Postfix 2.3.15 RPM package and no SASL support
in [Postfix]
|
Prev: headerchecks
Next: 554 5.7.1 This message has been blocked because the return email domain is invalid.(failed to obtain DNS record for domain)
From: Dan on 16 Sep 2009 19:44 I posted in the Google Group lists.postfix.users (listed on the Postfix page) but I fear that's the wrong place. http://groups.google.com/group/list.postfix.users/browse_thread/thread/bd6fc644d832c2e2/9e216f4f24ffa685 Anyway, I've been wrestling with SASL auth support after upgrading from 2.2.10 to 2.3.15 using this RPM: http://ftp.wl0.org/official/2.3/RPMS-rhel4-i386/postfix-2.3.15-1.rhel4.i386.rpm According to ldd, the binary appears to be linked against libsasl2, however, USE_SASL_AUTH was not defined at compile time, and so sasl support is not truly built-in. I'm not great with C, so my interpretation of the source (src/smtpd/smtpd.c) could be way off. So, I'm trying to recompile the source RPM, but I get errors when it comes time to link smtpd against libtls: $ cd /usr/src/redhat/SOURCES $ export POSTFIX_SASL=2 $ export POSTFIX_TLS=1 $ sh make-postfix.spec $ cd ../SPECS $ rpmbuild -ba postfix.spec .... gcc -Wmissing-prototypes -Wformat -DNO_PCRE -I/usr/include/sasl - DUSE_SASL_AUTH -DUSE_CYRUS_SASL -DUSE_TLS -I/usr/kerberos/include - O2 -g -pipe -m32 -march=i386 -mtune=pentium4 -I. -I../../include - DLINUX2 -o smtpd smtpd.o smtpd_token.o smtpd_check.o smtpd_chat.o smtpd_state.o smtpd_peer.o smtpd_sasl_proto.o smtpd_sasl_glue.o smtpd_proxy.o smtpd_xforward.o smtpd_dsn_fix.o smtpd_milter.o ../../ lib/libmaster.a ../../lib/libtls.a ../../lib/libdns.a ../../lib/ libxsasl.a ../../lib/libmilter.a ../../lib/libglobal.a ../../lib/ libutil.a -L/usr/lib/sasl2 -lsasl2 -L/usr/kerberos/lib -lssl -lcrypto - lgssapi_krb5 -lkrb5 -lcom_err -lk5crypto -lresolv -ldl -lz -lz -ldb - lnsl -lresolv .../../lib/libtls.a(tls_server.o)(.text+0x48b): In function `tls_server_init': /usr/src/redhat/BUILD/postfix-2.3.15/src/tls/tls_server.c:326: undefined reference to `SSL_CTX_set_info_callback' .../../lib/libtls.a(tls_server.o)(.text+0x58f):/usr/src/redhat/BUILD/ postfix-2.3.15/src/tls/tls_server.c:478: undefined reference to `SSL_CTX_sess_set_get_cb' .../../lib/libtls.a(tls_server.o)(.text+0x59f):/usr/src/redhat/BUILD/ postfix-2.3.15/src/tls/tls_server.c:479: undefined reference to `SSL_CTX_sess_set_new_cb' .../../lib/libtls.a(tls_server.o)(.text+0x9c5): In function `tls_server_start': /usr/src/redhat/BUILD/postfix-2.3.15/src/tls/tls_server.c:615: undefined reference to `BIO_set_callback' .../../lib/libtls.a(tls_server.o)(.text+0x9e4):/usr/src/redhat/BUILD/ postfix-2.3.15/src/tls/tls_server.c:633: undefined reference to `BIO_set_callback' collect2: ld returned 1 exit status make: *** [smtpd] Error 1 make: *** [update] Error 1 error: Bad exit status from /var/tmp/rpm-tmp.79511 (%build) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.79511 (%build) At first I thought it was simply that openssl libs and headers weren't available, but there are indeed installed. # ls -l /usr/include/openssl/ total 1104 -rw-r--r-- 1 root root 4281 Mar 3 2009 aes.h -rw-r--r-- 1 root root 40292 Mar 3 2009 asn1.h -rw-r--r-- 1 root root 18383 Mar 3 2009 asn1_mac.h -rw-r--r-- 1 root root 26671 Mar 3 2009 asn1t.h -rw-r--r-- 1 root root 27549 Mar 3 2009 bio.h -rw-r--r-- 1 root root 5073 Mar 3 2009 blowfish.h -rw-r--r-- 1 root root 21559 Mar 3 2009 bn.h -rw-r--r-- 1 root root 4229 Mar 3 2009 buffer.h -rw-r--r-- 1 root root 4315 Mar 3 2009 cast.h -rw-r--r-- 1 root root 1267 Mar 3 2009 comp.h -rw-r--r-- 1 root root 4080 Mar 3 2009 conf_api.h -rw-r--r-- 1 root root 9372 Mar 3 2009 conf.h -rw-r--r-- 1 root root 18396 Mar 3 2009 crypto.h -rw-r--r-- 1 root root 10508 Mar 3 2009 des.h -rw-r--r-- 1 root root 18221 Mar 3 2009 des_old.h -rw-r--r-- 1 root root 7872 Mar 3 2009 dh.h -rw-r--r-- 1 root root 9825 Mar 3 2009 dsa.h -rw-r--r-- 1 root root 13871 Mar 3 2009 dso.h -rw-r--r-- 1 root root 540 Mar 3 2009 ebcdic.h -rw-r--r-- 1 root root 35989 Mar 3 2009 engine.h -rw-r--r-- 1 root root 9390 Mar 3 2009 e_os2.h -rw-r--r-- 1 root root 11800 Mar 3 2009 err.h -rw-r--r-- 1 root root 30722 Mar 3 2009 evp.h -rw-r--r-- 1 root root 4297 Mar 3 2009 hmac.h -rw-r--r-- 1 root root 7636 Mar 3 2009 krb5_asn.h -rw-r--r-- 1 root root 5892 Mar 3 2009 kssl.h -rw-r--r-- 1 root root 7450 Mar 3 2009 lhash.h -rw-r--r-- 1 root root 3866 Mar 3 2009 md2.h -rw-r--r-- 1 root root 4646 Mar 3 2009 md4.h -rw-r--r-- 1 root root 4646 Mar 3 2009 md5.h -rw-r--r-- 1 root root 33095 Mar 3 2009 objects.h -rw-r--r-- 1 root root 95455 Mar 3 2009 obj_mac.h -rw-r--r-- 1 root root 23830 Mar 3 2009 ocsp.h -rw-r--r-- 1 root root 1069 Mar 3 2009 opensslconf.h -rw-r--r-- 1 root root 5980 Mar 3 2009 opensslconf-i386.h -rw-r--r-- 1 root root 3656 Mar 3 2009 opensslv.h -rw-r--r-- 1 root root 4911 Mar 3 2009 ossl_typ.h -rw-r--r-- 1 root root 2863 Mar 3 2009 pem2.h -rw-r--r-- 1 root root 24618 Mar 3 2009 pem.h -rw-r--r-- 1 root root 12080 Mar 3 2009 pkcs12.h -rw-r--r-- 1 root root 15730 Mar 3 2009 pkcs7.h -rw-r--r-- 1 root root 5121 Mar 3 2009 rand.h -rw-r--r-- 1 root root 4278 Mar 3 2009 rc2.h -rw-r--r-- 1 root root 3692 Mar 3 2009 rc4.h -rw-r--r-- 1 root root 4267 Mar 3 2009 ripemd.h -rw-r--r-- 1 root root 14747 Mar 3 2009 rsa.h -rw-r--r-- 1 root root 101158 Mar 3 2009 safestack.h -rw-r--r-- 1 root root 4944 Mar 3 2009 sha.h -rw-r--r-- 1 root root 3744 Mar 3 2009 ssl23.h -rw-r--r-- 1 root root 10716 Mar 3 2009 ssl2.h -rw-r--r-- 1 root root 20937 Mar 3 2009 ssl3.h -rw-r--r-- 1 root root 74519 Mar 3 2009 ssl.h -rw-r--r-- 1 root root 4345 Mar 3 2009 stack.h -rw-r--r-- 1 root root 13331 Mar 3 2009 symhacks.h -rw-r--r-- 1 root root 9141 Mar 3 2009 tls1.h -rw-r--r-- 1 root root 3552 Mar 3 2009 tmdiff.h -rw-r--r-- 1 root root 4253 Mar 3 2009 txt_db.h -rw-r--r-- 1 root root 3439 Mar 3 2009 ui_compat.h -rw-r--r-- 1 root root 16892 Mar 3 2009 ui.h -rw-r--r-- 1 root root 44937 Mar 3 2009 x509.h -rw-r--r-- 1 root root 22023 Mar 3 2009 x509v3.h -rw-r--r-- 1 root root 16120 Mar 3 2009 x509_vfy.h I also have a newer version of openssl installed in /usr/local, but it's excluded from my ld.so.conf and isn't specified as a cflag in the above gcc line. Can anyone shove me in the right direction?
From: Dan on 17 Sep 2009 15:05
F' it. I got really sick of dealing with my broken openssl-devel setup and edited the postfix.spec file to compile it against a locally installed openssl. # diff -u postfix.spec postfix.spec.new --- postfix.spec 2009-09-17 12:02:06.000000000 -0700 +++ postfix.spec.new 2009-09-17 12:01:23.000000000 -0700 @@ -79,7 +79,7 @@ %define with_alt_prio 30 %define with_cdb 0 -%define with_ldap 1 +%define with_ldap 0 %define with_mysql 0 %define with_mysql_redhat 0 %define with_pcre 0 @@ -88,7 +88,7 @@ %define with_spf 0 %define with_dovecot 0 %define with_tls 1 -%define with_tlsfix 2 +%define with_tlsfix 0 %define with_vda 0 # support the conditional builds via rpm's --with debug @@ -444,24 +444,9 @@ %endif %if %{with_tls} -# See http://www.openldap.org/lists/openldap-devel/200105/msg00008.html -# - rh6.2 needs LIBS=-ldl to build correctly. -# - reported by Jauder Ho <jauderho(a)carumba.com> - if pkg-config openssl; then - CCARGS="${CCARGS} -DUSE_TLS $(pkg-config --cflags openssl)" - AUXLIBS="${AUXLIBS} $(pkg-config --libs openssl)" - else - # - # CHECK THIS - these lines may no longer be needed (required for external TLS patch) - # - [ "%{with_tlsfix}" = 1 ] && LIBS=-ldl - [ "%{with_tlsfix}" = 2 ] && CCARGS="${CCARGS} -I/usr/kerberos/ include" - CCARGS="${CCARGS} -DUSE_TLS -I/usr/include/openssl" - AUXLIBS="${AUXLIBS} -lssl -lcrypto" - fi + CCARGS="${CCARGS} -DUSE_TLS -I/usr/local/include/openssl" + AUXLIBS="${AUXLIBS} -L/usr/local/lib -lssl -lcrypto" %else -# explicitly disable TLS otherwise will be built on machine if -# openssl is available CCARGS="${CCARGS} -DNO_TLS" %endif |