build problem with 2.9p1 & p2

Jim Knoble jmknoble at pobox.com
Fri Aug 10 01:32:44 EST 2001 

Circa 2001-Aug-08 15:34:19 -0700 dixit Mike Vihel:

: Greetings -
: 
: I don't think this is a bug; just something I don't understand.
: 
: I'm using RedHat Linux v7.0 with an i686 processor.
: 
: I've been using openssl v0.9.5a with openssh v2.2.1
: 
: I've upgraded to openssl v0.9.6b and openssh v2.9.p2
: 
: I've built both packages with the '--prefix=/usr' option.
: 
: During the openssh 'make install' at 'host-key' I get an error 255
:   OpenSSL Version mismatch.  Built against 90601f, you have 90581f
: 
: I also get the same error when trying to start the sshd daemon.
: 
: I've re-installed openssl v0.9.5a and it fixed the problem.
: 
: Can you tell me what's goin on here?

If you're installing OpenSSL by compiling from source instead of from a
pre-built RPM package, then it's very likely that you're not installing
everything that Red Hat's OpenSSL RPM package does.  In particular, Red
Hat's package installs shared libraries, and, by default,
OpenSSL-0.9.6b does not.  Additionally, gcc on Red Hat Linux is set up
to link against a shared library if one exists in preference to a
static library.

If you're going to install OpenSSL from source, you really should
uninstall the existing openssl-devel package before doing so:

  su
  rpm -e openssl-devel

Also, under package-managed systems such as Red Hat Linux (or Mandrake,
SuSE, Connectiva, or Debian) it's recommended to configure packages you
install from source with a --prefix of /usr/local or /opt or similar,
so that you (or someone else) can tell the software is not installed
via the package management system.  Otherwise, you end up with a system
where 'rpm -q openssl' claims that openssl-0.9.5a is installed, but
somehow magically openssl-0.9.6b is what applications get built
against....

Of course, it can often be worth the time to roll your own RPM packages
of openssl-0.9.6b, using Red Hat's packages as an example.  Then you
can install them on multiple systems without having to compile each
time, and you've got the spec file to document how the package was
built and with what options it was configured.

-- 
jim knoble | jmknoble at pobox.com   | http://www.pobox.com/~jmknoble/
(GnuPG fingerprint: 31C4:8AAC:F24E:A70C:4000::BBF4:289F:EAA8:1381:1491)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 262 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20010809/3bf509bb/attachment.bin

More information about the openssh-unix-dev mailing list