Notices
Page 8 of 9 « First 67 8 9
Reply
Thread Tools
Benson's Avatar
Benson is offline Benson
2008-05-14 , 14:48
Posts: 4,930 | Thanked: 2,272 times | Joined on Oct 2007
#71
Originally Posted by qole View Post
I am also looking forward to your new system, Benson. To be able to boot to a Debian install that recognizes the tablet's hardware etc. is exciting, too.
Well, it looks like I have been beaten. It seems beta3 does install directly as a rootfs with no chrooting needed, and sounds as though it has all needed support...
__________________
World's first inductively-charged N900!
 
qole's Avatar
qole is offline qole
2008-05-14 , 23:43
Moderator | Posts: 7,109 | Thanked: 8,820 times | Joined on Oct 2007 @ Vancouver, BC, Canada
#72
I made a wiki page for my chroot method. It works with any version of Johnx's Debian.

I can get Debian apps to run with two steps:
  1. ssh to root
  2. run debian script with application name as parameter (eg "debian epiphany")

I want to get this down to one step, that is, run a script that gains root, runs the chroot script, and launches the app. Then I can make Hildon menu items for Debian apps.

When I try something like this:
Code:
ssh root@localhost 'debian epiphany'
... I get a "cannot open display" error. It seems the mount --bind commands don't stick properly this way. Any ideas?
__________________
qole.org --- twitter --- Easy Debian wiki page
Please don't send me a private message, post to the appropriate thread.
Thank you all for your donations!
Last edited by qole; 2008-05-14 at 23:46.
 
Johnx's Avatar
Johnx is offline Johnx
2008-05-15 , 00:11
Posts: 643 | Thanked: 628 times | Joined on Mar 2007 @ Seattle (or thereabouts)
#73
@qole: At some point you need to "export DISPLAY=:0" or the application won't know where to find the x server. Or try this:
ssh root@localhost 'debian DISPLAY=:0 epiphany'

@Benson: I really need to start documenting and cleaning this up. :| Right now it works well but things are a little hacked up and not packaged. At the very least I'll put together a big list of files I copied over in the next week or so, after I take a break from hacking on this for a couple days. Getting sound working was maddening at times.
 
qole's Avatar
qole is offline qole
2008-05-15 , 00:39
Moderator | Posts: 7,109 | Thanked: 8,820 times | Joined on Oct 2007 @ Vancouver, BC, Canada
#74
Originally Posted by Johnx View Post
@qole: At some point you need to "export DISPLAY=:0" or the application won't know where to find the x server. Or try this:
ssh root@localhost 'debian DISPLAY=:0 epiphany'
Your idea is sound, your syntax is not. If I create a script in my chroot (called, in this case, "hepiphany" for "hildon epiphany") with two lines,
Code:
export DISPLAY=:0
epiphany
This works as one long command:
Code:
ssh root@localhost 'debian hepiphany'
If I make the last line of my "debian" script say:
Code:
chroot /opt $1 $2 $3
I can do this, and it returns no errors, it just doesn't do anything.

Code:
ssh root@localhost 'debian /bin/bash -c "DISPLAY=:0 epiphany"'
EDIT: Ok, I figured a hackish way to do it. I created a script in my chroot called "hilda" that looks like this:

Code:
export DISPLAY=:0
exec $1 $2 $3
Now I can do the following, and it works:

Code:
ssh root@localhost 'debian hilda epiphany'
__________________
qole.org --- twitter --- Easy Debian wiki page
Please don't send me a private message, post to the appropriate thread.
Thank you all for your donations!
Last edited by qole; 2008-05-15 at 00:48. Reason: Got it working
 
dasickis is offline dasickis
2008-05-15 , 19:28
Posts: 25 | Thanked: 1 time | Joined on Apr 2008
#75
Why not just do ssh -X root@localhost 'debian hilda epiphany'.

Man Page SSH:
If the ForwardX11 variable is set to “yes” (or see the description of the -X and -x options described later) and the user is using X11 (the DISPLAY environment variable is set), the connection to the
X11 display is automatically forwarded to the remote side in such a way that any X11 programs started from the shell (or command) will go through the encrypted channel, and the connection to the real X
server will be made from the local machine. The user should not manually set DISPLAY. Forwarding of X11 connections can be configured on the command line or in configuration files.
...
-X Enables X11 forwarding. This can also be specified on a per-host basis in a configuration file.

X11 forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host (for the user’s X authorization database) can access the local X11 display
through the forwarded connection. An attacker may then be able to perform activities such as keystroke monitoring.

-x Disables X11 forwarding.

-Y Enables trusted X11 forwarding.
Try -Y if -X doesn't work, usually -X works from linux -> linux. My co-worker told me he's used -Y for Mac OS X.
 

The Following User Says Thank You to dasickis For This Useful Post:
Benson's Avatar
Benson is offline Benson
2008-05-15 , 20:01
Posts: 4,930 | Thanked: 2,272 times | Joined on Oct 2007
#76
A couple points, Qole:
From ssh(1)
Additionally, ssh reads ~/.ssh/environment, and adds lines of the format
``VARNAME=value'' to the environment if the file exists and if users are
allowed to change their environment. For more information, see the
PermitUserEnvironment option in sshd_config(5).
But really, -X or -Y, as appropriate, is better.
Also, replace the $1 $2 $3 with $*.

Is there a reason you don't do the mounting, binding, and copying stuff on startup? Then to run any given app, it's just a matter of chroot...
__________________
World's first inductively-charged N900!
 
qole's Avatar
qole is offline qole
2008-05-15 , 21:47
Moderator | Posts: 7,109 | Thanked: 8,820 times | Joined on Oct 2007 @ Vancouver, BC, Canada
#77
I've got things working quite well now. For instance, I can start Debian apps from a menu icon in OS2008.

I have made a wiki entry. Feel free to fix it as you see fit. But don't change anything until you've tested your changes!

@dasickis:

I'm familiar with forwarding X. But that's not what I'm doing here.

@benson:
  • I don't think this is an SSH issue. It works when I do it in two steps, why not in one?
  • Thanks for the $* tip. I've changed the wiki.
  • I don't do the mounting, binding and copying stuff on startup because all the howtos that I've read never suggest that route. And when nobody does something, there's a reason. I admit ignorance, however, as to what that reason is. It works, so I'm not going to mess with it.

I've also realized that running chroot apps as root is problematic, so I've changed hilda to use su user -c instead of exec.



__________________
qole.org --- twitter --- Easy Debian wiki page
Please don't send me a private message, post to the appropriate thread.
Thank you all for your donations!
Last edited by qole; 2008-05-15 at 21:52.
 

The Following User Says Thank You to qole For This Useful Post:
Benson's Avatar
Benson is offline Benson
2008-05-15 , 22:11
Posts: 4,930 | Thanked: 2,272 times | Joined on Oct 2007
#78
On second thought, you're right of course, the overhead for encrypting/decrypting X is pointless here. SSH X forwarding is bad.

It'll be one less thing to type, and one less miscellaneous script laying around, so I would have ssh set the DISPLAY variable for you, as I indicated. But on second thought: why are you using ssh anyway? Can't you just sudo debian epiphany? (Assuming you have all/nopasswd/all line in your sudoers.)
__________________
World's first inductively-charged N900!
Last edited by Benson; 2008-05-15 at 22:58.
 
qole's Avatar
qole is offline qole
2008-05-15 , 22:27
Moderator | Posts: 7,109 | Thanked: 8,820 times | Joined on Oct 2007 @ Vancouver, BC, Canada
#79
Benson, I use ssh simply to get root access. I have never installed "becomeroot" or any of those hacks; I wasn't aware that sudo worked in the world of OS2008, nor that there was a workaround using sudoers. Can you point me to some kind of howto for getting sudo to work in OS2008?
__________________
qole.org --- twitter --- Easy Debian wiki page
Please don't send me a private message, post to the appropriate thread.
Thank you all for your donations!
 
Benson's Avatar
Benson is offline Benson
2008-05-15 , 22:57
Posts: 4,930 | Thanked: 2,272 times | Joined on Oct 2007
#80
Well, if you have root access*, you can edit sudoers. This is only to be done using visudo; manually editing the sudoers file could leave it in an invalid state, which could result in a reboot loop. visudo checks the syntax when you're done editing, and throws you back till you get it right.

Add this line
Code:
user ALL = NOPASSWD: ALL
at the end, and now the user "user", logged in on any machine, can execute any command without authentication.

Then
Code:
sudo debian epiphany
will run debian epiphany as root. It does seem, of course, that you do need that second script ("hilda") on the inside of the chroot anyway, to drop root privileges; but this will, I believe, pass DISPLAY through.

*root access, for those who come behind, may be gotten easily in four ways:
  • flasher-3.0 to enable rd mode over USB from a Linux desktop, and sudo gainroot
  • Installing SSH and ssh root@tablet (IMHO the cludgiest way for practical use, but a very good and simple way to get started, if you want wide open access.)
  • Installing becomeroot and sudo gainroot
  • Installing easyroot and root (I think; never used this one, so I could have either package name or command wrong
__________________
World's first inductively-charged N900!
 

The Following User Says Thank You to Benson For This Useful Post:
Reply
Page 8 of 9 « First 67 8 9

« Previous Thread | Next Thread »
Thread Tools

 
Forum Jump


All times are GMT. The time now is 04:53.

Contact Us - Home - Archive - Top