ssh: generate SK config file using private cbor and fido2 libs
Specify -lprivatecbor and -lprivatefido2 in OpenSSH's configure.ac, and pass -I paths to libcbor and libfido2's contrib src location. MFC after: 3 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D34440
This commit is contained in:
parent
e36c256040
commit
73104d5838
@ -3263,16 +3263,16 @@ if test "x$enable_sk" = "xyes" -a "x$enable_sk_internal" = "xyes" ; then
|
|||||||
LIBFIDO2=`$PKGCONFIG --libs libfido2`
|
LIBFIDO2=`$PKGCONFIG --libs libfido2`
|
||||||
CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libfido2`"
|
CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libfido2`"
|
||||||
else
|
else
|
||||||
LIBFIDO2="-lfido2 -lcbor"
|
LIBFIDO2="-lprivatefido2 -lprivatecbor"
|
||||||
fi
|
fi
|
||||||
OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'`
|
OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'`
|
||||||
AC_CHECK_LIB([fido2], [fido_init],
|
AC_CHECK_LIB([privatefido2], [fido_init],
|
||||||
[
|
[
|
||||||
AC_SUBST([LIBFIDO2])
|
AC_SUBST([LIBFIDO2])
|
||||||
AC_DEFINE([ENABLE_SK_INTERNAL], [],
|
AC_DEFINE([ENABLE_SK_INTERNAL], [],
|
||||||
[Enable for built-in U2F/FIDO support])
|
[Enable for built-in U2F/FIDO support])
|
||||||
enable_sk="built-in"
|
enable_sk="built-in"
|
||||||
], [ AC_MSG_ERROR([no usable libfido2 found]) ],
|
], [ AC_MSG_ERROR([no usable libprivatefido2 found]) ],
|
||||||
[ $OTHERLIBS ]
|
[ $OTHERLIBS ]
|
||||||
)
|
)
|
||||||
saved_LIBS="$LIBS"
|
saved_LIBS="$LIBS"
|
||||||
|
@ -12,7 +12,6 @@ configure_args="
|
|||||||
--with-libedit
|
--with-libedit
|
||||||
--with-ssl-engine
|
--with-ssl-engine
|
||||||
--without-xauth
|
--without-xauth
|
||||||
--without-security-key-builtin
|
|
||||||
"
|
"
|
||||||
|
|
||||||
set -e
|
set -e
|
||||||
@ -34,11 +33,28 @@ sh configure $configure_args --with-kerberos5=/usr
|
|||||||
mv config.log config.log.kerberos5
|
mv config.log config.log.kerberos5
|
||||||
mv config.h config.h.kerberos5
|
mv config.h config.h.kerberos5
|
||||||
|
|
||||||
# Generate config.h without krb5
|
# Generate config.h with built-in security key support
|
||||||
sh configure $configure_args --without-kerberos5
|
#
|
||||||
|
# We install libcbor and libfido2 as PRIVATELIB, so the headers are not
|
||||||
|
# available for configure - add their paths via CFLAGS as a slight hack.
|
||||||
|
# configure.ac is also patched to specify -lprivatecbor and -lprivatefido2
|
||||||
|
# rather than -lcbor and -lfido2.
|
||||||
|
export CFLAGS="-I$openssh/../../contrib/libcbor/src -I$openssh/../../contrib/libfido2/src"
|
||||||
|
sh configure $configure_args --with-security-key-builtin
|
||||||
|
unset CFLAGS
|
||||||
|
mv config.log config.log.sk-builtin
|
||||||
|
mv config.h config.h.sk-builtin
|
||||||
|
|
||||||
|
# Generate config.h without krb5 or SK support
|
||||||
|
sh configure $configure_args --without-kerberos5 --without-security-key-builtin
|
||||||
|
|
||||||
# Extract the difference
|
# Extract the difference
|
||||||
echo '/* $Free''BSD$ */' > krb5_config.h
|
echo '/* $Free''BSD$ */' > krb5_config.h
|
||||||
diff -u config.h.kerberos5 config.h |
|
diff -u config.h.kerberos5 config.h |
|
||||||
sed -n '/^-#define/s/^-//p' |
|
sed -n '/^-#define/s/^-//p' |
|
||||||
grep -Ff /dev/stdin config.h.kerberos5 >> krb5_config.h
|
grep -Ff /dev/stdin config.h.kerberos5 >> krb5_config.h
|
||||||
|
|
||||||
|
# Extract the difference - SK
|
||||||
|
diff -u config.h.sk-builtin config.h |
|
||||||
|
sed -n '/^-#define/s/^-//p' |
|
||||||
|
grep -Ff /dev/stdin config.h.sk-builtin > sk_config.h
|
||||||
|
Loading…
Reference in New Issue
Block a user