Open Source Beta

Source (Development)

Author notes

c programming — experimental chroot gcc development for geeks wanting to write/compile/extend Open Source c code in PASE. If you can barley spell ‘c’ programming you may have a long afternoon of frustration. To wit, this page is NOT for people thinking they can simply download some stuff, then compile an entire Open Source project. Sorry, no such thing in PASE/AIX. However, i know anyone can write c code, therefore, can also extend popular new Open Source languages running in PASE using c code for PHP, Ruby, perl, python, node, etc. It just takes practice and patience.

about chroot — IBM i PASE chroot changes the apparent location of IFS ‘/’ to a subdirectory (sub folder), for user, application or task. Therein, a chroot’d user can not “back up” and destroy things in valuable machine IFS (mess up PASE). PASE “chroot jail” provides a nice way to run an activity in isolated location “safely” out-of-the-away from valuable machine IFS. You can Google chroot and learn about it.

security warning — IBM i PASE chroot is NEVER intended for multi-tenant hosting (different companies same LPAR). Bluntly, there are both DB2 and ILE call ways of breaking chroot to access “the machine” resources. However, chroot is very nice for most people doing “single tenant” , or, within company (trusted developers). In fact desired to share IBM i common resources like database, RPG programs to call, etc.. Therefore, within company developers more interested in typical things chroot has to offer from “profile” security point of view, as well as, “experiment” safety. To wit, protecting profile ranger from profile wildbill in your organization using chroot works very nicely, because it is not really a company-2-company “spy guy” event, instead, simply an administrative nice way to keep the cats in the herd. Also, yes, i think a chroot standalone application like PHP, Ruby, Python, Nodejs is very useful in protecting from the “outside” hacker, because folks on the machine are the trusted lot. Ultimately, without true IBM i containers, i am hesitant to even hum the multi-tenant song, but i have no problem loudly singing about chroot within the company (and i did).

quick example (already know what to do)

Complete chroot and package sequence (quick example)

  • if you are downloadingDownload:
  • Attach:download-2.0.tar.zip (required) RPMs on linux (not IBM i), then copy RPMs into /QOpenSys/QIBM/ProdData/OPS/GCC before starting.
============
download pc (above)
============
choose Download repository zip file (above)
$ cd download
$ unzip litmis-ibmichroot-634ec6c9ba26.zip
$ cd litmis-ibmichroot-634ec6c9ba26
$ ftp myibmi
ftp> quote namefmt 1
ftp> bin
ftp> mkdir /QOpenSys/QIBM/ProdData/OPS/GCC
ftp> cd /QOpenSys/QIBM/ProdData/OPS/GCC
ftp> prompt
ftp> mput *
ftp> quit

============
outside chroot
============
bash-4.3$ cd /QOpenSys/QIBM/ProdData/OPS/GCC  (where you downloaded)
bash-4.3$ PATH=/QOpenSys/usr/bin
bash-4.3$ LIBPATH=/QOpenSys/usr/lib
bash-4.3$ echo $PATH
/QOpenSys/usr/bin
bash-4.3$ echo $LIBPATH
/QOpenSys/usr/lib
bash-4.3$ ./chroot_setup.sh chroot_minimal.lst /QOpenSys/ranger3  ... copy minimum PASE runtime
bash-4.3$ ./chroot_setup.sh chroot_OPS_GCC.lst /QOpenSys/ranger3  ... copy /QOpenSys/QIBM/ProdData/OPS/GCC (scripts into chroot)
bash-4.3$ ./chroot_setup.sh chroot_OPS_SC1.lst /QOpenSys/ranger3  ... copy OpenSSH/OpenSSL product SC1
:
=============
inside chroot
=============
Note: you can only use PASE chroot utility as *SECOFR. Therefore, chroot_setup is assumed to be a *SECOFR profile.
bash-4.3$ chroot /QOpenSys/ranger3 /QOpenSys/usr/bin/bsh
$ cd /QOpenSys/QIBM/ProdData/OPS/GCC
$ ./pkg_setup.sh pkg_perzl_utils.lst
setup rpm.rte ...
setup wget-1.9.1-1.aix5.1.ppc.rpm ...
:
libidn                      ##################################################
zlib                        ##################################################
pcre                        ##################################################
readline                    ##################################################
openssl                     ##################################################
libssh2                     ##################################################
openldap                    ##################################################
info                        ##################################################
bash                        ##################################################
sed                         ##################################################
grep                        ##################################################
nedit                       ##################################################
bzip2                       ##################################################
gzip                        ##################################################
unzip                       ##################################################
zip                         ##################################################
tar                         ##################################################
$ rpm --version
RPM version 3.0.5
$ bash
bash-4.3$ ls /opt/freeware/bin 
bash          bzip2         fgrep         gzexe         install-info  pcretest      uncompress    zdiff         zipcloak      zmore
bashbug       bzip2recover  funzip        gzip          nedit         rpm           unzip         zegrep        zipgrep       znew
bunzip2       bzless        gendiff       iconv         nedit-client  rpm2cpio      unzipsfx      zfgrep        zipinfo
bzcat         bzmore        grep          idn           openssl       sed           wget          zforce        zipnote
bzdiff        c_rehash      gtar          info          patch         ssleay        zcat          zgrep         zipsplit
bzgrep        egrep         gunzip        infokey       pcregrep      tar           zcmp          zip           zless
bash-4.3$ ls /opt/freeware/lib
libbz2.a              libcrypto.so.1.0.0    liblber-2.4.a         libldap_r-2.4.so.2    libreadline.a         libssl.so
libcharset.a          libcrypto.so.1.0.1    liblber-2.4.so.2      libldap_r.a           librpm.so             libssl.so.0.9.7
libcharset.la         libhistory.a          liblber.a             libpcre.a             librpm.so.0.0.0       libssl.so.0.9.8
libcrypto.a           libiconv.a            libldap-2.4.a         libpcrecpp.a          librpmbuild.so        libssl.so.1.0.0
libcrypto.so          libiconv.la           libldap-2.4.so.2      libpcreposix.a        librpmbuild.so.0.0.0  libssl.so.1.0.1
libcrypto.so.0.9.7    libidn.a              libldap.a             libpopt.so            libssh2.a             libz.a
libcrypto.so.0.9.8    libintl.a             libldap_r-2.4.a       libpopt.so.0.0.0      libssl.a              rpm

step by step

The steps (click) …

  • step 0 — beta code information (download zip)
  • step 1 — minimal chroot environment (setup zip)
  • step 2 — GCC compile environment
  • step 3 — get to work compiling (PHP example)
  • step 4 — problems

Note:

1) Pay close attention to where you are running two main scripts in the download:

  • chroot_setup.sh — run outside your chroot environment (see step 1)
  • pkg_setup.sh — run inside your chroot environment (see step 2).
    • You may use pkg_setup.sh without chroot_setup.sh, whereby, rpm installs will directly into root file system.

2) In following instructions, IBM i is assumed to be …

  • i use ssh (STRTCPSVR *SSHD)
    • ssh ranger@myibmi
    • ssh -X ranger@myibmi (PASE enabled gui requires special sshd setup)
  • some use 5250 (so sorry for you, qp2term awful shell, 5250 is terrible, just terrible)
    • call qp2term

3) profile ranger/RANGER

  • ranger is my name/user profile, use your own profile name (watch character case match instructions upper/lower)

Step 0) warning beta code

beta install (Download repository zip file top page)

============
download pc (above)
============
choose Download repository zip file (above)
$ cd download
$ unzip litmis-ibmichroot-634ec6c9ba26.zip
$ cd litmis-ibmichroot-634ec6c9ba26
$ ftp myibmi
ftp> quote namefmt 1
ftp> bin
ftp> mkdir /QOpenSys/QIBM/ProdData/OPS/GCC
ftp> cd /QOpenSys/QIBM/ProdData/OPS/GCC
ftp> prompt
ftp> mput *
ftp> quit

chroot_setup.sh briefly — run outside your chroot environment

chroot_setup.sh is an experimental gcc environment based on PASE chroot. Basically, chroot moves the location of ‘/’ into a sub-directory, aka, /QOpenSys/ranger becomes ‘/’ for user RANGER after chroot, thereby anything done in PASE will only affect the sub-directory /QOpenSys/ranger. The idea is to allow you to install and develop your PHP, Ruby, etc., extensions, including c code, in a “safe” way that will not affect all developers on your machine.

chroot_setup.sh copies binaries into your chroot ‘jail’. You need to copy everything you want to use inside your ‘jail’, because after you chroot into your ‘jail’, you will lose access to most of the IBM i machine, including /qsys.lib (a bit the bummer, but still usable for PASE). Anyway, after you establish your chroot ‘jail’ you may install RPMs inside the ‘jail’ without affecting the rest of PASE. This ‘product’ not complete, but i have been using a chroot environment for PHP and python ‘c code’ development. Actually, all fear aside, really nice developing multiple versions on same machine, different compilers, whatever, no more LPAR, no more trashing PASE, my own little chroot ‘jail’ sandbox (chroot_setup.sh helped me copy all i need to do the work).

On IBM i outside chroot jail …
 
> cd /QOpenSys/QIBM/ProdData/OPS/GCC 
> PATH=/QOpenSys/usr/bin
> LIBPATH=/QOpenSys/usr/lib
> echo $PATH
/QOpenSys/usr/bin
> echo $LIBPATH
/QOpenSys/usr/lib
> ./chroot_setup.sh chroot_minimal.lst /QOpenSys/ranger 
> ./chroot_setup.sh chroot_OPS_GCC.lst /QOpenSys/ranger

Note: you can only use PASE chroot utility as *SECOFR. Therefore, chroot_setup is assumed to be a *SECOFR profile.

pkg_setup.sh briefy — run inside your chroot environment (see step 2)

pkg_setup.sh downloads and installs per-selected (tested), perzl.org rpms (AIX binaries for PASE). You may use pkg_setup.sh without chroot_setup.sh, whereby, rpm installs will directly into root file system.

On IBM i inside chroot ‘jail’ download and install RPMs …
> chroot /QOpenSys/ranger /QOpenSys/usr/bin/bsh
> cd /QOpenSys/QIBM/ProdData/OPS/GCC
> ./pkg_setup.sh pkg_perzl_gcc-4.6.2.lst 

Note: you can only use PASE chroot utility as *SECOFR. This is why most people use ssh option as chroot user.

Alternative download - pkg_setup.sh on Linux (my shy IBM i is cowering behind mother firewall)
If your IBM i does not have web access for RPM download, you may use a Linux machine with script pkg_setup.sh to download the rpms. The script knows your are not on IBM i, so only the download will occur to your linux. Simply ftp rpms to your IBM i after download (binary ftp).

On Linux download for my IBM i …
> ./pkg_setup.sh pkg_perzl_gcc-4.6.2.lst
... download like crazy ...

> ftp myibmi
ftp> bin
ftp> cd /QOpenSys/QIBM/ProdData/OPS/GCC
ftp> prompt
ftp> mput *.rpm

Step 1) set up minimal chroot environment

make your home directory (after chroot)

> chroot /QOpenSys/ranger /QOpenSys/usr/bin/bsh
> mkdir -p /home/RANGER

Note: 
The chroot command puts you in your own "safe" environment, 
you can no longer hurt PASE on the machine.

Note: you can only use PASE chroot utility as *SECOFR. Therefore, chroot_setup is assumed to be a *SECOFR profile.

Outside of chroot environment (IBM i) …

Set-up auto chroot from ssh:

CHGUSRPRF USRPRF(RANGER) LOCALE(*NONE) HOMEDIR(/QOpenSys/ranger/./home/RANGER)

... now your laptop will automatically chroot using ssh ...
> ssh ranger@myibmi

Step 2) Set-up GCC environment (chroot)

Outside of chroot environment (IBM i) …

you need more of PASE …

> cd /QOpenSys/QIBM/ProdData/OPS/GCC
> ./chroot_setup.sh chroot_bins.lst /QOpenSys/ranger
> ./chroot_setup.sh chroot_includes.lst /QOpenSys/ranger
> ./chroot_setup.sh chroot_libs.lst /QOpenSys/ranger

Note: you can only use PASE chroot utility as *SECOFR. Therefore, chroot_setup is assumed to be a *SECOFR profile.

And you will probably need IBM openssl (optional) …

> cd /QOpenSys/QIBM/ProdData/OPS/GCC
> ./chroot_setup.sh chroot_OPS_SC1.lst /QOpenSys/ranger

Inside chroot environment (IBM i) …

Set-up gcc environment (IBM i):

> chroot /QOpenSys/ranger /QOpenSys/usr/bin/bsh

> cd /QOpenSys/QIBM/ProdData/OPS/GCC
> ./pkg_setup.sh pkg_gcc-4.6.2.lst

Note: you can only use PASE chroot utility as *SECOFR. This is why most people use ssh option as chroot user.

You can start using chroot bash …

> /bin/bash
bash-n>

Step 3) some language to work on (PHP example) …

Outside chroot environment (IBM i) …

> cd /QOpenSys/QIBM/ProdData/OPS/GCC
> ./chroot_setup.sh chroot_ZendServer5.lst /QOpenSys/ranger

Inside chroot environment (IBM i) …

Then make yourself a script to work in your chroot (ibm_db2 example):

bash-4.3$ pwd 
/home/RANGER/src/ibm_db2-1.9.7
bash-4.3$ cat zzallzs5.sh  
#!/bin/bash
export IBM_DB_HOME=/usr
export PHP_HOME=/usr/local/zendsvr
export PASE_TOOLS_HOME=/QOpenSys/usr
export AIX_TOOLS_HOME=/usr/local
export PERZL_TOOLS_HOME=/opt/freeware
export PATH=$PHP_HOME/bin:$PERZL_TOOLS_HOME/bin:$PASE_TOOLS_HOME/bin:$AIX_TOOLS_HOME/bin:$PATH
export LIBPATH=$PHP_HOME/lib:$PERZL_TOOLS_HOME/lib:$PASE_TOOLS_HOME/lib:$AIX_TOOLS_HOME/lib
export CC=gcc
export CFLAGS="-DPASE -I=.:$PHP_HOME/php/include"
export CCHOST=powerpc-ibm-aix6.1.0.0
phpize
./configure --build=$CCHOST --host=$CCHOST --target=$CCHOST
make
make install
cp /usr/local/zendsvr/lib/php/20090626/* /usr/local/zendsvr/lib/php_extensions/.

bash-4.3$ cat zzmakezs5.sh 
#!/bin/bash
export IBM_DB_HOME=/usr
export PHP_HOME=/usr/local/zendsvr
export PASE_TOOLS_HOME=/QOpenSys/usr
export AIX_TOOLS_HOME=/usr/local
export PERZL_TOOLS_HOME=/opt/freeware
export PATH=$PHP_HOME/bin:$PERZL_TOOLS_HOME/bin:$PASE_TOOLS_HOME/bin:$AIX_TOOLS_HOME/bin:$PATH
export LIBPATH=$PHP_HOME/lib:$PERZL_TOOLS_HOME/lib:$PASE_TOOLS_HOME/lib:$AIX_TOOLS_HOME/lib
export CC=gcc
export CFLAGS="-DPASE -I=.:$PHP_HOME/php/include"
export CCHOST=powerpc-ibm-aix6.1.0.0
#phpize
#./configure --build=$CCHOST --host=$CCHOST --target=$CCHOST
make
make install
cp /usr/local/zendsvr/lib/php/20090626/* /usr/local/zendsvr/lib/php_extensions/.

bash-4.3

Note: you can only use PASE chroot utility as *SECOFR. This is why most people use ssh option as chroot user.

Step 4) Have a nice day!

If you are a serious Open Source developer, and, find some issues, feel free open issues (link below), so we can fix problems with these scripts.

Archive