Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 20 May 2011 23:30:04 +0300
From: Georgi Geshev <root@...k-labs.exploits-bg.com>
To: owl-dev@...ts.openwall.com
Subject: Re: Owl test builds

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

On 5/19/2011 11:45 AM, Georgi Geshev wrote:
> 
> Hello Solar,
> 
> On 5/19/2011 7:38 AM, Solar Designer wrote:
>> Georgi,
> 
>> I've just setup the promised OpenVZ container for your test builds (sent
>> the details to you off-list).
> 
>> I suggest that you do your builds in two chroots, /owl32 and /owl64,
>> which you'll need to create.  Of course, I could create two OpenVZ
>> containers instead, but I think it's nice for you to have a clean system
>> and to experiment in chroots, which you can easily re-create on your own
>> (and you can also create more than two if needed).
> 
>> I suggest that you do something like:
> 
>> su - build
>> lftp http://mirrors.kernel.org
>> cd /openwall/Owl/current
>> get native.tar.gz
>> cd x86_64
>> mirror RPMS
>> exit # from lftp
>> tar xzf native.tar.gz
>> exit # from su
>> mkdir /owl
>> cd ~build
>> make installworld # installs 64-bit Owl userland under /owl
>> mv /owl /owl64
> 
>> Then maybe:
> 
>> useradd -m build32
>> su - build32
>> ...download for i686...
>> cp native/Owl/build/installworld.conf .
>> vi installworld.conf # edit HOME and ROOT
>> ...
>> mkdir /owl32
>> cd ~build
>> setarch i686 make installworld # installs 32-bit Owl userland under /owl32
> 
>> Of course, it's preferable to check signatures on stuff you download, as
>> described here: http://openwall.info/wiki/Owl/upgrade
> 
>> However, since this is for test builds only, which we're not going to
>> use directly (instead, we'd review and commit the resulting patches,
>> then do clean builds elsewhere), security of this setup is not terribly
>> important.  This is why I don't insist on you being more careful.
> 
>> For the actual test builds, you'd use:
> 
>> chroot /owl64
>> su - build
>> ...download stuff again (or copy from outside of chroot)...
>> make buildworld
> 
>> and:
> 
>> setarch i686 chroot /owl32
>> ...ditto...
> 
>> Please let me know if you have any questions or run into any issues.
>> For general Owl usage/build issues, please post in here.  For issues
>> specific to this server setup (e.g., connectivity), e-mail me off-list.
> 
>> Thanks,
> 
>> Alexander
> 
> 
> Thank you so much for all the detailed explanations.
> 
> Regards,
> Georgi

I've run into some trouble performing the actual test builds - I wasn't
able to `su' inside the chrooted environment -

root@...:~ # chroot /owl64
bash-3.1# su - build
su: exec failed
bash-3.1#

root@...:~ # setarch i686 chroot /owl32
bash-3.1# su - build
su: Insufficient credentials to access authentication data
bash-3.1#

Fortunately, Alex has already correctly suggested that there was an
obvious issue with the permissions and a simple `chmod 755 /' inside the
chroot would solve the problem.

Regards,
Georgi
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (MingW32)

iQEcBAEBAgAGBQJN1s9KAAoJECp4GRJNSNT5vqAH/j2FJy8L+vdZ49Q00CvL6YN6
fbFRIR5G9ZHLarOOgSeKcMlT/I3H7GsHaJbshAmxdeJJH6ZDftRk6Je0oJirgkug
jS48evj+ZqqZnanXDj2fj5zCiw+Oki0TXSv67JDvYj+4SbSxvUD46DbjdcpimEg1
whooY3034CEEn7x2DuCTmb4CaeXj8mvE15XnIquUwAuck/P/NA5ElvcoLKZ+H+fL
ga1MeWMDJeZXs+9Nw2eY0eR6Wf2G/cC9pg/oP7sgtL9nIUojMytWIYhDIq2sYhnL
d6i/p/iPoo98UVHYnirPtXxQiTLCq7ZSlVEOq9FBhKEj/of2s2Vo5gwiEV6zMK0=
=Fx34
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