Index: Mk/Scripts/qa.sh =================================================================== --- Mk/Scripts/qa.sh +++ Mk/Scripts/qa.sh @@ -96,6 +96,7 @@ baselibs() { local rc + local found_openssl [ "${PKGBASE}" = "pkg" -o "${PKGBASE}" = "pkg-devel" ] && return while read f; do case ${f} in @@ -107,12 +108,40 @@ err "Bad linking on ${f##* } please add USES=libedit" rc=1 ;; + *NEEDED*\[libcrypto.so.[67]]|*NEEDED*\[libssl.so.[67]]) + err "Bad linking on ${f##* } please add USES=ssl" + rc=1 + ;; + *NEEDED*\[libcrypto.so.*]|*NEEDED*\[libssl.so.*]) + found_openssl=1 + ;; + *NEEDED*\[libasn1.so.1[01]] | + *NEEDED*\[libcom_err.so.5] | + *NEEDED*\[libgssapi.so.10] | + *NEEDED*\[libhdb.so.1[01]] | + *NEEDED*\[libheimbase.so.11] | + *NEEDED*\[libheimntlm.so.1[01]] | + *NEEDED*\[libhx509.so.1[01]] | + *NEEDED*\[libkadm5clnt.so.1[01]] | + *NEEDED*\[libkadm5srv.so.10[1]] | + *NEEDED*\[libkdc.so.11] | + *NEEDED*\[libkrb5.so.1[01] |] + *NEEDED*\[libroken.so.1[01]] | + *NEEDED*\[libwind.so.11]) + err "Bad linking on ${f##* } please add USES=gssapi" + rc=1 + ;; esac done <<-EOF $(find ${STAGEDIR}${PREFIX}/bin ${STAGEDIR}${PREFIX}/sbin \ ${STAGEDIR}${PREFIX}/lib ${STAGEDIR}${PREFIX}/libexec \ -type f -exec readelf -d {} + 2>/dev/null) EOF + if [ -z "${USESSSL}" -a -n "${found_openssl}" ]; then + warn "you need USES=nssl" + elif [ -n "${USESSSL}" -a -z "${found_openssl}" ]; then + warn "you may not need USES=ssl" + fi return ${rc} } Index: Mk/Uses/gssapi.mk =================================================================== --- Mk/Uses/gssapi.mk +++ Mk/Uses/gssapi.mk @@ -4,11 +4,11 @@ # # Feature: gssapi # Usage: USES=gssapi or USES=gssapi:ARGS -# Valid ARGS: base (default, implicit), heimdal, mit. +# Valid ARGS: heimdal, mit (default). # "bootstrap" is a special prefix only for krb5 or heimdal ports. # ("bootstrap,mit") # flags is a special suffix to define CFLAGS, LDFLAGS, and LDADD. -# ("base,flags") +# ("mit,flags") # # MAINTAINER: hrs@FreeBSD.org # @@ -41,11 +41,7 @@ # A typical example: # # OPTIONS_SINGLE= GSSAPI -# OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE -# -# GSSAPI_BASE_USES= gssapi -# GSSAPI_BASE_CONFIGURE_ON= \ -# --with-gssapi=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS} +# OPTIONS_SINGLE_GSSAPI= GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE # # GSSAPI_HEIMDAL_USES=gssapi:heimdal # GSSAPI_HEIMDAL_CONFIGURE_ON= \ @@ -81,23 +77,11 @@ .undef _FIXUP_KRB5CONFIG .if empty(gssapi_ARGS) -gssapi_ARGS= base +gssapi_ARGS= mit .endif .for _A in ${gssapi_ARGS} _local:= ${_A} -.if ${_local} == "base" -HEIMDAL_HOME= /usr -GSSAPIBASEDIR= ${HEIMDAL_HOME} -GSSAPILIBDIR= ${GSSAPIBASEDIR}/lib -GSSAPIINCDIR= ${GSSAPIBASEDIR}/include -_HEADERS+= gssapi/gssapi.h gssapi/gssapi_krb5.h krb5.h -GSSAPICPPFLAGS= -I"${GSSAPIINCDIR}" -GSSAPILIBS= -lkrb5 -lgssapi -lgssapi_krb5 -GSSAPILDFLAGS= -L"${GSSAPILIBDIR}" -.if empty(OSREL:N9.3) -_FIXUP_KRB5CONFIG= yes -.endif -.elif ${_local} == "heimdal" +.if ${_local} == "heimdal" HEIMDAL_HOME?= ${LOCALBASE} GSSAPIBASEDIR= ${HEIMDAL_HOME} GSSAPILIBDIR= ${GSSAPIBASEDIR}/lib/heimdal Index: Mk/Uses/localbase.mk =================================================================== --- Mk/Uses/localbase.mk +++ Mk/Uses/localbase.mk @@ -14,7 +14,7 @@ CPPFLAGS+= -isystem ${LOCALBASE}/include CFLAGS+= -isystem ${LOCALBASE}/include CXXFLAGS+= -isystem ${LOCALBASE}/include -LDFLAGS+= -L${LOCALBASE}/lib +LDFLAGS+= -L${LOCALBASE}/lib -Wl,-rpath=${LOCALBASE}/lib -Wl,--enable-new-dtags # Use CONFIGURE_ENV instead of CMAKE_ARGS because devel/cmake itself also needs # this, and CMAKE_ARGS is not used when bootstrapping CMake. Index: Mk/Uses/ssl.mk =================================================================== --- /dev/null +++ Mk/Uses/ssl.mk @@ -0,0 +1,38 @@ +# $FreeBSD$ +# +.if !defined(_INCLUDE_USES_SSL_MK) +_INCLUDE_USES_SSL_MK= yes + +.include "${USESDIR}/localbase.mk" +.include "${PORTSDIR}/Mk/bsd.default-versions.mk" + +# If you add another SSL flavor, remember to add it to bsd.default-versions.mk. +.if ${SSL_DEFAULT} == libressl-devel +OPENSSL_SHLIBVER= 37 +OPENSSL_PORT= security/libressl-devel +.elif ${SSL_DEFAULT} == libressl +OPENSSL_SHLIBVER= 35 +OPENSSL_PORT= security/libressl +.else +OPENSSL_SHLIBVER= 8 +OPENSSL_PORT= security/openssl +.if exists(${LOCALBASE}/lib/libcrypto.so) && !exists(${LOCALBASE}/lib/libcrypto.so.${OPENSSL_SHLIBVER}) +.error You seem not to be using OpenSSL for your crypto. You must set \ + DEFAULT_VERSIONS+=ssl=libressl or libressl-devel in your make.conf +.endif +.endif + +LIB_DEPENDS+= libcrypto.so.${OPENSSL_SHLIBVER}:${PORTSDIR}/${OPENSSL_PORT} + +# Those are DEPRECATED but still here for compat reasons +OPENSSLBASE= ${LOCALBASE} +OPENSSLDIR?= ${OPENSSLBASE}/openssl +OPENSSLLIB= ${OPENSSLBASE}/lib +OPENSSLINC= ${OPENSSLBASE}/include + +MAKE_ENV+= OPENSSLBASE=${OPENSSLBASE} +MAKE_ENV+= OPENSSLDIR=${OPENSSLDIR} +MAKE_ENV+= OPENSSLINC=${OPENSSLINC} +MAKE_ENV+= OPENSSLLIB=${OPENSSLLIB} + +.endif Index: Mk/bsd.default-versions.mk =================================================================== --- Mk/bsd.default-versions.mk +++ Mk/bsd.default-versions.mk @@ -59,6 +59,8 @@ PYTHON3_DEFAULT?= 3.4 # Possible values: 2.0, 2.1, 2.2, 2.3 RUBY_DEFAULT?= 2.2 +# Possible values: openssl, libressl, libressl-devel +SSL_DEFAULT?= openssl # Possible values: 8.4, 8.5, 8.6 TCLTK_DEFAULT?= 8.6 Index: Mk/bsd.openssl.mk =================================================================== --- Mk/bsd.openssl.mk +++ /dev/null @@ -1,142 +0,0 @@ -# -# $FreeBSD$ -# bsd.openssl.mk - Support for OpenSSL based ports. -# -# Use of 'USE_OPENSSL=yes' includes this Makefile after bsd.ports.pre.mk -# -# The user/port can now set these options in the Makefiles. -# -# WITH_OPENSSL_BASE=yes - Use the version in the base system. -# WITH_OPENSSL_PORT=yes - Use the OpenSSL port, even if base is up to date. -# -# USE_OPENSSL_RPATH=yes - Pass RFLAGS options in CFLAGS, -# needed for ports who don't use LDFLAGS. -# -# Overrideable defaults: -# -# OPENSSL_SHLIBVER= 8 -# OPENSSL_PORT= security/openssl -# -# The Makefile sets these variables: -# OPENSSLBASE - "/usr" or ${LOCALBASE} -# OPENSSLDIR - path to openssl -# OPENSSLLIB - path to the libs -# OPENSSLINC - path to the matching includes -# OPENSSLRPATH - rpath for dynamic linker -# -# MAKE_ENV - extended with the variables above -# CONFIGURE_ENV - extended with LDFLAGS -# BUILD_DEPENDS - are added if needed -# RUN_DEPENDS - are added if needed - -OpenSSL_Include_MAINTAINER= dinoex@FreeBSD.org - -# If no preference was set, check for an installed base version -# but give an installed port preference over it. -.if !defined(WITH_OPENSSL_BASE) && \ - !defined(WITH_OPENSSL_PORT) && \ - !exists(${DESTDIR}/${LOCALBASE}/lib/libcrypto.so) && \ - exists(${DESTDIR}/usr/include/openssl/opensslv.h) -WITH_OPENSSL_BASE=yes -.endif - -.if defined(WITH_OPENSSL_BASE) -OPENSSLBASE= /usr -OPENSSLDIR?= /etc/ssl - -.if !exists(${DESTDIR}/usr/lib/libcrypto.so) -check-depends:: - @${ECHO_CMD} "Dependency error: This port requires the OpenSSL library, which is part of" - @${ECHO_CMD} "the FreeBSD crypto distribution, but not installed on your" - @${ECHO_CMD} "machine. Please see the \"OpenSSL\" section in the handbook" - @${ECHO_CMD} "(at \"http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/openssl.html\", for instance)" - @${ECHO_CMD} "for instructions on how to obtain and install the FreeBSD" - @${ECHO_CMD} "OpenSSL distribution." - @${FALSE} -.endif -.if exists(${LOCALBASE}/lib/libcrypto.so) -check-depends:: - @${ECHO_CMD} "Dependency error: This port wants the OpenSSL library from the FreeBSD" - @${ECHO_CMD} "base system. You can't build against it, while a newer" - @${ECHO_CMD} "version is installed by a port." - @${ECHO_CMD} "Please deinstall the port or undefine WITH_OPENSSL_BASE." - @${FALSE} -.endif - -# OpenSSL in the base system may not include IDEA for patent licensing reasons. -.if defined(MAKE_IDEA) && !defined(OPENSSL_IDEA) -OPENSSL_IDEA= ${MAKE_IDEA} -.else -OPENSSL_IDEA?= NO -.endif - -.if ${OPENSSL_IDEA} == "NO" -# XXX This is a hack to work around the fact that /etc/make.conf clobbers -# our CFLAGS. It might not be enough for all future ports. -.if defined(HAS_CONFIGURE) -CFLAGS+= -DNO_IDEA -.else -OPENSSL_CFLAGS+= -DNO_IDEA -.endif -MAKE_ARGS+= OPENSSL_CFLAGS="${OPENSSL_CFLAGS}" -.endif - -.else - -OPENSSLBASE= ${LOCALBASE} -.if !defined(OPENSSL_PORT) && \ - exists(${DESTDIR}/${LOCALBASE}/lib/libcrypto.so) -# find installed port and use it for dependency -.if !defined(OPENSSL_INSTALLED) -.if defined(DESTDIR) -PKGARGS= -c ${DESTDIR} -.else -PKGARGS= -.endif -OPENSSL_INSTALLED!= ${PKG_BIN} ${PKGARGS} which -qo ${LOCALBASE}/lib/libcrypto.so || : -.endif -.if defined(OPENSSL_INSTALLED) && ${OPENSSL_INSTALLED} != "" -OPENSSL_PORT= ${OPENSSL_INSTALLED} -OPENSSL_SHLIBFILE!= ${PKG_INFO} -ql ${OPENSSL_INSTALLED} | ${GREP} "^`${PKG_QUERY} "%p" ${OPENSSL_INSTALLED}`/lib/libcrypto.so.[0-9]*$$" -OPENSSL_SHLIBVER?= ${OPENSSL_SHLIBFILE:E} -.endif -.endif - -# LibreSSL specific SHLIBVER -.if defined(OPENSSL_PORT) && ${OPENSSL_PORT} == security/libressl -OPENSSL_SHLIBVER?= 35 -.elif defined(OPENSSL_PORT) && ${OPENSSL_PORT} == security/libressl-devel -OPENSSL_SHLIBVER?= 37 -.endif - -# default -OPENSSL_PORT?= security/openssl -OPENSSL_SHLIBVER?= 8 - -OPENSSLDIR?= ${OPENSSLBASE}/openssl -BUILD_DEPENDS+= ${LOCALBASE}/lib/libcrypto.so.${OPENSSL_SHLIBVER}:${OPENSSL_PORT} -RUN_DEPENDS+= ${LOCALBASE}/lib/libcrypto.so.${OPENSSL_SHLIBVER}:${OPENSSL_PORT} -OPENSSLRPATH= ${LOCALBASE}/lib - -.endif - -OPENSSLLIB= ${OPENSSLBASE}/lib -OPENSSLINC= ${OPENSSLBASE}/include - -MAKE_ENV+= OPENSSLBASE=${OPENSSLBASE} -MAKE_ENV+= OPENSSLDIR=${OPENSSLDIR} -MAKE_ENV+= OPENSSLINC=${OPENSSLINC} -MAKE_ENV+= OPENSSLLIB=${OPENSSLLIB} - -.if defined(OPENSSLRPATH) -.if defined(USE_OPENSSL_RPATH) -CFLAGS+= -Wl,-rpath,${OPENSSLRPATH} -.endif -MAKE_ENV+= OPENSSLRPATH=${OPENSSLRPATH} -OPENSSL_LDFLAGS+= -Wl,-rpath,${OPENSSLRPATH} -.endif - -LDFLAGS+= ${OPENSSL_LDFLAGS} - -### crypto -#RESTRICTED= "Contains cryptography." Index: Mk/bsd.port.mk =================================================================== --- Mk/bsd.port.mk +++ Mk/bsd.port.mk @@ -1352,7 +1352,7 @@ .endif .if defined(USE_OPENSSL) -.include "${PORTSDIR}/Mk/bsd.openssl.mk" +USES+= ssl .endif .if defined(USE_EMACS) @@ -1505,6 +1505,9 @@ "STRIP=${STRIP}" \ TMPPLIST=${TMPPLIST} \ PKGBASE=${PKGBASE} +.if !empty(USES:Mssl) +QA_ENV+= USESSSL=yes +.endif .if !empty(USES:Mdesktop-file-utils) QA_ENV+= USESDESKTOPFILEUTILS=yes .endif Index: Mk/bsd.sanity.mk =================================================================== --- Mk/bsd.sanity.mk +++ Mk/bsd.sanity.mk @@ -170,7 +170,7 @@ USE_PYTHON_PREFIX USE_BZIP2 USE_XZ USE_PGSQL NEED_ROOT \ UNIQUENAME LATEST_LINK SANITY_DEPRECATED= PYTHON_PKGNAMESUFFIX USE_AUTOTOOLS PLIST_DIRSTRY USE_SQLITE \ - USE_FIREBIRD + USE_FIREBIRD USE_OPENSSL SANITY_NOTNEEDED= WX_UNICODE USE_AUTOTOOLS_ALT= USES=autoreconf and GNU_CONFIGURE=yes @@ -211,6 +211,7 @@ PLIST_DIRSTRY_ALT= PLIST_DIRS USE_SQLITE_ALT= USES=sqlite USE_FIREBIRD_ALT= USES=firebird +USE_OPENSSL_ALT= USES=ssl .for a in ${SANITY_DEPRECATED} .if defined(${a}) Index: benchmarks/polygraph/Makefile =================================================================== --- benchmarks/polygraph/Makefile +++ benchmarks/polygraph/Makefile @@ -27,7 +27,7 @@ GNUPLOT_DESC= GNUPlot for full reporting functionality GNUPLOT_RUN_DEPENDS= gnuplot:math/gnuplot -GSSAPI_USES= gssapi:mit +GSSAPI_USES= gssapi GSSAPI_CONFIGURE_ON= --with-kerberos=${KRB5CONFIG} ${GSSAPI_CONFIGURE_ARGS} GSSAPI_CONFIGURE_OFF= --without-kerberos LDNS_DESC= DNS zone file support via libldns Index: databases/mariadb101-server/Makefile =================================================================== --- databases/mariadb101-server/Makefile +++ databases/mariadb101-server/Makefile @@ -35,8 +35,8 @@ OPTIONS_DEFINE= FASTMTX OPTIONS_SINGLE= GSSAPI -OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE -OPTIONS_DEFAULT= GSSAPI_BASE +OPTIONS_SINGLE_GSSAPI= GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE +OPTIONS_DEFAULT= GSSAPI_MIT FASTMTX_DESC= Replace mutexes with spinlocks @@ -58,7 +58,6 @@ TOKUDB_DESC= Fractal tree index tree data structure engine .endif -GSSAPI_BASE_USES= gssapi GSSAPI_HEIMDAL_USES= gssapi:heimdal GSSAPI_MIT_USES= gssapi:mit @@ -146,10 +145,6 @@ ${RM} ${STAGEDIR}/${PREFIX}/bin/maria_add_gis_sp.sql .endif # defined(CLIENT_ONLY) -.if defined(WITH_OPENSSL_PORT) -GSSAPI_BASE_IGNORE= BASE_GSSAPI is not compatible with OpenSSL from ports. Use other GSSAPI options or OpenSSL from base system -.endif - .include .if ${OPSYS} == DragonFly @@ -160,9 +155,6 @@ CMAKE_ARGS+= -DWITH_JEMALLOC="system" .else CMAKE_ARGS+= -DWITH_JEMALLOC="no" -.if ${PORT_OPTIONS:MGSSAPI_BASE} -IGNORE= requires a Kerberos implementation from ports on FreeBSD < 10. Select GSSAPI_HEIMDAL or GSSAPI_MIT option -.endif .endif post-patch: Index: databases/postgresql91-server/Makefile =================================================================== --- databases/postgresql91-server/Makefile +++ databases/postgresql91-server/Makefile @@ -181,6 +181,7 @@ .endif . if ${PORT_OPTIONS:MMIT_KRB5} +# Not sure this is right. . if defined(IGNORE_WITH_SRC_KRB5) && (exists(/usr/lib/libkrb5.so) || exists(/usr/bin/krb5-config)) IGNORE= requires that you remove heimdal's /usr/bin/krb5-config and /usr/lib/libkrb5.so*, and set NO_KERBEROS=true in /etc/src.conf to build successfully with MIT-KRB . else Index: databases/postgresql92-server/Makefile =================================================================== --- databases/postgresql92-server/Makefile +++ databases/postgresql92-server/Makefile @@ -182,6 +182,7 @@ .endif . if ${PORT_OPTIONS:MMIT_KRB5} +# Not sure this is right. . if defined(IGNORE_WITH_SRC_KRB5) && (exists(/usr/lib/libkrb5.so) || exists(/usr/bin/krb5-config)) IGNORE= requires that you remove heimdal's /usr/bin/krb5-config and /usr/lib/libkrb5.so*, and set NO_KERBEROS=true in /etc/src.conf to build successfully with MIT-KRB . else Index: devel/gnome-vfs/Makefile =================================================================== --- devel/gnome-vfs/Makefile +++ devel/gnome-vfs/Makefile @@ -49,6 +49,8 @@ USES+= fam .endif +# Does this mean it always has krb5 support but only uses it from ports if +# already there ? .if exists(${LOCALBASE}/lib/libkrb5.so) LIB_DEPENDS+= libkrb5.so:security/heimdal .endif Index: dns/bind9-devel/Makefile =================================================================== --- dns/bind9-devel/Makefile +++ dns/bind9-devel/Makefile @@ -61,7 +61,7 @@ OPTIONS_GROUP_DLZ= DLZ_POSTGRESQL DLZ_MYSQL DLZ_BDB \ DLZ_LDAP DLZ_FILESYSTEM DLZ_STUB OPTIONS_SINGLE= GSSAPI -OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE +OPTIONS_SINGLE_GSSAPI= GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE OPTIONS_SUB= yes @@ -95,7 +95,6 @@ DLZ_LDAP_DESC= DLZ LDAP driver DLZ_FILESYSTEM_DESC= DLZ filesystem driver DLZ_STUB_DESC= DLZ stub driver -GSSAPI_BASE_DESC= Using Heimdal in base GSSAPI_HEIMDAL_DESC= Using security/heimdal GSSAPI_MIT_DESC= Using security/krb5 GSSAPI_NONE_DESC= Disable @@ -162,9 +161,6 @@ START_LATE_SUB_LIST_OFF=NAMED_REQUIRE="NETWORKING ldconfig syslogd" \ NAMED_BEFORE="SERVERS" -GSSAPI_BASE_USES= gssapi -GSSAPI_BASE_CONFIGURE_ON= \ - --with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}" GSSAPI_HEIMDAL_USES= gssapi:heimdal GSSAPI_HEIMDAL_CONFIGURE_ON= \ --with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}" Index: dns/bind910/Makefile =================================================================== --- dns/bind910/Makefile +++ dns/bind910/Makefile @@ -77,7 +77,7 @@ DLZ_LDAP DLZ_FILESYSTEM DLZ_STUB .endif # BIND_TOOLS_SLAVE OPTIONS_SINGLE= GSSAPI -OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE +OPTIONS_SINGLE_GSSAPI= GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE OPTIONS_SUB= yes @@ -111,7 +111,6 @@ DLZ_LDAP_DESC= DLZ LDAP driver DLZ_FILESYSTEM_DESC= DLZ filesystem driver DLZ_STUB_DESC= DLZ stub driver -GSSAPI_BASE_DESC= Using Heimdal in base GSSAPI_HEIMDAL_DESC= Using security/heimdal GSSAPI_MIT_DESC= Using security/krb5 GSSAPI_NONE_DESC= Disable @@ -184,9 +183,6 @@ START_LATE_SUB_LIST_OFF=NAMED_REQUIRE="NETWORKING ldconfig syslogd" \ NAMED_BEFORE="SERVERS" -GSSAPI_BASE_USES= gssapi -GSSAPI_BASE_CONFIGURE_ON= \ - --with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}" GSSAPI_HEIMDAL_USES= gssapi:heimdal GSSAPI_HEIMDAL_CONFIGURE_ON= \ --with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}" Index: dns/bind99/Makefile =================================================================== --- dns/bind99/Makefile +++ dns/bind99/Makefile @@ -51,7 +51,7 @@ OPTIONS_GROUP_DLZ= DLZ_POSTGRESQL DLZ_MYSQL DLZ_BDB \ DLZ_LDAP DLZ_FILESYSTEM DLZ_STUB OPTIONS_SINGLE= GSSAPI -OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE +OPTIONS_SINGLE_GSSAPI= GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE OPTIONS_SUB= yes @@ -82,7 +82,6 @@ DLZ_LDAP_DESC= DLZ LDAP driver DLZ_FILESYSTEM_DESC= DLZ filesystem driver DLZ_STUB_DESC= DLZ stub driver -GSSAPI_BASE_DESC= ${GSSAPI_DESC} (Heimdal in base) GSSAPI_HEIMDAL_DESC= ${GSSAPI_DESC} (security/heimdal) GSSAPI_MIT_DESC= ${GSSAPI_DESC} (security/krb5) GSSAPI_NONE_DESC= No ${GSSAPI_DESC} @@ -146,9 +145,6 @@ START_LATE_SUB_LIST_OFF=NAMED_REQUIRE="NETWORKING ldconfig syslogd" \ NAMED_BEFORE="SERVERS" -GSSAPI_BASE_USES= gssapi -GSSAPI_BASE_CONFIGURE_ON= \ - --with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}" GSSAPI_HEIMDAL_USES= gssapi:heimdal GSSAPI_HEIMDAL_CONFIGURE_ON= \ --with-gssapi=${GSSAPIBASEDIR} KRB5CONFIG="${KRB5CONFIG}" Index: dns/samba-nsupdate/Makefile =================================================================== --- dns/samba-nsupdate/Makefile +++ dns/samba-nsupdate/Makefile @@ -57,8 +57,6 @@ CONFIGURE_ARGS+= --with-gssapi="${KRB5_HOME}" .elif defined(HEIMDAL_HOME) && exists(${HEIMDAL_HOME}/lib/libgssapi.so) CONFIGURE_ARGS+= --with-gssapi="${HEIMDAL_HOME}" -.elif exists(/usr/lib/libkrb5.so) && exists(/usr/bin/krb5-config) -CONFIGURE_ARGS+= --with-gssapi="/usr" .else LIB_DEPENDS+= libkrb5.so:security/heimdal CONFIGURE_ARGS+= --with-gssapi="${LOCALBASE}" Index: ftp/curl/Makefile =================================================================== --- ftp/curl/Makefile +++ ftp/curl/Makefile @@ -19,7 +19,7 @@ OPTIONS_SINGLE= GSSAPI OPTIONS_RADIO_RESOLV= CARES THREADED_RESOLVER OPTIONS_RADIO_SSL= GNUTLS NSS OPENSSL POLARSSL WOLFSSL -OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE +OPTIONS_SINGLE_GSSAPI= GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE OPTIONS_DEFAULT= CA_BUNDLE COOKIES IPV6 OPENSSL PROXY RESOLV THREADED_RESOLVER TLS_SRP CA_BUNDLE_DESC= Install CA bundle for OpenSSL CA_BUNDLE_IMPLIES= OPENSSL @@ -33,11 +33,7 @@ TLS_SRP_DESC= TLS-SRP (Secure Remote Password) support LOCALBASE?= /usr/local -.if defined(WITH_OPENSSL_PORT) || (!defined(WITH_OPENSSL_BASE) && exists(${LOCALBASE}/lib/libcrypto.so)) OPTIONS_DEFAULT+= GSSAPI_NONE -.else -OPTIONS_DEFAULT+= GSSAPI_BASE -.endif CONFIGURE_ARGS+=--disable-werror \ --enable-imap --enable-pop3 --enable-rtsp --enable-smtp \ @@ -81,11 +77,6 @@ DEBUG_CONFIGURE_ENABLE= debug GNUTLS_CONFIGURE_WITH= gnutls GNUTLS_LIB_DEPENDS= libgnutls.so:security/gnutls -GSSAPI_BASE_CONFIGURE_ON= --with-gssapi=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS} -GSSAPI_BASE_CPPFLAGS= ${GSSAPICPPFLAGS} -GSSAPI_BASE_LDFLAGS= ${GSSAPILDFLAGS} -GSSAPI_BASE_LIBS= ${GSSAPILIBS} -GSSAPI_BASE_USES= gssapi GSSAPI_HEIMDAL_CONFIGURE_ON= --with-gssapi=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS} GSSAPI_HEIMDAL_CPPFLAGS=${GSSAPICPPFLAGS} GSSAPI_HEIMDAL_LDFLAGS= ${GSSAPILDFLAGS} @@ -145,14 +136,7 @@ IGNORE= only supports LDAPS with SSL .endif -.if ${PORT_OPTIONS:MGSSAPI_BASE} && ${PORT_OPTIONS:MOPENSSL} && (defined(WITH_OPENSSL_PORT) || (!defined(WITH_OPENSSL_BASE) && exists(${LOCALBASE}/lib/libcrypto.so))) -IGNORE= GSSAPI_BASE is not compatible with OpenSSL from ports. Use other GSSAPI options or OpenSSL from base system -.endif - -.if defined(OPENSSL_PORT) && ${OPENSSL_PORT} == "security/libressl" -.if ${PORT_OPTIONS:MGSSAPI_BASE} && ${PORT_OPTIONS:MOPENSSL} -IGNORE= GSSAPI_BASE is not compatible with LibreSSL. Use other GSSAPI options -.endif +.if ${SSL_DEFAULT:Mlibressl*} .if ${PORT_OPTIONS:MTLS_SRP} IGNORE= unsupported TLS-SRP in LibreSSL .endif Index: mail/cyrus-imapd24/Makefile =================================================================== --- mail/cyrus-imapd24/Makefile +++ mail/cyrus-imapd24/Makefile @@ -82,13 +82,7 @@ OPTIONS_RADIO= GSSAPI OPTIONS_RADIO_GSSAPI= GSSAPI_HEIMDAL GSSAPI_MIT -.if exists(/usr/lib/libkrb5.a) -OPTIONS_RADIO_GSSAPI+= GSSAPI_BASE -OPTIONS_DEFAULT+= GSSAPI_BASE -.endif -GSSAPI_BASE_USES= gssapi -GSSAPI_BASE_CONFIGURE_ON= --enable-gssapi="${GSSAPIBASEDIR}" \ - --with-gss_impl=heimdal +OPTIONS_DEFAULT= GSSAPI_MIT GSSAPI_HEIMDAL_USES= gssapi:heimdal,flags GSSAPI_HEIMDAL_CONFIGURE_ON= --enable-gssapi="${GSSAPIBASEDIR}" \ --with-gss_impl=heimdal @@ -150,8 +144,7 @@ BDB_LIB_NAME= no .endif -.if !${PORT_OPTIONS:MGSSAPI_BASE} && !${PORT_OPTIONS:MGSSAPI_HEIMDAL} && \ - !${PORT_OPTIONS:MGSSAPI_MIT} +.if !${PORT_OPTIONS:MGSSAPI_HEIMDAL} && !${PORT_OPTIONS:MGSSAPI_MIT} CONFIGURE_ARGS+=--disable-gssapi .endif Index: mail/cyrus-imapd25/Makefile =================================================================== --- mail/cyrus-imapd25/Makefile +++ mail/cyrus-imapd25/Makefile @@ -94,15 +94,7 @@ OPTIONS_RADIO= GSSAPI OPTIONS_RADIO_GSSAPI= GSSAPI_HEIMDAL GSSAPI_MIT -.if exists(/usr/lib/libkrb5.a) -OPTIONS_RADIO_GSSAPI+= GSSAPI_BASE -.if ${OSMAJOR} >= 9 -OPTIONS_DEFAULT+= GSSAPI_BASE -.endif -.endif -GSSAPI_BASE_USES= gssapi -GSSAPI_BASE_CONFIGURE_ON= --enable-gssapi="${GSSAPIBASEDIR}" \ - --with-gss_impl=heimdal +OPTIONS_DEFAULT= GSSAPI_MIT GSSAPI_HEIMDAL_USES= gssapi:heimdal,flags GSSAPI_HEIMDAL_CONFIGURE_ON= --enable-gssapi="${GSSAPIBASEDIR}" \ --with-gss_impl=heimdal @@ -164,8 +156,7 @@ USES+= sqlite .endif -.if !