Re: Integration of Pseudo into Isar

[Claudius Heine <claudius.heine.ext@siemens.com>]

On 08/02/2017 03:24 PM, [ext] Andreas Reichel wrote:
> # Integrating pseudo into isar
> 
> Idea was to exchange `sudo` by `pseudo`. The function of `pseudo` is to
> intercept system calls and file accesses by preloading a library. All
> such operations are recorded in a database. For this to work, a
> `PSEUDO_PREFIX` variable must be seet, which is `/` if `pseudo` is
> installed to the default location.
> 
> # Given test configuration #
> 
> - Docker container based on debian 9
> - `multistrap` from Siemens Debian repository
> - `pseudo` from Siemens Debian repository
> 
> Using the following multistrap configuration named `simple-config`:
> 
> ```
> [General]
> unpack=true
> bootstrap=Debian
> aptsources=Debian
> noauth=true
> 
> [Debian]
> packages=
> source=http://ftp.de.debian.org/debian
> suite=stretch
> ```
> 
> Inside chroot (which is inside pseudo):
> 
> ```
> # mkdir rootfs
> # multistrap -f simple-config -d rootfs
> ```
> 
> # Results #
> 
> * Error during package configuration. (Cannot write to `/etc/ld.so.cache~`)
> 
>    This error can be tracked down to `ldconfig`.
>    It turned out that `ldconfig` is linked *statically*. Which means, its
>    file accesses cannot be intercepted by LDPRELOAD, which is only for
>    dynamically linked binaries. Thus, wether being in a pseudo chroot or
>    not, `ldconfig` will always access `/etc/ld.so.cache~` on the host,
>    which fails.
>    This is *NOT* a question of the Debian version and not a bug in `dpkg
>    --configure -a`, which calls `ldconfig` internally.
> 
> * Extremely odd behaviour within `chroot` within `pseudo`:
> 
> ```
> $ pseudo
> # chroot rootfs
> # export PATH=/sbin:/bin
> # ldconfig
> Can't create temporary cache file /etc/ld.so.cache~
> ```
> 
> Idea was then to rename `ldconfig` to `ldconfig_` and create a symbolic
> link to `/bin/true` to mimic successful execution of `ldconfig`.
> 
> ```
> $ sudo mv rootfs/sbin/ldconfig rootfs/sbin/ldconfig_
> $ sudo ln -s /bin/true rootfs/sbin/ldconfig
> ```
> 
> Here, behavior becomes very odd:
> 
> ```
> $ pseudo
> # chroot rootfs
> # export PATH=/sbin:/bin
> # ldconfig
> /bin/sh: 16: ldconfig: not found
> ```
> Although it is in path...
> ```
> # /sbin/ldconfig
> /sbin/ldconfig: Can't create temporary cache file /etc/ld.so.cache~:
> Permission denied
> ```

I also tried using pseudo (from debian sid), with the same success:

$ pseudo -V
pseudo version 1.8.1
$ LD_LIBRARY_PATH=/usr/lib/x86_64-linux-gnu/pseudo/ 
PSEUDO_LOCALSTATEDIR=/tmp/pseudo pseudo -P / -d
$ LD_LIBRARY_PATH=/usr/lib/x86_64-linux-gnu/pseudo/ 
PSEUDO_LOCALSTATEDIR=/tmp/pseudo pseudo -P / -R /mnt/ssd/nfs/rootfs/1 -v 
/bin/bash
# rm /sbin/ldconfig
# ls /sbin/ldconfig
ls: cannot access '/sbin/ldconfig': No such file or directory
# /sbin/ldconfig
/sbin/ldconfig: Can't create temporary cache file /etc/ld.so.cache~: 
Permission denied

Also other commands don't really know if they are running in a chroot or 
outside of it:

# apt update
Ign:1 http://cdn-fastly.deb.debian.org/debian stretch InRelease
Get:2 http://cdn-fastly.deb.debian.org/debian stretch Release [118 kB]
Get:3 http://cdn-fastly.deb.debian.org/debian stretch Release.gpg [2,373 B]
Get:4 http://cdn-fastly.deb.debian.org/debian stretch/main amd64 
Packages [7,095 kB]
Get:5 http://cdn-fastly.deb.debian.org/debian stretch/main 
Translation-en [5,393 kB]
Get:6 http://cdn-fastly.deb.debian.org/debian stretch/contrib amd64 
Packages [50.9 kB]
Get:7 http://cdn-fastly.deb.debian.org/debian stretch/contrib 
Translation-en [45.9 kB]
Get:8 http://cdn-fastly.deb.debian.org/debian stretch/non-free amd64 
Packages [77.9 kB]
Get:9 http://cdn-fastly.deb.debian.org/debian stretch/non-free 
Translation-en [79.2 kB]
Fetched 12.9 MB in 3s (3,524 kB/s)
Reading package lists... Error!
E: Could not open file /mnt/ssd/nfs/rootfs/1/var/lib/dpkg/status - open 
(2: No such file or directory)
E: Problem opening /mnt/ssd/nfs/rootfs/1/var/lib/dpkg/status
E: The package lists or status file could not be parsed or opened.

So with this fail, what other options have we?

- Fixing pseudo and/or reporting all bugs?
- Using something else?
   - Fakeroot
     Only exists within the debian project anymore.
     Not sure which is the most current one:
     https://anonscm.debian.org/cgit/fakeroot/fakeroot.git
     http://packages.debian.org/fakeroot
   - Fakeroot-ng
     dead?
     http://fakeroot-ng.lingnu.com/
   - proot
     Last commit over a year ago, but ?they? are writing currently a
     proot-rs port in rust.
     https://proot-me.github.io

Something else?

Cheers,
Claudius