MIPS64EL cross build possible issue - incorrect openssl version

[mq2195]

I am attempting to (cross) compile ldns for MIPS64EL, using container. The configure script does not recognize correct version of openssl... Any help is welcomed.

relevant code:

FROM docker.io/library/debian:10 as builder

RUN apt-get update && apt-get install -y \
    bash curl file make gnupg qemu qemu-user ca-certificates \
    build-essential crossbuild-essential-mips64el \
  && rm -rf /var/lib/apt/lists/*

SHELL [ "/bin/bash", "-o", "pipefail", "-c" ]

ARG LDNS_VERSION=1.7.1

...
  && tar -xzf "ldns-${LDNS_VERSION}.tar.gz" --strip 1 \
  && file /builder-openssl/mips64/bin/openssl \
  && LD_LIBRARY_PATH=/builder-openssl/mips64/lib:/builder-zlib/mips64/lib \
       qemu-mips64el \
         -L /usr/mips64el-linux-gnuabi64 \
         /builder-openssl/mips64/bin/openssl version \
  && echo | LD_LIBRARY_PATH=/builder-openssl/mips64/lib:/builder-zlib/mips64/lib \
       qemu-mips64el \
         -L /usr/mips64el-linux-gnuabi64 \
         /builder-openssl/mips64/bin/openssl s_client -connect nlnetlabs.nl:443 -tls1_3 -brief \
  && CC=mips64el-linux-gnuabi64-gcc-8 CC_LD=mips64el-linux-gnuabi64-ld \
     ./configure \
       --host=mips64el \
       --build=amd64 \
       --prefix=/mips64 \
       --with-ssl="/builder-openssl/mips64" \
       --with-drill \
       --disable-shared \
  && make -j 4 \
  && make -j 4 install \
       DESTDIR=/builder-ldns

Problem:

configure: error: OpenSSL found in /builder-openssl/mips64, but version 0.9.7 or higher is required

Except, this is 1.1.1k version... (compiled step back, and as far as I can tell it is working. This is MIPS64EL version)

+ file /builder-openssl/mips64/bin/openssl
/builder-openssl/mips64/bin/openssl: ELF 64-bit LSB pie executable, MIPS, MIPS64 rel2 version 1 (SYSV), dynamically linked, interpreter /lib64/ld.so.1, BuildID[sha1]=9d4415756999126cc24ac4029c58a22f72519536, for GNU/Linux 3.2.0, not stripped
+ LD_LIBRARY_PATH=/builder-openssl/mips64/lib:/builder-zlib/mips64/lib qemu-mips64el -L /usr/mips64el-linux-gnuabi64 /builder-openssl/mips64/bin/openssl version
OpenSSL 1.1.1k  25 Mar 2021
+ echo
+ LD_LIBRARY_PATH=/builder-openssl/mips64/lib:/builder-zlib/mips64/lib qemu-mips64el -L /usr/mips64el-linux-gnuabi64 /builder-openssl/mips64/bin/openssl s_client -connect nlnetlabs.nl:443 -tls1_3 -brief
depth=1 C = US, O = Let's Encrypt, CN = R3
verify error:num=20:unable to get local issuer certificate
CONNECTION ESTABLISHED
Protocol version: TLSv1.3
Ciphersuite: TLS_AES_256_GCM_SHA384
Peer certificate: CN = nlnetlabs.nl
Hash used: SHA256
Signature type: RSA-PSS
Verification error: unable to get local issuer certificate
Server Temp Key: X25519, 253 bits
DONE

full configure log:

+ CC=mips64el-linux-gnuabi64-gcc-8 CC_LD=mips64el-linux-gnuabi64-ld ./configure --host=mips64el --build=amd64 --prefix=/mips64 --with-ssl=/builder-openssl/mips64 --with-drill --disable-shared
checking for mips64el-gcc... mips64el-linux-gnuabi64-gcc-8
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables... 
checking whether we are cross compiling... yes
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether mips64el-linux-gnuabi64-gcc-8 accepts -g... yes
checking for mips64el-linux-gnuabi64-gcc-8 option to accept ISO C89... none needed
checking how to run the C preprocessor... mips64el-linux-gnuabi64-gcc-8 -E
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E                     
checking for ANSI C header files... yes
checking for sys/types.h... yes                                                                                        
checking for sys/stat.h... yes                                                                                         
checking for stdlib.h... yes                                                                                           
checking for string.h... yes                                                                                           
checking for memory.h... yes                                                                                           
checking for strings.h... yes                                                     
checking for inttypes.h... yes               
checking for stdint.h... yes                                                                                           
checking for unistd.h... yes                                                                                           
checking minix/config.h usability... no                                                                                                           
checking minix/config.h presence... no                                                                                                           
checking for minix/config.h... no                                                                                                       
checking whether it is safe to define __EXTENSIONS__... yes                                                                                 
checking build system type... x86_64-pc-none                                                                                     
checking host system type... mips64el-unknown-elf                                                                                         
checking how to print strings... printf                                                                                                           
checking for a sed that does not truncate output... /bin/sed   
checking for fgrep... /bin/grep -F       
checking for ld used by mips64el-linux-gnuabi64-gcc-8... /usr/mips64el-linux-gnuabi64/bin/ld
checking if the linker (/usr/mips64el-linux-gnuabi64/bin/ld) is GNU ld... yes
checking for BSD- or MS-compatible name lister (nm)... no
checking for mips64el-dumpbin... no
checking for mips64el-link... no
checking for dumpbin... no
checking for link... link -dump
configure: WARNING: using cross tools not prefixed with host triplet
checking the name lister (nm) interface... BSD nm
checking whether ln -s works... yes
checking the maximum length of command line arguments... 1572864
checking how to convert x86_64-pc-none file names to mips64el-unknown-elf format... func_convert_file_noop
checking how to convert x86_64-pc-none file names to toolchain format... func_convert_file_noop
checking for /usr/mips64el-linux-gnuabi64/bin/ld option to reload object files... -r
checking for mips64el-objdump... no
checking for objdump... objdump
checking how to recognize dependent libraries... unknown
checking for mips64el-dlltool... no
checking for dlltool... no
checking how to associate runtime and link libraries... printf %s\n
checking for mips64el-ar... no
checking for ar... ar
checking for archiver @FILE support... @
checking for mips64el-strip... no
checking for strip... strip
checking for mips64el-ranlib... no
checking for ranlib... ranlib
checking for gawk... no
checking for mawk... mawk
checking command to parse nm output from mips64el-linux-gnuabi64-gcc-8 object... ok
checking for sysroot... no
checking for a working dd... /bin/dd
checking how to truncate binary pipes... /bin/dd bs=4096 count=1
checking for mips64el-mt... no
checking for mt... no
checking if : is a manifest tool... no
checking for dlfcn.h... yes
checking for objdir... .libs
checking if mips64el-linux-gnuabi64-gcc-8 supports -fno-rtti -fno-exceptions... no
checking for mips64el-linux-gnuabi64-gcc-8 option to produce PIC... -fPIC -DPIC
checking if mips64el-linux-gnuabi64-gcc-8 PIC flag -fPIC -DPIC works... yes
checking if mips64el-linux-gnuabi64-gcc-8 static flag -static works... yes
checking if mips64el-linux-gnuabi64-gcc-8 supports -c -o file.o... yes
checking if mips64el-linux-gnuabi64-gcc-8 supports -c -o file.o... (cached) yes
checking whether the mips64el-linux-gnuabi64-gcc-8 linker (/usr/mips64el-linux-gnuabi64/bin/ld) supports shared libraries... yes
checking dynamic linker characteristics... no
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... no
checking whether to build shared libraries... no
checking whether to build static libraries... yes
checking for mips64el-gcc... (cached) mips64el-linux-gnuabi64-gcc-8
checking whether we are using the GNU C compiler... (cached) yes
checking whether mips64el-linux-gnuabi64-gcc-8 accepts -g... (cached) yes
checking for mips64el-linux-gnuabi64-gcc-8 option to accept ISO C89... (cached) none needed
checking mips64el-linux-gnuabi64-gcc-8 dependency flag... -MM
checking whether make sets $(MAKE)... yes
checking whether mips64el-linux-gnuabi64-gcc-8 supports -std=c99... yes
checking whether mips64el-linux-gnuabi64-gcc-8 supports -xc99... no
checking for an ANSI C-conforming const... yes
checking whether mips64el-linux-gnuabi64-gcc-8 supports -Wall... yes
checking whether mips64el-linux-gnuabi64-gcc-8 supports -W... yes
checking whether mips64el-linux-gnuabi64-gcc-8 supports -Wwrite-strings... yes
checking whether mips64el-linux-gnuabi64-gcc-8 supports -Wstrict-prototypes... yes
checking whether mips64el-linux-gnuabi64-gcc-8 supports -Wunused-function... yes
checking whether mips64el-linux-gnuabi64-gcc-8 supports -Wmissing-prototypes... no
checking for getopt.h... yes
checking for time.h... yes
checking for winsock2.h... no
checking for ws2tcpip.h... no
checking whether mips64el-linux-gnuabi64-gcc-8 supports -Werror... yes
checking whether mips64el-linux-gnuabi64-gcc-8 supports -Wall... (cached) yes
checking whether mips64el-linux-gnuabi64-gcc-8 supports -std=c99... (cached) yes
checking whether mips64el-linux-gnuabi64-gcc-8 supports -xc99... (cached) no
checking for getopt.h... (cached) yes
checking for time.h... (cached) yes
checking whether we need -std=c99 -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_ALL_SOURCE as a flag for mips64el-linux-gnuabi64-gcc-8... failed
checking whether we need -std=c99 -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE as a flag for mips64el-linux-gnuabi64-gcc-8... failed
checking whether we need -std=c99 as a flag for mips64el-linux-gnuabi64-gcc-8... failed
checking whether we need -D_BSD_SOURCE -D_DEFAULT_SOURCE as a flag for mips64el-linux-gnuabi64-gcc-8... failed
checking whether we need -D_GNU_SOURCE as a flag for mips64el-linux-gnuabi64-gcc-8... failed
checking whether we need -D_GNU_SOURCE -D_FRSRESGID as a flag for mips64el-linux-gnuabi64-gcc-8... failed
checking whether we need -D_POSIX_C_SOURCE=200112 as a flag for mips64el-linux-gnuabi64-gcc-8... failed
checking whether we need -D__EXTENSIONS__ as a flag for mips64el-linux-gnuabi64-gcc-8... failed
checking for inline... inline
checking for int8_t... yes
checking for int16_t... yes
checking for int32_t... yes
checking for int64_t... yes
checking for uint8_t... yes
checking for uint16_t... yes
checking for uint32_t... yes
checking for uint64_t... yes
checking for doxygen... no
checking for library containing socket... none required
checking for library containing inet_pton... none required
checking for poll(2)... yes
checking for mips64el-ar... no
checking for ar... /usr/bin/ar
checking for SSL... found in /builder-openssl/mips64
checking for HMAC_Update in -lcrypto... no
checking if -lcrypto needs -lgdi32... no
checking if -lcrypto needs -ldl... no
checking if -lcrypto needs -ldl -pthread... no
configure: error: OpenSSL found in /builder-openssl/mips64, but version 0.9.7 or higher is required

[noloader]

@mq2195,

I build on a lot of different platforms, but I've never tried a Docker cross-compile. So take this with a grain of salt...

You need to get beyond configure not finding -lcrypto. The -L path in LDFLAGS should do it:

checking for HMAC_Update in -lcrypto...

Add the following flags to help things along. I suspect your CPPFLAGS and LDFLAGS are causing your troubles. Well behaved programs will honor your flags. I know LDNS does.

       CPPFLAGS: -I/builder-openssl/include
        ASFLAGS: -Wa,--noexecstack
         CFLAGS: -g2 -O3 ...
       CXXFLAGS: -g2 -O3 ...
        LDFLAGS: -L//builder-openssl/lib -Wl,-z,now -Wl,-z,origin
         LDLIBS: -ldl -lpthread ...

As an example of a good configure, here's what I just observed on Solaris i86pc:

checking for int8_t... yes
checking for int16_t... yes
checking for int32_t... yes
checking for int64_t... yes
checking for uint8_t... yes
checking for uint16_t... yes
checking for uint32_t... yes
checking for uint64_t... yes
...
checking for SSL... found in /opt/ssh
checking for EVP_sha256 in -lcrypto... yes
checking for openssl/ssl.h... yes
checking for openssl/err.h... yes
checking for openssl/rand.h... yes
checking for LibreSSL... no
checking for openssl/ssl.h... (cached) yes
checking openssl/evp.h usability... yes
checking openssl/evp.h presence... yes
checking for openssl/evp.h... yes
checking openssl/engine.h usability... yes
checking openssl/engine.h presence... yes
checking for openssl/engine.h... yes
checking openssl/conf.h usability... yes
checking openssl/conf.h presence... yes
checking for openssl/conf.h... yes
checking for EVP_sha256... yes
checking for EVP_sha384... yes
checking for EVP_sha512... yes
checking for EVP_PKEY_keygen... yes
checking for ECDSA_SIG_get0... yes
checking for EVP_MD_CTX_new... yes
checking for DSA_SIG_set0... yes
checking for DSA_SIG_get0... yes
checking for EVP_dss1... no
checking for DSA_get0_pqg... yes
checking for DSA_get0_key... yes
checking for EVP_cleanup... no
checking for ENGINE_cleanup... no
checking for ENGINE_free... yes
checking for CRYPTO_cleanup_all_ex_data... no
checking for ERR_free_strings... no
checking for CONF_modules_unload... yes
checking for OPENSSL_init_ssl... no
checking for OPENSSL_init_crypto... yes
checking for ERR_load_crypto_strings... no
checking for CRYPTO_memcmp... yes
checking for EVP_PKEY_get_base_id... no
checking whether EVP_PKEY_base_id is declared... yes
checking Checking for OpenSSL >= 3.0.0... no
checking for SHA256 and SHA512... checking for SHA256_Init... yes
checking for GOST... checking for EVP_PKEY_set_type_str... yes
checking for EC_KEY_new... yes
checking if GOST works... no
configure: WARNING: Gost support does not work because the engine is missing.
configure: WARNING: Install gost-engine first or use the --enable-gost-anyway to compile with GOST support anyway
configure: WARNING: See also https://github.com/gost-engine/engine/wiki for information about gost-engine
checking for ECDSA_sign... yes
checking for SHA384_Init... yes
checking whether NID_X9_62_prime256v1 is declared... yes
checking whether NID_secp384r1 is declared... yes
checking for DSA_SIG_new... yes
checking whether NID_ED25519 is declared... yes
checking whether NID_ED448 is declared... yes
checking for X509_check_ca... yes
checking for SSL_get0_dane... yes

But stepping back a bit, since you are cross-compiling, you should also be using:

CPPFLAGS = "-isysroot=/builder-openssl"
LDFLAGS = "-sysroot=/builder-openssl"

The sysroot will help the compiler and linker find other headers and libraries, and not just OpenSSL gear. That assumes /builder-openssl is your sysroot, which may not be the case. Change the path as required. /usr/mips64el-linux-gnuabi64 looks like it may be a good choice.