compilation error 9.4.1 (

[Bill Larson]

On Jun 8, 2007, at 3:36 PM, Edward Lewis wrote:

> As was explained to me off-list...it's a MacOS X thing.  I altered
> the Makefiles to not use the -L and it compiled.  Here's the 'named'
> compile/link command.

I also work on MacOS X (10.3 and 10.4 both).  I have had absolutely  
no problem building BIND under MacOS X.  Going back to your initial  
posting I see that you are trying to build BIND with OpenSSL.

There is a problem with OpenSSL in that MacOS X always tries to use  
the dynamic libraries first and only after the dynamic library is not  
found then try to use a normal library.  But MacOS X comes with the  
OpenSSL libraries as part of the system.  When you are compiling BIND  
the system is trying to link to the system SSL dynamic library rather  
than the library that you are explicitly calling out.

The problem is with the "ld" command in MacOS X!  Read over the  
"PROBLEMS" file that comes with the OpenSSL sources.  Thee is a  
description of the problem and the solution.  The suggested solution  
is to replace the "-lcrypto" compile options and explicitly call out  
the library to be used, such as "/usr/local/ssl/lib/libcrypto.a".   
(There is another suggestion of renaming the system libcrypto.dylib  
and libssl.dylib files.  Maybe a possible solution, but not one that  
I would like to use.)

The OpenSSL people say that this is a problem for Apple in how their  
"ld" command works.  The implication is that the OpenSSL developers  
won't attempt to incorporate any work around to it either.  So, I  
wouldn't bet on the BIND developers trying to create a fix for this  
either.

My solution was to modify the resulting BIND Makefiles that config  
generates.  I used the following script to do this:

	#!/bin/sh

	find . -name Makefile | xargs grep -l '\-lcrypto' | \
	while read makefile; do
	  echo "Fixing -lcrypto in $makefile"
	  cp $makefile ${makefile}.orig
	  ed -s $makefile <<EOF
	,s/-lcrypto/\/usr\/local\/ssl\/lib\/libcrypto.a/g
	w
	q
	EOF
	done

This is very similar to the solution proposed in the OpenSSL PROBLEMS  
file.  It is not "pretty", but it works.

Another solution is that I can send you the resulting files if you  
are really interested.

Now, ask yourself the question of, "am I really going to be using  
DNSSEC?"  If not, then you don't have to build BIND with OpenSSL and  
the whole problem goes away.  This is a different issue than using  
TSIG to sign your zones.  So, is it really necessary to try and build  
BIND with OpenSSL for your purposes?

Bill Larson

> gcc -g -O2  -o named \
> builtin.o client.o config.o control.o controlconf.o interfacemgr.o
> listenlist.o log.o logconf.o main.o notify.o query.o server.o  
> sortlist.o
> tkeyconf.o tsigconf.o update.o xfrout.o zoneconf.o lwaddr.o lwresd.o
> lwdclient.o lwderror.o lwdgabn.o lwdgnba.o lwdgrbn.o lwdnoop.o  
> lwsearch.o
>   unix/os.o ../../lib/lwres/liblwres.a ../../lib/dns/libdns.a
> /usr/local/ssl/lib/libcrypto.a ../../lib/bind9/libbind9.a
> ../../lib/isccfg/libisccfg.a ../../lib/isccc/libisccc.a
> ../../lib/isc/libisc.a
>
>
> -- 
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- 
> =-=-=-=-
> Edward Lewis                                                 
> +1-571-434-5468
> NeuStar
>
> Sarcasm doesn't scale.
>
>