All geek questions in one place

Create OpenSSL with RPATH?

I have Ubuntu 14.04. It comes with openssl 1.0.1f. I want to install another version of openssl (1.0.2), and I want to compile it myself.

I configure it as follows:

LDFLAGS='-Wl,--export-dynamic -L/home/myhome/programs/openssl/i/lib -L/home/myhome/programs/zlib/i/lib' CPPFLAGS='-I/home/myhome/programs/openssl/i/include -I/home/myhome/programs/zlib/i/include' ./config --prefix=/home/myhome/programs/openssl/i \ zlib-dynamic shared --with-zlib-lib=/home/myhome/programs/zlib/i/lib \ --with-zlib-include=/home/myhome/programs/zlib/i/include make make install

After installation, when I check the binary using ldd openssl , and the result:

 ... libssl.so.1.0.0 => /home/myhome/programs/openssl/i/lib/libssl.so.1.0.0 (0x00007f91138c0000) libcrypto.so.1.0.0 => /home/myhome/programs/openssl/i/lib/libcrypto.so.1.0.0 (0x00007f9113479000) ...

which looks ok. But when I check ldd libssl.so , the result is:

 ... libcrypto.so.1.0.0 => /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 (0x00007fac70930000) ...

It still uses the system version of libcrypto. I tried different build methods, but the result always remains the same.

My question is how to configure the assembly so that it can hard-code all the binary and library dependencies of shared libraries without using LD_LIBRARY_PATH , or something like that.

+2
source share
2 answers

My question is how to configure the assembly so that it can hard-code all the binary and library dependencies of shared libraries without using LD_LIBRARY_PATH , or something like that.

OpenSSL supports RPATH out of the box for BSD purposes (but not for others). From Configure:

 # Unlike other OSes (like Solaris, Linux, Tru64, IRIX) BSD run-time # linkers (tested OpenBSD, NetBSD and FreeBSD) "demand" RPATH set on # .so objects. Apparently application RPATH is not global and does # not apply to .so linked with other .so. Problem manifests itself # when libssl.so fails to load libcrypto.so. One can argue that we # should engrave this into Makefile.shared rules or into BSD-* config # lines above. Meanwhile let try to be cautious and pass -rpath to # linker only when --prefix is not /usr. if ($target =~ /^BSD\-/) { $shared_ldflag.=" -Wl,-rpath,\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|); }

The easiest way to do this for OpenSSL 1.0.2 is to add it as CFLAG :

 ./config -Wl,-rpath=/usr/local/ssl/lib

The next easiest way to do this for OpenSSL 1.0.2 is to add the Configure line and hard code RPATH . For example, I am working on Debian x86_64. So I opened the Configure file in the editor, copied linux-x86_64 , named it linux-x86_64-rpath and made the following change to add the -rpath option:

 "linux-x86_64-rpath", "gcc:-m64 -DL_ENDIAN -O3 -Wall -Wl,-rpath=/usr/local/ssl/lib:: -D_REENTRANT::-Wl,-rpath=/usr/local/ssl/lib -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL: ${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",

Above, fields 2 and 6 have been changed. They correspond to $cflag and $ldflag in the OpenSSL build system.

Then configure the new configuration:

 $ ./Configure linux-x86_64-rpath shared no-ssl2 no-ssl3 no-comp \ --openssldir=/usr/local/ssl enable-ec_nistp_64_gcc_128

Finally, after make check the settings:

 $ readelf -d ./libssl.so | grep -i rpath 0x000000000000000f (RPATH) Library rpath: [/usr/local/ssl/lib] $ readelf -d ./libcrypto.so | grep -i rpath 0x000000000000000f (RPATH) Library rpath: [/usr/local/ssl/lib] $ readelf -d ./apps/openssl | grep -i rpath 0x000000000000000f (RPATH) Library rpath: [/usr/local/ssl/lib]

After doing make install , then ldd will produce the expected results:

 $ ldd /usr/local/ssl/lib/libssl.so linux-vdso.so.1 => (0x00007ffceff6c000) libcrypto.so.1.0.0 => /usr/local/ssl/lib/libcrypto.so.1.0.0 (0x00007ff5eff96000) ... $ ldd /usr/local/ssl/bin/openssl linux-vdso.so.1 => (0x00007ffc30d3a000) libssl.so.1.0.0 => /usr/local/ssl/lib/libssl.so.1.0.0 (0x00007f9e8372e000) libcrypto.so.1.0.0 => /usr/local/ssl/lib/libcrypto.so.1.0.0 (0x00007f9e832c0000) ...

OpenSSL has compilation and installation on its wiki. This is now added to the wiki in Compilation and Installation | Using RPATHs

+1
source

This is the year 2019, and OpenSSL may have changed a bit, so I will describe how I solved this problem, with the odd probability that someone else might find this useful (and in case I ever need to find out again this argument command line).

I wanted to build OpenSSL in such a way that it would cross-compile (using Docker containers, because I deal with weirdly old Linux kernels, but modern compilers), but provided an installation that did not depend on absolute paths, as it would in The case using rpath, as I saw, is described in the answer here.

I found that I can run the OpenSSL Configure script in such a way as to achieve what I want (from the bash prompt):

 ./Configure linux-x86 zlib shared -Wl,-rpath=\\\$\$ORIGIN/../lib

This causes the generated Makefile to create executable files and shared objects so that the loader looks for dependencies first in "./../lib" (relative to the location of the executable or shared object), then in LD_LIBRARY_PATH, etc. This stupid character combination goes right through the bash command line, script, and Makefile combinations to create the -rpath argument as required by the linker ($ ORIGIN /../ lib).

(Obviously, choose other options that make sense to you ... the key here is in -Wl,-rpath=\\\$\$ORIGIN/../lib ).

So, if I called. / Configure with the prefix '--prefix = / opt / spiffness', and later decided to rename 'spiffness' to 'guttersnipe', everything will work correctly, since the paths are more likely relative than absolute,

I did not try to pass the argument to. / config to see if it works there, since my use case was a bit special, but I suspect it will. If I did not try to cross-compile with dockerized containers, I would prefer to use. / config for. / Configure, since it works decently enough to examine the current environment to see which binaries to create.

I hope this is helpful.

0
source

Source: https://habr.com/ru/post/909109/

More articles:


All Articles