Project

General

Profile

Issue #3677

Compile the binary for Android ARM

Added by Mathias Edinson about 1 month ago. Updated 10 days ago.

Status:
Closed
Priority:
Normal
Category:
android
Affected version:
5.9.1
Resolution:
No change required

Description

Dear all,

How to compile or cross-compile StrongSwan (VPN) for the Android Kernel. I'm not talking about the .APK but the c++ binaries from the source code.

I read the official documentation for compiling strongswan in general. I also read the official documentation for cross-compiling strongswan for Android.

I tested both methods without success:

First method, I tried cross-compiling with the NDK for arm from my Ubuntu, but at the ./configure step, I have of gmp library an error which I couldn't resolve.

configure: error: GNU Multi Precision library gmp not found

I tried with various versions of strongswan and Android API

Second method, I emulates a raspberry pi with QEMU (ARM64) and inside I could compile strongswan and run it. But the problem when I put it on the Android Studio emulator, I get an error. I think it is due to the fact that I compiled strongswan with dynamic libs. I tried with the option

--disable-shared --enable-static --enable-monolithic

But when I do the command:

  1. file starter
    starter: ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-aarch64.so.1, for GNU/Linux 3.7.0, BuildID[sha1]=e8e45d6d999bee049625c8c28e3552248045a2ab, with debug_info, not stripped

The binaries seem to be dynamically linked. How could I compile them statically?

Best regards

History

#1 Updated by Tobias Brunner about 1 month ago

  • Category set to android
  • Status changed from New to Feedback

First method, I tried cross-compiling with the NDK for arm from my Ubuntu, but at the ./configure step, I have of gmp library an error which I couldn't resolve.

configure: error: GNU Multi Precision library gmp not found

If you don't have libgmp, disable the gmp plugin (as described on Android, refer to InstallationDocumentation).

#2 Updated by Mathias Edinson about 1 month ago

Tobias Brunner wrote:

First method, I tried cross-compiling with the NDK for arm from my Ubuntu, but at the ./configure step, I have of gmp library an error which I couldn't resolve.

configure: error: GNU Multi Precision library gmp not found

If you don't have libgmp, disable the gmp plugin (as described on Android, refer to InstallationDocumentation).

Thank you for the answer. Actually I have libgmp, but there is a bug (I think) in the ANDROID NDK for the compilation of arm. I bypassed this problem by compiling inside an ARM environement like I mentioned. But now, my problem is how could I compile everything statically? When I compile inside my ARM emulator it works, but when I export it to the Android target it doesn't work because binaries are compiled dynamically even if I used --disable-shared --enable-static --enable-monolithic options

Bests

#3 Updated by Tobias Brunner about 1 month ago

Actually I have libgmp, but there is a bug (I think) in the ANDROID NDK for the compilation of arm.

What bug? You might just have to configure the search paths correctly.

I bypassed this problem by compiling inside an ARM environement like I mentioned. But now, my problem is how could I compile everything statically? When I compile inside my ARM emulator it works, but when I export it to the Android target it doesn't work because binaries are compiled dynamically even if I used --disable-shared --enable-static --enable-monolithic options

You can't link external libraries (such as libgmp or libcrypto) statically without manual hacks in the Makefiles for each executable and library (see e.g. the fuzzing targets in source:fuzz).

#4 Updated by Mathias Edinson about 1 month ago

Tobias Brunner wrote:

Actually I have libgmp, but there is a bug (I think) in the ANDROID NDK for the compilation of arm.

What bug? You might just have to configure the search paths correctly.

I bypassed this problem by compiling inside an ARM environement like I mentioned. But now, my problem is how could I compile everything statically? When I compile inside my ARM emulator it works, but when I export it to the Android target it doesn't work because binaries are compiled dynamically even if I used --disable-shared --enable-static --enable-monolithic options

You can't link external libraries (such as libgmp or libcrypto) statically without manual hacks in the Makefiles for each executable and library (see e.g. the fuzzing targets in source:fuzz).

Ok, if I understand, I should modify the makefile in a way that I compile all libraries statically ?

That Android kernel don't have libmp or libcrypto by default that's what you mean?

#5 Updated by Tobias Brunner about 1 month ago

Ok, if I understand, I should modify the makefile in a way that I compile all libraries statically ?

Only if you actually wanted to statically link the libraries.

That Android kernel don't have libmp or libcrypto by default that's what you mean?

What does that have to do with the kernel?

#6 Updated by Mathias Edinson about 1 month ago

Tobias Brunner wrote:

Ok, if I understand, I should modify the makefile in a way that I compile all libraries statically ?

Only if you actually wanted to statically link the libraries.

That Android kernel don't have libmp or libcrypto by default that's what you mean?

What does that have to do with the kernel?

I mean, that the Android Kernel doesn't have libgmp libcrypto by default. So, What i'm trying to do is to compile Strongswan with all related libraries statically in arm OS, then export all binaries into the Android kernel where I can execute them. Is it clear? Or should I give more details?

thanks

#7 Updated by Tobias Brunner about 1 month ago

I mean, that the Android Kernel doesn't have libgmp libcrypto by default.

Do you perhaps mean "image" instead of "kernel"?

So, What i'm trying to do is to compile Strongswan with all related libraries statically in arm OS, then export all binaries into the Android kernel where I can execute them. Is it clear?

I guess you could also copy the libraries as long as they don't conflict with those already on the system. Or link against the libraries on the system (e.g. BoringSSL).

#8 Updated by Mathias Edinson about 1 month ago

Tobias Brunner wrote:

I mean, that the Android Kernel doesn't have libgmp libcrypto by default.

Do you perhaps mean "image" instead of "kernel"?

So, What i'm trying to do is to compile Strongswan with all related libraries statically in arm OS, then export all binaries into the Android kernel where I can execute them. Is it clear?

I guess you could also copy the libraries as long as they don't conflict with those already on the system. Or link against the libraries on the system (e.g. BoringSSL).

Copying the libraries seems to be a good idea. Can you point me for a link which contains all dependecies of strongswan?

#9 Updated by Tobias Brunner about 1 month ago

Can you point me for a link which contains all dependecies of strongswan?

Depends on the enabled plugins.

#10 Updated by Mathias Edinson about 1 month ago

Tobias Brunner wrote:

Can you point me for a link which contains all dependecies of strongswan?

Depends on the enabled plugins.

Well, here are my commands, verry simple:

  1. ./configure --prefix=/tmp/strongswan/ --libexecdir=/tmp/strongswan/libexec --libdir=/tmp/strongswan/lib --sysconfdir=/tmp/strongswan/etc --disable-shared --enable-static --enable-monolithic
  1. make
  1. make install

And at the end, I go to /tmp/strongswan, zip everything and transfer it to the android device via adb push. When I execute it inside the Android device, i get this

  1. ./ipsec start
    ./ipsec336: /tmp/strongswan/libexec/ipsec/starter: inaccessible or not found

Of course the file /tmp/strongswan/libexec/ipsec/starter exist and here is the file command output:

  1. file starter
    starter: ELF shared object, 64-bit LSB arm64, dynamic (/lib/ld-linux-aarch64.so.1), BuildID=e8e45d6d999bee049625c8c28e3552248045a2ab, not stripped

Could you help me to modify the file in the way that I can include statically all libraries, libgmp...

Best regards

#11 Updated by Tobias Brunner about 1 month ago

--prefix=/tmp/strongswan/

Not a good idea, the executables and libraries will most likely only work if they are in this location on the final system (with monolithic, static builds it might work, but still some paths e.g. to config files will be encoded relative to this). Set the prefix etc. to the path that you want them to be on the final system, then use make install DESTDIR=/path/to/target to collect the files in a specific directory.

#12 Updated by Mathias Edinson about 1 month ago

Tobias Brunner wrote:

--prefix=/tmp/strongswan/

Not a good idea, the executables and libraries will most likely only work if they are in this location on the final system (with monolithic, static builds it might work, but still some paths e.g. to config files will be encoded relative to this). Set the prefix etc. to the path that you want them to be on the final system, then use make install DESTDIR=/path/to/target to collect the files in a specific directory.

