Re: Package requiring a customised version of libc6

2007-08-24 Thread Jack T Mudge III 
On Thursday 23 August 2007 17:26, David Given wrote:
 Don Armstrong wrote:
 [...]

  The people who have responded to you so far strongly suspect that it's
  not worth the effort, but without knowing why the glibc we already
  distribute can't be used, it's hard for us to give you a definitive
  answer.

 *nods*

 As far as I can tell --- I've contacted upstream to confirm this --- what
 plasticfs wants to do is to override the underlying system calls (or at
 least, the functions that call them) that access the file system.
 Unfortunately, those system calls are not exposed by default, so plasticfs
 wants a tweaked glibc in which they are exposed. By overriding the system
 calls rather than the higher-level functions, it means that plasticfs
 doesn't have to override the higher-level functions --- they work
 automatically.

 fakeroot and fakechroot appear to operate by overriding *all* glibc
 functions that might access the file system. I've had a look at the code...
 it's unpleasant. There are a lot of functions that might do this, and not
 all of them are easily overridable, and quite a lot of them are rather
 obscure. (I'd never even heard of ftw() and nftw() before now.). This makes
 it much harder to catch coverage issues. A function that isn't wrapped will
 work on the real file system, rather than the virtual one. I notice that
 fakechroot doesn't wrap getpwent(), for example --- which means it'll
 always use the *real* /etc/passwd, rather than the emulated one. This could
 be intentional, but as it's not mentioned in the docs I suspect it's a bug.

 I've given up on the replacing-glibc idea; it was pretty horrible anyway.
 Unfortunately, the alternatives seem just as horrible, in different ways...

Programmers *always* have idiosyncrasies to deal with, no matter what system 
they work on. Windows, Linux, BSD, any *nix, DOS (if you dare). They've all 
got problems. Every library in existence has it's own idea of how things 
should work.  Try using 2 libraries at once -- if they conflict in their 
ideas of how things should work, it's a disaster waiting to happen. 
Programmers always have, and always will, work around these problems.

glibc makes assumptions about it's underlying implementation -- specifically, 
in this case, the system calls. The higher-level functions are specifically 
based on these system calls. To modify this is to take the feet out from 
under the higher-level functions -- they can't depend on their own 
implementation any more. With all due respect, this may work. But it more 
probably will introduce a thousand bugs into the higher-level functions.

It also completely blows away a programmer's idiom: implementation privacy. 
C++ goes as far as to build this into the language. C doesn't, but it's a 
convention that should be adhered to. glibc's developers can -- and probably 
will -- change the underlying implementation and the higher-level functions' 
implementations to suit it's needs later. The devs feel they have the right 
to do this, and, they do. Simple as that. You're swimming with sharks if you 
depend on the underlying implementation (even worse if you hack to expose 
it). 

I would venture to say that this package's upstream maintainers are going at 
this with the wrong approach (whatever that approach is). This may be due to 
laziness (as is often the case with me :-), or it may be due to lack of time, 
or it may be due to lack of information (such as another library or something 
that they don't know about yet). Whatever the cause, the source needs to be 
fixed to work with the environment given, not vice versa.

That attitude may seem rigorous, but it's really pretty simple: If glibc has 
to change for this one package, it's changed for the other 15,000 packages 
too. (yes, i know you don't want to install it, but things happen, and having 
2 side-by-side copies of glibc is asking for trouble). So, to make one 
package work, you broke 15,000 packages. No matter how you run those numbers, 
it doesn't make sense -- the one package should change to match the other 
15,000.

Disclaimer: This is relatively uninformed conjecture. I haven't looked at the 
package's source, any of this implementation, or anything about implementing 
filesystems in general. I know about programming in general, and these are 
some basic assumptions I make any time I write a program. I don't know the 
rationale for the package's development model. So, I really am not trying to 
judge anyone. But I'm looking at what I do know with a critical eye, and I 
hope you'll do the same.

-- 
Sincerely,
Jack
[EMAIL PROTECTED]

My GPG Public Key can be found at:
https://www.theanythingbox.com/pgp.htm (top link is current)
I appreciate signatures, but if you only know me online,
please use the --lsign-key, not the --sign-key.
I appreciate trust -- but too much makes it less valuable.


pgplxOhYTv4IU.pgp
Description: PGP signature

Re: Package requiring a customised version of libc6

2007-08-24 Thread Lucas Nussbaum 
On 24/08/07 at 01:26 +0100, David Given wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 Don Armstrong wrote:
 [...]
  The people who have responded to you so far strongly suspect that it's
  not worth the effort, but without knowing why the glibc we already
  distribute can't be used, it's hard for us to give you a definitive
  answer.
 
