Nginx1.13.4 static on Debian 9 (Stretch)

Maxim Dounin mdounin at mdounin.ru
Wed Aug 16 14:03:50 UTC 2017


Hello!

On Wed, Aug 16, 2017 at 03:38:28PM +0300, Claudiu Rad wrote:

[...]

> > I only get the following warnings for now:
> >
> > objs/ngx_modules.o \
> > -static -lpcre -lpthread -ldl -lcrypt -lpcre -lz
> > objs/src/core/nginx.o: In function `ngx_load_module':
> > /tmp/nginx-static/nginx-1.13.4/src/core/nginx.c:1522: warning: Using 
> > 'dlopen' in statically linked applications requires at runtime the 
> > shared libraries from the glibc version used for linking
> > objs/src/os/unix/ngx_process_cycle.o: In function 
> > `ngx_worker_process_init':
> > /tmp/nginx-static/nginx-1.13.4/src/os/unix/ngx_process_cycle.c:835: 
> > warning: Using 'initgroups' in statically linked applications requires 
> > at runtime the shared libraries from the glibc version used for linking
> > objs/src/core/nginx.o: In function `ngx_set_user':
> > /tmp/nginx-static/nginx-1.13.4/src/core/nginx.c:1228: warning: Using 
> > 'getgrnam' in statically linked applications requires at runtime the 
> > shared libraries from the glibc version used for linking
> > /tmp/nginx-static/nginx-1.13.4/src/core/nginx.c:1216: warning: Using 
> > 'getpwnam' in statically linked applications requires at runtime the 
> > shared libraries from the glibc version used for linking
> > objs/src/core/ngx_inet.o: In function `ngx_inet_resolve_host':
> > /tmp/nginx-static/nginx-1.13.4/src/core/ngx_inet.c:1127: warning: 
> > Using 'getaddrinfo' in statically linked applications requires at 
> > runtime the shared libraries from the glibc version used for linking
> >
> > So, first question, maybe a beginner's one, sorry, don't have much 
> > experience with this: How should I treat these warnings? I want to 
> > deploy the static build on multiple machines, most of them running 
> > Debian 8, thus, an older version. Are there things that would not work 
> > because I don't have exactly the same library versions?

I wouldn't recommend running such a binary on machines not exactly 
matching the one it was built on.  Moreover, make sure to rebuilt 
the binary on any upgrades which affect the libraries in question.

Note well that mismatch of libraries might not be directly 
visible, that is, compiled binary will run mostly fine, but will 
experience obscure and seemingly random bugs / crashes.
 
> > Second thing is that I want to add SSL support of course. Simply 
> > adding --with-http_ssl_module would not work until I replaced 
> > -lpthread with -pthread option to LD. Downloaded the latest release: 
> > https://www.openssl.org/source/openssl-1.1.0f.tar.gz and tried:
> >
> > ./configure --prefix=/opt/nginx --with-http_ssl_module 
> > --with-ld-opt="-static -lpcre -pthread" --with-openssl=../openssl-1.1.0f
> >
> > This works, but when actually trying to run it, I get:
> >
> > /opt/nginx/sbin/nginx
> > Illegal instruction
> >
> > And it doesn't start of course. I also tried using the OpenSSL system 
> > library, thus omitting --with-openssl= but its the same.
> > Any suggestions?
> 
> It seems that using older 1.0.2 series works in this scenario:
> 
> ./configure --prefix=/opt/nginx --with-http_ssl_module 
> --with-ld-opt="-static -lpcre -pthread" --with-openssl=../openssl-1.0.2l
> 
> So the combination of Debian 9 + OpenSSL 1.1.0 series no longer allows 
> building a valid static binary. At least not with the previous arguments.
> Is there something I am missing?
> 
> Where should I file a bug report if this is a bug of some sort?

You may want to try to look into backtrace to find out what 
exactly happens.  I would suggest that there is something in 
OpenSSL 1.1.0, though I may be wrong.

-- 
Maxim Dounin
http://nginx.org/


More information about the nginx mailing list