posted by Justin Piszcz on Mon 7th Jun 2004 05:37 UTC
"Relink, Page 3/5"
Example: Install OpenSSH and OpenSSL
Step 01: Download the OpenSSL and OpenSSH source tarballs
jpiszcz@jpt2:~$ wget ftp://ftp.openssl.org/source/openssl-0.9.7d.tar.gz
--23:20:12-- ftp://ftp.openssl.org/source/openssl-0.9.7d.tar.gz
=> `openssl-0.9.7d.tar.gz'
Resolving ftp.openssl.org... 195.27.176.155
Connecting to ftp.openssl.org[195.27.176.155]:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done. ==> CWD /source ... done.
==> PORT ... done. ==> RETR openssl-0.9.7d.tar.gz ... done.
Length: 2,798,433 (unauthoritative)
100%[====================================>] 2,798,433 90.19K/s ETA 00:00
23:20:45 (86.64 KB/s) - `openssl-0.9.7d.tar.gz' saved [2798433]
jpiszcz@jpt2:~$
jpiszcz@jpt2:~$ wget ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.8.1p1.tar.gz
--23:23:05-- ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.8.1p1.tar.gz
=> `openssh-3.8.1p1.tar.gz'
Resolving ftp.openbsd.org... 129.128.5.191
Connecting to ftp.openbsd.org[129.128.5.191]:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done. ==> CWD /pub/OpenBSD/OpenSSH/portable ... done.
==> PORT ... done. ==> RETR openssh-3.8.1p1.tar.gz ... done.
Length: 817,932 (unauthoritative)
100%[====================================>] 817,932 23.20K/s ETA 00:00
23:23:29 (42.98 KB/s) - `openssh-3.8.1p1.tar.gz' saved [817932]
jpiszcz@jpt2:~$
Step 02: Decompress the tarballs
jpiszcz@jpt2:~$ tar zxf openssl-0.9.7d.tar.gz jpiszcz@jpt2:~$ tar zxf openssh-3.8.1p1.tar.gz jpiszcz@jpt2:~$
Step 03: Run ./config
For OpenSSL, it has its own 'config' script, earlier versions seemed to have supported a prefix option, but the newest does not.jpiszcz@jpt2:~$ cd openssl-0.9.7d jpiszcz@jpt2:~/openssl-0.9.7d$ ./config Operating system: i686-whatever-linux2 Configuring for linux-pentium .. various tests here .. jpiszcz@jpt2:~/openssl-0.9.7d$
Step 03: Edit Makefile
jpiszcz@jpt2:~$ cd openssl-0.9.7d jpiszcz@jpt2:~/openssl-0.9.7d$ vi MakefileThe part you need to change is here:
# INSTALL_PREFIX is for package builders so that they can configure # for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/. # Normally it is left empty. INSTALL_PREFIX= INSTALLTOP=/usr/local/ssl Change INSTALL_PREFIX= to INSTALL_PREFIX=/app and INSTALLTOP= to INSTALLTOP=/openssl-0.9.7d So when done, it should look like this: # INSTALL_PREFIX is for package builders so that they can configure # for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/. # Normally it is left empty. INSTALL_PREFIX=/app INSTALLTOP=/openssl-0.9.7d
Step 04: Run make to compile the program
jpiszcz@jpt2:~/openssl-0.9.7d$ /usr/bin/time make -j2Some users may be curious to why I used the -j2 option (especially when I only have a single CPU in my machine), running make with no -j2 option is perfectly fine. Instead of one thread for compiling, running make with the -j2 (jobs: 2) option, it runs two jobs simultaneously. Therefore make -j2 usually results in faster compilation times depending upon what you are compiling.
Some may also be curious as to why this is? Well that has to do with the Linux process scheduler and that is a topic for another day.
Step 05: Run make install
jpiszcz@jpt2:~/openssl-0.9.7d$ make install .. various installer information here .. make[1]: Entering directory `/home/jpiszcz/openssl-0.9.7d/tools' make[1]: Leaving directory `/home/jpiszcz/openssl-0.9.7d/tools' installing libcrypto.a installing libssl.a cp openssl.pc /app/openssl-0.9.7d/lib/pkgconfig chmod 644 /app/openssl-0.9.7d/lib/pkgconfig/openssl.pc jpiszcz@jpt2:~/openssl-0.9.7d$
Step 06: Shared or Static?
This is a also a discussion for another time, however most programs in Linux are built using shared libraries as it offers many benefits over building them statically, please Google search for more information about why this is so.We want a shared OpenSSL library! By default, OpenSSL 0.9.7d does not compile or install a shared library. To remedy this problem:
jpiszcz@jpt2:~/openssl-0.9.7d$ make build-shared
+ rm -f libcrypto.so.0
+ rm -f libcrypto.so
+ rm -f libcrypto.so.0.9.7
+ rm -f libssl.so.0
+ rm -f libssl.so
+ rm -f libssl.so.0.9.7
libs='-L. '; for i in crypto ssl; do \
if [ "crypto ssl" = "ssl" -a -n "" ]; then \
libs=" $libs"; \
fi; \
( set -x; gcc \
-shared -o lib$i.so.0.9.7 \
-Wl,-soname=lib$i.so.0.9.7 \
-Wl,-Bsymbolic \
-Wl,--whole-archive lib$i.a \
-Wl,--no-whole-archive $libs -ldl -lc ) || exit 1; \
libs="-l$i $libs"; \
done
+ gcc -shared -o libcrypto.so.0.9.7 -Wl,-soname=libcrypto.so.0.9.7 -Wl,-Bsymbolic \
-Wl,--whole-archive libcrypto.a -Wl,--no-whole-archive -L. -ldl -lc
+ gcc -shared -o libssl.so.0.9.7 -Wl,-soname=libssl.so.0.9.7 -Wl,-Bsymbolic -Wl, \
--whole-archive libssl.a -Wl,--no-whole-archive -lcrypto -L. -ldl -lc
+ rm -f libcrypto.so.0
+ ln -s libcrypto.so.0.9.7 libcrypto.so.0
+ rm -f libcrypto.so
+ ln -s libcrypto.so.0 libcrypto.so
+ rm -f libssl.so.0
+ ln -s libssl.so.0.9.7 libssl.so.0
+ rm -f libssl.so
+ ln -s libssl.so.0 libssl.so
jpiszcz@jpt2:~/openssl-0.9.7d$
Step 07: Install the shared library
If you thought make install will do it, you will be mistaken. Simply move the libraries to the app/lib directory and relink!
jpiszcz@jpt2:~/openssl-0.9.7d$ mv *.so* /app/openssl-0.9.7d/lib
jpiszcz@jpt2:~/openssl-0.9.7d$ relink # I had previously relinked
6 link(s) installed # before moving the libraries.
jpiszcz@jpt2:~/openssl-0.9.7d$ # This only the library
# related files are relinked
# at this time.
Congratulations, you have successfully built and installed OpenSSL
with shared libraries! Now for OpenSSH...
Step 08: Installing OpenSSH
In recent versions, a user (sshd) by default is required by OpenSSH.Slackware 9.1 by default has this user added, if this user is not added, you must add it.
jpiszcz@jpt2:~/openssl-0.9.7d$ grep -i sshd /etc/passwd sshd:x:33:33:sshd:/: jpiszcz@jpt2:~/openssl-0.9.7d$Next, view the available options to compile OpenSSH.
jpiszcz@jpt2:~/openssl-0.9.7d$ cd ~/openssh-3.8.1p1
jpiszcz@jpt2:~/openssh-3.8.1p1$ ./configure --help
`configure' configures this package to adapt to many kinds of systems.
Usage: ./configure [OPTION]... [VAR=VALUE]...
To assign environment variables (e.g., CC, CFLAGS...), specify them as
VAR=VALUE. See below for descriptions of some of the useful variables.
Defaults for the options are specified in brackets.
Configuration:
-h, --help display this help and exit
--help=short display options specific to this package
--help=recursive display the short help of all the included packages
-V, --version display version information and exit
-q, --quiet, --silent do not print `checking...' messages
--cache-file=FILE cache test results in FILE [disabled]
-C, --config-cache alias for `--cache-file=config.cache'
-n, --no-create do not create output files
--srcdir=DIR find the sources in DIR [configure dir or `..']
Installation directories:
--prefix=PREFIX install architecture-independent files in PREFIX
[/usr/local]
--exec-prefix=EPREFIX install architecture-dependent files in EPREFIX
[PREFIX]
By default, `make install' will install all the files in
`/usr/local/bin', `/usr/local/lib' etc. You can specify
an installation prefix other than `/usr/local' using `--prefix',
for instance `--prefix=$HOME'.
For better control, use the options below.
Fine tuning of the installation directories:
--bindir=DIR user executables [EPREFIX/bin]
--sbindir=DIR system admin executables [EPREFIX/sbin]
--libexecdir=DIR program executables [EPREFIX/libexec]
--datadir=DIR read-only architecture-independent data [PREFIX/share]
--sysconfdir=DIR read-only single-machine data [PREFIX/etc]
--sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
--localstatedir=DIR modifiable single-machine data [PREFIX/var]
--libdir=DIR object code libraries [EPREFIX/lib]
--includedir=DIR C header files [PREFIX/include]
--oldincludedir=DIR C header files for non-gcc [/usr/include]
--infodir=DIR info documentation [PREFIX/info]
--mandir=DIR man documentation [PREFIX/man]
System types:
--build=BUILD configure for building on BUILD [guessed]
--host=HOST build programs to run on HOST [BUILD]
Optional Features:
--disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
--enable-FEATURE[=ARG] include FEATURE [ARG=yes]
--disable-largefile omit support for large files
--disable-strip Disable calling strip(1) on install
--disable-etc-default-login Disable using PATH from /etc/default/login no
--disable-lastlog disable use of lastlog even if detected no
--disable-utmp disable use of utmp even if detected no
--disable-utmpx disable use of utmpx even if detected no
--disable-wtmp disable use of wtmp even if detected no
--disable-wtmpx disable use of wtmpx even if detected no
--disable-libutil disable use of libutil (login() etc.) no
--disable-pututline disable use of pututline() etc. (uwtmp) no
--disable-pututxline disable use of pututxline() etc. (uwtmpx) no
Optional Packages:
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
--without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
--without-rpath Disable auto-added -R linker paths
--with-osfsia Enable Digital Unix SIA
--with-cflags Specify additional flags to pass to compiler
--with-cppflags Specify additional flags to pass to preprocessor
--with-ldflags Specify additional flags to pass to linker
--with-libs Specify additional libraries to link with
--with-zlib=PATH Use zlib in PATH
--without-zlib-version-check Disable zlib version check
--with-skey[=PATH] Enable S/Key support
(optionally in PATH)
--with-tcp-wrappers[=PATH] Enable tcpwrappers support
(optionally in PATH)
--with-pam Enable PAM support
--with-ssl-dir=PATH Specify path to OpenSSL installation
--with-rand-helper Use subprocess to gather strong randomness
--with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT
--with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)
--with-entropy-timeout Specify entropy gathering command timeout (msec)
--with-privsep-user=user Specify non-privileged user for privilege separation
--with-sectok Enable smartcard support using libsectok
--with-opensc=PFX Enable smartcard support using OpenSC
--with-kerberos5=PATH Enable Kerberos 5 support
--with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)
--with-xauth=PATH Specify path to xauth program
--with-mantype=man|cat|doc Set man page type
--with-md5-passwords Enable use of MD5 passwords
--without-shadow Disable shadow password support
--with-ipaddr-display Use ip address instead of hostname in \$DISPLAY
--with-default-path= Specify default \$PATH environment for server
--with-superuser-path= Specify different path for super-user
--with-4in6 Check for and convert IPv4 in IPv6 mapped addresses
--with-bsd-auth Enable BSD auth support
--with-pid-dir=PATH Specify location of ssh.pid file
--with-lastlog=FILE|DIR specify lastlog location common locations
Some influential environment variables:
CC C compiler command
CFLAGS C compiler flags
LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a
nonstandard directory <lib dir>
CPPFLAGS C/C++ preprocessor flags, e.g. -I<include dir> if you have
headers in a nonstandard directory <include dir>
CPP C preprocessor
Use these variables to override the choices made by `configure' or to help
it to find libraries and programs with nonstandard names/locations.
