2985 – Building openssh-portable on OpenBSD 6.4 with Kerberos

Bug 2985 - Building openssh-portable on OpenBSD 6.4 with Kerberos

Summary: Building openssh-portable on OpenBSD 6.4 with Kerberos

Status:	NEW

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	Build system (show other bugs)
Version:	7.9p1
Hardware:	68k OpenBSD

Importance:	P5 minor
Assignee:	Assigned to nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2019-03-22 22:15 AEDT by Markus
Modified:	2019-03-23 04:51 AEDT (History)
CC List:	1 user (show)

See Also:

Attachments
changes needed to build openssh-7.9p1 with heimdel kerberos on openbsd 6.4 (2.19 KB, patch) 2019-03-22 22:15 AEDT, Markus	no flags	Details \| Diff
./configure script (580.67 KB, text/plain) 2019-03-23 04:37 AEDT, Markus	no flags	Details
config.log (46.21 KB, application/octet-stream) 2019-03-23 04:39 AEDT, Markus	no flags	Details
config.h (52.99 KB, application/octet-stream) 2019-03-23 04:40 AEDT, Markus	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Markus 2019-03-22 22:15:14 AEDT

Created attachment 3255 [details]
changes needed to build openssh-7.9p1 with heimdel kerberos on openbsd 6.4

I tried to build openssh-portable on OpenBSD 6.4 with Kerberos support (I tried this initially because I failed to get the BSD version of openssh to work).

The OpenBSD 6.4 had heimdal kerberos support (self built from the ports system)

I configured as
  ./configure --with-kerberos5=/usr/local/heimdal --prefx=


There are a few minor problems in the build system:

- ports offers the krb5_free_error_message call but configure does not detect (or check for it).

- /usr/local/lib needs to be added to the LDFLAGS because it will contain libcom_err.a

- openbsd-compat/port-aix.c fails to compile because of header files, so the #ifdef _AIX needs to be moved further up (obviously the file does not apply to an OpenBSD build).


I'm attaching a patch with the changes, but obviously these have to be worked into the build-system itself.  But I'm lacking the expertise to even understand what would be necessary.

Comment 1 Darren Tucker 2019-03-23 01:39:15 AEDT

I'm not able to reproduce this with openbsd-current: I pkg_add'ed heimdal, ./configure --with-kerberos5=/usr/local/heimdal and it built OK.

I will try 6.4 on a VM and see if it's any different, but in the mean time could you please attach the output from your ./configure, config.h and config.log (as separate attachments please).

Also, any additional information about your host?  I suspect it's not really m68k as specified in this bug...

Comment 2 Markus 2019-03-23 04:37:20 AEDT

Created attachment 3257 [details]
./configure script

Comment 3 Markus 2019-03-23 04:39:59 AEDT

Created attachment 3258 [details]
config.log

Comment 4 Markus 2019-03-23 04:40:24 AEDT

Created attachment 3259 [details]
config.h

Comment 5 Markus 2019-03-23 04:41:48 AEDT

Sorry, hardware is x86, 32 bit (an old IBM laptop).  And a rather fresh lean install (no gnome, no kde, not much packages added).  Essentially a default install.

When I pkg_add heimdal, the libcom_err is missing.  With ports-build it added that to /usr/local/lib

I've attached the ./configure, config.h, config.log as requested.  This is a plain configure run, that I made today to have a base to diff against for the initial patch.

(JFI: I've sent a similar issue to the mailing list with a patch for the non-portable bsd-build.  I can open a ticket here for it, just didn't because this bugzilla says openssh-portable).

Comment 6 Markus 2019-03-23 04:47:13 AEDT

When building, the first error is:

e -I/usr/local/include -I/usr/local/heimdal/include -I/usr/local/include -DHAVE_CONFIG_H -c port-aix.c
In file included from /usr/local/heimdal/include/krb5.h:949,
                 from ../auth.h:42,
                 from port-aix.c:34:
/usr/local/heimdal/include/krb5-protos.h:3705: error: expected identifier or '(' before 'do'
/usr/local/heimdal/include/krb5-protos.h:3705: error: expected identifier or '(' before 'while'
*** Error 1 in openbsd-compat (Makefile:99 'port-aix.o')
*** Error 1 in /usr/src/usr.bin/openssh-7.9p1-orig (Makefile:164 'openbsd-compat/libopenbsd-compat.a')
mschmidt:/usr/src/usr.bin/openssh-7.9p1-orig:2$ 


(It just occurs to me, that it is from the missing detection for krb5_free_error_message(), so if that is fixed port-aix.c doesn't need to be changed).

Comment 7 Markus 2019-03-23 04:51:17 AEDT

When I fix the above (config.h ... #define KRB5_FREE_ERRROR_MESSAGE) it compiles, but the linker fails:
.......
gcc -o ssh ssh.o readconf.o clientloop.o sshtty.o  sshconnect.o sshconnect2.o mux.o -L. -Lopenbsd-compat/  -Wl,-z,retpolineplt -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie  -lssh -lopenbsd-compat  -lcrypto -lutil -lz  -Wl,--enable-new-dtags -Wl,-rpath -Wl,/usr/local/heimdal/lib -L/usr/local/heimdal/lib -lgssapi
/usr/bin/ld: warning: libcom_err.so.21.0, needed by /usr/local/heimdal/lib/libgssapi.so.9.0, not found (try using -rpath or -rpath-link)
/usr/local/heimdal/lib/libhcrypto.so.0.0: warning: rand() may return deterministic values, is that what you want?
/usr/local/heimdal/lib/libkrb5.so.22.0: undefined reference to `com_right'
/usr/local/heimdal/lib/libkrb5.so.22.0: undefined reference to `com_right_r'
/usr/local/heimdal/lib/libgssapi.so.9.0: undefined reference to `_et_list'
/usr/local/heimdal/lib/libkrb5.so.22.0: undefined reference to `error_message'
/usr/local/heimdal/lib/libkrb5.so.22.0: undefined reference to `free_error_table'
collect2: ld returned 1 exit status
*** Error 1 in /usr/src/usr.bin/openssh-7.9p1-orig (Makefile:172 'ssh')
mschmidt:/usr/src/usr.bin/openssh-7.9p1-orig:8$