Index: crypto/openssh/configure.ac =================================================================== --- crypto/openssh/configure.ac +++ crypto/openssh/configure.ac @@ -3263,16 +3263,16 @@ LIBFIDO2=`$PKGCONFIG --libs libfido2` CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libfido2`" else - LIBFIDO2="-lfido2 -lcbor" + LIBFIDO2="-lprivatefido2 -lprivatecbor" fi OTHERLIBS=`echo $LIBFIDO2 | sed 's/-lfido2//'` - AC_CHECK_LIB([fido2], [fido_init], + AC_CHECK_LIB([privatefido2], [fido_init], [ AC_SUBST([LIBFIDO2]) AC_DEFINE([ENABLE_SK_INTERNAL], [], [Enable for built-in U2F/FIDO support]) enable_sk="built-in" - ], [ AC_MSG_ERROR([no usable libfido2 found]) ], + ], [ AC_MSG_ERROR([no usable libprivatefido2 found]) ], [ $OTHERLIBS ] ) saved_LIBS="$LIBS" Index: crypto/openssh/freebsd-configure.sh =================================================================== --- crypto/openssh/freebsd-configure.sh +++ crypto/openssh/freebsd-configure.sh @@ -12,7 +12,6 @@ --with-libedit --with-ssl-engine --without-xauth - --without-security-key-builtin " set -e @@ -34,11 +33,22 @@ mv config.log config.log.kerberos5 mv config.h config.h.kerberos5 -# Generate config.h without krb5 -sh configure $configure_args --without-kerberos5 +# Generate config.h with built-in security key support +env CFLAGS="-I$openssh/../../contrib/libcbor/src -I$openssh/../../contrib/libfido2/src" \ + sh configure $configure_args --with-security-key-builtin +mv config.log config.log.sk-builtin +mv config.h config.h.sk-builtin + +# Generate config.h without krb5 or SK support +sh configure $configure_args --without-kerberos5 --without-security-key-builtin # Extract the difference echo '/* $Free''BSD$ */' > krb5_config.h diff -u config.h.kerberos5 config.h | sed -n '/^-#define/s/^-//p' | grep -Ff /dev/stdin config.h.kerberos5 >> krb5_config.h + +# Extract the difference - SK +diff -u config.h.sk-builtin config.h | + sed -n '/^-#define/s/^-//p' | + grep -Ff /dev/stdin config.h.sk-builtin > sk_config.h