Re: BIND8, BIND9 static compilation problems

> ----- Original Message ----- 
> From: Mark Andrews
> Sent: Friday, September 26, 2003 01:50
> Subject: Re: BIND8, BIND9 static compilation problems 
> 
> Quoting Mark Andrews:
> > Glibc contains a weak references to handle the differences
> > between threaded and non-threaded builds.  BIND 8.4.2
> > contains a work-around.
> >
> > lib/irs/irs_data.c:
> > #ifdef _REENTRANT
> > struct __res_state *
> > .....................
> > #endif
> 
> Hi Mark!
> First, BIG thanks for your effort! Your patch helped me in creating
> static binaries. You said that 8.4.2 contains corrections to this
> problem but I didn't find 8.4.2 src on ftp.isc.org so I manually 
> applied your patch to lib/irs/irs_data.c. It' worked fine :)
> 
> ldd named     not a dynamic executable
> ldd named-xfer        not a dynamic executable
> 
> -rwxr-xr-x 1 dns dns   1173437 Sep 26 15:14 named
> -rwxr-xr-x 1 dns dns  846726 Sep 26 15:14 named-xfer
> 
> named -v       
> named 8.4.1-REL Fri Sep 26 15:07:39 CEST 2003
> 
> that's cool, but new problems arrived, as I couldn't start named
> in chroot environment with -u and -g flags. Without -u/-g flags, 
> named started successfully in chroot env of course started by root
> user again. 
> 
> 
> # chroot /chroot/dns /sbin/named -u dns -g dns
> user "dns" unknown
> 
> etc/
> ls -la 
> -r--r--r--    1 root     root           11 Sep 26 15:27 group
> -r--r--r--    1 root     root          696 Sep 26 15:26 localtime
> -r--r--r--    1 root     root         7912 Sep 27 17:26 named.conf
> -r--r--r--    1 root     root           27 Sep 27 17:32 passwd
> -r--r--r--    1 root     root         5748 Sep 27 16:53 protocols
> -r--r--r--    1 root     root           43 Sep 27 17:25 resolv.conf
> -r--r--r--    1 root     root          150 Sep 27 17:19 services
> 
> cat passwd 
> dns:x:1002:102::/:
> 
> cat group 
> dns:x:102:
> 
> d--x--x--x    2 root     root         4096 Sep 26 15:24 dev/
> drwxr-xr-x    2 root     root         4096 Sep 27 18:45 etc/
> d--x--x--x    2 root     root         4096 Sep 27 18:17 sbin/
> drwxr-xr-x    5 dns      dns          4096 Sep 26 15:13 var/
> 
> 
> Now, as created all necessary directories and put all needed
> files in, I was curios what more bind need, so I used statically
> compiled strace.
> 
> chroot /chroot/dns sbin/strace -o trace.out /sbin/named -u dns -g dns
> 
> And voala, I get some interesting output from trace.out log file:
> 
> -- snip --
> 
> execve("/sbin/named", ["/sbin/named", "-u", "dns", "-g", "dns"], [/* 25 
> vars */]) = 0
> fcntl64(0, F_GETFD)                     = 0
> fcntl64(1, F_GETFD)                     = 0
> fcntl64(2, F_GETFD)                     = 0
> geteuid32()                             = 0
> getuid32()                              = 0
> getegid32()                             = 0
> getgid32()                              = 0
> brk(0)                                  = 0x8155d48
> brk(0x8156d48)                          = 0x8156d48
> brk(0x8157000)                          = 0x8157000
> brk(0x8158000)                          = 0x8158000
> brk(0x815c000)                          = 0x815c000
> old_mmap(NULL, 266240, PROT_READ|PROT_WRITE, 
> MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40000000
> getuid32()                              = 0
> getgid32()                              = 0
> gettimeofday({1064682873, 942469}, NULL) = 0
> getpid()                                = 4968
> umask(022)                              = 022
> socket(PF_UNIX, SOCK_STREAM, 0)         = 3
> connect(3, {sa_family=AF_UNIX, path="/var/run/.nscd_socket"}, 110) = -1 
> ENOENT (No such file or directory)
> close(3)                                = 0
> open("/etc/nsswitch.conf", O_RDONLY)    = -1 ENOENT (No such file or 
> directory)
> open("/etc/ld.so.cache", O_RDONLY)      = -1 ENOENT (No such file or 
> directory)
> open("/lib/libnss_compat.so.2", O_RDONLY) = -1 ENOENT (No such file or 
> directory)
> stat64("/lib", 0xbffff240)              = -1 ENOENT (No such file or 
> directory)
> open("/usr/lib/libnss_compat.so.2", O_RDONLY) = -1 ENOENT (No such file 
> or directory)
> stat64("/usr/lib", 0xbffff240)          = -1 ENOENT (No such file or 
> directory)
> write(2, "user \"dns\" unknown\n", 19)  = 19
> exit_group(1)                           = ?
> 
> -- snap --
> 
> Why statically compiled binary send request for:
>       /lib
>       /usr/lib
>       /etc/ld.so.cache
>       /lib/libnss_compat.so.2
>       /lib/libnss_files.so.2
> 
> Now, I grep't thru bind-src/ for "dlopen" and only 
> binary files matched(?)
> 
> egrep -r "dlopen" src/*
> Binary file src/bin/named/named matches
> Binary file src/bin/named-xfer/named-xfer matches
> Binary file src/bin/addr/addr matches
> Binary file src/bin/dig/dig matches
> Binary file src/bin/dnskeygen/dnskeygen matches
> Binary file src/bin/dnsquery/dnsquery matches
> Binary file src/bin/host/host matches
> Binary file src/bin/irpd/irpd matches
> Binary file src/bin/mkservdb/mkservdb matches
> Binary file src/bin/ndc/ndc matches
> Binary file src/bin/nslookup/nslookup matches
> Binary file src/bin/nsupdate/nsupdate matches
> 
> 
> Please advise... :)

        Supply the shared libraries or just let named perform the
        chroot with the '-t' option and it will make the getpwnam()
        before it calls chroot.

        Static brinary can still dynamically load code by hand.
 
> Thanks again 
> Ivan
> 
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews@xxxxxxx