Date: Thu, 24 Apr 2025 19:56:06 -0500 From: Jose Luis Duran <jlduran+freebsd@gmail.com> To: Shawn Webb <shawn.webb@hardenedbsd.org> Cc: Jessica Clarke <jrtc27@freebsd.org>, John Baldwin <jhb@freebsd.org>, src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Subject: Re: git: a098111a28ed - main - secure: Add ssh-sk-client to all consumers of libssh Message-ID: <CAPwQLcf57mhvguLHHceEsw18zm5LsMfsJ_Ccg0_f9NpMgBYn3Q@mail.gmail.com> In-Reply-To: <gjcmsmrguuj5ai3viktcoo74d2of57lckllvvnpp7t2bopez2u@kxmkme64vnye> References: <202504220207.53M27okn077850@gitrepo.freebsd.org> <kwr5lq63fzct3dkyi5c3x6s7v5mdu3e47tfci7c43fw27fvljv@x4p5zr6s4auf> <A78D317E-914E-4F6B-AFA4-438D4B50FEA8@freebsd.org> <gjcmsmrguuj5ai3viktcoo74d2of57lckllvvnpp7t2bopez2u@kxmkme64vnye>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Apr 24, 2025 at 6:00=E2=80=AFPM Shawn Webb <shawn.webb@hardenedbsd.= org> wrote: > > On Thu, Apr 24, 2025 at 11:56:03PM +0100, Jessica Clarke wrote: > > On 24 Apr 2025, at 23:45, Shawn Webb <shawn.webb@hardenedbsd.org> wrote= : > > > On Tue, Apr 22, 2025 at 02:07:50AM +0000, John Baldwin wrote: > > >> The branch main has been updated by jhb: > > >> > > >> URL: https://cgit.FreeBSD.org/src/commit/?id=3Da098111a28ed59e1ab110= 1ad09913f0235ebd28f > > >> > > >> commit a098111a28ed59e1ab1101ad09913f0235ebd28f > > >> Author: John Baldwin <jhb@FreeBSD.org> > > >> AuthorDate: 2025-04-22 02:05:28 +0000 > > >> Commit: John Baldwin <jhb@FreeBSD.org> > > >> CommitDate: 2025-04-22 02:05:28 +0000 > > >> > > >> secure: Add ssh-sk-client to all consumers of libssh > > >> > > >> These all failed to link with ld.bfd used by GCC due to > > >> Fssh_sshsk_sign being an unresolved symbol. > > >> > > >> Fixes: 65d8491719bb ("secure: Adapt Makefile to ssh-sk-c= lient everywhere") > > > > > > Hey John, > > > > > > I'm getting the following error from the RTLD when the rc scripts > > > start sshd: > > > > > > =3D=3D=3D=3D BEGIN LOG =3D=3D=3D=3D > > > ld-elf.so.1: /usr/lib/libprivatessh.so.5: Undefined symbol "Fssh_sshs= k_sign > > > =3D=3D=3D=3D END LOG =3D=3D=3D=3D > > > > > > This is on HardenedBSD 15-CURRENT/amd64. I'll try to reproduce next > > > week with vanilla FreeBSD, unless someone else beats me to it. > > > > I don=E2=80=99t understand how this is meant to work. sshsk_sign is use= d by > > sshkey.c, which is in libssh, so why are we putting the definition of > > sshsk_sign (namespaced) in each and every program? The original motivation was to mimic: https://github.com/openssh/openssh-portable/commit/7b47b40b170db4d6f41da047= 9575f6d99dd7228a In order to sync our Makefiles with upstream Makefile.in, as yet another binary is about to come in OpenSSH 10.0 (sshd-auth). Having the same order, even the same line breaks facilitate adapting to changes. I don't mind reverting it if other downstream projects/linkers are having issues. I'm holding on to another related change (D49801) because of a098111a28ed. We can always try again after OpenSSH 10.0 has been merged (or not). > I'm not sure. Looking more closely at this commit and the commit > referenced on the Fixes: line, I'm wondering if the use of $() is > valid instead of ${}. It should expand (maybe a style.Makefile(5) infringement, again to match as close as possible Makefile.in). > > Thanks, > > -- > Shawn Webb > Cofounder / Security Engineer > HardenedBSD > > Signal Username: shawn_webb.74 > Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50 > https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/0= 3A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPwQLcf57mhvguLHHceEsw18zm5LsMfsJ_Ccg0_f9NpMgBYn3Q>