Compiling Software on OpenBSD

OpenBSD notebook at the National Archives in Washington DC

See my page on installing and running OpenBSD on a Dell laptop for details on getting the operating system into place.

Table of contents:

Building Wireshark (formerly Ethereal)
Building OpenCV
Building OpenVAS
Building RainbowCrack

Building Wireshark (formerly known as Ethereal) on OpenBSD

Wireshark is a great tool for network troubleshooting or any other task involving network packet capture and analysis. But you have to build it yourself on OpenBSD, and the compilation will fail.

The OpenBSD community hasn't built Wireshark packages for a while, since Wireshark has a bad security track record. It has to run with root privileges to do most of what people find useful, and its packet dissectors (the modules analyzing the large set of supported protocols) are very complicated and prone to bugs. A privileged process running untrusted code leads to big security problems!

On top of this, the Wireshark community hasn't seemed to worry about making Wireshark build cleanly from source on OpenBSD.

Here is the trick for compiling Ethereal on OpenBSD, based on what I found at http://www.linbsd.org/ethereal_on_openbsd38.html The followed has worked with Ethereal, and it works with Wireshark.

Install these additional packages on OpenBSD:
autoconf
automake
gcc-4* (GCC version 4.*, provides /usr/local/bin/egcc)
glib2
gmake
gtk+2
libtool
m4
metaauto
pkgconfig
python

See what versions of autoconf and automake you have:

% pkg_info autoconf | head -1
% pkg_info automake | head -1
% ls /usr/local/bin/auto*

You will probably have to do the software build as root because of the memory requirements. Become root with:
```
% su - 
```
Set two environment variables, changing the numbers as appropriate. If you see, for example, autoconf-2.59p1, then you should probably specify simply 2.59. Similarly, if you see automake-1.9.6p1, then you should probably specify simply 1.9. The ls command above is probably the most useful test.
- If you're running tcsh or csh, do something like the following:
```
# setenv AUTOCONF_VERSION 2.59
# setenv AUTOMAKE_VERSION 1.9 
```
- If you're running bash, do something like the following:
```
# export AUTOCONF_VERSION=2.59
# export AUTOMAKE_VERSION=1.9 
```
At this point we find that the INSTALL, README, and other files don't tell the whole story for OpenBSD. First, we have to generate the Makefiles:
```
# ./autogen.sh 
```
If that command fails with a complaint about missing Python, even though you have already installed it, then you need to do something like the following as root:
```
# cd /usr/local/bin
# ln -s python2.* python 
```
Set the environment variable CC to the binary for GCC 4.* — if you're running tcsh or csh, do this:
```
# setenv CC egcc 
```
If you're running bash, do this:
```
# export CC=egcc 
```
Do the configuration:
```
# ./configure 
```
Now build the software. Note that you may have to run the following as root because of the amount of memory resources required by the library building. Note also that you have to use the GNU version of make:
```
# gmake 
```
After quite a while (from forty minutes to an hour!) that should succeed. If so, you're ready to install, again being careful to use the gmake program:
```
# gmake install 
```
If it did not succeed, carefully read the output.
- Possible error #1 — Wireshark simply will not compile. You get a bunch of errors of this form:
```
In file included from packet-dplay.c:33:
/usr/include/sys/socket.h:147: error: expected specifier-qualifier-list before 'u_int8_t'
/usr/include/sys/socket.h:165: error: expected specifier-qualifier-list before 'u_int8_t'
/usr/include/sys/socket.h:233: error: expected specifier-qualifier-list before 'uid_t'
/usr/include/sys/socket.h:354: error: expected specifier-qualifier-list before 'socklen_t'
/usr/include/sys/socket.h:380: error: expected specifier-qualifier-list before 'socklen_t'
/usr/include/sys/socket.h:436: error: expected specifier-qualifier-list before 'caddr_t' 
```
  Fix — Use an older version of Wireshark. I have had the above problem trying to compile Wireshark 1.0.4 on OpenBSD 4.4 through 4.6. I rolled back to Wireshark 1.0.0 (I had kept the old tar files) and that version compiles and runs just fine.
- Possible error #2 — Some warning messages due to risky code in the wiretap directory may cause the build to halt because the -Werror flag tells gcc to consider warnings to be errors. This was a problem building Wireshark 1.0.0 on OpenBSD 4.3.
  Fix — Edit the file wiretap/Makefile and comment out this line:
```
AM_NON_GENERATED_CFLAGS = -Werror 
```
  By Wireshark 1.0.4, the Makefile came with that already commented out....
- Possible error #3 — If you are building a new version after building an older version on the same machine, the error may have been caused by attempting to build the new version linked against some older version of a shared library.
  Fix — You have two ways to proceed in that case:
  - Rip out the old binaries and shared libraries and other debris under /usr/local/share with:
```
# gmake uninstall 
```
  - If you would prefer to keep what you can, change into the relevant subdirectories and build and install just those shared libraries. For example:
    - If the error seems to be reporting a problem with undefined symbols in libwireshark.so.0.1, first find the relevant directory:
```
# find * -name 'libwireshark*' 
```
    - Next, change to the relevant directory, in this example that would be:
```
# cd epan 
```
    - Now build and install just the shared library software found there:
```
# gmake
# gmake install 
```
    - Then change back to the root of the build directory and start again:
```
# cd ..
# gmake 
```
When you try to run Wireshark, as soon as you try to start a capture it may fail with these two symptoms:
- An error box pops up reading:
```
Child capture process died:
Segmentation violation - core dumped 
```
- The terminal where you started Wireshark shows an error:
```
(ethereal-capture:PID): GdkPixbuf-WARNING **:
Cannot open pixbuf loader module file
'/var/db/gtk-2.0/gdk-pixbuf.loaders': Too many open files 
```
This problem is caused by Wireshark using so many shared libraries stored under /usr/local/lib and data files stored under /usr/local/share/wireshark, especially if you built it with RADIUS support. The fix is to run Wireshark in an environment where more open files are allowed. For root, the command ulimit -a shows that the Bash shell can have only 128 simultaneous open file descriptors for that shell and its child processes. So, start Wireshark like this:
```
% su root -c 'ulimit -n 512 ; wireshark &' 
```
Or, more extremely:
```
% su root -c 'ulimit -n unlimited ; wireshark &' 
```
For more details see man bash and read the ulimit section.

