dropbrear not compiling statically
Matt Johnston
matt at ucc.asn.au
Mon Oct 17 18:27:38 WST 2011
Hi,
The LIBS="-lcrypt" workaround is known bug, it will be fixed in
the next release.
The other problems with compiling statically are more
general. It isn't really possible to compile a program
totally statically against glibc since it will still depend
on dynamic libnss*.so depending on the contents of
/etc/nsswitch.conf. That's what the warning about
"initgroups" etc means.
My advice would be to build statically against uClibc which
is well tested with Dropbear. The LIBS="-lcrypt" will still
be needed for the time being.
Cheers,
Matt
On Sun, Oct 16, 2011 at 01:50:59PM +0000, Tilman Glotzner wrote:
>
> Hello
>
>
> I am trying to compile dropbrear statically:
>
> 1) configure
> LDFLAGS="-L/opt/nfs/vmic7750/usr/lib/ -L/opt/nfs/vmic7750/lib/" ./configure --prefix=/opt/nfs/vmic7750/usr --with-zlib=/opt/nfs/vmic7750/usr/lib/
>
> 2) STATIC=1 LDFLAGS="-L/opt/nfs/vmic7750/usr/lib/ -L/opt/nfs/vmic7750/lib/" make PROGRAMS="dropbear dropbearkey scp"
> This results in an error:
>
> gcc -L/opt/nfs/vmic7750/usr/lib/ -L/opt/nfs/vmic7750/usr/lib/ -L/opt/nfs/vmic7750/lib/ -static -o dropbear dbutil.o buffer.o dss.o bignum.o signkey.o rsa.o random.o queue.o atomicio.o compat.o fake-rfc2553.o common-session.o packet.o common-algo.o common-kex.o common-channel.o common-chansession.o termcodes.o loginrec.o tcp-accept.o listener.o process-packet.o common-runopts.o circbuffer.o -lcrypt svr-kex.o svr-algo.o svr-auth.o sshpty.o svr-authpasswd.o svr-authpubkey.o svr-authpubkeyoptions.o svr-session.o svr-service.o svr-chansession.o svr-runopts.o svr-agentfwd.o svr-main.o svr-x11fwd.o svr-tcpfwd.o svr-authpam.o libtomcrypt/libtomcrypt.a libtommath/libtommath.a -lutil -lz
> svr-chansession.o: In function `execchild':
> svr-chansession.c:(.text+0x4b8): warning: Using 'initgroups' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
> sshpty.o: In function `pty_setowner':
> sshpty.c:(.text+0x18): warning: Using 'getgrnam' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
> common-session.o: In function `fill_passwd':
> common-session.c:(.text+0x9f): warning: Using 'getpwnam' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
> dbutil.o: In function `connect_remote':
> dbutil.c:(.text+0x96f): warning: Using 'getaddrinfo' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
> svr-authpasswd.o: In function `svr_auth_password':
> svr-authpasswd.c:(.text+0x16): warning: Using 'getspnam' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
> svr-authpasswd.c:(.text+0x70): undefined reference to `crypt'
> collect2: ld returned 1 exit status
> make: *** [dropbear] Error 1
>
>
> 3) Next attempt: add LIBS="-lcrypt"
> STATIC=1 LDFLAGS="-L/opt/nfs/vmic7750/usr/lib/ -L/opt/nfs/vmic7750/lib/" LIBS="-lcrypt" make PROGRAMS="dropbear dropbearkey scp"
>
> This links with a couple of warnings: Most noticable one:
>
> gcc -L/opt/nfs/vmic7750/usr/lib/ -L/opt/nfs/vmic7750/usr/lib/ -L/opt/nfs/vmic7750/lib/ -static -o scp scp.o progressmeter.o atomicio.o scpmisc.o compat.o
> scp.o: In function `main':
> scp.c:(.text+0x2092): warning: Using 'getpwuid' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
>
> 4) dropbearkey is not portable
> dropbearkey -t rsa -f /opt/nfs/vmic7750/etc/dropbear/dropbear_rsa_host_key works on the machine on which I compiled it.
>
> On another machine, it however does not start. Error message is this:
> dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key
> dropbearkey: /lib/libc.so.6: version `GLIBC_2.7' not found (required by dropbear)
>
> I guess this is related to different libc's, i.e. the machine that compiled dropbear probably uses an newer version than the one executing it. Unfortunatelly, I do not get libc compiled. And I also wonder a bit, because I hoped to avoid mismatches like this by statically linking.
>
> 5) I created dropbear_[rsa|dss]_host_key on the build machine, and copied to the machine on which I want to run dropbear. /usr/sbin/dropbear starts up fine. A root login is refused however:
>
> ssh root at 192.168.1.40
> ....
> The authenticity of host '192.168.1.40 (192.168.1.40)' can't be established.
> ....
> Warning: Permanently added '192.168.1.40' (RSA) to the list of known hosts.
> root at 192.168.1.40's password:
> Permission denied, please try again.
> ...
>
> Apparantly, dropbear does not know user root -- I wonder why however (root is defined in /etc/passwd) :
>
> Oct 16 17:01:30 192.168.1.40 dropbear[867]: Child connection from 192.168.1.59:44549
> Oct 16 17:01:31 192.168.1.40 dropbear[867]: Login attempt for nonexistent user from 192.168.1.59:44549
> Oct 16 17:01:32 192.168.1.40 dropbear[867]: Login attempt for nonexistent user from 192.168.1.59:44549
> Oct 16 17:01:33 192.168.1.40 dropbear[867]: Login attempt for nonexistent user from 192.168.1.59:44549
> Oct 16 17:01:34 192.168.1.40 dropbear[867]: Login attempt for nonexistent user from 192.168.1.59:44549
> Oct 16 17:01:35 192.168.1.40 dropbear[867]: Exit before auth: Error writing
>
> Help is certainly apprecitated .-)
>
> Thanks
>
> Tilman
>
> Thanks
>
> Tilman
>
>
>
>
>
More information about the Dropbear
mailing list