Alceu, as variáveis são as que eu te passei :) Com -fPIC e sem -fPIC são coisas completamente diferentes, mas se o seu O.S está linkando as bibliotecas compartilhadas direto, os resultados vão ser similares.
Lembre-se, a ideia de compilar com -fPIC era apenas no caso de você copiar o a biblioteca da vmware para a máquina física. Eu esqueci de te dizer que antes do "make", você precisa rodar $perl Makefile.PL..... No pior dos casos, você pode abrir manualmente o Makefile e colocar o diretório estático. 2014-06-17 19:28 GMT-03:00 Alceu Rodrigues de Freitas Junior <[email protected]>: > Daniel, > > Depois de penar mais algum tempo tentando, descobri que as variáveis de > ambiente que podem ajudar são: > > C_INCLUDE_PATH=/home/alcjunio/openssl/include > LIBRARY_PATH=/home/alcjunio/openssl/lib > > Mas para isto funcionar, tive que remover o pacote RPM openssl-devel da > distribuição ou dava erros na hora de compilar por os headers possuirem > símbolos que não existem nas libs antigas do openssl. > > Depois disso, foi instalar o Net::SSLeay, com as variáveis acima exportadas. > Ele finalmente considera o openssl atualizado no meu diretório home. > > Depois disso dá para instalar o IO::Socket::SSL sem problemas. > > Agora a parte chata: o SELinux não gosta de nada disso, e na VM que eu > estava ele impediu que os testes rodassem com sucesso: > > t/local/38_priv-key.t .................. Can't load > '/home/alcjunio/.cpan/build/Net-SSLeay-1.64-8kuViY/blib/arch/auto/Net/SSLeay/SSLeay.so' > for module Net::SSLeay: > /home/alcjunio/.cpan/build/Net-SSLeay-1.64-8kuViY/blib/arch/auto/Net/SSLeay/SSLeay.so: > cannot restore segment prot after reloc: Permission denied at > /home/alcjunio/perl5/perlbrew/perls/perl-5.16.3/lib/5.16.3/i686-linux/DynaLoader.pm > line 190. > at t/local/38_priv-key.t line 6. > > Este é um exemplo, muitos outros falharam pelo mesmo motivo. > > Já no log do SELinux: > > Summary > SELinux is preventing perl from loading > /home/alcjunio/.cpan/build/Net-SSLeay-1.64-8kuViY/blib/arch/auto/Net/SSLeay/SSLeay.so > which requires text relocation. > > Detailed Description > > The perl application attempted to load > /home/alcjunio/.cpan/build/Net-SSLeay-1.64-8kuViY/blib/arch/auto/Net/SSLeay/SSLeay.so > which requires text relocation. This is a potential security problem. Most > libraries do not need this permission. Libraries are sometimes coded > incorrectly and request this permission. The SELinux Memory Protection Tests > web page explains how to remove this requirement. You can configure SELinux > temporarily to allow > /home/alcjunio/.cpan/build/Net-SSLeay-1.64-8kuViY/blib/arch/auto/Net/SSLeay/SSLeay.so > to use relocation as a workaround, until the library is fixed. Please file a > bug report against this package. > > Não entendi nada, mas achei bonito. :-) > > Desabilitando o SELinux (ou configurando isso como exceção) resolve. Mas eu > não posso fazer isso. :-) > > Tanto faz compilar o openssl e o Net::SSLeay com -fPIC ou sem o flag (nos > dois casos usando o --prefix=/home/alceu/openssl no ./config do openssl), o > resultado é o mesmo. > > []'s > Alceu > > Em 17-06-2014 12:16, Daniel de Oliveira Mantovani escreveu: > >> Consegue sim, >> >> Makefile.PL accepts the following command line arguments: >> >> incpath >> >> Path to OpenSSL headers. Can