Building OpenCV on OpenBSD

Original image transferred from a digital camera to a Unix system.

Histogram equalization.

The OpenCV (Open Computer Vision) package is great! It lets you very quickly develop code for dealing with arbitrary image file formats. I got my global and localized histogram equalization algorithms working on JPEG images in about half a day, much of that time taken up by my rustiness at C/C++ programming....

However, OpenCV isn't included in the OpenBSD packages collection, and building it from source wasn't as obvious as I had hoped.

First, though, learn about and get OpenCV:

Gady's Agam's "Introduction to Programming with OpenCV" document is excellent, it's all I needed to accomplish what I wanted as far as programming goes. The only other thing I needed was to figure out how to compile the libraries on OpenBSD! I found that document by simply asking Google:
opencv tutorial
The OpenCVWiki pages seem to be the main documentation collection.
Get the OpenCV software from SourceForge. I used opencv-1.0.0.tar.gz
Have a look at the OpenCV Wiki InstallGuide. But be careful — it mentions "getting the cutting-edge OpenCV from SourceForge SVN repository" with something like this command sequence:
```
% cd /path/to/working/area
% svn co https://opencvlibrary.svn.sourceforge.net/svnroot/opencvlibrary/trunk 
```
The problem is that the very latest version will likely require a very recent version of autoconf or automake or another related tool, more recent than is available as a downloadable compiled package on your system.

Now, to build OpenCV. You've downloaded and extracted the archive, and changed to the newly created directory. Start by configuring the build:

% autoreconf -i --force
% ./configure

You could add the --enable-static option to the second command, and it will certainly build the static libraries. However, my experience is that they aren't too useful as you will also need to link your program with many other libraries for which only shared libraries are available. In fact, that set of other libraries is the reason this was harder than I expected, and why this section appears on this page....

Second, build the libraries. This takes about five minutes on my powerhouse computing system (2.20 GHz Intel Celeron CPU, 512 MB RAM). Be certain to use gmake and not make!

% gmake

If that worked, install the libraries. If it didn't work, then in my experience you skipped either the autoreconf or ./configure step.

