Mailing List Archive

[Bug 601] configure script doesen't setup preprocessor flags properly
http://bugzilla.mindrot.org/show_bug.cgi?id=601

Summary: configure script doesen't setup preprocessor flags
properly
Product: Portable OpenSSH
Version: 3.6.1p2
Platform: Sparc
OS/Version: Solaris
Status: NEW
Severity: major
Priority: P2
Component: Build system
AssignedTo: openssh-bugs@mindrot.org
ReportedBy: tedm@toybox.placo.com


The target system is a Sun Sparc 5, running Solaris 2.5.1 with all the
OS patches. OpenSSL version 0.9.7b is installed and passed all tests.
Perl version 5.8.0 is installed.

Note that Solaris 2.5.1 does not come with openSSL installed, so the
openssl include files are NOT present in /usr/include. They are
only available in /usr/local/ssl/include and for whatever reason
openssl puts them in a subdir of that, /usr/local/ssl/include/openssl

The initial run of configure aborted when it couldn't find openSSL installed.
A subsequent run of configure was made with the following invocation:

CFLAGS="-I/usr/local/ssl/include/openssl" LDFLAGS="-
L /usr/local/lib:/usr/local/ssl/lib" ./configure --with-skey --with-ssl-
dir=/usr/local/ssl

configure did properly detect openssl and completed it's run, however it
produced the following output, note the correct compiler flag and the
differing and incorrect C preprocessor flag:

.
.
.
config.status: creating config.h

OpenSSH has been configured with the following options:
User binaries: /usr/local/bin
System binaries: /usr/local/sbin
Configuration files: /usr/local/etc
Askpass program: /usr/local/libexec/ssh-askpass
Manual pages: /usr/local/man/manX
PID file: /usr/local/etc
Privilege separation chroot path: /var/empty
sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
Manpage format: man
PAM support: no
KerberosIV support: no
KerberosV support: no
Smartcard support: no
AFS support: no
S/KEY support: yes
TCP Wrappers support: no
MD5 password support: no
IP address in $DISPLAY hack: no
Use IPv4 by default hack: no
Translate v4 in v6 hack: no
BSD Auth support: no
Random number source: OpenSSL internal ONLY

Host: sparc-sun-solaris2.5.1
Compiler: gcc
Compiler flags: -I/usr/local/ssl/include/openssl -Wall -Wpointer-arith -Wno-
uninitialized
Preprocessor flags: -I/usr/local/ssl/include -I/usr/local/include
Linker flags: -L/usr/local/ssl/lib -R/usr/local/ssl/lib -
L /usr/local/lib:/usr/local/ssl/lib -L/usr/local/lib -R/usr/local/lib
Libraries: -lgen -lposix4 -lskey -lz -lsocket -lnsl -lcrypto


also on Solaris pid files normally go in /var/run

Also note on Solaris 2.5.1 that the out of the box openssl config builds with
static, not shared, libraries. Thus the -R flag is unneeded because openSSH
has to statically link in libcrypto.a


Here is the configure run:

