Which directory is the openssldir? - compilation

When compiling OpenSSL you can add 2 options (from INSTALL in the OpenSSL sources):
Configuration Options
---------------------
There are several options to ./config (or ./Configure) to customize
the build:
--prefix=DIR Install in DIR/bin, DIR/lib, DIR/include/openssl.
Configuration files used by OpenSSL will be in DIR/ssl
or the directory specified by --openssldir.
--openssldir=DIR Directory for OpenSSL files. If no prefix is specified,
the library files and binaries are also installed there.
When compiling other things that rely on OpenSSL or can be added in, an option will be available e.g. for tinc the --with-openssl is available. Should this point to the OpenSSL compilation option given to prefix or openssldir?
Note: I'm not compiling tinc, it's just the first thing I found with a clear example.

You could also run this command to identify in which directory it's installed to.
openssl version -d

which is the openssldir?
By default, the OpenSSL directory is /usr/local/ssl. If you perform a config without --prefix and without --openssldir, that's what you get by default.
Headers will be located in /usr/local/ssl/include/openssl and libraries will be located in /usr/local/ssl/lib.
You should prefer --openssldir, and avoid clever tricks like --prefix=/usr to overwrite a distro's copy of OpenSSL.
If you want to provide a more up to date version of OpenSSL, then look into building a custom package (Personal Package Archive (PPA)) as described at Override Distro Package with Custom Package?.
I'm working on OS X 10.8.5 at the moment. Here's what my /usr/local/ssl looks like (I use one additional directory path on --openssldir due to multiple OpenSSL builds):
$ ls /usr/local/ssl/
android-14 darwin macosx-x64
android-18 ios macosx-x86
the --with-openssl is available. Should this point to the OpenSSL compilation option given to prefix or openssldir?
Yes (but it depends). I've worked with a lot of projects that don't append include and lib properly.
Often times those libraries with --with-openssl are broken in subtle ways. For example, suppose you do the following:
export CFLAGS="-I/usr/local/ssl/include"
export LDFLAGS="/usr/local/ssl/lib"
./config ... --with-openssl=/usr/local/ssl
make
sudo make install
In the above, you will compile and link against the gear in /usr/local/ssl. Then, when you execute your program, it will link against the shared object in /usr/lib, and not the shared object in /usr/local/ssl/lib.
If your distro provides 0.9.8 and you have 1.0.1 in /usr/local/ssl, you will get a lot of unexplained crashes that make no sense. Be vigilant for this issue on OS X because Apple provides 0.9.8.
If you and the distro are both providing something binary compatible (like 1.0.1), then you will be missing functionality without explanation. For example, your version of OpenSSL will have TLS 1.1 and 1.2 enabled, while Ubuntu's version will have TLS 1.1 and 1.2 disabled (Ubuntu priot to 14 built with -DOPENSSL_NO_TLS1_2_CLIENT). And you'll wonder why you cannot connect using TLS 1.2.
If you are compiling on OS X, then you will find OS X silently discards your request to perform static linking (i.e., -Bstatic -lcrypto -lssl). The linker will always use the shared object if available (even on iOS, where its not allowed!). And it will silently ignore your -rpath, too. And forget LD_LIBRARY_PATH because its not honored (you have to use DYLD_LIBRARY_PATH per dyld(1)).
The easiest way to cope with OS X is to:
cd <project>
grep -R "-lcrypto" *
<replace all occurences of -lcrypto with /usr/local/ssl/lib/libcrypto.a>
grep -R "-lssl" *
<replace all occurences of -lssl with /usr/local/ssl/lib/libssl.a>
Archives are just like object files (they are a collection of object files), so you don't even need the -l.
When forcing static linking as above, you don't have to worry about the linker silently discarding your requests or doing things you don't expect. The same works on Linux, too. As a matter of fact, I always use my own version of OpenSSL, and I always do what I described because I got tired of fighting with the various tools (its not only ld, its Eclipse and friends, too).

When compiling other things that rely on OpenSSL, what they usually need is, in order to compile correctly, the openssl binaries - crypto and ssl (linux) - (for linkage) and the include files.
So, your best try would be to point the --prefix you used to install the openssl

https://wiki.openssl.org/index.php/Compilation_and_Installation#PREFIX_and_OPENSSLDIR
PREFIX and OPENSSLDIR
--prefix and --openssldir control the configuration of installed components. The behavior and interactions of --prefix and --openssldir are slightly different between OpenSSL 1.0.2 and below, and OpenSSL 1.1.0 and above.
The rule of thumb to use when you want something that "just works" for all recent versions of OpenSSL, including OpenSSL 1.0.2 and 1.1.0, is:
specify both --prefix and --openssldir
set --prefix and --openssldir to the same location
One word of caution is avoid --prefix=/usr when OpenSSL versions are not binary compatible. You will replace the distro's version of OpenSSL with your version of OpenSSL. It will most likely break everything, including the package management system.

