homebrew-openssh-gssapi icon indicating copy to clipboard operation
homebrew-openssh-gssapi copied to clipboard

Published 20 hours ago verified publisher icon rdp

Incompatible with latest OpenSSL

Open reuterbal opened this issue 1 year ago • 12 comments

The formula fails with the following error:

==> ./configure --with-libedit --with-kerberos5 --prefix=/opt/homebrew/Cellar/openssh-patched/8.4p1 --sysconfdir=/opt/homebrew/etc/ssh --with-pam --with-ssl-dir
Last 15 lines from /Users/xxx/Library/Logs/Homebrew/openssh-patched/02.configure:
checking whether snprintf correctly terminates long strings... yes
checking whether snprintf understands %zu... yes
checking whether vsnprintf returns correct values on overflow... yes
checking whether snprintf can declare const char *fmt... no
checking for (overly) strict mkstemp... no
checking whether AI_NUMERICSERV is declared... yes
checking for working strnvis... no
checking if SA_RESTARTed signals interrupt select()... yes
checking for getpgrp... yes
checking if getpgrp accepts zero args... yes
checking for openssl/opensslv.h... yes
checking OpenSSL header version... 30100000 (OpenSSL 3.1.0 14 Mar 2023)
checking for OpenSSL_version... yes
checking for OpenSSL_version_num... yes
checking OpenSSL library version... configure: error: Unknown/unsupported OpenSSL version ("30100000 (OpenSSL 3.1.0 14 Mar 2023)")

I suspect this is related: https://bugzilla.mindrot.org/show_bug.cgi?id=3548

reuterbal avatar Mar 20 '23 22:03 reuterbal

Dang I don't have an easy way to test on OS X anymore...hmm...

On Mon, Mar 20, 2023 at 4:12 PM Balthasar Reuter @.***> wrote:

The formula fails with the following error:

==> ./configure --with-libedit --with-kerberos5 --prefix=/opt/homebrew/Cellar/openssh-patched/8.4p1 --sysconfdir=/opt/homebrew/etc/ssh --with-pam --with-ssl-dir Last 15 lines from /Users/xxx/Library/Logs/Homebrew/openssh-patched/02.configure: checking whether snprintf correctly terminates long strings... yes checking whether snprintf understands %zu... yes checking whether vsnprintf returns correct values on overflow... yes checking whether snprintf can declare const char *fmt... no checking for (overly) strict mkstemp... no checking whether AI_NUMERICSERV is declared... yes checking for working strnvis... no checking if SA_RESTARTed signals interrupt select()... yes checking for getpgrp... yes checking if getpgrp accepts zero args... yes checking for openssl/opensslv.h... yes checking OpenSSL header version... 30100000 (OpenSSL 3.1.0 14 Mar 2023) checking for OpenSSL_version... yes checking for OpenSSL_version_num... yes checking OpenSSL library version... configure: error: Unknown/unsupported OpenSSL version ("30100000 (OpenSSL 3.1.0 14 Mar 2023)")

I suspect this is related: https://bugzilla.mindrot.org/show_bug.cgi?id=3548

— Reply to this email directly, view it on GitHub https://github.com/rdp/homebrew-openssh-gssapi/issues/12, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAADBUGGTRP4PSGCLLPQNNDW5DI6LANCNFSM6AAAAAAWBVRV5U . You are receiving this because you are subscribed to this thread.Message ID: @.***>

rdp avatar Mar 23 '23 01:03 rdp

A temporary workaround is to compile against libressl instead of OpenSSL, which got me working at least.

reuterbal avatar Mar 23 '23 09:03 reuterbal

@reuterbal -- Can you elaborate on how you worked around the problem using libressl?

srmadsen avatar Apr 05 '23 15:04 srmadsen

Until I get this all figured out, macports is an option... :)

rdp avatar Apr 05 '23 18:04 rdp

I worked around it be symlinking openssl@3 (3.1.0) to [email protected] (3.0.8). That resulted in:

MacBook:srmadsen> ls -al /opt/homebrew/Cellar/openssl@3*
/opt/homebrew/Cellar/openssl@3:
total 0
drwxr-xr-x   4 srmadsen  admin   128 Apr  5 10:37 .
drwxrwxr-x  41 srmadsen  admin  1312 Apr  5 10:41 ..
lrwxr-xr-x   1 srmadsen  admin    21 Apr  5 10:37 3.1.0 -> ../[email protected]/3.0.8/
drwxr-xr-x  14 srmadsen  admin   448 Apr  5 10:30 3.1.0-bad

/opt/homebrew/Cellar/[email protected]:
total 0
drwxr-xr-x   3 srmadsen  admin    96 Apr  5 10:35 .
drwxrwxr-x  41 srmadsen  admin  1312 Apr  5 10:41 ..
drwxr-xr-x  14 srmadsen  admin   448 Apr  5 09:53 3.0.8

Then I rebuilt openssh-patched

srmadsen avatar Apr 05 '23 22:04 srmadsen

@srmadsen This is the workaround:

diff --git a/Formula/openssh-patched.rb b/Formula/openssh-patched.rb
index cd49ce3..63a0862 100644
--- a/Formula/openssh-patched.rb
+++ b/Formula/openssh-patched.rb
@@ -15,7 +15,7 @@ class OpensshPatched < Formula

   depends_on "autoconf" => :build # if build.with? "keychain-support"
   depends_on "automake" => :build
-  depends_on "openssl"
+  depends_on "libressl"
   depends_on "ldns" => :optional
   depends_on "pkg-config" => :build if build.with? "ldns"

@@ -78,7 +78,7 @@ class OpensshPatched < Formula
       --prefix=#{prefix}
       --sysconfdir=#{etc}/ssh
       --with-pam
-      --with-ssl-dir=#{Formula["openssl"].opt_prefix}
+      --with-ssl-dir=#{Formula["libressl"].opt_prefix}
     ]

     args << "--with-ldns" if build.with? "ldns"

reuterbal avatar Apr 11 '23 07:04 reuterbal

OK so probably incompat with openssl 3.1 ... hmm...

rdp avatar Apr 11 '23 22:04 rdp

@rdp -- in the first post on this thread, a link is given to a bugzilla issue that has to do with semantic versioning. Looks like that is the root cause -- IMO.

srmadsen avatar Apr 12 '23 01:04 srmadsen

I had problems with libressl on some servers and switched back to openssh. To get it working I took the patch from the first post and added the current version to the checks in configure.ac.

diff --git a/Formula/openssh-patched.rb b/Formula/openssh-patched.rb
index cd49ce3..53ca4c2 100644
--- a/Formula/openssh-patched.rb
+++ b/Formula/openssh-patched.rb
@@ -21,6 +21,11 @@ class OpensshPatched < Formula
 
   conflicts_with 'openssh'
 
+  patch do
+    url "https://gist.githubusercontent.com/jheuel/aeb17002acf1cc8bed677f2b635ceae7/raw/ca4b0f9dac2ce58c4f480f75626151402cf31f5e/openssl-version-3.1.1.patch"
+    sha256 "dc06ca21d7dd99c4031be940bdb8bd649f69e2e5ddf289f9e5d674a8d0086da4"
+  end
+
   if build.with? "keychain-support"
     patch do
       url "https://gist.githubusercontent.com/leonklingele/01c01e6d9d143fa5b1df8e2354d808e4/raw/b509dedea2a6a4bab3dc75f7be2a7a1ac1cfb24e/0001-apple-keychain-integration-other-changes.patch"

jheuel avatar Jul 06 '23 10:07 jheuel

brew is now up to openssl version 3.2.1 and 3.0.13. I tried the trick of of replacing /opt/homebrew/Cellar/openssl@3/3.2.1 with a symlink to ../[email protected]/3.0.13/ but now when I build I get

