zhangguanzhang
commented
2 years ago @suconghou I have seen your nginx static compilation, can you help me with this problem?
Closed zhangguanzhang closed 2 years ago
zhangguanzhang
commented
2 years ago @suconghou I have seen your nginx static compilation, can you help me with this problem?
pqarmitage
commented
2 years ago What is line 8593 of your configure file? Is it $PKG_CONFIG --exists openssl. What does executing pkg-config --exists openssl; echo $? output? Can you exit your configure file and add echo PKG_CONFIG=$PKG_CONFIG at line 8592
Your Way2 is not valid, since configure needs to be run for the same environment that keepalived will be built in. However, Way2 suggests that there are no static libraries installed on your system for crypto, ssl, nl-3 nl-genl-3 magic ip4tc ip6tc and mnl.
For Way1, I don't know why configure is complaining about line 8593; it suggests that $PKG_CONFIG is not defined for some reason. When I run configure using Way1 on Alpine 3.15, the only error I get is:
checking for EVP_DigestInit_ex in -lcrypto... no
configure: error: OpenSSL EVP libraries are requiredi.e. the same as you without the --exists error.
The error above is saying that the crypto library is not available, which again means that there is no static version of the crypto library available.
If you want to build with static linking, you will need to ensure that you have all the necessary static libraries installed for keepalived to link to.
Regarding you comment above, could you please provide an English translation.
zhangguanzhang
commented
2 years ago I use the minimal configure , and still error
export CFLAGS='-static -s' LDFLAGS=-static
./configure \
--disable-dynamic-linking
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a race-free mkdir -p... ./build-aux/install-sh -c -d
checking for gawk... no
checking for mawk... no
checking for nawk... no
checking for awk... awk
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
checking whether make supports nested variables... (cached) yes
checking for pkg-config... /usr/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether the compiler supports GNU C... yes
checking whether gcc accepts -g... yes
checking for gcc option to enable C11 features... none needed
checking whether gcc understands -c and -o together... yes
checking whether make supports the include directive... yes (GNU style)
checking dependency style of gcc... gcc3
checking whether make sets $(MAKE)... (cached) yes
checking for ranlib... ranlib
checking for grep that handles long lines and -e... /bin/grep
checking whether ln -s works... yes
checking for a sed that does not truncate output... /bin/sed
checking for strip... strip
checking for ldd... ldd
checking for ar... ar
checking the archiver (ar) interface... ar
checking if using GCC Link Time Optimisation... no
checking msghdr.msg_controllen is size_t... no
checking diagnostic pragmas in functions... yes
checking diagnostic push/pop pragmas... yes
checking for -Wall... yes
checking for -Wextra... yes
checking for -Wunused... yes
checking for -Wstrict-prototypes... yes
checking for -Wabi... yes
checking for -Wabsolute-value... yes
checking for -Waddress-of-packed-member... yes
checking for -Walloca... yes
checking for -Walloc-larger-than=4096... no
checking for -Walloc-zero... yes
checking for -Warith-conversion... yes
checking for -Warray-bounds=2... yes
checking for -Wattribute-alias=2... yes
checking for -Wbad-function-cast... yes
checking for -Wc11-c2x-compat... yes
checking for -Wcast-align... yes
checking for -Wcast-qual... yes
checking for -Wchkp... no
checking for -Wdate-time... yes
checking for -Wdisabled-optimization... yes
checking for -Wdouble-promotion... yes
checking for -Wduplicated-branches... yes
checking for -Wduplicated-cond... yes
checking for -Wfloat-conversion... yes
checking for -Wfloat-equal... yes
checking for -Wformat-overflow... yes
checking for -Wformat-security... yes
checking for -Wformat-signedness... yes
checking for -Wformat-truncation... yes
checking for -Wframe-larger-than=5120... yes
checking for -Wimplicit-fallthrough=3... yes
checking for -Winit-self... yes
checking for -Winline... yes
checking for -Winvalid-pch... yes
checking for -Wjump-misses-init... yes
checking for -Wlogical-op... yes
checking for -Wmissing-declarations... yes
checking for -Wmissing-field-initializers... yes
checking for -Wmissing-include-dirs... yes
checking for -Wmissing-prototypes... yes
checking for -Wnested-externs... yes
checking for -Wnormalized... yes
checking for -Wnull-dereference... yes
checking for -Wold-style-definition... yes
checking for -Woverlength-strings... yes
checking for -Wpointer-arith... yes
checking for -Wredundant-decls... yes
checking for -Wshadow... yes
checking for -Wshift-overflow=2... yes
checking for -Wstack-protector... yes
checking for -Wstrict-overflow=4... yes
checking for -Wstringop-overflow=2... yes
checking for -Wstringop-truncation... yes
checking for -Wsuggest-attribute=cold... yes
checking for -Wsuggest-attribute=const... yes
checking for -Wsuggest-attribute=format... yes
checking for -Wsuggest-attribute=malloc... yes
checking for -Wsuggest-attribute=noreturn... yes
checking for -Wsuggest-attribute=pure... yes
checking for -Wsync-nand... yes
checking for -Wtrampolines... yes
checking for -Wundef... yes
checking for -Wuninitialized... yes
checking for -Wunknown-pragmas... yes
checking for -Wunsafe-loop-optimizations... yes
checking for -Wunsuffixed-float-constants... yes
checking for -Wunused-const-variable=2... yes
checking for -Wunused-macros... no
checking for -Wvariadic-macros... yes
checking for -Wwrite-strings... yes
checking for function __attribute__((error(msg))) support... yes
checking for PIE support... yes
checking for -Wformat -Werror=format-security support... yes
checking for -Wp,-D_FORTIFY_SOURCE=2 support... yes
checking for -fexceptions support... yes
checking for -fstack-protector-strong support... yes
checking for --param=ssp-buffer-size=4 support... yes
checking for -grecord-gcc-switches support... yes
checking for -Wl,-z,relro support... yes
checking for -Wl,-z,now support... yes
checking for -O2 support... yes
checking for unaligned memory access... yes
checking for unaligned memory access causes warnings... no
checking for clock_gettime() requires -lrt... no
checking for stdio.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for strings.h... yes
checking for sys/stat.h... yes
checking for sys/types.h... yes
checking for unistd.h... yes
checking for vfork.h... no
checking for arpa/inet.h... yes
checking for fcntl.h... yes
checking for limits.h... yes
checking for netdb.h... yes
checking for netinet/in.h... yes
checking for stdint.h... (cached) yes
checking for stdlib.h... (cached) yes
checking for string.h... (cached) yes
checking for sys/ioctl.h... yes
checking for sys/param.h... yes
checking for sys/prctl.h... yes
checking for sys/socket.h... yes
checking for sys/time.h... yes
checking for syslog.h... yes
checking for unistd.h... (cached) yes
checking linux/errqueue.h needs sys/time.h... yes
checking for asm/types.h... yes
checking for linux/ethtool.h... yes
checking for linux/icmpv6.h... yes
checking for linux/if_ether.h... yes
checking for linux/if_packet.h... yes
checking for linux/ip.h... yes
checking for linux/sockios.h... yes
checking for linux/types.h... yes
checking for linux/fib_rules.h... yes
checking for linux/if_addr.h... yes
checking for linux/if_link.h... yes
checking for linux/if_arp.h... yes
checking for _Bool... yes
checking for stdbool.h that conforms to C99... yes
checking for inline... inline
checking for int64_t... yes
checking for pid_t... yes
checking for size_t... yes
checking for uint16_t... yes
checking for uint32_t... yes
checking for uint64_t... yes
checking for uint8_t... yes
checking for an ANSI C-conforming const... yes
checking for fork... yes
checking for vfork... yes
checking for working fork... yes
checking for working vfork... (cached) yes
checking for dup2... yes
checking for dup3... yes
checking for getcwd... yes
checking for gettimeofday... yes
checking for malloc... yes
checking for memmove... yes
checking for memset... yes
checking for realloc... yes
checking for select... yes
checking for setenv... yes
checking for socket... yes
checking for strcasecmp... yes
checking for strchr... yes
checking for strdup... yes
checking for strerror... yes
checking for strpbrk... yes
checking for strstr... yes
checking for strtol... yes
checking for strtoul... yes
checking for uname... yes
checking for vsyslog... yes
checking for memfd_create... yes
checking for gcc options needed to detect all undeclared functions... none needed
checking whether O_TMPFILE is declared... yes
checking whether ETHERTYPE_IPV6 is declared... yes
checking whether IPV6_MULTICAST_ALL is declared... yes
checking for openssl/ssl.h... yes
checking for openssl/err.h... yes
checking for openssl/md5.h... yes
checking for openssl/evp.h... yes
checking for EVP_DigestInit_ex in -lcrypto... no
/opt # pkg-config --exists openssl
/opt # echo $?
0
/opt # For what it's worth, on a Fedora system configure fails reporting configure: error: C compiler cannot create executables and gcc reports /usr/bin/ld: cannot find -lc. So it seems that finding sufficient static linking libraries is a problem
zhangguanzhang
commented
2 years ago For what it's worth, on a Fedora system configure fails reporting
configure: error: C compiler cannot create executablesand gcc reports/usr/bin/ld: cannot find -lc. So it seems that finding sufficient static linking libraries is a problem
I think there is something override the CFLAGS and LDFLAGS , should append to them
pqarmitage
commented
2 years ago I think there is something override the CFLAGS and LDFLAGS , should append to them By default CFLAGS and LDFLAGS are unset on my Fedora systems, so appending to them will not make any difference, but I do agree that appending to them would be better practice.
pqarmitage
commented
2 years ago What configure is reporting is that there is no crypto library available for static linking. If you want to build keepalived statically linked, you will need to install versions of the crypto ssl nl-3 nl-genl-3 magic ip4tc ip6tc mnl libraries that support static linking.
zhangguanzhang
commented
2 years ago What configure is reporting is that there is no crypto library available for static linking. If you want to build keepalived statically linked, you will need to install versions of the
crypto ssl nl-3 nl-genl-3 magic ip4tc ip6tc mnllibraries that support static linking.
I cannot find crypto ssl nl-3 nl-genl-3 magic ip4tc ip6tc mnl in alpine , which os did you used ? I also use ubuntu to compilre, and I got the same error
pqarmitage
commented
2 years ago I used Alpine 3.15 for testing the above.
From your original message your apk add command added some of the libraries.
I suggest you start by building with dynamic linking, i.e. don't set CFLAGS or LDFLAGS, but you can still specify --disable-dynamic-linking. That should make sure you have all the necessary dynamic linking libraries installed (and this worked for me). The libraries I listed above are the ones that do not appear to have a static linking version installed, even though the dynamic linking versions are installed.
zhangguanzhang
commented
2 years ago I used Alpine 3.15 for testing the above.
From your original message your
apk addcommand added some of the libraries.I suggest you start by building with dynamic linking, i.e. don't set CFLAGS or LDFLAGS, but you can still specify
--disable-dynamic-linking. That should make sure you have all the necessary dynamic linking libraries installed (and this worked for me). The libraries I listed above are the ones that do not appear to have a static linking version installed, even though the dynamic linking versions are installed.
--disable-dynamic-linking not work, It's still dynamic link:
use alpine:
$ cat /etc/os-release
NAME="Alpine Linux"
ID=alpine
VERSION_ID=3.15.0
PRETTY_NAME="Alpine Linux v3.15"
HOME_URL="https://alpinelinux.org/"
BUG_REPORT_URL="https://bugs.alpinelinux.org/"
$ unset CFLAGS LDFLAGS
$ ./configure --disable-dynamic-linking &>/dev/null && \
make &>/dev/null && \
make install &>/dev/null && \
ldd `which keepalived`
/lib/ld-musl-x86_64.so.1 (0x7f1c866d0000)
libcrypto.so.1.1 => /lib/libcrypto.so.1.1 (0x7f1c863a8000)
libssl.so.1.1 => /lib/libssl.so.1.1 (0x7f1c86327000)
libnl-3.so.200 => /usr/lib/libnl-3.so.200 (0x7f1c86307000)
libnl-genl-3.so.200 => /usr/lib/libnl-genl-3.so.200 (0x7f1c862ff000)
libmagic.so.1 => /usr/lib/libmagic.so.1 (0x7f1c862dd000)
libip4tc.so.2 => /usr/lib/libip4tc.so.2 (0x7f1c862d4000)
libip6tc.so.2 => /usr/lib/libip6tc.so.2 (0x7f1c862cb000)
libipset.so.13 => /usr/lib/libipset.so.13 (0x7f1c86299000)
libnftnl.so.11 => /usr/lib/libnftnl.so.11 (0x7f1c86269000)
libmnl.so.0 => /usr/lib/libmnl.so.0 (0x7f1c86261000)
libc.musl-x86_64.so.1 => /lib/ld-musl-x86_64.so.1 (0x7f1c866d0000)use ubuntu 20.04:
$ unset CFLAGS LDFLAGS
$ ./configure --disable-dynamic-linking &>/dev/null && \
make &>/dev/null && \
make install &>/dev/null && \
ldd `which keepalived`
linux-vdso.so.1 (0x00007ffd0db11000)
libcrypto.so.1.1 => /lib/x86_64-linux-gnu/libcrypto.so.1.1 (0x00007fcb2f0c8000)
libssl.so.1.1 => /lib/x86_64-linux-gnu/libssl.so.1.1 (0x00007fcb2f035000)
libnl-3.so.200 => /lib/x86_64-linux-gnu/libnl-3.so.200 (0x00007fcb2f012000)
libnl-genl-3.so.200 => /lib/x86_64-linux-gnu/libnl-genl-3.so.200 (0x00007fcb2f00a000)
libip4tc.so.2 => /lib/x86_64-linux-gnu/libip4tc.so.2 (0x00007fcb2f000000)
libip6tc.so.2 => /lib/x86_64-linux-gnu/libip6tc.so.2 (0x00007fcb2eff6000)
libipset.so.13 => /lib/x86_64-linux-gnu/libipset.so.13 (0x00007fcb2efc3000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fcb2edd1000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fcb2edcb000)
libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007fcb2eda8000)
libmnl.so.0 => /lib/x86_64-linux-gnu/libmnl.so.0 (0x00007fcb2eba2000)
/lib64/ld-linux-x86-64.so.2 (0x00007fcb2f442000)
$ cat /etc/os-release
NAME="Ubuntu"
VERSION="20.04.3 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04.3 LTS"
VERSION_ID="20.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal
--disable-dynamic-linking is perhaps misnamed. By default with some libraries, i.e. libnl, libnl-3, libnl-genl-3, libipset, libip4tc and libip6tc, keepalived itself handles the linking to the libraries using dlopen()/dlsym(). This means that keepalived can be build to use those libraries if they are present on the target system, but can work without them if necessary (an example of where this is useful is that some systems may have the nftables libraries installed and other systems may have the iptables/ipset libraries installed, and the same binary can work in either situation).
