Re: sandboxie like application for Debian? [Possible Threadjack]

To: debian-user@lists.debian.org
Subject: Re: sandboxie like application for Debian? [Possible Threadjack]
From: "Boyd Stephen Smith Jr." <bss@iguanasuicide.net>
Date: Mon, 14 Feb 2011 17:45:13 -0600
Message-id: <[🔎] 201102141745.18589.bss@iguanasuicide.net>
In-reply-to: <[🔎] AANLkTi=y7aM5C4rASzcHL7VCYXU+vC3hgf1S2GNNiv02@mail.gmail.com>
References: <[🔎] AANLkTi=y7aM5C4rASzcHL7VCYXU+vC3hgf1S2GNNiv02@mail.gmail.com>

On Monday 14 February 2011 11:59:08 Arthur Machlas wrote:
> > YMMV, I currently only use schroot to run the 32-bit (only) ICAClient for
> > work.
> 
> I tried to set up the same client and noticed it needed all kinds of
> 32bit libraries and was considering my options. Any link or sketched
> outline about the steps you took to do this?

Install schroot and debootstrap.  Create a new logical volume, probably need 
to be about 2G or so.  Create your favorite file system on that new volume.  
Debootstrap.  Unmount.  Drop a file with something like this:

--8<----8<--
[ia32]
type=block-device
device=$YOUR_NEW_LV_HERE
mount-options=-o relatime
description=Debian i386
users=root,me
root-groups=root,adm
script-config=desktop/config
personality=linux32
preserve-environment=true
--8<----8<--

Download icaclient.deb into your home directory.  Change into the chroot with 
(sudo schroot -c ia32).  Install browser(s) with apt-get/aptitude.  If you 
didn't get it already, install ca-certificates with apt-get/aptitude.  Install 
icaclient.deb with dpkg -i; probably gonna complain about dependencies.  
Install libmotif4 and fix the icaclient with apt-get/aptitude.  (find 
/usr/share/ca-certificates -type f -name '*.crt' -exec ln -s {} 
/usr/lib/ICAClient/keystore/cacerts).  Exit the chroot.

To run 32-bit iceweasel that can spawn ICAClient instances:
schroot -c ia32 iceweasel

That's probably not even the best way to do it, but I think it is way better 
than the guides that have you manually extracting 32-bit libraries and copying 
them into place.  With my setup, *almost* everything is still tracked by the 
package manager.  The exception is the ca-certificates, but that's due to the 
package being brain-damaged.

I'd probably be willing to provide the patch to use /usr/share/ca-certificates 
instead of it's own directory, but the software is proprietary so I can't.  
Replacing /usr/lib/ICAClient/keystore/cacerts with a symlink to /usr/share/ca-
certificates/mozilla probably works in most cases, and could be done without 
access to the source, but I couldn't distribute the .deb even if I made such a 
change.

HTH, If that's not detailed enough, I can do a step-by-step with exact 
commands and expected output on my blog tomorrow evening and post a link.
-- 
Boyd Stephen Smith Jr.           	 ,= ,-_-. =.
bss@iguanasuicide.net            	((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy 	 `-'(. .)`-'
http://iguanasuicide.net/        	     \_/

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to:

Follow-Ups:
- Re: sandboxie like application for Debian? [Possible Threadjack]
  - From: Arthur Machlas <arthur.machlas@gmail.com>

References:
- Re: sandboxie like application for Debian? [Possible Threadjack]
  - From: Arthur Machlas <arthur.machlas@gmail.com>

Prev by Date: Re: New policies?
Next by Date: Re: Unable to print from Windows Vista Laptop via Samba
Previous by thread: Re: sandboxie like application for Debian? [Possible Threadjack]
Next by thread: Re: sandboxie like application for Debian? [Possible Threadjack]
Index(es):
- Date
- Thread