openssh static build - mission impossible?

Mr Dash Four mr.dash.four at googlemail.com
Tue Mar 6 15:32:40 EST 2012



Stephen Harris wrote:
> I'm not an ssh developer, but...
> 
>> /builddir/build/BUILD/openssh-5.6p1/groupaccess.c:66: warning: Using 'getgrouplist' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
> 
> The problem, here, is that glibc uses nsswitch.conf and nss libraries
> can be dynamically loaded (nss_ldap, nss_files, nss_nis, etc etc).
> getgrouplist() is a function that inherently uses the name service
> resolving routines in glibc.
It is highly unlikely that I will ever need or use the name resolution service on the host device, so I am not worried by that aspect (I had this warning while building other statically-linked programs - openvpn comes to mind - that work just fine with no "side effects"). I also explicitly deactivated nss (hence "--without-nss").
 
> If you're building your own embedded system then you should use a
> different libc implementation (uclibc, perhaps?) that doesn't _require_
> dynamic linking.
That is not an option for me at all - it is either statically-linked openssh or nada!


More information about the openssh-unix-dev mailing list