Page 1 of 1

compiling openssh-5.8p1 with default configure parameters

Posted: 2011/03/25 16:06:48
by seccentral
This is my first post here, so i'd like to say hello to everyone around.

Now to business.
I need to statically build openssh-5.8p1 and the compile fails.
some box information:
CentOS release 5.5 (Final)
arch i686

first thing's first.
[quote]yum groupinstall "Development Tools" "Development Libraries" [/quote]
i got the src.rpm openssh-4.3p2-41.el5.src.rpm from a centos mirror and tried a rpmbuild to get the exact ./configure command for my box
it is as follows: [quote]./configure --build=i686-redhat-linux-gnu --host=i686-redhat-linux-gnu --target=i386-redhat-linux-gnu --program-prefix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib --libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/usr/com --mandir=/usr/share/man --infodir=/usr/share/info --sysconfdir=/etc/ssh --libexecdir=/usr/libexec/openssh --datadir=/usr/share/openssh --with-tcp-wrappers --with-rsh=/usr/bin/rsh --with-default-path=/usr/local/bin:/bin:/usr/bin --with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin --with-privsep-path=/var/empty/sshd --enable-vendor-patchlevel=FC-4.3p2-41 --disable-strip --without-zlib-version-check --with-nss --with-pam --with-selinux --with-linux-audit --with-kerberos5[/quote]

then i unpack the 5.8p1 sources somewhere and i run that configure with added --with-ldflags=-static option
it fails, complaining that -lpam is not installed, giving the following error:
[quote]checking for pam_set_item in -lpam... no
configure: error: *** libpam missing[/quote]

a grep reveals:
[quote]cat config.log | grep -i lpam -A 4
configure:18860: checking for pam_set_item in -lpam
configure:18895: gcc -o conftest -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wno-pointer-sign -fno-strict-aliasing -fno-builtin-memset -fstack-protector-all -std=gnu99 -fstack-protector-all -static conftest.c -lpam -ldl -lcrypto -ldl -lutil -lz -lnsl -lcrypt >&5
/usr/bin/ld: cannot find -lpam
collect2: ld returned 1 exit status
configure:18901: $? = 1
configure: failed program was:
| /* confdefs.h. */[/quote]

a rpm list:
[quote]rpm -qa | grep -i pam
pam_passwdqc-1.0.2-1.2.2
pam_ccreds-3-5
pam-0.99.6.2-6.el5_5.2
pam_krb5-2.2.14-15
pam_pkcs11-0.5.3-23
pam-devel-0.99.6.2-6.el5_5.2
pam_smb-1.1.7-7.2.1[/quote]

searched google, some say it's a bug -somewhere- and i'm no developer, please assist.
Thank you.

Re: compiling openssh-5.8p1 with default configure parameters

Posted: 2011/03/25 21:35:15
by pschaff
Welcome to the CentOS fora. Reading [url=https://www.centos.org/modules/newbb/viewforum.php?forum=47]FAQ & Readme First[/url] is recommended for new users.

Backing up a step or two - before we go off on replacing critical core security components with [url=http://wiki.centos.org/PackageManagement/SourceInstalls]Source Installs[/url] - are you familiar [url=http://wiki.centos.org/FAQ/General?highlight=%28TUV%29#head-d29a2b7e61ffc544973098f9dd49fe4663efba50]TUV[/url]'s [url=http://www.redhat.com/security/updates/backporting/]policy[/url] of backporting security fixes? Why a static version?

If you must still have a later version read about [url=http://wiki.centos.org/HowTos/RebuildSRPM]how to rebuild SRPMs[/url] and find a Fedora or other SRPM as a starting place. That will take care of the missing build dependencies that are causing the errors; however, by the time you satisfy them you may find yourself recursively replacing core components and end up with a CentOS/Fedora Frankenstein's Monster.

If your target for the static binary is other than CentOS, you might better start with a recent Fedora version, or Scientific Linux 6.0 (as CentOS 6 is still a pipe dream).