--disable-dynamic-linking disables this form of dynamic linking (i.e. keepalived doing the linking at runtime), and keepalived will then use the standard dynamic linking. Although there is no reason why keepalived shouldn't work with static linking, the system on which keepalived is being build would need to have static linking versions of all the necessary libraries, and it seems that our Alpine systems do not have them installed for crypto etc, as I have listed above. It might be that Alpine has static linking versions of those libraries in other packages, but I do not know what, if they exist, those packages are.
zhangguanzhang
commented
2 years ago I use the website to search some static libs and try:
$ apk --no-cache add \
binutils \
file \
file-dev \
gcc \
glib \
glib-static \
ipset \
ipset-dev \
iptables \
iptables-dev \
libnftnl-dev \
libnl3 \
libnl3-dev \
make \
musl-dev \
net-snmp-dev \
openssl \
pcre2 \
pcre2-dev \
autoconf \
automake \
libressl-dev zlib-static alpine-sdk linux-headers libmnl-static
$ export CFLAGS='-static -s' LDFLAGS=-static
$ ./configure --disable-dynamic-linking
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a race-free mkdir -p... ./build-aux/install-sh -c -d
checking for gawk... no
checking for mawk... no
checking for nawk... no
checking for awk... awk
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
checking whether make supports nested variables... (cached) yes
checking for pkg-config... /usr/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether the compiler supports GNU C... yes
checking whether gcc accepts -g... yes
checking for gcc option to enable C11 features... none needed
checking whether gcc understands -c and -o together... yes
checking whether make supports the include directive... yes (GNU style)
checking dependency style of gcc... gcc3
checking whether make sets $(MAKE)... (cached) yes
checking for ranlib... ranlib
checking for grep that handles long lines and -e... /bin/grep
checking whether ln -s works... yes
checking for a sed that does not truncate output... /bin/sed
checking for strip... strip
checking for ldd... ldd
checking for ar... ar
checking the archiver (ar) interface... ar
checking if using GCC Link Time Optimisation... no
checking msghdr.msg_controllen is size_t... no
checking diagnostic pragmas in functions... yes
checking diagnostic push/pop pragmas... yes
checking for -Wall... yes
checking for -Wextra... yes
checking for -Wunused... yes
checking for -Wstrict-prototypes... yes
checking for -Wabi... yes
checking for -Wabsolute-value... yes
checking for -Waddress-of-packed-member... yes
checking for -Walloca... yes
checking for -Walloc-larger-than=4096... no
checking for -Walloc-zero... yes
checking for -Warith-conversion... yes
checking for -Warray-bounds=2... yes
checking for -Wattribute-alias=2... yes
checking for -Wbad-function-cast... yes
checking for -Wc11-c2x-compat... yes
checking for -Wcast-align... yes
checking for -Wcast-qual... yes
checking for -Wchkp... no
checking for -Wdate-time... yes
checking for -Wdisabled-optimization... yes
checking for -Wdouble-promotion... yes
checking for -Wduplicated-branches... yes
checking for -Wduplicated-cond... yes
checking for -Wfloat-conversion... yes
checking for -Wfloat-equal... yes
checking for -Wformat-overflow... yes
checking for -Wformat-security... yes
checking for -Wformat-signedness... yes
checking for -Wformat-truncation... yes
checking for -Wframe-larger-than=5120... yes
checking for -Wimplicit-fallthrough=3... yes
checking for -Winit-self... yes
checking for -Winline... yes
checking for -Winvalid-pch... yes
checking for -Wjump-misses-init... yes
checking for -Wlogical-op... yes
checking for -Wmissing-declarations... yes
checking for -Wmissing-field-initializers... yes
checking for -Wmissing-include-dirs... yes
checking for -Wmissing-prototypes... yes
checking for -Wnested-externs... yes
checking for -Wnormalized... yes
checking for -Wnull-dereference... yes
checking for -Wold-style-definition... yes
checking for -Woverlength-strings... yes
checking for -Wpointer-arith... yes
checking for -Wredundant-decls... yes
checking for -Wshadow... yes
checking for -Wshift-overflow=2... yes
checking for -Wstack-protector... yes
checking for -Wstrict-overflow=4... yes
checking for -Wstringop-overflow=2... yes
checking for -Wstringop-truncation... yes
checking for -Wsuggest-attribute=cold... yes
checking for -Wsuggest-attribute=const... yes
checking for -Wsuggest-attribute=format... yes
checking for -Wsuggest-attribute=malloc... yes
checking for -Wsuggest-attribute=noreturn... yes
checking for -Wsuggest-attribute=pure... yes
checking for -Wsync-nand... yes
checking for -Wtrampolines... yes
checking for -Wundef... yes
checking for -Wuninitialized... yes
checking for -Wunknown-pragmas... yes
checking for -Wunsafe-loop-optimizations... yes
checking for -Wunsuffixed-float-constants... yes
checking for -Wunused-const-variable=2... yes
checking for -Wunused-macros... no
checking for -Wvariadic-macros... yes
checking for -Wwrite-strings... yes
checking for function __attribute__((error(msg))) support... yes
checking for PIE support... yes
checking for -Wformat -Werror=format-security support... yes
checking for -Wp,-D_FORTIFY_SOURCE=2 support... yes
checking for -fexceptions support... yes
checking for -fstack-protector-strong support... yes
checking for --param=ssp-buffer-size=4 support... yes
checking for -grecord-gcc-switches support... yes
checking for -Wl,-z,relro support... yes
checking for -Wl,-z,now support... yes
checking for -O2 support... yes
checking for unaligned memory access... yes
checking for unaligned memory access causes warnings... no
checking for clock_gettime() requires -lrt... no
checking for stdio.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for strings.h... yes
checking for sys/stat.h... yes
checking for sys/types.h... yes
checking for unistd.h... yes
checking for vfork.h... no
checking for arpa/inet.h... yes
checking for fcntl.h... yes
checking for limits.h... yes
checking for netdb.h... yes
checking for netinet/in.h... yes
checking for stdint.h... (cached) yes
checking for stdlib.h... (cached) yes
checking for string.h... (cached) yes
checking for sys/ioctl.h... yes
checking for sys/param.h... yes
checking for sys/prctl.h... yes
checking for sys/socket.h... yes
checking for sys/time.h... yes
checking for syslog.h... yes
checking for unistd.h... (cached) yes
checking linux/errqueue.h needs sys/time.h... yes
checking for asm/types.h... yes
checking for linux/ethtool.h... yes
checking for linux/icmpv6.h... yes
checking for linux/if_ether.h... yes
checking for linux/if_packet.h... yes
checking for linux/ip.h... yes
checking for linux/sockios.h... yes
checking for linux/types.h... yes
checking for linux/fib_rules.h... yes
checking for linux/if_addr.h... yes
checking for linux/if_link.h... yes
checking for linux/if_arp.h... yes
checking for _Bool... yes
checking for stdbool.h that conforms to C99... yes
checking for inline... inline
checking for int64_t... yes
checking for pid_t... yes
checking for size_t... yes
checking for uint16_t... yes
checking for uint32_t... yes
checking for uint64_t... yes
checking for uint8_t... yes
checking for an ANSI C-conforming const... yes
checking for fork... yes
checking for vfork... yes
checking for working fork... yes
checking for working vfork... (cached) yes
checking for dup2... yes
checking for dup3... yes
checking for getcwd... yes
checking for gettimeofday... yes
checking for malloc... yes
checking for memmove... yes
checking for memset... yes
checking for realloc... yes
checking for select... yes
checking for setenv... yes
checking for socket... yes
checking for strcasecmp... yes
checking for strchr... yes
checking for strdup... yes
checking for strerror... yes
checking for strpbrk... yes
checking for strstr... yes
checking for strtol... yes
checking for strtoul... yes
checking for uname... yes
checking for vsyslog... yes
checking for memfd_create... yes
checking for gcc options needed to detect all undeclared functions... none needed
checking whether O_TMPFILE is declared... yes
checking whether ETHERTYPE_IPV6 is declared... yes
checking whether IPV6_MULTICAST_ALL is declared... yes
checking for openssl/ssl.h... yes
checking for openssl/err.h... yes
checking for openssl/md5.h... yes
checking for openssl/evp.h... yes
checking for EVP_DigestInit_ex in -lcrypto... yes
checking for EVP_MD_CTX_new in -lcrypto... yes
checking for SSL_CTX_new in -lssl... yes
checking SSL_set_tlsext_host_name() - may be a definition... yes
checking for SSL_CTX_set_verify_depth... yes
checking for SSL_set0_rbio... yes
checking for OPENSSL_init_crypto... yes
checking for TLS_method... yes
checking whether IPV4_DEVCONF_ARP_IGNORE is declared... yes
checking whether IPV4_DEVCONF_ACCEPT_LOCAL is declared... yes
checking whether IPV4_DEVCONF_RP_FILTER is declared... yes
checking whether IPV4_DEVCONF_ARPFILTER is declared... yes
checking for linux/rtnetlink.h... yes
checking for nl_socket_alloc in -lnl-3... no
checking for nl_socket_modify_cb in -lnl... no
configure: WARNING: keepalived will be built without libnl support.
checking for magic_open in -lmagic... no
checking whether RTA_ENCAP is declared... yes
checking whether RTA_EXPIRES is declared... yes
checking whether RTA_NEWDST is declared... yes
checking whether RTA_PREF is declared... yes
checking whether FRA_SUPPRESS_PREFIXLEN is declared... yes
checking whether FRA_SUPPRESS_IFGROUP is declared... yes
checking whether FRA_TUN_ID is declared... yes
checking whether RTAX_CC_ALGO is declared... yes
checking whether RTAX_QUICKACK is declared... yes
checking whether RTEXT_FILTER_SKIP_STATS is declared... yes
checking whether FRA_L3MDEV is declared... yes
checking whether FRA_UID_RANGE is declared... yes
checking whether RTAX_FASTOPEN_NO_COOKIE is declared... yes
checking whether RTA_VIA is declared... yes
checking whether FRA_PROTOCOL is declared... yes
checking whether FRA_IP_PROTO is declared... yes
checking whether FRA_SPORT_RANGE is declared... yes
checking whether FRA_DPORT_RANGE is declared... yes
checking whether RTA_TTL_PROPAGATE is declared... yes
checking whether IFA_FLAGS is declared... yes
checking whether LWTUNNEL_ENCAP_MPLS is declared... yes
checking whether LWTUNNEL_ENCAP_ILA is declared... yes
checking for libiptc/libip6tc.h... yes
checking for libiptc/libiptc.h... yes
checking for libiptc/libxtc.h... yes
checking for library containing iptc_init... no
checking whether NFTA_TABLE_MAX is declared... yes
checking whether NFTNL_EXPR_LOOKUP_FLAGS and NFT_LOOKUP_F_INV are defined... yes
checking whether NFT_META_L4PROTO is declared... yes
checking whether NFTA_DUP_MAX is declared... yes
checking whether NFT_META_OIFKIND is declared... yes
checking whether NFT_USERDATA_MAXLEN is declared... yes
checking whether nftnl_udata_buf_alloc is declared... yes
checking whether nftnl_udata_put_u32 is declared... yes
checking whether NFTNL_SET_DESC_CONCAT is declared... yes
checking whether NFTNL_SET_ELEM_KEY_END is declared... yes
checking whether NFT_SET_CONCAT is declared... yes
checking whether NFTNL_SET_EXPR is declared... yes
checking for linux/if.h and net/if.h namespace collision... yes
checking for linux/if_ether.h then netinet/in.h then linux/if.h namespace collision... no
checking for linux/if_ether.h then netinet/if_ether.h namespace collision... yes
checking for libiptc/libiptc.h linux/if.h and net/if.h namespace collision... no
checking whether IPVS_DEST_ATTR_ADDR_FAMILY is declared... yes
checking whether IPVS_DAEMON_ATTR_SYNC_MAXLEN is declared... yes
checking whether IPVS_DAEMON_ATTR_MCAST_GROUP is declared... yes
checking whether IPVS_DAEMON_ATTR_MCAST_GROUP6 is declared... yes
checking whether IPVS_DAEMON_ATTR_MCAST_PORT is declared... yes
checking whether IPVS_DAEMON_ATTR_MCAST_TTL is declared... yes
checking whether IPVS_SVC_ATTR_STATS64 is declared... yes
checking whether IPVS_DEST_ATTR_STATS64 is declared... yes
checking whether IPVS_DEST_ATTR_TUN_TYPE is declared... yes
checking whether IP_VS_TUNNEL_ENCAP_FLAG_NOCSUM is declared... yes
checking whether IP_VS_CONN_F_TUNNEL_TYPE_GRE is declared... yes
checking whether IFLA_IPVLAN_MODE is declared... yes
checking whether IPVLAN_MODE_L3S is declared... yes
checking whether IFLA_IPVLAN_FLAGS is declared... yes
checking whether GLOB_BRACE is declared... no
checking whether GLOB_ALTDIRFUNC is declared... no
checking for timegm()... yes
checking whether IFLA_INET6_ADDR_GEN_MODE is declared... yes
checking whether IFLA_VRF_MAX is declared... yes
checking whether SO_MARK is declared... yes
checking for sphinx-build... No
checking for rpm... No
checking that generated files are newer than configure... done
configure: creating ./config.status
config.status: creating Makefile
config.status: creating keepalived/Makefile
config.status: creating lib/Makefile
config.status: creating keepalived/core/Makefile
config.status: creating keepalived.spec
config.status: creating Dockerfile
config.status: creating keepalived/check/Makefile
config.status: creating keepalived/vrrp/Makefile
config.status: creating keepalived/bfd/Makefile
config.status: creating doc/Makefile
config.status: creating bin_install/Makefile
config.status: creating keepalived/dbus/Makefile
config.status: creating keepalived/etc/Makefile
config.status: creating keepalived/etc/init/Makefile
config.status: creating keepalived/etc/init.d/Makefile
config.status: creating keepalived/etc/sysconfig/Makefile
config.status: creating keepalived/etc/keepalived/Makefile
config.status: creating keepalived/trackers/Makefile
config.status: creating doc/man/man8/Makefile
config.status: creating doc/man/man5/Makefile
config.status: creating doc/man/man1/Makefile
config.status: creating lib/config.h
config.status: creating lib/config_warnings.h
config.status: lib/config_warnings.h is unchanged
config.status: executing depfiles commands
Keepalived configuration
------------------------
Keepalived version : 2.2.7
Compiler : gcc gcc (Alpine 10.3.1_git20211027) 10.3.1 20211027
Preprocessor flags : -D_GNU_SOURCE
Compiler flags : -g -static -s -Wall -Wextra -Wunused -Wstrict-prototypes -Wabi -Wabsolute-value -Waddress-of-packed-member -Walloca -Walloc-zero -Warith-conversion -Warray-bounds=2 -Wattribute-alias=2 -Wbad-function-cast -Wc11-c2x-compat -Wcast-align -Wcast-qual -Wdate-time -Wdisabled-optimization -Wdouble-promotion -Wduplicated-branches -Wduplicated-cond -Wfloat-conversion -Wfloat-equal -Wformat-overflow -Wformat-security -Wformat-signedness -Wformat-truncation -Wframe-larger-than=5120 -Wimplicit-fallthrough=3 -Winit-self -Winline -Winvalid-pch -Wjump-misses-init -Wlogical-op -Wmissing-declarations -Wmissing-field-initializers -Wmissing-include-dirs -Wmissing-prototypes -Wnested-externs -Wnormalized -Wnull-dereference -Wold-style-definition -Woverlength-strings -Wpointer-arith -Wredundant-decls -Wshadow -Wshift-overflow=2 -Wstack-protector -Wstrict-overflow=4 -Wstringop-overflow=2 -Wstringop-truncation -Wsuggest-attribute=cold -Wsuggest-attribute=const -Wsuggest-attribute=format -Wsuggest-attribute=malloc -Wsuggest-attribute=noreturn -Wsuggest-attribute=pure -Wsync-nand -Wtrampolines -Wundef -Wuninitialized -Wunknown-pragmas -Wunsafe-loop-optimizations -Wunsuffixed-float-constants -Wunused-const-variable=2 -Wvariadic-macros -Wwrite-strings -fPIE -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -O2
Linker flags : -static -pie -Wl,-z,relro -Wl,-z,now
Extra Lib : -lm -lcrypto -lssl -lnftnl -lmnl
Use IPVS Framework : Yes
IPVS use libnl : No
IPVS syncd attributes : Yes
IPVS 64 bit stats : Yes
HTTP_GET regex support : No
fwmark socket support : Yes
Use VRRP Framework : Yes
Use VRRP VMAC : Yes
Use VRRP authentication : Yes
With track_process : Yes
With linkbeat : Yes
Use BFD Framework : No
SNMP vrrp support : No
SNMP checker support : No
SNMP RFCv2 support : No
SNMP RFCv3 support : No
DBUS support : No
Use JSON output : No
libnl version : None
Use IPv4 devconf : Yes
Use iptables : No
Use nftables : Yes
init type : SYSV
systemd notify : No
Strict config checks : No
Build documentation : No
Default runtime options : -D
*** WARNING - this build will not support IPVS with IPv6. Please install libnl/libnl-3 dev libraries to support IPv6 with IPVS.
and make will error:
Making all in lib
make[1]: Entering directory '/opt/lib'
make all-am
make[2]: Entering directory '/opt/lib'
CC memory.o
CC utils.o
CC notify.o
CC timer.o
CC scheduler.o
CC vector.o
CC html.o
CC parser.o
CC signals.o
CC logger.o
CC list_head.o
CC rbtree.o
CC process.o
CC json_writer.o
CC rttables.o
AR liblib.a
make[2]: Leaving directory '/opt/lib'
make[1]: Leaving directory '/opt/lib'
Making all in keepalived
make[1]: Entering directory '/opt/keepalived'
Making all in core
make[2]: Entering directory '/opt/keepalived/core'
CC main.o
CC daemon.o
CC pidfile.o
CC layer4.o
CC smtp.o
CC global_data.o
CC global_parser.o
CC keepalived_netlink.o
CC namespaces.o
CC nftables.o
CC track_process.o
CC reload_monitor.o
CC config_notify.o
AR libcore.a
make[2]: Leaving directory '/opt/keepalived/core'
Making all in vrrp
make[2]: Entering directory '/opt/keepalived/vrrp'
CC vrrp_daemon.o
CC vrrp_print.o
CC vrrp_data.o
CC vrrp_parser.o
CC vrrp.o
CC vrrp_notify.o
CC vrrp_scheduler.o
CC vrrp_sync.o
CC vrrp_arp.o
CC vrrp_if.o
CC vrrp_track.o
CC vrrp_ipaddress.o
CC vrrp_ndisc.o
CC vrrp_if_config.o
CC vrrp_static_track.o
CC vrrp_iproute.o
CC vrrp_iprule.o
CC vrrp_ip_rule_route_parser.o
CC vrrp_vmac.o
CC vrrp_ipsecah.o
CC vrrp_firewall.o
CC vrrp_nftables.o
AR libvrrp.a
make[2]: Leaving directory '/opt/keepalived/vrrp'
Making all in check
make[2]: Entering directory '/opt/keepalived/check'
CC check_daemon.o
CC check_data.o
CC check_parser.o
CC check_api.o
CC check_tcp.o
CC check_http.o
CC check_ssl.o
CC check_genhash.o
CC check_smtp.o
CC check_misc.o
CC check_dns.o
CC check_print.o
CC ipwrapper.o
CC ipvswrapper.o
CC libipvs.o
CC check_udp.o
CC check_ping.o
CC check_file.o
CC check_nftables.o
AR libcheck.a
make[2]: Leaving directory '/opt/keepalived/check'
Making all in trackers
make[2]: Entering directory '/opt/keepalived/trackers'
CC track_file.o
AR libtracker.a
make[2]: Leaving directory '/opt/keepalived/trackers'
Making all in etc
make[2]: Entering directory '/opt/keepalived/etc'
Making all in init
make[3]: Entering directory '/opt/keepalived/etc/init'
make[3]: Nothing to be done for 'all'.
make[3]: Leaving directory '/opt/keepalived/etc/init'
Making all in init.d
make[3]: Entering directory '/opt/keepalived/etc/init.d'
make[3]: Nothing to be done for 'all'.
make[3]: Leaving directory '/opt/keepalived/etc/init.d'
Making all in keepalived
make[3]: Entering directory '/opt/keepalived/etc/keepalived'
make[3]: Nothing to be done for 'all'.
make[3]: Leaving directory '/opt/keepalived/etc/keepalived'
Making all in sysconfig
make[3]: Entering directory '/opt/keepalived/etc/sysconfig'
make[3]: Nothing to be done for 'all'.
make[3]: Leaving directory '/opt/keepalived/etc/sysconfig'
make[3]: Entering directory '/opt/keepalived/etc'
make[3]: Nothing to be done for 'all-am'.
make[3]: Leaving directory '/opt/keepalived/etc'
make[2]: Leaving directory '/opt/keepalived/etc'
make[2]: Entering directory '/opt/keepalived'
CC main.o
CCLD keepalived
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: check/libcheck.a(check_ssl.o): in function `ssl_connect':
/opt/keepalived/check/check_ssl.c:240: undefined reference to `SSL_set0_wbio'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(ssl_lib.o): in function `ssl_get_auto_dh':
/home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_lib.c:2239: undefined reference to `get_rfc3526_prime_8192'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_lib.c:2241: undefined reference to `get_rfc3526_prime_4096'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_lib.c:2243: undefined reference to `get_rfc3526_prime_3072'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_lib.c:2245: undefined reference to `get_rfc3526_prime_2048'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_lib.c:2247: undefined reference to `get_rfc3526_prime_1536'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_lib.c:2249: undefined reference to `get_rfc2409_prime_1024'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(ssl_lib.o): in function `SSL_CTX_set_default_verify_paths':
/home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_lib.c:2924: undefined reference to `X509_STORE_set_default_paths'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(ssl_lib.o): in function `SSL_CTX_load_verify_locations':
/home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_lib.c:2931: undefined reference to `X509_STORE_load_locations'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(ssl_lib.o): in function `SSL_CTX_load_verify_mem':
/home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_lib.c:2937: undefined reference to `X509_STORE_load_mem'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(ssl_rsa.o): in function `use_certificate_chain_bio':
/home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_rsa.c:622: undefined reference to `PEM_read_bio_X509_AUX'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_rsa.c:635: undefined reference to `PEM_read_bio_X509'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(ssl_rsa.o): in function `SSL_use_certificate_file':
/home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_rsa.c:109: undefined reference to `PEM_read_bio_X509'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(ssl_rsa.o): in function `SSL_use_RSAPrivateKey_file':
/home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_rsa.c:233: undefined reference to `PEM_read_bio_RSAPrivateKey'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(ssl_rsa.o): in function `SSL_use_PrivateKey_file':
/home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_rsa.c:299: undefined reference to `PEM_read_bio_PrivateKey'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(ssl_rsa.o): in function `SSL_CTX_use_certificate_file':
/home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_rsa.c:426: undefined reference to `PEM_read_bio_X509'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(ssl_rsa.o): in function `SSL_CTX_use_RSAPrivateKey_file':
/home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_rsa.c:507: undefined reference to `PEM_read_bio_RSAPrivateKey'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(ssl_rsa.o): in function `SSL_CTX_use_PrivateKey_file':
/home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_rsa.c:570: undefined reference to `PEM_read_bio_PrivateKey'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(ssl_sess.o): in function `SSL_CTX_set_client_cert_engine':
/home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_sess.c:1184: undefined reference to `ENGINE_get_ssl_client_cert_function'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(ssl_srvr.o): in function `ssl3_send_server_kex_ecdhe_ecx':
/home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_srvr.c:1464: undefined reference to `X25519_keypair'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(ssl_srvr.o): in function `ssl3_get_client_kex_ecdhe_ecx':
/home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_srvr.c:1957: undefined reference to `X25519'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(ssl_srvr.o): in function `ssl3_get_cert_verify':
/home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_srvr.c:2138: undefined reference to `X509_certificate_type'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(tls12_key_schedule.o): in function `tls12_key_block_generate':
/home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/tls12_key_schedule.c:108: undefined reference to `EVP_AEAD_key_length'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/tls12_key_schedule.c:114: undefined reference to `EVP_aead_chacha20_poly1305'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(tls12_record_layer.o): in function `tls12_record_protection_clear':
/home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/tls12_record_layer.c:65: undefined reference to `EVP_AEAD_CTX_cleanup'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(tls12_record_layer.o): in function `tls12_record_layer_ccs_aead':
/home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/tls12_record_layer.c:442: undefined reference to `EVP_aead_chacha20_poly1305'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/tls12_record_layer.c:448: undefined reference to `EVP_AEAD_nonce_length'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/tls12_record_layer.c:452: undefined reference to `EVP_AEAD_nonce_length'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/tls12_record_layer.c:453: undefined reference to `EVP_AEAD_max_overhead'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/tls12_record_layer.c:469: undefined reference to `EVP_AEAD_CTX_init'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(tls12_record_layer.o): in function `tls12_record_layer_open_record_protected_aead':
/home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/tls12_record_layer.c:935: undefined reference to `EVP_AEAD_CTX_open'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(tls12_record_layer.o): in function `tls12_record_layer_seal_record_protected_aead':
/home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/tls12_record_layer.c:1188: undefined reference to `EVP_AEAD_CTX_seal'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(tls13_key_share.o): in function `tls13_key_share_generate_x25519':
/home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/tls13_key_share.c:144: undefined reference to `X25519_keypair'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(tls13_key_share.o): in function `tls13_key_share_derive_x25519':
/home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/tls13_key_share.c:294: undefined reference to `X25519'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(tls13_lib.o): in function `tls13_cipher_aead':
/home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/tls13_lib.c:82: undefined reference to `EVP_aead_chacha20_poly1305'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(tls13_record_layer.o): in function `tls13_record_protection_clear':
/home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/tls13_record_layer.c:43: undefined reference to `EVP_AEAD_CTX_cleanup'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(tls13_record_layer.o): in function `tls13_record_layer_set_traffic_key':
/home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/tls13_record_layer.c:461: undefined reference to `EVP_AEAD_nonce_length'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/tls13_record_layer.c:463: undefined reference to `EVP_AEAD_nonce_length'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/tls13_record_layer.c:465: undefined reference to `EVP_AEAD_key_length'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/tls13_record_layer.c:473: undefined reference to `EVP_AEAD_CTX_init'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(tls13_record_layer.o): in function `tls13_record_layer_seal_record_protected':
/home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/tls13_record_layer.c:695: undefined reference to `EVP_AEAD_max_tag_len'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/tls13_record_layer.c:730: undefined reference to `EVP_AEAD_CTX_seal'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(tls13_record_layer.o): in function `tls13_record_layer_open_record_protected':
/home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/tls13_record_layer.c:554: undefined reference to `EVP_AEAD_CTX_open'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(ssl_cert.o): in function `SSL_load_client_CA_file':
/home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_cert.c:589: undefined reference to `PEM_read_bio_X509'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(ssl_cert.o): in function `SSL_add_file_cert_subjects_to_stack':
/home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_cert.c:658: undefined reference to `PEM_read_bio_X509'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(ssl_ciph.o): in function `ssl_cipher_get_evp':
/home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_ciph.c:464: undefined reference to `EVP_enc_null'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(ssl_ciph.o): in function `ssl_cipher_get_evp_aead':
/home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_ciph.c:552: undefined reference to `EVP_aead_chacha20_poly1305'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(ssl_clnt.o): in function `ssl3_send_client_kex_ecdhe_ecx':
/home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_clnt.c:2135: undefined reference to `X25519_keypair'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_clnt.c:2136: undefined reference to `X25519'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(ssl_clnt.o): in function `ssl3_check_cert_and_algorithm':
/home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_clnt.c:2728: undefined reference to `X509_certificate_type'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(ssl_clnt.o): in function `ssl_do_client_cert_cb':
/home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_clnt.c:2790: undefined reference to `ENGINE_load_ssl_client_cert'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(ssl_kex.o): in function `ssl_kex_derive_ecdhe_ecp':
/home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_kex.c:156: undefined reference to `EC_GROUP_check'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_kex.c:158: undefined reference to `EC_GROUP_check'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(tls13_key_schedule.o): in function `tls13_hkdf_expand_label_with_length':
/home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/tls13_key_schedule.c:194: undefined reference to `HKDF_expand'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(tls13_key_schedule.o): in function `tls13_derive_early_secrets':
/home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/tls13_key_schedule.c:228: undefined reference to `HKDF_extract'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(tls13_key_schedule.o): in function `tls13_derive_handshake_secrets':
/home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/tls13_key_schedule.c:271: undefined reference to `HKDF_extract'
/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(tls13_key_schedule.o): in function `tls13_derive_application_secrets':
/home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/tls13_key_schedule.c:316: undefined reference to `HKDF_extract'
collect2: error: ld returned 1 exit status
make[2]: *** [Makefile:483: keepalived] Error 1
make[2]: Leaving directory '/opt/keepalived'
make[1]: *** [Makefile:562: all-recursive] Error 1
make[1]: Leaving directory '/opt/keepalived'
make: *** [Makefile:447: all-recursive] Error 1replace libressl-dev to openssl-libs-static will be the same result
suconghou
commented
2 years ago @zhangguanzhang full static build will be hard , as it has many dependences , you can link static libs as much as you can , there is an old docker https://hub.docker.com/r/suconghou/keepalived , maybe help.
zhangguanzhang
commented
2 years ago @zhangguanzhang full static build will be hard , as it has many dependences , you can link static libs as much as you can , there is an old docker https://hub.docker.com/r/suconghou/keepalived , maybe help.
root@guan:~# docker run --rm -ti suconghou/keepalived sh
/ # keepalived -v
Keepalived v1.2.24 (11/16,2016)
Copyright(C) 2001-2016 Alexandre Cassen, <acassen@gmail.com>
Build options: PIPE2 LIBNL1 FALLBACK_LIBNL1 RTA_ENCAP RTA_NEWDST RTA_PREF RTA_VIA FRA_OIFNAME FRA_SUPPRESS_PREFIXLEN FRA_SUPPRESS_IFGROUP FRA_TUN_ID RTAX_CC_ALGO RTAX_QUICKACK LINUX_NET_IF_H_COLLISION LVS LIBIPVS_NETLINK IPVS_SYNCD_ATTRIBUTES IPVS_64BIT_STATS VRRP VRRP_AUTH VRRP_VMAC SOCK_NONBLOCK SOCK_CLOEXEC FIB_ROUTING INET6_ADDR_GEN_MODE SO_MARK
/ # ldd `which keepalived `
/lib/ld-musl-x86_64.so.1 (0x7f6fdff98000)
libssl.so.1.0.0 => /lib/libssl.so.1.0.0 (0x7f6fdfada000)
libcrypto.so.1.0.0 => /lib/libcrypto.so.1.0.0 (0x7f6fdf6bc000)
libnl.so.1 => /usr/lib/libnl.so.1 (0x7f6fdf473000)
libc.musl-x86_64.so.1 => /lib/ld-musl-x86_64.so.1 (0x7f6fdff98000)
libz.so.1 => /lib/libz.so.1 (0x7f6fdf25d000)
/ #
rampageX
commented
2 years ago I use the website to search some static libs and try:
$ apk --no-cache add \ binutils \ file \ file-dev \ gcc \ glib \ glib-static \ ipset \ ipset-dev \ iptables \ iptables-dev \ libnftnl-dev \ libnl3 \ libnl3-dev \ make \ musl-dev \ net-snmp-dev \ openssl \ pcre2 \ pcre2-dev \ autoconf \ automake \ libressl-dev zlib-static alpine-sdk linux-headers libmnl-static $ export CFLAGS='-static -s' LDFLAGS=-static $ ./configure --disable-dynamic-linking checking for a BSD-compatible install... /usr/bin/install -c checking whether build environment is sane... yes checking for a race-free mkdir -p... ./build-aux/install-sh -c -d checking for gawk... no checking for mawk... no checking for nawk... no checking for awk... awk checking whether make sets $(MAKE)... yes checking whether make supports nested variables... yes checking whether make supports nested variables... (cached) yes checking for pkg-config... /usr/bin/pkg-config checking pkg-config is at least version 0.9.0... yes checking for gcc... gcc checking whether the C compiler works... yes checking for C compiler default output file name... a.out checking for suffix of executables... checking whether we are cross compiling... no checking for suffix of object files... o checking whether the compiler supports GNU C... yes checking whether gcc accepts -g... yes checking for gcc option to enable C11 features... none needed checking whether gcc understands -c and -o together... yes checking whether make supports the include directive... yes (GNU style) checking dependency style of gcc... gcc3 checking whether make sets $(MAKE)... (cached) yes checking for ranlib... ranlib checking for grep that handles long lines and -e... /bin/grep checking whether ln -s works... yes checking for a sed that does not truncate output... /bin/sed checking for strip... strip checking for ldd... ldd checking for ar... ar checking the archiver (ar) interface... ar checking if using GCC Link Time Optimisation... no checking msghdr.msg_controllen is size_t... no checking diagnostic pragmas in functions... yes checking diagnostic push/pop pragmas... yes checking for -Wall... yes checking for -Wextra... yes checking for -Wunused... yes checking for -Wstrict-prototypes... yes checking for -Wabi... yes checking for -Wabsolute-value... yes checking for -Waddress-of-packed-member... yes checking for -Walloca... yes checking for -Walloc-larger-than=4096... no checking for -Walloc-zero... yes checking for -Warith-conversion... yes checking for -Warray-bounds=2... yes checking for -Wattribute-alias=2... yes checking for -Wbad-function-cast... yes checking for -Wc11-c2x-compat... yes checking for -Wcast-align... yes checking for -Wcast-qual... yes checking for -Wchkp... no checking for -Wdate-time... yes checking for -Wdisabled-optimization... yes checking for -Wdouble-promotion... yes checking for -Wduplicated-branches... yes checking for -Wduplicated-cond... yes checking for -Wfloat-conversion... yes checking for -Wfloat-equal... yes checking for -Wformat-overflow... yes checking for -Wformat-security... yes checking for -Wformat-signedness... yes checking for -Wformat-truncation... yes checking for -Wframe-larger-than=5120... yes checking for -Wimplicit-fallthrough=3... yes checking for -Winit-self... yes checking for -Winline... yes checking for -Winvalid-pch... yes checking for -Wjump-misses-init... yes checking for -Wlogical-op... yes checking for -Wmissing-declarations... yes checking for -Wmissing-field-initializers... yes checking for -Wmissing-include-dirs... yes checking for -Wmissing-prototypes... yes checking for -Wnested-externs... yes checking for -Wnormalized... yes checking for -Wnull-dereference... yes checking for -Wold-style-definition... yes checking for -Woverlength-strings... yes checking for -Wpointer-arith... yes checking for -Wredundant-decls... yes checking for -Wshadow... yes checking for -Wshift-overflow=2... yes checking for -Wstack-protector... yes checking for -Wstrict-overflow=4... yes checking for -Wstringop-overflow=2... yes checking for -Wstringop-truncation... yes checking for -Wsuggest-attribute=cold... yes checking for -Wsuggest-attribute=const... yes checking for -Wsuggest-attribute=format... yes checking for -Wsuggest-attribute=malloc... yes checking for -Wsuggest-attribute=noreturn... yes checking for -Wsuggest-attribute=pure... yes checking for -Wsync-nand... yes checking for -Wtrampolines... yes checking for -Wundef... yes checking for -Wuninitialized... yes checking for -Wunknown-pragmas... yes checking for -Wunsafe-loop-optimizations... yes checking for -Wunsuffixed-float-constants... yes checking for -Wunused-const-variable=2... yes checking for -Wunused-macros... no checking for -Wvariadic-macros... yes checking for -Wwrite-strings... yes checking for function __attribute__((error(msg))) support... yes checking for PIE support... yes checking for -Wformat -Werror=format-security support... yes checking for -Wp,-D_FORTIFY_SOURCE=2 support... yes checking for -fexceptions support... yes checking for -fstack-protector-strong support... yes checking for --param=ssp-buffer-size=4 support... yes checking for -grecord-gcc-switches support... yes checking for -Wl,-z,relro support... yes checking for -Wl,-z,now support... yes checking for -O2 support... yes checking for unaligned memory access... yes checking for unaligned memory access causes warnings... no checking for clock_gettime() requires -lrt... no checking for stdio.h... yes checking for stdlib.h... yes checking for string.h... yes checking for inttypes.h... yes checking for stdint.h... yes checking for strings.h... yes checking for sys/stat.h... yes checking for sys/types.h... yes checking for unistd.h... yes checking for vfork.h... no checking for arpa/inet.h... yes checking for fcntl.h... yes checking for limits.h... yes checking for netdb.h... yes checking for netinet/in.h... yes checking for stdint.h... (cached) yes checking for stdlib.h... (cached) yes checking for string.h... (cached) yes checking for sys/ioctl.h... yes checking for sys/param.h... yes checking for sys/prctl.h... yes checking for sys/socket.h... yes checking for sys/time.h... yes checking for syslog.h... yes checking for unistd.h... (cached) yes checking linux/errqueue.h needs sys/time.h... yes checking for asm/types.h... yes checking for linux/ethtool.h... yes checking for linux/icmpv6.h... yes checking for linux/if_ether.h... yes checking for linux/if_packet.h... yes checking for linux/ip.h... yes checking for linux/sockios.h... yes checking for linux/types.h... yes checking for linux/fib_rules.h... yes checking for linux/if_addr.h... yes checking for linux/if_link.h... yes checking for linux/if_arp.h... yes checking for _Bool... yes checking for stdbool.h that conforms to C99... yes checking for inline... inline checking for int64_t... yes checking for pid_t... yes checking for size_t... yes checking for uint16_t... yes checking for uint32_t... yes checking for uint64_t... yes checking for uint8_t... yes checking for an ANSI C-conforming const... yes checking for fork... yes checking for vfork... yes checking for working fork... yes checking for working vfork... (cached) yes checking for dup2... yes checking for dup3... yes checking for getcwd... yes checking for gettimeofday... yes checking for malloc... yes checking for memmove... yes checking for memset... yes checking for realloc... yes checking for select... yes checking for setenv... yes checking for socket... yes checking for strcasecmp... yes checking for strchr... yes checking for strdup... yes checking for strerror... yes checking for strpbrk... yes checking for strstr... yes checking for strtol... yes checking for strtoul... yes checking for uname... yes checking for vsyslog... yes checking for memfd_create... yes checking for gcc options needed to detect all undeclared functions... none needed checking whether O_TMPFILE is declared... yes checking whether ETHERTYPE_IPV6 is declared... yes checking whether IPV6_MULTICAST_ALL is declared... yes checking for openssl/ssl.h... yes checking for openssl/err.h... yes checking for openssl/md5.h... yes checking for openssl/evp.h... yes checking for EVP_DigestInit_ex in -lcrypto... yes checking for EVP_MD_CTX_new in -lcrypto... yes checking for SSL_CTX_new in -lssl... yes checking SSL_set_tlsext_host_name() - may be a definition... yes checking for SSL_CTX_set_verify_depth... yes checking for SSL_set0_rbio... yes checking for OPENSSL_init_crypto... yes checking for TLS_method... yes checking whether IPV4_DEVCONF_ARP_IGNORE is declared... yes checking whether IPV4_DEVCONF_ACCEPT_LOCAL is declared... yes checking whether IPV4_DEVCONF_RP_FILTER is declared... yes checking whether IPV4_DEVCONF_ARPFILTER is declared... yes checking for linux/rtnetlink.h... yes checking for nl_socket_alloc in -lnl-3... no checking for nl_socket_modify_cb in -lnl... no configure: WARNING: keepalived will be built without libnl support. checking for magic_open in -lmagic... no checking whether RTA_ENCAP is declared... yes checking whether RTA_EXPIRES is declared... yes checking whether RTA_NEWDST is declared... yes checking whether RTA_PREF is declared... yes checking whether FRA_SUPPRESS_PREFIXLEN is declared... yes checking whether FRA_SUPPRESS_IFGROUP is declared... yes checking whether FRA_TUN_ID is declared... yes checking whether RTAX_CC_ALGO is declared... yes checking whether RTAX_QUICKACK is declared... yes checking whether RTEXT_FILTER_SKIP_STATS is declared... yes checking whether FRA_L3MDEV is declared... yes checking whether FRA_UID_RANGE is declared... yes checking whether RTAX_FASTOPEN_NO_COOKIE is declared... yes checking whether RTA_VIA is declared... yes checking whether FRA_PROTOCOL is declared... yes checking whether FRA_IP_PROTO is declared... yes checking whether FRA_SPORT_RANGE is declared... yes checking whether FRA_DPORT_RANGE is declared... yes checking whether RTA_TTL_PROPAGATE is declared... yes checking whether IFA_FLAGS is declared... yes checking whether LWTUNNEL_ENCAP_MPLS is declared... yes checking whether LWTUNNEL_ENCAP_ILA is declared... yes checking for libiptc/libip6tc.h... yes checking for libiptc/libiptc.h... yes checking for libiptc/libxtc.h... yes checking for library containing iptc_init... no checking whether NFTA_TABLE_MAX is declared... yes checking whether NFTNL_EXPR_LOOKUP_FLAGS and NFT_LOOKUP_F_INV are defined... yes checking whether NFT_META_L4PROTO is declared... yes checking whether NFTA_DUP_MAX is declared... yes checking whether NFT_META_OIFKIND is declared... yes checking whether NFT_USERDATA_MAXLEN is declared... yes checking whether nftnl_udata_buf_alloc is declared... yes checking whether nftnl_udata_put_u32 is declared... yes checking whether NFTNL_SET_DESC_CONCAT is declared... yes checking whether NFTNL_SET_ELEM_KEY_END is declared... yes checking whether NFT_SET_CONCAT is declared... yes checking whether NFTNL_SET_EXPR is declared... yes checking for linux/if.h and net/if.h namespace collision... yes checking for linux/if_ether.h then netinet/in.h then linux/if.h namespace collision... no checking for linux/if_ether.h then netinet/if_ether.h namespace collision... yes checking for libiptc/libiptc.h linux/if.h and net/if.h namespace collision... no checking whether IPVS_DEST_ATTR_ADDR_FAMILY is declared... yes checking whether IPVS_DAEMON_ATTR_SYNC_MAXLEN is declared... yes checking whether IPVS_DAEMON_ATTR_MCAST_GROUP is declared... yes checking whether IPVS_DAEMON_ATTR_MCAST_GROUP6 is declared... yes checking whether IPVS_DAEMON_ATTR_MCAST_PORT is declared... yes checking whether IPVS_DAEMON_ATTR_MCAST_TTL is declared... yes checking whether IPVS_SVC_ATTR_STATS64 is declared... yes checking whether IPVS_DEST_ATTR_STATS64 is declared... yes checking whether IPVS_DEST_ATTR_TUN_TYPE is declared... yes checking whether IP_VS_TUNNEL_ENCAP_FLAG_NOCSUM is declared... yes checking whether IP_VS_CONN_F_TUNNEL_TYPE_GRE is declared... yes checking whether IFLA_IPVLAN_MODE is declared... yes checking whether IPVLAN_MODE_L3S is declared... yes checking whether IFLA_IPVLAN_FLAGS is declared... yes checking whether GLOB_BRACE is declared... no checking whether GLOB_ALTDIRFUNC is declared... no checking for timegm()... yes checking whether IFLA_INET6_ADDR_GEN_MODE is declared... yes checking whether IFLA_VRF_MAX is declared... yes checking whether SO_MARK is declared... yes checking for sphinx-build... No checking for rpm... No checking that generated files are newer than configure... done configure: creating ./config.status config.status: creating Makefile config.status: creating keepalived/Makefile config.status: creating lib/Makefile config.status: creating keepalived/core/Makefile config.status: creating keepalived.spec config.status: creating Dockerfile config.status: creating keepalived/check/Makefile config.status: creating keepalived/vrrp/Makefile config.status: creating keepalived/bfd/Makefile config.status: creating doc/Makefile config.status: creating bin_install/Makefile config.status: creating keepalived/dbus/Makefile config.status: creating keepalived/etc/Makefile config.status: creating keepalived/etc/init/Makefile config.status: creating keepalived/etc/init.d/Makefile config.status: creating keepalived/etc/sysconfig/Makefile config.status: creating keepalived/etc/keepalived/Makefile config.status: creating keepalived/trackers/Makefile config.status: creating doc/man/man8/Makefile config.status: creating doc/man/man5/Makefile config.status: creating doc/man/man1/Makefile config.status: creating lib/config.h config.status: creating lib/config_warnings.h config.status: lib/config_warnings.h is unchanged config.status: executing depfiles commands Keepalived configuration ------------------------ Keepalived version : 2.2.7 Compiler : gcc gcc (Alpine 10.3.1_git20211027) 10.3.1 20211027 Preprocessor flags : -D_GNU_SOURCE Compiler flags : -g -static -s -Wall -Wextra -Wunused -Wstrict-prototypes -Wabi -Wabsolute-value -Waddress-of-packed-member -Walloca -Walloc-zero -Warith-conversion -Warray-bounds=2 -Wattribute-alias=2 -Wbad-function-cast -Wc11-c2x-compat -Wcast-align -Wcast-qual -Wdate-time -Wdisabled-optimization -Wdouble-promotion -Wduplicated-branches -Wduplicated-cond -Wfloat-conversion -Wfloat-equal -Wformat-overflow -Wformat-security -Wformat-signedness -Wformat-truncation -Wframe-larger-than=5120 -Wimplicit-fallthrough=3 -Winit-self -Winline -Winvalid-pch -Wjump-misses-init -Wlogical-op -Wmissing-declarations -Wmissing-field-initializers -Wmissing-include-dirs -Wmissing-prototypes -Wnested-externs -Wnormalized -Wnull-dereference -Wold-style-definition -Woverlength-strings -Wpointer-arith -Wredundant-decls -Wshadow -Wshift-overflow=2 -Wstack-protector -Wstrict-overflow=4 -Wstringop-overflow=2 -Wstringop-truncation -Wsuggest-attribute=cold -Wsuggest-attribute=const -Wsuggest-attribute=format -Wsuggest-attribute=malloc -Wsuggest-attribute=noreturn -Wsuggest-attribute=pure -Wsync-nand -Wtrampolines -Wundef -Wuninitialized -Wunknown-pragmas -Wunsafe-loop-optimizations -Wunsuffixed-float-constants -Wunused-const-variable=2 -Wvariadic-macros -Wwrite-strings -fPIE -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -O2 Linker flags : -static -pie -Wl,-z,relro -Wl,-z,now Extra Lib : -lm -lcrypto -lssl -lnftnl -lmnl Use IPVS Framework : Yes IPVS use libnl : No IPVS syncd attributes : Yes IPVS 64 bit stats : Yes HTTP_GET regex support : No fwmark socket support : Yes Use VRRP Framework : Yes Use VRRP VMAC : Yes Use VRRP authentication : Yes With track_process : Yes With linkbeat : Yes Use BFD Framework : No SNMP vrrp support : No SNMP checker support : No SNMP RFCv2 support : No SNMP RFCv3 support : No DBUS support : No Use JSON output : No libnl version : None Use IPv4 devconf : Yes Use iptables : No Use nftables : Yes init type : SYSV systemd notify : No Strict config checks : No Build documentation : No Default runtime options : -D *** WARNING - this build will not support IPVS with IPv6. Please install libnl/libnl-3 dev libraries to support IPv6 with IPVS.and make will error:
Making all in lib make[1]: Entering directory '/opt/lib' make all-am make[2]: Entering directory '/opt/lib' CC memory.o CC utils.o CC notify.o CC timer.o CC scheduler.o CC vector.o CC html.o CC parser.o CC signals.o CC logger.o CC list_head.o CC rbtree.o CC process.o CC json_writer.o CC rttables.o AR liblib.a make[2]: Leaving directory '/opt/lib' make[1]: Leaving directory '/opt/lib' Making all in keepalived make[1]: Entering directory '/opt/keepalived' Making all in core make[2]: Entering directory '/opt/keepalived/core' CC main.o CC daemon.o CC pidfile.o CC layer4.o CC smtp.o CC global_data.o CC global_parser.o CC keepalived_netlink.o CC namespaces.o CC nftables.o CC track_process.o CC reload_monitor.o CC config_notify.o AR libcore.a make[2]: Leaving directory '/opt/keepalived/core' Making all in vrrp make[2]: Entering directory '/opt/keepalived/vrrp' CC vrrp_daemon.o CC vrrp_print.o CC vrrp_data.o CC vrrp_parser.o CC vrrp.o CC vrrp_notify.o CC vrrp_scheduler.o CC vrrp_sync.o CC vrrp_arp.o CC vrrp_if.o CC vrrp_track.o CC vrrp_ipaddress.o CC vrrp_ndisc.o CC vrrp_if_config.o CC vrrp_static_track.o CC vrrp_iproute.o CC vrrp_iprule.o CC vrrp_ip_rule_route_parser.o CC vrrp_vmac.o CC vrrp_ipsecah.o CC vrrp_firewall.o CC vrrp_nftables.o AR libvrrp.a make[2]: Leaving directory '/opt/keepalived/vrrp' Making all in check make[2]: Entering directory '/opt/keepalived/check' CC check_daemon.o CC check_data.o CC check_parser.o CC check_api.o CC check_tcp.o CC check_http.o CC check_ssl.o CC check_genhash.o CC check_smtp.o CC check_misc.o CC check_dns.o CC check_print.o CC ipwrapper.o CC ipvswrapper.o CC libipvs.o CC check_udp.o CC check_ping.o CC check_file.o CC check_nftables.o AR libcheck.a make[2]: Leaving directory '/opt/keepalived/check' Making all in trackers make[2]: Entering directory '/opt/keepalived/trackers' CC track_file.o AR libtracker.a make[2]: Leaving directory '/opt/keepalived/trackers' Making all in etc make[2]: Entering directory '/opt/keepalived/etc' Making all in init make[3]: Entering directory '/opt/keepalived/etc/init' make[3]: Nothing to be done for 'all'. make[3]: Leaving directory '/opt/keepalived/etc/init' Making all in init.d make[3]: Entering directory '/opt/keepalived/etc/init.d' make[3]: Nothing to be done for 'all'. make[3]: Leaving directory '/opt/keepalived/etc/init.d' Making all in keepalived make[3]: Entering directory '/opt/keepalived/etc/keepalived' make[3]: Nothing to be done for 'all'. make[3]: Leaving directory '/opt/keepalived/etc/keepalived' Making all in sysconfig make[3]: Entering directory '/opt/keepalived/etc/sysconfig' make[3]: Nothing to be done for 'all'. make[3]: Leaving directory '/opt/keepalived/etc/sysconfig' make[3]: Entering directory '/opt/keepalived/etc' make[3]: Nothing to be done for 'all-am'. make[3]: Leaving directory '/opt/keepalived/etc' make[2]: Leaving directory '/opt/keepalived/etc' make[2]: Entering directory '/opt/keepalived' CC main.o CCLD keepalived /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: check/libcheck.a(check_ssl.o): in function `ssl_connect': /opt/keepalived/check/check_ssl.c:240: undefined reference to `SSL_set0_wbio' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(ssl_lib.o): in function `ssl_get_auto_dh': /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_lib.c:2239: undefined reference to `get_rfc3526_prime_8192' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_lib.c:2241: undefined reference to `get_rfc3526_prime_4096' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_lib.c:2243: undefined reference to `get_rfc3526_prime_3072' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_lib.c:2245: undefined reference to `get_rfc3526_prime_2048' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_lib.c:2247: undefined reference to `get_rfc3526_prime_1536' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_lib.c:2249: undefined reference to `get_rfc2409_prime_1024' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(ssl_lib.o): in function `SSL_CTX_set_default_verify_paths': /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_lib.c:2924: undefined reference to `X509_STORE_set_default_paths' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(ssl_lib.o): in function `SSL_CTX_load_verify_locations': /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_lib.c:2931: undefined reference to `X509_STORE_load_locations' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(ssl_lib.o): in function `SSL_CTX_load_verify_mem': /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_lib.c:2937: undefined reference to `X509_STORE_load_mem' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(ssl_rsa.o): in function `use_certificate_chain_bio': /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_rsa.c:622: undefined reference to `PEM_read_bio_X509_AUX' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_rsa.c:635: undefined reference to `PEM_read_bio_X509' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(ssl_rsa.o): in function `SSL_use_certificate_file': /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_rsa.c:109: undefined reference to `PEM_read_bio_X509' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(ssl_rsa.o): in function `SSL_use_RSAPrivateKey_file': /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_rsa.c:233: undefined reference to `PEM_read_bio_RSAPrivateKey' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(ssl_rsa.o): in function `SSL_use_PrivateKey_file': /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_rsa.c:299: undefined reference to `PEM_read_bio_PrivateKey' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(ssl_rsa.o): in function `SSL_CTX_use_certificate_file': /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_rsa.c:426: undefined reference to `PEM_read_bio_X509' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(ssl_rsa.o): in function `SSL_CTX_use_RSAPrivateKey_file': /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_rsa.c:507: undefined reference to `PEM_read_bio_RSAPrivateKey' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(ssl_rsa.o): in function `SSL_CTX_use_PrivateKey_file': /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_rsa.c:570: undefined reference to `PEM_read_bio_PrivateKey' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(ssl_sess.o): in function `SSL_CTX_set_client_cert_engine': /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_sess.c:1184: undefined reference to `ENGINE_get_ssl_client_cert_function' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(ssl_srvr.o): in function `ssl3_send_server_kex_ecdhe_ecx': /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_srvr.c:1464: undefined reference to `X25519_keypair' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(ssl_srvr.o): in function `ssl3_get_client_kex_ecdhe_ecx': /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_srvr.c:1957: undefined reference to `X25519' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(ssl_srvr.o): in function `ssl3_get_cert_verify': /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_srvr.c:2138: undefined reference to `X509_certificate_type' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(tls12_key_schedule.o): in function `tls12_key_block_generate': /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/tls12_key_schedule.c:108: undefined reference to `EVP_AEAD_key_length' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/tls12_key_schedule.c:114: undefined reference to `EVP_aead_chacha20_poly1305' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(tls12_record_layer.o): in function `tls12_record_protection_clear': /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/tls12_record_layer.c:65: undefined reference to `EVP_AEAD_CTX_cleanup' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(tls12_record_layer.o): in function `tls12_record_layer_ccs_aead': /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/tls12_record_layer.c:442: undefined reference to `EVP_aead_chacha20_poly1305' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/tls12_record_layer.c:448: undefined reference to `EVP_AEAD_nonce_length' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/tls12_record_layer.c:452: undefined reference to `EVP_AEAD_nonce_length' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/tls12_record_layer.c:453: undefined reference to `EVP_AEAD_max_overhead' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/tls12_record_layer.c:469: undefined reference to `EVP_AEAD_CTX_init' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(tls12_record_layer.o): in function `tls12_record_layer_open_record_protected_aead': /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/tls12_record_layer.c:935: undefined reference to `EVP_AEAD_CTX_open' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(tls12_record_layer.o): in function `tls12_record_layer_seal_record_protected_aead': /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/tls12_record_layer.c:1188: undefined reference to `EVP_AEAD_CTX_seal' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(tls13_key_share.o): in function `tls13_key_share_generate_x25519': /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/tls13_key_share.c:144: undefined reference to `X25519_keypair' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(tls13_key_share.o): in function `tls13_key_share_derive_x25519': /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/tls13_key_share.c:294: undefined reference to `X25519' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(tls13_lib.o): in function `tls13_cipher_aead': /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/tls13_lib.c:82: undefined reference to `EVP_aead_chacha20_poly1305' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(tls13_record_layer.o): in function `tls13_record_protection_clear': /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/tls13_record_layer.c:43: undefined reference to `EVP_AEAD_CTX_cleanup' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(tls13_record_layer.o): in function `tls13_record_layer_set_traffic_key': /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/tls13_record_layer.c:461: undefined reference to `EVP_AEAD_nonce_length' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/tls13_record_layer.c:463: undefined reference to `EVP_AEAD_nonce_length' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/tls13_record_layer.c:465: undefined reference to `EVP_AEAD_key_length' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/tls13_record_layer.c:473: undefined reference to `EVP_AEAD_CTX_init' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(tls13_record_layer.o): in function `tls13_record_layer_seal_record_protected': /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/tls13_record_layer.c:695: undefined reference to `EVP_AEAD_max_tag_len' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/tls13_record_layer.c:730: undefined reference to `EVP_AEAD_CTX_seal' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(tls13_record_layer.o): in function `tls13_record_layer_open_record_protected': /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/tls13_record_layer.c:554: undefined reference to `EVP_AEAD_CTX_open' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(ssl_cert.o): in function `SSL_load_client_CA_file': /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_cert.c:589: undefined reference to `PEM_read_bio_X509' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(ssl_cert.o): in function `SSL_add_file_cert_subjects_to_stack': /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_cert.c:658: undefined reference to `PEM_read_bio_X509' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(ssl_ciph.o): in function `ssl_cipher_get_evp': /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_ciph.c:464: undefined reference to `EVP_enc_null' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(ssl_ciph.o): in function `ssl_cipher_get_evp_aead': /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_ciph.c:552: undefined reference to `EVP_aead_chacha20_poly1305' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(ssl_clnt.o): in function `ssl3_send_client_kex_ecdhe_ecx': /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_clnt.c:2135: undefined reference to `X25519_keypair' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_clnt.c:2136: undefined reference to `X25519' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(ssl_clnt.o): in function `ssl3_check_cert_and_algorithm': /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_clnt.c:2728: undefined reference to `X509_certificate_type' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(ssl_clnt.o): in function `ssl_do_client_cert_cb': /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_clnt.c:2790: undefined reference to `ENGINE_load_ssl_client_cert' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(ssl_kex.o): in function `ssl_kex_derive_ecdhe_ecp': /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_kex.c:156: undefined reference to `EC_GROUP_check' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/ssl_kex.c:158: undefined reference to `EC_GROUP_check' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(tls13_key_schedule.o): in function `tls13_hkdf_expand_label_with_length': /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/tls13_key_schedule.c:194: undefined reference to `HKDF_expand' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(tls13_key_schedule.o): in function `tls13_derive_early_secrets': /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/tls13_key_schedule.c:228: undefined reference to `HKDF_extract' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(tls13_key_schedule.o): in function `tls13_derive_handshake_secrets': /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/tls13_key_schedule.c:271: undefined reference to `HKDF_extract' /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../x86_64-alpine-linux-musl/bin/ld: /usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/../../../../lib/libssl.a(tls13_key_schedule.o): in function `tls13_derive_application_secrets': /home/buildozer/aports/community/libressl/src/libressl-3.4.1/ssl/tls13_key_schedule.c:316: undefined reference to `HKDF_extract' collect2: error: ld returned 1 exit status make[2]: *** [Makefile:483: keepalived] Error 1 make[2]: Leaving directory '/opt/keepalived' make[1]: *** [Makefile:562: all-recursive] Error 1 make[1]: Leaving directory '/opt/keepalived' make: *** [Makefile:447: all-recursive] Error 1replace
libressl-devtoopenssl-libs-staticwill be the same result
Use make V=99, the last failed command-line is:
gcc -g -static -s -Wall -Wextra -Wunused -Wstrict-prototypes -Wabsolute-value -Waddress-of-packed-member -Walloca -Walloc-zero -Warith-conversion -Warray-bounds=2 -Wattribute-alias=2 -Wbad-function-cast -Wc11-c2x-compat -Wcast-align -Wcast-qual -Wdate-time -Wdisabled-optimization -Wdouble-promotion -Wduplicated-branches -Wduplicated-cond -Wfloat-conversion -Wfloat-equal -Wformat-overflow -Wformat-security -Wformat-signedness -Wformat-truncation -Wframe-larger-than=5120 -Wimplicit-fallthrough=3 -Winit-self -Winline -Winvalid-pch -Wjump-misses-init -Wlogical-op -Wmissing-declarations -Wmissing-field-initializers -Wmissing-include-dirs -Wmissing-prototypes -Wnested-externs -Wnormalized -Wnull-dereference -Wold-style-definition -Woverlength-strings -Wpointer-arith -Wredundant-decls -Wshadow -Wshift-overflow=2 -Wstack-protector -Wstrict-overflow=4 -Wstringop-overflow=2 -Wstringop-truncation -Wsuggest-attribute=cold -Wsuggest-attribute=const -Wsuggest-attribute=format -Wsuggest-attribute=malloc -Wsuggest-attribute=noreturn -Wsuggest-attribute=pure -Wsync-nand -Wtrampolines -Wundef -Wuninitialized -Wunknown-pragmas -Wunsafe-loop-optimizations -Wunsuffixed-float-constants -Wunused-const-variable=2 -Wvariadic-macros -Wwrite-strings -fPIE -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -O2 -static -s -static -pie -Wl,-z,relro -Wl,-z,now -static -o keepalived main.o core/libcore.a check/libcheck.a vrrp/libvrrp.a core/libcore.a trackers/libtracker.a ../lib/liblib.a -lm -lcrypto -lssl -lnftnl -lmnl
Reverse the order of linking libssl.a and libcrypto.a, so -lcrypto -lssl will be -lssl -lcrypto, then cd keepalived/keepalived, run edited last failed command-line again, it will get a sample error:
undefined reference to 'SSL_set0_wbio' in keepalived/keepalived/check/check_ssl.c, so just open the check_ssl.c, hack the line 237 block to:
#ifdef HAVE_SSL_SET0_RBIO
//BIO_up_ref(req->bio);
//SSL_set0_rbio(req->ssl, req->bio);
//SSL_set0_wbio(req->ssl, req->bio);
SSL_set_bio(req->ssl, req->bio, req->bio);
#else
SSL_set_bio(req->ssl, req->bio, req->bio);
#endif make clean then run edited last failed command-line again again:
gcc -g -static -s -Wall -Wextra -Wunused -Wstrict-prototypes -Wabsolute-value -Waddress-of-packed-member -Walloca -Walloc-zero -Warith-conversion -Warray-bounds=2 -Wattribute-alias=2 -Wbad-function-cast -Wc11-c2x-compat -Wcast-align -Wcast-qual -Wdate-time -Wdisabled-optimization -Wdouble-promotion -Wduplicated-branches -Wduplicated-cond -Wfloat-conversion -Wfloat-equal -Wformat-overflow -Wformat-security -Wformat-signedness -Wformat-truncation -Wframe-larger-than=5120 -Wimplicit-fallthrough=3 -Winit-self -Winline -Winvalid-pch -Wjump-misses-init -Wlogical-op -Wmissing-declarations -Wmissing-field-initializers -Wmissing-include-dirs -Wmissing-prototypes -Wnested-externs -Wnormalized -Wnull-dereference -Wold-style-definition -Woverlength-strings -Wpointer-arith -Wredundant-decls -Wshadow -Wshift-overflow=2 -Wstack-protector -Wstrict-overflow=4 -Wstringop-overflow=2 -Wstringop-truncation -Wsuggest-attribute=cold -Wsuggest-attribute=const -Wsuggest-attribute=format -Wsuggest-attribute=malloc -Wsuggest-attribute=noreturn -Wsuggest-attribute=pure -Wsync-nand -Wtrampolines -Wundef -Wuninitialized -Wunknown-pragmas -Wunsafe-loop-optimizations -Wunsuffixed-float-constants -Wunused-const-variable=2 -Wvariadic-macros -Wwrite-strings -fPIE -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -O2 -static -s -static -pie -Wl,-z,relro -Wl,-z,now -static -o keepalived main.o core/libcore.a check/libcheck.a vrrp/libvrrp.a core/libcore.a trackers/libtracker.a ../lib/liblib.a -lm -lssl -lcrypto -lnftnl -lmnl
It will build a static keepalived success, but i have no idea it's really work or not.
file ./keepalived
./keepalived: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, stripped
./keepalived -h
Usage: ./keepalived [OPTION...]
-f, --use-file=FILE Use the specified configuration file
default '/usr/local/etc/keepalived/keepalived.conf'
or '/etc/keepalived/keepalived.conf'
-P, --vrrp Only run with VRRP subsystem
-C, --check Only run with Health-checker subsystem
--all Force all child processes to run, even if have no configuration
-l, --log-console Log messages to local console
-D, --log-detail Detailed log messages
-S, --log-facility=([0-7]|local[0-7]|user|daemon)
Set syslog facility to LOG_LOCAL[0-7], user or daemon (default)
-G, --no-syslog Don't log via syslog
-u, --umask=MASK umask for file creation (in numeric form)
-X, --release-vips Drop VIP on transition from signal.
-V, --dont-release-vrrp Don't remove VRRP VIPs and VROUTEs on daemon stop
-I, --dont-release-ipvs Don't remove IPVS topology on daemon stop
-R, --dont-respawn Don't respawn child processes
-n, --dont-fork Don't fork the daemon process
-d, --dump-conf Dump the configuration data
-p, --pid=FILE Use specified pidfile for parent process
-r, --vrrp_pid=FILE Use specified pidfile for VRRP child process
-T, --genhash Enter into genhash utility mode (this should be the first option used).
-c, --checkers_pid=FILE Use specified pidfile for checkers child process
-a, --address-monitoring Report all address additions/deletions notified via netlink
-s, --namespace=NAME Run in network namespace NAME (overrides config)
-m, --core-dump Produce core dump if terminate abnormally
-M, --core-dump-pattern=PATN Also set /proc/sys/kernel/core_pattern to PATN (default 'core')
-e, --all-config Error if any configuration file missing (same as includet)
-i, --config-id id Skip any configuration lines beginning '@' that don't match id
or any lines beginning @^ that do match.
The config-id defaults to the node name if option not used
--signum=SIGFUNC Return signal number for STOP, RELOAD, DATA, STATS, STATS_CLEAR
-t, --config-test[=LOG_FILE] Check the configuration for obvious errors, output to
stderr by default
-v, --version Display the version number
-h, --help Display this help messageWell, @rampageX, that's an impressive piece of work
I think, though, that it results in a fairly broken build, and certainly not one we would want to support. Due to the lack of libnl-3, configuring IPVS has to revert to the original, deprecated, way, which doesn't support IPVS with IPv6. There is no iptables support, but since there is nftables support that is fine. There is no file magic support, and regex matches for HTTP_GET and SSL_GET checkers is not supported.
Certainly using -lcrypto -lssl is a bug, since pkg-config --libs openssl returns -lssl -lcrypto, so I will update configure.ac accordingly.
I have openssl, openssl-dev and openssl-libs-static installed and no libressl package, and I do not need to make the change
#ifdef HAVE_SSL_SET0_RBIO
//BIO_up_ref(req->bio);
//SSL_set0_rbio(req->ssl, req->bio);
//SSL_set0_wbio(req->ssl, req->bio);
SSL_set_bio(req->ssl, req->bio, req->bio);
#else
SSL_set_bio(req->ssl, req->bio, req->bio);
#endif so I suspect it might relate to having a mixture of libressl and openssl packages installed (I'm only guessing though, I haven't tested it).
I have merged commit 45d8194 to ensure that the order of libraries is -lssl -lcrypto, and so it should now be possible to build a (fairly crippled) keepalived with static linking.
@zhangguanzhang It would be interesting to know why you want to build a statically linked version of keepalived. If there is a strong justification for it, then we could consider ensuring, so far as it goes, that keepalived can be built that way, although it will always depend on what distro you are using (for example it seems that RedHat distros do not support static linking at all (unless I am missing some essential libraries)). I'm not convinced that using a statically linked version is a good idea though, since if there are some security updates to libraries, then, without rebuilding keepalived, it will not benefit from those security updates.
zhangguanzhang
commented
2 years ago Well, @rampageX, that's an impressive piece of work
I think, though, that it results in a fairly broken build, and certainly not one we would want to support. Due to the lack of libnl-3, configuring IPVS has to revert to the original, deprecated, way, which doesn't support IPVS with IPv6. There is no iptables support, but since there is nftables support that is fine. There is no file magic support, and regex matches for HTTP_GET and SSL_GET checkers is not supported.
Certainly using
-lcrypto -lsslis a bug, sincepkg-config --libs opensslreturns-lssl -lcrypto, so I will update configure.ac accordingly.I have openssl, openssl-dev and openssl-libs-static installed and no libressl package, and I do not need to make the change
#ifdef HAVE_SSL_SET0_RBIO //BIO_up_ref(req->bio); //SSL_set0_rbio(req->ssl, req->bio); //SSL_set0_wbio(req->ssl, req->bio); SSL_set_bio(req->ssl, req->bio, req->bio); #else SSL_set_bio(req->ssl, req->bio, req->bio); #endifso I suspect it might relate to having a mixture of libressl and openssl packages installed (I'm only guessing though, I haven't tested it).
I have merged commit 45d8194 to ensure that the order of libraries is
-lssl -lcrypto, and so it should now be possible to build a (fairly crippled) keepalived with static linking.@zhangguanzhang It would be interesting to know why you want to build a statically linked version of keepalived. If there is a strong justification for it, then we could consider ensuring, so far as it goes, that keepalived can be built that way, although it will always depend on what distro you are using (for example it seems that RedHat distros do not support static linking at all (unless I am missing some essential libraries)). I'm not convinced that using a statically linked version is a good idea though, since if there are some security updates to libraries, then, without rebuilding keepalived, it will not benefit from those security updates.
We are in toB industry, different customers will use different Linux systems, some customers are completely Intranet environment, Linux systems such as YUM, APT and so on cannot be used to install Keepalived, so we need static compilation. The capacity of statically compiled binary files will become larger, but the increased storage capacity is not a problem and will not increase exaggerated costs
pqarmitage
commented
2 years ago Many thanks for the explanation, although I am unfamiliar with what the toB industry means.
I think, since you are providing a package to customers, that you will need to build static versions of the libraries that Alpine does not have static versions of, yourself. That way you will have a fully functional keepalived.
Perhaps the best solution would be to build dynamically linked packages for the common distros, and have the statically linked version as a fallback for distros that you don't directly support.
zhangguanzhang
commented
2 years ago @rampageX @pqarmitage thanks for so much. The following are my compilation steps, I tested and can work for me.
FROM alpine as build
RUN if [ -f /etc/apk/repositories ];then sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories; fi && \
if [ -f /etc/apt/sources.list ];then sed -ri 's/(deb|security).debian.org/mirrors.aliyun.com/g' /etc/apt/sources.list; fi && \
if [ ! -e /etc/nsswitch.conf ];then echo 'hosts: files dns myhostname' > /etc/nsswitch.conf; fi && \
apk --no-cache add \
binutils \
file \
file-dev \
gcc \
glib \
glib-dev \
ipset \
ipset-dev \
iptables \
iptables-dev \
libmnl-dev \
libnftnl-dev \
libnl3 \
libnl3-dev \
make \
musl-dev \
net-snmp-dev \
openssl \
openssl-dev \
openssl-libs-static \
pcre2 \
pcre2-dev \
autoconf \
automake zlib-static alpine-sdk linux-headers libmnl-static git
WORKDIR /opt
RUN git clone https://github.com/acassen/keepalived.git
RUN set -ex && \
cd /opt/keepalived && \
./autogen.sh && \
CFLAGS='-static -s' LDFLAGS=-static ./configure --disable-dynamic-linking \
--prefix=/usr \
--exec-prefix=/usr \
--bindir=/usr/bin \
--sbindir=/usr/sbin \
--sysconfdir=/etc \
--datadir=/usr/share \
--localstatedir=/var \
--mandir=/usr/share/man \
--enable-bfd \
--enable-snmp \
--enable-snmp-rfc \
--enable-nftables \
--enable-regex \
--enable-json --with-init=systemd --enable-vrrp --enable-libnl-dynamic
RUN set -ex && \
cd /opt/keepalived && \
make && \
make DESTDIR=/install_root install && \
find /install_root && \
# delete the docs
rm -rf /install_root/usr/share
FROM scratch AS bin
COPY --from=build /install_root /
use the docker buildx to build:
docker buildx build . --platform linux/amd64,linux/arm64 \
--target bin --output . info:
$ ls -l
total 4
-rw-r--r-- 1 root root 1771 Feb 24 17:56 Dockerfile
drwxr-xr-x 4 root root 41 Feb 24 17:56 etc
drwxr-xr-x 4 root root 29 Feb 24 17:56 usr
$ ./usr/sbin/keepalived -v
Keepalived v2.2.7 (02/23,2022), git commit v2.2.7-22-geb533a93
Copyright(C) 2001-2022 Alexandre Cassen, <acassen@gmail.com>
Built with kernel headers for Linux 5.10.41
Running on Linux 5.4.0-99-generic #112-Ubuntu SMP Thu Feb 3 13:50:55 UTC 2022
Distro: Ubuntu 20.04.3 LTS
configure options: --disable-dynamic-linking --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --localstatedir=/var --mandir=/usr/share/man --enable-bfd --enable-snmp --enable-snmp-rfc --enable-nftables --enable-regex --enable-json --with-init=systemd --enable-vrrp --enable-libnl-dynamic CFLAGS=-static -s LDFLAGS=-static
Config options: NFTABLES LVS REGEX VRRP VRRP_AUTH VRRP_VMAC JSON BFD OLD_CHKSUM_COMPAT SNMP_V3_FOR_V2 SNMP_VRRP SNMP_CHECKER SNMP_RFCV2 SNMP_RFCV3 INIT=systemd
System options: VSYSLOG MEMFD_CREATE IPV6_MULTICAST_ALL IPV4_DEVCONF RTA_ENCAP RTA_EXPIRES RTA_NEWDST RTA_PREF FRA_SUPPRESS_PREFIXLEN FRA_SUPPRESS_IFGROUP FRA_TUN_ID RTAX_CC_ALGO RTAX_QUICKACK RTEXT_FILTER_SKIP_STATS FRA_L3MDEV FRA_UID_RANGE RTAX_FASTOPEN_NO_COOKIE RTA_VIA FRA_PROTOCOL FRA_IP_PROTO FRA_SPORT_RANGE FRA_DPORT_RANGE RTA_TTL_PROPAGATE IFA_FLAGS LWTUNNEL_ENCAP_MPLS LWTUNNEL_ENCAP_ILA NET_LINUX_IF_H_COLLISION NETINET_LINUX_IF_ETHER_H_COLLISION IPVS_DEST_ATTR_ADDR_FAMILY IPVS_SYNCD_ATTRIBUTES IPVS_64BIT_STATS IPVS_TUN_TYPE IPVS_TUN_CSUM IPVS_TUN_GRE VRRP_IPVLAN IFLA_LINK_NETNSID INET6_ADDR_GEN_MODE VRF SO_MARK
$ ldd ./usr/sbin/keepalived
not a dynamic executable
$ file ./usr/sbin/keepalived
./usr/sbin/keepalived: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, stripped
$ ls -lh ./usr/sbin/keepalived
-rwxr-xr-x 1 root root 4.4M Feb 24 17:56 ./usr/sbin/keepalived@zhangguanzhang I notice that in the post above it reports that keepalived was built with kernel headers version 5.10.41 but it is running on 5.4.0-99 (that really means 5.4.x of course). It is not safe to run keepalived on an earlier kernel than the kernel headers against which it was built (you should see a log entry warning of the problem), since it checks at configure/compile time what kernel (and library) features are available, and uses those features that are supported. For example NFTNL_SET_DESC_CONCAT and NFTNL_SET_ELEM_KEY_END were introduced in Linux 5.6 and NFT_SET_CONCAT and NFTNL_SET_EXPR were introduced in Linux 5.7. Your build will try to use those nftables features but the 5.4.x kernel will not support them.
When the keepalived snap is built several different versions of keepalived are built against different kernel headers, and when keepalived in the snap is run, a script checks the kernel version it is running on and selects the appropriate keepalived binary for that binary.
zhangguanzhang
commented
2 years ago @zhangguanzhang I notice that in the post above it reports that keepalived was built with kernel headers version 5.10.41 but it is running on 5.4.0-99 (that really means 5.4.x of course). It is not safe to run keepalived on an earlier kernel than the kernel headers against which it was built (you should see a log entry warning of the problem), since it checks at configure/compile time what kernel (and library) features are available, and uses those features that are supported. For example NFTNL_SET_DESC_CONCAT and NFTNL_SET_ELEM_KEY_END were introduced in Linux 5.6 and NFT_SET_CONCAT and NFTNL_SET_EXPR were introduced in Linux 5.7. Your build will try to use those nftables features but the 5.4.x kernel will not support them.
When the keepalived snap is built several different versions of keepalived are built against different kernel headers, and when keepalived in the snap is run, a script checks the kernel version it is running on and selects the appropriate keepalived binary for that binary.
I just use the vrrp_instance and virtual_server. And before that, I also built the keepalived docker image to use it, but I didn't use static compilation. And it work very well for a long time on diffrent os.
pqarmitage
commented
2 years ago If you use vmacs (macvlans) for your vrrp instances (which you should do in order to ensure the correct MAC addresses are used), then in order to ensure that, when the vmac interface is created it doesn't immediately send a packet using the vmac MAC address (which it shouldn't do since ARP caches will be incorrectly updated), nftables is used to block the packets.
nftables can also be used with virtual_servers if you are using virtual_server_groups, and certainly some of the new nftables functionality relates to this.
zhangguanzhang
commented
2 years ago If you use vmacs (macvlans) for your vrrp instances (which you should do in order to ensure the correct MAC addresses are used), then in order to ensure that, when the vmac interface is created it doesn't immediately send a packet using the vmac MAC address (which it shouldn't do since ARP caches will be incorrectly updated), nftables is used to block the packets.
nftables can also be used with virtual_servers if you are using virtual_server_groups, and certainly some of the new nftables functionality relates to this.
Thanks for the suggestion, I only use some basic functions at present, it is not complicated, there should be no problem
jsalatiel
commented
4 months ago Hi everyone, I am also trying to compile keepalived 2.2.8 statically to use in flatcar linux. Using the dockerfile from https://github.com/acassen/keepalived/issues/2107#issuecomment-1049725208 and changing the libnl3 for libnl3-static, it appears I can get a static version.
Keepalived v2.2.8 (05/31,2023)
Copyright(C) 2001-2023 Alexandre Cassen, <acassen@gmail.com>
Built with kernel headers for Linux 6.5.0
Running on Linux 5.19.0-32-generic #33~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Mon Jan 30 17:03:34 UTC 2
Distro: Linux Mint 21.1
configure options: --disable-dynamic-linking --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/usr/etc --datadir=/usr/share --localstatedir=/var --mandir=/usr/share/man --enable-bfd --enable-nftables --enable-regex --enable-json --with-init=systemd --enable-vrrp --enable-libnl-dynamic CFLAGS=-static -s LDFLAGS=-static
Config options: NFTABLES LVS REGEX VRRP VRRP_AUTH VRRP_VMAC JSON BFD OLD_CHKSUM_COMPAT INIT=systemd
System options: VSYSLOG MEMFD_CREATE IPV6_MULTICAST_ALL IPV4_DEVCONF LIBNL3 RTA_ENCAP RTA_EXPIRES RTA_NEWDST RTA_PREF FRA_SUPPRESS_PREFIXLEN FRA_SUPPRESS_IFGROUP FRA_TUN_ID RTAX_CC_ALGO RTAX_QUICKACK RTEXT_FILTER_SKIP_STATS FRA_L3MDEV FRA_UID_RANGE RTAX_FASTOPEN_NO_COOKIE RTA_VIA FRA_PROTOCOL FRA_IP_PROTO FRA_SPORT_RANGE FRA_DPORT_RANGE RTA_TTL_PROPAGATE IFA_FLAGS LWTUNNEL_ENCAP_MPLS LWTUNNEL_ENCAP_ILA NET_LINUX_IF_H_COLLISION NETINET_LINUX_IF_ETHER_H_COLLISION LIBIPVS_NETLINK IPVS_DEST_ATTR_ADDR_FAMILY IPVS_SYNCD_ATTRIBUTES IPVS_64BIT_STATS IPVS_TUN_TYPE IPVS_TUN_CSUM IPVS_TUN_GRE VRRP_IPVLAN IFLA_LINK_NETNSID INET6_ADDR_GEN_MODE VRF SO_MARK
Is this build fairly crippled as @pqarmitage commented in https://github.com/acassen/keepalived/issues/2107#issuecomment-1049404388 ?
pqarmitage
commented
4 months ago @jsalatiel You have built keepalived with kernel 6.5.0 headers, but are running on kernel 5.19.x. So far as I can see keepalived doesn't use any new kernel features introduced between 5.19 and 6.5, so you should be OK, but it is not good practice (or safe) to do this in general.
jsalatiel
commented
4 months ago Hello @pqarmitage , I know that and I will rebuild it on an older kernel version. My question was more wondering if that build I did still suffers from the limitations you previously mentioned:
I think, though, that it results in a fairly broken build, and certainly not one we would want to support. Due to the lack of libnl-3, configuring IPVS has to revert to the original, deprecated, way, which doesn't support IPVS with IPv6. There is no iptables support, but since there is nftables support that is fine. There is no file magic support, and regex matches for HTTP_GET and SSL_GET checkers is not supported.
I used libnl3-static and libmagic-static on it. And I can see LIBNL3 in System options and LVS + REGEX in config options
pqarmitage
commented
4 months ago From what @rampageX provided:
Keepalived configuration
------------------------
Keepalived version : 2.2.7
Compiler : gcc gcc (Alpine 10.3.1_git20211027) 10.3.1 20211027
Preprocessor flags : -D_GNU_SOURCE
Compiler flags : -g -static -s -Wall -Wextra -Wunused -Wstrict-prototypes -Wabi -Wabsolute-value -Waddress-of-packed-member -Walloca -Walloc-zero -Warith-conversion -Warray-bounds=2 -Wattribute-alias=2 -Wbad-function-cast -Wc11-c2x-compat -Wcast-align -Wcast-qual -Wdate-time -Wdisabled-optimization -Wdouble-promotion -Wduplicated-branches -Wduplicated-cond -Wfloat-conversion -Wfloat-equal -Wformat-overflow -Wformat-security -Wformat-signedness -Wformat-truncation -Wframe-larger-than=5120 -Wimplicit-fallthrough=3 -Winit-self -Winline -Winvalid-pch -Wjump-misses-init -Wlogical-op -Wmissing-declarations -Wmissing-field-initializers -Wmissing-include-dirs -Wmissing-prototypes -Wnested-externs -Wnormalized -Wnull-dereference -Wold-style-definition -Woverlength-strings -Wpointer-arith -Wredundant-decls -Wshadow -Wshift-overflow=2 -Wstack-protector -Wstrict-overflow=4 -Wstringop-overflow=2 -Wstringop-truncation -Wsuggest-attribute=cold -Wsuggest-attribute=const -Wsuggest-attribute=format -Wsuggest-attribute=malloc -Wsuggest-attribute=noreturn -Wsuggest-attribute=pure -Wsync-nand -Wtrampolines -Wundef -Wuninitialized -Wunknown-pragmas -Wunsafe-loop-optimizations -Wunsuffixed-float-constants -Wunused-const-variable=2 -Wvariadic-macros -Wwrite-strings -fPIE -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -O2
Linker flags : -static -pie -Wl,-z,relro -Wl,-z,now
Extra Lib : -lm -lcrypto -lssl -lnftnl -lmnl
Use IPVS Framework : Yes
IPVS use libnl : No
IPVS syncd attributes : Yes
IPVS 64 bit stats : Yes
HTTP_GET regex support : No
fwmark socket support : Yes
Use VRRP Framework : Yes
Use VRRP VMAC : Yes
Use VRRP authentication : Yes
With track_process : Yes
With linkbeat : Yes
Use BFD Framework : No
SNMP vrrp support : No
SNMP checker support : No
SNMP RFCv2 support : No
SNMP RFCv3 support : No
DBUS support : No
Use JSON output : No
libnl version : None
Use IPv4 devconf : Yes
Use iptables : No
Use nftables : Yes
init type : SYSV
systemd notify : No
Strict config checks : No
Build documentation : No
Default runtime options : -D
*** WARNING - this build will not support IPVS with IPv6. Please install libnl/libnl-3 dev libraries to support IPv6 with IPVS.it is clear what features were and were not be supported.
If you look at the corresponding output from your build you should see what functionality will and will not be supported. It should be reasonable to assume if keepalived builds with static linking, then it should function correctly, within the limits of the functionality identified as not being supported.
Having said that, the comment:
#ifdef HAVE_SSL_SET0_RBIO
//BIO_up_ref(req->bio);
//SSL_set0_rbio(req->ssl, req->bio);
//SSL_set0_wbio(req->ssl, req->bio);
SSL_set_bio(req->ssl, req->bio, req->bio);
#else
SSL_set_bio(req->ssl, req->bio, req->bio);
#endif suggests that there can be differences in available functionality when static linking compared to dynamic linking (i.e. in this case SSL_set0_rbio() is not available when static linking but is available when dynamic linking.
jsalatiel
commented
4 months ago I do not see that warning in my build
Keepalived configuration
------------------------
Keepalived version : 2.2.8
Compiler : gcc gcc (Alpine 13.2.1_git20231014) 13.2.1 20231014
Preprocessor flags : -D_GNU_SOURCE -I/usr/include/libnl3
Compiler flags : -g -static -s -Wall -Wextra -Wunused -Wstrict-prototypes -Wabsolute-value -Waddress-of-packed-member -Walloca -Walloc-zero -Warith-conversion -Warray-bounds=2 -Wattribute-alias=2 -Wbad-function-cast -Wc11-c2x-compat -Wcast-align -Wcast-qual -Wdate-time -Wdisabled-optimization -Wdouble-promotion -Wduplicated-branches -Wduplicated-cond -Wfloat-conversion -Wfloat-equal -Wformat-overflow -Wformat-security -Wformat-signedness -Wformat-truncation -Wframe-larger-than=5120 -Wimplicit-fallthrough=3 -Winit-self -Winline -Winvalid-pch -Wjump-misses-init -Wlogical-op -Wmissing-declarations -Wmissing-field-initializers -Wmissing-include-dirs -Wmissing-prototypes -Wnested-externs -Wnormalized -Wnull-dereference -Wold-style-definition -Woverlength-strings -Wpointer-arith -Wredundant-decls -Wshadow -Wshift-overflow=2 -Wstack-protector -Wstrict-overflow=4 -Wstringop-overflow=2 -Wstringop-truncation -Wsuggest-attribute=cold -Wsuggest-attribute=const -Wsuggest-attribute=format -Wsuggest-attribute=malloc -Wsuggest-attribute=noreturn -Wsuggest-attribute=pure -Wsync-nand -Wtrampolines -Wundef -Wuninitialized -Wunknown-pragmas -Wunsafe-loop-optimizations -Wunsuffixed-float-constants -Wunused-const-variable=2 -Wvariadic-macros -Wwrite-strings -fno-strict-aliasing -fPIE -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -O2
Linker flags : -static -pie -Wl,-z,relro -Wl,-z,now
Extra Lib : -lm -lssl -lcrypto -lnl-3 -lnl-genl-3 -lmagic -lnftnl -lmnl -lpcre2-8
Use IPVS Framework : Yes
IPVS use libnl : Yes
IPVS syncd attributes : Yes
IPVS 64 bit stats : Yes
HTTP_GET regex support : Yes
fwmark socket support : Yes
Use VRRP Framework : Yes
Use VRRP VMAC : Yes
Use VRRP authentication : Yes
With track_process : Yes
With linkbeat : Yes
Use NetworkManager : No
Use BFD Framework : Yes
SNMP vrrp support : No
SNMP checker support : No
SNMP RFCv2 support : No
SNMP RFCv3 support : No
DBUS support : No
Use JSON output : Yes
libnl version : 3
Use IPv4 devconf : Yes
Use iptables : No
Use nftables : Yes
init type : systemd
systemd notify : No
Strict config checks : No
Build documentation : No
Default runtime options : -D
Making all in libThe reason you don't get the warning is because you have IPVS use libnl : Yes.
Your build has no SNMP or DBus support, cannot use iptables but can use nftables instead. The lack of NetworkManager support does not matter if you have NetworkManager v1.18 or later, or you do not use VMACs. Your keepalived will not have direct systemd integration, but that may not well matter depending on how you start up keepalived.
This build certainly looks a lot more complete than the one I referred to as fairly broken.
jsalatiel
commented
4 months ago Thank-you.
I just used the
virtual_server, and I want static build the keepalived。 on alpine os, and my steps:the way1:
or the way2: