HEADS UP: OpenSSH with DNSSEC support in 10
Ian Lepore
ian at FreeBSD.org
Sat Sep 14 13:52:08 UTC 2013
On Wed, 2013-09-11 at 17:00 +0200, Dag-Erling Smørgrav wrote:
> OpenSSH in FreeBSD 10 is now built with DNSSEC support, unless you
> disable LDNS in src.conf. If DNSSEC is enabled, the default setting for
> VerifyHostKeyDNS is "yes". This means that OpenSSH will silently trust
> DNSSEC-signed SSHFP records. I consider this a lesser evil than "ask"
> (aka "train the user to type 'yes' and hit enter") and "no" (aka "train
> the user to type 'yes' and hit enter without even the benefit of a
> second opinion").
>
> DES
I just ran into a build error related to this:
--- libssh.so.5 ---
building shared library libssh.so.5
/local/build/staging/freebsd/wand/obj/arm.armv6/local/build/staging/freebsd/wand/src/tmp/usr/bin/ld: cannot find -lldns
cc: error: linker command failed with exit code 1 (use -v to see invocation)
*** [libssh.so.5] Error code 1
It only happens in one of my many build sandboxes, so I suspect it's
related to the WITH/WITHOUT options in effect and perhaps also to the
timing of parallel-build stuff. In the sandbox where it fails I have
WITHOUT_KERBEROS and WITHOUT_PROFILE so I think that changes the timing
of getting to the libssh build.
I find that the attached patch fixes it for me.
-- Ian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: libssh_build.diff
Type: text/x-patch
Size: 1213 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-current/attachments/20130914/16b511ce/attachment.bin>
More information about the freebsd-current
mailing list