% sudo make install

You are now ready to compile OpenCV code, if you know how to go about it. Based on what I had seen while doing the initial development on Linux, I thought that I could put something like the following in ~/src/Makefile

CFLAGS = -O3 -Wall -pedantic
TARGET = /home/cromwell/bin/bsd

${TARGET}/histogram-equalize:       histogram-equalize.cc
	g++ ${CFLAGS} histogram-equalize.cc		\
		-o ${TARGET}/histogram-equalize -lcv -lhighgui

That fails because the compiler can't find the include files. You get errors like this:

histogram-equalize.cc:53:47: cv.h: No such file or directory
histogram-equalize.cc:54:47: highgui.h: No such file or directory
histogram-equalize.cc: In function `int main(int, char**)':
histogram-equalize.cc:84: error: `IplImage' undeclared (first use this function)
histogram-equalize.cc:84: error: (Each undeclared identifier is reported only once for each function it appears in.)

So, expand the Makefile:

CFLAGS = -O3 -Wall -pedantic
TARGET = /home/cromwell/bin/bsd

${TARGET}/histogram-equalize:       histogram-equalize.cc
	g++ ${CFLAGS} histogram-equalize.cc		\
		-o ${TARGET}/histogram-equalize		\
		-I /usr/local/include/opencv		\
		-lcv -lhighgui

That reveals that the OpenCV code is not clean enough to compile with the -pedantic option!

In file included from /usr/local/include/opencv/cxcore.h:69,
		from /usr/local/include/opencv/cv.h:58,
		from histogram-equalize.cc:53:
/usr/local/include/opencv/cxtypes.h:144: error: ISO C++ does not support `long long'
/usr/local/include/opencv/cxtypes.h:145: error: ISO C++ does not support `long long'

So, modify the compiler parameters:

CFLAGS = -O3 -Wall -pedantic
TARGET = /home/cromwell/bin/bsd

${TARGET}/histogram-equalize:       histogram-equalize.cc
	g++ -O3 -Wall histogram-equalize.cc		\
		-o ${TARGET}/histogram-equalize		\
		-I /usr/local/include/opencv		\
		-lcv -lhighgui

That modification gets it through the initial compilation, but it fails on the ld stage:

/usr/bin/ld: cannot find -lcv
collect2: ld returned 1 exit status

I should have seen that coming.... I need to specify the OpenCV shared library locations because they're under /usr/local/lib on OpenBSD and the compiler doesn't look there by default:

CFLAGS = -O3 -Wall -pedantic
TARGET = /home/cromwell/bin/bsd

${TARGET}/histogram-equalize:       histogram-equalize.cc
	g++ -O3 -Wall histogram-equalize.cc		\
		-o ${TARGET}/histogram-equalize		\
		-I /usr/local/include/opencv		\
		-L /usr/local/lib			\
		-lcv -lhighgui

Wow, that generates a lot of errors! I see some fairly obvious X11 warning messages:

/usr/bin/ld: warning: libfreetype.so.16.1, needed by /usr/local/lib/libhighgui.so.1.0, not found (try using -rpath or -rpath-link)
/usr/bin/ld: warning: libXdmcp.so.9.0, needed by /usr/X11R6/lib/libX11.so.11.1, not found (try using -rpath or -rpath-link)
/usr/bin/ld: warning: libXau.so.9.0, needed by /usr/X11R6/lib/libX11.so.11.1, not found (try using -rpath or -rpath-link)
/usr/bin/ld: warning: libX11.so.11.1, needed by /usr/X11R6/lib/libXrender.so.5.0, not found (try using -rpath or -rpath-link)
/usr/bin/ld: warning: libXrender.so.5.0, needed by /usr/local/lib/libcairo.so.9.2, not found (try using -rpath or -rpath-link)
/usr/bin/ld: warning: libfontconfig.so.5.1, needed by /usr/local/lib/libcairo.so.9.2, not found (try using -rpath or -rpath-link)
/usr/bin/ld: warning: libpixman-1.so.12.0, needed by /usr/local/lib/libcairo.so.9.2, not found (try using -rpath or -rpath-link)
/usr/bin/ld: warning: libXfixes.so.5.0, needed by /usr/X11R6/lib/libXdamage.so.3.1, not found (try using -rpath or -rpath-link)
/usr/bin/ld: warning: libXext.so.10.0, needed by /usr/X11R6/lib/libXcomposite.so.3.0, not found (try using -rpath or -rpath-link)

But then more mysteriously, at least to me, a bunch of similar errors involving the cairo and pango software, undefined references to symbols with names starting "FT_":

