Quantcast

Idle hands... cleanup needs to be linked against libssl?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Idle hands... cleanup needs to be linked against libssl?

Ralf Hildebrandt
David and I were wondering why the cleanup deamon is being linked
against libssl.

I had a naive look:

postamt:/usr/src/postfix-2.6-20080411/src/cleanup# fgrep -i ssl *
Binary file cleanup matches
Makefile:SYSLIBS        = -lpcre -lssl -lcrypto -lcdb -ldb -lnsl -lresolv
Makefile:EXPORT = AUXLIBS='-lpcre -lssl -lcrypto -lcdb' CCARGS='-DHAS_CDB -DUSE_TLS -DHAS_PCRE -DUSE_SASL_AUTH -DDEF_SERVER_SASL_TYPE=\"dovecot\" -DSNAPSHOT' OPT='-O' DEBUG='-g'

So, I don't think linking in libssl would be necessary. But what do I
know, so I think I'd rather ask.

--
Ralf Hildebrandt ([hidden email])          [hidden email]
Postfix - Einrichtung, Betrieb und Wartung       Tel. +49 (0)30-450 570-155
http://www.arschkrebs.de
"Ever spend a little time reading comp.lang.c++ ? That's really the best
place to learn about the number of C++ users looking for a better
language."  - R. William Beckwith.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Idle hands... cleanup needs to be linked against libssl?

Ralf Hildebrandt
* Ralf Hildebrandt <[hidden email]>:

> David and I were wondering why the cleanup deamon is being linked
> against libssl.
>
> I had a naive look:
>
> postamt:/usr/src/postfix-2.6-20080411/src/cleanup# fgrep -i ssl *
> Binary file cleanup matches
> Makefile:SYSLIBS        = -lpcre -lssl -lcrypto -lcdb -ldb -lnsl -lresolv
> Makefile:EXPORT = AUXLIBS='-lpcre -lssl -lcrypto -lcdb' CCARGS='-DHAS_CDB -DUSE_TLS -DHAS_PCRE -DUSE_SASL_AUTH -DDEF_SERVER_SASL_TYPE=\"dovecot\" -DSNAPSHOT' OPT='-O' DEBUG='-g'
>
> So, I don't think linking in libssl would be necessary. But what do I
> know, so I think I'd rather ask.

I think this may be due to:
LIBS   = ../../lib/libmaster.a ../../lib/libmilter.a ../../lib/libglobal.a \

--
Ralf Hildebrandt ([hidden email])          [hidden email]
Postfix - Einrichtung, Betrieb und Wartung       Tel. +49 (0)30-450 570-155
http://www.arschkrebs.de
The only secure Microsoft software is what's still shrink-wrapped in the
warehouse.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Idle hands... cleanup needs to be linked against libssl?

Ralf Hildebrandt
In reply to this post by Ralf Hildebrandt
* Ralf Hildebrandt <[hidden email]>:

> David and I were wondering why the cleanup deamon is being linked
> against libssl.
>
> I had a naive look:
>
> postamt:/usr/src/postfix-2.6-20080411/src/cleanup# fgrep -i ssl *
> Binary file cleanup matches
> Makefile:SYSLIBS        = -lpcre -lssl -lcrypto -lcdb -ldb -lnsl -lresolv
> Makefile:EXPORT = AUXLIBS='-lpcre -lssl -lcrypto -lcdb' CCARGS='-DHAS_CDB -DUSE_TLS -DHAS_PCRE -DUSE_SASL_AUTH -DDEF_SERVER_SASL_TYPE=\"dovecot\" -DSNAPSHOT' OPT='-O' DEBUG='-g'
>
> So, I don't think linking in libssl would be necessary. But what do I
> know, so I think I'd rather ask.

David found http://www.gentoo.org/proj/en/qa/asneeded.xml, and I
recompiled Postfix using those (GNU ld specific) options
"-Wl,--as-needed" on my Linux box:

make tidy
CCARGS="`pkg-config --cflags libssl libcrypto libpcre` -DUSE_TLS -DHAS_PCRE -DHAS_CDB" \
AUXLIBS="-Wl,--as-needed `pkg-config --libs libssl libcrypto libpcre` -lcdb" make -j 4 makefiles &&
make -j 4 && postfix stop; make -j 4 upgrade && postfix start && sleep 2 && postfix flush

After that, cleanup and pipe (to name but a few) were linked
differently:

Before:

$ ldd /usr/libexec/postfix/cleanup
linux-gate.so.1 => (0xb7f75000)        
libssl.so.0.9.8 => /usr/lib/i686/cmov/libssl.so.0.9.8 (0xb7f24000)
libcrypto.so.0.9.8 => /usr/lib/i686/cmov/libcrypto.so.0.9.8 (0xb7dda000)
libpcre.so.3 => /usr/lib/libpcre.so.3 (0xb7db2000)
libcdb.so.1 => /usr/lib/libcdb.so.1 (0xb7dae000)
libdb-4.5.so => /usr/lib/libdb-4.5.so (0xb7c94000)
libnsl.so.1 => /lib/i686/cmov/libnsl.so.1 (0xb7c7c000)
libresolv.so.2 => /lib/i686/cmov/libresolv.so.2 (0xb7c69000)
libc.so.6 => /lib/i686/cmov/libc.so.6 (0xb7b1b000)
libdl.so.2 => /lib/i686/cmov/libdl.so.2 (0xb7b16000)
libz.so.1 => /usr/lib/libz.so.1 (0xb7b01000)
libpthread.so.0 => /lib/i686/cmov/libpthread.so.0 (0xb7ae9000)
/lib/ld-linux.so.2 (0xb7f76000)

After:
# ldd /usr/libexec/postfix/cleanup
linux-gate.so.1 =>  (0xb7eb6000)
libpcre.so.3 => /usr/lib/libpcre.so.3 (0xb7e83000)
libcdb.so.1 => /usr/lib/libcdb.so.1 (0xb7e7f000)
libdb-4.5.so => /usr/lib/libdb-4.5.so (0xb7d64000)
libnsl.so.1 => /lib/i686/cmov/libnsl.so.1 (0xb7d4c000)
libc.so.6 => /lib/i686/cmov/libc.so.6 (0xb7bfe000)
libpthread.so.0 => /lib/i686/cmov/libpthread.so.0 (0xb7be6000)
/lib/ld-linux.so.2 (0xb7eb7000)

Before:
-rwxr-xr-x 1 root root 930992  2. Mai 11:06 /usr/libexec/postfix/cleanup

After:
-rwxr-xr-x 1 root root 981356  2. Mai 10:54 /usr/libexec/postfix/cleanup
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Idle hands... cleanup needs to be linked against libssl?

Paweł Leśniak
Ralf Hildebrandt pisze:

> Before:
> $ ldd /usr/libexec/postfix/cleanup
> linux-gate.so.1 => (0xb7f75000)        
> libssl.so.0.9.8 => /usr/lib/i686/cmov/libssl.so.0.9.8 (0xb7f24000)
> libcrypto.so.0.9.8 => /usr/lib/i686/cmov/libcrypto.so.0.9.8 (0xb7dda000)
> libpcre.so.3 => /usr/lib/libpcre.so.3 (0xb7db2000)
> libcdb.so.1 => /usr/lib/libcdb.so.1 (0xb7dae000)
> libdb-4.5.so => /usr/lib/libdb-4.5.so (0xb7c94000)
> libnsl.so.1 => /lib/i686/cmov/libnsl.so.1 (0xb7c7c000)
> libresolv.so.2 => /lib/i686/cmov/libresolv.so.2 (0xb7c69000)
> libc.so.6 => /lib/i686/cmov/libc.so.6 (0xb7b1b000)
> libdl.so.2 => /lib/i686/cmov/libdl.so.2 (0xb7b16000)
> libz.so.1 => /usr/lib/libz.so.1 (0xb7b01000)
> libpthread.so.0 => /lib/i686/cmov/libpthread.so.0 (0xb7ae9000)
> /lib/ld-linux.so.2 (0xb7f76000)
>
> After:
> # ldd /usr/libexec/postfix/cleanup
> linux-gate.so.1 =>  (0xb7eb6000)
> libpcre.so.3 => /usr/lib/libpcre.so.3 (0xb7e83000)
> libcdb.so.1 => /usr/lib/libcdb.so.1 (0xb7e7f000)
> libdb-4.5.so => /usr/lib/libdb-4.5.so (0xb7d64000)
> libnsl.so.1 => /lib/i686/cmov/libnsl.so.1 (0xb7d4c000)
> libc.so.6 => /lib/i686/cmov/libc.so.6 (0xb7bfe000)
> libpthread.so.0 => /lib/i686/cmov/libpthread.so.0 (0xb7be6000)
> /lib/ld-linux.so.2 (0xb7eb7000)
>
> Before:
> -rwxr-xr-x 1 root root 930992  2. Mai 11:06 /usr/libexec/postfix/cleanup
>
> After:
> -rwxr-xr-x 1 root root 981356  2. Mai 10:54 /usr/libexec/postfix/cleanup
>  

So... all you did, you just linked in libssl statically. Check by:
strings /usr/libexec/postfix/cleanup | grep ssl


P.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Idle hands... cleanup needs to be linked against libssl?

Ralf Hildebrandt
* Paweł Leśniak <[hidden email]>:

>> Before:
>> -rwxr-xr-x 1 root root 930992  2. Mai 11:06 /usr/libexec/postfix/cleanup
>>
>> After:
>> -rwxr-xr-x 1 root root 981356  2. Mai 10:54 /usr/libexec/postfix/cleanup

I swapped these. The binaries were bigger BEFORE. Sorry.

> So... all you did, you just linked in libssl statically.

Nope. I didn't specify any -static flags.

> Check by: strings /usr/libexec/postfix/cleanup | grep ssl

I don't think so:
mail:~# strings /usr/libexec/postfix/cleanup | grep ssl
mail:~#

--
Ralf Hildebrandt ([hidden email])          [hidden email]
Postfix - Einrichtung, Betrieb und Wartung       Tel. +49 (0)30-450 570-155
http://www.arschkrebs.de
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Idle hands... cleanup needs to be linked against libssl?

Wietse Venema
In reply to this post by Ralf Hildebrandt
Ralf Hildebrandt:

> * Ralf Hildebrandt <[hidden email]>:
> > David and I were wondering why the cleanup deamon is being linked
> > against libssl.
> >
> > I had a naive look:
> >
> > postamt:/usr/src/postfix-2.6-20080411/src/cleanup# fgrep -i ssl *
> > Binary file cleanup matches
> > Makefile:SYSLIBS        = -lpcre -lssl -lcrypto -lcdb -ldb -lnsl -lresolv
> > Makefile:EXPORT = AUXLIBS='-lpcre -lssl -lcrypto -lcdb' CCARGS='-DHAS_CDB -DUSE_TLS -DHAS_PCRE -DUSE_SASL_AUTH -DDEF_SERVER_SASL_TYPE=\"dovecot\" -DSNAPSHOT' OPT='-O' DEBUG='-g'
> >
> > So, I don't think linking in libssl would be necessary. But what do I
> > know, so I think I'd rather ask.
>
> I think this may be due to:
> LIBS   = ../../lib/libmaster.a ../../lib/libmilter.a ../../lib/libglobal.a \

And what if some map (postconf -n) requires SSL support?

        Wietse
Loading...