[Bug 3588] New: Build/Configure with ldns fails if OpenSSL includes are not in a standard path

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sun Jul 16 21:35:43 AEST 2023


https://bugzilla.mindrot.org/show_bug.cgi?id=3588

            Bug ID: 3588
           Summary: Build/Configure with ldns fails if OpenSSL includes
                    are not in a standard path
           Product: Portable OpenSSH
           Version: 9.3p1
          Hardware: amd64
                OS: Mac OS X
            Status: NEW
          Severity: trivial
          Priority: P5
         Component: Build system
          Assignee: unassigned-bugs at mindrot.org
          Reporter: thiele at streamline-x.org

Building with `--with-ldns` fails if OpenSSL includes <openssl/*> are
not directly reachable in a standard path (e.g. /usr/local/include).


For example I build OpenSSH something like this (with the files only
available in the separate paths specified):


./configure \
        --prefix='/usr/local/silo/openssh/9.3p1' \
        --sysconfdir='/usr/local/etc/openssh' \
        --with-ssl-dir='/usr/local/silo/openssl/latest at 3' \
        --with-ldns='/usr/local/silo/ldns/latest' \
        --with-zlib=/usr/local/silo/zlib/latest \
        …


and configure aborts with following message at the end of its output:
    …
    checking whether VIS_ALL is declared... no
    checking whether struct dirent allocates space for d_name... yes
    checking for /proc/pid/fd directory... no
    checking for ldns support... no
    configure: error: ** Incomplete or missing ldns libraries.


config.log reports the problem:
    …
    configure:12254: checking for ldns support
    configure:12269: cc -o conftest -g -O2 -pipe
-Wunknown-warning-option -Qunused-arguments \
        -Wall -Wpointer-arith -Wuninitialized -Wsign-compare
-Wformat-security \
        -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result
-Wimplicit-fallthrough \
        -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv
-fno-builtin-memset \
        -fstack-protector-strong -I/usr/local/silo/zlib/latest/include 
\
        -I/usr/local/silo/ldns/latest/include
-L/usr/local/silo/zlib/latest/lib  \
        -fstack-protector-strong -L/usr/local/silo/ldns/latest/lib
conftest.c -lldns  >&5
    In file included from conftest.c:111:
    In file included from
/usr/local/silo/ldns/latest/include/ldns/ldns.h:98:
    /usr/local/silo/ldns/latest/include/ldns/dane.h:30:10: fatal error:
'openssl/ssl.h' file not found
    #include <openssl/ssl.h>
             ^
    1 error generated.
    configure:12269: $? = 1


While zlib information (-I and -L) is passed (even if not needed?) the
openssl paths didn't make it, hence compilation of the test fails.


First I though the problem was with ldns itself (its pkg-config ldns.pc
file is broken: it is missing libssl and libcrypto in its `Required`
directive), but fixing it up didn't change the outcome in OpenSSH's
build either. ldns also provides a "ldns-config" tool, but this
provides proper OpenSSL information right out of the box. It seems
OpenSSH's build system neither makes use of pkg-config nor the
ldns-config tool in this case.

I can workaround the issue by providing a
"CPPFLAGS="-I/usr/local/silo/openssl/latest at 3/include" kludge.



TL;DR

OpenSSL CFLAGS/CPPFLAGS need to be passed along to the ldns config test
builds in the configure script.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list