[Swan-dev] problems with Libreswan 3.15 build for Linux 3.14

Neal P. Murphy neal.p.murphy at alum.wpi.edu
Thu Dec 3 04:46:05 UTC 2015 

Help! I'm lost! (Well, maybe I'm just a mite bewildered.)

I'm amidst converting Smoothwall Express to use Libreswan and Linux 3.14. The current release uses Openswan 2.6.42 and Linux 3.4.110.

As usual, LFS rescued me from one blockage; I got NSPR and NSS added and built. Then I had to add pkgs unbound and libevent.

[aside]
Where in the docs are all of the mandatory and optional dependencies specified? Also, http://libreswan.googlecode.com/git/README (which may be old/dead), says:
----
    make programs
    make module
    sudo make module_install
----
The install step should probably include target 'install', too.
[/aside]

======

So I finally got to building Libreswan. Or trying to...

First I tried to build the whole thing (using 'make -j8 ... programs'). And it failed with:
----
make[4]: Leaving directory `/build/sources/openswan/libreswan-3.15/OBJ.linux.i386/lib/libipsecconf'
make[3]: Leaving directory `/build/sources/openswan/libreswan-3.15/lib/libipsecconf'
make[2]: Leaving directory `/build/sources/openswan/libreswan-3.15/lib'
make[2]: Entering directory `/build/sources/openswan/libreswan-3.15/programs'
make[3]: Entering directory `/build/sources/openswan/libreswan-3.15/programs/proc'
make -C ../../OBJ.linux.i386/programs/proc buildall
: ignoring xmlto exit status
: ignoring xmlto exit status
xmlto -o ../../OBJ.linux.i386/programs/proc man ipsec_version.5.xml || true
xmlto -o ../../OBJ.linux.i386/programs/proc man ipsec_trap_count.5.xml || true
: ignoring xmlto exit status
xmlto -o ../../OBJ.linux.i386/programs/proc man ipsec_trap_sendcount.5.xml || true
make[4]: Entering directory `/build/sources/openswan/libreswan-3.15/OBJ.linux.i386/programs/proc'
make[4]: Nothing to be done for `buildall'.
make[4]: Leaving directory `/build/sources/openswan/libreswan-3.15/OBJ.linux.i386/programs/proc'
Cheating xmlto with copy...
Cheating xmlto with copy...
Cheating xmlto with copy...
cp: omitting directory '../../OBJ.linux.i386/programs/proc'
cp: omitting directory '../../OBJ.linux.i386/programs/proc'
cp: omitting directory '../../OBJ.linux.i386/programs/proc'
test -r ../../OBJ.linux.i386/programs/proc/ipsec_version.5
test -r ../../OBJ.linux.i386/programs/proc/ipsec_trap_count.5
test -r ../../OBJ.linux.i386/programs/proc/ipsec_trap_sendcount.5
make[3]: *** [ipsec_version.5] Error 1
make[3]: *** Waiting for unfinished jobs....
make[3]: *** [ipsec_trap_count.5] Error 1
make[3]: *** [ipsec_trap_sendcount.5] Error 1
make[3]: Leaving directory `/build/sources/openswan/libreswan-3.15/programs/proc'
make[2]: *** [all] Error 2
make[2]: Leaving directory `/build/sources/openswan/libreswan-3.15/programs'
make[1]: *** [all] Error 2
make[1]: Leaving directory `/build/sources/openswan/libreswan-3.15'
make: *** [compile] Error 2
make: Leaving directory `/build/sources/openswan'
----

I believe the errors tell me that the files are not readable. Indeed, they aren't there. So what is the hiccup?

Next, I tried to build without the docs (using 'make -j8 ... base'). This also died, with:
---- 
cc   -g -O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -O2 -m32 -march=i586 \
-mtune=generic -fno-strict-aliasing -DDNSSEC -DKLIPS -DLIBCURL -DUSE_MD5 \
-DHAVE_NM -DUSE_SHA2 -DUSE_SHA1 -DFIPSPRODUCTCHECK=\"/etc/system-fips\" \
-DIPSEC_CONF=\"/etc/ipsec.conf\" -DIPSEC_CONFDDIR=\"/etc/ipsec.d\" \
-DIPSEC_NSSDIR=\"/etc/ipsec.d\" -DIPSEC_CONFDIR=\"/etc\" \
-DIPSEC_EXECDIR=\"/usr/local/libexec/ipsec\" \
-DIPSEC_SBINDIR=\"/usr/local/sbin\" -DIPSEC_VARDIR=\"/var\" \
-DPOLICYGROUPSDIR=\"/etc/ipsec.d/policies\" \
-DSHARED_SECRETS_FILE=\"/etc/ipsec.secrets\" -DGCC_LINT \
-DALLOW_MICROSOFT_BAD_PROPOSAL  -Wall -Wextra -Wformat -Wformat-nonliteral \
-Wformat-security -Wundef -Wmissing-declarations -Wredundant-decls \
-Wnested-externs -I/build/sources/openswan/libreswan-3.15/ports/linux/include \
-I/build/sources/openswan/libreswan-3.15/ports/linux/include \
-I/build/sources/openswan/libreswan-3.15/ports/linux/include \
-I/build/sources/openswan/libreswan-3.15/ports/linux/include  \
-I/build/sources/openswan/libreswan-3.15/programs/pluto/linux26 \
-I/build/sources/openswan/libreswan-3.15/include \
-I/build/sources/openswan/libreswan-3.15/lib/libcrypto \
-I/build/sources/openswan/libreswan-3.15/linux/include   -DUSE_KEYRR   \
-DNETKEY_SUPPORT -DKERNEL26_HAS_KAME_DUPLICATES -DPFKEY  -DUSE_TWOFISH \
-DUSE_SERPENT -DKLIPS -DPFKEY    -DUSE_AES -DUSE_3DES -DUSE_SHA2 -DUSE_SHA1 \
-DUSE_MD5 -DUSE_CAMELLIA   -DXAUTH_HAVE_PAM -DLIBCURL    -DHAVE_LIBCAP_NG \
-DHAVE_NM -I/usr/include/nss -I/usr/include/nspr   -O2 -m32 -march=i586 \
-mtune=generic -fno-strict-aliasing  \
        -MMD -MF ./test_buffer.d \
        -o ./test_buffer.o \
        -c /build/sources/openswan/libreswan-3.15/programs/pluto/test_buffer.c
In file included from /build/sources/openswan/libreswan-3.15/programs/pluto/terminate.c:45:0:
/build/sources/openswan/libreswan-3.15/programs/pluto/connections.h:132:78: fatal error: security/pam_appl.h: No such file or directory
compilation terminated.
make[4]: *** [terminate.o] Error 1
make[4]: *** Waiting for unfinished jobs....
In file included from /build/sources/openswan/libreswan-3.15/programs/pluto/connections.c:56:0:
/build/sources/openswan/libreswan-3.15/programs/pluto/connections.h:132:78: fatal error: security/pam_appl.h: No such file or directoryIn file included from /build/sources/openswan/libreswan-3.15/programs/pluto/initiate.c:54:0:
/build/sources/openswan/libreswan-3.15/programs/pluto/connections.h:132:78: fatal error: security/pam_appl.h: No such file or directory

compilation terminated.
compilation terminated.
make[4]: *** [initiate.o] Error 1
make[4]: *** [connections.o] Error 1
make[4]: Leaving directory `/build/sources/openswan/libreswan-3.15/OBJ.linux.i386/programs/pluto'
make[3]: *** [local-base] Error 2
make[3]: Leaving directory `/build/sources/openswan/libreswan-3.15/programs/pluto'
make[2]: *** [base] Error 2
make[2]: Leaving directory `/build/sources/openswan/libreswan-3.15/programs'
make[1]: *** [base] Error 2
make[1]: Leaving directory `/build/sources/openswan/libreswan-3.15'
make: *** [compile] Error 2
make: Leaving directory `/build/sources/openswan'
----

This seems to be trying to use pam, which smoothwall doesn't use.

Everything in the logs before these snippets 'looks' OK, so I omitted it. I can supply the entire logs if needed.

======

Now on to build commands. To build openswan for smoothwall, I used a patch to Makefile to include DESTDIR, a couple other patches to tweak little things, and this command:
----
        @$(MAKE) $(JOBS) -C $(COMPILE_DIR) V=1 USERCOMPILE='$(CFLAGS)' KLIPSCOMPILE='$(CFLAGS)' INC_USRLOCAL=$(PKG_DIR) FINALCONFDIR=$(PKG_DIR)/etc FINALRCDIR=$(PKG_DIR)/bin KERNELSRC=$(KNL_SRC) programs
----

I assume these vars have all been replaced with stuff in Makefile.inc (and files in mk/). IIUC, I can create Makefile.inc.local for all of the smoothwall-specific vars, locations and needs. But what exactly do I put in there? Copy Makefile.inc, change it as desired, and delete the rest? Add selected stuff from files in mk/?

For Libreswan, I've reduced the command to:
----
        @$(MAKE) $(JOBS) -C $(COMPILE_DIR) V=1 WERROR_CFLAGS="" KERNELSRC=$(KNL_SRC) base    # or programs
----

So far, the build picks up CFLAGS, so it builds for generic i586 as desired. WERROR_CFLAGS fixes a problem that I think is fixed in 3.16. Once I get the build to finish, I'll be able to see what else needs to be adjusted/tweaked.

I hope the 64-bit build will 'just work' once I get the 32-bit build going.

Thanks!
Neal

More information about the Swan-dev mailing list