Thanks for the suggestion Ben. Jailtool does install from a repo, though it doesn't do automatic dependency resolution. You have to specify them yourself which is a pain and pretty error prone. I think the issue was that while I'd specified all the nodejs deb package dependencies I'd forgotten the python-software-properties one which includes a lot of crypto libs.
In the end I solved it late yesterday using debootstrap and schroot<https://help.ubuntu.com/community/DebootstrapChroot>which gave me access to the package manager. From there I simply installed node as per the Ubuntu instructions on the node JS wiki<https://github.com/joyent/node/wiki/Installing-Node.js-via-package-manager>. It's not quite as minimal an environment as I'd originally hoped, but it's easier to maintain and still reasonably secure. Along the way I also created a small program to help with the actual jailing of processes. We're using this in conjunction with child_process.spawn to safely execute untrusted code from our parent node HTTP server. I've open sourced it here: https://github.com/Hubify/jailor. Enjoy! Dave On Tuesday, September 11, 2012 5:34:34 PM UTC-7, Ben Noordhuis wrote: > > On Tue, Sep 11, 2012 at 9:47 PM, kuhnza <[email protected] <javascript:>> > wrote: > > I'm getting the following error when calling https.request in my node > > script: > > nodejs: ../src/node_crypto.cc:752: void > > node::crypto::Connection::ClearError(): Assertion > > `handle_->Get(String::New("error"))->BooleanValue() == false' failed. > > > > The node process is running inside a chroot on Ubuntu. I built the > chroot > > using jailtool and as far as I can tell node should have all the > necessary > > dependencies available to it. The way I checked was to run apt-rdepends > > nodejs and made sure that all the libs were inside the jail. The jail > also > > has access to /dev/null and /dev/random. > > > > Besides https everything else seems to be running fine. I can make http > > calls no problem and the rest of my code runs without error. > > > > Running the same script outside the jail works. > > > > What am I missing? > > Is your node binary installed from a repo? What happens if you compile > from (upstream) source? > -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en
