Paths

Table of Contentst

krb5: Expose missing symbols
Needs ReviewPublic
Actions

Authored by cy on Sat, Dec 20, 12:22 AM.

Details

Reviewers

imp
jhb
kib
michaelo
des
emaste
ivy

Summary

Add symbols found in the port but not in base. This requires replacing
a shared libkrb5profile.so with libkrb5profile.a (with -fPIC so it can
be used by shared libraries). We do this by making libkrb5profile
INTERNALLIB.

Base currently has libkrb5profile in a shared library. The patch moves
those functions to the various "consumer" libraries as the port does.

Symbols that should be in the other libraries are in libkrb5profile.so.
This is causing some ports issues.

PR: 291695
Reported by: michaelo
MFC after: 2 weeks

Test Plan

Running here.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 69413
Build 66296: arc lint + arc unit

Event Timeline

cy created this revision.Sat, Dec 20, 12:22 AM

Herald added subscribers: ivy, emaste, bdrewery. · View Herald TranscriptSat, Dec 20, 12:22 AM

cy requested review of this revision.Sat, Dec 20, 12:22 AM

Harbormaster completed remote builds in B69411: Diff 168466.Sat, Dec 20, 12:22 AM

Just added this comment to the PR.

First, we must compare base with the port linked against openssl and without ldap.

Base currently has libkrb5profile in a shared library. The patch moves those functions to the various "consumer" libraries as the port does.

Can you pleas explain

how the list of missed symbols was obtained
why do we need the internallib for krb5profile now

UPDATING
36	I suspect we have tools/build/depend-cleanup.sh for such cleanup.
krb5/util/profile/Makefile
32
share/mk/src.libnames.mk
422	If thee were the dependencies for the non-internal lib, why they are no longer dependencies now?
tools/build/mk/OptionalObsoleteFiles.inc
3740	Why these symlinks no longer obsolete? I do not think that you install them after the patch.

Also the ports:misc/compat15x needs to be updated.

In D54323#1241416, @kib wrote:

Can you pleas explain

how the list of missed symbols was obtained

#!/bin/sh
# Dump dynamic symbol names only for .so symlinks from the krb5 package listing

BASE="/usr"   # change to /usr on FreeBSD base system
PORTS="/usr/local"   # change to /usr on FreeBSD base system
OUTBASE="./base-symbols"
OUTPORTS="./ports-symbols"
mkdir -p $OUTBASE $OUTPORTS

# Only the .so symlinks from the krb5 package manifest
SO_LINKS="
lib/libcom_err.so
lib/libgssapi_krb5.so
lib/libgssrpc.so
lib/libk5crypto.so
lib/libkadm5clnt.so
lib/libkadm5clnt_mit.so
lib/libkadm5srv.so
lib/libkadm5srv_mit.so
lib/libkdb5.so
lib/libkrad.so
lib/libkrb5.so
lib/libkrb5support.so
lib/libverto.so
lib/krb5/plugins/kdb/db2.so
lib/krb5/plugins/preauth/otp.so
lib/krb5/plugins/preauth/pkinit.so
lib/krb5/plugins/preauth/spake.so
lib/krb5/plugins/preauth/test.so
lib/krb5/plugins/tls/k5tls.so
"

for relpath in $SO_LINKS; do
        for I in base ports; do
                if [ $I = base ]; then
                        base=$BASE
                        outdir=$OUTBASE
                else
                        base=$PORTS
                        outdir=$OUTPORTS
                        unset suffix
                fi
                link="$base/$relpath"
                if [ -L "$link" ]; then
                        target=$(readlink -f "$link")
                else
                        target="$link"
                fi
                fname=$(basename "$link")
                outfile="$outdir/${fname}.symbols.txt"

                echo "Listing symbols for $link -> $target"
                # readelf --dyn-syms $target | sed 1,3d | awk '$7 != "UND" {print $8}' | sed 's/@@/@/' | sort | sed 's/@..*//'> $outfile
                if [ $I = base ]; then
                        target="/usr/lib/debug${target}.debug"
                fi
                nm -g $target | sed 's/^.................//' | awk '$1 ~ /[ABCDT]/ {print $2}' | sort -u > $outfile
        done
done

echo "Done. Symbol name listings in $OUTDIR"

Then, for each library,

diff base-symbols/libkadm5srv_mit.so.symbols.txt ports-symbols/libkadm5srv_mit.so.symbols.txt | awk '$1 == ">" {print "         " $2 ";"}' | sed '/_fini/d; /_init/d' | sort > /tmp/foo; wc -l /tmp/foo

The contents of /tmp/foo were then added to version.map.

why do we need the internallib for krb5profile now

Because symbols that should be in the other libraries are in libkrb5profile.so. This is causing some ports issues. See PR/291695.

In D54323#1241428, @kib wrote:

Also the ports:misc/compat15x needs to be updated.

I will look at that.

UPDATING
36	I agree. I'm not sure how to specify that yet.
krb5/util/profile/Makefile
32	I will fix that. Thanks.
share/mk/src.libnames.mk
422	I didn't think .a libaries should be specified here. I will fix that.
tools/build/mk/OptionalObsoleteFiles.inc
3740	Because they have been unconditionally removed in ObsoleteFiles.inc.

Added krb5/util/profile__L back in again. I have yet to test build.

Commit message updated.

Harbormaster completed remote builds in B69413: Diff 168470.Sat, Dec 20, 2:50 PM

cy edited the summary of this revision. (Show Details)Sat, Dec 20, 2:51 PM

cy edited the test plan for this revision. (Show Details)

cy added reviewers: emaste, ivy.

kib added inline comments.Sat, Dec 20, 6:14 PM

tools/build/mk/OptionalObsoleteFiles.inc
3740	Right, and what have changed? The lib is private now.

des added inline comments.Sun, Dec 21, 12:20 AM

UPDATING

Add this immediately above the moused entry:

# 20251219 # libkrb5profile is now internal
for libcompat in "" $ALL_libcompats; do
	dirprfx=${libcompat:+obj-lib${libcompat}}
	dir="${OBJTOP%/}/${dirprfx}"/krb5/util/profile
	if [ -L "${dir}"/libkrb5profile.so ]; then
		run rm -rfv "${dir}"
	fi
done

tools/build/mk/OptionalObsoleteFiles.inc

3740

Cy has replaced this conditional entry with an unconditional entry elsewhere.

cy added inline comments.Sun, Dec 21, 2:05 AM

tools/build/mk/OptionalObsoleteFiles.inc
3740	The functions that were in libkrb5profile.so are now mostly in libkrb5.so with some (a few) in the other .so libraries. This makes base MIT KRB5 work and behave exactly as the port does.