Red Hat Bugzilla – Bug 242487
Cannot static link with f7 krb5-devel package
Last modified: 2007-11-30 17:12:06 EST
Description of problem: ar files (.a) are missing from the krb5-devel package. I
was able to static link in Fedora Core 6 just fine. I upgraded to Fedora 7
yesterday. I can no longer static link (complains it cannot find library).
Version-Release number of selected component (if applicable): 1.6-6
How reproducible: Always
Steps to Reproduce:
1. Compile C object
2. Use -static link option
Actual results: /usr/bin/ld: cannot find -lkrb5support
Expected results: Static linked application
Static libraries haven't been supported since just after 1.5. Because libkrb5
now makes use of loadable modules, and statically-linked binaries can't always
use loadable modules, they were turned off. (It was pretty easy for me to adapt
to this because the default Fedora policy is to build without static libraries.)
Is there a specific reason you need static libraries, for example, something
which can not be made to work with shared libraries? If not, then I'm inclined
to leave this in its current state.
I use Fedora as my development system for my workplace. I work with a
proprietary (closed source) application that requires static linking to insure
binary compatibility. In some parts of the commercial world, people are not
always running on the same version of the operating system -- and cannot easily
My main requirement is the use of the SSL library, which on Fedora, has been
compiled with KRB5 support. Is there a reason that Fedora (Gentoo doesn't) adds
Am I stuck building a custom RPM?
I'm afraid you'll have to either build with static libssl and dynamic
libkrb5, or rebuild the krb5 package to include static libraries.
The .spec file has conditional logic to override the build behavior and
generate them -- I have to mention that certain things (server location
and preauthentication modules) mightn't work, but then if you're using
it via libssl you shouldn't be affected. Install the source package, and
change the line which reads
%define build_static 0
so that it instead says
%define build_static 1
and then build the package.
At the time I think we were looking to be able to optionally use Kerberos
for authentication and key exchange in SSL clients and servers, but I don't
think we really explored it beyond compiling it, nor do I have any data on
whether or not people are even using the functionality.
Whoops, I need to close this as wontfix because (ATM) I'm not planning
on modifying the package as built for the repositories due to expected
increase in module use as we go forward. At some point, deviating from
upstream on static libraries isn't going to be technically possible, and
I'm not keen on deviating for the general case even while it's still