search

NixOS / nixpkgs

Nix Packages collection & NixOS
MIT License
17.33k stars 13.57k forks source link

`openssh_hnpWithKerberos` is broken after 9.8p1 upgrade #334154

Closed knl closed 2 weeks ago

knl commented 1 month ago

Describe the bug

After 2efa5e16a246a7b5fe8dc4c6016bc792e1e8febb that upgraded openssh to 9.8p1, openssh_hpnWithKerberos variant is broken on M1 darwin.

Steps To Reproduce

Run:

nix-build . -A openssh_hpnWithKerberos

it results in the following error during build:

clang -g -O2 -pipe -Wunknown-warning-option -Wno-error=format-truncation -Qunused-arguments -Wall -Wextra -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-parameter -Wno-unused-result -Wimplicit-fallthrough -Wmisleading-indentation -Wbitwise-instead-of-logical -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fzero-call-used-regs=used -ftrivial-auto-var-init=zero -mretpoline -fno-builtin-memset -fPIE   -I. -I.  -I/nix/store/mq54c8ad4xwz4kxfvp8a8dikn54bs5af-libedit-20230828-3.1-dev/include -I/nix/store/mq54c8ad4xwz4kxfvp8a8dikn54bs5af-libedit-20230828-3.1-dev/include/editline -DOPENSSL_API_COMPAT=0x10100000L -I/nix/store/7fwcz4y37jj6ms17yj9hwqbmhzjaxhj9-openssl-3.0.14-dev/include -I/nix/store/7qylgi7x7lg3sx67x7762jpk42dlbjwf-libfido2-1.14.0-dev/include -I/nix/store/2asbcall3cnj3172d2gimjr6h7kh0pyh-libkrb5-1.21.2-dev/include -I/nix/store/2asbcall3cnj3172d2gimjr6h7kh0pyh-libkrb5-1.21.2-dev/include -DSSHDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/nix/store/5damn83fmlpblhabvx8fc564cjq6wi6z-openssh-with-hpn-9.8p1/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/nix/store/5damn83fmlpblhabvx8fc564cjq6wi6z-openssh-with-hpn-9.8p1/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/nix/store/5damn83fmlpblhabvx8fc564cjq6wi6z-openssh-with-hpn-9.8p1/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"ssh-keysign\" -D_PATH_SSHD_SESSION=\"/nix/store/5damn83fmlpblhabvx8fc564cjq6wi6z-openssh-with-hpn-9.8p1/libexec/sshd-session\" -D_PATH_SSH_PKCS11_HELPER=\"/nix/store/5damn83fmlpblhabvx8fc564cjq6wi6z-openssh-with-hpn-9.8p1/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/nix/store/5damn83fmlpblhabvx8fc564cjq6wi6z-openssh-with-hpn-9.8p1/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c servconf.c -o servconf.o
sshd.c:972:4: note: insert '__attribute__((fallthrough));' to silence this warning
                        case 0:
                        ^
                        __attribute__((fallthrough));
sshd.c:972:4: note: insert 'break;' to avoid fall-through
                        case 0:
                        ^
                        break;
sshd.c:1702:7: warning: 'daemon' is deprecated: first deprecated in macOS 10.5 - Use posix_spawn APIs instead. [-Wdeprecated-declarations]
                if (daemon(0, 0) == -1)
                    ^
/nix/store/na9g3654cpwgsbivqcssqy225x3kafsn-libSystem-11.0.0/include/stdlib.h:292:6: note: 'daemon' has been explicitly marked deprecated here
int      daemon(int, int) __DARWIN_1050(daemon) __OSX_AVAILABLE_BUT_DEPRECATED_MSG(__MAC_10_0, __MAC_10_5, __IPHONE_2_0, __IPHONE_2_0, "Use posix_spawn APIs instead.") __WATCHOS_PROHIBITED __TVOS_PROHIBITED;
         ^
sshd.c:1767:2: error: call to undeclared function 'channel_set_hpn'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
        channel_set_hpn(options.hpn_disabled, options.hpn_buffer_size);
        ^
3 warnings and 1 error generated.

Notify maintainers

@LeSuisse @tomberek

Metadata

Please run nix-shell -p nix-info --run "nix-info -m" and paste the result.

[user@system:~]$ nix-shell -p nix-info --run "nix-info -m"
these 2 paths will be fetched (0.01 MiB download, 0.11 MiB unpacked):
  /nix/store/gkgm1xi2linhkm9zf0ili8i0d3nvbxpv-DarwinTools-1
  /nix/store/gwxwlbb8fs84afdr00j3psymx7n3c8px-nix-info
copying path '/nix/store/gkgm1xi2linhkm9zf0ili8i0d3nvbxpv-DarwinTools-1' from 'https://cache.nixos.org'...
copying path '/nix/store/gwxwlbb8fs84afdr00j3psymx7n3c8px-nix-info' from 'https://cache.nixos.org'...
 - system: `"aarch64-darwin"`
 - host os: `Darwin 23.5.0, macOS 14.5`
 - multi-user?: `yes`
 - sandbox: `no`
 - version: `nix-env (Nix) 2.21.2`
 - nixpkgs: `/nix/store/79mlxr82p9zvxjy6j6kmb1j4rsjhqs0r-nixpkgs-src`

Add a :+1: reaction to issues you find important.

knl commented 4 weeks ago

Adding #include "channels.h" to sshd.c fixes the issue for me, I'm now trying to figure out why it only shows up on darwin-aarch64.

knl commented 4 weeks ago

Seems that 9.7p1->9.8p1 change removed the include directive: https://github.com/openssh/openssh-portable/compare/V_9_7_P1...V_9_8_P1 -- so it's not clear to me why this succeeds on linux/FreeBSD and fails on darwin.

knl commented 4 weeks ago

I'm now trying to fix this upstream, in freebsd ports, where we pull hpn patches from.