checking pkcs11-helper-1.0/pkcs11h-core.h usability... yes checking pkcs11-helper-1.0/pkcs11h-core.h presence... yes checking for pkcs11-helper-1.0/pkcs11h-core.h... yes checking for pkcs11h_initialize in -lpkcs11-helper... no configure: error: PKCS11 support requires pkcs11-helper !!! Please attach the following file when seeking support: !!! /var/tmp/portage/net-misc/openssh-5.2_p1-r1/work/openssh-5.2p1/config.log * * ERROR: net-misc/openssh-5.2_p1-r1 failed. * Call stack: * ebuild.sh, line 49: Called src_compile * environment, line 3156: Called econf '--with-ldflags=-Wl,-O1 -static' '--disable-strip' '--sysconfdir=/etc/ssh' '--libexecdir=/usr/lib64/misc' '--datadir=/usr/share/openssh' '--with-privsep-path=/var/empty' '--with-privsep-user=sshd' '--with-md5-passwords' '--with-ssl-engine' '--without-kerberos5' '--with-libedit' '--with-pkcs11' '--without-selinux' '--without-skey' '--without-opensc' '--with-tcp-wrappers' '--without-pam' * ebuild.sh, line 543: Called die * The specific snippet of code: * die "econf failed" * The die message: * econf failed * * If you need support, post the topmost build error, and the call stack if relevant. * A complete build log is located at '/var/tmp/portage/net-misc/openssh-5.2_p1-r1/temp/build.log'. * The ebuild environment file is located at '/var/tmp/portage/net-misc/openssh-5.2_p1-r1/temp/environment'. * >>> Failed to emerge net-misc/openssh-5.2_p1-r1, Log file: >>> '/var/tmp/portage/net-misc/openssh-5.2_p1-r1/temp/build.log' * Messages for package net-misc/openssh-5.2_p1-r1: * Disabling pam support becuse of static flag * * ERROR: net-misc/openssh-5.2_p1-r1 failed. * Call stack: * ebuild.sh, line 49: Called src_compile * environment, line 3156: Called econf '--with-ldflags=-Wl,-O1 -static' '--disable-strip' '--sysconfdir=/etc/ssh' '--libexecdir=/usr/lib64/misc' '--datadir=/usr/share/openssh' '--with-privsep-path=/var/empty' '--with-privsep-user=sshd' '--with-md5-passwords' '--with-ssl-engine' '--without-kerberos5' '--with-libedit' '--with-pkcs11' '--without-selinux' '--without-skey' '--without-opensc' '--with-tcp-wrappers' '--without-pam' * ebuild.sh, line 543: Called die * The specific snippet of code: * die "econf failed" * The die message: * econf failed * * If you need support, post the topmost build error, and the call stack if relevant. * A complete build log is located at '/var/tmp/portage/net-misc/openssh-5.2_p1-r1/temp/build.log'. * The ebuild environment file is located at '/var/tmp/portage/net-misc/openssh-5.2_p1-r1/temp/environment'. * * GNU info directory index is up-to-date Reproducible: Always Steps to Reproduce: 1. emerge -v openssh 2. 3. configure:26651: checking pkcs11-helper-1.0/pkcs11h-core.h usability configure:26668: x86_64-pc-linux-gnu-gcc -c -march=athlon64 -msse3 -O3 -pipe -fomit-frame-pointer -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wno-pointer-sign -Wformat-security -fno-builtin-memset -fstack-protector-all -std=gnu99 conftest.c >&5 configure:26675: $? = 0 configure:26689: result: yes configure:26693: checking pkcs11-helper-1.0/pkcs11h-core.h presence configure:26708: x86_64-pc-linux-gnu-gcc -E conftest.c configure:26715: $? = 0 configure:26729: result: yes configure:26762: checking for pkcs11-helper-1.0/pkcs11h-core.h configure:26769: result: yes configure:26782: checking for pkcs11h_initialize in -lpkcs11-helper configure:26817: x86_64-pc-linux-gnu-gcc -o conftest -march=athlon64 -msse3 -O3 -pipe -fomit-frame-pointer -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wno-pointer-sign -Wformat-security -fno-builtin-memset -fstack-protector-all -std=gnu99 -Wl,-O1 -static -fstack-protector-all -Wl,-O1 -static conftest.c -lpkcs11-helper -lssl -lcrypto -ldl -lutil -lz -lnsl -lcrypt >&5 /usr/lib/gcc/x86_64-pc-linux-gnu/4.1.2/../../../../lib64/libpkcs11-helper.a(pkcs11h-core.o): In function `pkcs11h_addProvider': (.text+0x231e): warning: Using 'dlopen' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking /usr/lib/gcc/x86_64-pc-linux-gnu/4.1.2/../../../../lib64/libpkcs11-helper.a(pkcs11h-core.o): In function `pkcs11h_initialize': (.text+0x3ace): undefined reference to `pthread_atfork' /usr/lib/gcc/x86_64-pc-linux-gnu/4.1.2/../../../../lib64/libpkcs11-helper.a(pkcs11h-crypto.o): In function `__pkcs11h_crypto_nss_certificate_is_issuer': (.text+0xa8): undefined reference to `CERT_DecodeCertFromPackage' /usr/lib/gcc/x86_64-pc-linux-gnu/4.1.2/../../../../lib64/libpkcs11-helper.a(pkcs11h-crypto.o): In function `__pkcs11h_crypto_nss_certificate_is_issuer': (.text+0xbb): undefined reference to `CERT_DecodeCertFromPackage' /usr/lib/gcc/x86_64-pc-linux-gnu/4.1.2/../../../../lib64/libpkcs11-helper.a(pkcs11h-crypto.o): In function `__pkcs11h_crypto_nss_certificate_is_issuer': (.text+0xd8): undefined reference to `CERT_VerifySignedDataWithPublicKeyInfo' /usr/lib/gcc/x86_64-pc-linux-gnu/4.1.2/../../../../lib64/libpkcs11-helper.a(pkcs11h-crypto.o): In function `__pkcs11h_crypto_nss_certificate_is_issuer': (.text+0xe6): undefined reference to `CERT_DestroyCertificate' /usr/lib/gcc/x86_64-pc-linux-gnu/4.1.2/../../../../lib64/libpkcs11-helper.a(pkcs11h-crypto.o): In function `__pkcs11h_crypto_nss_certificate_is_issuer': (.text+0xee): undefined reference to `CERT_DestroyCertificate' /usr/lib/gcc/x86_64-pc-linux-gnu/4.1.2/../../../../lib64/libpkcs11-helper.a(pkcs11h-crypto.o): In function `__pkcs11h_crypto_nss_certificate_get_dn': (.text+0x17d): undefined reference to `CERT_DecodeCertFromPackage' /usr/lib/gcc/x86_64-pc-linux-gnu/4.1.2/../../../../lib64/libpkcs11-helper.a(pkcs11h-crypto.o): In function `__pkcs11h_crypto_nss_certificate_get_dn': (.text+0x19e): undefined reference to `CERT_DestroyCertificate' /usr/lib/gcc/x86_64-pc-linux-gnu/4.1.2/../../../../lib64/libpkcs11-helper.a(pkcs11h-crypto.o): In function `__pkcs11h_crypto_nss_certificate_get_expiration': (.text+0x267): undefined reference to `CERT_DecodeCertFromPackage' /usr/lib/gcc/x86_64-pc-linux-gnu/4.1.2/../../../../lib64/libpkcs11-helper.a(pkcs11h-crypto.o): In function `__pkcs11h_crypto_nss_certificate_get_expiration': (.text+0x281): undefined reference to `CERT_GetCertTimes' /usr/lib/gcc/x86_64-pc-linux-gnu/4.1.2/../../../../lib64/libpkcs11-helper.a(pkcs11h-crypto.o): In function `__pkcs11h_crypto_nss_certificate_get_expiration': (.text+0x28d): undefined reference to `CERT_DestroyCertificate' /usr/lib/gcc/x86_64-pc-linux-gnu/4.1.2/../../../../lib64/libpkcs11-helper.a(pkcs11h-crypto.o): In function `__pkcs11h_crypto_nss_uninitialize': (.text+0x3e5): undefined reference to `NSS_Shutdown' /usr/lib/gcc/x86_64-pc-linux-gnu/4.1.2/../../../../lib64/libpkcs11-helper.a(pkcs11h-crypto.o): In function `__pkcs11h_crypto_nss_initialize': (.text+0x405): undefined reference to `NSS_IsInitialized' /usr/lib/gcc/x86_64-pc-linux-gnu/4.1.2/../../../../lib64/libpkcs11-helper.a(pkcs11h-crypto.o): In function `__pkcs11h_crypto_nss_initialize': (.text+0x423): undefined reference to `NSS_NoDB_Init' /usr/lib/gcc/x86_64-pc-linux-gnu/4.1.2/../../../../lib64/libpkcs11-helper.a(pkcs11h-crypto.o): In function `__pkcs11h_crypto_gnutls_certificate_is_issuer': (.text+0x49e): undefined reference to `gnutls_x509_crt_init' /usr/lib/gcc/x86_64-pc-linux-gnu/4.1.2/../../../../lib64/libpkcs11-helper.a(pkcs11h-crypto.o): In function `__pkcs11h_crypto_gnutls_certificate_is_issuer': (.text+0x4bc): undefined reference to `gnutls_x509_crt_deinit' /usr/lib/gcc/x86_64-pc-linux-gnu/4.1.2/../../../../lib64/libpkcs11-helper.a(pkcs11h-crypto.o): In function `__pkcs11h_crypto_gnutls_certificate_is_issuer': (.text+0x4d4): undefined reference to `gnutls_x509_crt_deinit' /usr/lib/gcc/x86_64-pc-linux-gnu/4.1.2/../../../../lib64/libpkcs11-helper.a(pkcs11h-crypto.o): In function `__pkcs11h_crypto_gnutls_certificate_is_issuer': (.text+0x4fe): undefined reference to `gnutls_x509_crt_init' /usr/lib/gcc/x86_64-pc-linux-gnu/4.1.2/../../../../lib64/libpkcs11-helper.a(pkcs11h-crypto.o): In function `__pkcs11h_crypto_gnutls_certificate_is_issuer': (.text+0x527): undefined reference to `gnutls_x509_crt_import' seems like a few link flags are missing like -lpthread for the first
Created attachment 188823 [details] config.log Easy to reproduce... # emerge --info Portage 2.2_rc30 (default/linux/amd64/2008.0/desktop, gcc-4.3.3, glibc-2.8_p20080602-r1, 2.6.27.21 x86_64) ================================================================= System uname: Linux-2.6.27.21-x86_64-Quad-Core_AMD_Opteron-tm-_Processor_2380-with-gentoo-2.0.0 Timestamp of tree: Sat, 18 Apr 2009 17:45:01 +0000 app-shells/bash: 4.0_p17-r1 dev-java/java-config: 2.1.7 dev-lang/python: 2.6.1-r1 dev-util/cmake: 2.6.3-r1 sys-apps/baselayout: 2.0.0 sys-apps/openrc: 0.4.3-r2 sys-apps/sandbox: 1.9 sys-devel/autoconf: 2.13, 2.63-r1 sys-devel/automake: 1.5, 1.7.9-r1, 1.9.6-r2, 1.10.2 sys-devel/binutils: 2.19.1-r1 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.6a virtual/os-headers: 2.6.28-r1 ACCEPT_KEYWORDS="amd64 ~amd64" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=barcelona -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config /var/lib/hsqldb" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/init.d /etc/logrotate.d /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/udev/rules.d" CXXFLAGS="-march=barcelona -O2 -pipe" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS="--alphabetical --with-bdeps=y" FEATURES="collision-protect distlocks fixpackages parallel-fetch protect-owned sandbox sfperms strict unmerge-orphans userfetch userpriv usersandbox" GENTOO_MIRRORS="ftp://linux.rz.ruhr-uni-bochum.de/gentoo-mirror/ ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gentoo ftp://ftp.tu-clausthal.de/pub/linux/gentoo/ http://gentoo.oregonstate.edu http://www.ibiblio.org/pub/Linux/distributions/gentoo" LDFLAGS="-Wl,-O1,--hash-style=gnu,--sort-common,--as-needed" LINGUAS="de en" MAKEOPTS="-j7" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.de.gentoo.org/gentoo-portage" USE="3dnow 3dnowext X a52 aac acpi alsa amd64 berkdb branding bzip2 cairo cdda cdr cli cracklib crypt cups dri dvd dvdr dvdread emboss encode evo fam ffmpeg firefox flac gdbm gif gnutls gtk iconv idn isdnlog jpeg jpeg2k kde lame libnotify mad midi mikmod mmap mmx mmxext mp3 mp4 mpeg mudflap multilib ncurses nls nptl nptlonly nsplugin ogg opengl openmp pam pcre pdf png ppds pppd qt3 qt3support quicktime readline reflection sdl session slang spell spl sse sse2 ssl startup-notification svg sysfs theora threads tiff truetype usb vcd vorbis x264 xml xorg xulrunner xv xvid zlib" ALSA_CARDS="emu10k1 hda-intel" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LINGUAS="de en" USERLAND="GNU" VIDEO_CARDS="nv nvidia" Unset: CPPFLAGS, CTARGET, FFLAGS, INSTALL_MASK, LANG, LC_ALL, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Created attachment 188850 [details, diff] openssh-5.2_p1-r2.ebuild.diff Static and PKCS#11 is not possible as PKCS#11 provider is loaded dynamically. I also found that kerberos cannot be used with static... But the problem is that if one have kerberos in openssl USE openssh fails with static.
thanks, that method looks sane to me ... ive changed the style and such and committed it http://sources.gentoo.org/net-misc/openssh/openssh-5.2_p1-r2.ebuild?r1=1.7&r2=1.8