Cannot build monit with static openssl using distro static ssl libraries
Issue #837
new
I am trying to build monit 5.26.0 with statically linked openssl on 32bit linux using the distro-supplied openssl libraries. I have tested this both on Debian buster (where libssl.a is supplied by libssl-dev) and Fedora 30 (which has an openssl-static package).
Taking Debian as the example, my configure line is:
./configure --with-ssl-static=/usr/lib/i386-linux-gnu
The summary at the end of configure run is:
+------------------------------------------------------------+
| License: |
| This is Open Source Software and use is subject to the GNU |
| AFFERO GENERAL PUBLIC LICENSE version 3, available in this |
| distribution in the file COPYING. |
| |
| By continuing this installation process, you are bound by |
| the terms of this license agreement. If you do not agree |
| with the terms of this license, you must abort the |
| installation process at this point. |
+------------------------------------------------------------+
| Libmonit is configured as follows: |
| |
| Optimized: DISABLED |
| Profiling: DISABLED |
| Compression: ENABLED |
+------------------------------------------------------------+
Monit Build Information:
Architecture: LINUX
SSL include directory:
SSL library directory: /usr/lib/i386-linux-gnu
Compiler flags: -Wno-address -Wno-pointer-sign -g -O2 -Wall -Wunused -Wno-unused-label -funsigned-char -D_GNU_SOURCE -std=c99 -D _REENTRANT -I
Linker flags: -lpam -lz -lpthread -lcrypt -lresolv -lnsl /usr/lib/i386-linux-gnu/libssl.a /usr/lib/i386-linux-gnu/libcrypto.a -L/usr/lib/i386-linux-gnu
pid file location: /run
Install directory: /usr/local
+------------------------------------------------------------+
| License: |
| This is Open Source Software and use is subject to the GNU |
| AFFERO GENERAL PUBLIC LICENSE version 3, available in this |
| distribution in the file COPYING. |
| |
| By continuing this installation process, you are bound by |
| the terms of this license agreement. If you do not agree |
| with the terms of this license, you must abort the |
| installation process at this point. |
+------------------------------------------------------------+
| Monit has been configured with the following options: |
| |
| Compression: ENABLED |
| PAM support: ENABLED |
| SSL support: ENABLED |
| Large files support: ENABLED |
| IPv6 support: ENABLED |
| Optimized: DISABLED |
| Profiling: DISABLED |
+------------------------------------------------------------+
The make always fails with a lot of undefined references:
/usr/bin/ld: /tmp/ccUQmE5O.o: in function `postparse':
/home/georgebrooke/monit_build/monit-5.26.0/src/p.y:3140: undefined reference to `LogWarning'
/usr/bin/ld: /home/georgebrooke/monit_build/monit-5.26.0/src/p.y:3135: undefined reference to `LogWarning'
/usr/bin/ld: /home/georgebrooke/monit_build/monit-5.26.0/src/p.y:3115: undefined reference to `LogError'
/usr/bin/ld: /home/georgebrooke/monit_build/monit-5.26.0/src/p.y:3111: undefined reference to `LogError'
/usr/bin/ld: /tmp/ccUQmE5O.o: in function `parse':
/home/georgebrooke/monit_build/monit-5.26.0/src/p.y:2973: undefined reference to `LogCritical'
/usr/bin/ld: /tmp/ccUQmE5O.o: in function `check_depend':
/home/georgebrooke/monit_build/monit-5.26.0/src/p.y:4870: undefined reference to `LogCritical'
/usr/bin/ld: /home/georgebrooke/monit_build/monit-5.26.0/src/p.y:4865: undefined reference to `LogCritical'
collect2: error: ld returned 1 exit status
make[2]: *** [Makefile:756: src/y.tab.o] Error 1
make[2]: Leaving directory '/home/georgebrooke/monit_build/monit-5.26.0'
make[1]: *** [Makefile:823: all-recursive] Error 1
make[1]: Leaving directory '/home/georgebrooke/monit_build/monit-5.26.0'
make: *** [Makefile:534: all] Error 2
I have the full set of messages which I can attach if that will help.
I can build fine with dynamically linked SSL.
Comments (7)
-
-
reporter
Hi,
I’ve re-run configure with the following options:
./configure --with-ssl-static=/usr/lib/i386-linux-gnu --with-ssl-incl-dir=/usr/include --with-ssl-lib-dir=/usr/lib64/And it still does not list the include dir (the path is taken from the configure output when running configure for a dynamically linked run):
Monit Build Information: Architecture: LINUX SSL include directory: SSL library directory: /usr/lib/i386-linux-gnu Compiler flags: -Wno-address -Wno-pointer-sign -g -O2 -Wall -Wunused -Wno-unused-label -funsigned-char -D_GNU_SOURCE -std=c99 -D _REENTRANT -I Linker flags: -lpam -lz -lpthread -lcrypt -lresolv -lnsl /usr/lib/i386-linux-gnu/libssl.a /usr/lib/i386-linux-gnu/libcrypto.a -L/usr/lib/i386-linux-gnu pid file location: /run Install directory: /usr/localAnd I still get the same errors.
I think the issue is in the configure script in that it appears to ignore the supplied --with-ssl-incl-dir options when building with static SSL (lines 9 - 11 below) and only checks in the directory supplied to --with-ssl-static
# Check if we want to have SSL AC_MSG_CHECKING([for static SSL support]) AC_ARG_WITH(ssl-static, [ --with-ssl-static=DIR location of SSL installation], [ dnl Check the specified location only for dir in "$withval" "$withval/include"; do checksslincldir "$dir" done for dir in "$withval" "$withval/lib"; do checkssllibdirstatic "$dir" && break done use_sslstatic=1 LDFLAGS="`echo $LDFLAGS | sed -e 's/-rdynamic/-ldl/g'`" AC_MSG_RESULT([enabled]) AC_DEFINE([HAVE_OPENSSL], 1, [Define to 1 if you have openssl.]) AC_SUBST(sslincldir) AC_SUBST(ssllibdir) CFLAGS="$CFLAGS -I$sslincldir" LIBS="$LIBS $ssllibdir/libssl.a $ssllibdir/libcrypto.a" ], [ use_sslstatic=0 AC_MSG_RESULT([disabled]) ] ) -
reporter
Also, on Debian 10 glibc is 2.28 and the kernel is 4.19.
-
Hello George,
are your sure the used folders are available in your system../configure --with-ssl-statics=/usr/local --with-ssl-incl-dir=/usr/local/include --with-ssl-lib-dir=/usr/local/lib64 SSL include directory: /usr/local/include SSL library directory: /usr/local/lib64And the missing libssl.a and libcrypto.a are in /usr/local/lib64/
and the openssl or ssl folder is in /usr/local/include/In your Debian 10 system, no, I think.
You are right, the configure script does not find the files sometimes. I do some modifications to get the right linked binary.
with_ssl_static="/usr/local" # Check whether --with-ssl-static was given. if test "${with_ssl_static+set}" = set; then : withval=$with_ssl_static; for dir in "$withval" "$withval/include"; do checksslincldir "$dir" done for dir in "$withval" "$withval/lib64" "$withval/lib"; doThe configure script does not check the “lib64” folder, for example. And I add “with_ssl_static” to the right path, the given folder is not available at this point.
With regards,
Lutz -
reporter
Hi Lutz,
On Debian 10, using the distro-supplied static builds of openssl, libssl.a is in
/usr/lib/i386-linux-gnu/and the headers are in/usr/include/openssl$ ls -l /usr/lib/i386-linux-gnu/libssl.a -rw-r--r-- 1 root root 864744 May 30 16:27 /usr/lib/i386-linux-gnu/libssl.a $ ls -l /usr/include/openssl/ssl.h -rw-r--r-- 1 root root 111295 May 30 16:27 /usr/include/openssl/ssl.hWhich are both correct in the configure line I posted, the
--with-ssl-lib-dirI posted was incorrect, but with the correct version posted below it still does not pickup the correct include dir:./configure --with-ssl-static=/usr/lib/i386-linux-gnu --with-ssl-incl-dir=/usr/include --with-ssl-lib-dir=/usr/lib/ SSL include directory: SSL library directory: /usr/lib/i386-linux-gnu
I believe this is a bug in the
configure.acfile as it only processes the supplied--with-ssl-incl-dirif--with-ssl-staticis not supplied. When--with-ssl-staticis supplied only the directory given and any subfolder called include are actually checked for the header files.If I manually edit the
configure.ac(line 711 in git) from:for dir in "$withval" "$withval/include"; doto:
for dir in "$withval" "$withval/include" "/usr/include"; dothen run
./bootstrap ./configure --with-ssl-static=/usr/lib/i386-linux-gnu makeI get a correctly linked monit using the static openssl.
Obviously this is not a general solution - I'd suggest that the configure script should respect the
--with-ssl-incl-direven when--with-ssl-staticis supplied or at least this should be documented somewhere (either in the help strings or in the README) -
Hello George,
thanks for your explanation. You are right, I think.The option --with-ssl-statics does not find the right libs all the time.
And with --with-ssl-incl-dir, --with-ssl-lib-dir the problem can not fixed.
This is the reason I modified the configure script to check the /usr/local/lib64 folder also.
My prefered Linux (I use SUSE distributions) ship 32-bit and 64-bit libs and the 64-bit libs are installed into lib64 folders.With regards,
Lutzp.s.
I try to have a look to the Debian Linux as soon as possible. -
reporter
This patch makes ./configure apply the --with-ssl-incl-dir option when --with-ssl-static is used:
*** orig/configure.ac 2019-07-05 23:44:38.000000000 +0100 --- monit-5.26.0/configure.ac 2019-08-01 14:29:08.318092430 +0100 *************** *** 781,786 **** --- 781,794 ---- AC_SUBST(sslincldir) AC_SUBST(ssllibdir) CFLAGS="$CFLAGS -I$sslincldir" + AC_MSG_CHECKING([for SSL include directory]) + AC_ARG_WITH(ssl-incl-dir, + [ --with-ssl-incl-dir=DIR location of installed SSL include files], + [ + dnl Check the specified location only + checksslincldir "$withval" + ]) + LIBS="$LIBS $ssllibdir/libssl.a $ssllibdir/libcrypto.a" ], [However, I don’t know enough about autotools to know if duplicating the AC_ARG_WITH for ssl-incl-dir which is also used in the main ssl detection routines will lead to other issues, at any rate it allows me to get a static build.
- Log in to comment
Hello,
the SSL include files are not found.
I got some problems in the past to link static, also.
Do you try something like this
to point to all SSL folder. To point to the used static library install folder only does not work for me (and I do some ./configure changes).
A suggestion only,
Lutz
p.s.
Is the used Linux kernel 3.0 or 4.0 or above
and the glibc 2.11 or 2.14 or above?