Can't compile with new CheckPoint SDK (SHA256 support)
carlopires opened this issue · 9 comments
carlopires commented
When trying to compile fw1-loggrabber the new SDK with SHA256 support from CheckPoint I get a these errors:
ubuntu@loggrabber:~/checkpoint-lea/fw1-loggrabber$ make
/usr/bin/gcc -m32 -g -Wall -fpic -I../sdk2/include -DLINUX -DUNIXOS=1 -DDEBUG -c -o thread.o thread.c
/usr/bin/gcc -m32 -g -Wall -fpic -I../sdk2/include -DLINUX -DUNIXOS=1 -DDEBUG -c -o queue.o queue.c
/usr/bin/gcc -m32 -g -Wall -fpic -I../sdk2/include -DLINUX -DUNIXOS=1 -DDEBUG -c -o fw1-loggrabber.o fw1-loggrabber.c
fw1-loggrabber.c: In function ‘submit_syslog’:
fw1-loggrabber.c:4888:3: warning: format not a string literal and no format arguments [-Wformat-security]
syslog (LOG_NOTICE, message);
^
/usr/bin/gcc -m32 -g -Wall -fpic -I../sdk2/include -DLINUX -DUNIXOS=1 -DDEBUG -L../sdk2/lib/release.static -o fw1-loggrabber thread.o queue.o fw1-loggrabber.o -lopsec -lsicauth -lsic -lcp_policy -lskey -lndb -lckpssl -lcpcert -lcpcryptutil -lcpprng -lcpbcrypt -lcpca -lasn1cpp -lcpopenssl -lAppUtils -lEventUtils -lEncode -lComUtils -lResolve -lDataStruct -lOS -lcpprod50 -lpthread -lresolv -ldl -lnsl -lelf -lstdc++
fw1-loggrabber.o: In function `main':
/home/ubuntu/checkpoint-lea/fw1-loggrabber/fw1-loggrabber.c:382: undefined reference to `opsec_set_debug_level'
fw1-loggrabber.o: In function `read_fw1_logfile':
/home/ubuntu/checkpoint-lea/fw1-loggrabber/fw1-loggrabber.c:509: undefined reference to `opsec_init'
/home/ubuntu/checkpoint-lea/fw1-loggrabber/fw1-loggrabber.c:512: undefined reference to `opsec_errno'
/home/ubuntu/checkpoint-lea/fw1-loggrabber/fw1-loggrabber.c:512: undefined reference to `opsec_errno_str'
/home/ubuntu/checkpoint-lea/fw1-loggrabber/fw1-loggrabber.c:518: undefined reference to `opsec_new_event_id'
/home/ubuntu/checkpoint-lea/fw1-loggrabber/fw1-loggrabber.c:523: undefined reference to `opsec_raise_event'
/home/ubuntu/checkpoint-lea/fw1-loggrabber/fw1-loggrabber.c:525: undefined reference to `opsec_set_event_handler'
Does anyone know how to circumvent this?
sumanar commented
@carlopires Please let us know if you were able to compile this successfully.
adepasquale commented
@carlopires @sumanar I need to double check, but the page SK110425 - OPSEC SDK - SHA-256 support mentions that:
Note: The static libraries are currently not functional.
I'll try switching to dynamic linking and let you know.
adepasquale commented
Could you please test the above commit and let us know?
sumanar commented
Thank you @adepasquale fw1-loggrabber now compiles successfully with new OPSEC SDK!
P.S.:
to avoid this warning:
fw1-loggrabber.c: In function ‘submit_syslog’:
fw1-loggrabber.c:4888:3: warning: format not a string literal and no format arguments [-Wformat-security]
syslog (LOG_NOTICE, message);
We can edit the line 4888 on fw1-loggrabber.c file as:
syslog (LOG_NOTICE, "%s", message);
Thank you.
adepasquale commented
Thanks for your feedback.
mplough-tenable commented
Hi @adepasquale - I checked the SK110425 - OPSEC SDK - SHA-256 support page and it has been updated since you posted on April 5. They now provide an example dependency list for static linking so it may be possible to statically link again.
mterron commented
Is there any chance of you guys providing a statically build binary of fw1-loggrabber with the latest OPSEC SDK with SHA256 and TLS1.2 support?
adepasquale commented
I'm sorry @mterron, for now you'll need to click the Check Point "Download Agreement" button yourself.
mterron commented
I understand Andrea, maybe provide instructions to generate a static build then? The current instructions generate dynamically linked binaries.
