[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

ssh success



Hi,

after my last mail fell a bit on the negative side, I want to tell
about my successful compiling ("porting" for some value of porting
meaning really: "to hack into shape until it works somewhat") of
openssh. ssh is an important milestone for me, because it gives me the
ability to have the hurd run on another machine, accessing it
remotely, without having parnoid fits every few minutes.

So, here's the story for those interested:

openssl is needed. Compiling this was not much of a problem. "apt-get
source", pray it won't crash (see last mail), fix one invocation of
"dpkg --print-architecture" in the debian/rules, copy the build-flags
for debian-i386 to a new debian-hurd-i386 entry in "Configure", with
the only difference being that -DTERMIOS replaces -DTERMIO. Build and
install.

libwrap0-dev is needed. It exists, but installing raises a problem:

dpkg: regarding .../libwrap0-dev_7.6-5_hurd-i386.deb containing libwrap0-dev:
 libwrap0-dev conflicts with netbase (<< 3.16-1)
  inetutils provides netbase and is installed.
dpkg: error processing /var/cache/apt/archives/libwrap0-dev_7.6-5_hurd-i386.deb (--install):
 conflicting packages - not installing libwrap0-dev
Errors were encountered while processing:
 /var/cache/apt/archives/libwrap0-dev_7.6-5_hurd-i386.deb

Hmm, a versioned conflict matching an unversioned provides.
My Debian/Linux doesn't seem to have this problem. I did
--force-conflicts.

openssh itself needed several kludges: I replaced MAXHOSTNAME in a
couple of files with a "enough for everyone" value. Evil, but at the
time I lacked the docs to do it right.

The build process does not support not building the gnome password
requestor, so I had to fudge that. Of course, the resulting
ssh-askpass-gnome deb will be broken ...

While building/installing, the new ssh was called and wanted an
already installed /etc/ssh/ssh_prng_conf. I satisfied that by
prematurely copying the file over. I /think/ it just wants that to
generate a new hostkey in "make install", which is completely useless
anyway, so one could probably just prevent that.

The aforementioned /etc/ssh/ssh_prng_conf is a new conffile, so I
declared is as such. (It is not needed in the linux build, as linux
has /dev/random.)

pam is not used, so I took out the libpam-modules dependency.

That's it. "it works for me" proof-of-concept binary packages (openssl
and ssh) can be inspected at
<URL:http://pluto.tuwien.ac.at/~robbe/debian/hurd/>.
But they are neither signed, nor is the slightly modified source
there, so if you use them for anything needing security, you're insane.

I will start nagging the maintainers to include my changes, once I
have evolved them from bad kludges to proper hacks.

-- 
Robbe

Attachment: signature.ng
Description: PGP signature


Reply to: