Documenting Problems That Were Difficult To Find The Answer To

Building a Static TShark on RedHat 5.9 (Tikanga)

RedHat 5.9 uses many outdated packages. Unfortunately Wireshark versions from at least v1.8.2 (and possibly earlier but at least after v1.6.16) require glib 2.14 or better when RHEL5 only provides glib 2.12 (RPM glib2-2.12.3-4.el5_3.1).

Initially I tried downloading the latest glib from which took me to glib v2.36. However I quickly discovered that this required Python 2.5 which, as you guessed, was more recent than the Python 2.4 supplied with RedHat.

I downloaded glib v2.26 and extracted it and built it with the following configuration line:

./configure --enable-static --prefix=/tmp/glib
make install

Next I built with the following configure line for Wireshark after downloading v1.10.2 and extracting:

CFLAGS=-fPIC LD_LIBRARY_PATH=/tmp/glib/lib PKG_CONFIG_PATH=/tmp/glib/lib/pkgconfig \
  ./configure \
    --prefix=/usr/local/myshark \
    --disable-wireshark \
    --enable-static=yes \
make install

The CFLAGS=-fPIC was necessary to complete a static build. This forum post documented how to specify a custom glib directory when building tshark (by specifying the LD_LIBRARY_PATH and PKG_CONFIG_PATH environment variables).

2 responses to “Building a Static TShark on RedHat 5.9 (Tikanga)

  1. Minh Danh June 13, 2015 at 11:46 am

    Thank you very much for this helpful tip! I manage to compile Wireshark 1.12.5 (latest version) on CentOS 5.9 using your information. The static build can later run standalone on a basic CentOS 5.9 installation with no other packages! I would like to add that the command to configure wireshark prior to make probably needs a few more tweaks:

    LDFLAGS=’ -L/tmp/glib/lib ‘ CFLAGS=’-fPIC’ LD_LIBRARY_PATH=/tmp/glib/lib PKG_CONFIG_PATH=/tmp/glib/lib/pkgconfig ./configure –prefix=/usr/local/myshark –disable-wireshark –with-ssl –enable-static=yes –enable-shared=no –with-glib-prefix=/tmp/glib/lib –with-krb5=no

    The reason for the extra flag is to allow it to look for glib in /tmp/glib/lib, not just during the configuration, but later during make. Otherwise, configure will be successful but make will fail (linker error undefined reference while looking for glib funtions such as g_strcmp0). Also we probably need to disable krb5, otherwise make will fail trying to look for non-existent functions, not sure why.

    Unfortunately, you can’t make the RPM for Wireshark on CentOS 5.9 (make dist and make rpm-package fails with uic not found). I think the Qt interface compiler uic is not available in the latest qt4 package for CentOS 5.9. Somehow the RPM build utilizes uic even though we’re not interested in the UI version of Wireshark, only tshark.

    For the moment I am happy. I just need to zip the static build and extract it on the CentOS 5 machine where I need to run. Thanks again!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: