Details

Reviewers

imp
jhb
kib
michaelo
des
emaste
ivy

Commits

rG1876de606eb8: krb5: Expose missing symbols

Summary

Add symbols found in the port but not in base. This requires replacing
a shared libkrb5profile.so with libkrb5profile.a (with -fPIC so it can
be used by shared libraries). We do this by making libkrb5profile
INTERNALLIB.

Base currently has libkrb5profile in a shared library. The patch moves
those functions to the various "consumer" libraries as the port does.

Symbols that should be in the other libraries are in libkrb5profile.so.
This is causing some ports issues.

PR: 291695
Reported by: michaelo
MFC after: 2 weeks

Test Plan

Running here.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

cy created this revision.Dec 20 2025, 12:22 AM

Herald added subscribers: ivy, emaste, bdrewery. · View Herald TranscriptDec 20 2025, 12:22 AM

cy requested review of this revision.Dec 20 2025, 12:22 AM

Harbormaster completed remote builds in B69411: Diff 168466.Dec 20 2025, 12:22 AM

Just added this comment to the PR.

First, we must compare base with the port linked against openssl and without ldap.

Base currently has libkrb5profile in a shared library. The patch moves those functions to the various "consumer" libraries as the port does.

Can you pleas explain

how the list of missed symbols was obtained
why do we need the internallib for krb5profile now

UPDATING
36 ↗	(On Diff #168466)	I suspect we have tools/build/depend-cleanup.sh for such cleanup.
krb5/util/profile/Makefile
32
share/mk/src.libnames.mk
422	If thee were the dependencies for the non-internal lib, why they are no longer dependencies now?
tools/build/mk/OptionalObsoleteFiles.inc
3739	Why these symlinks no longer obsolete? I do not think that you install them after the patch.

Also the ports:misc/compat15x needs to be updated.

In D54323#1241416, @kib wrote:

Can you pleas explain

how the list of missed symbols was obtained

#!/bin/sh
# Dump dynamic symbol names only for .so symlinks from the krb5 package listing

BASE="/usr"   # change to /usr on FreeBSD base system
PORTS="/usr/local"   # change to /usr on FreeBSD base system
OUTBASE="./base-symbols"
OUTPORTS="./ports-symbols"
mkdir -p $OUTBASE $OUTPORTS

# Only the .so symlinks from the krb5 package manifest
SO_LINKS="
lib/libcom_err.so
lib/libgssapi_krb5.so
lib/libgssrpc.so
lib/libk5crypto.so
lib/libkadm5clnt.so
lib/libkadm5clnt_mit.so
lib/libkadm5srv.so
lib/libkadm5srv_mit.so
lib/libkdb5.so
lib/libkrad.so
lib/libkrb5.so
lib/libkrb5support.so
lib/libverto.so
lib/krb5/plugins/kdb/db2.so
lib/krb5/plugins/preauth/otp.so
lib/krb5/plugins/preauth/pkinit.so
lib/krb5/plugins/preauth/spake.so
lib/krb5/plugins/preauth/test.so
lib/krb5/plugins/tls/k5tls.so
"

for relpath in $SO_LINKS; do
        for I in base ports; do
                if [ $I = base ]; then
                        base=$BASE
                        outdir=$OUTBASE
                else
                        base=$PORTS
                        outdir=$OUTPORTS
                        unset suffix
                fi
                link="$base/$relpath"
                if [ -L "$link" ]; then
                        target=$(readlink -f "$link")
                else
                        target="$link"
                fi
                fname=$(basename "$link")
                outfile="$outdir/${fname}.symbols.txt"

                echo "Listing symbols for $link -> $target"
                # readelf --dyn-syms $target | sed 1,3d | awk '$7 != "UND" {print $8}' | sed 's/@@/@/' | sort | sed 's/@..*//'> $outfile
                if [ $I = base ]; then
                        target="/usr/lib/debug${target}.debug"
                fi
                nm -g $target | sed 's/^.................//' | awk '$1 ~ /[ABCDT]/ {print $2}' | sort -u > $outfile
        done
done

echo "Done. Symbol name listings in $OUTDIR"

Then, for each library,

diff base-symbols/libkadm5srv_mit.so.symbols.txt ports-symbols/libkadm5srv_mit.so.symbols.txt | awk '$1 == ">" {print "         " $2 ";"}' | sed '/_fini/d; /_init/d' | sort > /tmp/foo; wc -l /tmp/foo

The contents of /tmp/foo were then added to version.map.

why do we need the internallib for krb5profile now

Because symbols that should be in the other libraries are in libkrb5profile.so. This is causing some ports issues. See PR/291695.

In D54323#1241428, @kib wrote:

Also the ports:misc/compat15x needs to be updated.

I will look at that.

UPDATING
36 ↗	(On Diff #168466)	I agree. I'm not sure how to specify that yet.
krb5/util/profile/Makefile
32	I will fix that. Thanks.
share/mk/src.libnames.mk
422	I didn't think .a libaries should be specified here. I will fix that.
tools/build/mk/OptionalObsoleteFiles.inc
3739	Because they have been unconditionally removed in ObsoleteFiles.inc.

Added krb5/util/profile__L back in again. I have yet to test build.

Commit message updated.

Harbormaster completed remote builds in B69413: Diff 168470.Dec 20 2025, 2:50 PM

cy edited the summary of this revision. (Show Details)Dec 20 2025, 2:51 PM

cy edited the test plan for this revision. (Show Details)

cy added reviewers: emaste, ivy.

kib added inline comments.Dec 20 2025, 6:14 PM

tools/build/mk/OptionalObsoleteFiles.inc
3739	Right, and what have changed? The lib is private now.

des added inline comments.Dec 21 2025, 12:20 AM

UPDATING

36 ↗

(On Diff #168466)

Add this immediately above the moused entry:

# 20251219 # libkrb5profile is now internal
for libcompat in "" $ALL_libcompats; do
	dirprfx=${libcompat:+obj-lib${libcompat}}
	dir="${OBJTOP%/}/${dirprfx}"/krb5/util/profile
	if [ -L "${dir}"/libkrb5profile.so ]; then
		run rm -rfv "${dir}"
	fi
done

tools/build/mk/OptionalObsoleteFiles.inc

3739

Cy has replaced this conditional entry with an unconditional entry elsewhere.

cy added inline comments.Dec 21 2025, 2:05 AM

tools/build/mk/OptionalObsoleteFiles.inc
3739	The functions that were in libkrb5profile.so are now mostly in libkrb5.so with some (a few) in the other .so libraries. This makes base MIT KRB5 work and behave exactly as the port does.

cy added inline comments.Dec 21 2025, 4:11 AM

UPDATING
36 ↗	(On Diff #168466)	Thank you.
36 ↗	(On Diff #168466)	A rollback of a /usr/obj snapshot and incremental rebuild confirms this does the trick. Thank you again.

Are there any more comments before this is committed?

michaelo@, please comment re fixing the problem.

I am fine with that. Thank you for the hard work!

This revision is now accepted and ready to land.Jan 14 2026, 7:44 AM

Add symbols identified by Chris Inacio <inacio@andrew.cmu.edu> and
markj@.

This revision now requires review to proceed.Jan 17 2026, 5:57 AM

Herald added a subscriber: jrtc27. · View Herald TranscriptJan 17 2026, 5:57 AM

Harbormaster completed remote builds in B69941: Diff 169932.Jan 17 2026, 5:57 AM

Remove duplicate symbols.

Harbormaster completed remote builds in B69942: Diff 169933.Jan 17 2026, 6:08 AM

DSO bump.

Harbormaster completed remote builds in B69990: Diff 170064.Jan 19 2026, 5:06 PM

In D54323#1252001, @cy wrote:

DSO bump.

Why? This should be not needed, if you only add symbols.

Revert DSO bump.

Harbormaster completed remote builds in B69993: Diff 170067.Jan 19 2026, 5:45 PM

In D54323#1252026, @kib wrote:

In D54323#1252001, @cy wrote:

DSO bump.

Why? This should be not needed, if you only add symbols.

Thank you for setting this straight.

This revision was not accepted when it landed; it landed in state Needs Review.Jan 21 2026, 12:27 AM

Closed by commit rG1876de606eb8: krb5: Expose missing symbols (authored by cy). · Explain Why

This revision was automatically updated to reflect the committed changes.

cy added a commit: rG1876de606eb8: krb5: Expose missing symbols.

krb5: Expose missing symbolsClosedPublicActions

Details

Diff Detail

Event Timeline

Revision ContentsChangeset List

Diff 170166

ObsoleteFiles.inc

krb5/lib/apputils/Makefile

krb5/lib/crypto/Makefile

krb5/lib/crypto/version.map

krb5/lib/gssapi/Makefile

krb5/lib/gssapi/version.map

krb5/lib/kadm5clnt/Makefile

krb5/lib/kadm5clnt/version.map

krb5/lib/kadm5srv/Makefile

krb5/lib/kadm5srv/version.map

krb5/lib/kadmin_common/Makefile

krb5/lib/kdb/Makefile

krb5/lib/kdb/version.map

krb5/lib/kprop_util/Makefile

krb5/lib/krad/Makefile

krb5/lib/krad/version.map

krb5/lib/krb5/Makefile

krb5/lib/krb5/version.map

krb5/lib/rpc/Makefile

krb5/lib/rpc/version.map

krb5/libexec/kadmind/Makefile

krb5/libexec/kdc/Makefile

krb5/libexec/kprop/Makefile

krb5/libexec/kpropd/Makefile

krb5/libexec/kproplog/Makefile

krb5/plugins/audit/Makefile

krb5/plugins/k5tls/Makefile

krb5/plugins/kdb/db2/Makefile

krb5/plugins/kdb/db2/version.map

krb5/plugins/preauth/otp/Makefile

krb5/plugins/preauth/otp/version.map

krb5/plugins/preauth/pkinit/Makefile

krb5/plugins/preauth/pkinit/version.map

krb5/plugins/preauth/spake/Makefile

krb5/plugins/preauth/spake/version.map

krb5/plugins/preauth/test/Makefile

krb5/plugins/preauth/test/version.map

krb5/usr.bin/gss-client/Makefile

krb5/usr.bin/kadmin/Makefile

krb5/usr.bin/kdestroy/Makefile

krb5/usr.bin/kinit/Makefile

krb5/usr.bin/klist/Makefile

krb5/usr.bin/kpasswd/Makefile

krb5/usr.bin/ksu/Makefile

krb5/usr.bin/kswitch/Makefile

krb5/usr.bin/ktutil/Makefile

krb5/usr.bin/kvno/Makefile

krb5/usr.bin/sclient/Makefile

krb5/usr.bin/sim_client/Makefile

krb5/usr.sbin/gss-server/Makefile

krb5/usr.sbin/kadmin.local/Makefile

krb5/usr.sbin/kdb5_util/Makefile

krb5/usr.sbin/sim_server/Makefile

krb5/usr.sbin/sserver/Makefile

krb5/util/et/version.map

krb5/util/profile/Makefile

krb5/util/profile/version.map

krb5/util/support/version.map

krb5/util/verto/version.map

lib/libpam/modules/pam_krb5/Makefile

lib/libpam/modules/pam_ksu/Makefile

share/mk/src.libnames.mk

tools/build/depend-cleanup.sh

tools/build/mk/OptionalObsoleteFiles.inc

krb5: Expose missing symbols
ClosedPublic
Actions

Revision Contents
Changeset List