Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20160215085550.GA3709@sunny.log2.net>
Date: Sun, 14 Feb 2016 22:55:50 -1000
From: cpb <cpb@...ny.log2.net>
To: owl-users@...ts.openwall.com
Subject: Request tips to build postfix with TLS

Hi everyone, I decided Owl-users was the place for this question, even
though it's a package tweak+build question.

I am trying to build postfix with TLS support, I made a little progress
with a couple of tweaks to Owl's postfix.spec, but I don't want to tweak
it any more without asking first. I am not sure that I actually made any
progress at all! Here's the 2 main things I tried:

-------------------
1. defined USE_TLS, resulting in dozens of undefined SSL symbols:
-------------------
$ whoami ; pwd
build
/usr/src/world
$ p=native/Owl/packages/postfix
$ sed -i.bak -e s/-UUSE_TLS/-DUSE_TLS/g $p/postfix.spec
$ make PACKAGE=postfix
...
12:35:38: #1: Failed postfix
...
$ egrep undefined.reference logs/postfix | tail -2
../../lib/libpostfix.so: undefined reference to `SSL_set_cipher_list'
../../lib/libpostfix.so: undefined reference to `SSL_set_bio'

-------------------
2. After that, augmented the SYSLIBS list with -lssl, but two undefined
   symbols remain in the same link step. These are postfix symbols though,
   not libssl symbols:
-------------------
$ sed -i.bak -e 's/^SYSLIBS="\(.*\)"/SYSLIBS="\1 -lssl"/' $p/postfix.spec
$ make PACKAGE=postfix
...
12:47:19: #1: Failed postfix
...
$ egrep undefined.reference logs/postfix
../../lib/libpostfix.so: undefined reference to `var_tls_daemon_rand_bytes'
../../lib/libpostfix.so: undefined reference to `var_tls_append_def_CA'

-------------------
The two changes made to postfix.spec are pretty close together:
-------------------
$ diff -U4 -Nar $p/postfix.spec-orig $p/postfix.spec
--- native/Owl/packages/postfix/postfix.spec-orig	2016-02-13 09:35:42 -1000
+++ native/Owl/packages/postfix/postfix.spec	2016-02-14 12:45:09 -1000
@@ -151,17 +151,17 @@
  -DDEF_SENDMAIL_PATH=\\\"%sendmail_path\\\" \
 "
 DICT_LIBS="-ldb -lcdb `pcre-config --libs`"
 DICT_ARGS="-DHAS_CDB -DHAS_PCRE `pcre-config --cflags`"
-SYSLIBS="-lnsl -lresolv"
+SYSLIBS="-lnsl -lresolv -lssl"
 
 pushd src
 
 # 0. Prepare.
 %__make	-j1 -C .. tidy makefiles \
 	SYSLIBS="$SYSLIBS" \
 	AUXLIBS= \
-	CCARGS="$CCARGS $DICT_ARGS -UUSE_TLS" \
+	CCARGS="$CCARGS $DICT_ARGS -DUSE_TLS" \
 	OPT="$OPT" \
 	DEBUG= \
 	NO_IPV6=1

-------------------
The step that fails is the link of anvil including lib/libpostfix.so:
-------------------
[src/anvil]
make: Entering directory `/usr/src/world/rpm-work-1/BUILD/postfix-2.4.15/src/anv
il'
gcc -Wmissing-prototypes -Wformat -DDEF_COMMAND_DIR=\"/usr/sbin\" -DDEF_CONFIG_D
IR=\"/etc/postfix\" -DDEF_DAEMON_DIR=\"/usr/libexec/postfix\" -DDEF_HTML_DIR=\"/
usr/share/doc/postfix-2.4.15/html\" -DDEF_MAILQ_PATH=\"/usr/bin/mailq\" -DDEF_MA
NPAGE_DIR=\"/usr/share/man\" -DDEF_NEWALIAS_PATH=\"/usr/bin/newaliases\" -DDEF_P
ROGRAM_DIR=\"/usr/libexec/postfix\" -DDEF_QUEUE_DIR=\"/var/spool/postfix\" -DDEF
_README_DIR=\"/etc/postfix/README_FILES\" -DDEF_SAMPLE_DIR=\"/etc/postfix/README
_FILES\" -DDEF_SENDMAIL_PATH=\"/usr/sbin/sendmail\" -DHAS_CDB -DHAS_PCRE -I/usr/
include/pcre -DUSE_TLS  -pipe -march=i686 -O2 -fomit-frame-pointer -mpreferred-s
tack-boundary=2 -Wall -Wno-comment -Wno-missing-braces -I. -I../../include -DLIN
UX2 -o anvil anvil.o ../../lib/libpostfix_dict.so ../../lib/libpostfix.so 
../../lib/libpostfix.so: undefined reference to `var_tls_daemon_rand_bytes'
../../lib/libpostfix.so: undefined reference to `var_tls_append_def_CA'
collect2: ld returned 1 exit status
make: *** [anvil] Error 1
-------------------

I see that the specfile divides up the executables and config/builds them
in separate batches, but I do not know how these two var_tls_* symbols are
supposed to get resolved in the link. RHEL4's spec file doesn't do this
kind of stuff, and of course the Postfix TLS docs don't discuss this
separation either. I don't want to struggle if someone already knows how
to build postfix with TLS support the right way.

I can give more information if requested, but I think this question is
already a bit too long. Thanks in advance.

Chris Bopp
Honolulu, Hawaii

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.