Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Fri, 7 Jun 2019 16:02:49 +0000
From: Brian Peregrine <peregrinebrian@...il.com>
To: musl@...ts.openwall.com
Subject: Re: Adapting binaries easily to musl, or database with
 binaries (musl)

Hey Rich,

Replied in-line:
Did you roll your own "distro" from scratch, or are you using one of
the musl-based distros?
We rolled our own (and by "we", I mean VCT Labs did). The distro is
called "TAZ" and we'll release the first beta within the next months
(we're currently still in alpha-stage, no official release yet).

For the (glibc) binaries: yes using binaries posted on the website of
the distribution (in our case, Gentoo) is best, but as far as I know,
Gentoo doesn't release binaries, only ebuilds. It refers to binhosts
for binaries but there is no list of those, and even if there was, I
wouldn't trust them. For firefox, not a problem as there are binaries
from the official website, for chromium it does seem to be a bit of an
issue (but I might be wrong here).

Most Gentoo users indeed prefer building from source, but we are
compiling it for specific machines (e.g. i686) so we are taking
advantage of the compilation-features gentoo has to offer.

I looked at Bedrock Linux, Alpine, Void, Adelie, ... but I don't see
them having binaries downloads either. Only package downloads are
avilable at Alpine and Void (see https://pkgs.alpinelinux.org/packages
, https://voidlinux.org/packages/?arch=x86_64&q=firefox ), Adelie and
Bedrock don't offer any downloads from the website at all.

Let me know how the glibc binaries can be directly edited (i.e. using
an IDE editor as Geany) to work on musl, and if someone finds the
download URL for the latest stable chromium binary, that would also be
very welcome.


On 6/7/19, Rich Felker <dalias@...c.org> wrote:
> On Fri, Jun 07, 2019 at 01:53:50PM +0000, Brian Peregrine wrote:
>> I'm looking for an easy way on how people can either:
>> * adapt their downloaded binaries to be able to run on musl
>> * or simply download prepared musl binaries from a database
>>
>> I doubt that second option exists, as such a database would need to
>> cover a large amounts of programs, for various cpu classes, and be
>> often updated with new versions of those programs.
>
> The best way is to use binaries packaged by your distribution rather
> than by the software authors. This is true whether you're using a
> musl-based or glibc-based distribution. There's usually a better chain
> of trust/responsibility, and you know they're built to work with the
> library ecosystem you'll have rather than one that's just
> "sufficiently similar" (often not).
>
> With that said, there's also an *intent* that projects that want to
> ship binaries should be able to ship *static-linked* musl binaries
> that run on any system, glibc or musl or something else, possibly not
> even Linux, as long as it supports the Linux syscall ABI. However,
> this is currently difficult for graphics applications due to the
> current OpenGL architecture of dlopen'ing a userspace driver (linked
> against a particular libc/library ecosystem) into your program.
> Solving this problem is a major long-term goal.
>
>> I'm particularly looking for the most recent (stable, musl) version of
>> chromium browser and/or firefox, I'm running gentoo linux (musl), on a
>> 32-bit (i686) machine.
>
> Did you roll your own "distro" from scratch, or are you using one of
> the musl-based distros?
>
>> For firefox, glibc binaries are available from
>> https://www.mozilla.org/en-US/firefox/linux/
>> For chromium I couldn't really find a glibc binary;
>> there's https://www.chromium.org/getting-involved/download-chromium
>> but that redirects to an unstable version
>> (https://download-chromium.appspot.com ) and to
>> http://commondatastorage.googleapis.com/chromium-browser-snapshots/index.html
>> (but those are old binaries).
>>
>> Anyway, can someone describe how the binaries can be easily altered to
>> run on a musl distro , and tell me a download link for chromium for
>> the latest stable release ?
>> With the binaries, I want to avoid to need to compile the gentoo
>> package (this can be problematic as live distro's are not updated that
>> often).
>
> Isn't building from source kinda the point of Gentoo? I can understand
> not wanting to do that for everything, but that's the reason I prefer
> other distros. If Bedrock Linux is still around, it might make it easy
> to use packages from other musl-based distros like Alpine, Void, or
> Adelie, but I think they'd use their own library ecosystems rather
> than the main host one, which would be less efficient and kinda defeat
> the purpose. I may be wrong about that, though. There should also be
> ways to manually extract/integrate their packages into your Gentoo
> host.
>
> Rich
>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.