Re: git: a098111a28ed - main - secure: Add ssh-sk-client to all consumers of libssh
- Reply: Shawn Webb : "Re: git: a098111a28ed - main - secure: Add ssh-sk-client to all consumers of libssh"
- Reply: John Baldwin : "Re: git: a098111a28ed - main - secure: Add ssh-sk-client to all consumers of libssh"
- In reply to: Shawn Webb : "Re: git: a098111a28ed - main - secure: Add ssh-sk-client to all consumers of libssh"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 24 Apr 2025 22:56:03 UTC
On 24 Apr 2025, at 23:45, Shawn Webb <shawn.webb@hardenedbsd.org> wrote:
> On Tue, Apr 22, 2025 at 02:07:50AM +0000, John Baldwin wrote:
>> The branch main has been updated by jhb:
>>
>> URL: https://cgit.FreeBSD.org/src/commit/?id=a098111a28ed59e1ab1101ad09913f0235ebd28f
>>
>> commit a098111a28ed59e1ab1101ad09913f0235ebd28f
>> Author: John Baldwin <jhb@FreeBSD.org>
>> AuthorDate: 2025-04-22 02:05:28 +0000
>> Commit: John Baldwin <jhb@FreeBSD.org>
>> CommitDate: 2025-04-22 02:05:28 +0000
>>
>> secure: Add ssh-sk-client to all consumers of libssh
>>
>> These all failed to link with ld.bfd used by GCC due to
>> Fssh_sshsk_sign being an unresolved symbol.
>>
>> Fixes: 65d8491719bb ("secure: Adapt Makefile to ssh-sk-client everywhere")
>
> Hey John,
>
> I'm getting the following error from the RTLD when the rc scripts
> start sshd:
>
> ==== BEGIN LOG ====
> ld-elf.so.1: /usr/lib/libprivatessh.so.5: Undefined symbol "Fssh_sshsk_sign
> ==== END LOG ====
>
> This is on HardenedBSD 15-CURRENT/amd64. I'll try to reproduce next
> week with vanilla FreeBSD, unless someone else beats me to it.
I don’t understand how this is meant to work. sshsk_sign is used by
sshkey.c, which is in libssh, so why are we putting the definition of
sshsk_sign (namespaced) in each and every program?
Jess