...
==> autoreconf -i
==> ./configure --with-libedit --with-kerberos5 --sysconfdir=/opt/homebrew/etc/s
==> make
Last 15 lines from /Users/dwd/Library/Logs/Homebrew/openssh-patched/03.make:
make[1]: *** [bsd-closefrom.o] Error 1
make: *** [sshkey.o] Error 1
In file included from sshbuf-misc.c:18:
./includes.h:168:10: fatal error: 'openssl/opensslv.h' file not found
#include <openssl/opensslv.h> /* For OPENSSL_VERSION_NUMBER */
         ^~~~~~~~~~~~~~~~~~~~
1 error generated.
make: *** [sshbuf-misc.o] Error 1
In file included from bsd-cygwin_util.c:31:
../includes.h:168:10: fatal error: 'openssl/opensslv.h' file not found
#include <openssl/opensslv.h> /* For OPENSSL_VERSION_NUMBER */
         ^~~~~~~~~~~~~~~~~~~~
1 error generated.
make[1]: *** [bsd-cygwin_util.o] Error 1
make: *** [openbsd-compat/libopenbsd-compat.a] Error 2

which I don't understand because openssl/opensslv.h does exist in there. Any hints on how to debug?

DrDaveD avatar Feb 08 '24 23:02 DrDaveD

DrDaveD,

Wow, it’s been ages since I solved that problem on my Mac. However, it appears that I am now using:

OpenSSL 3.2.0 23 Nov 2023 (Library: OpenSSL 3.2.0 23 Nov 2023)

So it appears that I no longer need that hack.

Reid

On Feb 8, 2024, at 4:06 PM, DrDaveD @.***> wrote:

[External Email]

brew is now up to openssl version 3.2.1 and 3.0.13. I tried the trick of of replacing @./3.2.1 with a symlink to ..@./3.0.13/ but now when I build I get

... ==> autoreconf -i ==> ./configure --with-libedit --with-kerberos5 --sysconfdir=/opt/homebrew/etc/s ==> make Last 15 lines from /Users/dwd/Library/Logs/Homebrew/openssh-patched/03.make: make[1]: *** [bsd-closefrom.o] Error 1 make: *** [sshkey.o] Error 1 In file included from sshbuf-misc.c:18: ./includes.h:168:10: fatal error: 'openssl/opensslv.h' file not found #include <openssl/opensslv.h> /* For OPENSSL_VERSION_NUMBER / ^~~~~~~~~~~~~~~~~~~~ 1 error generated. make: *** [sshbuf-misc.o] Error 1 In file included from bsd-cygwin_util.c:31: ../includes.h:168:10: fatal error: 'openssl/opensslv.h' file not found #include <openssl/opensslv.h> / For OPENSSL_VERSION_NUMBER */ ^~~~~~~~~~~~~~~~~~~~ 1 error generated. make[1]: *** [bsd-cygwin_util.o] Error 1 make: *** [openbsd-compat/libopenbsd-compat.a] Error 2

which I don't understand because openssl/opensslv.h does exist in there. Any hints on how to debug?

— Reply to this email directly, view it on GitHubhttps://github.com/rdp/homebrew-openssh-gssapi/issues/12#issuecomment-1935071838, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AAQ4VB3HVHTO434IXJTEIYDYSVK6LAVCNFSM6AAAAAAWBVRV5WVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMZVGA3TCOBTHA. You are receiving this because you were mentioned.Message ID: @.***>

srmadsen avatar Feb 09 '24 03:02 srmadsen

@srmadsen Are you able to install this ssh version with that openssl version? When I run on Sonoma 14.3

brew install rdp/homebrew-openssh-gssapi/openssh-patched --with-gssapi-support --with-keychain-support

it ends up in

checking OpenSSL library version... configure: error: Unknown/unsupported OpenSSL version ("30200010 (OpenSSL 3.2.1 30 Jan 2024)")

DrDaveD avatar Feb 12 '24 21:02 DrDaveD