On Mon, Aug 25, 2014 at 3:42 PM, Damien Miller <djm at mindrot.org> wrote:
> On Mon, 25 Aug 2014, Kevin Brott wrote:
>
> > Slightly better results this time 'round ... still having non-ec.h
build
> > issues, what I think is a race condition on RHEL 3, and PIE issues
(fixed
> > with --without-pie config option) on RHEL 5 64-bit systems with a
> just-built
> > copy of openssl
> >
> > Using http://www.mindrot.org/openssh_snap/openssh-SNAP-20140826.tar.gz
>
> Thanks again!
>
>
De nada ...
> ...
>
> > *3 --without-pie # otherwise will not load openssl - which
doesn't use
> PIE
> > during compile on 64-bit systems
>
> We should probably find a way to delay the PIE checks until after we have
> most dependency libraries located to catch this.
>
Per IAN's comment - I tried building openssl on another x64 system
using ./config
shared instead of just ./config (builds static library) so that it would
try to use -fPIC. After installing and creating an
/etc/ld.so.conf.d/openssl-101.conf pointing to /usr/local/ssl/lib
(configure pukes without this - it can't find libssl.so.1.0.0 even with an
explicit --with-ssl-dir) ... configure works as advertised without telling
it --without-pie, and make test is 'all tests passed'. Perhaps a quick
check to see if libssl is a static or shared library would be in order
before asking for a slice of pie? ;p
> > FAIL*1 ran make tests three (3) times ... died here each time:
> > run test login-timeout.sh ...
> > ssh connect after login grace timeout failed without privsep
> > failed connect after login grace timeout
> > make[1]: *** [t-exec] Error 1
> > make[1]: Leaving directory `/usr/src/openssh/regress'
> > make: *** [tests] Error 2
>
> any clues in regress/failed-*?
>
>
Brought that VM back up (admittedly I didn't look too deep at this one -
was trying to get through the test suite first), looking at those files I
see this:
# ls -alrt failed-*
-rw-r--r-- 1 root root 308 Aug 25 09:05 failed-ssh.log
-rw-r--r-- 1 root root 236 Aug 25 09:05 failed-sshd.log
-rw-r--r-- 1 root root 89 Aug 25 09:05 failed-regress.log
[root at buildhost regress]# cat failed-regress.log
trace: wait for sshd
FAIL: ssh connect after login grace timeout failed without privsep
[root at buildhost regress]# cat failed-sshd.log
trace: wait for sshd
Received signal 15; terminating.
debug2: channel 0: rcvd close
Received disconnect from 127.0.0.1: 11: disconnected by user
debug1: do_cleanup
FAIL: ssh connect after login grace timeout failed without privsep
[root at buildhost regress]# cat failed-ssh.log
trace: wait for sshd
debug2: ssh_connect: needpriv 0
debug1: Connecting to 127.0.0.1 [127.0.0.1] port 4242.
debug1: connect to address 127.0.0.1 port 4242: Connection refused
ssh: connect to host 127.0.0.1 port 4242: Connection refused
FAIL: ssh connect after login grace timeout failed without privsep
Need to dig through my email archives - I would swear this is a
(previously fixed) race in the test suite where it wasn't waiting properly.
> FAIL*2 compile fails at bufexc.c like so - another ec.h issue?
>
> Yep, fixed in tomorrow's snapshot
>
> -d
>
Awesome.
--
# include <stddisclaimer.h>
/* Kevin Brott <Kevin.Brott at gmail.com> */