After modifying some Makefiles. I could compile staticaly two binaries (starter and charon) which are in the libexec folder. But now, when I do

make install DESTDIR=/path_to_target

I have only two folders there, on is "data/" and the other is "lib/" but there no lib.so like libstrongswan.so. The only files which I have in the "lib" directories are .a and .la extensions

#13 Updated by Tobias Brunner about 1 month ago

After modifying some Makefiles. I could compile staticaly two binaries (starter and charon) which are in the libexec folder.

What libexec folder are you referring to?

I have only two folders there, on is "data/" and the other is "lib/" but there no lib.so like libstrongswan.so. The only files which I have in the "lib" directories are .a and .la extensions

If you build statically, there will obviously not be any share libraries (.so) but only static libraries (.a), the .la files are from libtool. But if you actually built the binaries statically, no libraries, whether static or shared, will be required anyway.

#14 Updated by Mathias Edinson 30 days ago

Tobias Brunner wrote:

After modifying some Makefiles. I could compile staticaly two binaries (starter and charon) which are in the libexec folder.

What libexec folder are you referring to?

I have only two folders there, on is "data/" and the other is "lib/" but there no lib.so like libstrongswan.so. The only files which I have in the "lib" directories are .a and .la extensions

If you build statically, there will obviously not be any share libraries (.so) but only static libraries (.a), the .la files are from libtool. But if you actually built the binaries statically, no libraries, whether static or shared, will be required anyway.

Thanks to your advices, I could resolve my last problem. I compiled all binaries (starter, charon, stroke...) statically. Now when I'm trying to launcch the starter, it launches charon in backrond, and charon is giving this output

# ./charon
00[DMN] Starting IKE charon daemon (strongSwan 5.9.0, Linux 4.9.190, aarch64)
00[CFG] loading ca certificates from '/data/local/tmp/strongswan/etc/ipsec.d/cacerts'
00[CFG] loading aa certificates from '/data/local/tmp/strongswan/etc/ipsec.d/aacerts'
00[CFG] loading ocsp signer certificates from '/data/local/tmp/strongswan/etc/ipsec.d/ocspcerts'
00[CFG] loading attribute certificates from '/data/local/tmp/strongswan/etc/ipsec.d/acerts'
00[CFG] loading crls from '/data/local/tmp/strongswan/etc/ipsec.d/crls'
00[CFG] loading secrets from '/data/local/tmp/strongswan/etc/ipsec.secrets'
00[NET] binding socket 'unix:///var/run/charon.ctl' failed: No such file or directory
00[CFG] creating stroke socket failed
00[NET] binding socket 'unix:///var/run/charon.vici' failed: No such file or directory
00[CFG] creating vici socket failed
00[LIB] loaded plugins: charon aes des rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem fips-prf gmp curve25519 xcbc cmac hmac drbg attr kernel-netlink resolve socket-default updown xauth-generic counters
00[DMN] unable to create pidfile '/var/run/charon.pid'

It seems, that it will look for pid and socket files on the /var/run folder. But this folder doesn't exist on Android Kernels. Is there an option to add at the configure step to tell charon to look for the correct folder of sockets instead of /var/run sub-directories?

I found that this piddirs is set in the configure.ac file. Can I modify it from here?

Are those files created by strongswan or by the system?

Thank you

#15 Updated by Tobias Brunner 29 days ago

Is there an option to add at the configure step to tell charon to look for the correct folder of sockets instead of /var/run sub-directories?

Yes, use --with-piddir, see ./configure --help or autoconf.

I found that this piddirs is set in the configure.ac file. Can I modify it from here?

So you found it but didn't try to use it?

Are those files created by strongswan or by the system?

The daemon and the plugins create files/sockets there.

#16 Updated by Mathias Edinson 10 days ago

Tobias Brunner wrote:

Is there an option to add at the configure step to tell charon to look for the correct folder of sockets instead of /var/run sub-directories?

Yes, use --with-piddir, see ./configure --help or autoconf.

I found that this piddirs is set in the configure.ac file. Can I modify it from here?

So you found it but didn't try to use it?

Are those files created by strongswan or by the system?

The daemon and the plugins create files/sockets there.

Thank you Tobias for your help, I could compile Strongswan binaries for Android Kernel

Best regards

#17 Updated by Tobias Brunner 10 days ago

  • Status changed from Feedback to Closed
  • Assignee set to Tobias Brunner
  • Resolution set to No change required

Also available in: Atom PDF