also be specified via >> $ENV{OPENSSL_INCLUDE}. If the command line argument is provided, it >> overrides any value specified via the environment variable. Of course, >> you can ignore both the command line argument and the environment >> variable, and just add the path to your compiler specific environment >> variable such as CPATH or INCLUDE etc. >> >> libpath >> >> Path to OpenSSL libraries. Can also be specified via >> $ENV{OPENSSL_LIB}. If the command line argument is provided, it >> overrides any value specified by the environment variable. Of course, >> you can ignore both the command line argument and the environment >> variable and just add the path to your compiler specific environment >> variable such as LIBRARY_PATH or LIB etc. >> >> >> >> OPENSSL_INCLUDE=/home/foo/header/ >> OPENSSL_LIB=/home/foo/lib/ >> >> 2014-06-17 12:11 GMT-03:00 Alceu Rodrigues de Freitas Junior >> <[email protected]>: >>> >>> Obrigado Daniel, >>> >>> Instalar o OpenSSL no home do meu usuário foi bem tranquilo, mas >>> aparentemente o IO::Socket::SSL não tem opções para eu apontar quais >>> headers >>> e bibliotecas do openssl ele deve usar, algo que o Crypt::SSLeay tem >>> (http://search.cpan.org/dist/Crypt-SSLeay/SSLeay.pm#INSTALL). >>> Aparentemente >>> o Crypt::SSLeay está sendo substituído aos poucos pelo IO::Socket::SSL. >>> >>> Eu tentei instalar o Crypt::SSLeay para ver que acontecia. As >>> dependências >>> entre os módulos também é meio confusa: >>> >>> Running make test >>> Running Mkbootstrap for Crypt::SSLeay () >>> chmod 644 SSLeay.bs >>> >>> PERL_DL_NONLAZY=1 >>> /home/alcjunio/perl5/perlbrew/perls/perl-5.16.3/bin/perl >>> "-MExtUtils::Command::MM" "-MTest::Harness" "-e" "undef >>> *Test::Harness::Switches; test_harness(0, 'blib/lib', 'blib/arch')" t/*.t >>> t/00-basic.t ..... ok >>> t/01-connect.t ... ok >>> t/02-live.t ...... # Reading configuration from 'test.config' on linux >>> # network_tests : 0 >>> t/02-live.t ...... skipped: Network tests disabled >>> t/03-version.t ... ok >>> t/boilerplate.t .. ok >>> t/manifest.t ..... skipped: Author tests not required for installation >>> All tests successful. >>> Files=6, Tests=43, 0 wallclock secs ( 0.01 usr 0.04 sys + 0.25 cusr >>> 0.08 >>> csys = 0.38 CPU) >>> Result: PASS >>> NANIS/Crypt-SSLeay-0.72.tar.gz >>> Tests succeeded but one dependency not OK (LWP::Protocol::https) >>> NANIS/Crypt-SSLeay-0.72.tar.gz >>> [dependencies] -- NA >>> >>> Failed during this command: >>> SULLR/IO-Socket-SSL-1.993.tar.gz : make_test NO >>> GAAS/LWP-Protocol-https-6.04.tar.gz : make_test NO one >>> dependency >>> not OK (IO::Socket::SSL); additionally test harness failed >>> NANIS/Crypt-SSLeay-0.72.tar.gz : make_test NO one >>> dependency >>> not OK (LWP::Protocol::https) >>> >>> Isto está parecendo a história do ovo e da galinha. :-) >>> >>> Eu não achei nada no Makefile.PL do IO::Socket::SSL que me permitisse >>> especificar onde está o openSSL para ele usar. Tenho que fazer isso via >>> manipulação da $LD_LIBRARY_PATH ou algo assim? >>> >>> >>> Em 17-06-2014 11:02, Daniel de Oliveira Mantovani escreveu: >>> >>>> Bom dia Alceu, >>>> >>>> Baixa manualmente o OpenSSL >>>> (https://www.openssl.org/source/openssl-1.0.1h.tar.gz), compila e >>>> instala num diretório separado. Depois na hora de instalar o >>>> IO::Socket::SSL você aponta para o diretório separado que você >>>> instalou o OpenSSL. >>>> >>>> 2014-06-17 10:56 GMT-03:00 Alceu Rodrigues de Freitas Junior >>>> <[email protected]>: >>>>> >>>>> Bom dia pessoal, >>>>> >>>>> Estou com um problema que talvez algum de vocês já tenha tido >>>>> experiência. >>>>> >>>>> Preciso instalar alguns scripts de monitoração em um servidor Linux mas >>>>> cuja >>>>> distribuição já é um pouco velha. Para não mexer no perl "global", eu >>>>> resolvi usar o Perlbrew para instalar no diretório home de um usuário >>>>> específico e manter os módulos que preciso ali. Não preciso de >>>>> permissões >>>>> de >>>>> acesso maiores do que este usuário já possui também. >>>>> >>>>> Tudo ia bem até eu precisar instalar módulos relacionados com SSL. Como >>>>> o >>>>> openssl da distribuição é muito velha, eu não consigo instalar coisas >>>>> mais >>>>> recentes: >>>>> >>>>> cpan[2]> install IO::Socket::SSL >>>>> Running install for module 'IO::Socket::SSL' >>>>> SULLR/IO-Socket-SSL-1.993.tar.gz >>>>> Has already been unwrapped into directory >>>>> /home/alcjunio/.cpan/build/IO-Socket-SSL-1.993-FevB1C >>>>> SULLR/IO-Socket-SSL-1.993.tar.gz >>>>> Has already been prepared >>>>> SULLR/IO-Socket-SSL-1.993.tar.gz >>>>> Has already been made >>>>> Running make test >>>>> PERL_DL_NONLAZY=1 >>>>> /home/alcjunio/perl5/perlbrew/perls/perl-5.16.3/bin/perl >>>>> "-MExtUtils::Command::MM" "-MTest::Harness" "-e" "undef >>>>> *Test::Harness::Switches; test_harness(0, 'blib/lib', 'blib/arch')" >>>>> t/*.t >>>>> t/external/*.t >>>>> t/01loadmodule.t .................. 1/3 # openssl version=0x90802f >>>>> # Net::SSLeay::VERSION=1.64 >>>>> t/01loadmodule.t .................. ok >>>>> t/acceptSSL-timeout.t ............. ok >>>>> t/auto_verify_hostname.t .......... ok >>>>> t/cert_formats.t .................. ok >>>>> t/cert_no_file.t .................. ok >>>>> t/compatibility.t ................. ok >>>>> t/connectSSL-timeout.t ............ ok >>>>> t/core.t .......................... ok >>>>> t/dhe.t ........................... ok >>>>> t/ecdhe.t ......................... skipped: no support for ecdh with >>>>> this >>>>> openssl/Net::SSLeay >>>>> t/external/ocsp.t ................. skipped: no OCSP support >>>>> t/external/usable_ca.t ............ # found 148 CA certs >>>>> t/external/usable_ca.t ............ ok >>>>> t/io-socket-inet6.t ............... skipped: no IO::Socket::INET6 >>>>> available >>>>> t/io-socket-ip.t .................. skipped: no IO::Socket::IP 0.20 >>>>> available >>>>> t/memleak_bad_handshake.t ......... ok >>>>> t/mitm.t .......................... ok >>>>> t/nonblock.t ...................... ok >>>>> t/npn.t ........................... skipped: NPN not available in >>>>> Net::SSLeay >>>>> t/public_suffix_lib_encode_idn.t .. ok >>>>> t/public_suffix_lib_libidn.t ...... ok >>>>> t/public_suffix_lib_uri.t ......... ok >>>>> t/public_suffix_ssl.t ............. ok >>>>> t/readline.t ...................... ok >>>>> t/sessions.t ...................... ok >>>>> t/signal-readline.t ............... ok >>>>> t/sni.t ........................... skipped: because no server side SNI >>>>> support - openssl/Net::SSleay too old >>>>> t/start-stopssl.t ................. ok >>>>> t/startssl-failed.t ............... ok >>>>> t/startssl.t ...................... ok >>>>> t/sysread_write.t ................. ok >>>>> t/verify_fingerprint.t ............ 