Apple and OpenSSH modified source code

I encountered a problem with the ssh-add command on macOS. Since OpenSSH is a Free Software project I had a look at the Open Source at Apple page and I found the source code for ssh provided by Apple in macOS Tahoe 26 at Releases.

Source code

The source code is available in the github repository: apple-oss-distributions/OpenSSH.

Very well. An Xcode project is also inlcuded. It should be a breeze to rebuild the command I need and debug it.

Rebuild

When compiling, I get the following error:

error: unable to find sdk 'macosx.internal' (in target 'ssh' from project 'OpenSSH')

This is because the configured SDK (SDKROOT) is set to macosx.internal. See https://github.com/apple-oss-distributions/OpenSSH/blob/OpenSSH-354.0.3/xcconfigs/base.xcconfig#L9.

//  Copyright © 2023 Apple Inc. All rights reserved.
//
//  NOTE: We use MixedCase for user-defined settings.

PRODUCT_NAME = $(TARGET_NAME)
PRODUCT_MODULE_NAME = $(TARGET_NAME:identifier)
PRODUCT_BUNDLE_IDENTIFIER = com.apple.$(TARGET_NAME:rfc1034identifier)

SDKROOT = macosx.internal
MACOSX_DEPLOYMENT_TARGET = 14.0
[...]

Of course I don't have this internal SDK.

OK. I can try using the default SDK (while searching for "macosx.internal", I found a tool that does just that: fix-macos-internal-sdk). But now I get the following error:

.../OpenSSH/sshd-keygen-wrapper/SystemProperties.swift:3:8: error: Unable to find module dependency: 'DarwinPrivate'
import DarwinPrivate.os.variant
           ^ (in target 'sshd-keygen-wrapper' from project 'OpenSSH')
.../OpenSSH/sshd-keygen-wrapper/SystemProperties.swift:3:8: note: A dependency of main module 'sshd_keygen_wrapper'
import DarwinPrivate.os.variant
           ^ (in target 'sshd-keygen-wrapper' from project 'OpenSSH')

Unsurprisingly, some dependencies are now missing. DarwinPrivate is required.

Of course, I don't have the DarwinPrivate package used here https://github.com/apple-oss-distributions/OpenSSH/blob/OpenSSH-354.0.3/sshd-keygen-wrapper/SystemProperties.swift#L3.

import IOKit
import System
import DarwinPrivate.os.variant

protocol SystemPropertiesStrategy {
[...]

Other packages are also required and missing:

import AppleKeyStore
import CoreAnalytics
import Foundation
import System

struct SSHDWrapper {
[...]

Another option

Rebuilding OpenSSH as provided by Apple is not working. However, it is possible is to try rebuilding OpenSSH from its upstream source code i.e. OpenSSH Portable Release.

This is what I did. I managed to compile OpenSSH Portable (very easily) and debug my problem (we'll come back to that later).

Conclusion

The source code of the modified OpenSSH is provided by Apple. But you cannot recompile it without components that are internal (to my knowledge) to Apple and, of course, not provided by Apple.

This may be the difference between Open Source and Free Software.

Outdated and broken PC/SC drivers with pcsc-lite 2.4.0

Since pcsc-lite 2.4.0 and the fact that pcscd can now run as a normal user (see pcscd runs as pcscd user), the driver must configure the reader's device access rights. Otherwise, the pcscd process will not be able to use the device.

Unmaintained drivers

Some older, unmaintained drivers will no longer work with pcscd. I have requested their removal from Debian unstable.

They are:

I am the Debian maintainer of these packages, so it is my responsibility to open tickets to remove the packages.

I also filed a release critical bug #1119081 on libgcr410 so that this driver will not be included in the next version of Debian (unless the issue is fixed).

Old hardware

These drivers are intended for very old serial smart card readers (who still has a serial port on their computer?) or USB readers from the last century.

The advantage of Free Software is that if someone still has such a device, they can obtain the source code of the driver (still available online), adapt it and use it.

Old software

There has been no new version of the asedriveiiie software since September 2010. The source code is no longer available from the publisher (a commecial company).

The ifd-gempc software is maintained upstream by me. The latest major version dates from April 2012 and was mostly compiler warnings fixes. The source code is still available at https://ifd-gempc.apdu.fr/.

The libgcr410 software was also written by me. I wrote it before ifd-gempc and I am surprised to see it packaged in Debian, as it should be replaced by ifd-gempc. The Debian package has been abandonned by its Debian maintainer since March 2008. More recent Debian versions have been produced by the Debian Quality Assurance (QA) team.

Popularity

I have already published an article on the popularity of Debian packages for smart cards in 2020 in Smart card Usage in Debian: pcscd and drivers.

With updated graphics, we now have:

  • asedriveiiie

Popularity contest statistics for asedriveiiie

  • ifd-gempc

Popularity contest statistics for ifd-gempc

  • libgcr410

Popularity contest statistics for libgcr410

Very few people still have these packages installed. And even fewer use them.

Changes required

I also filed the bug #39 "Set group to pcscd in the udev rules file" on the upstream acsccid driver.

This driver is a fork of my CCID driver and is still actively maintained. The problem should therefore be resolved in a new version.

Conclusion

I don't have enough free time to maintain software that is no longer in use.

I haven't used these drivers for at least 10 years. And I don't plan on using them in the future, because I discovered that I no longer have the smart card readers.

New version of PySCard: 2.3.1

I just released a new version of pyscard. PySCard is a Python module adding smart cards support (PC/SC) to Python.

The PySCard project is available at:

Changes:

2.3.1 (October 2025)

  • Add support of SWIG 4.4.0

  • Add support of Mac OS X Snow Leopard

  • Minor changes