/usr/X11R6/lib/libfontconfig.so.5.1: undefined reference to `FT_Get_PS_Font_Info'
/usr/X11R6/lib/libfontconfig.so.5.1: undefined reference to `FT_Init_FreeType'
/usr/X11R6/lib/libfontconfig.so.5.1: undefined reference to `FT_Get_Sfnt_Name'
/usr/X11R6/lib/libfontconfig.so.5.1: undefined reference to `FT_Load_Glyph'
/usr/X11R6/lib/libfontconfig.so.5.1: undefined reference to `FT_Done_Face'
/usr/local/lib/libcairo.so.9.2: undefined reference to `FT_GlyphSlot_Embolden'
/usr/local/lib/libpangoft2-1.0.so.1800.0: undefined reference to `FT_Render_Glyph'
/usr/local/lib/libpangoft2-1.0.so.1800.0: undefined reference to `FT_Get_Kerning'
/usr/X11R6/lib/libfontconfig.so.5.1: undefined reference to `FT_Get_Char_Index'
/usr/local/lib/libcairo.so.9.2: undefined reference to `FT_Outline_Translate'
/usr/local/lib/libpangoft2-1.0.so.1800.0: undefined reference to `FT_Set_Charmap'
/usr/X11R6/lib/libfontconfig.so.5.1: undefined reference to `FT_Get_Sfnt_Table'
/usr/X11R6/lib/libfontconfig.so.5.1: undefined reference to `FT_Has_PS_Glyph_Names'
/usr/local/lib/libcairo.so.9.2: undefined reference to `FT_Outline_Decompose'
/usr/local/lib/libcairo.so.9.2: undefined reference to `FT_Set_Pixel_Sizes'
/usr/X11R6/lib/libfontconfig.so.5.1: undefined reference to `FT_Get_Glyph_Name'
/usr/X11R6/lib/libfontconfig.so.5.1: undefined reference to `FT_Select_Charmap'
/usr/local/lib/libcairo.so.9.2: undefined reference to `FT_Outline_Transform'
/usr/local/lib/libpangoft2-1.0.so.1800.0: undefined reference to `FT_MulFix'
/usr/X11R6/lib/libfontconfig.so.5.1: undefined reference to `FT_Get_Next_Char'
/usr/local/lib/libcairo.so.9.2: undefined reference to `FT_Outline_Get_Bitmap'
/usr/X11R6/lib/libfontconfig.so.5.1: undefined reference to `FT_Load_Sfnt_Table'
/usr/local/lib/libpangoft2-1.0.so.1800.0: undefined reference to `FT_Vector_Transform'
/usr/X11R6/lib/libfontconfig.so.5.1: undefined reference to `FT_Done_FreeType'
/usr/local/lib/libpangoft2-1.0.so.1800.0: undefined reference to `FT_Set_Char_Size'
/usr/local/lib/libpangoft2-1.0.so.1800.0: undefined reference to `FT_Set_Transform'
/usr/X11R6/lib/libfontconfig.so.5.1: undefined reference to `FT_Get_Sfnt_Name_Count'
/usr/local/lib/libcairo.so.9.2: undefined reference to `FT_Outline_Get_CBox'
/usr/X11R6/lib/libfontconfig.so.5.1: undefined reference to `FT_Get_X11_Font_Format'
/usr/X11R6/lib/libfontconfig.so.5.1: undefined reference to `FT_Get_BDF_Property'
/usr/X11R6/lib/libfontconfig.so.5.1: undefined reference to `FT_Get_First_Char'
/usr/X11R6/lib/libfontconfig.so.5.1: undefined reference to `FT_New_Face'
collect2: ld returned 1 exit status

To jump ahead to the solution, I carefully examined the output in the window where I built the libraries. I got fresh output by recompiling:

% gmake clean
% gmake

I saw that the OpenCV libraries are linked against a large number of shared libraries stored under /usr/local/lib and so software using the OpenCV libraries will also need to be similarly linked. Here's the Makefile entry that solved my problem, with all my changes highlighted

CFLAGS = -O3 -Wall -pedantic
TARGET = /home/cromwell/bin/bsd

${TARGET}/histogram-equalize:       histogram-equalize.cc
	g++ -O3 -Wall histogram-equalize.cc			\
		-o ${TARGET}/histogram-equalize			\
		-I /usr/local/include/opencv			\
		-L /usr/local/lib -L /usr/X11R6/lib		\
		-lcv -lhighgui					\
		-lgtk-x11-2.0 -lgdk-x11-2.0 -lpangocairo-1.0	\
		-lgthread-2.0 -lglib-2.0 -lintl -liconv -lXi	\
		-lXrandr -lXcursor -lXcomposite -lXext		\
		-lXdamage -lXfixes -latk-1.0 -lcairo -lpixman-1 -lglitz

One page I found through Google suggests that this may also be an issue with libcairo.so on Linux.

