Re: git: a098111a28ed - main - secure: Add ssh-sk-client to all consumers of libssh

On Mon, Apr 28, 2025 at 10:45 AM John Baldwin <jhb@freebsd.org> wrote:
>
> On 4/24/25 18:56, Jessica Clarke wrote:
> > On 24 Apr 2025, at 23:45, Shawn Webb <shawn.webb@hardenedbsd.org> wrote:
> >> On Tue, Apr 22, 2025 at 02:07:50AM +0000, John Baldwin wrote:
> >>> The branch main has been updated by jhb:
> >>>
> >>> URL: https://cgit.FreeBSD.org/src/commit/?id=a098111a28ed59e1ab1101ad09913f0235ebd28f
> >>>
> >>> commit a098111a28ed59e1ab1101ad09913f0235ebd28f
> >>> Author:     John Baldwin <jhb@FreeBSD.org>
> >>> AuthorDate: 2025-04-22 02:05:28 +0000
> >>> Commit:     John Baldwin <jhb@FreeBSD.org>
> >>> CommitDate: 2025-04-22 02:05:28 +0000
> >>>
> >>>     secure: Add ssh-sk-client to all consumers of libssh
> >>>
> >>>     These all failed to link with ld.bfd used by GCC due to
> >>>     Fssh_sshsk_sign being an unresolved symbol.
> >>>
> >>>     Fixes:          65d8491719bb ("secure: Adapt Makefile to ssh-sk-client everywhere")
> >>
> >> Hey John,
> >>
> >> I'm getting the following error from the RTLD when the rc scripts
> >> start sshd:
> >>
> >> ==== BEGIN LOG ====
> >> ld-elf.so.1: /usr/lib/libprivatessh.so.5: Undefined symbol "Fssh_sshsk_sign
> >> ==== END LOG ====
> >>
> >> This is on HardenedBSD 15-CURRENT/amd64. I'll try to reproduce next
> >> week with vanilla FreeBSD, unless someone else beats me to it.
>
> This error seems to be that you've built the new libssh but have an old
> sshd, etc.
>
> > I don’t understand how this is meant to work. sshsk_sign is used by
> > sshkey.c, which is in libssh, so why are we putting the definition of
> > sshsk_sign (namespaced) in each and every program?
>
> Yeah, it's not clear to me that the original commit is correct.  It makes
> libssh no longer be self-contained.

I have created: https://reviews.freebsd.org/D50020

> --
> John Baldwin
>