# Helix in a jail

## Crispy Beef

Hi,

A client of mine has been running Helix DRM Licence Server on their Gentoo box for a while now, it's a binary install and was originally compiled against a 2.4.x kernel with glibc 2.2.x, this meant that to get it running correctly I needed to run LD_ASSUME_KERNEL before running the server binary.  With glibc-2.6 and the more recent kernels this no longer works so I'm kind of stuck getting the server to run.

The only thing I can think of is to get hold of a .rpm of glibc-2.2.x and put this into a jail of and run the helix server from there.  Does this sound feasible at all?  Would there be any issues anywhere else?

Running ldd on the server binary it comes up with the following:

```
ned1 opt # ldd /opt/HelixDRMLicenseServer/Bin/licserver

        linux-gate.so.1 =>  (0xffffe000)

        libdl.so.2 => /lib/libdl.so.2 (0xb7ef5000)

        libc.so.6 => /lib/libc.so.6 (0xb7dce000)

        /lib/ld-linux.so.2 (0xb7eff000)
```

Is it a simple case of making sure that glibc is in /lib in the jail plus a few other binaries such as bash, ls etc.?

----------

## apryan

EEEWWWWWW!  :Smile:    I too was running the Helix DRM and "neveR" got it working properly. I am surprised you got it working. I am responding to your PM now too.

----------

## Hu

I apologize if you have already tried this, but have you asked Helix to provide you with a newer version?  glibc 2.2.x is very old.  According to the sys-libs/glibc ChangeLog, a glibc 2.3.1 ebuild was added in October 2002.

----------

## codeslinger

is there a compelling reason for the os upgrade???   if it ain't broke don't fix it....

If the jail won't work for you - and there is a good chance it won't - then configure a virtual machine with the 2.2 os etc.    :Wink: 

this is one of the roles of virtual machines, to be able to support multiple oses and provide isolated environments for finicky apps.  the only thing you would have to watch out for is security updates.

----------

## apryan

I agree. At first I had to run Real's Helix server under a 32bit env on my 64bit machine with in chroot. Then they finally started supporting additional libs which made it much easier.

----------

## Crispy Beef

Hi All,

Was away for a couple of days so couldn't login.  Thanks for the replies...

I've been in contact with Real support over this and the version we have is the last version of the standalone helix drm server.  Later this year they are moving to something else so they will not be releasing versions compiled against newer libs.  A bit annoying but nothing much I can do on that.

In the meantime I've got a second server with the old libs running Helix on it's own so at least have something running at the moment.

@codeslinger

I stalled the upgrade for as long as I could but with new versions of apache, expat, mysql and php a proper upgrade was needed.  Same with the kernel, kept it below the version that worked with LD_ASSUME_KERNEL for a while.  But with security updates, patches and other requirements the upgrade had to be done.

@Hu

Yes, I agree, 2.2x is very old (that's the official line in the requirements).  Real support say they have a RHEL4.x box with a 2.6 kernel using glibc 2.3.4.  That required the LD_ASSUME_KERNEL hack to be used however.

Now that I have another server with Helix running it at least gives time to try and test a chroot environment and investigate other options.

Thanks.

----------

## Hu

Am I correct that you do not have a support contract that you can use to force the issue with Real?  Is there a possibility of migrating away from the use of this product, so that you can abandon the DRM server entirely?

Since the offending binary is proprietary, there is not much we can do to fix it directly.  Even worse, since it is DRM related, you may be prohibited by law from the tampering that would be necessary to fix it.

----------

## Crispy Beef

 *Hu wrote:*   

> Am I correct that you do not have a support contract that you can use to force the issue with Real?  Is there a possibility of migrating away from the use of this product, so that you can abandon the DRM server entirely?
> 
> Since the offending binary is proprietary, there is not much we can do to fix it directly.  Even worse, since it is DRM related, you may be prohibited by law from the tampering that would be necessary to fix it.

 

At the moment there is not much that can be done to move away from Helix DRM, the clients business model is based on it and requires it.  There also isn't any alternatives out there that can do the job.  What drew the client to Helix in the first place is that it was possible to secure clips on their own Linux servers, and also possible for users on both Windows and Macs to play the content giving them the widest coverage...although Helix on Linux doesn't have a DRM client plugin yet, I've been told one is in the works but I won't be holding my breath.

The only other viable option for DRM out there at the moment is the Microsoft route and that is overly restrictive.  One option further down the line might be a YouTube Flash-style player for streaming as that will allow all platforms with Flash capability to play content.

There is a support contract in place for a year and things are being pursued there from what I know...although I'm just a lowly admin/developer.  :Wink:   From what I know the client is trying to get Real to compile a new binary or provide an option to allow the server to run on more modern versions of Linux...seeing as it's end of line I don't really see this happening.

----------

## Hu

It would seem that your client's business model is defective by design, so it is not too surprising they have gotten themselves in a fix with a proprietary server that has no alternatives and no maintenance.  For their sake, I strongly suggest they rethink their business model.

----------

## Crispy Beef

 *Hu wrote:*   

> It would seem that your client's business model is defective by design, so it is not too surprising they have gotten themselves in a fix with a proprietary server that has no alternatives and no maintenance.  For their sake, I strongly suggest they rethink their business model.

 

Yup, this is true.  However when questioned at purchase Real should have made the client aware that they were going to discontinue the product.  Will see what they have to say.

The problem they have is that the client produces their own in-house films used for business and companies.  They do not want these productions to be pirated/copied.  Helix DRM seemed like the perfect solution as they deliver the media exclusively through downloads.  Streaming is not an option as they want the purchaser to be able to burn to CD/DVD, what other solutions are there that could secure this content and still make it widely available?

Thanks for all the comments and suggestions.  :Smile: 

----------

