vanilla build of 7.7p1 release on linux/4.17 fails with gcc8 @ "/usr/bin/ld: unrecognized option '-Wl,-z,retpolineplt'"

PGNet Dev pgnet.dev at gmail.com
Fri Jun 8 10:52:27 AEST 2018 

On 6/7/18 5:37 PM, Darren Tucker wrote:
> One difference I notice is that in your failing example you are
> invoking /usr/bin/ld directly to link:
> 
>                 /usr/bin/ld -o ssh ssh.o readconf.o clientloop.o
> sshtty.o sshconnect.o sshconnect2.o mux.o -L. -Lopenbsd-compat/
> -Wl,-z,retpolineplt -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack
> -fstack-protector-strong -pie  -lssh -lopenbsd-compat  -lutil -lz
> -lcrypt -lresolv
> 
> whereas my example is invoking via gcc.

Subtle.  Nice catch.

> I assume you are explicitly setting the LD env var?

Yep, as part of usual env,

	env | grep LD=
		LD=/usr/bin/ld
	ls -al /usr/bin/ld
		lrwxrwxrwx 1 root root 20 Jun  7 05:00 /usr/bin/ld -> /etc/alternatives/ld*
	ls -al /etc/alternatives/ld
		lrwxrwxrwx 1 root root 15 Jun  7 10:16 /etc/alternatives/ld -> /usr/bin/ld.bfd*

> To narrow this down I suggest:
> a) take the failing link command line and delete -Wl, options other
> than retpoline and see if it will link at any point.  Perhaps the
> problem is the problem is occurs due to an interaction with other
> flags
> b) try using LD=gcc and see if it behaves any different (also, see if
> the list of options it detects is different).

'bingo!' it seems.

(1)

	make distclean
	unset LDFLAGS CFLAGS CXXFLAGS CPPFLAGS
	unset LD
	autoreconf -fiv
	./configure --without-openssl
	make V=1

no errors!  (warnings ...)

	./sshd --version
		unknown option -- -
		OpenSSH_7.7p1, without OpenSSL
		usage: sshd [-46DdeiqTt] [-C connection_spec] [-c host_cert_file]
	            [-E log_file] [-f config_file] [-g login_grace_time]
	            [-h host_key_file] [-o option] [-p port] [-u len]
	make install
	/usr/local/bin/ssh -V
		OpenSSH_7.7p1, without OpenSSL

(2) 

	make uninstall
	make distclean
	unset LDFLAGS CFLAGS CXXFLAGS CPPFLAGS
	export LD=gcc
	autoreconf -fiv
	./configure --without-openssl
	make V=1

again, no errors!  (warnings ...)

	./sshd --version
		unknown option -- -
		OpenSSH_7.7p1, without OpenSSL
		usage: sshd [-46DdeiqTt] [-C connection_spec] [-c host_cert_file]
	            [-E log_file] [-f config_file] [-g login_grace_time]
	            [-h host_key_file] [-o option] [-p port] [-u len]
	make install
	/usr/local/bin/ssh -V
		OpenSSH_7.7p1, without OpenSSL

So, there's a problem for OpenSSH build with spec'ing LD=/usr/bin/ld ?

Fwiw, I note that there's no "--with-gnu-ld" config option (&, I assume the code that goes with it) as found in numerous other packages' configure these days ...

What's *intended* re: openssh?  Support for LD=ld or only =gcc, or undef'd ?

More information about the openssh-unix-dev mailing list