Re: ia32-libs security support

[Goswin von Brederlow <goswin-v-b@web.de>]

Rich Healey <healey.rich@gmail.com> writes:

> Dominic Hargreaves wrote:
>> Hello,
>> 
>> I'm shortly going to be deploying a new general purpose login host on
>> etch. As our old system is i386 and our new system amd64, I have
>> installed the ia32-libs package, to give user-compiled code a chance of
>> working, but having inspected the contents of the package, it seems to
>> contain quite a lot of .so files repackaged from the i386 binaries, and
>> I'm concerned that these won't be security supported (I've seen no
>> security updates for this package).
>> 
>> Is my analysis correct, and I shouldn't install this package in a
>> production environment?
>> 
>> Thanks,
>> Dominic.
>> 
>
> Correct me if i'm wrong, but code compiled natively on the amd64 machine
> should work fine.

1) ia64 has no toolchain support for i486
2) too late for lenny to make frozen libraries compile new packages

> It's the precompiled i386 code that will cause issues, assuming that
> you'd install the same lib packages for the amd64 machine as you would i386.

The precompiled debs are unpacked and files moved around, deleted or
edited (like shlibs files). Most notably libraries move to
/emul/ia32-linux/[usr/]lib/.

This has all been worked out long ago already as the big fat ia32-libs
package already does all those transformations.

MfG
        Goswin