0

I am building lftp from source. How to configure it correctly to support secure protocol with gnutls libraries?

I am on SuSE Linux, s390 uname -a Linux zdsdeveng03 3.0.101-108.84-default #1 SMP Fri Nov 30 15:57:27 UTC 2018 (7a72692) s390x s390x s390x GNU/Linux

Regular lftp installed on the system does not support TLS 1.2 protocol, but I need to use it for communication with z/OS ftp host.

lftp -v LFTP | Version 4.6.3a | Copyright (c) 1996-2014 Alexander V. Lukyanov ... ibraries used: Readline 5.2, GnuTLS 2.4.1, zlib 1.2.7

I am trying to compile from source current lftp version and use newer GnuTLS libary.

I compiled gnutls-3.6.6 and installed it in my ~/lib folder

Now trying to compile lftp-4.8.4 I configured it with

./configure --with-gnutls=/gsa/pokgsa/home/l/e/leonidt/local --prefix=/gsa/pokgsa/home/l/e/leonidt/local --with-libpth-prefix=/gsa/pokgsa/home/l/e/leonidt/local/ LIBGNUTLS_LIBS=-L/gsa/pokgsa/home/l/e/leonidt/local/lib/ LIBGNUTLS_CFLAGS=-I/gsa/pokgsa/home/l/e/leonidt/local/include

/gsa/pokgsa/home/l/e/leonidt - is my home folder

Then installed it with make install

Before running lftp I have set environment variables:

export LD_LIBRARY_PATH=/gsa/pokgsa/home/l/e/leonidt/local/lib:$LD_LIBRARY_PATH export PATH=/gsa/pokgsa/home/l/e/leonidt/local/bin:$PATH

But lftp executable that I got, does not support secure protocol commands:

lftp
lftp :~> set ftp:ssl-force true ftp:ssl-force: no such variable. Use `set -a' to look at all variables. lftp :~>

and lftp -v output does not show GnuTLS among libraries used.

So I tried to run libtool command, that make generated and add path to /bin/sh ../libtool --silent --tag=CXX --mode=link g++ -O2 -Wall -Wwrite-strings -Woverloaded-virtual -fno-exceptions -fno-rtti -fno-implement-inlines -export-dynamic -s -o lftp lftp-lftp.o lftp-complete.o lftp-lftp_rl.o lftp-attach.o liblftp-jobs.la liblftp-tasks.la -L/usr/lib -L//gsa/pokgsa/home/l/e/leonidt/local/lib -lreadline -lutil -lncurses -ldl with -lgnutls option appended to the end manually

It generated executable, which now shows GnuTLS among libraries used, but still does not support set ftp:ssl-force true command with same error messages :(

There was some messages while it was linked: /bin/sh ../libtool --silent --tag=CXX --mode=link g++ -O2 -Wall -Wwrite-strings -Woverloaded-virtual -fno-exceptions -fno-rtti -fno-implement-inlines -export-dynamic -s -o lftp lftp-lftp.o lftp-complete.o lftp-lftp_rl.o lftp-attach.o liblftp-jobs.la liblftp-tasks.la -L/usr/lib -L//gsa/pokgsa/home/l/e/leonidt/local/lib -lreadline -lutil -lncurses -ldl -lgnutls

/usr/lib64/gcc/s390x-suse-linux/4.3/../../../../s390x-suse-linux/bin/ld: skipping incompatible /usr/lib/libutil.so when searching for -lutil

/usr/lib64/gcc/s390x-suse-linux/4.3/../../../../s390x-suse-linux/bin/ld: skipping incompatible /usr/lib/libutil.a when searching for -lutil

/usr/lib64/gcc/s390x-suse-linux/4.3/../../../../s390x-suse-linux/bin/ld: skipping incompatible /usr/lib/libdl.so when searching for -ldl

/usr/lib64/gcc/s390x-suse-linux/4.3/../../../../s390x-suse-linux/bin/ld: skipping incompatible /usr/lib/libdl.a when searching for -ldl

/usr/lib64/gcc/s390x-suse-linux/4.3/../../../../s390x-suse-linux/bin/ld: skipping incompatible /usr/lib/librt.so when searching for -lrt

/usr/lib64/gcc/s390x-suse-linux/4.3/../../../../s390x-suse-linux/bin/ld: skipping incompatible /usr/lib/librt.a when searching for -lrt

/usr/lib64/gcc/s390x-suse-linux/4.3/../../../../s390x-suse-linux/bin/ld: skipping incompatible /usr/lib/libm.so when searching for -lm

/usr/lib64/gcc/s390x-suse-linux/4.3/../../../../s390x-suse-linux/bin/ld: skipping incompatible /usr/lib/libm.a when searching for -lm

/usr/lib64/gcc/s390x-suse-linux/4.3/../../../../s390x-suse-linux/bin/ld: skipping incompatible /usr/lib/libc.so when searching for -lc

/usr/lib64/gcc/s390x-suse-linux/4.3/../../../../s390x-suse-linux/bin/ld: skipping incompatible /usr/lib/libc.a when searching for -lc

Can it be a reason of set ftp:ssl-force true command not supported?

I examined libraries with the file command:

file /usr/lib/libutil.so /usr/lib/libutil.so: symbolic link to `/lib/libutil.so.1'

file /lib/libutil.so.1 /lib/libutil.so.1: symbolic link to `libutil-2.11.3.so'

file /lib/libutil-2.11.3.so /lib/libutil-2.11.3.so: ELF 32-bit MSB shared object, IBM S/390, version 1 (SYSV), for GNU/Linux 2.6.4, dynamically linked (uses shared libs), not stripped

Libraries are 32 bit! So I looked for 64 bit versions and found them in /lib64

So I tried to run above command explicitly specifying -L/lib64 instead of -L/usr/lib

No help - same result :(

Can anybody advice how to get rid of this skipping incompatible messages? Are they really source of the problem?

Heretic Monkey
  • 11,687
  • 7
  • 53
  • 122
Leonid Tepliakov
  • 31
  • 4
  • If you require the program's user interface to support more capabilities, then you probably need to modify `lftp`, not just rebuild it with a newer library version. It's not certain that's really the case here, but it does look that way. – John Bollinger Sep 07 '19 at 12:25
  • Thank you, HM, but in this case I do not need any new capabilities. Just to get existing working would be enough for me. Actually I built it successfully at the beginning of this year, met with a bug in it, got a patch from author, now need to apply it and build again, but something changed in environment, so that I can not build it again. I am not so experienced in development on Linux, and need some help now. – Leonid Tepliakov Sep 07 '19 at 17:03
  • Did you really install your newer gnutls in `~/lib`, as written in the question? Not `~/local/lib`, which appears to be where you're telling `configure` to look for it? – John Bollinger Sep 08 '19 at 12:08
  • The "skipping incompatible" library messages are unlikely to be anything to be concerned about. It is typical in multilib Linux distros for 32-bit libraries to be installed in `/usr/lib`, with 64-bit ones in `/usr/lib64`. They cannot go in the same directory because of name collisions. But packages may not all follow that convention, so both directories are searched during 64-bit builds. If the build completes successfully then usable versions of those libraries were found, so you do not need to do anything about the messages. – John Bollinger Sep 08 '19 at 12:25
  • That the regular build does omits libgnutls from the link command suggests that `configure` did not find it or rejected the version it found, and opted to build without support for it. Read `configure`'s output to see what it says about that library. Relinking with `-lgnutls` appended to the link line would be unlikely to resolve such an issue satisfactorily. – John Bollinger Sep 08 '19 at 12:30
  • Thank you John! Your comments was very helpful. I managed to compile patched module now and it looks to work well. Still make does not work smoothly for me, but with separate command I was able to build lftp load module. Will further investigate why I meet this problem with libraries. And yes I mentioned ~/lib by mistake, everything is in ~/local/lib. – Leonid Tepliakov Sep 09 '19 at 08:51

1 Answers1

0

The following recipe makes a recent version of LFTP, including the gnutls-devel library requested in the question, on a late Amazon EC2 machine, running Amazon Linux 2.

sudo -s yum -y remove lftp
wget http://lftp.yar.ru/ftp/lftp-4.9.2.tar.bz2
tar -xf lftp-4.9.2.tar.bz2
cd lftp-4.9.2
sudo -s yum -y groupinstall "Development Tools"
sudo -s yum -y install ncurses-devel
sudo -s yum -y install readline-devel
sudo -s yum -y install gnutls-devel
./configure
make
sudo -s make install
sudo -s ln -s /usr/local/bin/lftp /usr/bin/lftp
cd ..
lftp --version

The output of the lftp --version command shows that the gnutls library was used in the build.

FTP | Version 4.9.2 | Copyright (c) 1996-2020 Alexander V. Lukyanov

LFTP is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with LFTP.  If not, see <http://www.gnu.org/licenses/>.


Send bug reports and questions to the mailing list <lftp@uniyar.ac.ru>.

Libraries used: GnuTLS 3.3.29, Readline 6.2, zlib 1.2.7
eeasterly
  • 754
  • 8
  • 11