# CFLAGS="-I/usr/local/ssl/include/openssl" LDFLAGS="-
L /usr/local/lib:/usr/local/ssl/lib" ./configure --with-skey --with-ssl-
dir=/usr/local/ssl
checking for gcc... gcc
checking for C compiler default output... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ANSI C... none needed
checking build system type... sparc-sun-solaris2.5.1
checking host system type... sparc-sun-solaris2.5.1
checking whether byte ordering is bigendian... yes
checking how to run the C preprocessor... gcc -E
checking for ranlib... ranlib
checking for a BSD-compatible install... ./install-sh -c
checking for ar... /usr/ccs/bin/ar
checking for perl5... no
checking for perl... /usr/bin/perl
checking for sed... /usr/bin/sed
checking for ent... no
checking for bash... no
checking for ksh... /usr/bin/ksh
checking for sh... (cached) /usr/bin/ksh
checking for sh... /usr/bin/sh
checking for special C compiler options needed for large files... no
checking for _FILE_OFFSET_BITS value needed for large files... no
checking for _LARGE_FILES value needed for large files... no
checking for login... /usr/bin/login
checking for inline... inline
checking for obsolete utmp and wtmp in solaris2.x... no
checking for egrep... egrep
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... no
checking for stdint.h... no
checking for unistd.h... yes
checking bstring.h usability... no
checking bstring.h presence... no
checking for bstring.h... no
checking crypt.h usability... yes
checking crypt.h presence... yes
checking for crypt.h... yes
checking endian.h usability... no
checking endian.h presence... no
checking for endian.h... no
checking floatingpoint.h usability... yes
checking floatingpoint.h presence... yes
checking for floatingpoint.h... yes
checking getopt.h usability... no
checking getopt.h presence... no
checking for getopt.h... no
checking glob.h usability... yes
checking glob.h presence... yes
checking for glob.h... yes
checking ia.h usability... no
checking ia.h presence... no
checking for ia.h... no
checking lastlog.h usability... yes
checking lastlog.h presence... yes
checking for lastlog.h... yes
checking libgen.h usability... yes
checking libgen.h presence... yes
checking for libgen.h... yes
checking limits.h usability... yes
checking limits.h presence... yes
checking for limits.h... yes
checking login.h usability... no
checking login.h presence... no
checking for login.h... no
checking login_cap.h usability... no
checking login_cap.h presence... no
checking for login_cap.h... no
checking maillock.h usability... yes
checking maillock.h presence... yes
checking for maillock.h... yes
checking netdb.h usability... yes
checking netdb.h presence... yes
checking for netdb.h... yes
checking netgroup.h usability... no
checking netgroup.h presence... no
checking for netgroup.h... no
checking netinet/in_systm.h usability... yes
checking netinet/in_systm.h presence... yes
checking for netinet/in_systm.h... yes
checking paths.h usability... no
checking paths.h presence... no
checking for paths.h... no
checking pty.h usability... no
checking pty.h presence... no
checking for pty.h... no
checking readpassphrase.h usability... no
checking readpassphrase.h presence... no
checking for readpassphrase.h... no
checking rpc/types.h usability... yes
checking rpc/types.h presence... yes
checking for rpc/types.h... yes
checking security/pam_appl.h usability... no
checking security/pam_appl.h presence... no
checking for security/pam_appl.h... no
checking shadow.h usability... yes
checking shadow.h presence... yes
checking for shadow.h... yes
checking stddef.h usability... yes
checking stddef.h presence... yes
checking for stddef.h... yes
checking for stdint.h... (cached) no
checking for strings.h... (cached) yes
checking sys/bitypes.h usability... no
checking sys/bitypes.h presence... no
checking for sys/bitypes.h... no
checking sys/bsdtty.h usability... no
checking sys/bsdtty.h presence... no
checking for sys/bsdtty.h... no
checking sys/cdefs.h usability... no
checking sys/cdefs.h presence... no
checking for sys/cdefs.h... no
checking sys/mman.h usability... yes
checking sys/mman.h presence... yes
checking for sys/mman.h... yes
checking sys/pstat.h usability... no
checking sys/pstat.h presence... no
checking for sys/pstat.h... no
checking sys/select.h usability... yes
checking sys/select.h presence... yes
checking for sys/select.h... yes
checking for sys/stat.h... (cached) yes
checking sys/stropts.h usability... yes
checking sys/stropts.h presence... yes
checking for sys/stropts.h... yes
checking sys/sysmacros.h usability... yes
checking sys/sysmacros.h presence... yes
checking for sys/sysmacros.h... yes
checking sys/time.h usability... yes
checking sys/time.h presence... yes
checking for sys/time.h... yes
checking sys/timers.h usability... no
checking sys/timers.h presence... no
checking for sys/timers.h... no
checking sys/un.h usability... yes
checking sys/un.h presence... yes
checking for sys/un.h... yes
checking time.h usability... yes
checking time.h presence... yes
checking for time.h... yes
checking tmpdir.h usability... no
checking tmpdir.h presence... no
checking for tmpdir.h... no
checking ttyent.h usability... no
checking ttyent.h presence... no
checking for ttyent.h... no
checking usersec.h usability... no
checking usersec.h presence... no
checking for usersec.h... no
checking util.h usability... no
checking util.h presence... no
checking for util.h... no
checking utime.h usability... yes
checking utime.h presence... yes
checking for utime.h... yes
checking utmp.h usability... yes
checking utmp.h presence... yes
checking for utmp.h... yes
checking utmpx.h usability... yes
checking utmpx.h presence... yes
checking for utmpx.h... yes
checking for yp_match... no
checking for yp_match in -lnsl... yes
checking for setsockopt... no
checking for setsockopt in -lsocket... yes
checking for getspnam... yes
checking for deflate in -lz... yes
checking for strcasecmp... yes
checking for utimes... yes
checking libutil.h usability... no
checking libutil.h presence... no
checking for libutil.h... no
checking for library containing login... no
checking for logout... no
checking for updwtmp... yes
checking for logwtmp... no
checking for strftime... yes
checking for GLOB_ALTDIRFUNC support... no
checking for gl_matchc field in glob_t... no
checking whether struct dirent allocates space for d_name... no
checking for s/key support... yes
checking for arc4random... no
checking for __b64_ntop... no
checking for b64_ntop... no
checking for __b64_pton... no
checking for b64_pton... no
checking for basename... no
checking for bcopy... yes
checking for bindresvport_sa... no
checking for clock... yes
checking for fchmod... yes
checking for fchown... yes
checking for freeaddrinfo... no
checking for futimes... no
checking for gai_strerror... no
checking for getaddrinfo... no
checking for getcwd... yes
checking for getgrouplist... no
checking for getnameinfo... no
checking for getopt... yes
checking for getpeereid... no
checking for _getpty... no
checking for getrlimit... yes
checking for getrusage... yes
checking for getttyent... no
checking for glob... yes
checking for inet_aton... no
checking for inet_ntoa... yes
checking for inet_ntop... no
checking for innetgr... yes
checking for login_getcapbool... no
checking for md5_crypt... no
checking for memmove... yes
checking for mkdtemp... no
checking for mmap... yes
checking for ngetaddrinfo... no
checking for nsleep... no
checking for ogetaddrinfo... no
checking for openpty... no
checking for pstat... no
checking for readpassphrase... no
checking for realpath... yes
checking for recvmsg... yes
checking for rresvport_af... no
checking for sendmsg... yes
checking for setdtablesize... no
checking for setegid... yes
checking for setenv... no
checking for seteuid... yes
checking for setgroups... yes
checking for setlogin... no
checking for setpcred... no
checking for setproctitle... no
checking for setresgid... no
checking for setreuid... yes
checking for setrlimit... yes
checking for setsid... yes
checking for setvbuf... yes
checking for sigaction... yes
checking for sigvec... no
checking for snprintf... no
checking for socketpair... yes
checking for strerror... yes
checking for strlcat... no
checking for strlcpy... yes
checking for strmode... no
checking for strnvis... no
checking for sysconf... yes
checking for tcgetpgrp... yes
checking for truncate... yes
checking for utimes... (cached) yes
checking for vhangup... yes
checking for vsnprintf... no
checking for waitpid... yes
checking for library containing nanosleep... -lposix4
checking for library containing basename... -lgen
checking whether strsep is declared... no
checking for dirname... yes
checking for libgen.h... (cached) yes
checking for gettimeofday... yes
checking for time... yes
checking for endutent... yes
checking for getutent... yes
checking for getutid... yes
checking for getutline... yes
checking for pututline... yes
checking for setutent... yes
checking for utmpname... yes
checking for endutxent... yes
checking for getutxent... yes
checking for getutxid... yes
