Inconsistent handling of CFLAGS/LIBS for libcap-ng and libgen-nl

[statkashaman]

I need to compile openvpn for ARM, I took the ready-made instructions from here https://gist.github.com/Anubisss/afea82b97058e418e8030ee35e40f54f, but there the old version is built, when trying to build a new version of openvpn, another dependency libcap-ng is added, I also built a static library libcap-ng from the sources, the ./configure for openvpn passes without errors, but when executing make I get the following error:

Making all in openvpn
make[3]: Entering directory '/home/source/openvpn-2.6.12/src/openvpn'
/bin/bash ../../libtool  --tag=CC   --mode=link arm-linux-gnueabi-gcc  -I/home/openvpn/include -I/home/openvpn/include -I/home/openvpn/include   -DPLUGIN_LIBDIR=\"/home/openvpn/lib/openvpn/plugins\"  -Wall -Wno-stringop-truncation -g -O2 -std=c99 -I/home/openvpn/include   -o openvpn argv.o auth_token.o base64.o buffer.o clinat.o comp.o compstub.o comp-lz4.o crypto.o crypto_openssl.o crypto_mbedtls.o dco.o dco_freebsd.o dco_linux.o dco_win.o dhcp.o dns.o env_set.o error.o event.o fdmisc.o forward.o fragment.o gremlin.o helper.o httpdigest.o lladdr.o init.o interval.o list.o lzo.o manage.o mbuf.o misc.o platform.o console.o console_builtin.o console_systemd.o mroute.o mss.o mstats.o mtcp.o mtu.o mudp.o multi.o networking_freebsd.o networking_iproute2.o networking_sitnl.o ntlm.o occ.o pkcs11.o pkcs11_openssl.o pkcs11_mbedtls.o openvpn.o options.o options_util.o otime.o packet_id.o perf.o ping.o plugin.o pool.o proto.o proxy.o ps.o push.o reflect_filter.o reliable.o route.o run_command.o schedule.o session_id.o shaper.o sig.o socket.o socks.o ssl.o ssl_openssl.o ssl_mbedtls.o ssl_ncp.o ssl_pkt.o ssl_util.o ssl_verify.o ssl_verify_openssl.o ssl_verify_mbedtls.o status.o tls_crypt.o tun.o vlan.o xkey_provider.o xkey_helper.o win32.o win32-util.o cryptoapi.o  ../../src/compat/libcompat.la -lresolv -L/home/openvpn/lib -llzo2 -L/home/openvpn/lib -llz4  -L/home/openvpn/lib -lssl -lcrypto      -all-static
libtool: link: arm-linux-gnueabi-gcc -I/home/openvpn/include -I/home/openvpn/include -I/home/openvpn/include -DPLUGIN_LIBDIR=\"/home/openvpn/lib/openvpn/plugins\" -Wall -Wno-stringop-truncation -g -O2 -std=c99 -I/home/openvpn/include -o openvpn argv.o auth_token.o base64.o buffer.o clinat.o comp.o compstub.o comp-lz4.o crypto.o crypto_openssl.o crypto_mbedtls.o dco.o dco_freebsd.o dco_linux.o dco_win.o dhcp.o dns.o env_set.o error.o event.o fdmisc.o forward.o fragment.o gremlin.o helper.o httpdigest.o lladdr.o init.o interval.o list.o lzo.o manage.o mbuf.o misc.o platform.o console.o console_builtin.o console_systemd.o mroute.o mss.o mstats.o mtcp.o mtu.o mudp.o multi.o networking_freebsd.o networking_iproute2.o networking_sitnl.o ntlm.o occ.o pkcs11.o pkcs11_openssl.o pkcs11_mbedtls.o openvpn.o options.o options_util.o otime.o packet_id.o perf.o ping.o plugin.o pool.o proto.o proxy.o ps.o push.o reflect_filter.o reliable.o route.o run_command.o schedule.o session_id.o shaper.o sig.o socket.o socks.o ssl.o ssl_openssl.o ssl_mbedtls.o ssl_ncp.o ssl_pkt.o ssl_util.o ssl_verify.o ssl_verify_openssl.o ssl_verify_mbedtls.o status.o tls_crypt.o tun.o vlan.o xkey_provider.o xkey_helper.o win32.o win32-util.o cryptoapi.o -static  ../../src/compat/.libs/libcompat.a -lresolv -L/home/openvpn/lib /home/openvpn/lib/liblzo2.a -llz4 -lssl -lcrypto
/usr/lib/gcc-cross/arm-linux-gnueabi/12/../../../../arm-linux-gnueabi/bin/ld: platform.o: in function `platform_group_get':
/home/source/openvpn-2.6.12/src/openvpn/platform.c:131: warning: Using 'getgrnam' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/lib/gcc-cross/arm-linux-gnueabi/12/../../../../arm-linux-gnueabi/bin/ld: platform.o: in function `platform_user_get':
/home/source/openvpn-2.6.12/src/openvpn/platform.c:87: warning: Using 'getpwnam' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/lib/gcc-cross/arm-linux-gnueabi/12/../../../../arm-linux-gnueabi/bin/ld: socket.o: in function `openvpn_getaddrinfo':
/home/source/openvpn-2.6.12/src/openvpn/socket.c:489: warning: Using 'getaddrinfo' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/lib/gcc-cross/arm-linux-gnueabi/12/../../../../arm-linux-gnueabi/bin/ld: /home/openvpn/lib/libcrypto.a(libcrypto-lib-bio_sock.o): in function `BIO_gethostbyname':
bio_sock.c:(.text+0x27c): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/lib/gcc-cross/arm-linux-gnueabi/12/../../../../arm-linux-gnueabi/bin/ld: socks.o: in function `port_from_servname':
/home/source/openvpn-2.6.12/src/openvpn/socks.c:441: warning: Using 'getservbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/lib/gcc-cross/arm-linux-gnueabi/12/../../../../arm-linux-gnueabi/bin/ld: platform.o: in function `platform_user_group_set':
/home/source/openvpn-2.6.12/src/openvpn/platform.c:246: undefined reference to `capng_clear'
/usr/lib/gcc-cross/arm-linux-gnueabi/12/../../../../arm-linux-gnueabi/bin/ld: /home/source/openvpn-2.6.12/src/openvpn/platform.c:247: undefined reference to `capng_update'
/usr/lib/gcc-cross/arm-linux-gnueabi/12/../../../../arm-linux-gnueabi/bin/ld: /home/source/openvpn-2.6.12/src/openvpn/platform.c:257: undefined reference to `capng_change_id'
collect2: error: ld returned 1 exit status
make[3]: *** [Makefile:671: openvpn] Error 1
make[3]: Leaving directory '/home/source/openvpn-2.6.12/src/openvpn'
make[2]: *** [Makefile:440: all-recursive] Error 1
make[2]: Leaving directory '/home/source/openvpn-2.6.12/src'
make[1]: *** [Makefile:618: all-recursive] Error 1
make[1]: Leaving directory '/home/source/openvpn-2.6.12'
make: *** [Makefile:506: all] Error 2

To make it easier to reproduce, I am attaching my steps below: Run docker image for build:

docker run --rm -it -v /tmp/test:/build debian bash

The following commands are executed inside the container:

1. Install dependencies:

   apt install build-essential gcc-arm-linux-gnueabi ca-certificates autoconf libtool wget pkg_config

2. Create direcories:

   mkdir /home/source /home/openvpn

3. Build LZO:

   
   cd /home/source
   wget https://www.oberhumer.com/opensource/lzo/download/lzo-2.10.tar.gz
   tar xvzf lzo-2.10.tar.gz

cd lzo-2.10 ./configure --prefix=/home/openvpn --enable-static --target=arm-linux-gnueabi --host=arm-linux-gnueabi

make && make install

4. Build LZ4:

cd /home/source wget https://github.com/lz4/lz4/archive/v1.9.4.tar.gz tar xvzf v1.9.4.tar.gz

cd lz4-1.9.4 make CC=arm-linux-gnueabi-gcc AR=arm-linux-gnueabi-ar && PREFIX=/home/openvpn make install

5. Build Openssl:

cd /home/source wget https://github.com/openssl/openssl/releases/download/openssl-3.1.6/openssl-3.1.6.tar.gz tar xvzf openssl-3.1.6.tar.gz

cd openssl-3.1.6 ./Configure gcc -static -no-shared --prefix=/home/openvpn --cross-compile-prefix=arm-linux-gnueabi-

make && make install

6. Build Libcap-ng:

cd /home/source wget https://github.com/stevegrubb/libcap-ng/archive/refs/tags/v0.8.4.tar.gz tar xzvf v0.8.4.tar.gz

cd libcap-ng-0.8.4 ./autogen.sh ./configure --prefix=/home/openvpn --enable-static --target=arm-linux-gnueabi --host=arm-linux-gnueabi make && make install

7. Build OpenVPN :

cd /home/source wget https://swupdate.openvpn.org/community/releases/openvpn-2.6.12.tar.gz tar xvzf openvpn-2.6.12.tar.gz

cd openvpn-2.6.12 ./configure --target=arm-linux-gnueabi --host=arm-linux-gnueabi --prefix=/home/openvpn --enable-static --disable-shared --disable-debug --disable-plugins OPENSSL_CFLAGS="-I/home/openvpn/include" OPENSSL_LIBS="-L/home/openvpn/lib -lssl -lcrypto" LZO_CFLAGS="-I/home/openvpn/include" LZO_LIBS="-L/home/openvpn/lib -llzo2" LIBCAPNG_CFLAGS="-I/home/openvpn/include" LIBCAPNG_LIBS="-L/home/openvpn/lib -lcap-ng" LZ4_CFLAGS="-I/home/openvpn/include" LZ4_LIBS="-L/home/openvpn/lib -llz4" IFCONFIG=/sbin/ifconfig ROUTE=/sbin/route NETSTAT=/bin/netstat IPROUTE=/sbin/ip --enable-iproute2 LIBS="-L/home/openvpn/lib -lssl -lcrypto -llzo2 -lcap-ng -llz4" --disable-dco

make LIBS="-all-static"

The specified error occurs at the _make_ step. The error says that the compiler does not seem to link libcap-ng library, but at the same time it is clearly specified and the _./configure_ goes fine, please help with this problem, thanks in advance!

[schwabe]

the libtool call is missing the -lcap-ng. I think the LIBCAPNG variables are not everywhere added in the .am files like the lzo , lz4 and flags. I think getting libcap-ng from an non system location has just not implemented yet as cross compiling for a different linux is kind of rare.

[flichtenheld]

Will take a look

[flichtenheld]

The problem here is the LIBS override in the make call. For libcap-ng and libgen-nl we set the CFLAGS and LIBS via the global variables instead of adding them via automake's AM_CFLAGS and opvnpn_LDADD. All other libraries are handled differently. Here is a patch that should make the handling consistent: https://gerrit.openvpn.net/c/openvpn/+/724

[flichtenheld]

@statkashaman you can easily work around the problem by just calling make LIBS="-all-static -lcap-ng" instead. Note that the LIBS argument to configure is completely useless.