>Number:         10268
>Category:       pkg
>Synopsis:       openssh 2 build, install issues
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Jun 02 16:34:00 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     John Darrow
>Release:        pkgsrc 2000-06-01
>Organization:
Computing Services, Wheaton College, Wheaton, IL
>Environment:
System: NetBSD jdarrowpiii.wheaton.edu 1.4V NetBSD 1.4V (JDARROW) #0: Tue Mar 21 15:04:28 CST 2000 jdarrow@jdarrowpiii.wheaton.edu:/var/src/sys/arch/i386/compile/JDARROW i386


>Description:
There are three issues with the build and install of openssh 2.1.0p3.
The first was noted by me, the second and third by Julian Coleman.

1) the build process fails on ELF-based platforms using RSARef, during the
configure stage.  All of the attempts to compile the OpenSSL test program
fail due to undefined references to RSA functions in
${LOCALBASE}/lib/libcrypto.so .  These functions are all defined in
${LOCALBASE}/lib/librsaref.so .  (This is a classic case of the ELF
interlibrary dependency issue...)

2) (From Julian:)
"I notice that if you install Openssh-2.1.0p3, you don't get v2 in sshd by
default as /etc/ssh_host_dsa_key isn't installed.  Is this deliberate?  If
not, see attached."

Note that the PLIST contains a line which does install /etc/ssh_host_dsa_key,
so a binary package install works fine.  It's only after a direct build from
pkgsrc that the file is missing.

3) (Also from Julian:)
"Also, sshd doesn't run unless you have :

  pseudo-device   rnd

in your kernel config.  Worth a note?"

>How-To-Repeat:
Work on building openssh.  Build fine on a.out, fail on ELF.  While working
on fixing build problems, notice tech-pkg mailing about same package.

>Fix:

Part 1:

Replace patch-aa with the following, and make makepatchsum.  In addition to
doing what the old patch-aa did, the new patch also adds an additional
attempt (after each step in the OpenSSL test) at compiling with -lrsaref.
(Note that this _shouldn't_ affect a non-RSARef OpenSSL, as the first attempt
should work fine, and thus not get to this one...)

--- configure.in.orig	Mon May 29 21:57:47 2000
+++ configure.in	Fri Jun  2 08:55:05 2000
@@ -237,6 +237,32 @@
 		if test ! -z "$found_crypto" ; then
 			break;
 		fi
+
+		LIBS="$saved_LIBS -lcrypto -lrsaref"
+
+		# Basic test to check for compatible version and correct linking
+		# *does not* test for RSA - that comes later.
+		AC_TRY_RUN(
+			[
+#include <string.h>
+#include <openssl/rand.h>
+int main(void) 
+{
+	char a[2048];
+	memset(a, 0, sizeof(a));
+	RAND_add(a, sizeof(a), sizeof(a));
+	return(RAND_status() <= 0);
+}
+			],
+			[
+				found_crypto=1
+				break;
+			], []
+		)
+
+		if test ! -z "$found_crypto" ; then
+			break;
+		fi
 	done
 
 	if test -z "$found_crypto" ; then
@@ -445,7 +471,9 @@
 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
 	AC_TRY_COMPILE(
 		[
+#include <sys/types.h>
 #include <netinet/in.h>
+#include <sys/socket.h>
 		],
 		[ struct sockaddr_in6 s; s.sin6_family = 0; ],
 		[ ac_cv_have_struct_sockaddr_in6="yes" ],
@@ -459,6 +487,7 @@
 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
 	AC_TRY_COMPILE(
 		[
+#include <sys/types.h>
 #include <netinet/in.h>
 		],
 		[ struct in6_addr s; s.s6_addr[0] = 0; ],

Part 2:

--- /usr/pkgsrc/security/openssh/Makefile	Thu Jun  1 11:41:15 2000
+++ Makefile	Fri Jun  2 15:05:39 2000
@@ -67,6 +67,11 @@
 		${PREFIX}/bin/ssh-keygen \
 			-f ${SSH_CONF_DIR}/ssh_host_key -N ""; \
 	fi
+	if [ ! -f ${SSH_CONF_DIR}/ssh_host_dsa_key ]; then \
+		${ECHO} "Generating a secret host dsa key..."; \
+		${PREFIX}/bin/ssh-keygen \
+			-d -f ${SSH_CONF_DIR}/ssh_host_dsa_key -N ""; \
+	fi
 	${INSTALL_SCRIPT} ${WRKDIR}/sshd.sh ${PREFIX}/etc/rc.d/sshd.sh
 
 .include "../../mk/bsd.pkg.mk"

Part 3:
Add a note to pkg/MESSAGE?
>Release-Note:
>Audit-Trail:
>Unformatted: