Libreswan on Debian Wheezy
I am sharing how to compile libreswan 3.21 on Debian Wheezy and the details.
You need 3 workarounds on Wheezy to compile. The workaround for #1 is very specific to Wheezy (libc < 2.19 and kernel < 3.12). Later distributions fixed issues #1 and #2. #3 has different workarounds depending on your libunbound2 version.
Compiling on Debian Wheezy
Debian Wheezy has a conflict between netinet/in.h and linux/in6.h
It got worse by commit 07a01d3 to xfrm.in in libreswan. The issue has a long history. It is partly due to UAPI ABI out of sync and partly due to updating local copy of xfrm.h with commit 07a01d3 while supporting nic-offload for mellonex cards. We could have worked around 07a01d3, however, it was easy to keep xfrm.h in sync with kernel UAPI copy 4.12 which seemed to work in most cases(glibc 2.19+ kernel 3.12+); except Wheezy!
-c /home/build/libreswan/programs/pluto/kernel_netlink.c /bin/bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8) In file included from /home/build/libreswan/programs/pluto/linux-copy/linux/xfrm.h:4:0, from /home/build/libreswan/programs/pluto/kernel_netlink.c:52: /usr/include/linux/in6.h:30:8: error: redefinition of 'struct in6_addr' In file included from /home/build/libreswan/linux/include/libreswan.h:212:0, from /home/build/libreswan/programs/pluto/kernel_netlink.c:51: /usr/include/netinet/in.h:198:8: note: originally defined here dpkg -S linux/in6.h linux-libc-dev:amd64: /usr/include/linux/in.h dpkg -S netinet/in.h libc6-dev:amd64: /usr/include/netinet/in.h Package: libc6-dev Source: eglibc Version: 2.13-38+deb7u10 The local copy programs/pluto/linux-copy/linux/xfrm.h is updated linux kernel 4.12
Workaround : remove the following line from
programs/pluto/linux-copy/linux/xfrm.h #include <linux/in6.h>
Details about the conflict
https://sourceware.org/bugzilla/show_bug.cgi?id=15850 If you have glibc 2.19+ you may have flip the two lines in programs/pluto/kernel_netlink.c
52 #include "linux/xfrm.h" /* local (if configured) or system copy */ 51 #include "libreswan.h" /* before xfrm.h otherwise break on F22 */ <pre> ==== With kernel 3.12 and libc-dev 2.19+ ===== Kernel made more efforts fix this issue https://github.com/torvalds/linux/commit/cfd280c91253cc28e4919e349fa7a813b63e71e8 NOTE: Fedora 22 keep the order in kernel_netlink.c == Can't link with libsystemd == <pre> /usr/bin/ld: cannot find -lsystemd collect2: error: ld returned 1 exit status This error is with. This is not new in 3.21, an old one. Package: libsystemd-daemon-dev Source: systemd Version: 44-11+deb7u5 Workaround: USE_SYSTEMD_WATCHDOG=false e.g. libreswan src directory echo "USE_SYSTEMD_WATCHDOG=false" >> Makefile.inc.local FYI: debian stretch seems to have proper libsystemd-dev
Wheezy libunbound2 (1.4.17) does not support libevent
(NOTE: this is not re-compiling issue, you need > 1.5x)
/home/build/libreswan/lib/libswan/unbound.c:187: undefined reference to `ub_ctx_create_event' collect2: error: ld returned 1 exit status apt-cache show libunbound2 Package: libunbound2 Source: unbound Version: 1.4.17-3+deb7u2 Workaround : USE_DNSSEC=false e.g echo "USE_DNSSEC=false" >> Makefile.inc.local If you have libunbound version less than 1.5.0 disable is the only way. libunbound2 1.5.0 above should be compiled with --with-libevent --enable-event-api NOTE: to compile libunbound2 + libevent on Wheezy your best bet is upstream. unbound-1.6.0 from jessie-backports has unmet dependencies on Wheeezy. Strech packges is not dowards compaitable. FYI: libunbound2 related bugs and feature requests to support libevent + in other distributions. Debian feature requests https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871675 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859584 RH bugs https://bugzilla.redhat.com/show_bug.cgi?id=1434662 RHEL 6.10 https://bugzilla.redhat.com/show_bug.cgi?id=1434661 RHEL 7.4 Libreswan bug report: https://github.com/libreswan/libreswan/issues/117