Mailing List Archive

Apache static compile
Hi, I hope this is an OK question.
I have a need to build apache with all libraries statically linked and included in the httpd executable.
Is this possible?

Right now ldd is showing:
libpcre.so.3 => /lib/x86_64-linux-gnu/libpcre.so.3
libexpat.so.1 => /lib/x86_64-linux-gnu/libexpat.so.1
librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1
libcrypt.so.1 => /lib/x86_64-linux-gnu/libcrypt.so.1
libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6
/lib64/ld-linux-x86-64.so.2

But I would like those included in httpd itself.
Re: Apache static compile [ In reply to ]
On 28.03.23 00:14, Chris me wrote:
>
> Hi, I hope this is an OK question.
>
> I have a need to build apache with all libraries statically linked and
> included in the httpd executable.
>
> Is this possible?
>
In https://serverfault.com/a/715193 you will find the answer, to use
"configure --disable-shared", but this option is not available in newer
Apache servers.

Now you have multiple "static link" options. See

# httpd-2.4.56/configure --help
[...]
  --enable-mods-static=MODULE-LIST
                         Space-separated list of static modules to
enable |
                         "all" | "most" | "few" | "reallyall"
[...]
  --enable-so             DSO capability. This module will be
automatically
                         enabled unless you build all modules statically.
[...]
  --enable-ssl-staticlib-deps
                         link mod_ssl with dependencies of OpenSSL's
static
                         libraries (as indicated by "pkg-config
--static").
                         Must be specified in addition to --enable-ssl.
[...]
  --enable-static-support Build a statically linked version of the support
                         binaries
[...]
  --enable-jansson-staticlib-deps
                         link mod_md with dependencies of libjansson's
static
                         libraries (as indicated by "pkg-config
--static").
                         Must be specified in addition to --enable-md.
[...]

I tried this on openSUSE Tumbleweed, but for the most libraries the
configure scripts does not find static libraries. So the resulting
"httpd" has a lot of dynamic dependent libraries.

./configure   --enable-mods-static=all --disable-so
--enable-ssl-staticlib-deps

ldd targetdir/bin/httpd
linux-vdso.so.1 (0x00007ffd6d7c9000)
       libssl.so.3 => /usr/lib64/libssl.so.3 (0x00007fc06e81c000)
       libcrypto.so.3 => /usr/lib64/libcrypto.so.3 (0x00007fc06e200000)
       libjansson.so.4 => /usr/lib64/libjansson.so.4 (0x00007fc06e80b000)
       libcurl.so.4 => /usr/lib64/libcurl.so.4 (0x00007fc06e75e000)
       [...]

Björn


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: Apache static compile [ In reply to ]
Thanks, unfortuanetely those options made no difference at all, the same things are still dynamically linked.
At the very least I figured I can make due with only have the SSL library statically linked but I have tried -with-ssl=path (as per my other email).



-----Original Message-----
From: Bjoern Voigt <bjoernv@arcor.de.INVALID>
Sent: Wednesday, March 29, 2023 6:37 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Apache static compile

On 28.03.23 00:14, Chris me wrote:
>
> Hi, I hope this is an OK question.
>
> I have a need to build apache with all libraries statically linked and
> included in the httpd executable.
>
> Is this possible?
>
In https://serverfault.com/a/715193 you will find the answer, to use "configure --disable-shared", but this option is not available in newer Apache servers.

Now you have multiple "static link" options. See

# httpd-2.4.56/configure --help
[...]
  --enable-mods-static=MODULE-LIST
                         Space-separated list of static modules to enable |
                         "all" | "most" | "few" | "reallyall"
[...]
  --enable-so             DSO capability. This module will be automatically
                         enabled unless you build all modules statically.
[...]
  --enable-ssl-staticlib-deps
                         link mod_ssl with dependencies of OpenSSL's static
                         libraries (as indicated by "pkg-config --static").
                         Must be specified in addition to --enable-ssl.
[...]
  --enable-static-support Build a statically linked version of the support
                         binaries
[...]
  --enable-jansson-staticlib-deps
                         link mod_md with dependencies of libjansson's static
                         libraries (as indicated by "pkg-config --static").
                         Must be specified in addition to --enable-md.
[...]

I tried this on openSUSE Tumbleweed, but for the most libraries the configure scripts does not find static libraries. So the resulting "httpd" has a lot of dynamic dependent libraries.

./configure   --enable-mods-static=all --disable-so --enable-ssl-staticlib-deps

ldd targetdir/bin/httpd
linux-vdso.so.1 (0x00007ffd6d7c9000)
       libssl.so.3 => /usr/lib64/libssl.so.3 (0x00007fc06e81c000)
       libcrypto.so.3 => /usr/lib64/libcrypto.so.3 (0x00007fc06e200000)
       libjansson.so.4 => /usr/lib64/libjansson.so.4 (0x00007fc06e80b000)
       libcurl.so.4 => /usr/lib64/libcurl.so.4 (0x00007fc06e75e000)
       [...]

Björn


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Apache static compile [ In reply to ]
On 29.03.23 18:49, Chris me wrote:

> Thanks, unfortuanetely those options made no difference at all, the same things are still dynamically linked.
> At the very least I figured I can make due with only have the SSL library statically linked but I have tried -with-ssl=path (as per my other email).

I think, the first problem is to find a Linux distribution which still
contains static versions of all needed libraries. For instance my
distribution, openSUSE Tumbleweed, does only contain very few static
libraries. All other libraries are dynamic. This is documented in the
"openSUSE:Shared library packaging policy":

"Avoid packaging static libraries. You should use --disable-static
configure option or, as a last resort, remove static libraries after
make install. If in doubt, ask."

