Re: Compiling into chroot

[Bob Friesenhahn]

On Thu, 12 Jun 2008, Alon Bar-Lev wrote:
> Because of this configure --prefix=/ is used, so embedded paths will
> be relative to root and not directory in host system.
> So the only issue is with libtool.

Libtool is not aware of --prefix!  It only knows the paths given to 
it and what it learns from its environment.

> This is the simplest, as execution of commands within the chroot is
> impossible. As it may be cross compile and target is not operational.

Commands may be executed if the chroot environment is sufficiently 
updated to make it possible.

> As far as I understand, you can add FAKEROOT into each path variable
> read from .la files, and removed before writing the .la files. Also
> removed from all operations during the finish stage.

How does this mesh with libltdl (which also reads .la files) and test 
suites?  It seems that libltdl would also need to know about FAKEROOT, 
which results in every application using libltdl responding to 
FAKEROOT.  There may be additional security issues here similar to 
LD_LIBRARY_PATH, but worse since the compromised application could 
setenv FAKEROOT before a module is loaded and cause a compromised 
module/library to be loaded.

> But as libtool script is so complex it is very difficult to provide a
> solution to outsiders.

A well kept secret is that the libtool maintainers also consider the 
libtool script to be quite complex. :-)

Bob
======================================
Bob Friesenhahn
address@hidden, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer,    http://www.GraphicsMagick.org/