Related

Ubuntu BYACC / BTYACC Syntax error

I'm trying to compile the libxkbcommon library for kodi for my Raspberry Pi 2.
The host machine is a dedicated Server running Ubuntu 16.04 x64.
Now there are two errors when I'm trying to compile libxkbcommon, depending on what yacc I'm using:
byacc:
YACC src/xkbcomp/parser.c
yacc: e - line 219 of
"/opt/kodi/xbmc/tools/depends/target/libxkbcommon/raspberry-pi2-release/src/xkbcomp/parser.y", syntax error
%destructor { FreeStmt((ParseCommon *) $$); }
^
Makefile:1637: recipe for target 'src/xkbcomp/parser.c' failed
btyacc:
parser.y:85: syntax error
Here is the source code of libxkbcommon:
https://github.com/xkbcommon/libxkbcommon
The xbcomp/parser.y file requires a number of (very useful) bison extensions, so it can't be processed by all yacc variants.
btyacc does not support bison-compatible pure-parser declarations. (It has a different, not entirely compatible mechanism which implements the same feature.) So it fails on the first instance of one of those declarations.
It should be possible to use byacc, but not the version which is available in the Ubuntu package repository. Although the Ubuntu package repository change history seems to suggest that the intention was to include the build option which allows %destructor, the actual binary currently available in the byacc repository was built without that option. (It is also several years old, and I think it would be useful to use a more recent version.) I reported this as launchpad bug 1776270, along with a suggestion for a possible fix.
I'm sure you'll be able to build the software using Gnu bison, which is available as the Ubuntu package bison. Since that's the most popular yacc version installed on developer machines, a failure to build with bison would probably have been noticed long ago.
If you would prefer to use byacc, for whatever reason, you'll have to download and build it yourself. You can get the most recent version from Thomas Dickey's byacc page, and then build it with the usual procedure: untar, configure, make, make install. When I tested this, I used the following configure line:
./configure --enable-btyacc --program-prefix=b --prefix=/usr
Only the first option is mandatory
* --program-prefix=b Install it as `byacc` rather than `yacc`
* --enable-btyacc Necessary for %destructor support
* --prefix=/usr Install it in /usr/bin and /usr/man. The default
is /usr/local/bin and /usr/local/man, which failed on
my Ubuntu install because of a missing -D option in the
install command in the Makefile.

How to direct build output for OpenSSL on OS X

I am building OpenSSL on OS X. I would like to direct the built libraries (libcrypto.a, libssl.a etc) to a directory of my choice. Currently they are put in the current working directory.
How do I do achieve that?
This is what I'm doing. I thought specifying the directory for the openssldiroption might do it but it doesn't.
./Configure darwin64-x86_64-cc --openssldir=my-dir
make
I would like to direct the built libraries (libcrypto.a, libssl.a etc) to a directory of my choice. Currently they are put in the current working directory.
OpenSSL 1.1.0 can build in-tree or out-of-tree. OpenSSL 1.0.2 builds in-tree. In both cases all the artifacts are in the OpenSSL root directory. Its effectively hard coded into the scripts (there's two or three of them that interact).
You put them in the directory of your choice by following the build with a make install. If you only care about the libraries (libcrypto.a, libssl.a) then manually cp them.
If needed you can locate the artifacts with:
find . -name 'libssl*'
find . -name 'libcrypto*'
find . -name '*\.o'
There's also some rules about when to use --prefix=XXX and when to use --openssldir=XXX. It depends on both the OpenSSL version number, and the make recipe like make install or make install_sw. For the details, see Compilation and Installation on the OpenSSL wiki.
If you need to re-direct OpenSSL output to your specific directory, then you need to execute configure script like this:
$ ./configure darwin64-x86_64-cc --prefix=/Users/username/mydir --openssldir=/Users/username/mydir/ssl
where "username" is your user name. In this example the output will be performed into "~/mydir" directory. Here:
--prefix option sets the output directory
--openssldir option sets the ssl settings directory

