From owner-freebsd-current@FreeBSD.ORG Sun Jan 31 12:58:07 2010 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9FD0E106566B; Sun, 31 Jan 2010 12:58:07 +0000 (UTC) (envelope-from jilles@stack.nl) Received: from mx1.stack.nl (relay04.stack.nl [IPv6:2001:610:1108:5010::107]) by mx1.freebsd.org (Postfix) with ESMTP id 60C418FC18; Sun, 31 Jan 2010 12:58:07 +0000 (UTC) Received: from toad.stack.nl (toad.stack.nl [IPv6:2001:610:1108:5010::135]) by mx1.stack.nl (Postfix) with ESMTP id 873341DD646; Sun, 31 Jan 2010 13:58:05 +0100 (CET) Received: by toad.stack.nl (Postfix, from userid 1677) id 6D36D73F9D; Sun, 31 Jan 2010 13:58:05 +0100 (CET) Date: Sun, 31 Jan 2010 13:58:05 +0100 From: Jilles Tjoelker To: Piotr =?utf-8?B?QnVsacWEc2tp?= Message-ID: <20100131125805.GA44187@stack.nl> References: <4D59045B-6B03-440C-BCCC-C9C171621475@iem.pw.edu.pl> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <4D59045B-6B03-440C-BCCC-C9C171621475@iem.pw.edu.pl> User-Agent: Mutt/1.5.18 (2008-05-17) Cc: freebsd-current@freebsd.org, des@freebsd.org Subject: Re: Problem with sftp server, static linking, pam and nss_ldap. X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 Jan 2010 12:58:07 -0000 On Sun, Jan 31, 2010 at 12:37:19PM +0100, Piotr BuliƄski wrote: > As you can see, it works great with dynamic linking, but if it's build with > static linking it can't get user information from LDAP database. Correct, NSS only works from dynamically-linked executables. > During the upgrade to OpenSSH 5.3p1 /head/secure/libexec/sftp-server/Makefile file changed a little bit: > > revision 181111, Fri Aug 1 02:48:36 2008 UTC ---> revision 197679, Thu Oct 1 17:12:52 2009 UTC > LDADD= -lssh -lcrypt -lcrypto -lz ---> LDADD= -lcrypt -lcrypto -lz -static -lssh > So I've tried to build sftp-server without -static switch, but it > result in failure like below: > {volt}-{/usr/src/secure/libexec/sftp-server}% sudo make > Warning: Object directory not changed from original /usr/src/secure/libexec/sftp-server > cc -O2 -pipe -fomit-frame-pointer -march=opteron -I/usr/src/secure/libexec/sftp-server/../../../crypto/openssh -include ssh_namespace.h -std=gnu99 -Wno-pointer-sign -c /usr/src/secure/libexec/sftp-server/../../../crypto/openssh/sftp-server.c > cc -O2 -pipe -fomit-frame-pointer -march=opteron -I/usr/src/secure/libexec/sftp-server/../../../crypto/openssh -include ssh_namespace.h -std=gnu99 -Wno-pointer-sign -c /usr/src/secure/libexec/sftp-server/../../../crypto/openssh/sftp-common.c > cc -O2 -pipe -fomit-frame-pointer -march=opteron -I/usr/src/secure/libexec/sftp-server/../../../crypto/openssh -include ssh_namespace.h -std=gnu99 -Wno-pointer-sign -c /usr/src/secure/libexec/sftp-server/../../../crypto/openssh/sftp-server-main.c > cc -O2 -pipe -fomit-frame-pointer -march=opteron -I/usr/src/secure/libexec/sftp-server/../../../crypto/openssh -include ssh_namespace.h -std=gnu99 -Wno-pointer-sign -o sftp-server sftp-server.o sftp-common.o sftp-server-main.o -lssh -lcrypt -lcrypto -lz > /usr/lib/libssh.so: undefined reference to `ssh_add_recv_bytes' > /usr/lib/libssh.so: undefined reference to `ssh_roaming_write' > /usr/lib/libssh.so: undefined reference to `ssh_roaming_read' > *** Error code 1 > Stop in /usr/src/secure/libexec/sftp-server. > {volt}-{/usr/src/secure/libexec/sftp-server}% > Do you have any idea how to make it works? Apparently something broke so that sftp-server cannot link to libssh dynamically, even though scp and ssh can still use it. By changing the line in secure/libexec/sftp-server/Makefile to LDADD= -lcrypt -lcrypto -lz -Wl,-static -lssh -Wl,-call_shared it links only libssh and its dependencies statically, which may be enough to fix your problem. This still links quite a lot more than libssh statically, I am not happy with it at all. -- Jilles Tjoelker