Below I've includes a patch which helps build OpenSSH outside from a
read-only source tree, find OpenSSL on Mac OS X, and fix a typo.
This applies to OpenSSH 2.1.1p4.
You should already have gotten a note from Melissa O'Neil about a
conflict with the crc32() symbol in zlib, which was causing a crash on
Darwin.
I've noticed another bug. If ssh is setuid, I get a permission denied
error while it tries to open ~/.ssh/prng_seed. I'm guessing this is
because ssh is running with euid=0 at that point; since my home dir
is exported from an NFS server with maproot=nobody, this fails. Aside
from that problem, there may be a larger problem that ssh is running
with euid=0 when it doesn't need to be.
Thanks,
-Fred
Summary:
Makefile.in:
- OpenSSH doesn't build well if you are building outside of the source
tree.
- mkinstalldirs lives in $(srcdir), not necessarily '.'.
- fixprogs lives in $(srcdir), not necessarily '.'.
- Separate CFLAGS from CPPFLAGS, so one can override CFLAGS from the command
line without whacking include paths.
configure.in:
- Find OpenSSL install as a framework.
(-framework OpenSSL instead of -lcrypto)
uidswap.c:
- Fix apparent typo.
Index: Services/OpenSSH/openssh/Makefile.in
diff -u Services/OpenSSH/openssh/Makefile.in:1.1.1.3
Services/OpenSSH/openssh/Makefile.in:1.7
--- Services/OpenSSH/openssh/Makefile.in:1.1.1.3 Wed Jul 12 20:13:08 2000
+++ Services/OpenSSH/openssh/Makefile.in Mon Aug 14 19:36:09 2000
@@ -21,7 +21,8 @@
CC=@CC@
LD=@LD@
PATHS=-DETCDIR=\"$(sysconfdir)\"
-DSSH_PROGRAM=\"$(SSH_PROGRAM)\"
-DSSH_ASKPASS_DEFAULT=\"$(ASKPASS_PROGRAM)\"
-CFLAGS=@CFLAGS@ $(PATHS) @DEFS@
+CFLAGS=@CFLAGS@
+CPPFLAGS=@CPPFLAGS@ $(PATHS) @DEFS@ -I. -I$(srcdir)
LIBS=@LIBS@
AR=@AR@
RANLIB=@RANLIB@
@@ -118,11 +119,11 @@
install: manpages $(TARGETS) install-files host-key
install-files:
- ./mkinstalldirs $(DESTDIR)$(bindir)
- ./mkinstalldirs $(DESTDIR)$(sbindir)
- ./mkinstalldirs $(DESTDIR)$(mandir)
- ./mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)1
- ./mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(bindir)
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(sbindir)
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)1
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8
$(INSTALL) -m 4755 -s ssh $(DESTDIR)$(bindir)/ssh
$(INSTALL) -s scp $(DESTDIR)$(bindir)/scp
$(INSTALL) -s ssh-add $(DESTDIR)$(bindir)/ssh-add
@@ -140,12 +141,12 @@
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
ln -s ssh.1 $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
if [ ! -f $(DESTDIR)$(sysconfdir)/ssh_config -a ! -f
$(DESTDIR)$(sysconfdir)/sshd_config ]; then \
- ./mkinstalldirs $(DESTDIR)$(sysconfdir); \
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(sysconfdir); \
$(INSTALL) -m 644 ssh_config.out
$(DESTDIR)$(sysconfdir)/ssh_config; \
$(INSTALL) -m 644 sshd_config.out
$(DESTDIR)$(sysconfdir)/sshd_config; \
fi
if [ -f ssh_prng_cmds -a ! -z "$(INSTALL_SSH_PRNG_CMDS)" ]; then \
- $(PERL) fixprogs ssh_prng_cmds $(ENT); \
+ $(PERL) $(srcdir)/fixprogs ssh_prng_cmds $(ENT); \
$(INSTALL) -m 644 ssh_prng_cmds.out
$(DESTDIR)$(sysconfdir)/ssh_prng_cmds; \
fi
Index: Services/OpenSSH/openssh/configure.in
diff -u Services/OpenSSH/openssh/configure.in:1.1.1.4
Services/OpenSSH/openssh/configure.in:1.5
--- Services/OpenSSH/openssh/configure.in:1.1.1.4 Thu Aug 3 14:29:33 2000
+++ Services/OpenSSH/openssh/configure.in Mon Aug 14 19:38:51 2000
@@ -323,19 +326,25 @@
tryssldir="$tryssldir $prefix"
fi
AC_CACHE_CHECK([for OpenSSL directory], ac_cv_openssldir, [
-
- for ssldir in "" $tryssldir /usr/local/openssl /usr/lib/openssl
/usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do
- if test ! -z "$ssldir" ; then
+ for ssldir in "" $tryssldir /usr/local/openssl /usr/lib/openssl
/usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl FRAMEWORK
; do
+ if test "x$ssldir" = "xFRAMEWORK" ; then
+ LDFLAGS="$saved_LDFLAGS"
+ CFLAGS="$saved_CFLAGS"
+ LIBCRYPTO="-framework openssl"
+ elif test ! -z "$ssldir" ; then
LDFLAGS="$saved_LDFLAGS -L$ssldir/lib -L$ssldir"
CFLAGS="$saved_CFLAGS -I$ssldir/include"
if test ! -z "$need_dash_r" ; then
LDFLAGS="$LDFLAGS -R$ssldir/lib -R$ssldir"
fi
+ LIBCRYPTO="-lcrypto"
else
LDFLAGS="$saved_LDFLAGS"
+ CFLAGS="$saved_CFLAGS"
+ LIBCRYPTO="-lcrypto"
fi
- LIBS="$saved_LIBS -lcrypto"
+ LIBS="$saved_LIBS $LIBCRYPTO"
# Basic test to check for compatible version and correct linking
# *does not* test for RSA - that comes later.
@@ -372,7 +381,13 @@
ac_cv_openssldir=$ssldir
])
-if (test ! -z "$ac_cv_openssldir" && test
"x$ac_cv_openssldir" !=
"x(system)") ; then
+if test "x$ssldir" = "xFRAMEWORK" ; then
+ AC_DEFINE(HAVE_OPENSSL)
+ ssldir="(framework)"
+ LDFLAGS="$saved_LDFLAGS"
+ CFLAGS="$saved_CFLAGS"
+ LIBCRYPTO="-framework openssl"
+elif test ! -z "$ac_cv_openssldir" && test
"x$ac_cv_openssldir" !=
"x(system)" ; then
AC_DEFINE(HAVE_OPENSSL)
dnl Need to recover ssldir - test above runs in subshell
ssldir=$ac_cv_openssldir
@@ -384,8 +399,9 @@
if test ! -z "$blibpath" ; then
blibpath="$blibpath:$ssldir:$ssldir/lib"
fi
+ LIBCRYPTO="-lcrypto"
fi
-LIBS="$saved_LIBS -lcrypto"
+LIBS="$saved_LIBS $LIBCRYPTO"
# Now test RSA support
saved_LIBS="$LIBS"
@@ -432,7 +448,7 @@
else
RSA_MSG="yes (using RSAref)"
AC_MSG_RESULT(using RSAref)
- LIBS="$saved_LIBS -lcrypto -lRSAglue -lrsaref"
+ LIBS="$saved_LIBS $LIBCRYPTO -lRSAglue -lrsaref"
fi
fi
fi
Index: Services/OpenSSH/openssh/uidswap.c
diff -u Services/OpenSSH/openssh/uidswap.c:1.1.1.3
Services/OpenSSH/openssh/uidswap.c:1.3
--- Services/OpenSSH/openssh/uidswap.c:1.1.1.3 Wed Jul 12 20:13:17 2000
+++ Services/OpenSSH/openssh/uidswap.c Wed Jul 12 20:27:37 2000
@@ -48,7 +48,7 @@
/* Set the effective uid to the given (unprivileged) uid. */
if (seteuid(uid) == -1)
debug("seteuid %d: %.100s", (int) uid, strerror(errno));
-#else /* SAVED_IDS_WORK_WITH_SETUID */
+#else /* SAVED_IDS_WORK_WITH_SETEUID */
/* Propagate the privileged uid to all of our uids. */
if (setuid(geteuid()) < 0)
debug("setuid %d: %.100s", (int) geteuid(), strerror(errno));
Wilfredo S?nchez, wsanchez at apple.com
Open Source Engineering Lead
Apple Computer, Inc., Core Operating System Group
1 Infinite Loop, Cupertino, CA 94086, 408.974-5174
