I will look into it later on.
You can save the chroot in another dir than your home dir and you an even install a chroot through a APKBUILD (after someone wrote it).
Through this you could use many glibc dependend programs through one chroot, but be aware that running programs like this should not be standard but only be used in extreme situations like for _closed source_ tools linked against glibc.

Skype on Debian chroot

WIP - Not yet validated
This is an example on how to run Skype from a Debian 32b chroot.

 sudo chroot ~/chroot
 wget http://www.skype.com/go/getskype-linux-deb
 dpkg -i getskype-linux-deb

To fix missings deps you'll want to use:

 apt-get -f install

Then exit the chroot

 exit

Fix PAX flags on Skype binary - linux-grsec only.
ELF marking with paxctl cannot be used cause Skype binary refuses to run if modified
CONFIG_PAX_XATTR_PAX_FLAGS is NOT yet available in linux-grsec

 sudo apk add attr
 sudo setfattr -n user.pax.flags -v "em" ~/chroot/usr/bin/skype

Mount needed directories in the chroot read-only to limit access to the system devices.
Give write access to /dev/v4l and /dev/snd to let Skype use webcam device - Skype is not compatible with Alsa anymore and requires Pulseaudio running.

 sudo mount -o bind /proc ~/chroot/proc
 sudo mount -o bind,ro,remount /proc ~/chroot/proc
 sudo mount -o bind /sys ~/chroot/sys
 sudo mount -o bind,ro,remount /sys ~/chroot/sys
 sudo mount -o bind /dev ~/chroot/dev
 sudo mount -o bind,ro,remount /dev ~/chroot/dev
 sudo mount -o bind /dev/v4l ~/chroot/dev/v4l
 sudo mount -t tmpfs -o nodev,nosuid,noexec shm $CHROOT_PATH/dev/shm

Enter the chroot and create a user

 sudo chroot ~/chroot
 useradd -G audio,video <username>
 exit

Then run skype as your newly created user

 sudo chroot ~/chroot /bin/su - <username> -c /usr/bin/skype

Dungeon Crawl (Stone Soup) on Arch

Once the Arch system is laid down (to ~/chroot/root.x86_64 in this example), install the game:

 sudo arch-chroot ~/chroot/root.x86_64
 [chroot]# pacman -Syu crawl-tiles

Then exit the chroot and run it with this command:

 sudo arch-chroot ~/chroot/root.x86_64 /bin/su -c 'DISPLAY=:0 crawl-tiles'

A separate user can also be created to run the game, if preferred.

Spotify

Read the Docker page to install it. Then, clone the repository below. It will automate the process of pulling all the dependencies it and PaX mark it for the hardened kernel.

git clone https://github.com/orsonteodoro/docker-arch-spotify-PaXmarked

Follow the instructions in the README.md