search

tarickb / sasl-xoauth2

SASL plugin for XOAUTH2
Other
73 stars 21 forks source link

Failure to build (link) on CentOS9 #41

Closed whitemice closed 1 year ago

whitemice commented 2 years ago

Fails linking to libjsoncpp library

[root@localhost tmp]# git clone https://github.com/tarickb/sasl-xoauth2
Cloning into 'sasl-xoauth2'...
remote: Enumerating objects: 605, done.
remote: Counting objects: 100% (195/195), done.
remote: Compressing objects: 100% (98/98), done.
remote: Total 605 (delta 133), reused 139 (delta 97), pack-reused 410
Receiving objects: 100% (605/605), 129.53 KiB | 1.38 MiB/s, done.
Resolving deltas: 100% (384/384), done.
[root@localhost tmp]# cd sasl-xoauth2/
[root@localhost sasl-xoauth2]# mkdir -p build
[root@localhost sasl-xoauth2]# cd build
[root@localhost build]# cmake ..
-- The CXX compiler identification is GNU 11.3.1
-- Detecting CXX compiler ABI info
-- Detecting CXX compiler ABI info - done
-- Check for working CXX compiler: /usr/bin/c++ - skipped
-- Detecting CXX compile features
-- Detecting CXX compile features - done
-- Found PkgConfig: /usr/bin/pkg-config (found version "1.7.3") 
-- Found CURL: /usr/lib64/libcurl.so (found version "7.76.1")  
-- Checking for module 'jsoncpp'
--   Found jsoncpp, version 1.9.5
-- Checking for module 'libsasl2'
--   Found libsasl2, version 2.1.27
-- Configuring done
-- Generating done
-- Build files have been written to: /tmp/sasl-xoauth2/build
[root@localhost build]# make
[  5%] Building CXX object src/CMakeFiles/sasl-xoauth2.dir/client.cc.o
[ 11%] Building CXX object src/CMakeFiles/sasl-xoauth2.dir/config.cc.o
[ 16%] Building CXX object src/CMakeFiles/sasl-xoauth2.dir/http.cc.o
[ 22%] Building CXX object src/CMakeFiles/sasl-xoauth2.dir/log.cc.o
[ 27%] Building CXX object src/CMakeFiles/sasl-xoauth2.dir/module.cc.o
[ 33%] Building CXX object src/CMakeFiles/sasl-xoauth2.dir/token_store.cc.o
[ 38%] Linking CXX shared library libsasl-xoauth2.so
/usr/bin/ld: /usr/local/lib64/libjsoncpp.a(json_reader.cpp.o): relocation R_X86_64_32 against `.rodata' can not be used when making a shared object; recompile with -fPIC
/usr/bin/ld: /usr/local/lib64/libjsoncpp.a(json_value.cpp.o): relocation R_X86_64_32 against `.bss' can not be used when making a shared object; recompile with -fPIC
/usr/bin/ld: /usr/local/lib64/libjsoncpp.a(json_writer.cpp.o): relocation R_X86_64_32 against `.rodata' can not be used when making a shared object; recompile with -fPIC
collect2: error: ld returned 1 exit status
make[2]: *** [src/CMakeFiles/sasl-xoauth2.dir/build.make:178: src/libsasl-xoauth2.so] Error 1
make[1]: *** [CMakeFiles/Makefile2:200: src/CMakeFiles/sasl-xoauth2.dir/all] Error 2
make: *** [Makefile:166: all] Error 2
tarickb commented 2 years ago

Can you try again with this patch?

whitemice commented 2 years ago

No change. :(

[root@localhost tmp]# git clone https://github.com/tarickb/sasl-xoauth2
Cloning into 'sasl-xoauth2'...
remote: Enumerating objects: 605, done.
remote: Counting objects: 100% (195/195), done.
remote: Compressing objects: 100% (98/98), done.
remote: Total 605 (delta 133), reused 139 (delta 97), pack-reused 410
Receiving objects: 100% (605/605), 129.53 KiB | 1.75 MiB/s, done.
Resolving deltas: 100% (384/384), done.
[root@localhost tmp]# cd sasl-xoauth2/src
[root@localhost src]# patch < /tmp/pic.patch 
patching file CMakeLists.txt
#####
[root@localhost src]# cd ..
[root@localhost sasl-xoauth2]# mkdir build && cd build && cmake ..
-- The CXX compiler identification is GNU 11.3.1
-- Detecting CXX compiler ABI info
-- Detecting CXX compiler ABI info - done
-- Check for working CXX compiler: /usr/bin/c++ - skipped
-- Detecting CXX compile features
-- Detecting CXX compile features - done
-- Found PkgConfig: /usr/bin/pkg-config (found version "1.7.3") 
-- Found CURL: /usr/lib64/libcurl.so (found version "7.76.1")  
-- Checking for module 'jsoncpp'
--   Found jsoncpp, version 1.9.5
-- Checking for module 'libsasl2'
--   Found libsasl2, version 2.1.27
-- Configuring done
-- Generating done
-- Build files have been written to: /tmp/sasl-xoauth2/build
[root@localhost build]# cmake .. -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_INSTALL_SYSCONFDIR=/etc
-- Configuring done
-- Generating done
-- Build files have been written to: /tmp/sasl-xoauth2/build
[root@localhost build]# make
[  5%] Building CXX object src/CMakeFiles/sasl-xoauth2.dir/client.cc.o
[ 11%] Building CXX object src/CMakeFiles/sasl-xoauth2.dir/config.cc.o
[ 16%] Building CXX object src/CMakeFiles/sasl-xoauth2.dir/http.cc.o
[ 22%] Building CXX object src/CMakeFiles/sasl-xoauth2.dir/log.cc.o
[ 27%] Building CXX object src/CMakeFiles/sasl-xoauth2.dir/module.cc.o
[ 33%] Building CXX object src/CMakeFiles/sasl-xoauth2.dir/token_store.cc.o
[ 38%] Linking CXX shared library libsasl-xoauth2.so
/usr/bin/ld: /usr/local/lib64/libjsoncpp.a(json_reader.cpp.o): relocation R_X86_64_32 against `.rodata' can not be used when making a shared object; recompile with -fPIC
/usr/bin/ld: /usr/local/lib64/libjsoncpp.a(json_value.cpp.o): relocation R_X86_64_32 against `.bss' can not be used when making a shared object; recompile with -fPIC
/usr/bin/ld: /usr/local/lib64/libjsoncpp.a(json_writer.cpp.o): relocation R_X86_64_32 against `.rodata' can not be used when making a shared object; recompile with -fPIC
collect2: error: ld returned 1 exit status
make[2]: *** [src/CMakeFiles/sasl-xoauth2.dir/build.make:178: src/libsasl-xoauth2.so] Error 1
make[1]: *** [CMakeFiles/Makefile2:200: src/CMakeFiles/sasl-xoauth2.dir/all] Error 2
make: *** [Makefile:166: all] Error 2
whitemice commented 2 years ago

If it means anything it builds successfully on openSUSE LEAP 15.4

gcc-c++-7-3.9.1.x86_64
package curl-devel is not installed
package cyus-sasl-devel is not installed
jsoncpp-devel-1.8.4-1.17.x86_64
git-2.35.3-150300.10.15.1.x86_64
cmake-full-3.20.4-150400.2.13.x86_64
leap154:/tmp/sasl-xoauth2/build # make
[  5%] Building CXX object src/CMakeFiles/sasl-xoauth2.dir/client.cc.o
[ 11%] Building CXX object src/CMakeFiles/sasl-xoauth2.dir/config.cc.o
[ 16%] Building CXX object src/CMakeFiles/sasl-xoauth2.dir/http.cc.o
[ 22%] Building CXX object src/CMakeFiles/sasl-xoauth2.dir/log.cc.o
[ 27%] Building CXX object src/CMakeFiles/sasl-xoauth2.dir/module.cc.o
[ 33%] Building CXX object src/CMakeFiles/sasl-xoauth2.dir/token_store.cc.o
[ 38%] Linking CXX shared library libsasl-xoauth2.so
[ 38%] Built target sasl-xoauth2
[ 44%] Building CXX object src/CMakeFiles/sasl-xoauth2_test.dir/xoauth2_test.cc.o
[ 50%] Linking CXX executable sasl-xoauth2_test
[ 50%] Built target sasl-xoauth2_test
[ 55%] Building CXX object src/CMakeFiles/sasl-xoauth2-static.dir/client.cc.o
[ 61%] Building CXX object src/CMakeFiles/sasl-xoauth2-static.dir/config.cc.o
[ 66%] Building CXX object src/CMakeFiles/sasl-xoauth2-static.dir/http.cc.o
[ 72%] Building CXX object src/CMakeFiles/sasl-xoauth2-static.dir/log.cc.o
[ 77%] Building CXX object src/CMakeFiles/sasl-xoauth2-static.dir/module.cc.o
[ 83%] Building CXX object src/CMakeFiles/sasl-xoauth2-static.dir/token_store.cc.o
[ 88%] Linking CXX static library libsasl-xoauth2-static.a
[ 88%] Built target sasl-xoauth2-static
[ 94%] Building CXX object src/CMakeFiles/sasl-xoauth2-test-config.dir/test_config.cc.o
[100%] Linking CXX executable sasl-xoauth2-test-config
[100%] Built target sasl-xoauth2-test-config
tarickb commented 2 years ago

Sorry for the delay -- it took me a while to find time to download and install CentOS 9 to give this a try for myself. I was able to build and run the plugin without issue, but I have an idea as to what might be going on here: did you build libjsoncpp yourself, or did you install it from the EPEL repository?

whitemice commented 1 year ago

Yes it builds on CentOS9 with the packages from EPEL.

jsoncpp-1.9.5-1.el9.x86_64
jsoncpp-devel-1.9.5-1.el9.x86_64
whitemice commented 1 year ago

And it appears to be loaded (CentOS9); or at least it appears in the output of pluginviewer

[root@localhost postfix]# pluginviewer -c
Installed and properly configured SASL (client side) mechanisms are:
  GSS-SPNEGO GSSAPI EXTERNAL XOAUTH2 LOGIN PLAIN ANONYMOUS
Available SASL (client side) mechanisms matching your criteria are:
  GSS-SPNEGO GSSAPI EXTERNAL XOAUTH2 LOGIN PLAIN ANONYMOUS
List of client plugins follows
...
Plugin "sasl-xoauth2" [loaded],     API version: 4
    SASL mechanism: XOAUTH2, best SSF: 60
    security flags: NO_ANONYMOUS|PASS_CREDENTIALS
    features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION
...
whitemice commented 1 year ago

Hurray! (so far) it appears to be a working build

[root@localhost postfix]# /usr/bin/sasl-xoauth2-test-config -c /etc/sasl-xoauth2.conf 
Config check passed.
[root@localhost postfix]# /usr/bin/sasl-xoauth2-test-config -r /etc/tokens/mormail@micore.us 
Config check passed.
Token refresh succeeded.
whitemice commented 1 year ago

Hazah! That is mail send from a CentOS9 host.

Oct 20 13:16:07 localhost postfix/smtp[4811]: 2CB011100495: to=<adam@example.com>, relay=smtp.office365.com[52.96.163.2]:587, delay=0.94, delays=0.03/0.08/0.52/0.3, dsn=2.0.0, status=sent (**250 2.0.0 OK** <20221020171606.2CB011100495@localhost.localdomain> [Hostname=DM6PR17MB2075.namprd17.prod.outlook.com])

Note that the tail issues I had were SELinux related, the default policies result in a SASL failure as a "generic" error. The syslog shows 

SELinux is preventing /usr/libexec/postfix/smtp from write access on the directory tokens

I did not have to do anything with the certificate store.

tarickb commented 1 year ago

Awesome, glad it all worked out!