1/11 >>>>> # Failed test 'accept fp1 for saddr1' >>>>> # at t/verify_fingerprint.t line 49. >>>>> >>>>> # Failed test 'accept fp2 for saddr2' >>>>> # at t/verify_fingerprint.t line 49. >>>>> >>>>> # Failed test 'accept fp1|fp2 for saddr1' >>>>> # at t/verify_fingerprint.t line 49. >>>>> >>>>> # Failed test 'accept fp1|fp2 for saddr2' >>>>> # at t/verify_fingerprint.t line 49. >>>>> t/verify_fingerprint.t ............ 8/11 # Looks like you failed 4 >>>>> tests >>>>> of >>>>> 11. >>>>> t/verify_fingerprint.t ............ Dubious, test returned 4 (wstat >>>>> 1024, >>>>> 0x400) >>>>> Failed 4/11 subtests >>>>> t/verify_hostname.t ............... ok >>>>> t/verify_hostname_standalone.t .... ok >>>>> >>>>> Test Summary Report >>>>> ------------------- >>>>> t/verify_fingerprint.t (Wstat: 1024 Tests: 11 Failed: 4) >>>>> Failed tests: 1-2, 5-6 >>>>> Non-zero exit status: 4 >>>>> Files=33, Tests=700, 45 wallclock secs ( 0.15 usr 0.13 sys + 5.35 >>>>> cusr >>>>> 1.64 csys = 7.27 CPU) >>>>> Result: FAIL >>>>> Failed 1/33 test programs. 4/700 subtests failed. >>>>> make: *** [test_dynamic] Error 255 >>>>> SULLR/IO-Socket-SSL-1.993.tar.gz >>>>> /usr/bin/make test -- NOT OK >>>>> //hint// to see the cpan-testers results for installing this module, >>>>> try: >>>>> reports SULLR/IO-Socket-SSL-1.993.tar.gz >>>>> Failed during this command: >>>>> SULLR/IO-Socket-SSL-1.993.tar.gz : make_test NO >>>>> >>>>> Eu consigo ver duas opções: >>>>> >>>>> 1 - forçar a instalação dos módulos e correr o risco de >>>>> incompatibilidades >>>>> de versões >>>>> 2 - atualizar a distribuição na tentativa de então conseguir instalar >>>>> os >>>>> módulos Perl >>>>> >>>>> Como eu não tenho acesso à internet pelo servidor, tenho instalado e >>>>> configurado o Perlbrew em uma VM com as mesmas versões do servidor, >>>>> então >>>>> eu >>>>> poderia atualizar a VM. Mexer no servidor é algo que eu não tenho >>>>> acesso, >>>>> e >>>>> devido a questão de homologação, vai demorar uma vida até que eu >>>>> consiga >>>>> que >>>>> os responsáveis atualizem. >>>>> >>>>> Quão "isolada" é uma instalação do Perlbrew? Quando compilo algo em C, >>>>> os >>>>> módulos vão usar bibliotecas compartilhadas? Ou tudo fica auto-contido? >>>>> >>>>> Obrigado, >>>>> Alceu >>>>> =begin disclaimer >>>>> Sao Paulo Perl Mongers: http://sao-paulo.pm.org/ >>>>> SaoPaulo-pm mailing list: [email protected] >>>>> L<http://mail.pm.org/mailman/listinfo/saopaulo-pm> >>>>> =end disclaimer >>>> >>>> >>>> >>> =begin disclaimer >>> Sao Paulo Perl Mongers: http://sao-paulo.pm.org/ >>> SaoPaulo-pm mailing list: [email protected] >>> L<http://mail.pm.org/mailman/listinfo/saopaulo-pm> >>> =end disclaimer >> >> >> > > =begin disclaimer > Sao Paulo Perl Mongers: http://sao-paulo.pm.org/ > SaoPaulo-pm mailing list: [email protected] > L<http://mail.pm.org/mailman/listinfo/saopaulo-pm> > =end disclaimer -- -dom -- Daniel de Oliveira Mantovani Business Analytic Specialist Perl Evangelist /Astrophysics hobbyist. +55 11 9 8538-9897 XOXO =begin disclaimer Sao Paulo Perl Mongers: http://sao-paulo.pm.org/ SaoPaulo-pm mailing list: [email protected] L<http://mail.pm.org/mailman/listinfo/saopaulo-pm> =end disclaimer
