[MacPorts] #59016: [openssh/openssl] : Apple keychain patch update should have blocked openssl upgrade
MacPorts
noreply at macports.org
Tue Oct 15 05:10:24 UTC 2019
#59016: [openssh/openssl] : Apple keychain patch update should have blocked openssl
upgrade
----------------------+----------------------
Reporter: RJVB | Owner: Ionic
Type: defect | Status: accepted
Priority: Normal | Milestone:
Component: ports | Version:
Resolution: | Keywords: security
Port: openssh |
----------------------+----------------------
Comment (by Ionic):
I could have released the update today, if life were easy.
Sadly, it's not. Apple's new implementation of the keychain integration
depends upon new features in their `Security` framework, including, what
seems to be, a private header. I don't know if that's even installed on
user systems.
I wasn't able to find a file called `SecItemPriv.h` anywhere within
`/System/` on a 10.13 box, but Apple's openssh implementation uses it.
They probably can do this because they have special SDK/Frameworks and
build everything in an Xcode environment, but for MacPorts, that behavior
is not ideal.
I'll need more time to figure out what to do. Maybe I can ship shim
definitions just for the needed parts, but I'll have to see whether the
`Security` frameworks (esp. on older platforms) even provide the needed
functionality. If not, I'll have to revert the patch to an older,
pre-`Security`-framework version and adapt it myself.
--
Ticket URL: <https://trac.macports.org/ticket/59016#comment:14>
MacPorts <https://www.macports.org/>
Ports system for macOS
More information about the macports-tickets
mailing list