jpiszcz@jpt2:~/openssh-3.8.1p1$
Step 09: Configure the OpenSSH build
jpiszcz@jpt2:~/openssh-3.8.1p1$ ./configure --prefix=/app/openssh-3.8.1p1 .. configure status ..Important output from configure to pay attention to:
checking OpenSSL header version... 90704f (OpenSSL 0.9.7d 17 Mar 2004)
checking OpenSSL library version... 90704f (OpenSSL 0.9.7d 17 Mar 2004)
checking whether OpenSSL's headers match the library... yes
checking for crypt in -lcrypt... yes
checking whether OpenSSL's PRNG is internally seeded... yes
If this does not detect your version of OpenSSL, some programs
may need --with-ssl-dir=PATH Specify path to OpenSSL installation
Without the --with-ssl-dir option specified, we get:
Preprocessor flags:
Linker flags:
This shows that it is building off of your distribution's inclusion
of OpenSSL (somewhere in /usr).
In the previous text, I described the GCC environmental variables, this allows configure to find 70-90% of your applications in /app without having to use such an option (--with-ssl-dir). However, for some applications, it may be necessary to tell them explicitly where the appropriate application or library is located.
For example: ./configure --prefix=/app/openssh-3.8.1p1 \
--with-ssl-dir=/app/openssl-0.9.7d
Therefore the --with-ssl-dir is required for OpenSSH if you want it
to compile off of the version that you have just installed in /app.
Not all programs require this, another solution is to remove all
duplicate software on your system and just keep everything in /app.
The ending (most important output is listed):
configure: creating ./config.status
config.status: creating Makefile
config.status: creating openbsd-compat/Makefile
config.status: creating scard/Makefile
config.status: creating ssh_prng_cmds
config.status: creating config.h
config.status: config.h is unchanged
OpenSSH has been configured with the following options:
User binaries: /app/openssh-3.8.1p1/bin
System binaries: /app/openssh-3.8.1p1/sbin
Configuration files: /app/openssh-3.8.1p1/etc
Askpass program: /app/openssh-3.8.1p1/libexec/ssh-askpass
Manual pages: /app/openssh-3.8.1p1/man/manX
PID file: /var/run
Privilege separation chroot path: /var/empty
sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin:/app/openssh-3.8.1p1/bin
Manpage format: doc
PAM support: no
KerberosV support: no
Smartcard support: no
S/KEY support: no
TCP Wrappers support: no
MD5 password support: no
IP address in $DISPLAY hack: no
Translate v4 in v6 hack: yes
BSD Auth support: no
Random number source: OpenSSL internal ONLY
Host: i686-pc-linux-gnu
Compiler: gcc
Compiler flags: -g -O2 -Wall -Wpointer-arith -Wno-uninitialized
Preprocessor flags: -I/app/openssl-0.9.7d/include
Linker flags: -L/app/openssl-0.9.7d/lib
Libraries: -lresolv -lcrypto -lutil -lz -lnsl -lcrypt
jpiszcz@jpt2:~/openssh-3.8.1p1$
As you can now see, it will build off of the correct library.
Step 10 - Install OpenSSH
gcc -o ssh-add ssh-add.o -L. -Lopenbsd-compat/ -L/app/openssl-0.9.7d/lib -lssh -lopenbsd-compat -lresolv -lcrypto -lutil -lz -lnsl -lcryptgcc -o ssh-keygen ssh-keygen.o -L. -Lopenbsd-compat/ -L/app/openssl-0.9.7d/lib -lssh -lopenbsd-compat -lresolv -lcrypto -lutil -lz -lnsl -lcrypt
gcc -o ssh-keyscan ssh-keyscan.o -L. -Lopenbsd-compat/ -L/app/openssl-0.9.7d/lib -lssh -lopenbsd-compat -lssh -lresolv -lcrypto -lutil -lz -lnsl -lcrypt
gcc -o ssh-keysign ssh-keysign.o readconf.o -L. -Lopenbsd-compat/ -L/app/openssl-0.9.7d/lib -lssh -lopenbsd-compat -lresolv -lcrypto -lutil -lz -lnsl -lcrypt
gcc -o ssh-agent ssh-agent.o -L. -Lopenbsd-compat/ -L/app/openssl-0.9.7d/lib -lssh -lopenbsd-compat -lresolv -lcrypto -lutil -lz -lnsl -lcrypt
gcc -o scp scp.o progressmeter.o -L. -Lopenbsd-compat/ -L/app/openssl-0.9.7d/lib -lssh -lopenbsd-compat -lresolv -lcrypto -lutil -lz -lnsl -lcrypt
gcc -o ssh-rand-helper ssh-rand-helper.o -L. -Lopenbsd-compat/ -L/app/openssl-0.9.7d/lib -lssh -lopenbsd-compat -lresolv -lcrypto -lutil -lz -lnsl -lcrypt
gcc -o sftp-server sftp-server.o sftp-common.o -L. -Lopenbsd-compat/ -L/app/openssl-0.9.7d/lib -lssh -lopenbsd-compat -lresolv -lcrypto -lutil -lz -lnsl -lcrypt gcc -o sftp progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o -L. -Lopenbsd-compat/ -L/app/openssl-0.9.7d/lib -lssh -lopenbsd-compat -lresolv -lcrypto -lutil -lz -lnsl -lcrypt
jpiszcz@jpt2:~/openssh-3.8.1p1$ make install .. installer information here .. mkdir /app/openssh-3.8.1p1/etc Generating public/private rsa1 key pair. Your identification has been saved in /app/openssh-3.8.1p1/etc/ssh_host_key. Your public key has been saved in /app/openssh-3.8.1p1/etc/ssh_host_key.pub. The key fingerprint is: 35:57:5e:88:34:9f:96:32:4b:69:21:4a:f2:48:06:be jpiszcz@jpt2 Generating public/private dsa key pair. Your identification has been saved in /app/openssh-3.8.1p1/etc/ssh_host_dsa_key. Your public key has been saved in /app/openssh-3.8.1p1/etc/ssh_host_dsa_key.pub. The key fingerprint is: 28:4f:27:7a:6d:46:6b:18:ef:2a:35:d4:61:6c:4a:94 jpiszcz@jpt2 Generating public/private rsa key pair. Your identification has been saved in /app/openssh-3.8.1p1/etc/ssh_host_rsa_key. Your public key has been saved in /app/openssh-3.8.1p1/etc/ssh_host_rsa_key.pub. The key fingerprint is: 71:fd:be:27:73:1f:91:fa:f3:a1:f7:a6:9c:5f:e3:b4 jpiszcz@jpt2 /app/openssh-3.8.1p1/sbin/sshd -t -f /app/openssh-3.8.1p1/etc/sshd_config jpiszcz@jpt2:~/openssh-3.8.1p1$You may get an error about /var/empty, if you do, this is how you fix it:
root@jpt2:~# chmod 700 /var/empty root@jpt2:~# chown root:root /var/emptyNOTE: You *MUST* fix the error about /var/empty if you get one or the ssh daemon will not work properly.
Step 12 - Run relink!
jpiszcz@jpt2:~/openssh-3.8.1p1$ relink 44 link(s) installed jpiszcz@jpt2:~/openssh-3.8.1p1$
Table of contents
- "Relink, Page 1/5"
- "Relink, Page 2/5"
- "Relink, Page 3/5"
- "Relink, Page 4/5"
- "Relink, Page 5/5"
Related Articles
posted by Alexandru Lazar on Mon 5th Jan 2009 19:13
posted by Kroc Camen on Sat 27th Dec 2008 20:52
posted by Thom Holwerda on Fri 26th Dec 2008 11:26, submitted by poundsmack
Recent Original Stories
Recent Comments
Headlines
Random Comments
Random Stories
Random OS Links