Building OpenVAS on OpenBSD

The Open Vulnerability Assessment System (OpenVAS) security tool is great! It's a free fork of the Nessus project. It is a network security scanner with a graphical front end, and it applies many thousands of vulnerability tests to machines across a network.

The only problem, as often happens with OpenBSD, is that its developers didn't include what's needed to get it to compile there without a little help. But it isn't hard, just a little tedious:

Get a copy of the OpenBSD port of OpenVAS. I found it through some Google searching. For OpenVAS 2.0, I found it at both neohapsis.com and nabble.com. You definitely need this, there's no need to go beyond this step until you have the OpenBSD port.

Add the GNU libgcrypt shared library. Download it from ftp://ftp.gnupg.org/gcrypt/libgcrypt/. Downloading and installing it would be something like this:

$ cd /tmp
$ wget ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.4.4.tar.gz
$ gtar xvf libgcrypt-1.4.4.tar.gz
$ cd libgcrypt-1.4.4
$ ./configure
$ make
$ su root -c 'make install'

Install the ports tree if you haven't already:

$ cd /tmp
$ wget ftp://ftp.openbsd.org/pub/OpenBSD/`uname -r`/ports.tar.gz
$ su
Password:
# cd /usr
# gtar xvf /tmp/ports.tar.gz

Add the OpenVAS port at the correct place in the ports tree:
```
# cd /usr/ports/security
# gtar xvf /tmp/openvas2.0.tgz 
```
Add a symbolic link for a shared library that one of the makefiles won't otherwise find:
```
# cd /usr/lib
# ln -s /usr/local/lib/libgcrypt.so.16.2 
```

Build and install OpenVAS:

# cd /usr/ports/security/openvas
# make
# make install

I found this archived e-mail very useful.

Building RainbowCrack on OpenBSD

Project RainbowCrack was originally Zhu Shuanglei's implementation, it's not clear to me if the project is still just his or if it's even been maintained for a while. His page seems to have been last updated in August 2007.

The Project RainbowCrack web page has three versions — 1.2 (Windows XP/Vista binary, and source code for Windows and Linux), 1.3 (Windows XP/Vista binary only), and 1.4 (Windows XP/Vista binary only).

The version 1.2 source code does not compile on OpenBSD, and in my experience it doesn't compile on Linux, either. It seems to date from 2004 at the earliest, and I think it makes some version-2.4 assumptions about kernel headers.

Here is how to get it to compile on OpenBSD.

Someone, it isn't clear just who, wrote in May 2004:
OpenBSD patch for RainbowCrack v1.2 (11 May 2004)
In 2004, RainbowCrack didn't work on OpenBSD, so I wrote a patch.

That may have worked in 2004, but it didn't quite work for me some 5.5 years later. I don't know why, but the patch file (the output of diff) included there could not be applied.

Do the following to compile and install RainbowCrack on OpenBSD:

Download the file rainbowcrack-1.2-src.zip from http://project-rainbowcrack.com/
Extract the archive:
```
$ unzip rainbowcrack-1.2-src.zip
```
Change into the directory with the source code, and just to be safe, save a backup copy of a file you're about to replace:
```
$ cd rainbowcrack-1.2-src/src
$ cp Public.cpp Public.cpp-ORIGINAL
```
Download my changed Public.cpp file to that directory, overwriting the existing one.
Download my new makefile.openbsd file to that directory. I have slightly modified the makefile to build the binaries as linked statically rather than dynamically.
Build the software:
```
$ make -f makefile.openbsd
```

If that worked, install the new programs and save the documentation!

$ su
# chown root.root rcrack rtdump rtgen rtsort
# cp rcrack rtdump rtgen rtsort /usr/local/bin
# mkdir /usr/local/share/doc/rainbowcrack
# cp -r ../src/* /usr/local/share/doc/rainbowcrack

Home

Unix/Linux

Networking

Infosec

Travel

Technical

Radio

Site Map

Contact