Using -lssh as shared library

mouring at mouring at
Mon Oct 8 11:51:35 EST 2001

On Mon, 8 Oct 2001, Michael Tokarev wrote:

> I hacked source a bit, but not like this hack very well.
> What I did is created one extra file, ipv4or6.c, that
> contains definition of this variable, added it into
> list of objects for libssl, and changed actual declarations
> in ssh.c, sshd.c, ssh-keyscan.c and the like to be simple
> "extern int IPV4or6".  This allowed me to successefully
> use shared  I attached a patch named
> openssh-2.9.9p2-ipv4or6.diff, that does exactly this.

Hmm... This is wrong.   IPV4or6 variable should be in a header file, not a
C file.

> Next, some tweaking for Makefile was required.  libssh.a
> and libopenbsd-compat.a was "hardcoded" into link and dep
> lines in Makefile, so if there is no libopenbsd-compat
> (but it's contents is within -lssh), link will be funny.
> Second patch, openssh-2.9.9p2-ssh_libs.diff, introduces
> two make variables, SSH_LIBS="libopenbsd-compat.a libssl.a",
> for dependence lines, and SSH_LDFLAGS="-lssl -lopenbsd-compat",
> for link lines, and replaces hardcoded libssl.a etc with
> those 2 variables.
> Note that before the change, ssh-keyscan linked with -lssh
> twice:
>  $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
> Looking into -lssh and -lopenbsd-compat, I don't think it is
> necessary: there is no "back-references" from -lopenbsd-compat
> to -lssh.  The patch mentioned above fixes this too.

Incorrect.  bsd-arc4random.c refers to seed_rng()  which is part of
entropy.c.  Dynamic linking may remove this issue, but in our current
compile setup this hack is required.

> And one more issue/question at the end.  I noticied that *all*
> openssh programs linked with -lpam, -lwrap, -lutil and so on --
> libraries really needed for sshd *only*.  I can't say this is
> "bug", but looks somewhat inaccurate.  Looking into,
> it is relatively hard to "clean up" things.  3rd patch attached,
> openssh-2.9.9p2-libs.diff, an *alternative* to ssh_libs patch
> (both touches the same lines in, is an attempt to
> fix this too.  It is only first step into this direction, some
> more cleanups should be done (for example, there is no -lz needed
> for ssh-keygen, kerberos and s/key libs should be checked too and
> so on).

It would be nice to support this, but how much more work will it be to
maintain?  Right now it is pretty easy to maintain.  I think we need to
clean up before implementing this.

Too bad most linkers are brain damaged and don't strip unused dynamically
linked libraries.

- Ben

More information about the openssh-unix-dev mailing list