Issue #1299
Strongswan with static linkage
Description
Hi,
The topic is much discussed over here. But I Guess I have no other option to trouble shoot the problem.
I am trying to compile strongswan statically and run the binaries in my target board(arm-linux cross compiler).I succeeded in compilation but the 'starter' is get stopped due to charon-dependencies . For last 3 days and almost i have gone through all the internet available sources.The problem still exists. Please consider me as a beginner
i am able to compile strongswan(for arm) with static linkage (due to libc-6 dependency on my target board) but the the 'starter' get stopped with the below syslog warnings
charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.3.2, Linux 3.10.10-svn1674, armv7l)
charon: 00[LIB] feature CUSTOM:libcharon in critical plugin 'charon' has unmet dependency: NONCE_GEN
charon: 00[LIB] feature CUSTOM:libcharon-receiver in critical plugin 'charon' has unmet dependency: HASHER:HASH_SHA1
charon: 00[LIB] failed to load 2 critical plugin features
and the configuration options are
CFLAGS="--static -I/home/james/libs/opensslArm/include/" LDFLAGS="-L/home/james/trunk/cross_compiler/gcc-linaro-arm-linux-gnueabihf-4.8-2013.10_linux/arm-linux-gnueabihf/libc/usr/lib -L/home/james/libs/opensslArm/lib" ./configure --target=arm-linux-gnueabihf --host=arm-linux CC=arm-linux-gnueabihf-gcc AR=arm-linux-gnueabihf-ar --with-lib-prefix=/home/james/libs/gmp_lib/ --enable-openssl --enable-pem --enable-pubkey --enable-kernel-libipsec --enable-aes --enable-des --enable-ha --enable-x509 --enable-nonce --enable-gmp --enable-static --enable-libipsec --enable-dhcp --enable-af-alg --disable-mysql --enable-sql --disable-sqlite --enable-ccm --enable-ctr --enable-gcm --enable-pkcs11 --enable-pkcs1 --enable-ikev1 --enable-ikev2 --disable-ldap --enable-eap-identity --enable-farp --enable-ha --enable-ipseckey --enable-vici LIBS="-lcrypt -ldl -lpthread -lm -lc " --disable-shared
I have compiled openssl and gmp for arm .
+steps followed for troubleshooting
1. verified /etc/strongswan.s/charon .all the config files are existing
2.My strongswan.conf file lookalike
charon {
load_modular = yes
plugins {
include strongswan.d/charon/*.conf
}
plugins {
pkcs11 {
modules {
m-module {
path = /usr/lib/lib.so /*the format is definitly like this . but the path of the lib.so little different. I am out of my work station*/
}
}
}
}
}
include strongswan.d/*.conf
3. I have tried to disable charon.load_modular option (commented out load_modular=yes in strongswan.conf)
4.removed the option '--disable-shared' (i cannot proceed due to the libc dependency of my target filesystem with the cross-compiler libc version)
But the response is the same. Any one Please help me to figure out what I miss to configure
Thanks in Advance
james
History
#1 Updated by Noel Kuntze over 9 years ago
Try using --enable-monolithic as argument to ./configure.
--enable-monolithic build monolithic version of libstrongswan that
includes all enabled plugins. Similarly, the plugins
of charon are assembled in libcharon.
#2 Updated by James albert over 9 years ago
Hi,
Thank you for the prompt reply
I have tried to configure by enabling monolithic. But its is giving the same response.
configure options
CFLAGS="--static -I/home/james/libs/opensslArm/include/ -I/home/james/libs/libGmp/usr/local/include/ " LDFLAGS="-L/home/james/SVN_TEMP/GAIA_LTE_eNodeB_PL_SW/trunk/cross_compiler/gcc-linaro-arm-linux-gnueabihf-4.8-2013.10_linux/arm-linux-gnueabihf/libc/usr/lib -L/home/james/libs/opensslArm/lib -L/home/james/libs/libGmp/usr/local/lib/" ./configure --target=arm-linux-gnueabihf --host=arm-linux CC=arm-linux-gnueabihf-gcc AR=arm-linux-gnueabihf-ar --with-lib-prefix=/home/james/libs/libGmp/ --enable-monolithic --enable-kernel-pfkey --enable-kernel-pfroute --enable-socket-default --disable-socket-dynamic --enable-openssl --enable-pem --enable-pubkey --enable-kernel-libipsec --enable-x509 --enable-nonce --enable-gmp --enable-static --enable-libipsec --enable-dhcp --enable-af-alg --disable-mysql --enable-sql --disable-sqlite --enable-ccm --enable-ctr --enable-gcm --enable-pkcs11 --enable-pkcs1 --enable-ikev1 --enable-ikev2 --disable-ldap --enable-eap-identity --enable-farp --enable-ha --enable-ipseckey --enable-vici LIBS="-lcrypt -ldl -lpthread -lm -lc " --disable-shared
Configure Output :
strongSwan will be built with the following plugins ----------------------------------------------------- libstrongswan: pkcs11 aes des rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp xcbc cmac hmac ctr gcm libcharon: kernel-libipsec socket-default stroke updown xauth-generic ha libhydra: attr kernel-netlink resolve libtnccs:
make and make install was successful though.
Below is the /etc/strongswan.conf file
charon {
# number of worker threads in charon
threads = 16
keep_alive = 20
# send strongswan vendor ID?
# send_vendor_id = yes
plugins {
sql {
# loglevel to log into sql database
loglevel = -1
# URI to the database
# database = sqlite:///path/to/file.db
# database = mysql://user:password@localhost/database
}
}
}
pluto {
}
libstrongswan {
# set to no, the DH exponent size is optimized
# dh_exponent_ansi_x9_42 = no
plugins {
pkcs11 {
modules {
secstore {
path = /usr/lib/softhsm/libsecstore.so
}
}
}
}
}
syslog warnings :
Starting IKE charon daemon (strongSwan 5.3.2, Linux 3.10.10-svn1674, armv7l) feature CUSTOM:libcharon in critical plugin 'charon' has unmet dependency: NONCE_GEN Future CUSTOM:libcharon-receiver in critical plugin 'charon' has unmet dependency:HASHER:HASH_SHA1
I am not sure if iam missing anything betweeen, sine i am a beginner. Please help.
Thanks,
James
#3 Updated by Tobias Brunner over 9 years ago
- Category changed from starter to build
- Status changed from New to Feedback
Due to our use of libtool and dlsym() to resolve the plugin constructors you can't build the daemon completely statically. libtool does not support the --whole-archive flag that would be required to force unused symbols from libraries/plugins to be contained in the final executables so we could then successfully resolve the plugin constructors, which are never called directly, via dlsym(). At least with --enable-monolithic the plugins are merged into their associated library (libcharon, libhydra, libstrongswan), which reduces the number of files considerably and makes the whole thing a bit more manageable.
#4 Updated by Tobias Brunner over 9 years ago
- Description updated (diff)
#5 Updated by James albert over 9 years ago
Could you please inform me which of the libraries needed to be shared. I am facing dependancy problem for libc.6.so only in the target board.I will try to compile by linking static and dynamic libraries together.
#6 Updated by Tobias Brunner over 9 years ago
Could you please inform me which of the libraries needed to be shared.
What do you mean?
#7 Updated by Tobias Brunner over 9 years ago
- Status changed from Feedback to Closed
- Resolution set to No feedback