bind-9.11.0-P2 on Debian 9.0 (stretch)
Dennis Clarke
dclarke at blastwave.org
Thu Jan 26 18:31:11 UTC 2017
>
>> 1) OpenSSL dependency dance
>>
>> I removed OpenSSL 1.1 and compiled OpenSSL 1.0.2e from source
>
> You'll probably have better luck installing Debian's libssl1.0-dev and
> related packages, rather than installing it yourself. Plain libssl-dev in
> Stretch is OpenSSL 1.1.
>
> If you install stuff yourself from source then it is particularly unwise
> to put it in /usr where it'll collide with files managed by dpkg - put it
> in /usr/local or /opt.
>
> Tony.
>
I have always been amused by the defacto approach of Linux people
who compile software and install it into /usr/local as a way to keep
non-vendor software outside of /usr. Given that /usr/local is *inside*
the /usr tree of course.
The POSIX and XPG4 approach has always been to provide some real
separation and install software in /opt/{vendor_name} with the config
files place under the /etc tree at /etc/opt/{vendor_name}. Various log
files are other bits may exist in /var/opt/{vendor_name} with temp files
which may or may not persist across boots in /var/tmp/{vendor_name}.
Essentially full separation from the source OS area called /usr but in
fact even further one must be careful of the RPATH values inside the
created ELF file binaries. However the folks in the Debian project and
many other Linux distro projects often release software to the world
wherein there is no RPATH or RUNPATH data in the ELF dynamic section
and thus the libs needed are left to the runtime linker to sort out. In
this case they could be from where ever the user decides and if they
very dangerously use LD_LIBRARY_PATH then an over ride may be enforced:
sedna$ uname -a
Linux sedna 4.8.0-2-amd64 #1 SMP Debian 4.8.15-2 (2017-01-04) x86_64
GNU/Linux
sedna$ cat /etc/debian_version
9.0
sedna$ readelf -d /bin/dig
Dynamic section at offset 0x18560 contains 40 entries:
Tag Type Name/Value
0x0000000000000001 (NEEDED) Shared library: [libdns.so.162]
0x0000000000000001 (NEEDED) Shared library: [libgssapi_krb5.so.2]
0x0000000000000001 (NEEDED) Shared library: [libkrb5.so.3]
0x0000000000000001 (NEEDED) Shared library: [libk5crypto.so.3]
0x0000000000000001 (NEEDED) Shared library: [libcom_err.so.2]
0x0000000000000001 (NEEDED) Shared library: [libcrypto.so.1.0.2]
0x0000000000000001 (NEEDED) Shared library: [liblwres.so.141]
0x0000000000000001 (NEEDED) Shared library: [libbind9.so.140]
0x0000000000000001 (NEEDED) Shared library: [libisccfg.so.140]
0x0000000000000001 (NEEDED) Shared library: [libisc.so.160]
0x0000000000000001 (NEEDED) Shared library: [libdl.so.2]
0x0000000000000001 (NEEDED) Shared library: [libcap.so.2]
0x0000000000000001 (NEEDED) Shared library: [libpthread.so.0]
0x0000000000000001 (NEEDED) Shared library: [libm.so.6]
0x0000000000000001 (NEEDED) Shared library: [libGeoIP.so.1]
0x0000000000000001 (NEEDED) Shared library: [libxml2.so.2]
0x0000000000000001 (NEEDED) Shared library: [libc.so.6]
That is the list of dynamic libs needed and more info :
0x000000000000000c (INIT) 0x49b0
0x000000000000000d (FINI) 0x124d4
0x0000000000000019 (INIT_ARRAY) 0x218428
0x000000000000001b (INIT_ARRAYSZ) 8 (bytes)
0x000000000000001a (FINI_ARRAY) 0x218430
0x000000000000001c (FINI_ARRAYSZ) 8 (bytes)
0x000000006ffffef5 (GNU_HASH) 0x298
0x0000000000000005 (STRTAB) 0x1ac0
0x0000000000000006 (SYMTAB) 0x2d8
0x000000000000000a (STRSZ) 4606 (bytes)
0x000000000000000b (SYMENT) 24 (bytes)
0x0000000000000015 (DEBUG) 0x0
0x0000000000000003 (PLTGOT) 0x218820
0x0000000000000007 (RELA) 0x2f10
0x0000000000000008 (RELASZ) 6816 (bytes)
0x0000000000000009 (RELAENT) 24 (bytes)
0x0000000000000018 (BIND_NOW)
0x000000006ffffffb (FLAGS_1) Flags: NOW PIE
0x000000006ffffffe (VERNEED) 0x2ec0
0x000000006fffffff (VERNEEDNUM) 2
0x000000006ffffff0 (VERSYM) 0x2cbe
0x000000006ffffff9 (RELACOUNT) 38
0x0000000000000000 (NULL) 0x0
sedna$
However no where is there an RPATH or RUNPATH or any way to tell
the run time linker where the correct libs *should* reside. Thus
on SVR4 compliant systems one *should* ( not must ) specify such
a path thus :
dclarke at thor_$ file /usr/local/bin/dig
/usr/local/bin/dig: ELF 64-bit MSB executable SPARCV9 Version 1,
UltraSPARC1 Extensions Required, dynamically linked, not stripped
dclarke at thor_$ elfdump -devl /usr/local/bin/dig
ELF Header
ei_magic: { 0x7f, E, L, F }
ei_class: ELFCLASS64 ei_data: ELFDATA2MSB
ei_osabi: ELFOSABI_SOLARIS ei_abiversion: EAV_SUNW_CURRENT
e_machine: EM_SPARCV9 e_version: EV_CURRENT
e_type: ET_EXEC
e_flags: [ EF_SPARCV9_TSO EF_SPARC_SUN_US1 ]
e_entry: 0x10002e780 e_ehsize: 64 e_shstrndx: 28
e_shoff: 0x8c9c40 e_shentsize: 64 e_shnum: 30
e_phoff: 0x40 e_phentsize: 56 e_phnum: 5
Version Needed Section: .SUNW_version
index file version
[2] libgss.so.1 SUNW_1.2
[3] libnsl.so.1 SUNW_1.7
[4] libsocket.so.1 SUNW_1.4
[5] SUNW_1.1 [ INFO ]
[6] SUNW_0.7 [ INFO ]
[7] librt.so.1 SUNW_1.2
[8] SUNW_0.7 [ INFO ]
[9] libpthread.so.1 SUNW_1.2
[10] SUNW_0.9 [ INFO ]
[11] libthread.so.1 SUNW_1.1
[12] libc.so.1 SUNW_1.19
[13] SUNW_1.1 [ INFO ]
[14] SUNW_0.7 [ INFO ]
Dynamic Section: .dynamic
index tag value
[0] NEEDED 0x10ec2 libgss.so.1
[1] NEEDED 0x10f5d libkrb5.so.1
[2] NEEDED 0x10f6a libcrypto.so.1.0.0
[3] NEEDED 0x10f7d libdl.so.1
[4] NEEDED 0x10ed7 libnsl.so.1
[5] NEEDED 0x10eec libsocket.so.1
[6] NEEDED 0x10f88 libscf.so.1
[7] NEEDED 0x10f16 librt.so.1
[8] NEEDED 0x10f21 libpthread.so.1
[9] NEEDED 0x10f94 libxml2.so.2
[10] NEEDED 0x10fa1 libz.so.1
[11] NEEDED 0x10fab libm.so.2
[12] NEEDED 0x10f3a libthread.so.1
[13] NEEDED 0x10f49 libc.so.1
[14] INIT 0x100380680
[15] FINI 0x100380690
[16] RUNPATH 0x10fb5
/usr/local/lib:/usr/local/ssl/lib
[17] RPATH 0x10fb5
/usr/local/lib:/usr/local/ssl/lib
[18] HASH 0x100000178
[19] STRTAB 0x100019d38
[20] STRSZ 0x111d7
[21] SYMTAB 0x100006880
[22] SYMENT 0x18
[23] CHECKSUM 0x49d3
[24] VERNEED 0x10002af10
[25] VERNEEDNUM 0x7
[26] PLTRELSZ 0x1d28
[27] PLTREL 0x7
[28] JMPREL 0x10002ca58
[29] RELA 0x10002ca10
[30] RELASZ 0x1d70
[31] RELAENT 0x18
[32] DEBUG 0
[33] FLAGS 0 0
[34] FLAGS_1 0 0
[35] SUNW_STRPAD 0x200
[36] SUNW_LDMACH 0x2b EM_SPARCV9
[37] PLTGOT 0x1004f5f00
[38-48] NULL 0
Therefore it is clear that this binary executable file "dig" which is
in the Linux defacto standard ( no clear spec seems to exist ) path of
the /usr/local area needs dynamic libs which are clearly specified to
the run time linker with RPATH and even RUNPATH inside the ELF dynamic
section.
Therefore a user may feel free to compile their own software from source
in a free and open way and implement the software they build themselves
from source as they please so long as they are careful to separate the
runtime executables and the dynamic library dependencies away from the
supplied distro.
The point of ALL of the above is that users of open software should
always have the freedom to build software on their own computers from
sources as they please and to install the results of their work as they
please. However a bit of caution should be used in the placement of
the resultant executables and the libraries such that they do not
affect the runtime characteristics of their distro. However the freedom
is there and the sources exist for very good reasons and if a user makes
the choice to dance in a minefield then by all means let them. However a
caution sign should be posted on the outer edge with some fine print
which says "you have the freedom to do so but here are some guidelines."
Dennis Clarke
More information about the bind-users
mailing list