 *nods*
 
 As far as I can tell --- I've contacted upstream to confirm this --- what
 plasticfs wants to do is to override the underlying system calls

Then what about using ptrace and overriding syscalls in the way
usermodelinux used to do it?

You could point your upstream to this article:
Rapid File System Development Using ptrace
Richard P. Spillane, Charles P. Wright, Gopalan Sivathanu, and Erez
Zadok
Should still be available from
http://www.cs.huji.ac.il/~feit/exp/prog.html
-- 
| Lucas Nussbaum
| [EMAIL PROTECTED]   http://www.lucas-nussbaum.net/ |
| jabber: [EMAIL PROTECTED] GPG: 1024D/023B3F4F |


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: Package requiring a customised version of libc6

2007-08-24 Thread David Given 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Lucas Nussbaum wrote:
[...]
 Then what about using ptrace and overriding syscalls in the way
 usermodelinux used to do it?

Yes, indeed; that is currently looking like the best approach. Not only does
it provide the low-level interface that upstream wants, but it also works on
statically bound binaries and on anything else that makes syscalls directly.
I'm a little worried about performance, but it can't be that bad or UML
wouldn't use it.

I'll suggest it to upstream. Thanks for the link.

(Incidentally, the more I look at fakechroot the more I'm coming to believe
that it's no use for anything whatsoever. The security aspects of it are...
erm... nil; it's trivial for the client app to break out of its jail. Is this
a potential problem?)

- --
┌── dg@cowlark.com ─── http://www.cowlark.com ───
│
│ There does not now, nor will there ever, exist a programming language in
│ which it is the least bit hard to write bad programs. --- Flon's Axiom
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGzr+7f9E0noFvlzgRAnMFAKCp0NxkOWgEW4XMNFeHg0CaViWlqwCg0S45
unlRqCTamPtiz0Q8tjZ2spU=
=X2Ph
-END PGP SIGNATURE-

Re: Package requiring a customised version of libc6

2007-08-24 Thread Matthew Palmer 
On Fri, Aug 24, 2007 at 12:23:39PM +0100, David Given wrote:
 (Incidentally, the more I look at fakechroot the more I'm coming to believe
 that it's no use for anything whatsoever. The security aspects of it are...
 erm... nil; it's trivial for the client app to break out of its jail. Is this
 a potential problem?)

No, because it's not meant to provide security, just like fakeroot isn't
meant to provide real root privs.

- Matt


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: [RFS] stunnel4 (updated package, adoption, RFS repost)

2007-08-24 Thread Kapil Hari Paranjape 
Hello,

On Thu, 23 Aug 2007, Kapil Hari Paranjape wrote:
 Package looks fine. I'm currently updating my local pbuilder base and
 will upload when that is done.

Unfortunately, I just realised that there are a few more changes that
I think you should make!

While looking through your debian/rules I found under the install
rules:

   cd src; $(MAKE) install prefix=$(CURDIR)/debian/stunnel4/usr
   cd doc; $(MAKE) install prefix=$(CURDIR)/debian/stunnel4/usr

   ln doc/stunnel.8 doc/stunnel4.8

   # Manpages will be installed by dh_installman
   rm -rf $(CURDIR)/debian/stunnel4/man
   rm -rf $(CURDIR)/debian/stunnel4/usr/man

   install -p -m 0644 tools/stunnel.conf-sample\
 $(CURDIR)/debian/stunnel4/etc/stunnel/stunnel.conf

   # mv executables into /usr/bin, with propper names
   mv $(CURDIR)/debian/stunnel4/usr/sbin/stunnel   \
 $(CURDIR)/debian/stunnel4/usr/bin/stunnel4
   mv $(CURDIR)/debian/stunnel4/usr/sbin/stunnel3  \
 $(CURDIR)/debian/stunnel4/usr/bin/stunnel3
   rmdir $(CURDIR)/debian/stunnel4/usr/sbin/

   # Move docs into propper dir
   mv $(CURDIR)/debian/stunnel4/usr/share/doc/stunnel  \
 $(CURDIR)/debian/stunnel4/usr/share/doc/stunnel4

1. I think it is better to use $(MAKE) -C src and $(MAKE) -C doc
   instead of the cd src; $(MAKE) and cd doc; $(MAKE) constructs.

2. Since you use debhelper, I think it is better if you use debhelper's
   .install files to move/install files in the correct places (man dh_install).

Sorry for the late realisation.

Thanks and regards,

Kapil.
--



signature.asc
Description: Digital signature