search

eternaltyro / cryptsetup

Since Google code is shuttering...
http://code.google.com/p/cryptsetup
GNU General Public License v2.0
0 stars 0 forks source link

could not find fipscheck library #240

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
I'm trying to cross-compile crypsetup and made sure libfipscheck is under 
LD_FLAGS, however configure script always failed:
ls 
/home/test/openwrt/staging_dir/target-arm_cortex-a9+neon_eglibc-2.19_eabi/usr/li
b
   libfipscheck.so -> libfipscheck.so.1
   libfipscheck.so.1

LDFLAGS="-L/home/test/openwrt/staging_dir/target-arm_cortex-a9+neon_eglibc-2.19_
eabi/usr/lib" ./configure --host=arm-openwrt-linux 
--with-crypto_backend=openssl --enable-fips
<snip>

checking for shared library run path origin... done
checking for CFPreferencesCopyAppValue... no
checking for CFLocaleCopyCurrent... no
checking for GNU gettext in libc... yes
checking whether to use NLS... yes
checking where the gettext function comes from... libc
checking for poptConfigFileToString in -lpopt... yes
checking for FIPSCHECK_verify in -lfipscheck... no
configure: error: You need the fipscheck library.

Whatever is missing. The configure script has the content below and I could not 
find anything obvious:

{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for FIPSCHECK_verify in 
-lfipscheck" >&5
$as_echo_n "checking for FIPSCHECK_verify in -lfipscheck... " >&6; }
if ${ac_cv_lib_fipscheck_FIPSCHECK_verify+:} false; then :
  $as_echo_n "(cached) " >&6
else
  ac_check_lib_save_LIBS=$LIBS
LIBS="-lfipscheck  $LIBS"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h.  */

/* Override any GCC internal prototype to avoid an error.
   Use char because int might match the return type of a GCC
   builtin and then its argument prototype would still apply.  */
#ifdef __cplusplus
extern "C"
#endif
char FIPSCHECK_verify ();
int
main ()
{
return FIPSCHECK_verify ();
  ;
  return 0;
}
_ACEOF
if ac_fn_c_try_link "$LINENO"; then :
  ac_cv_lib_fipscheck_FIPSCHECK_verify=yes
else
  ac_cv_lib_fipscheck_FIPSCHECK_verify=no
fi
rm -f core conftest.err conftest.$ac_objext \
    conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: 
$ac_cv_lib_fipscheck_FIPSCHECK_verify" >&5
$as_echo "$ac_cv_lib_fipscheck_FIPSCHECK_verify" >&6; }
if test "x$ac_cv_lib_fipscheck_FIPSCHECK_verify" = xyes; then :
  cat >>confdefs.h <<_ACEOF
#define HAVE_LIBFIPSCHECK 1
_ACEOF

  LIBS="-lfipscheck $LIBS"

else
  as_fn_error $? "You need the fipscheck library." "$LINENO" 5
fi

Original issue reported on code.google.com by fos...@gmail.com on 22 Dec 2014 at 4:48

GoogleCodeExporter commented 9 years ago 
I found the problem, it's on my build environment.

Original comment by fos...@gmail.com on 22 Dec 2014 at 5:04

GoogleCodeExporter commented 9 years ago 
[deleted comment]
GoogleCodeExporter commented 9 years ago 
Please do NOT use FIPS version at all (default should be switched off, DO NOT 
use --enable-fips - you do not need that).

It makes sense only for specific RHEL build (which is used to FIPS140 
validation), for all other configurations it adds only a lot of FIPS crap.

(And it will be done differently in future without fipscheck anyway.)

Original comment by gmazyl...@gmail.com on 22 Dec 2014 at 6:01