checking for getutxline... yes
checking for pututxline... yes
checking for setutxent... yes
checking for utmpxname... yes
checking for daemon... no
checking for daemon in -lbsd... no
checking for getpagesize... yes
checking whether getpgrp requires zero arguments... yes
checking OpenSSL header version... 90702f (OpenSSL 0.9.7b 10 Apr 2003)
checking OpenSSL library version... 90702f (OpenSSL 0.9.7b 10 Apr 2003)
checking whether OpenSSL's headers match the library... yes
checking whether OpenSSL's PRNG is internally seeded... yes
checking for ls... /usr/bin/ls
checking for netstat... /usr/bin/netstat
checking for arp... /usr/sbin/arp
checking for ifconfig... /sbin/ifconfig
checking for jstat... no
checking for ps... /usr/bin/ps
checking for sar... /usr/bin/sar
checking for w... /usr/bin/w
checking for who... /usr/bin/who
checking for last... /usr/bin/last
checking for lastlog... no
checking for df... /usr/bin/df
checking for vmstat... /usr/bin/vmstat
checking for uptime... /usr/bin/uptime
checking for ipcs... /usr/bin/ipcs
checking for tail... /usr/bin/tail
checking for char... yes
checking size of char... 1
checking for short int... yes
checking size of short int... 2
checking for int... yes
checking size of int... 4
checking for long int... yes
checking size of long int... 4
checking for long long int... yes
checking size of long long int... 8
checking for u_int type... yes
checking for intXX_t types... no
checking for int64_t type... no
checking for u_intXX_t types... no
checking for u_intXX_t types in sys/socket.h... no
checking for u_int64_t types... no
checking for u_int64_t type in sys/bitypes.h... no
checking for uintXX_t types... no
checking for uintXX_t types in stdint.h... no
checking for u_char... yes
checking for socklen_t... no
checking for socklen_t equivalent... int
checking for sig_atomic_t... yes
checking for size_t... yes
checking for ssize_t... yes
checking for clock_t... yes
checking for sa_family_t... no
checking for pid_t... yes
checking for mode_t... yes
checking for struct sockaddr_storage... no
checking for struct sockaddr_in6... no
checking for struct in6_addr... no
checking for struct addrinfo... no
checking for struct timeval... yes
checking for struct timespec... yes
checking for ut_host field in utmp.h... no
checking for ut_host field in utmpx.h... yes
checking for syslen field in utmpx.h... yes
checking for ut_pid field in utmp.h... yes
checking for ut_type field in utmp.h... yes
checking for ut_type field in utmpx.h... yes
checking for ut_tv field in utmp.h... no
checking for ut_id field in utmp.h... yes
checking for ut_id field in utmpx.h... yes
checking for ut_addr field in utmp.h... no
checking for ut_addr field in utmpx.h... no
checking for ut_addr_v6 field in utmp.h... no
checking for ut_addr_v6 field in utmpx.h... no
checking for ut_exit field in utmp.h... yes
checking for ut_time field in utmp.h... yes
checking for ut_time field in utmpx.h... yes
checking for ut_tv field in utmpx.h... yes
checking for struct stat.st_blksize... yes
checking for ss_family field in struct sockaddr_storage... no
checking for __ss_family field in struct sockaddr_storage... no
checking for pw_class field in struct passwd... no
checking for pw_expire field in struct passwd... no
checking for pw_change field in struct passwd... no
checking for msg_accrights field in struct msghdr... yes
checking for msg_control field in struct msghdr... no
checking if libc defines __progname... no
checking whether gcc implements __FUNCTION__... yes
checking whether gcc implements __func__... yes
checking whether getopt has optreset support... no
checking if libc defines sys_errlist... yes
checking if libc defines sys_nerr... yes
checking for xauth... /usr/openwin/bin/xauth
checking for "/dev/ptmx"... yes
checking for "/dev/ptc"... no
checking for nroff... /usr/bin/nroff
checking if the systems has expire shadow information... yes
Adding /usr/local/bin to USER_PATH so scp will work
checking if we need to convert IPv4 in IPv6-mapped addresses... no (default)
checking if your system defines LASTLOG_FILE... no
checking if your system defines _PATH_LASTLOG... no
checking if your system defines UTMP_FILE... yes
checking if your system defines WTMP_FILE... yes
checking if your system defines UTMPX_FILE... yes
checking if your system defines WTMPX_FILE... yes
configure: creating ./config.status
config.status: creating Makefile
config.status: creating openbsd-compat/Makefile
config.status: creating scard/Makefile
config.status: creating ssh_prng_cmds
config.status: creating config.h



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 601] configure script doesen't setup preprocessor flags properly [ In reply to ]
http://bugzilla.mindrot.org/show_bug.cgi?id=601





------- Additional Comments From dtucker@zip.com.au 2003-06-24 16:49 -------
Any reason you didn't use --with-ssl-dir? Anyway, configure should
automatically search /usr/local/ssl by default. It should default to
piddir=/var/run too. (It does on my Solaris 8 host.)

Can you please re-run configure without any options and attach (use "Create New
Attachment", don't paste as text) the output and resulting config.log?



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 601] configure script doesen't setup preprocessor flags properly [ In reply to ]
http://bugzilla.mindrot.org/show_bug.cgi?id=601





------- Additional Comments From tedm@toybox.placo.com 2003-06-24 17:25 -------
Please reread the bug. You will note that I DID use --with-ssl-dir And
yes I know piddir should default to /var/run, it does not. And yes, I
had no problem on my Solaris 2.8 system either. The system I'm installing
this on is not Solaris 2.8 it is Solaris 2.5.1



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 601] configure script doesen't setup preprocessor flags properly [ In reply to ]
http://bugzilla.mindrot.org/show_bug.cgi?id=601





------- Additional Comments From tedm@toybox.placo.com 2003-06-24 17:45 -------
Created an attachment (id=332)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=332&action=view)
Printout of configure run with no options




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 601] configure script doesen't setup preprocessor flags properly [ In reply to ]
http://bugzilla.mindrot.org/show_bug.cgi?id=601





------- Additional Comments From tedm@toybox.placo.com 2003-06-24 17:48 -------
Created an attachment (id=333)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=333&action=view)
Configure log from vanilla config run




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 601] configure script doesen't setup preprocessor flags properly [ In reply to ]
http://bugzilla.mindrot.org/show_bug.cgi?id=601





------- Additional Comments From tedm@toybox.placo.com 2003-06-24 18:06 -------

OK I have some more info on this bug. What it appears to be is that
setting LD_LIBRARY_PATH makes configure blow up.

You will note on the vanilla config runs that I have uploaded that they
terminate properly with the exception of the preprocessor thing. The
difference is that these were run in an environment that LD_LIBRARY_PATH
was not set. When I set LD_LIBRARY_PATH to

/usr/lib:/usr/openwin/lib:/usr/dt/lib:/usr/local/lib:/usr/local/ssl/lib

then run configure, it blows up. I'm attaching another config run
and config log that shows the failed config



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 601] configure script doesen't setup preprocessor flags properly [ In reply to ]
http://bugzilla.mindrot.org/show_bug.cgi?id=601





------- Additional Comments From tedm@toybox.placo.com 2003-06-24 18:10 -------
Created an attachment (id=334)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=334&action=view)
printout of blown up vanilla config run with LD_LIBRARY_PATH set




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 601] configure script doesen't setup preprocessor flags properly [ In reply to ]
http://bugzilla.mindrot.org/show_bug.cgi?id=601





------- Additional Comments From tedm@toybox.placo.com 2003-06-24 18:12 -------
Created an attachment (id=335)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=335&action=view)
configure log from blown up vanilla config run with LD_LIBRARY_PATH set




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 601] configure script doesen't setup preprocessor flags properly [ In reply to ]
http://bugzilla.mindrot.org/show_bug.cgi?id=601





------- Additional Comments From tedm@toybox.placo.com 2003-06-24 18:45 -------

One more comment on the PID file path,

the directory /var/run didn't exist on the server, it's not created
on a vanilla Solaris 2.5.1 install. Creating the directory then
running configure makes configure use /var/run for the pidfile
path instead of /usr/local/etc.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 601] configure script doesen't setup preprocessor flags properly [ In reply to ]
http://bugzilla.mindrot.org/show_bug.cgi?id=601





------- Additional Comments From dtucker@zip.com.au 2003-06-24 18:49 -------
Whoops, missed the with-ssl-dir. The config test for piddir is:
# Where to place sshd.pid
piddir=/var/run
# make sure the directory exists
if test ! -d $piddir ; then
piddir=`eval echo ${sysconfdir}`

Does /var/run exist, and is it a directory? What does "test -d /var/run; echo
$?" give?

Also, in the first configure results, the compiler flags look wrong and the
preprocessor flags look right:
Compiler flags: -I/usr/local/ssl/include/openssl [snip]
Preprocessor flags: -I/usr/local/ssl/include [snip]
The includes look like "#include <openssl/whatever.h>", therefore
"-I/usr/local/ssl/include" is correct.

Does the header file /usr/local/ssl/include/openssl/opensslv.h exist? OpenSSL
is built as a static library, right?



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 601] configure script doesen't setup preprocessor flags properly [ In reply to ]
http://bugzilla.mindrot.org/show_bug.cgi?id=601





------- Additional Comments From tedm@toybox.placo.com 2003-06-24 21:14 -------

after removing LD_LIBRARY_PATH variable and rerunning configure, the
Compiler flag -I/usr/local/ssl/include/openssl that you didn't like
went away. After compiling the server and testing it, it worked fine.
(with the exception of the copious warnings documented in the #602 bug)

creating the /var/run directory fixed the pidfile directory specifier.

yes openssl was built as a static library.

The oddities are the result of the LD_LIBRARY_PATH variable. Solaris 2.5.1
does not have the crle command so there's a lot of having to hard-code
/usr/local/lib in the compiler flags for programs that use shared libraries.
I never use LD_LIBRARY_PATH on my Solaris 2.6 and above servers but I do
on the 2.5.1 stuff.

Probably configure needs to look at this variable for hints then unset it
before running it's tests.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 601] configure script doesen't setup preprocessor flags properly [ In reply to ]
http://bugzilla.mindrot.org/show_bug.cgi?id=601





------- Additional Comments From dtucker@zip.com.au 2003-06-24 22:49 -------
Created an attachment (id=336)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=336&action=view)
Add compiler sanity test to configure.ac

I don't think configure should mess with LD_LIBRARY_PATH too much. It's up to
the user (or sysadmin) to set as appropriate, configure shouldn't need to
second-guess it.

The OpenSSL tests are particularly sensitive to library problems, though. I
wonder if it's worth adding a sanity check to configure to catch
compiler/libraries/flag problems earlier? Would that ever catch anything?
(example attached)



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 601] configure script doesen't setup preprocessor flags properly [ In reply to ]
http://bugzilla.mindrot.org/show_bug.cgi?id=601





------- Additional Comments From tedm@toybox.placo.com 2003-06-25 14:08 -------
Either configure should be affected by LD_LIBRARY_PATH in which case
the INSTALL file needs to be updated to tell the sysadmin to unset it
before running configure, OR configure needs to ignore it.

I don't mind more sanity checks but the attached patch isn't addressing
the problem, which is that configure is currently being affected
by LD_LIBRARY_PATH. Until a consensus is arrived at as to how best
to go about fixing configure (if it should be touched at all) the
problem with LD_LIBRARY_PATH needs to be documented in the INSTALL file
in the section for Solaris specific issues.





------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 601] configure script doesen't setup preprocessor flags properly [ In reply to ]
http://bugzilla.mindrot.org/show_bug.cgi?id=601





------- Additional Comments From mouring@eviladmin.org 2003-06-25 15:20 -------
The /var/run is a bogus thing for solaris 2.5.1.. OpenSSH is doing the correct
thing by not using it if it does not exist. So I think we can safely ignore
that complaint.

I don't know if the configure.ac that Darren is suggest is useful. I thought
configure already tested for such things.

As for LD_LIBRARY_PATH... This is really not a solaris only issue. This is an
issue with any OS that honors that variable (which is most UNIXes). However,
the use/abuse of it can cause odd-ball failures/successes.
Since /usr/local/ssl/lib is set in LD_LIBRARY_PATH the AC_TRY_LINK_FUNC
(RAND_add, AC_DEFINE(HAVE_OPENSSL),..) is successful without having to set -I
then we see this error.

We shouldn't distrupt LD_LIBRARY_PATH in the off chance that it may be set for
a valid reason (dynamically linked OpenSSL w/ libraries in non-standard
locations).

Darren, maybe this needs to be solved by added another check between the check
to see if the library is usable and the checks to see if the headers/libraries
match.

Something like:

AC_TRY_RUN([#include <..>
main(..) { .. )],
[dnl good, no LD_LIBRARY_PATH issues found],
[.dnl crap, no header, we got an LD_LIBRARY_ISSUE. Mirror tests in above
AC_TRY_LINK_FUNC(RAND_add, ..)]
)

That ensures if for some reason the LD_LIBRARY_PATH is set that the -I is
attempted.

There may be a better way, but it is too late over in the midwest to consider
such things.=) Plus we are in the middle of a lighning storm. <cough>

My ONLY concern is if LD_LIBRARY_PATH is set and --with-ssl-dir is set. If
we need another case to handle it.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 601] configure script doesen't setup preprocessor flags properly [ In reply to ]
http://bugzilla.mindrot.org/show_bug.cgi?id=601





------- Additional Comments From dtucker@zip.com.au 2003-06-25 21:45 -------
Configure does test that the compiler works right at the start. Then it does a
lot of system-dependant messing with flags and such and the result might not be
valid. The suggested test will catch those before they blow up someplace else
and give a misleading error message (and I can think of at least one example).

I don't think configure should mess with LD_LIBRARY_PATH at all; if it needs to
change so the tests will run then the resulting binaries won't work without
those changes anyway.

It'd be nice to have a better error though, I'll take a closer look at Ben's
suggestion.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 601] configure script doesen't setup preprocessor flags properly [ In reply to ]
http://bugzilla.mindrot.org/show_bug.cgi?id=601





------- Additional Comments From openssh@roumenpetrov.info 2003-06-26 17:25 -------
Hi Ted

>[SNIP]
> A subsequent run of configure was made with the following invocation:
> CFLAGS="-I/usr/local/ssl/include/openssl"
> LDFLAGS="-L/usr/local/lib:/usr/local/ssl/lib" ./configure ...
>[SNIP]
> configure did properly detect openssl and completed it's run, however it
> produced the following output, note the correct compiler flag and the
> differing and incorrect C preprocessor flag:
>[SNIP]
> also on Solaris pid files normally go in /var/run
> [SNIP]
> Thus the -R flag is unneeded because [SNIP]

correct command is ( when you don't use --with-ssl-dir=... and don't like -R):
CPPFLAGS=-I/usr/local/ssl/include \
LDFLAGS=-L/usr/local/ssl/lib \
.../configure \
--with-pid-dir=/var/run \
--without-rpath \
<OTHER_OPTIONS> \
[--build=<BUILD>]
, where BUILD is sparc-sun-solaris2.5.1, but you can skip --build because is
deteted correctly.

Take note about CFLAGS vs CPPFLAGS.


Only one problem is piddir: When OpenSSH is configured with
--with-pid-dir=/path/to/missing/dir
make install don't create piddir and sshd don't complain that cannot create pid
file.


Only for infomation! Next lines are from "X.509 v3 certificate support in
OpenSSH" patch:
diff -ruN openssh-3.6.1p2/Makefile.in openssh-3.6.1p2+x509g2/Makefile.in
--- openssh-3.6.1p2/Makefile.in 2003-04-29 12:12:08.000000000 +0300
+++ openssh-3.6.1p2+x509g2/Makefile.in 2003-04-30 09:06:01.000000000 +0300
@@ -233,6 +244,8 @@
$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)5
$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8
$(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir)
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(sshcadir)
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(piddir)
(umask 022 ; $(srcdir)/mkinstalldirs $(DESTDIR)$(PRIVSEP_PATH))
$(INSTALL) -m 0755 $(STRIP_OPT) ssh $(DESTDIR)$(bindir)/ssh
$(INSTALL) -m 0755 $(STRIP_OPT) scp $(DESTDIR)$(bindir)/scp
@@ -359,3 +372,23 @@
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
diff -ruN openssh-3.6.1p2/sshd.c openssh-3.6.1p2+x509g2/sshd.c
--- openssh-3.6.1p2/sshd.c 2003-03-10 02:38:10.000000000 +0200
+++ openssh-3.6.1p2+x509g2/sshd.c 2003-06-12 09:06:01.000000000 +0300
@@ -1224,6 +1244,8 @@
if (f) {
fprintf(f, "%ld\n", (long) getpid());
fclose(f);
+ } else {
+ error("Could not create pid file: %.400s", options.pid_file);
}
}


In conclusion:
LD_LIBRARY_PATH is not solution because OpenSSL can be in default library
search path and this path take precedence over LD_LIBRARY_PATH (at least on
linux) and in this case command like this:
CPPFLAGS=-I/usr/local/ssl/include \
LD_LIBRARY_PATH=/usr/local/ssl/lib \
.../configure .....
MUST produce error: Your OpenSSL headers do not match your library


I hope that my comment will help you.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 601] configure script doesen't setup preprocessor flags properly [ In reply to ]
http://bugzilla.mindrot.org/show_bug.cgi?id=601





------- Additional Comments From openssh@roumenpetrov.info 2003-06-26 18:03 -------
What about INVALID resolution for this bug ?



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 601] configure script doesen't setup preprocessor flags properly [ In reply to ]
http://bugzilla.mindrot.org/show_bug.cgi?id=601





------- Additional Comments From mouring@eviladmin.org 2003-06-27 01:09 -------
I don't think I agree with you rumen. The universe does not circle around
Linux and LD_LIBRARY_PATH on some platforms is the only way to change the
runtime search path. Therefor I think my last comment is still correct. We
need to see if the openssl AC_TRY_LINK works, if it does then we need to test
to see if the openssl header is in the -I path. If it is not then we test with
the default of /usr/local/ssl.

This solution should not affect anything else. If you are playing with CFLAGS,
LDFLAGS or --with-ssl-dir= then your environment should be correct to start
with or you'll run into a class of issues that no autoconf system on earth can
handle correctly.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 601] configure script doesen't setup preprocessor flags properly [ In reply to ]
http://bugzilla.mindrot.org/show_bug.cgi?id=601





------- Additional Comments From tedm@toybox.placo.com 2003-06-27 14:09 -------
Are certain posters here even bothering to read the history of this bug?

As I already said, if considering LD_LIBRARY_PATH is beyond the capabilities
of ./configure, then this needs to be written IN THE DOCS so that the admin
can set the build environment up properly BEFORE running configure. Just
closing this bug as invalid without making mention in the docs is reprehensible.





------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 601] configure script doesen't setup preprocessor flags properly [ In reply to ]
http://bugzilla.mindrot.org/show_bug.cgi?id=601





------- Additional Comments From openssh@roumenpetrov.info 2003-06-27 21:26 -------
in breif:
bug summary: configure script doesen't setup preprocessor flags properly (!)
solution: use CPPFLAGS instead CFLAGS
manual: configure --help
resolution: invalid

=================
about other - all is out of bug scope !




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 601] configure script doesen't setup preprocessor flags properly [ In reply to ]
http://bugzilla.mindrot.org/show_bug.cgi?id=601

djm@mindrot.org changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID



------- Additional Comments From djm@mindrot.org 2003-06-28 17:53 -------
I agree. Darren, please commit your "compiler sanity test" patch - that is enough.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.