Difference between revisions of "Libreswan on Debian Wheezy"

From Libreswan
Jump to navigation Jump to search
Line 3: Line 3:
 
You need 3 workarounds on Wheezy to compile. The workaround for #1 is very specific to Wheezy (libc < 2.19 and kernel < 3.12). Later distributions fixed issues #1 and #2. #3 has different workarounds depending on your libunbound2 version.
 
You need 3 workarounds on Wheezy to compile. The workaround for #1 is very specific to Wheezy (libc < 2.19 and kernel < 3.12). Later distributions fixed issues #1 and #2. #3 has different workarounds depending on your libunbound2 version.
  
= Compiling on Debian Wheezy =
+
= Compiling libreswan 3.21 on Debian Wheezy =
== Debian Wheezy has a conflict between netinet/in.h and linux/in6.h ==
+
== conflict between netinet/in.h and linux/in6.h ==
 
It got worse by commit 07a01d3 to xfrm.in in libreswan. The issue has a long  history.  It is partly due to UAPI ABI out of sync and partly due to updating local copy of xfrm.h with commit 07a01d3 while supporting nic-offload for mellonex cards. We could have worked around 07a01d3, however, it was easy to keep xfrm.h in sync with kernel UAPI copy 4.12 which seemed to work in most cases(glibc 2.19+ kernel 3.12+); except Wheezy!
 
It got worse by commit 07a01d3 to xfrm.in in libreswan. The issue has a long  history.  It is partly due to UAPI ABI out of sync and partly due to updating local copy of xfrm.h with commit 07a01d3 while supporting nic-offload for mellonex cards. We could have worked around 07a01d3, however, it was easy to keep xfrm.h in sync with kernel UAPI copy 4.12 which seemed to work in most cases(glibc 2.19+ kernel 3.12+); except Wheezy!
 +
 
<pre>
 
<pre>
 
                 -c /home/build/libreswan/programs/pluto/kernel_netlink.c
 
                 -c /home/build/libreswan/programs/pluto/kernel_netlink.c
Line 55: Line 56:
  
 
== Can't link with libsystemd ==  
 
== Can't link with libsystemd ==  
 +
 
<pre>
 
<pre>
 
/usr/bin/ld: cannot find -lsystemd  
 
/usr/bin/ld: cannot find -lsystemd  
Line 64: Line 66:
 
  Version: 44-11+deb7u5
 
  Version: 44-11+deb7u5
  
Workaround: USE_SYSTEMD_WATCHDOG=false e.g. libreswan src directory
+
=== Workaround: USE_SYSTEMD_WATCHDOG=false ===
 +
libreswan src directory  
 
echo "USE_SYSTEMD_WATCHDOG=false" >> Makefile.inc.local
 
echo "USE_SYSTEMD_WATCHDOG=false" >> Makefile.inc.local
  
Line 82: Line 85:
 
Version: 1.4.17-3+deb7u2
 
Version: 1.4.17-3+deb7u2
  
Workaround : USE_DNSSEC=false e.g
+
=== Workaround : USE_DNSSEC=false ====
 +
<pre>
 
echo "USE_DNSSEC=false" >> Makefile.inc.local
 
echo "USE_DNSSEC=false" >> Makefile.inc.local
 
+
</pre>
 
If you have libunbound version less than 1.5.0 disable is the only way.
 
If you have libunbound version less than 1.5.0 disable is the only way.
libunbound2 1.5.0  above should be compiled with --with-libevent
+
libunbound2 1.5.0  above should be compiled with --with-libevent --enable-event-api
--enable-event-api
 
  
NOTE: to compile libunbound2 + libevent on Wheezy your best bet is upstream.
+
NOTE: to compile libunbound2 + libevent on Wheezy your best bet is upstream. unbound-1.6.0 from jessie-backports has unmet dependencies on Wheeezy. Strech package is not dowards compaitable.
unbound-1.6.0 from jessie-backports has unmet dependencies on Wheeezy.
 
Strech packges is not dowards compaitable.
 
  
FYI: libunbound2 related bugs and feature requests to support libevent + in
+
= libunbound2 + libeent bugs/feature requests =
other distributions.
 
  
Debian feature requests
+
== Debian feature requests ==
 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871675
 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871675
 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859584
 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859584
  
RH bugs
+
== RH feature request ==
 
https://bugzilla.redhat.com/show_bug.cgi?id=1434662 RHEL 6.10
 
https://bugzilla.redhat.com/show_bug.cgi?id=1434662 RHEL 6.10
 +
 
https://bugzilla.redhat.com/show_bug.cgi?id=1434661 RHEL 7.4
 
https://bugzilla.redhat.com/show_bug.cgi?id=1434661 RHEL 7.4
  
Libreswan bug report:
+
== Libreswan bug report ==
 
https://github.com/libreswan/libreswan/issues/117
 
https://github.com/libreswan/libreswan/issues/117
 
</pre>
 

Revision as of 11:54, 12 August 2017

I am sharing how to compile libreswan 3.21 on Debian Wheezy and the details.

