Build libsk-libfido2.so from OpenSSH-portable

libsk-libfido2_BUILD_FROM_OPENSSH.md

Tested on macOS Sonoma Developer beta 2 (23A5276g)

Build libsk-libfido2.so

Prerequisite

1. Download openssh-portable source code, install libcrypto, libfido2;
2. Configure openssh-portable build system by ./configure # [options].

Apply patch

Patch inworkaround-standalone-libsk.patch.

Build object files needed by libsk-libfido2.so

You may want to add -flto or other flags in CFLAGS:

1. make libssh.a CFLAGS="-O2 -fPIC"
2. make openbsd-compat/libopenbsd-compat.a CFLAGS="-O2 -fPIC"
3. make sk-usbhid.o CFLAGS="-O2 -DSK_STANDALONE -fPIC"

Link object files and generate libsk-libfido2.so

1. Export LDFLAGS, LIBFIDO2 and CC from previous generated Makefile;
2. echo $LIBFIDO2 | xargs ${CC} -shared openbsd-compat/libopenbsd-compat.a sk-usbhid.o libssh.a -O2 -fPIC -o libsk-libfido2.so. You may want to append other flags (for example, -Wl,-dead_strip,-exported_symbol,_sk_\* in macOS).

Don't forget to copy libsk-libfido2.so into /usr/local/lib.

workaround-standalone-libsk.patch

diff --git a/sk-usbhid.c b/sk-usbhid.c
index 7bb829aa..85c027a1 100644
--- a/sk-usbhid.c
+++ b/sk-usbhid.c
@@ -75,10 +75,10 @@
 #define FIDO_CRED_PROT_UV_OPTIONAL_WITH_ID 0
 #endif
 
+#include "misc.h"
 #ifndef SK_STANDALONE
 # include "log.h"
 # include "xmalloc.h"
-# include "misc.h"
 /*
  * If building as part of OpenSSH, then rename exported functions.
  * This must be done before including sk-api.h.

Linked: Yubico/libfido2#464 (comment)

Update 2024/Dec/2:

Make target for standalone sk-libfido has been added on commit ca0697a.

Clone repo from https://github.com/openssh/openssh-portable and configure openssh with --with-security-key-standalone to build a standalone sk-libfido2.dylib on macOS.

Thanks for the pointers. I ended up making a Homebrew formula for this in my own tap. I wouldn't necessarily recommend using it, but if you wanted to make your own package for this library it might be useful: https://github.com/ssmendon/homebrew-extras