openssh static build - mission impossible?

Peter Stuge peter at stuge.se
Tue Mar 6 16:28:25 EST 2012 

Mr Dash Four wrote:
> ./configure \
> --host=armv6l-redhat-linux-gnueabi \
> --build=armv7l-unknown-linux-gnueabi \

Why? For which tuple are you building, and with which tuple are you
building?


> When I then execute make, I get this after a while:

You should not have cut away the command doing the linking. I.e.
*never* remove output when you are asking for help, because chances
are quite significant that you are removing the single key piece of
information required in order to determine the actual error.


> gcc -o sshd sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o sshpty.o sshlogin.o servconf.o serverloop.o auth.o auth1.o auth2.o auth-options.o session.o auth-chall.o auth2-chall.o groupaccess.o auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o auth2-jpake.o monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o auth-krb5.o auth2-gss.o gss-serv.o gss-serv-krb5.o loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o audit.o audit-bsm.o platform.o sftp-server.o sftp-common.o roaming_common.o roaming_serv.o -L. -Lopenbsd-compat/  -pie -z relro -z now -lnsl -lpcre -lcdb -fstack-protector-all -static -static-libgcc -lssh -lopenbsd-compat -lcrypto -lcrypt -ldl -lutil -lz  -lresolv

Who is running this command? Are you running it manually? You create
significant unneccessary confusion by not including complete output
from make without making any changes.


> /usr/lib/gcc/armv5tel-redhat-linux-gnueabi/4.6.1/../../../libcrypt.a(md5-crypt.o): In function `__md5_crypt_r': (.text+0xb4): undefined reference to `NSSLOW_Init'

If you resolve that path you get /usr/lib/libcrypt.a and unless you
are building both on and for armv6l-redhat-linux-gnueabi then that is
certainly not the file you want to link against. Are you
cross-compiling or not?


> From what I gather, all these NSS* references are from the nss-*
> packages/libraries, and to my knowledge, there isn't a static
> version of it. Any pointers as how to get out of this mess would be
> greately appreciated, thanks!

If you show complete output then it is possible to say if you have
done anything wrong. If libcrypt.a for your target indeed requires
NSS then I suggest writing a replacement crypt() which you can link
OpenSSH against. Possibly there is one included in OpenSSH already,
and you just need to configure correctly to have it used.


//Peter

More information about the openssh-unix-dev mailing list