Re: git: a098111a28ed - main - secure: Add ssh-sk-client to all consumers of libssh
Date: Thu, 24 Apr 2025 23:00:18 UTC
On Thu, Apr 24, 2025 at 11:56:03PM +0100, Jessica Clarke wrote:
> On 24 Apr 2025, at 23:45, Shawn Webb <shawn.webb@hardenedbsd.org> wrote:
> > On Tue, Apr 22, 2025 at 02:07:50AM +0000, John Baldwin wrote:
> >> The branch main has been updated by jhb:
> >>
> >> URL: https://cgit.FreeBSD.org/src/commit/?id=a098111a28ed59e1ab1101ad09913f0235ebd28f
> >>
> >> commit a098111a28ed59e1ab1101ad09913f0235ebd28f
> >> Author: John Baldwin <jhb@FreeBSD.org>
> >> AuthorDate: 2025-04-22 02:05:28 +0000
> >> Commit: John Baldwin <jhb@FreeBSD.org>
> >> CommitDate: 2025-04-22 02:05:28 +0000
> >>
> >> secure: Add ssh-sk-client to all consumers of libssh
> >>
> >> These all failed to link with ld.bfd used by GCC due to
> >> Fssh_sshsk_sign being an unresolved symbol.
> >>
> >> Fixes: 65d8491719bb ("secure: Adapt Makefile to ssh-sk-client everywhere")
> >
> > Hey John,
> >
> > I'm getting the following error from the RTLD when the rc scripts
> > start sshd:
> >
> > ==== BEGIN LOG ====
> > ld-elf.so.1: /usr/lib/libprivatessh.so.5: Undefined symbol "Fssh_sshsk_sign
> > ==== END LOG ====
> >
> > This is on HardenedBSD 15-CURRENT/amd64. I'll try to reproduce next
> > week with vanilla FreeBSD, unless someone else beats me to it.
>
> I don’t understand how this is meant to work. sshsk_sign is used by
> sshkey.c, which is in libssh, so why are we putting the definition of
> sshsk_sign (namespaced) in each and every program?
I'm not sure. Looking more closely at this commit and the commit
referenced on the Fixes: line, I'm wondering if the use of $() is
valid instead of ${}.
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
Signal Username: shawn_webb.74
Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc