Skip to content
This repository has been archived by the owner on Dec 29, 2020. It is now read-only.

Can't compile with new CheckPoint SDK (SHA256 support) #12

Closed
carlopires opened this issue Mar 24, 2016 · 9 comments
Closed

Can't compile with new CheckPoint SDK (SHA256 support) #12

carlopires opened this issue Mar 24, 2016 · 9 comments

Comments

@carlopires
Copy link

When trying to compile fw1-loggrabber the new SDK with SHA256 support from CheckPoint I get a these errors:

ubuntu@loggrabber:~/checkpoint-lea/fw1-loggrabber$ make
/usr/bin/gcc -m32 -g -Wall -fpic -I../sdk2/include -DLINUX -DUNIXOS=1 -DDEBUG -c -o thread.o thread.c
/usr/bin/gcc -m32 -g -Wall -fpic -I../sdk2/include -DLINUX -DUNIXOS=1 -DDEBUG -c -o queue.o queue.c
/usr/bin/gcc -m32 -g -Wall -fpic -I../sdk2/include -DLINUX -DUNIXOS=1 -DDEBUG -c -o fw1-loggrabber.o fw1-loggrabber.c
fw1-loggrabber.c: In function ‘submit_syslog’:
fw1-loggrabber.c:4888:3: warning: format not a string literal and no format arguments [-Wformat-security]
   syslog (LOG_NOTICE, message);
   ^
/usr/bin/gcc -m32 -g -Wall -fpic -I../sdk2/include -DLINUX -DUNIXOS=1 -DDEBUG -L../sdk2/lib/release.static -o fw1-loggrabber thread.o queue.o fw1-loggrabber.o -lopsec -lsicauth -lsic -lcp_policy -lskey -lndb -lckpssl -lcpcert -lcpcryptutil -lcpprng -lcpbcrypt -lcpca -lasn1cpp -lcpopenssl -lAppUtils -lEventUtils -lEncode -lComUtils -lResolve -lDataStruct -lOS -lcpprod50  -lpthread -lresolv -ldl -lnsl -lelf -lstdc++
fw1-loggrabber.o: In function `main':
/home/ubuntu/checkpoint-lea/fw1-loggrabber/fw1-loggrabber.c:382: undefined reference to `opsec_set_debug_level'
fw1-loggrabber.o: In function `read_fw1_logfile':
/home/ubuntu/checkpoint-lea/fw1-loggrabber/fw1-loggrabber.c:509: undefined reference to `opsec_init'
/home/ubuntu/checkpoint-lea/fw1-loggrabber/fw1-loggrabber.c:512: undefined reference to `opsec_errno'
/home/ubuntu/checkpoint-lea/fw1-loggrabber/fw1-loggrabber.c:512: undefined reference to `opsec_errno_str'
/home/ubuntu/checkpoint-lea/fw1-loggrabber/fw1-loggrabber.c:518: undefined reference to `opsec_new_event_id'
/home/ubuntu/checkpoint-lea/fw1-loggrabber/fw1-loggrabber.c:523: undefined reference to `opsec_raise_event'
/home/ubuntu/checkpoint-lea/fw1-loggrabber/fw1-loggrabber.c:525: undefined reference to `opsec_set_event_handler'

Does anyone know how to circumvent this?
@sumanar
Copy link

sumanar commented Apr 5, 2016

@carlopires Please let us know if you were able to compile this successfully.

@adepasquale
Copy link
Contributor

@carlopires @sumanar I need to double check, but the page SK110425 - OPSEC SDK - SHA-256 support mentions that:

Note: The static libraries are currently not functional.

I'll try switching to dynamic linking and let you know.

adepasquale pushed a commit that referenced this issue Apr 5, 2016
Update OPSEC SDK for Linux to version 50, switch to dynamic linking
4ad0557 
This commit should fix issue #12 but people will no longer be able to
build fw1-loggrabber using the old OPSEC SDK for Linux version 30.
@adepasquale
Copy link
Contributor

Could you please test the above commit and let us know?

@sumanar
Copy link

sumanar commented Apr 6, 2016

Thank you @adepasquale fw1-loggrabber now compiles successfully with new OPSEC SDK!

P.S.:
to avoid this warning:

fw1-loggrabber.c: In function ‘submit_syslog’:
fw1-loggrabber.c:4888:3: warning: format not a string literal and no format arguments [-Wformat-security]
syslog (LOG_NOTICE, message);

We can edit the line 4888 on fw1-loggrabber.c file as:
syslog (LOG_NOTICE, "%s", message);

Thank you.

@adepasquale
Copy link
Contributor

Thanks for your feedback.

@mplough-tenable
Copy link

Hi @adepasquale - I checked the SK110425 - OPSEC SDK - SHA-256 support page and it has been updated since you posted on April 5. They now provide an example dependency list for static linking so it may be possible to statically link again.

@adepasquale adepasquale mentioned this issue Jun 13, 2016
Open
@mterron
Copy link

mterron commented Aug 17, 2017

Is there any chance of you guys providing a statically build binary of fw1-loggrabber with the latest OPSEC SDK with SHA256 and TLS1.2 support?

@adepasquale
Copy link
Contributor

I'm sorry @mterron, for now you'll need to click the Check Point "Download Agreement" button yourself.

@mterron
Copy link

mterron commented Aug 17, 2017
edited
Loading

I understand Andrea, maybe provide instructions to generate a static build then? The current instructions generate dynamically linked binaries.

A make static option would be brilliant: This are the changes I made to the Makefile to compile a statically linked version:

OPSEC_LIB_DIR = $(OPSEC_PKG_DIR)/lib/release.static
OPSEC_LIBS = -lsicobj -lopsecext -lmastersapi -llogfilter -lfwsmtpobj -lfwadb -lCPMIClient501 -lCP_version_info -lCPMIBase501 -lopsec -lReg -lobjlib -lcpxerces_c -lCPStrings -lobjlibclient -lResolver -lcpprod50 -lCPSrvIS -lcplic_cntrct -lcpsic -lsicauth -lskey -lfwsetdb -lndb -lmessaging -lsic -lcp_policy -lcvars -lcpexpat -lcpca -lckpssl -lcpcert -lcpcryptutil -lEncode -lcpprng -lasn1cpp -lProdUtils -lcpbcrypt -lcpopenssl -lAppUtils -lComUtils -lResolve -lEventUtils -lDataStruct -lOS

There are some warnings like:

OPSEC_SDK/pkg_rel/lib/release.static/libcpopenssl.a(dso_dlfcn.o): In function `DSO_METHOD_dlfcn':
(.text+0x6b6): warning: Using 'dlopen' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libOS.a(fs_utils.o): In function `cpGetTempName':
(.text+0x6a2): warning: the use of `tmpnam_r' is dangerous, better use `mkstemp'
OPSEC_SDK/pkg_rel/lib/release.static/libOS.a(shmem.o): In function `IpcShmAllocExOwnedBy':
(.text+0xf4): warning: Using 'getpwnam' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libComUtils.a(fwasync.o): In function `fwasync_make_connection_ipv6_e':
(.text+0x5722): warning: Using 'getaddrinfo' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libcpcert.a(fdb.o): In function `fdb_store':
(.text+0x7f6): warning: the use of `mktemp' is dangerous, better use `mkstemp' or `mkdtemp'
OPSEC_SDK/pkg_rel/lib/release.static/libResolve.a(resolver.o): In function `dns_gethostbyaddr':
(.text+0x5f7): warning: Using 'gethostbyaddr' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libOS.a(inet_utils.o): In function `CpGethostbyaddr':
(.text+0x264b): warning: Using 'gethostbyaddr_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libResolve.a(resolver.o): In function `resolver_gethostbyname':
(.text+0x2b0): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libOS.a(inet_utils.o): In function `CpGethostbyname':
(.text+0x2575): warning: Using 'gethostbyname_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libResolve.a(getsym.o): In function `gethost':
(.text+0x2b0): warning: Using 'sethostent' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libResolve.a(getsym.o): In function `gethost':
(.text+0x239): warning: Using 'getnetbyaddr' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libOS.a(ckp_netutils.o): In function `CP_getnetbyaddr':
(.text+0x194): warning: Using 'getnetbyaddr_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libResolve.a(getsym.o): In function `getnetwork':
(.text+0x4f): warning: Using 'getnetbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libResolve.a(getsym.o): In function `getnetwork':
(.text+0x88): warning: Using 'setnetent' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libOS.a(ckp_netutils.o): In function `CP_getnetbyname':
(.text+0x21d): warning: Using 'getnetbyname_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libResolve.a(getsym.o): In function `gethost':
(.text+0x33f): warning: Using 'getprotobynumber' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libOS.a(ckp_netutils.o): In function `CP_getprotobynumber':
(.text+0x39f): warning: Using 'getprotobynumber_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libResolve.a(getsym.o): In function `sym_add':
(.text+0x1659): warning: Using 'getprotoent' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libResolve.a(getsym.o): In function `sym_add':
(.text+0x1654): warning: Using 'setprotoent' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libResolve.a(getsym.o): In function `sym_add':
(.text+0x16c7): warning: Using 'endprotoent' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libResolve.a(getsym.o): In function `getproto':
(.text+0xdd): warning: Using 'getprotobyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libOS.a(ckp_netutils.o): In function `CP_getprotobyname':
(.text+0x41f): warning: Using 'getprotobyname_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libResolve.a(getsym.o): In function `getservice':
(.text+0x129): warning: Using 'getservbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libOS.a(ckp_netutils.o): In function `CP_getservbyname':
(.text+0x326): warning: Using 'getservbyname_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libResolve.a(getsym.o): In function `gethost':
(.text+0x308): warning: Using 'getservbyport' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libOS.a(ckp_netutils.o): In function `CP_getservbyport':
(.text+0x2a8): warning: Using 'getservbyport_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libResolve.a(getsym.o): In function `sym_add':
(.text+0x13f1): warning: Using 'getservent' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libResolve.a(getsym.o): In function `sym_add':
(.text+0x13e7): warning: Using 'setservent' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libResolve.a(getsym.o): In function `sym_add':
(.text+0x14d3): warning: Using 'endservent' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libResolve.a(getsym.o): In function `sym_add':
(.text+0x1319): warning: Using 'getrpcent' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libResolve.a(getsym.o): In function `getrpc':
(.text+0x9d): warning: Using 'getrpcbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libResolve.a(getsym.o): In function `gethost':
(.text+0x2df): warning: Using 'getrpcbynumber' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libResolve.a(getsym.o): In function `sym_add':
(.text+0x1314): warning: Using 'setrpcent' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libResolve.a(getsym.o): In function `sym_add':
(.text+0x1397): warning: Using 'endrpcent' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libOS.a(ckp_netutils.o): In function `CP_getrpcbyname':
(.text+0xff): warning: Using 'getrpcbyname_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
OPSEC_SDK/pkg_rel/lib/release.static/libOS.a(ckp_netutils.o): In function `CP_getrpcbynumber':
(.text+0x7f): warning: Using 'getrpcbynumber_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@carlopires @adepasquale @mterron @mplough-tenable @sumanar