Building libzmq with libsodium

Edit as of ZMQ version 4.1:
Configure automatically looks for libsodium, so this is no longer required. If for some reason you wish to build it WITHOUT libsodium and you have it built and installed, configure libzmq with '--without-libsodium'.
So I'm having problems building/making zeromq with libsodium.
im using msys2 as the shell - specifically the mingw32_shell - , and zmq 4.1.0 rc1 with libsodium 1.0.1 and mingw-w64 32bit (gcc 4.9.2).
im currently able to compile libsodium like this
cd .../libsodium
bash configure
make
make check
make install
and everything is fine, all the tests pass and the libs and includes end up in the /usr/local/ folders that msys2 seems to know about.
then when i try to build zeromq with these commands
cd .../zeromq
bash configure --with-libsodium
make
make check
make install
i never get past the configure stage, as configure returns
checking for sodium_init in -lsodium... no
configure: error: libsodium is not installed. Install it or don't pass --with-libsodium to configure script
i have tried the methods suggested in this post - ZeroMQ doesn't spot libsodium - but to no success.
therefore my question is thus: how do i either set the locations for zeromq's configure to look for libsodium to spot, whether with --with-libsodium, --with-libsodium-include-dir= and --with-libsodium-lib-dir=, or have them 'installed' in a location that msys2's shell is able to find?
I assume you tried it already since the link you provided mentions it:
--with-libsodium=/usr/local
I tried this and it worked for me. However, I don't recommend this because for MSYS2, it is cleaner if /usr/local is used only for MSYS2 software, and not MinGW-w64 software. For MinGW-w64 i686 software, the 'right' prefix for 'local' is /mingw32/local
I've just now added libsodium as a dependency on the zeromq package.
Github MinGW-w64 zeromq PKGBUILD commit e32ae0
I will ask Alexey to rebuild and repackage it tomorrow.

Ruby 'pg' gem linking to wrong copy of libpq.5.dylib (on OSX)

The EnterpriseDB installer for PostgreSQL 9.3 places its files in /Library/PostgreSQL/9.3/* on Mac OSX. However, the Ruby gem 'pg' loads a legacy version of the 'C' dynamic library libpq.5.dylib from /usr/lib instead of using the correct version from /Library/PostgreSQL/9.3/lib. This occurs despite my having installed the gem with
gem install pg -- --with-pg-config=/Library/PostgreSQL/9.3/bin/pg_config
I determined which version of libpq.5.dylib is loaded by setting the DYLD_PRINT_LIBRARIES environment variable, prior to requiring the 'pg' gem.
The most obvious consequence of linking to the wrong dynamic library is that the gem fails to connect to the database using a domain socket, because the socket was relocated between versions from /var/pgsql_socket to /tmp. However, linking to the old library may also cause other issues.
Any suggestions on how to fix this problem?
(I am running Mac OSX Lion. Additional note: For most pg libraries, the EnterpriseDB installer put both a static (.a) and a dynamic (.dylib) version in /Library/PostgreSQL/9.3/lib, but for libpq.5 installed only a dynamic version.)
Both the cause of the problem and an easy solution became apparent when I ran bin/pg_config at the command line.
pg_config generates the variables that are used to control compilation and linking. Of particular interest are LIBDIR and LDFLAGS. LIBDIR specifies the location for static libraries, while LDFLAGS provides locations to search for dynamic libraries. On my system, LIBDIR was set correctly to /LibraryPostgreSQL/9.3/lib, but LDFLAGS was set as follows:
LDFLAGS = -L../../../src/common -L/usr/local/lib -L/opt/local/20140109/lib -Wl,-dead-strip-dylibs
Since libpq.5.dylib was not present at any of these locations, the gem failed to find it, and instead found an older version that happened to be installed at /usr/lib.
One way to fix this would be to inject the correct file location into LDFLAGS, possibly by modifying the code in extconf.rb that generates the config file. However, a much easier fix in this case is just to add a symlink in /usr/local/lib to the correct file location:
/usr/local/lib> ln -s /Library/PostgreSQL/9.3/lib/libpq.5.dylib libpq.5.dylib
If you run into a similar issue, just examine the output of pg_config, and see if you can place a symlink to the correct file location in one of the directories that is already specified by LDFLAGS.

Solving the "No package 'json' found" error

I'm on Mac OS X Mountain Lion and a newbie to autotools and other GNU build tools. I'm trying to build a custom version of json-c to use with a a C project (axis2/c). After running the auto tools, and I run the configure command I get a failure with this output:
checking whether to use JSON... yes
checking for JSON... no
configure: error: Package requirements (json) were not met:
No package 'json' found
Consider adjusting the PKG_CONFIG_PATH environment variable if you
installed software in a non-standard prefix.
Alternatively, you may set the environment variables JSON_CFLAGS
and JSON_LIBS to avoid the need to call pkg-config.
See the pkg-config man page for more details.
If I install json-c from macports, configure runs properly. Unfortunately, the project needs a later version of json-c, than what is available in macports (even though this is successful in the configure stage, it later results in a compilation error).
When I install this manually from source, I see that the libs are there in /usr/local/lib and header files in /usr/local/include/json-c. After removing any json-c files that came from macports, I tried copying these repective to the locations in /opt/local/lib and /opt/local/include/json-c but it still resulted in the same package not found error.
What does macports do differently that the package is 'found' when you run configure? Can I replicate the same when I manually install json-c from source?
Thanks in advance.
Macports creates a .pc file with under /opt/local/pkgconfig/. In this case it was json.pc. I edited that to point to the locations in /usr/local and the configure found and used the package I manually built from source.

Resources