Page MenuHomeFreeBSD
Differential D51853

src.opts.mk: Do not allow WITHOUT_GSSAPI with MIT Kerberos
AbandonedPublic
Actions

Authored by ivy on Aug 9 2025, 10:54 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Oct 10, 6:15 AM
Unknown Object (File)
Fri, Oct 10, 6:15 AM
Unknown Object (File)
Fri, Oct 10, 12:34 AM
Unknown Object (File)
Sep 16 2025, 7:41 AM
Unknown Object (File)
Sep 15 2025, 8:25 AM
Unknown Object (File)
Sep 14 2025, 7:10 AM
Unknown Object (File)
Sep 11 2025, 4:22 PM
Unknown Object (File)
Sep 10 2025, 4:42 AM
View All 17 Files
Subscribers
bdrewery
des
emaste
imp

Details

Reviewers
des
Group Reviewers
krb5
Summary

With MIT krb5, there is no libgssapi at all, and libgssapi_krb5 is
a mandatory component of krb5. Specifying WITHOUT_GSSAPI in this
case doesn't make sense, so raise an error.

Once Heimdal is removed from the tree, we can remove WITHOUT_GSSAPI
entirely.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 66143
Build 63026: arc lint + arc unit

Event Timeline

ivy created this revision.Aug 9 2025, 10:54 PM
Herald added subscribers: emaste, imp, bdrewery. · View Herald TranscriptAug 9 2025, 10:54 PM
ivy requested review of this revision.Aug 9 2025, 10:54 PM
Harbormaster completed remote builds in B66143: Diff 160143.Aug 9 2025, 10:54 PM
des added a subscriber: des.Aug 10 2025, 12:52 AM

This won't work. The correct solution is to register GSSAPI as a dependent of MITKRB5.

You must also regenerate src.conf.5 and include it in your commit:

cd tools/build/options
sh makeman >../../../share/man/man5/src.conf.5
des requested changes to this revision.Aug 10 2025, 12:52 AM
This revision now requires changes to proceed.Aug 10 2025, 12:52 AM
ivy added a comment.Aug 10 2025, 1:10 AM
In D51853#1184714, @des wrote:

This won't work. The correct solution is to register GSSAPI as a dependent of MITKRB5.

if you mean adding it to the previous .for list, i'm not sure this is right: we should raise an error if the user tries to set WITHOUT_GSSAPI because it doesn't make sense to do that; silently accepting it will be confusing.

this did work when i tested it. could you elaborate on why it won't work?

des added a comment.Aug 10 2025, 1:23 AM
In D51853#1184725, @ivy wrote:
In D51853#1184714, @des wrote:

This won't work. The correct solution is to register GSSAPI as a dependent of MITKRB5.

if you mean adding it to the previous .for list, i'm not sure this is right: we should raise an error if the user tries to set WITHOUT_GSSAPI because it doesn't make sense to do that; silently accepting it will be confusing.

There are other option combinations that don't make sense either. We don't error out for any of them, we just silently fix them.

this did work when i tested it. could you elaborate on why it won't work?

It breaks makeman.

ivy added a comment.Aug 11 2025, 2:20 PM

closing in favour of D51859 which is a better fix

ivy abandoned this revision.Aug 11 2025, 2:20 PM

Revision Contents
Changeset List

PathSize
share/
mk/
8 lines
tools/
build/
options/
3 lines

Diff 160143

View Options

share/mk/src.opts.mk

Loading...
View Options

tools/build/options/WITHOUT_GSSAPI

Loading...