From nobody Fri Apr 25 00:56:06 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZkDtW2DbCz5v1Rh; Fri, 25 Apr 2025 00:56:19 +0000 (UTC) (envelope-from jlduran@gmail.com) Received: from mail-yb1-xb34.google.com (mail-yb1-xb34.google.com [IPv6:2607:f8b0:4864:20::b34]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4ZkDtV6cRtz3PK2; Fri, 25 Apr 2025 00:56:18 +0000 (UTC) (envelope-from jlduran@gmail.com) Authentication-Results: mx1.freebsd.org; none Received: by mail-yb1-xb34.google.com with SMTP id 3f1490d57ef6-e6b78b80393so248773276.1; Thu, 24 Apr 2025 17:56:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1745542578; x=1746147378; darn=freebsd.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :reply-to:in-reply-to:references:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=3WfWbepeEc8ehA4Rc4i8Y7BGMRkspSnWDCUPvhAACvY=; b=b4tM+nUIX0eD6xKZV5LBWi7lCmYgoZC7tAIC5ZS3/mo8Q2ZJLg1v3Y12WmF9W0XA3v EdV4PgTNSBImBSV5AL+mZJsh32z6z22HFcPWDMJ0TjKWfCnvDi6TAROVSy3ZqT7aFUpj xWQcQtTbD/IFpN+hjIuVsuecgAAfkuF4URx4GB29vjM0kcRuR+JADnoKv1+FkibSPhpt H/kCC22j5EgU++b33tjd1qQr+SJUlyuBIQ0Oq6wKP2j8s6OUnhnqh0isrB5H/hloJFel y8jhz9flhMCdMg7LWJddlPFmFT5PtsOde5KGip/YQVykaiJknNex+/zv6cYy4iIMJVEO PJbg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1745542578; x=1746147378; h=content-transfer-encoding:cc:to:subject:message-id:date:from :reply-to:in-reply-to:references:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=3WfWbepeEc8ehA4Rc4i8Y7BGMRkspSnWDCUPvhAACvY=; b=AwT8Vro+rOggdoCphvHU3iyPrQhmJVEtrwZmhVnBjd6d73RJzpgT1LAM7Vkqxf4Nx/ vIUnIZO+6s/mF/A7bD6waH3AtLHuglRaKqBLsXIK50dezTi3Y83wefa5+vgSou0Pw/CM 8bY1JYufXLreJ8pdxTyThmNILtCuoKJZ94UpY0BII3mFSkxOsNA+cO1rbZiECr788EBL EkoWupo3f8RPYhF8QKvBWSs2qZ/WdWhwXd3+1MfMg82eU3MZkGnMYv1oafL9XUFf6JOG Zx+7Y5hiNgIwd+jd5ARuJ7edwNLhg4rVBXaeR/AddSAIjfx1iR6p6Gjs5nQelAsfNuOg CmLA== X-Forwarded-Encrypted: i=1; AJvYcCUukfqKg4pT4LEyy6nQewJHPCxRbpEV8BSC5pTgP450LrVkxsYz5pZ7p9QbS1Pg8BYSLc+l8ig2U2Ouv8eJq47waFOr0Xg=@freebsd.org, AJvYcCVoy/Ws9jHwivXw04Q1qqMHpqaxB5KwnBIw8lBh2Hdel6fy9iOXi+8pnETU9wO5HKJadwwG@freebsd.org, AJvYcCVyRfOENqlRlM8Lo4Go1C1zEd7so6nPbh9yCJMeaB4R3icACUWfRDM6fJlSLDXXhiZgwVZkJJVr9iFl/WKpjBnjY0me@freebsd.org, AJvYcCWLQ4Z6//4yuyEpMK1BKc2eF2lWksk7pLyL1j3Kiqw6TGi/9Y+zUbPJ/LCdYFmkUB+10jAhya+rzBUr9K5HHrk=@freebsd.org X-Gm-Message-State: AOJu0YxEyLjJvcjiFRsTnXzsbvkAIMKQKpI1X5d+vY2MV1R0nv8fVDBJ DwyMv0YFjGwFqRIkyxDwrR2P21EZ/1Wcz19IqTKE/RB2HZ852YT4RGE3YA5d8QGy6pFRKwnRUzH 5dsHhi7Zt0Lhb9vtZNWmJS6cjjBkbbcGI X-Gm-Gg: ASbGncs8okchCzNm2JVZRGxzQSXpLONfrTw6unNjFkIIBxFyThhNnNtdsWDqqNdfC4J hWhdyfJJndu6GHKqESh+ViuG/WOAExR48bK2llzmE70Yk0oU0E8HFrwgsmFbpRFiwAomdykNdNK gFDNHE4w9422aK66PythqbdIA= X-Google-Smtp-Source: AGHT+IEt25lltuoHhvCvxe5MCICU09GJ4hwbD0hBt8+rGK8Nxv6g40CBRJIQnc6NfK/Fv6ilf3mBuVMcgMSED+ttq44= X-Received: by 2002:a05:6902:158f:b0:e6d:ecbb:e52d with SMTP id 3f1490d57ef6-e73168c034emr312345276.8.1745542577868; Thu, 24 Apr 2025 17:56:17 -0700 (PDT) List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 References: <202504220207.53M27okn077850@gitrepo.freebsd.org> In-Reply-To: Reply-To: jlduran+freebsd@freebsd.org From: Jose Luis Duran Date: Thu, 24 Apr 2025 19:56:06 -0500 X-Gm-Features: ATxdqUFjf52YXOJM_vuDRrt81pxMot_RGh9ZIEn2MwDuQOX-QKR69szwxbi2S2g Message-ID: Subject: Re: git: a098111a28ed - main - secure: Add ssh-sk-client to all consumers of libssh To: Shawn Webb Cc: Jessica Clarke , John Baldwin , src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; TAGGED_FROM(0.00)[freebsd]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US] X-Rspamd-Queue-Id: 4ZkDtV6cRtz3PK2 X-Spamd-Bar: ---- On Thu, Apr 24, 2025 at 6:00=E2=80=AFPM Shawn Webb wrote: > > On Thu, Apr 24, 2025 at 11:56:03PM +0100, Jessica Clarke wrote: > > On 24 Apr 2025, at 23:45, Shawn Webb wrote= : > > > On Tue, Apr 22, 2025 at 02:07:50AM +0000, John Baldwin wrote: > > >> The branch main has been updated by jhb: > > >> > > >> URL: https://cgit.FreeBSD.org/src/commit/?id=3Da098111a28ed59e1ab110= 1ad09913f0235ebd28f > > >> > > >> commit a098111a28ed59e1ab1101ad09913f0235ebd28f > > >> Author: John Baldwin > > >> AuthorDate: 2025-04-22 02:05:28 +0000 > > >> Commit: John Baldwin > > >> CommitDate: 2025-04-22 02:05:28 +0000 > > >> > > >> secure: Add ssh-sk-client to all consumers of libssh > > >> > > >> These all failed to link with ld.bfd used by GCC due to > > >> Fssh_sshsk_sign being an unresolved symbol. > > >> > > >> Fixes: 65d8491719bb ("secure: Adapt Makefile to ssh-sk-c= lient everywhere") > > > > > > Hey John, > > > > > > I'm getting the following error from the RTLD when the rc scripts > > > start sshd: > > > > > > =3D=3D=3D=3D BEGIN LOG =3D=3D=3D=3D > > > ld-elf.so.1: /usr/lib/libprivatessh.so.5: Undefined symbol "Fssh_sshs= k_sign > > > =3D=3D=3D=3D END LOG =3D=3D=3D=3D > > > > > > This is on HardenedBSD 15-CURRENT/amd64. I'll try to reproduce next > > > week with vanilla FreeBSD, unless someone else beats me to it. > > > > I don=E2=80=99t understand how this is meant to work. sshsk_sign is use= d by > > sshkey.c, which is in libssh, so why are we putting the definition of > > sshsk_sign (namespaced) in each and every program? The original motivation was to mimic: https://github.com/openssh/openssh-portable/commit/7b47b40b170db4d6f41da047= 9575f6d99dd7228a In order to sync our Makefiles with upstream Makefile.in, as yet another binary is about to come in OpenSSH 10.0 (sshd-auth). Having the same order, even the same line breaks facilitate adapting to changes. I don't mind reverting it if other downstream projects/linkers are having issues. I'm holding on to another related change (D49801) because of a098111a28ed. We can always try again after OpenSSH 10.0 has been merged (or not). > I'm not sure. Looking more closely at this commit and the commit > referenced on the Fixes: line, I'm wondering if the use of $() is > valid instead of ${}. It should expand (maybe a style.Makefile(5) infringement, again to match as close as possible Makefile.in). > > Thanks, > > -- > Shawn Webb > Cofounder / Security Engineer > HardenedBSD > > Signal Username: shawn_webb.74 > Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50 > https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/0= 3A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc