Re: static compile unable to find gnutls dev files

To: debian-user@lists.debian.org
Subject: Re: static compile unable to find gnutls dev files
From: Bob Proulx <bob@proulx.com>
Date: Sat, 28 Aug 2010 23:46:41 -0600
Message-id: <[🔎] 20100829054641.GB25364@dementia.proulx.com>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 4C730687.6050405@envygeeks.com>
References: <[🔎] 4C730687.6050405@envygeeks.com>

Jordon Bedwell wrote:
>  I was wondering if anybody could help me figure out a problem with  
> static compiling:

The problem is that the archive library doesn't contain the same
symbols as the shared library.  I think that is probably a bug.  But
mostly for things like that the shared library is the best one to use
since if a security vulnerability is found then updating the shared
library fixes all uses of it.

But at the low level detail the configure script creates the following
test case.

  #include <gnutls/gnutls.h>
  #include <gnutls/x509.h>
  int main() {
      gnutls_x509_crt_sign2(0, 0, 0, 0, 0);
      return 0;
  }

Then it tries compiling it.  Here is an example.

  gcc -std=gnu99 -o conftest -g conftest.c -lgnutls

That works.  But when you add -static to the options:

  gcc -std=gnu99 -o conftest -g -static conftest.c -lgnutls
  /usr/lib/gcc/x86_64-linux-gnu/4.4.5/../../../../lib/libgnutls.a(x509_write.o): In function `gnutls_x509_crt_set_serial':
  (.text+0x16): undefined reference to `asn1_write_value'
  /usr/lib/gcc/x86_64-linux-gnu/4.4.5/../../../../lib/libgnutls.a(x509_write.o): In function `gnutls_x509_crt_set_key_purpose_oid':
  (.text+0x1a7): undefined reference to `asn1_create_element'
  ... and many, many more ...

At one level it is because this is failing.

> I can't for the life of me figure out what's going on.  I don't usually  
> static compile but in this case I decided to try out the new PHP 5.3.3  
> with CHROOT and CHDIR which requires me to static compile msmtp (or  
> sendmail but lets be realistic about a full static compile on an MTA for  
> a shared server) so that users don't have to rely solely on SMTP (we use  
> smart hosting with msmtp ~ which again is unrealistic for a shared  
> environment.)

You do not need to statically compile msmtp (or sendmail).  You just
need to install the shared libraries in the chroot too.

How are you setting up the chroot?  Personally I like using
debootstrap and setting up a chroot managed by dpkg and apt.  In which
case installing packages and dependencies is as easy as

  apt-get install msmtp

Personally I always set up nullmailer in chroots and configure it to
deliver to the localhost.  Then the host's main MTA handles delivery
normally.

> My only other solution is to manually CHROOT the entire server,

That didn't parse.  Sorry.

> however, I'm trying to avoid such a situation at this time since it
> would just decrease my reasons to switch to 5.3.3 when 5.4 is right
> around the corner.

I recommend just setting up a chroot with debootstrap so that you can
install packages and dependencies easily with apt.

  http://wiki.debian.org/Debootstrap

I do this all of the time, including once for PHP4 to work with a
close source proprietary library in one case.  It was handed to me and
I wrapped it into a chroot to keep it contained until I could make the
entire thing go away.

Bob

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- static compile unable to find gnutls dev files
  - From: Jordon Bedwell <jordon@envygeeks.com>

Prev by Date: Re: Fascinating problem with bash
Next by Date: Re: install lenny on Dell
Previous by thread: static compile unable to find gnutls dev files
Next by thread: Debian should start a global certification and training course
Index(es):
- Date
- Thread