Source: https://en.opensuse.org/openSUSE:Shared_library_packaging_policy

With such distributions it is impossible to build a fully static Apache
server.

Björn


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: Apache static compile [ In reply to ]
Right. Is there an option to compile Apache using a non-standard location for dynamic libs? IE instead of /usr/lib it could use /usr/lib/custom

I was not able to find anything other than using an ELF patcher to try and change the paths directly in the httpd binary file, but not sure how that would turn out.


-----Original Message-----
From: Bjoern Voigt <bjoernv@arcor.de.INVALID>
Sent: Saturday, April 1, 2023 3:06 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Apache static compile

On 29.03.23 18:49, Chris me wrote:

> Thanks, unfortuanetely those options made no difference at all, the same things are still dynamically linked.
> At the very least I figured I can make due with only have the SSL library statically linked but I have tried -with-ssl=path (as per my other email).

I think, the first problem is to find a Linux distribution which still contains static versions of all needed libraries. For instance my distribution, openSUSE Tumbleweed, does only contain very few static libraries. All other libraries are dynamic. This is documented in the "openSUSE:Shared library packaging policy":

"Avoid packaging static libraries. You should use --disable-static
configure option or, as a last resort, remove static libraries after
make install. If in doubt, ask."

Source: https://en.opensuse.org/openSUSE:Shared_library_packaging_policy

With such distributions it is impossible to build a fully static Apache server.

Björn


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Apache static compile [ In reply to ]
On Sat, Apr 8, 2023 at 11:22?PM Chris me <phunction@hotmail.com> wrote:
>
> Right. Is there an option to compile Apache using a non-standard location for dynamic libs? IE instead of /usr/lib it could use /usr/lib/custom
>
> I was not able to find anything other than using an ELF patcher to try and change the paths directly in the httpd binary file, but not sure how that would turn out.

Those are usually configured during link time, i.e. via LDFLAGS. It's
not entirely clear what you want, and the are at least a dozen rules
how the various options interact, so I'd recommend you check the man
page for your system's runtime linker (probably man ld). Normally,
you'l just pass -Wl,-rpath,/your/lib/search/path, but maybe you want
to mess with DT_RUNPATH, DT_RPATH or SEARCH_DIR.

Rainer

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: Apache static compile [ In reply to ]
Basically I am trying to run a later version of apache that supports the newer TLS alongside a much older version. I know it is better to upgrade the server, etc. but that is not an option for the legacy server.

I basically need a completely stand alone version of httpd so I don’t have to worry about upgrading the server libs and current openssl version.




-----Original Message-----
From: Rainer Canavan <rainer.canavan@avenga.com.INVALID>
Sent: Tuesday, April 11, 2023 3:41 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Apache static compile

On Sat, Apr 8, 2023 at 11:22?PM Chris me <phunction@hotmail.com> wrote:
>
> Right. Is there an option to compile Apache using a non-standard
> location for dynamic libs? IE instead of /usr/lib it could use
> /usr/lib/custom
>
> I was not able to find anything other than using an ELF patcher to try and change the paths directly in the httpd binary file, but not sure how that would turn out.

Those are usually configured during link time, i.e. via LDFLAGS. It's not entirely clear what you want, and the are at least a dozen rules how the various options interact, so I'd recommend you check the man page for your system's runtime linker (probably man ld). Normally, you'l just pass -Wl,-rpath,/your/lib/search/path, but maybe you want to mess with DT_RUNPATH, DT_RPATH or SEARCH_DIR.

Rainer

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Apache static compile [ In reply to ]
On Wed, Apr 12, 2023 at 1:49?AM Chris me <phunction@hotmail.com> wrote:
>
> Basically I am trying to run a later version of apache that supports the newer TLS alongside a much older version. I know it is better to upgrade the server, etc. but that is not an option for the legacy server.
>
> I basically need a completely stand alone version of httpd so I don’t have to worry about upgrading the server libs and current openssl version.

set an installation path with
--prefix=/usr/local/completelyseparatehttpd and
LDFLAGS=-Wl,-rpath,/usr/local/completelyseparatetlslibrary when you
configure your httpd and you should be done.

rainer

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: Apache static compile [ In reply to ]
I have tried that, but I still get this when making:

ab.c:(.text+0x66b5): undefined reference to `TLSv1_1_client_method'
ab.c:(.text+0x66dd): undefined reference to `TLSv1_2_client_method'

which tells me it is still using the old system openssl libraries and not the location of the new one.

I have tried all of these:
--with-ssl=../openssl-1.1.1t \
--enable-ssl \
--enable-speling=shared \
--enable-rewrite=shared \
--enable-ssl-staticlib-deps \
--enable-mods-static=ssl \
--enable-compat

But when trying to make it is appears to still use the old ssl library on the system.

-----Original Message-----
From: Rainer Canavan <rainer.canavan@avenga.com.INVALID>
Sent: Wednesday, April 12, 2023 12:01 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Apache static compile

On Wed, Apr 12, 2023 at 1:49?AM Chris me <phunction@hotmail.com> wrote:
>
> Basically I am trying to run a later version of apache that supports the newer TLS alongside a much older version. I know it is better to upgrade the server, etc. but that is not an option for the legacy server.
>
> I basically need a completely stand alone version of httpd so I don’t have to worry about upgrading the server libs and current openssl version.

set an installation path with
--prefix=/usr/local/completelyseparatehttpd and LDFLAGS=-Wl,-rpath,/usr/local/completelyseparatetlslibrary when you configure your httpd and you should be done.

rainer

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org