On Tue, Oct 24, 2006 at 12:19:59AM -0500, Manoj Srivastava wrote: > On Tue, 24 Oct 2006 06:36:34 +0200, Aurelien Jarno <[EMAIL PROTECTED]> said: > > > Manoj Srivastava a écrit : > >> Hi, > >> > >> I have created openssh packages with updated SELinux patches, this > >> brings us in line with the new SELinux release. The patch is > >> recorded in Bug#394795. The packages are available at: > .... > >> Please test these packages out. I would like to see the SELinux > >> updates enter Etch, and would be happy to do an NMU, if desired. > > > With your patch, sshd is unconditionally linked with > > libselinux. This breaks debian-installer on architectures using ssh > > for the installation, and also non-Linux architectures. > > No, it is not. The configure patch: > +# Check whether user wants SELinux support > +SELINUX_MSG="no" > +LIBSELINUX="" > +AC_ARG_WITH(selinux, > + [ --with-selinux[[=LIBSELINUX-PATH]] Enable SELinux support], > + [ if test "x$withval" != "xno" ; then > + if test "x$withval" != "xyes"; then > + CPPFLAGS="$CPPFLAGS -I${withval}/include" > + if test -n "${need_dash_r}"; then > + LDFLAGS="-L${withval}/lib -R${withval}/lib > ${LDFLAGS}" > + else > + LDFLAGS="-L${withval}/lib ${LDFLAGS}" > + fi > + fi > + AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux > support.]) > + SELINUX_MSG="yes" > + AC_CHECK_HEADERS(selinux.h) > + LIBSELINUX="-lselinux" > + fi > + ]) > +AC_SUBST(LIBSELINUX) > + > ensures that LIBSELINUX expands to -lselinux only on machines where > it is available, not otherwise. > > Unless you are saying that the configure.ac patch is broken, > in which case please supply a log of the regenerated configure script > showing that it fails. >
I don't say the configure.ac patch is broken, I say the patch as a whole is broken. After a few searches it seems the problem is in Makefile.in: [bode:/tmp/openssh-4.3p2]$ grep LIBSELINUX Makefile.in LIBSELINUX=-lselinux $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBSELINUX) $(LIBS) [bode:/tmp/openssh-4.3p2]$ I can confirm that the resulting udeb package is linked with libselinux, even if selinux support is disabled for the udeb pass: [anguille:/tmp/openssh]$ wget http://people.debian.org/~srivasta/packages/pool/o/openssh/openssh-server-udeb_4.3p2-5.1_i386.udeb --15:35:39-- http://people.debian.org/~srivasta/packages/pool/o/openssh/openssh-server-udeb_4.3p2-5.1_i386.udeb => `openssh-server-udeb_4.3p2-5.1_i386.udeb' Résolution de people.debian.org... 192.25.206.10 Connexion vers people.debian.org|192.25.206.10|:80...connecté. requête HTTP transmise, en attente de la réponse...200 OK Longueur: 160 022 (156K) [text/plain] 100%[====================================================================================================>] 160 022 183.79K/s 15:35:40 (183.36 KB/s) - « openssh-server-udeb_4.3p2-5.1_i386.udeb » sauvegardé [160022/160022] [anguille:/tmp/openssh]$ dpkg -x openssh-server-udeb_4.3p2-5.1_i386.udeb . [anguille:/tmp/openssh]$ ldd usr/sbin/sshd linux-gate.so.1 => (0xffffe000) libselinux.so.1 => /lib/libselinux.so.1 (0xa7ef0000) libresolv.so.2 => /lib/tls/i686/cmov/libresolv.so.2 (0xa7edd000) libcrypto.so.0.9.8 => /usr/lib/i686/cmov/libcrypto.so.0.9.8 (0xa7da2000) libutil.so.1 => /lib/tls/i686/cmov/libutil.so.1 (0xa7d9e000) libz.so.1 => /usr/lib/libz.so.1 (0xa7d8a000) libcrypt.so.1 => /lib/tls/i686/cmov/libcrypt.so.1 (0xa7d5c000) libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xa7c2b000) libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xa7c27000) libsepol.so.1 => /lib/libsepol.so.1 (0xa7be6000) /lib/ld-linux.so.2 (0xa7f24000) [anguille:/tmp/openssh]$ -- .''`. Aurelien Jarno | GPG: 1024D/F1BCDB73 : :' : Debian developer | Electrical Engineer `. `' [EMAIL PROTECTED] | [EMAIL PROTECTED] `- people.debian.org/~aurel32 | www.aurel32.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]