问题
The openssl binary generated by the config & make commands when building from the source tarball is dynamically linked to these libraries:
linux-vdso.so.1 => (0x00007fffa75fe000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007ff7f79ab000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007ff7f75e2000)
/lib64/ld-linux-x86-64.so.2 (0x00007ff7f7bd2000)
My guess is if I can link statically to lib gcc, the dependencies on the other shared libraries will disappear too.
Question is how do I get the Configure script to generate a statically linked binary?
Will the process be the same for building on Windows as well?
回答1:
What worked for me is to pass -static and --static to the ./config step. --no-shared seems documented in INSTALL but led to build failures. -static by itself also led to build failures.
./config --static -static
回答2:
I came across this post while searching for the same exact thing. I do not know the proper syntax to get the configure script to do this, but this is how I achieved it.
cd /tmp
wget http://www.openssl.org/source/openssl-1.0.1e.tar.gz
tar -zxvf openssl-1.0.1e.tar.gz
cd openssl-1.0.1e
./config
I then Added "-static -static-libgcc" to the CFLAG line of openssl-1.0.1e/Makefile (Note this was AFTER I ran ./config). Then I built it like normal.
make INSTALL_PREFIX=/tmp/package-root install
it is now statically compiled
$ ldd /tmp/package-root/usr/local/ssl/bin/openssl
not a dynamic executable
回答3:
I wasn't able to get the above solution to work. The linker threw errors about _dlopen being undefined.
I added the no-shared option to the config line, and this built openssl statically linked to the openssl libraries.
It is still dependent on libsocket.so.2, linnsl.so, libz.so, and libc.so.1
回答4:
Get the source. I used git because I find it easier, but downloading the source tar.gz works too:
$ git clone git://git.openssl.org/openssl.git
Cloning into 'openssl'...
remote: warning: unable to access '/root/.config/git/attributes': Permission denied
remote: Counting objects: 318375, done.
remote: Compressing objects: 100% (89565/89565), done.
remote: Total 318375 (delta 227244), reused 309362 (delta 219401)
Receiving objects: 100% (318375/318375), 65.83 MiB | 714.00 KiB/s, done.
Resolving deltas: 100% (227244/227244), done.
Check the remote branches (git branch -r) or tags (git tag) and choose the version to build. I used the latest 1.1.1a:
$ cd openssl
$ git checkout OpenSSL_1_1_1a
Note: checking out 'OpenSSL_1_1_1a'.
...
HEAD is now at d1c28d791a... Prepare for 1.1.1a release
Run ./config with the -static parameter.
$ ./config -static
Operating system: x86_64-whatever-linux2
Configuring OpenSSL version 1.1.1a (0x1010101fL) for linux-x86_64
Using os-specific seed configuration
Creating configdata.pm
Creating Makefile
**********************************************************************
*** ***
*** OpenSSL has been successfully configured ***
*** ***
*** If you encounter a problem while building, please open an ***
*** issue on GitHub <https://github.com/openssl/openssl/issues> ***
*** and include the output from the following command: ***
*** ***
*** perl configdata.pm --dump ***
*** ***
*** (If you are new to OpenSSL, you might want to consult the ***
*** 'Troubleshooting' section in the INSTALL file first) ***
*** ***
**********************************************************************
I got this -static parameter from the INSTALL file:
-Dxxx, -Ixxx, -Wp, -lxxx, -Lxxx, -Wl, -rpath, -R, -framework, -static
These system specific options will be recognised and
passed through to the compiler to allow you to define
preprocessor symbols, specify additional libraries, library
directories or other compiler options. It might be worth
noting that some compilers generate code specifically for
processor the compiler currently executes on. This is not
necessarily what you might have in mind, since it might be
unsuitable for execution on other, typically older,
processor. Consult your compiler documentation.
Compile:
$ make -j`nproc`
...
Check if it's a static binary:
$ ldd apps/openssl
not a dynamic executable
$ file apps/openssl
apps/openssl: ELF 64-bit LSB executable, x86-64, version 1 (GNU/Linux), statically linked, for GNU/Linux 3.2.0, BuildID[sha1]=7c1d00e83b29cd1deaff2248cc8db8bbfc099d81, not stripped
No need to manually edit the Makefile. Unfortunately I don't know how to do it on Windows.
回答5:
For Windows I successfully used this sequence
- clone OpenSSL_1_1_1-static branch
- Follow Windows instructions to install Perl, Netwide Assembler (NASM); add these exe's into PATH
- Using Visual Studio 2017 command prompt; cd openssl
perl Configure VC-WIN32 /MT- Note: -static is invalid for Windows
- edit makefile, find '/MD' flag and remove it (/MT will be used)
nmakenmake testnmake install
Then link libraries libcrypto_static.lib, libssl_static.lib to your program, which also must be compiled with /MT (/MTd for debug).
Other Visual Studio compiler versions should work the same.
Note: depending on the use case, the flag -D"OPENSSL_USE_APPLINK" may need to be removed from the makefile and the static libraries recompiled.
来源:https://stackoverflow.com/questions/20147707/compiling-the-openssl-binary-statically