Re: Failed to build OpenSSH

To: janicetr%posteo.de@localhost
Subject: Re: Failed to build OpenSSH
From: Greg Troxel <gdt%lexort.com@localhost>
Date: Fri, 05 Jul 2024 13:58:27 -0400

janicetr%posteo.de@localhost writes:

> Hello,
>
> After the latest CVE:
>
> https://bsdsec.net/articles/netbsd-security-advisory-2024-002-openssh-cve-2024-6387-regresshion
>
> I tried to update OpenSSH, following the given instructions:
>
> # cd src
> # cvs update -r netbsd-10 -d -P crypto/external/bsd/openssh/dist
> # cd crypto/external/bsd/openssh/lib
> # make USETOOLS=no cleandir dependall
> # make USETOOLS=no install
>
> But the 'make USETOOLS=no cleandir dependall' command gives me an
> error message:
>
> make[1]: don't know how to make
> /usr/src/crypto/external/bsd/openssl/lib/libcrypto/libcrypto.a. Stop
> make[1]: stopped in /usr/src/crypto/external/bsd/openssh/lib
> *** Error code 2
>
> What I am doing wrong?

You are following instructions that try to let people only rebuild part
of the system instead of just rebuilding the entire system with
build.sh.

NetBSD's build system is natively fully cross, and it first builds tools
and then uses those tools to build everything; each step assmes the
previous steps.

The instructions say USETOOLS=no, which means use the system compiler
instead of the cross compiler that build.sh tools would build.  But
apparently it is assuming that the openssl crypto lib has been built and
is present in the destdir, instead.

As a wild guess (because I don't do things this way), try

  make USETOOLS=no DESTDIR=/ cleandir dependall

to have the build look for libs, and then install the new bits, in the
running system, rather than a destdir specifically for this build.

As an example, I build for netbsd 9, 10, and current, for about 4
architectures, on a single netbsd-10 amd64 system.  So the cross build
system must keep all of the intermediate products segregated by version
and arch - and it does.   I think you are running into that expectation
and that isolation also needs to be disabled.

I personally just do a full build and invoke build.sh.  I use a wrapper
so it looks like

  ./build.sh -m amd64 -j1 -x -u -U -O /usr/obj/gdt-10/amd64 -T /usr/obj/gdt-10/tools -D /usr/obj/gdt-10/destdir/amd64 -R /usr/obj/gdt-10/releasedir -X /n0/gdt/NetBSD-10/xsrc release

but it will pick defaults and you pretty much don't need to give any of those.

You are doing the right thing by posting here.   If the instructions in
the SA don't work, someone(tm) should fix them.

Hope this helps.

References:
- Failed to build OpenSSH
  - From: janicetr

Prev by Date: Re: Failed to build OpenSSH
Next by Date: Security -- test NetBSD
Previous by Thread: Re: Failed to build OpenSSH
Next by Thread: Re: Failed to build OpenSSH
Indexes:

Home | Main Index | Thread Index | Old Index