A make static option would be brilliant: This are the changes I made to the Makefile to compile a statically linked version:
OPSEC_LIB_DIR = $(OPSEC_PKG_DIR)/lib/release.static
OPSEC_LIBS = -lsicobj -lopsecext -lmastersapi -llogfilter -lfwsmtpobj -lfwadb -lCPMIClient501 -lCP_version_info -lCPMIBase501 -lopsec -lReg -lobjlib -lcpxerces_c -lCPStrings -lobjlibclient -lResolver -lcpprod50 -lCPSrvIS -lcplic_cntrct -lcpsic -lsicauth -lskey -lfwsetdb -lndb -lmessaging -lsic -lcp_policy -lcvars -lcpexpat -lcpca -lckpssl -lcpcert -lcpcryptutil -lEncode -lcpprng -lasn1cpp -lProdUtils -lcpbcrypt -lcpopenssl -lAppUtils -lComUtils -lResolve -lEventUtils -lDataStruct -lOSThere are some warnings like:
OPSEC_SDK/pkg_rel/lib/release.static/libcpopenssl.a(dso_dlfcn.o): In function `DSO_METHOD_dlfcn':
(.text+0x6b6): warning: Using 'dlopen' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libOS.a(fs_utils.o): In function `cpGetTempName':
(.text+0x6a2): warning: the use of `tmpnam_r' is dangerous, better use `mkstemp'
OPSEC_SDK/pkg_rel/lib/release.static/libOS.a(shmem.o): In function `IpcShmAllocExOwnedBy':
(.text+0xf4): warning: Using 'getpwnam' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libComUtils.a(fwasync.o): In function `fwasync_make_connection_ipv6_e':
(.text+0x5722): warning: Using 'getaddrinfo' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libcpcert.a(fdb.o): In function `fdb_store':
(.text+0x7f6): warning: the use of `mktemp' is dangerous, better use `mkstemp' or `mkdtemp'
OPSEC_SDK/pkg_rel/lib/release.static/libResolve.a(resolver.o): In function `dns_gethostbyaddr':
(.text+0x5f7): warning: Using 'gethostbyaddr' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libOS.a(inet_utils.o): In function `CpGethostbyaddr':
(.text+0x264b): warning: Using 'gethostbyaddr_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libResolve.a(resolver.o): In function `resolver_gethostbyname':
(.text+0x2b0): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libOS.a(inet_utils.o): In function `CpGethostbyname':
(.text+0x2575): warning: Using 'gethostbyname_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libResolve.a(getsym.o): In function `gethost':
(.text+0x2b0): warning: Using 'sethostent' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libResolve.a(getsym.o): In function `gethost':
(.text+0x239): warning: Using 'getnetbyaddr' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libOS.a(ckp_netutils.o): In function `CP_getnetbyaddr':
(.text+0x194): warning: Using 'getnetbyaddr_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libResolve.a(getsym.o): In function `getnetwork':
(.text+0x4f): warning: Using 'getnetbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libResolve.a(getsym.o): In function `getnetwork':
(.text+0x88): warning: Using 'setnetent' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libOS.a(ckp_netutils.o): In function `CP_getnetbyname':
(.text+0x21d): warning: Using 'getnetbyname_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libResolve.a(getsym.o): In function `gethost':
(.text+0x33f): warning: Using 'getprotobynumber' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libOS.a(ckp_netutils.o): In function `CP_getprotobynumber':
(.text+0x39f): warning: Using 'getprotobynumber_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libResolve.a(getsym.o): In function `sym_add':
(.text+0x1659): warning: Using 'getprotoent' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libResolve.a(getsym.o): In function `sym_add':
(.text+0x1654): warning: Using 'setprotoent' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libResolve.a(getsym.o): In function `sym_add':
(.text+0x16c7): warning: Using 'endprotoent' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libResolve.a(getsym.o): In function `getproto':
(.text+0xdd): warning: Using 'getprotobyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libOS.a(ckp_netutils.o): In function `CP_getprotobyname':
(.text+0x41f): warning: Using 'getprotobyname_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libResolve.a(getsym.o): In function `getservice':
(.text+0x129): warning: Using 'getservbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libOS.a(ckp_netutils.o): In function `CP_getservbyname':
(.text+0x326): warning: Using 'getservbyname_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libResolve.a(getsym.o): In function `gethost':
(.text+0x308): warning: Using 'getservbyport' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libOS.a(ckp_netutils.o): In function `CP_getservbyport':
(.text+0x2a8): warning: Using 'getservbyport_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libResolve.a(getsym.o): In function `sym_add':
(.text+0x13f1): warning: Using 'getservent' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libResolve.a(getsym.o): In function `sym_add':
(.text+0x13e7): warning: Using 'setservent' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libResolve.a(getsym.o): In function `sym_add':
(.text+0x14d3): warning: Using 'endservent' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libResolve.a(getsym.o): In function `sym_add':
(.text+0x1319): warning: Using 'getrpcent' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libResolve.a(getsym.o): In function `getrpc':
(.text+0x9d): warning: Using 'getrpcbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libResolve.a(getsym.o): In function `gethost':
(.text+0x2df): warning: Using 'getrpcbynumber' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libResolve.a(getsym.o): In function `sym_add':
(.text+0x1314): warning: Using 'setrpcent' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libResolve.a(getsym.o): In function `sym_add':
(.text+0x1397): warning: Using 'endrpcent' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libOS.a(ckp_netutils.o): In function `CP_getrpcbyname':
(.text+0xff): warning: Using 'getrpcbyname_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libOS.a(ckp_netutils.o): In function `CP_getrpcbynumber':
(.text+0x7f): warning: Using 'getrpcbynumber_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking