Subject: Re: Newbie pkgsrc PATH Related Question
From: Chris Wareham <email@example.com>
Date: 07/29/2004 17:14:20
Gary Parker wrote:
> Well thanks for the speedy response Chris.
> My problem isn't really with 'user' binaries, as it were...I understand how
> to change my PATH so that as I user I can access the binaries I've compiled
> and installed in /usr/pkg, it's more the daemons and libraries that the
> system itself loads that I'm struggling with.
> The exact issue I'm having is with OpenSSL: the system obviously comes with
> a base install of openssl to enable sshd to function. However, as I'm sure
> you know being an SS5 user, openssl compiled with a V7 target is slower than
> a 3-legged dog in treacle so I've compiled openssl from pkgsrc and done a
> 'make install' but everything gets installed into the /usr/pkg tree and the
> system prefers to use the files in /usr and /usr/lib.
> How do I get my system to use the optimised openssl binaries I've compiled
> instead of the base install ones?
Hmm. I think you're going to have to install over the OpenSSL libraries
in the base system. The NetBSD project compiles it's dynamically linked
binaries with the runtime library path in the ELF header. This is
different to standard practice in the Linux world, where the dynamic
linker reads /etc/ld.so.conf and builds a cache of library paths. You
might be able to override the compiled library paths by exporting
LD_LIBRARY_PATH or messing around with /etc/ld.so.conf so that the pkg
libraries take precedence.
Failing that, rather than installing from pkgsrc, you could recompile
just the OpenSSL libraries from the NetBSD sources. If you create a file
called /etc/mk.conf beforehand, and add a CFLAGS entry that includes the
Sparc V7 optimisation flags, then you should be able to install
optimised libraries into the base system. (Thinking about it, you've
probably already created an /etc/mk.conf file to build optimised
libraries from pkgsrc).
One final thing. Whenever I use the OpenSSH tools on a slow machine, I
tend to pass the "-1" argument to them so that they use the less CPU
intensive version 1 protocol. On my Sparc and Vax machines it makes them
quite responsive.I'm not sure how much the older protocol impacts
security, but it's got to better than using telnet ...