Date: Sun, 31 Jan 2010 22:53:24 +0100 From: =?utf-8?Q?Piotr_Buli=C5=84ski?= <bulinskp@iem.pw.edu.pl> To: freebsd-current@freebsd.org Cc: Jilles Tjoelker <jilles@stack.nl>, des@freebsd.org Subject: Re: Problem with sftp server, static linking, pam and nss_ldap. Message-ID: <707EBC5E-E5C1-4A23-A829-7283495191AA@iem.pw.edu.pl> In-Reply-To: <20100131125805.GA44187@stack.nl> References: <4D59045B-6B03-440C-BCCC-C9C171621475@iem.pw.edu.pl> <20100131125805.GA44187@stack.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail-7-1052279468
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=utf-8
On 2010-01-31, at 13:58, Jilles Tjoelker wrote:
> On Sun, Jan 31, 2010 at 12:37:19PM +0100, Piotr Buli=C5=84ski wrote:
>> As you can see, it works great with dynamic linking, but if it's =
build with=20
>> static linking it can't get user information from LDAP database.
>=20
> Correct, NSS only works from dynamically-linked executables.
I didn't know that.
>> During the upgrade to OpenSSH 5.3p1 =
/head/secure/libexec/sftp-server/Makefile file changed a little bit:
>>=20
>> revision 181111, Fri Aug 1 02:48:36 2008 UTC ---> revision 197679, =
Thu Oct 1 17:12:52 2009 UTC
>> LDADD=3D -lssh -lcrypt -lcrypto -lz ---> LDADD=3D -lcrypt =
-lcrypto -lz -static -lssh
>=20
>> So I've tried to build sftp-server without -static switch, but it
>> result in failure like below:
>=20
>> {volt}-{/usr/src/secure/libexec/sftp-server}% sudo make
>> Warning: Object directory not changed from original =
/usr/src/secure/libexec/sftp-server
>> cc -O2 -pipe -fomit-frame-pointer -march=3Dopteron =
-I/usr/src/secure/libexec/sftp-server/../../../crypto/openssh -include =
ssh_namespace.h -std=3Dgnu99 -Wno-pointer-sign -c =
/usr/src/secure/libexec/sftp-server/../../../crypto/openssh/sftp-server.c
>> cc -O2 -pipe -fomit-frame-pointer -march=3Dopteron =
-I/usr/src/secure/libexec/sftp-server/../../../crypto/openssh -include =
ssh_namespace.h -std=3Dgnu99 -Wno-pointer-sign -c =
/usr/src/secure/libexec/sftp-server/../../../crypto/openssh/sftp-common.c
>> cc -O2 -pipe -fomit-frame-pointer -march=3Dopteron =
-I/usr/src/secure/libexec/sftp-server/../../../crypto/openssh -include =
ssh_namespace.h -std=3Dgnu99 -Wno-pointer-sign -c =
/usr/src/secure/libexec/sftp-server/../../../crypto/openssh/sftp-server-ma=
in.c
>> cc -O2 -pipe -fomit-frame-pointer -march=3Dopteron =
-I/usr/src/secure/libexec/sftp-server/../../../crypto/openssh -include =
ssh_namespace.h -std=3Dgnu99 -Wno-pointer-sign -o sftp-server =
sftp-server.o sftp-common.o sftp-server-main.o -lssh -lcrypt -lcrypto =
-lz
>> /usr/lib/libssh.so: undefined reference to `ssh_add_recv_bytes'
>> /usr/lib/libssh.so: undefined reference to `ssh_roaming_write'
>> /usr/lib/libssh.so: undefined reference to `ssh_roaming_read'
>> *** Error code 1
>=20
>> Stop in /usr/src/secure/libexec/sftp-server.
>> {volt}-{/usr/src/secure/libexec/sftp-server}%=20
>=20
>> Do you have any idea how to make it works?
>=20
> Apparently something broke so that sftp-server cannot link to libssh
> dynamically, even though scp and ssh can still use it.
> By changing the line in secure/libexec/sftp-server/Makefile to
>=20
> LDADD=3D -lcrypt -lcrypto -lz -Wl,-static -lssh -Wl,-call_shared
>=20
> it links only libssh and its dependencies statically, which may be
> enough to fix your problem. This still links quite a lot more than
> libssh statically, I am not happy with it at all.
Thanks a lot! This solved my problem for now.
I'll be testing it this week.
Will you put this "patch" to the source tree of CURRENT
(or maybe it's good only as a temporary solution)?
Thanks again!
Regards
--=20
Piotr Buli=C5=84ski
Informatyka na Wydziale Elektrycznym
Politechnika Warszawska
--Apple-Mail-7-1052279468--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?707EBC5E-E5C1-4A23-A829-7283495191AA>