On Wed, 2013-09-11 at 17:00 +0200, Dag-Erling Smørgrav wrote: > OpenSSH in FreeBSD 10 is now built with DNSSEC support, unless you > disable LDNS in src.conf. If DNSSEC is enabled, the default setting for > VerifyHostKeyDNS is "yes". This means that OpenSSH will silently trust > DNSSEC-signed SSHFP records. I consider this a lesser evil than "ask" > (aka "train the user to type 'yes' and hit enter") and "no" (aka "train > the user to type 'yes' and hit enter without even the benefit of a > second opinion"). > > DES I just ran into a build error related to this: --- libssh.so.5 --- building shared library libssh.so.5 /local/build/staging/freebsd/wand/obj/arm.armv6/local/build/staging/freebsd/wand/src/tmp/usr/bin/ld: cannot find -lldns cc: error: linker command failed with exit code 1 (use -v to see invocation) *** [libssh.so.5] Error code 1 It only happens in one of my many build sandboxes, so I suspect it's related to the WITH/WITHOUT options in effect and perhaps also to the timing of parallel-build stuff. In the sandbox where it fails I have WITHOUT_KERBEROS and WITHOUT_PROFILE so I think that changes the timing of getting to the libssh build. I find that the attached patch fixes it for me. -- Ian
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:41 UTC