From 9619327ddb084b4920a646b17e46a03b8fe5255f Mon Sep 17 00:00:00 2001
From: Marc Singer <elf@buici.com>
Date: Tue, 10 Apr 2012 15:28:53 -0700
Subject: [PATCH] Debian build now defaults to direct link with shared
 libraries.

o Use of runtime linkage emperils correctness of package.  So, runtime
  linking disabled in configuration.
o Workaround using environment variables to pass the names of the
  shared libraries into the daemon is disabled.
o Auxiliary source file used to determine the current soname for
  libssl is removed.
---
 debian/control             |  7 +------
 debian/rules               | 18 +++++++-----------
 debian/shellinabox.default |  4 ----
 debian/shellinabox.init    |  4 ----
 debian/ssl-deps.c          |  8 --------
 libhttp/ssl.c              | 10 ++++++++--
 6 files changed, 16 insertions(+), 35 deletions(-)
 delete mode 100644 debian/ssl-deps.c

diff --git a/debian/control b/debian/control
index b74a661..df0e1ec 100644
--- a/debian/control
+++ b/debian/control
@@ -12,14 +12,9 @@ Vcs-Browser: https://code.google.com/p/shellinabox/source/browse/
 Package: shellinabox
 Architecture: any
 Depends: ${shlibs:Depends}, ${misc:Depends}, adduser, lsb-base
-Recommends: ${shlibs:Recommends}
-Suggests: libpam0g, openssl
+Suggests: openssl
 Description: publish command line shell through AJAX interface
  Shellinabox can export arbitrary command line programs to any JavaScript
  enabled web browser. By default, it prompts for username and password
  and then exports a SSL/TLS encrypted login shell. Shellinabox provides
  a VT100 compatible terminal emulator that runs within any modern browser.
- .
- ShellInABox links libssl dynamically, so libssl must be installed
- either manually or as a dependency of another package for SSL support
- to be available.
diff --git a/debian/rules b/debian/rules
index 1fadbd7..de952a3 100755
--- a/debian/rules
+++ b/debian/rules
@@ -12,17 +12,13 @@
 %:
 	dh $@ --with autotools-dev
 
-
-# elf-2012.04.07: Because the daemon loads libssl.so-X dynamically
-#		  there is no way for the debhelper script to find the
-#		  library name to add to the dependencies.  So we
-#		  link a small program to provide a target for
-#		  dpkg-shlibdeps to use to recover the dependency.
-override_dh_shlibdeps:
-	gcc -o debian/shellinabox/ssl-deps debian/ssl-deps.c -lcrypto
-	dpkg-shlibdeps -Tdebian/shellinabox.substvars debian/shellinabox/usr/bin/shellinaboxd \
-		-dRecommends debian/shellinabox/ssl-deps
-	rm debian/shellinabox/ssl-deps
+# elf-2012.04.10: Since Debian manages package dependencies we can
+# 		  force linkage of ssl s.t. the dependency is properly kept
+# 		  up-to-date.  This is much better than attempting to
+# 		  force the right version of ssl to be present
+# 		  s.t. the runtime loader can find them.
+override_dh_auto_configure:
+	dh_auto_configure -- --disable-runtime-loading
 
 # elf-2012.03.24: This work should be done in the Makefile install
 #		  target instead of debian/rules.
diff --git a/debian/shellinabox.default b/debian/shellinabox.default
index 0f90b26..0958843 100644
--- a/debian/shellinabox.default
+++ b/debian/shellinabox.default
@@ -10,10 +10,6 @@ SHELLINABOX_PORT=4200
 # SHELLINABOX_USER=shellinabox
 # SHELLINABOX_GROUP=shellinabox
 
-# Names of openssl libraries to load dynamically.
-SHELLINABOX_LIBSSL_SO=libssl.so.1.0.0
-SHELLINABOX_LIBCRYPTO_SO=libcrypto.so.1.0.0
-
 # Any optional arguments (e.g. extra service definitions).  Make sure
 # that that argument is quoted.
 #
diff --git a/debian/shellinabox.init b/debian/shellinabox.init
index 3ee6e2d..721b480 100755
--- a/debian/shellinabox.init
+++ b/debian/shellinabox.init
@@ -40,10 +40,6 @@ SHELLINABOX_PORT="${SHELLINABOX_PORT:-4200}"
 SHELLINABOX_USER="${SHELLINABOX_USER:-shellinabox}"
 SHELLINABOX_GROUP="${SHELLINABOX_GROUP:-shellinabox}"
 
-# Export SO file names
-export SHELLINABOX_LIBCRYPTO_SO="${SHELLINABOX_LIBCRYPTO_SO:-libcrypto.so}"
-export SHELLINABOX_LIBSSL_SO="${SHELLINABOX_LIBSSL_SO:-libssl.so}"
-
 #
 #       Function that starts the daemon/service.
 #
diff --git a/debian/ssl-deps.c b/debian/ssl-deps.c
deleted file mode 100644
index 0b6f2e6..0000000
--- a/debian/ssl-deps.c
+++ /dev/null
@@ -1,8 +0,0 @@
-/* minimal program to link libcrypto */
-#include <openssl/sha.h>
-int main()
-{
-  SHA_CTX ctx;
-  SHA1_Init (&ctx);
-  return 0;
-}
diff --git a/libhttp/ssl.c b/libhttp/ssl.c
index 747e847..d2788dd 100644
--- a/libhttp/ssl.c
+++ b/libhttp/ssl.c
@@ -193,7 +193,10 @@ static int maybeLoadCrypto(void) {
   // it, iff we haven't tried loading it before and iff libssl.so does not
   // work by itself.
   static int crypto;
-  const char* path_libcrypto = getenv ("SHELLINABOX_LIBCRYPTO_SO");
+  // SHELLINABOX_LIBCRYPTO_SO can be used to select the specific
+  // soname of libcrypto for systems where it is not libcrypto.so.
+  // The feature is currently disabled.
+  const char* path_libcrypto = NULL; // getenv ("SHELLINABOX_LIBCRYPTO_SO");
   if (path_libcrypto == NULL)
     path_libcrypto = "libcrypto.so";
 
@@ -249,7 +252,10 @@ static void *loadSymbol(const char *lib, const char *fn) {
 }
 
 static void loadSSL(void) {
-  const char* path_libssl    = getenv ("SHELLINABOX_LIBSSL_SO");
+  // SHELLINABOX_LIBSSL_SO can be used to select the specific
+  // soname of libssl for systems where it is not libssl.so.
+  // The feature is currently disabled.
+  const char* path_libssl = NULL; // = getenv ("SHELLINABOX_LIBSSL_SO");
   if (path_libssl == NULL)
     path_libssl = "libssl.so";
   check(!SSL_library_init);