[MacPorts] #59397: openssh @8.1_1: fails to build on 10.6: audit-bsm.c:66:10: fatal error: 'bsm/audit_session.h' file not found

MacPorts noreply at macports.org
Sat Oct 26 04:45:11 UTC 2019 

#59397: openssh @8.1_1: fails to build on 10.6: audit-bsm.c:66:10: fatal error:
'bsm/audit_session.h' file not found
-------------------------+----------------------------------------
  Reporter:  grumpybozo  |      Owner:  Ionic
      Type:  defect      |     Status:  closed
  Priority:  Normal      |  Milestone:
 Component:  ports       |    Version:  2.6.1
Resolution:  fixed       |   Keywords:  snowleopard lion legacy-os
      Port:  openssh     |
-------------------------+----------------------------------------

Comment (by iEFdev):

 Thanks! It built fine now. :+1:

 Been doing some quick tests to give some feedback on the install.

 -----


 It installed fine. Made a testkey with ssh-keygen and was then about to
 add the key with ssh-add.

 {{{
 $ sudo port upgrade openssh
 --->  // ... //

 $ port installed openssh
 The following ports are currently installed:
   openssh @8.1p1_1+gsskex+kerberos5+ldns+xauth (active)

 $ ssh-keygen -t ed25519 -o -a 100 -f ~/.ssh/id_test -C "Eric F :: $(date
 "+%F")"
 Generating public/private ed25519 key pair.
 Enter passphrase (empty for no passphrase):
 Enter same passphrase again:
 Your identification has been saved in $HOME/.ssh/id_test.
 Your public key has been saved in $HOME/.ssh/id_test.pub.
 The key fingerprint is:
 SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Eric F :: 2019-10-26
 The key's randomart image is:
 +--[ED25519 256]--+
 | o.B=+           |
 |  * +. .         |
 | . +E . .        |
 |+ . .. ..o.      |
 | * o . oS+..     |
 |  O o o.=o+      |
 | o +.o =.+.      |
 |  oo .+ =. .     |
 |  ... .o.=o      |
 +----[SHA256]-----+

 $ ssh-add -K "~/.ssh/id_test"
 usage: ssh-add [options] [file ...]
 Options:
   -l          List fingerprints of all identities.
   -E hash     Specify hash algorithm used for fingerprints.
   -L          List public key parameters of all identities.
   -k          Load only keys and not certificates.
   -c          Require confirmation to sign using identities
   -m minleft  Maxsign is only changed if less than minleft are left (for
 XMSS)
   -M maxsign  Maximum number of signatures allowed (for XMSS)
   -t life     Set lifetime (in seconds) when adding identities.
   -d          Delete identity.
   -D          Delete all identities.
   -x          Lock agent.
   -X          Unlock agent.
   -s pkcs11   Add keys from PKCS#11 provider.
   -e pkcs11   Remove keys provided by PKCS#11 provider.
   -T pubkey   Test if ssh-agent can access matching private key.
   -q          Be quiet after a successful operation.
   -v          Be more verbose.
   -A          Add all identities stored in your macOS keychain.
   -K          Store passphrases in your macOS keychain.
               With -d, remove passphrases from your macOS keychain.
 }}}

 So, it didn't want to add the key. It just returned the list of options.

 But the output looks ok, with `-A, -K [-d]` included.

 I could ssh/login to a webhost, and push with git, run a backupscript
 (rsync) - so it seems like it can read the keychain anyway.

 -----


 Notice 1: The man pages… The output is different between, `man ssh-add`
 and if you open it in a separate window (like: `open x-man-page://ssh-
 add`). Both with same date in the bottom (Oct 26, 2019). That was odd, or
 does the man pages use a dynamic date value (todays date)? ...like it's
 loading an old cached one with current date added.

 Notice 2: I saw briefly duing the config/build that the process creates a
 folder with a symlink: `../work/include/security`. It looks like a dead
 symlink. When looking at it, it symlinks to `/usr/include/pam`:

 {{{
 $ ls -Ahl
 /opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_net_openssh/openssh/work/include/security
 lrwxr-xr-x  1 macports  admin    16B Oct 26 06:18
 /opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_net_openssh/openssh/work/include/security
 -> /usr/include/pam
 $ ls -Ahl /usr/include/pam
 ls: /usr/include/pam: No such file or directory
 }}}

 There's nothing named `*pam*` in `/usr/include`, but there is a
 `/usr/include/security` folder which includes the pam files.

 Perhaps there are different locations in different OS X/macOS versions?

 // Don't know if that one is important or not, but thought I should
 mention it (as a notice).

 -----



 So, adding keys doesn't work. (Perhaps we should make a separate ticket
 for that?)

 Anyway… I tried to see where the code was added (for `-K`), but it
 actually looks like the patches only fixed the man pages and never adds it
 as an option. Like it's not implemented.

 Reproduce with:

 {{{
 sudo port patch openssh

 # goto: ../work/openssh-8.1p1/ssh-add.c
 # Line: 641 ->
 }}}

 Can you run: `ssh-add -K /path/to/key` on your 10.9?


 // In worst case (until it's fixed) I can always use the old bundled one
 to add it to the keychain.

-- 
Ticket URL: <https://trac.macports.org/ticket/59397#comment:36>
MacPorts <https://www.macports.org/>
Ports system for macOS

More information about the macports-tickets mailing list