[ << Running lilypond ] | [Top][Contents][Index] | [ Updating files with convert-ly >> ] |
| [ < Relocation algorithm ] | [ Up: Command-line usage ] | [ Error messages > ] |
LilyPond in chroot jail
Setting up the server to run LilyPond in a chroot jail is a complicated
task. The steps are listed below. Examples in the steps are from
Ubuntu GNU/Linux, and may require the use of sudo as appropriate.
- Install the necessary packages: LilyPond, Ghostscript, and ImageMagick.
- Create a new user by the name of
lily:adduser lily
This will create a new group for the
lilyuser as well, and a home folder,/home/lily - In the home folder of the
lilyuser create a file to use as a separate filesystem:dd if=/dev/zero of=/home/lily/loopfile bs=1k count= 200000
This example creates a 200MB file for use as the jail filesystem.
- Create a loop device, make a file system and mount it, then create
a folder that can be written by the
lilyuser:mkdir /mnt/lilyloop losetup /dev/loop0 /home/lily/loopfile mkfs -t ext3 /dev/loop0 200000 mount -t ext3 /dev/loop0 /mnt/lilyloop mkdir /mnt/lilyloop/lilyhome chown lily /mnt/lilyloop/lilyhome
- In the configuration of the servers, the JAIL will be
/mnt/lilyloopand the DIR will be/lilyhome. - Create a big directory tree in the jail by copying the necessary files, as
shown in the sample script below.
You can use
sedto create the necessary copy commands for a given executable:for i in "/usr/local/lilypond/usr/bin/lilypond" "/bin/sh" "/usr/bin/; \ do ldd $i | sed 's/.*=> \/\(.*\/\)\([^(]*\).*/mkdir -p \1 \&\& \ cp -L \/\1\2 \1\2/' | sed 's/\t\/\(.*\/\)\(.*\) (.*)$/mkdir -p \ \1 \&\& cp -L \/\1\2 \1\2/' | sed '/.*=>.*/d'; done
Example script for 32-bit Ubuntu 8.04
#!/bin/sh
## defaults set here
username=lily
home=/home
loopdevice=/dev/loop0
jaildir=/mnt/lilyloop
# the prefix (without the leading slash!)
lilyprefix=usr/local
# the directory where lilypond is installed on the system
lilydir=/$lilyprefix/lilypond/
userhome=$home/$username
loopfile=$userhome/loopfile
adduser $username
dd if=/dev/zero of=$loopfile bs=1k count=200000
mkdir $jaildir
losetup $loopdevice $loopfile
mkfs -t ext3 $loopdevice 200000
mount -t ext3 $loopdevice $jaildir
mkdir $jaildir/lilyhome
chown $username $jaildir/lilyhome
cd $jaildir
mkdir -p bin usr/bin usr/share usr/lib usr/share/fonts $lilyprefix tmp
chmod a+w tmp
cp -r -L $lilydir $lilyprefix
cp -L /bin/sh /bin/rm bin
cp -L /usr/bin/convert /usr/bin/gs usr/bin
cp -L /usr/share/fonts/truetype usr/share/fonts
# Now the library copying magic
for i in "$lilydir/usr/bin/lilypond" "$lilydir/usr/bin/guile" "/bin/sh" \
"/bin/rm" "/usr/bin/gs" "/usr/bin/convert"; do ldd $i | sed 's/.*=> \
\/\(.*\/\)\([^(]*\).*/mkdir -p \1 \&\& cp -L \/\1\2 \1\2/' | sed \
's/\t\/\(.*\/\)\(.*\) (.*)$/mkdir -p \1 \&\& cp -L \/\1\2 \1\2/' \
| sed '/.*=>.*/d'; done | sh -s
# The shared files for Ghostscript...
cp -L -r /usr/share/ghostscript usr/share
# The shared files for ImageMagick
cp -L -r /usr/lib/ImageMagick* usr/lib
### Now, assuming that you have test.ly in /mnt/lilyloop/lilyhome,
### you should be able to run:
### Note that /$lilyprefix/bin/lilypond is a script, which sets the
### LD_LIBRARY_PATH - this is crucial
/$lilyprefix/bin/lilypond -jlily,lily,/mnt/lilyloop,/lilyhome test.ly
[ << Running lilypond ] | [Top][Contents][Index] | [ Updating files with convert-ly >> ] |
| [ < Relocation algorithm ] | [ Up: Command-line usage ] | [ Error messages > ] |