Blink: curl, scp, sftp, ctags command not found

ctags is normal (it was moved to extraCommandDictionary.plist, as it required more work and was not really useful).

The others are probably related to an issue I've already met: applications are stripped by default when they ship (all symbols are removed). As ios_system finds pointers to functions using dlsym(), that fails.

2 solutions :

• prevent symbol stripping (that's an option when shipping). Stripping is useful to prevent reverse-engineering of the app, which is not really an issue for an open-source app like blink.
• stick to the standard version of curl/scp/sftp, that does not use the keys generated by blink.

To be clear: that's an issue that only happens on the shipped (test flight) version, not on the sideloaded versions.

Alright, we have a winner! Thanks for the report @goerz. I will release again without the symbol stripping and fixing the typo on Nicholas name ;)

@holzschu I've tried a few things already to strip the symbols but I can't seem to find the perfect Xcode incantation. Any ideas? Thanks!

Hi @carloscabanero, actually, you want to prevent Xcode from stripping the symbols.
Something like STRIP_STYLE = "non-global"; in the Deployment section?

Sorry, that’s what I meant. Tried that but no luck :(

And STRIP_INSTALLED_PRODUCT = "No";?

Hi @holzschu,
You replace only curl with curl_main_static.
Am I right, that scp should be replaced too?

scp, sftp both point to curl() (and the actual behaviour depends on argv[0]).

The code in replaceCommand() replaces all functions that were pointing to the same function as curl by pointers to curl_main_static (that's the third argument, true). So after the call to replace command, scp and sftp also point to curl_main_static.

Thanks!

The commands are there now, but how does authentication work? It's clearly not using Blink's keys:

curl: (67) Authentication failure

Do I have to set up an additional .ssh folder with private keys, or something like that?

Question: are these the blink-based versions of curl/scp/sftp or the standard versions? I've placed a safety in ios_system which avoids calling replaceCommand if the commands are not available.

Blink do not store actual keys in file system. It is only stores ids for keys in 'keys' file. Actual keys are stored in keychain.
We need to patch curl_ios_static or temporary (or permanently) copy keys to ~/.ssh.

@holzschu
We use tagged version of code (v2.0). So no fallback code is there. (as well as new commands)

Also got it working in release scheme if we set curl_ios_static and blink stip style to Non-Global Symbols

Glad to see you got it working.

curl_ios_static is already patched to access keys using Blinkshell code. That's the reason why it had to be static. See curl_ios_static.xcodeproj/lib/ssh.c, under the #ifdef BLINKSHELL, especially lines 850 to 892.

So if Blink calls curl_ios_static, then it uses the keys stored and defined by Blinkshell. I just tried that with sideloading, and it works (I removed the .ssh folder to be sure that there was only the keys in the keychain).

Ok, I found out what is wrong.
In order to scp to work properly host and hostName should be the same...
In my case host=apple and hostName=<ip> - doesn't work. If I set host=<realdomain> and hostName=<realmdomain> scp work.

Oh. Of course!
That sounds like something that can be patched.
Looking at my code, line734:

        // Extract private key, username, etc associated with this host:
        // This won't work, we've used conn->host.name several times before

It looks like I saw the problem, but did not fix it (it was a long time ago). For the connection, we use the host name provided by Blink. But earlier (when checking the known_host file) we used what was put on the command line.

I think I see a solution, in parseurlandfillconn() in url.c. Trying a patch.

@holzschu quick quesion.

How can we support something like /etc/hosts ?
working ping <host> would be nice to have

Hi @yury,

• I've pushed a patch to curl_ios_static that gets the user / hostname from the Blink configuration, early on, and the public / private key later. Changes are in url.c, lines 4645 - 4655 and in ssh.c line 732 (no need to extract the user / host a second time).

• for your quick question: I think what you have in mind is to type ping Apple and it translates into ping <ip>, using the information from your Blinkshell config. Let me check.

Hi @yury,
reporting: ping uses gethostbyname2(); the other network commands use their own version, querying the nameservers directly. I see no easy way to change /etc/hosts to something else (the FreeBSD version of gethostbyname2() has a configurable alias file. The iOS version does not).

It would probably be easier to parse the command inside Blink to detect the machine name (Apple) and replace it with the hostname.

Thanks @holzschu
Will try to switch to master and test.

Hi @holzschu,

something strange happening with stdout, stderr on ios_system/master.

If have to set stdout/stderr on linenoise. It didn't crashed before.

Easy to reproduce, just enter any command, press space and hit tab for completion. linenoise will try to use stderr to write bell, but it crashes.

Also, we started discord :) https://discord.gg/3ktm6WK
It's empty there, but still :)

Hi @yury,
I can't reproduce here, but that may be because I fixed that issue yesterday. The fix is in the repository but not in the release, I think.

Explanation: I introduced libc_replacement.c, which intercepts printf, write, etc. to make it easier to port new commands. But I forgot to check that thread_stdout is not NULL before writing to it. Commit f0088b1 of ios_system contains that fix.

Not sure what RTT label stands for so excuse my ignorance if it answers my question, however I am having what I believe to be this same issue. I’m getting curl: (67) Authentication Failure whenever trying to scp or sftp. When can we expect to see this fixed in an iOS update?

rtt - ready to test.

Have you added keys to that host to blink (config/keys)?

Yes

On Aug 11, 2018, at 10:13 AM, Yury Korolev notifications@github.com wrote:

rtt - ready to test.

Have you added keys to that host to blink (config/keys)?

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or mute the thread.