Opened 6 months ago

Last modified 4 weeks ago

#60385 new defect

openssh failed to build on leopard powerpc

Reported by: bryancn Owned by:
Priority: Normal Milestone:
Component: ports Version: 2.6.2
Keywords: leopard powerpc haspatch Cc: udbraumann
Port: openssh

Description (last modified by kencu (Ken))

After some trial & error, got all the dependencies to install with:

sudo port install openssh configure.compiler=macports-gcc-6

but then:

:info:build make: *** [sshconnect2.o] Error 1
:info:build make: *** Waiting for unfinished jobs....
:info:build keychain.m:66:31: fatal error: Security/SecItem.h: No such file or directory
:info:build  #  import <Security/SecItem.h>
:info:build                                ^
:info:build compilation terminated.
:info:build make: *** [keychain.o] Error 1
:info:build make: Leaving directory `/opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_net_openssh/openssh/work/openssh-8.1p1'
:info:build Command failed:  cd "/opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_net_openssh/openssh/work/openssh-8.1p1" && /usr/bin/make -j4 -w all 
:info:build Exit code: 2
:error:build Failed to build openssh: command execution failed

Attachments (3)

main.log (510.1 KB) - added by bryancn 6 months ago.
Log
main_udbraumann.log (285.1 KB) - added by udbraumann 6 months ago.
$ sudo port -s upgrade openssh configure.compiler=macports-gcc-7
Portfile (12.2 KB) - added by khepler 6 months ago.
Portfile with osx_keychain variant (enabled by default on 10.6+)

Download all attachments as: .zip

Change History (14)

Changed 6 months ago by bryancn

Attachment: main.log added

Log

comment:1 Changed 6 months ago by kencu (Ken)

Description: modified (diff)
Keywords: openssh removed

comment:2 Changed 6 months ago by kencu (Ken)

yes, looks like that header didn't exist until MacOSX10.6.sdk:

/Developer/SDKs/MacOSX10.6.sdk/System/Library/Frameworks/Security.framework/Versions/A/Headers/SecItem.h
/Developer/SDKs/MacOSX10.7.sdk/System/Library/Frameworks/Security.framework/Versions/A/Headers/SecItem.h
/Developer/SDKs/MacOSX10.8.sdk/System/Library/Frameworks/Security.framework/Versions/A/Headers/SecItem.h
/Developer/SDKs/MacOSX10.9.sdk/System/Library/Frameworks/Security.framework/Versions/A/Headers/SecItem.h
/Developer/SDKs/MacOSX10.10.sdk/System/Library/Frameworks/Security.framework/Versions/A/Headers/SecItem.h
/Developer/SDKs/MacOSX10.11.sdk/System/Library/Frameworks/Security.framework/Versions/A/Headers/SecItem.h
/Developer/SDKs/MacOSX10.13.sdk/System/Library/Frameworks/Security.framework/Versions/A/Headers/SecItem.h

So in this situation, you need to do some sleuthing... when did openssh change to need that header? Is there an acceptable older version available that didn't need that header that can do what you need? Is there an option in openssh that lets you avoid that header somehow (probably there is -- that is a Mac-OS specific header and there is sure to be another pathway for linux systems that might work for Leopard)? Can you hack around that header in some way, replacing what it is looking for with something similar that can do the same job?

The easy way out is to just say "10.6 and greater only" and disable it from building on 10.5 and less, but that is cheating :>

Last edited 6 months ago by kencu (Ken) (previous) (diff)

comment:3 Changed 6 months ago by kencu (Ken)

openssh got some heavy surgery last fall, and the changes make building on powerpc just now impossible.

It is probably fixable though -- a starting point would be to undo the default change to use Apple's KeyChain and then go from there. It looks like a project at this point in time, though.

comment:4 Changed 6 months ago by udbraumann

Interestingly, when I try to upgrade openssh from 7.6p1_5 to 8.1p1_9 on 10.5.8 PPC 32bit, building also stops around sshconnect2.c, but apparently a bit earlier inside keychain.h issuing a syntax error:

...
:info:build /opt/local/bin/gcc-mp-7 -pipe -Os -arch ppc -pipe -Wno-error=format-truncation -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE   -I. -I. -I/opt/local/include -I/opt/local/include -I/opt/local/include -DBROKEN_STRNVIS=1 -D__APPLE_API_STRICT_CONFORMANCE -I/opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_release_ports_net_openssh/openssh/work/include -I/opt/local/include/editline -I/opt/local/include -I/opt/local/include -D__APPLE_KEYCHAIN__ -D__APPLE_MEMBERSHIP__ -D__APPLE_TMPDIR__ -D__APPLE_LAUNCHD__ -DSSHDIR=\"/opt/local/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/opt/local/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/opt/local/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/opt/local/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/opt/local/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/opt/local/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_PIDDIR=\"/opt/local/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c sshconnect2.c -o sshconnect2.o
:info:build In file included from sshconnect2.c:77:0:
:info:build keychain.h:36:41: error: expected ')' before '^' token
:info:build  int  load_identities_from_keychain(int (^add_identity)(const char *identity));
:info:build                                          ^
:info:build make: *** [sshconnect2.o] Error 1
:info:build make: Leaving directory `/opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_release_ports_net_openssh/openssh/work/openssh-8.1p1'
...

Admittedly, I used gcc7 instead of gcc6.

comment:5 Changed 6 months ago by udbraumann

Cc: udbraumann added

Changed 6 months ago by udbraumann

Attachment: main_udbraumann.log added

$ sudo port -s upgrade openssh configure.compiler=macports-gcc-7

comment:6 Changed 6 months ago by kencu (Ken)

that particular error, with "^" is because Leopard doesn't come with "blocks".

It can be fixed in many cases using the port libblocksruntime. I can't recall if I did this on PPC with gcc yet...I do it on 10.4 and 10.5 Intel sustems using clang, and on clang you use the "-fblocks" flag.

I think the keychain approach is a quagmire... I hope you know how to hold back a port if you're using ppc leopard, and you may get some inspiration from my LeopardPorts overlay.

comment:7 Changed 6 months ago by udbraumann

Well, actually my ssh as of openssh @7.6p1_5 is broken:

$ ssh
dyld: Library not loaded: /opt/local/lib/libcrypto.1.0.0.dylib
  Referenced from: /opt/local/bin/ssh
  Reason: image not found
Trace/BPT trap

What can I do? I have a very recent libcrypto installed (which port does is belong to?):

$ ls -al /opt/local/lib/libcrypto*
-rwxr-xr-x  1 root  admin  4353280 Apr 29 09:56 /opt/local/lib/libcrypto.1.1.dylib
-rw-r--r--  1 root  admin  6493440 Apr 29 09:56 /opt/local/lib/libcrypto.a
lrwxr-xr-x  1 root  admin       19 Apr 29 09:56 /opt/local/lib/libcrypto.dylib -> libcrypto.1.1.dylib

And no, I actually forgot how to hold back a port, would be glad for some advice.

comment:8 Changed 6 months ago by khepler

As a quick test I disabled the Keychain patch for Leopard:

--- /opt/local/var/macports/sources/rsync.macports.org/release/tarballs/ports/net/openssh/Portfile      2020-04-27 12:03:19.000000000 -0700
+++ Portfile    2020-05-02 13:08:53.000000000 -0700
@@ -50,7 +50,6 @@
                         pam.patch \
                         patch-sandbox-darwin.c-apple-sandbox-named-external.diff \
                         patch-sshd.c-apple-sandbox-named-external.diff \
-                        0002-Apple-keychain-integration-other-changes.patch \
                         macports-config.patch \
                         patch-openbsd_compat-memmem-bug.diff

@@ -105,6 +104,9 @@
     use_parallel_build  yes

     platform macosx {
+        if {${os.major} > 9} {
+            patchfiles-append 0002-Apple-keychain-integration-other-changes.patch
+
         if {${os.major} <= 11} {
             # clang is required to build the new Apple Keychain integration due
             # to it using the Object Subscripting feature, c.f. #59397.
@@ -119,6 +121,7 @@
             compiler.blacklist-append   *gcc* cc {clang < 421}
         }
     }
+    }

     destroot.target     install-nokeys

After removing the patch, openssh-8.1p1_9 compiles with the default compiler and runs fine.

I would like to see the osx_keychain variant return, since in my experience Keychain integration has been broken on Leopard for about ten years. The variant at least allows Leopard users to build OpenSSH. Attaching a suggested Portfile.

Changed 6 months ago by khepler

Attachment: Portfile added

Portfile with osx_keychain variant (enabled by default on 10.6+)

comment:9 Changed 6 months ago by kencu (Ken)

that's good news, thanks for checking that out. I'll see if we can come up with something -- probably using the keychain where it works and disabling it where it doesn't would be the accepted approach.

comment:10 in reply to:  8 Changed 6 months ago by udbraumann

Replying to khepler:

...

I would like to see the osx_keychain variant return, since in my experience Keychain integration has been broken on Leopard for about ten years. The variant at least allows Leopard users to build OpenSSH. Attaching a suggested Portfile.

Thank you, using your Portfile openssh @8.1p1_9 indeed could be built on my 10.5.8 PPC!

comment:11 Changed 4 weeks ago by ryandesign (Ryan Schmidt)

Keywords: haspatch added
Summary: openssh filed to build on leopard powerpcopenssh failed to build on leopard powerpc
Note: See TracTickets for help on using tickets.