Re: CVS commit: pkgsrc/security/openssh

To: Tobias Nygren <tnn%NetBSD.org@localhost>
Subject: Re: CVS commit: pkgsrc/security/openssh
From: Greg Troxel <gdt%lexort.com@localhost>
Date: Mon, 06 Nov 2023 19:39:44 -0500

Tobias Nygren <tnn%NetBSD.org@localhost> writes:

> On Mon, 6 Nov 2023 10:06:00 +0000
> Jonathan Perkin <jperkin%pkgsrc.org@localhost> wrote:
>
>> * On 2023-11-06 at 09:59 GMT, Thomas Klausner wrote:
>> 
>> >I wanted it enabled for macOS (works for me there) too. What is the
>> >problem with enabling it in general?
>> 
>> https://us-central.manta.mnx.io/pkgsrc/public/reports/trunk/x86_64/20231102.1803/libfido2-1.13.0nb1/configure.log
>> 
>> I don't know what other platforms aren't supported.
>
> libfido2's src/CMakeLists.txt is explicit about which platforms are supported:
>
> elseif(APPLE)
>         list(APPEND FIDO_SOURCES hid_osx.c)
> elseif(CMAKE_SYSTEM_NAME STREQUAL "Linux")
>         list(APPEND FIDO_SOURCES hid_linux.c hid_unix.c)
> elseif(CMAKE_SYSTEM_NAME STREQUAL "NetBSD")
>         list(APPEND FIDO_SOURCES hid_netbsd.c hid_unix.c)
> elseif(CMAKE_SYSTEM_NAME STREQUAL "OpenBSD")
>         list(APPEND FIDO_SOURCES hid_openbsd.c hid_unix.c)
> elseif(CMAKE_SYSTEM_NAME STREQUAL "FreeBSD" OR
>     CMAKE_SYSTEM_NAME STREQUAL "MidnightBSD")
>         list(APPEND FIDO_SOURCES hid_freebsd.c hid_unix.c)
>
> The obviously correct solution here is enable it for those platforms and those only.

I have marked libfido2 BROKEN_EXCEPT_ON, as it lacks support for at
least SunOS where usbhid ought to work.  Plus upstream has usbhid as an
option that can be turned off, and if anybody cared about this on
retro-UNIX they could add an option.

I have open-coded this into openssh, so the fido option is on for the
above list.

It would be nice if there was a way to put the list in one place so that
one could query it via bl3 or something like that, but I am pretty sure
we don't have general facility (hence rust/platform.mk).

I think we've landed in a place where

  openssh has fido2 support on all systems where libfido2 builds with
  usbhid support

  I expect libfido2 to either hit BROKEN_ON or build

  I expect openssh not to fail because of libfido2 anwwhere.

(What remains is implementing libfido2/src/hid_sunos.c.)

References:
- Re: CVS commit: pkgsrc/security/openssh
  - From: Thomas Klausner
- Re: CVS commit: pkgsrc/security/openssh
  - From: Jonathan Perkin
- Re: CVS commit: pkgsrc/security/openssh
  - From: Tobias Nygren

Prev by Date: Re: CVS commit: pkgsrc/security/openssh
Next by Date: Re: Committer Request for wip/herbe
Previous by Thread: Re: CVS commit: pkgsrc/security/openssh
Indexes:

Home | Main Index | Thread Index | Old Index