compilation error 9.4.1 (
Bill Larson
wllarso at swcp.com
Sat Jun 9 02:15:47 UTC 2007
On Jun 8, 2007, at 3:36 PM, Edward Lewis wrote:
> As was explained to me off-list...it's a MacOS X thing. I altered
> the Makefiles to not use the -L and it compiled. Here's the 'named'
> compile/link command.
I also work on MacOS X (10.3 and 10.4 both). I have had absolutely
no problem building BIND under MacOS X. Going back to your initial
posting I see that you are trying to build BIND with OpenSSL.
There is a problem with OpenSSL in that MacOS X always tries to use
the dynamic libraries first and only after the dynamic library is not
found then try to use a normal library. But MacOS X comes with the
OpenSSL libraries as part of the system. When you are compiling BIND
the system is trying to link to the system SSL dynamic library rather
than the library that you are explicitly calling out.
The problem is with the "ld" command in MacOS X! Read over the
"PROBLEMS" file that comes with the OpenSSL sources. Thee is a
description of the problem and the solution. The suggested solution
is to replace the "-lcrypto" compile options and explicitly call out
the library to be used, such as "/usr/local/ssl/lib/libcrypto.a".
(There is another suggestion of renaming the system libcrypto.dylib
and libssl.dylib files. Maybe a possible solution, but not one that
I would like to use.)
The OpenSSL people say that this is a problem for Apple in how their
"ld" command works. The implication is that the OpenSSL developers
won't attempt to incorporate any work around to it either. So, I
wouldn't bet on the BIND developers trying to create a fix for this
either.
My solution was to modify the resulting BIND Makefiles that config
generates. I used the following script to do this:
#!/bin/sh
find . -name Makefile | xargs grep -l '\-lcrypto' | \
while read makefile; do
echo "Fixing -lcrypto in $makefile"
cp $makefile ${makefile}.orig
ed -s $makefile <<EOF
,s/-lcrypto/\/usr\/local\/ssl\/lib\/libcrypto.a/g
w
q
EOF
done
This is very similar to the solution proposed in the OpenSSL PROBLEMS
file. It is not "pretty", but it works.
Another solution is that I can send you the resulting files if you
are really interested.
Now, ask yourself the question of, "am I really going to be using
DNSSEC?" If not, then you don't have to build BIND with OpenSSL and
the whole problem goes away. This is a different issue than using
TSIG to sign your zones. So, is it really necessary to try and build
BIND with OpenSSL for your purposes?
Bill Larson
> gcc -g -O2 -o named \
> builtin.o client.o config.o control.o controlconf.o interfacemgr.o
> listenlist.o log.o logconf.o main.o notify.o query.o server.o
> sortlist.o
> tkeyconf.o tsigconf.o update.o xfrout.o zoneconf.o lwaddr.o lwresd.o
> lwdclient.o lwderror.o lwdgabn.o lwdgnba.o lwdgrbn.o lwdnoop.o
> lwsearch.o
> unix/os.o ../../lib/lwres/liblwres.a ../../lib/dns/libdns.a
> /usr/local/ssl/lib/libcrypto.a ../../lib/bind9/libbind9.a
> ../../lib/isccfg/libisccfg.a ../../lib/isccc/libisccc.a
> ../../lib/isc/libisc.a
>
>
> --
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> =-=-=-=-
> Edward Lewis
> +1-571-434-5468
> NeuStar
>
> Sarcasm doesn't scale.
>
>
More information about the bind-users
mailing list