You need 3 workarounds on Wheezy to compile. The workaround for #1 is very specific to Wheezy (libc < 2.19 and kernel < 3.12). Later distributions fixed issues #1 and #2. #3 has different workarounds depending on your libunbound2 version.

Compiling libreswan 3.21 on Debian Wheezy

conflict between netinet/in.h and linux/in6.h

It got worse by commit 07a01d3 to xfrm.in in libreswan. The issue has a long history. It is partly due to UAPI ABI out of sync and partly due to updating local copy of xfrm.h with commit 07a01d3 while supporting nic-offload for mellonex cards. We could have worked around 07a01d3, however, it was easy to keep xfrm.h in sync with kernel UAPI copy 4.12 which seemed to work in most cases(glibc 2.19+ kernel 3.12+); except Wheezy!

                -c /home/build/libreswan/programs/pluto/kernel_netlink.c
/bin/bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
In file included from
/home/build/libreswan/programs/pluto/linux-copy/linux/xfrm.h:4:0,
                 from
/home/build/libreswan/programs/pluto/kernel_netlink.c:52:
/usr/include/linux/in6.h:30:8: error: redefinition of 'struct in6_addr'
In file included from /home/build/libreswan/linux/include/libreswan.h:212:0,
                 from
/home/build/libreswan/programs/pluto/kernel_netlink.c:51:
/usr/include/netinet/in.h:198:8: note: originally defined here

dpkg -S linux/in6.h
linux-libc-dev:amd64: /usr/include/linux/in.h

dpkg -S netinet/in.h
libc6-dev:amd64: /usr/include/netinet/in.h

Package: libc6-dev
Source: eglibc
Version: 2.13-38+deb7u10

The local copy
programs/pluto/linux-copy/linux/xfrm.h is updated linux kernel 4.12

Workaround : remove the following line from

programs/pluto/linux-copy/linux/xfrm.h

#include <linux/in6.h>

Details about the conflict

glibc 2.19+

https://sourceware.org/bugzilla/show_bug.cgi?id=15850 If you have glibc 2.19+ you may have flip the two lines in programs/pluto/kernel_netlink.c

52 #include "linux/xfrm.h" /* local (if configured) or system copy */
51 #include "libreswan.h" /* before xfrm.h otherwise break on F22 */
<pre>

==== With kernel 3.12 and libc-dev 2.19+ ===== 
Kernel made more efforts fix this issue
https://github.com/torvalds/linux/commit/cfd280c91253cc28e4919e349fa7a813b63e71e8

NOTE: Fedora 22 keep the order in kernel_netlink.c

== Can't link with libsystemd == 

<pre>
/usr/bin/ld: cannot find -lsystemd 
collect2: error: ld returned 1 exit status

This error is with. This is not new in 3.21, an old one.
 Package: libsystemd-daemon-dev
 Source: systemd
 Version: 44-11+deb7u5

=== Workaround: USE_SYSTEMD_WATCHDOG=false ===
libreswan src directory 
echo "USE_SYSTEMD_WATCHDOG=false" >> Makefile.inc.local

FYI: debian stretch seems to have proper libsystemd-dev

Wheezy libunbound2 (1.4.17) does not support libevent

(NOTE: this is not re-compiling issue, you need > 1.5x)

/home/build/libreswan/lib/libswan/unbound.c:187: undefined reference to
`ub_ctx_create_event'
collect2: error: ld returned 1 exit status

apt-cache show libunbound2
Package: libunbound2
Source: unbound
Version: 1.4.17-3+deb7u2

=== Workaround : USE_DNSSEC=false ====
<pre>
echo "USE_DNSSEC=false" >> Makefile.inc.local

If you have libunbound version less than 1.5.0 disable is the only way. libunbound2 1.5.0 above should be compiled with --with-libevent --enable-event-api

NOTE: to compile libunbound2 + libevent on Wheezy your best bet is upstream. unbound-1.6.0 from jessie-backports has unmet dependencies on Wheeezy. Strech package is not dowards compaitable.

libunbound2 + libeent bugs/feature requests

Debian feature requests

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871675 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859584

RH feature request

https://bugzilla.redhat.com/show_bug.cgi?id=1434662 RHEL 6.10

https://bugzilla.redhat.com/show_bug.cgi?id=1434661 RHEL 7.4

Libreswan bug report

https://github.com/libreswan/libreswan/issues/117