I'm maintainer and upstream for authbind, which is a set-id helper to permit and control the binding of low ports by unprivileged programs, with an LD_PRELOAD wrapper so it can be used by naive callers which just expect to call bind. I would like some advice about how to do multiarch support for it.
authbind consists of three pieces: 1. A setuid-root helper executable /usr/lib/authbind/helper. This helper provides a documented API so that callers who know they want to use authbind can fork/exec the helper themselves. The helper is a pure utility: callers do not need to link it into their address space and on a multiarch system any architecture suitable for running set-id binaries is fine. 2. A shared library intended for use with LD_PRELOAD. It provides a replacement implementation of bind(2). Currently this is in /usr/lib/authbind/libauthbind.so.1.0 but there is no particular reason it shouldn't be in /usr/lib (or /usr/lib/<triplet>) other than the worry that someone might say -lauthbind. The shared library also uses the _init hook to remove itself from LD_PRELOAD after a while; this is controlled by an environment variable which the shared library also mutates in _init. Obviously the shared library needs to be provided for the architecture of the actual target program; however because of the _init machinery, and ld.so error messages, it should ideally be provided for _all_ architectures which the system is capable of executing. 3. A wrapper program which sets LD_PRELOAD and possibly other variables for the benefit of the shared library, and then execs the desired actual program. This program happens to be a C executable but its architecture is unimportant. Currently all three of these are in the same package. This will obviously have to change. I have a couple of points I'd like input on: * I will need to arrange for the same LD_PRELOAD setting to load the correct libauthbind for each arch. So I guess I do LD_PRELOAD=libauthbind.so.1 rather than supplying an absolute path, and trust ld.so to get the right one out of /usr/lib/<triplet>. Is that right ? * AFAICT there is no way on a multiarch system to say in my dependencies "I need this package on all architectures supported on this system". I went and looked at testing's fakeroot but I'm not sure I should be using what it does as an example. How should an LD_PRELOAD hack approach this problem ? To best avoid transitional problems I guess piece 2 should go into "authbind" (Multi-arch: same; Depends: authbind-support) and pieces 1 and 3 would in "authbind-support" (Multi-arch: foreign; no dependency). But I'm not sure. Thanks, Ian. -- To UNSUBSCRIBE, email to debian-dpkg-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20197.58611.758263.939...@chiark.greenend.org.uk
