On 6/7/18 5:37 PM, Darren Tucker wrote: > One difference I notice is that in your failing example you are > invoking /usr/bin/ld directly to link: > > /usr/bin/ld -o ssh ssh.o readconf.o clientloop.o > sshtty.o sshconnect.o sshconnect2.o mux.o -L. -Lopenbsd-compat/ > -Wl,-z,retpolineplt -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack > -fstack-protector-strong -pie -lssh -lopenbsd-compat -lutil -lz > -lcrypt -lresolv > > whereas my example is invoking via gcc. Subtle. Nice catch. > I assume you are explicitly setting the LD env var? Yep, as part of usual env, env | grep LD= LD=/usr/bin/ld ls -al /usr/bin/ld lrwxrwxrwx 1 root root 20 Jun 7 05:00 /usr/bin/ld -> /etc/alternatives/ld* ls -al /etc/alternatives/ld lrwxrwxrwx 1 root root 15 Jun 7 10:16 /etc/alternatives/ld -> /usr/bin/ld.bfd* > To narrow this down I suggest: > a) take the failing link command line and delete -Wl, options other > than retpoline and see if it will link at any point. Perhaps the > problem is the problem is occurs due to an interaction with other > flags > b) try using LD=gcc and see if it behaves any different (also, see if > the list of options it detects is different). 'bingo!' it seems. (1) make distclean unset LDFLAGS CFLAGS CXXFLAGS CPPFLAGS unset LD autoreconf -fiv ./configure --without-openssl make V=1 no errors! (warnings ...) ./sshd --version unknown option -- - OpenSSH_7.7p1, without OpenSSL usage: sshd [-46DdeiqTt] [-C connection_spec] [-c host_cert_file] [-E log_file] [-f config_file] [-g login_grace_time] [-h host_key_file] [-o option] [-p port] [-u len] make install /usr/local/bin/ssh -V OpenSSH_7.7p1, without OpenSSL (2) make uninstall make distclean unset LDFLAGS CFLAGS CXXFLAGS CPPFLAGS export LD=gcc autoreconf -fiv ./configure --without-openssl make V=1 again, no errors! (warnings ...) ./sshd --version unknown option -- - OpenSSH_7.7p1, without OpenSSL usage: sshd [-46DdeiqTt] [-C connection_spec] [-c host_cert_file] [-E log_file] [-f config_file] [-g login_grace_time] [-h host_key_file] [-o option] [-p port] [-u len] make install /usr/local/bin/ssh -V OpenSSH_7.7p1, without OpenSSL So, there's a problem for OpenSSH build with spec'ing LD=/usr/bin/ld ? Fwiw, I note that there's no "--with-gnu-ld" config option (&, I assume the code that goes with it) as found in numerous other packages' configure these days ... What's *intended* re: openssh? Support for LD=ld or only =gcc, or undef'd ? _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev