openssh static build - mission impossible?

Mr Dash Four mr.dash.four at googlemail.com
Wed Mar 7 02:13:17 EST 2012


> Sounds like he's been bitten by RedHat/Fedora's policy to replace all 
> crypto on the system with MozillaNSS. 
I can confirm that is indeed the case, sadly! I spend this morning 
looking at the libc files and the references are there for all to see. 
Why Fedora choose to do it that way I'd never know!

> You could easily dig up an unmodified glibc source to replace this.
By "unmodified" I presume you mean free of the nss dependencies Fedora 
introduced, right? Is there a way to recompile libc, but exclude those 
dependencies (replacing libc completely is going to open a whole new can 
of worms, I think).

> Also, the suggestion to use uClibc is still a better one. It will make 
> static linking that much easier as well. Another option is to grab 
> Bionic from the Android source tree; either of these is more compact 
> than the stock Fedora monstrosity.
The problem with this approach is that I already use a compiler as well 
as all sorts of other applications, which rely on a particular version 
of libc present. I am not sure if I can just replace it with something 
else. If I could recompile the same libc version, but somehow "strip" 
the nss dependencies, I think that would be the best course of action 
without causing mayhem.


More information about the openssh-unix-dev mailing list