${PORT_OPTIONS:MGSSAPI_BASE} && !${PORT_OPTIONS:MGSSAPI_HEIMDAL} && \ - !${PORT_OPTIONS:MGSSAPI_MIT} +.if !${PORT_OPTIONS:MGSSAPI_HEIMDAL} && !${PORT_OPTIONS:MGSSAPI_MIT} CONFIGURE_ARGS+=--disable-gssapi .endif Index: mail/dovecot2/Makefile =================================================================== --- mail/dovecot2/Makefile +++ mail/dovecot2/Makefile @@ -51,7 +51,7 @@ OPTIONS_GROUP_FTS= ICU LUCENE SOLR TEXTCAT OPTIONS_SINGLE= GSSAPI -OPTIONS_SINGLE_GSSAPI= GSSAPI_NONE GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT +OPTIONS_SINGLE_GSSAPI= GSSAPI_NONE GSSAPI_HEIMDAL GSSAPI_MIT KQUEUE_DESC= kqueue(2) support LZ4_DESC= LZ4 compression support @@ -67,7 +67,6 @@ TEXTCAT_DESC= Libtextcat FTS support GSSAPI_NONE_DESC= Build without GSSAPI support -GSSAPI_BASE_DESC= Use GSSAPI from base GSSAPI_HEIMDAL_DESC= Use Heimdal GSSAPI from security/heimdal GSSAPI_MIT_DESC= Use MIT GSSAPI from security/krb5 @@ -75,8 +74,6 @@ CDB_LIB_DEPENDS= libcdb.so:databases/tinycdb GSSAPI_NONE_CONFIGURE_ON= --without-gssapi -GSSAPI_BASE_USES= gssapi -GSSAPI_BASE_CONFIGURE_ON= --with-gssapi ${GSSAPI_CONFIGURE_ARGS} GSSAPI_HEIMDAL_USES= gssapi:heimdal GSSAPI_HEIMDAL_CONFIGURE_ON= --with-gssapi ${GSSAPI_CONFIGURE_ARGS} GSSAPI_MIT_USES= gssapi:mit Index: mail/mutt/Makefile =================================================================== --- mail/mutt/Makefile +++ mail/mutt/Makefile @@ -67,7 +67,7 @@ OPTIONS_SINGLE= GSSAPI SCREEN OPTIONS_RADIO= SPELL OPTIONS_RADIO_SPELL= ASPELL ISPELL -OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE +OPTIONS_SINGLE_GSSAPI= GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE OPTIONS_SINGLE_SCREEN= NCURSES SLANG COMPRESSED_FOLDERS_DESC= Compressed folders @@ -145,8 +145,6 @@ NLS_IMPLIES= ICONV # Handle GSSAPI from various places -GSSAPI_BASE_USES= gssapi -GSSAPI_BASE_CONFIGURE_ON= --with-gss=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS} GSSAPI_HEIMDAL_USES= gssapi:heimdal GSSAPI_HEIMDAL_CONFIGURE_ON= --with-gss=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS} GSSAPI_MIT_USES= gssapi:mit Index: mail/mutt14/Makefile =================================================================== --- mail/mutt14/Makefile +++ mail/mutt14/Makefile @@ -127,13 +127,8 @@ CFLAGS+= -I${NCURSESINC} .endif .if ${PORT_OPTIONS:MGSSAPI} -.if exists(${LOCALBASE}/bin/gss-client) LIB_DEPENDS+= libgssapi_krb5.so:security/krb5 CONFIGURE_ARGS+= --with-gss=${LOCALBASE} -.elif (defined(MAKE_KERBEROS5)) || exists(/usr/lib/libkrb5.a) -CONFIGURE_ARGS+= --with-gss -WITH_MUTT_KRB5_SYS=YES -.endif .endif post-patch: Index: mail/postfix-current/Makefile =================================================================== --- mail/postfix-current/Makefile +++ mail/postfix-current/Makefile @@ -53,6 +53,7 @@ MYSQL_USE= MYSQL=yes PCRE_LIB_DEPENDS= libpcre.so:devel/pcre PGSQL_USES= pgsql +# pretty sure here is missing a SASLKRB5_LIB_DEPENDS line SASLKMIT_LIB_DEPENDS= libkrb5.so:security/krb5 SASL_LIB_DEPENDS= libsasl2.so:security/cyrus-sasl2 SQLITE_USES= sqlite Index: mail/postfix/Makefile =================================================================== --- mail/postfix/Makefile +++ mail/postfix/Makefile @@ -54,6 +54,7 @@ MYSQL_USE= MYSQL=yes PCRE_LIB_DEPENDS= libpcre.so:devel/pcre PGSQL_USES= pgsql +# pretty sure here is missing a SASLKRB5_LIB_DEPENDS line SASLKMIT_LIB_DEPENDS= libkrb5.so:security/krb5 SASL_LIB_DEPENDS= libsasl2.so:security/cyrus-sasl2 SQLITE_USES= sqlite Index: mail/postfix211/Makefile =================================================================== --- mail/postfix211/Makefile +++ mail/postfix211/Makefile @@ -55,6 +55,7 @@ MYSQL_USE= MYSQL=yes PCRE_LIB_DEPENDS= libpcre.so:devel/pcre PGSQL_USES= pgsql +# pretty sure here is missing a SASLKRB5_LIB_DEPENDS line SASLKMIT_LIB_DEPENDS= libkrb5.so:security/krb5 SASL_LIB_DEPENDS= libsasl2.so:security/cyrus-sasl2 SPF_LIB_DEPENDS= libspf2.so:mail/libspf2 Index: net-im/zephyr/Makefile =================================================================== --- net-im/zephyr/Makefile +++ net-im/zephyr/Makefile @@ -42,6 +42,7 @@ .endif .else LIB_DEPENDS+= libss.so.2:devel/e2fsprogs-libss +# I think this is wrong. KRB5_DIR?= ${DESTDIR}/usr .endif Index: net-mgmt/net-snmp/Makefile =================================================================== --- net-mgmt/net-snmp/Makefile +++ net-mgmt/net-snmp/Makefile @@ -52,7 +52,7 @@ --with-logfile="${NET_SNMP_LOGFILE}" \ --with-persistent-directory="${NET_SNMP_PERSISTENTDIR}" \ --with-gnu-ld --with-libwrap \ - --with-ldflags="-lm -lkvm -ldevstat -L${PKG_PREFIX}/lib -L${LOCALBASE}/lib ${LCRYPTO}" + --with-ldflags="-lm -lkvm -ldevstat -L${PKG_PREFIX}/lib -L${LOCALBASE}/lib -lcrypto" SUB_FILES= pkg-message .if !defined(WITHOUT_SSP) @@ -210,12 +210,6 @@ .include -.if defined(WITH_OPENSSL_PORT) || defined(OPENSSL_PORT) -LCRYPTO= -lcrypto -.else -LCRYPTO= -.endif - pre-everything:: @${ECHO_MSG} @${ECHO_MSG} "You may use the following build options:" Index: net/freeradius2/Makefile =================================================================== --- net/freeradius2/Makefile +++ net/freeradius2/Makefile @@ -80,15 +80,14 @@ # Default requirements for rc script _REQUIRE= NETWORKING SERVERS -OPTIONS_DEFINE= USER KERBEROS HEIMDAL HEIMDAL_PORT LDAP MYSQL \ +OPTIONS_DEFINE= USER KERBEROS HEIMDAL LDAP MYSQL \ PGSQL UNIXODBC FIREBIRD PERL PYTHON OCI8 RUBY DHCP \ EXPERIMENTAL UDPFROMTO DEVELOPER EDIR SSL_PORT DOCS OPTIONS_DEFAULT=USER PERL PYTHON DHCP_DESC= With DHCP support (EXPERIMENTAL) USER_DESC= Run as user freeradius, group freeradius -HEIMDAL_DESC= With Heimdal Kerberos support -HEIMDAL_PORT_DESC= With Heimdal Kerberos from ports +HEIMDAL_DESC= With Heimdal Kerberos from ports UNIXODBC_DESC= With unixODBC database support FIREBIRD_DESC= With Firebird database support (EXPERIMENTAL) OCI8_DESC= With Oracle support (currently experimental) @@ -108,22 +107,14 @@ .if ${PORT_OPTIONS:MKERBEROS} || ${PORT_OPTIONS:MHEIMDAL} .if ${PORT_OPTIONS:MHEIMDAL} -.if ${PORT_OPTIONS:MHEIMDAL_PORT} LIB_DEPENDS+= libkrb5.so:security/heimdal -.endif CONFIGURE_ARGS+=--enable-heimdal-krb5 .else LIB_DEPENDS+= libkrb5support.so:security/krb5 .endif CONFIGURE_ARGS+=--with-rlm_krb5 -.if ${PORT_OPTIONS:MHEIMDAL} && empty(PORT_OPTIONS:MHEIMDAL_PORT) -CONFIGURE_ARGS+=--with-rlm-krb5-lib-dir=/usr/lib -CONFIGURE_ARGS+=--with-rlm-krb5-include-dir=/usr/include -CONFIGURE_ENV+= KRB5LIBS="$$(${KRB5_CONFIG})" -.else CONFIGURE_ARGS+=--with-rlm-krb5-lib-dir=${LOCALBASE}/lib CONFIGURE_ARGS+=--with-rlm-krb5-include-dir=${LOCALBASE}/include -.endif PLIST_SUB+= KRB5="" .else CONFIGURE_ARGS+=--without-rlm_krb5 @@ -315,13 +306,6 @@ @${REINPLACE_CMD} -E \ -e "s:^([[:space:]])+openssl:\1${OPENSSLBASE}/bin/openssl:g" \ ${WRKSRC}/raddb/certs/Makefile -# If we're using Heimdal from base, alter the LIBS variable -# XXX Should patch configure.in instead of configure because it is regenerated -.if ${PORT_OPTIONS:MHEIMDAL} && empty(PORT_OPTIONS:MHEIMDAL_PORT) - @${REINPLACE_CMD} -e 's|LIBS|KRB5LIBS|g' ${WRKSRC}/src/modules/rlm_krb5/configure - @${REINPLACE_CMD} -e 's|-lkrb5|$$(${KRB5_CONFIG})|g' \ - ${WRKSRC}/src/modules/rlm_krb5/configure -.endif # If DHCP is enabled, enable the DHCP dictionary .if ${PORT_OPTIONS:MDHCP} @${REINPLACE_CMD} -Ee 's:^#(.+ dictionary\.dhcp)$$:\1:g' \ Index: net/freeradius3/Makefile =================================================================== --- net/freeradius3/Makefile +++ net/freeradius3/Makefile @@ -41,15 +41,14 @@ PLIST_SUB= PORTVERSION=${DISTVERSION} LIBVER=0${PORTVERSION:C/\./0/g} OPTIONS_SUB= yes -OPTIONS_DEFINE= USER KERBEROS HEIMDAL HEIMDAL_PORT LDAP MYSQL \ +OPTIONS_DEFINE= USER KERBEROS HEIMDAL LDAP MYSQL \ PGSQL UNIXODBC FIREBIRD REDIS PYTHON RUBY \ EXPERIMENTAL UDPFROMTO DEVELOPER EDIR PERL REST \ FREETDS IDN SSL_PORT DOCS SQLITE3 OPTIONS_DEFAULT=USER PERL USER_DESC= Run as user freeradius, group freeradius -HEIMDAL_DESC= With Heimdal Kerberos support -HEIMDAL_PORT_DESC= With Heimdal Kerberos from ports +HEIMDAL_DESC= With Heimdal Kerberos from ports UNIXODBC_DESC= With unixODBC database support FIREBIRD_DESC= With Firebird database support (EXPERIMENTAL) EXPERIMENTAL_DESC= Build experimental modules @@ -82,22 +81,14 @@ .if ${PORT_OPTIONS:MKERBEROS} || ${PORT_OPTIONS:MHEIMDAL} .if ${PORT_OPTIONS:MHEIMDAL} -.if ${PORT_OPTIONS:MHEIMDAL_PORT} LIB_DEPENDS+= libkrb5.so:security/heimdal -.endif CONFIGURE_ARGS+=--enable-heimdal-krb5 --enable-pthread-support .else LIB_DEPENDS+= libkrb5support.so:security/krb5 .endif CONFIGURE_ARGS+=--with-rlm_krb5 -.if ${PORT_OPTIONS:MHEIMDAL} && empty(PORT_OPTIONS:MHEIMDAL_PORT) -CONFIGURE_ARGS+=--with-rlm-krb5-lib-dir=/usr/lib -CONFIGURE_ARGS+=--with-rlm-krb5-include-dir=/usr/include -CONFIGURE_ENV+= KRB5LIBS="$$(${KRB5_CONFIG})" -.else CONFIGURE_ARGS+=--with-rlm-krb5-lib-dir=${LOCALBASE}/lib CONFIGURE_ARGS+=--with-rlm-krb5-include-dir=${LOCALBASE}/include -.endif PLIST_SUB+= KRB5="" .else CONFIGURE_ARGS+=--without-rlm_krb5 @@ -355,12 +346,6 @@ @${REINPLACE_CMD} -Ee 's: ..R...sbindir./rc.radiusd : :' \ ${WRKSRC}/scripts/all.mk -# If we're using Heimdal from base, alter the LIBS variable -.if ${PORT_OPTIONS:MHEIMDAL} && empty(PORT_OPTIONS:MHEIMDAL_PORT) - @${REINPLACE_CMD} -e 's|LIBS|KRB5LIBS|g' ${WRKSRC}/src/modules/rlm_krb5/configure - @${REINPLACE_CMD} -e 's|-lkrb5|$$(${KRB5_CONFIG})|g' \ - ${WRKSRC}/src/modules/rlm_krb5/configure -.endif .if empty(PORT_OPTIONS:MRUBY) @${RM} -fr ${WRKSRC}/src/modules/rlm_ruby/ .endif Index: net/samba36/Makefile =================================================================== --- net/samba36/Makefile +++ net/samba36/Makefile @@ -120,7 +120,7 @@ MAX_DEBUG PAM_SMBPASS POPT PTHREADPOOL QUOTAS \ SMBTORTURE SWAT SYSLOG UTMP WINBIND OPTIONS_RADIO= GSSAPI -OPTIONS_RADIO_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE +OPTIONS_RADIO_GSSAPI= GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE OPTIONS_DEFAULT= ACL_SUPPORT AIO_SUPPORT CUPS LDAP POPT PTHREADPOOL \ WINBIND GSSAPI_NONE @@ -135,8 +135,6 @@ DNSUPDATE_DESC= Dynamic DNS update(require ADS) EXP_MODULES_DESC= Experimental modules -GSSAPI_BASE_DESC= Use Heimdal in base -GSSAPI_BASE_USES= gssapi GSSAPI_HEIMDAL_DESC= Use Heimdal from ports GSSAPI_HEIMDAL_USES= gssapi:heimdal,flags GSSAPI_MIT_DESC= Use MIT Kerberos V5 Index: net/wireshark/Makefile =================================================================== --- net/wireshark/Makefile +++ net/wireshark/Makefile @@ -61,16 +61,15 @@ OPTIONS_RADIO_ASYNCDNS= ADNS CARES OPTIONS_RADIO_GUI= GTK2 GTK3 QT5 -OPTIONS_SINGLE_KERBEROS=KRB_BASE KRB_HEIMDAL KRB_MIT KRB_NONE +OPTIONS_SINGLE_KERBEROS=KRB_HEIMDAL KRB_MIT KRB_NONE -OPTIONS_DEFAULT?= SNMP ADNS IPV6 GEOIP KRB_BASE GTK3 +OPTIONS_DEFAULT?= SNMP ADNS IPV6 GEOIP KRB_MIT GTK3 RTP_DESC= Enable support for playing back RTP streams DECRYPT_DESC= Decryption support for SSL and IPSec ASYNCDNS_DESC= Asynchronous DNS lookup support ADNS_DESC= Asynchronous DNS resolution via GNU adns KERBEROS_DESC= Kerberos dissection support -KRB_BASE_DESC= Kerberos support via base system KRB_HEIMDAL_DESC= Kerberos support via security/heimdal KRB_MIT_DESC= Kerberos support via security/krb5 KRB_NONE_DESC= Disable Kerberos support @@ -80,7 +79,6 @@ QT5_USE= QT5=core,gui,widgets,printsupport,buildtools_build LUA_USES= lua:5[1-2] -KRB_BASE_USES= gssapi KRB_HEIMDAL_USES= gssapi:heimdal KRB_MIT_USES= gssapi:mit @@ -132,11 +130,6 @@ PLIST_SUB+= GUI="" .endif -.if ${PORT_OPTIONS:MKRB_BASE} && exists(${LOCALBASE}/include/krb5.h) -IGNORE= cannot build with base Kerberos if krb5 port is installed. \ - Use ``make config'' to choose a different option -.endif - .if empty(PORT_OPTIONS:MGTK2) && empty(PORT_OPTIONS:MGTK3) && \ ${PORT_OPTIONS:MRTP} IGNORE= the RTP support requires GTK+ frontend Index: news/inn/Makefile =================================================================== --- news/inn/Makefile +++ news/inn/Makefile @@ -67,12 +67,8 @@ .endif .if ${PORT_OPTIONS:MKERBEROS} -. if exists(${LOCALBASE}/bin/krb5-config) LIB_DEPENDS+= libgssapi_krb5.so:security/krb5 CONFIGURE_ARGS+= --with-krb5=${LOCALBASE} -. else -CONFIGURE_ARGS+= --with-krb5=/usr -. endif CONFIGURE_ENV+= ac_cv_search_krb5_parse_name="-lcrypt -lcrypto -lkrb5 -lasn1 -lroken -lhx509" CONFIGURE_ENV+= ac_cv_func_krb5_init_ets=yes .else Index: security/cyrus-sasl2-gssapi/Makefile =================================================================== --- security/cyrus-sasl2-gssapi/Makefile +++ security/cyrus-sasl2-gssapi/Makefile @@ -6,11 +6,8 @@ COMMENT= SASL GSSAPI authentication plugin OPTIONS_SINGLE= GSSAPI -OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT -OPTIONS_DEFAULT= GSSAPI_BASE -GSSAPI_BASE_USES= gssapi:base -GSSAPI_BASE_CONFIGURE_ON= --enable-gssapi="${GSSAPIBASEDIR}" \ - --with-gss_impl=heimdal +OPTIONS_SINGLE_GSSAPI= GSSAPI_HEIMDAL GSSAPI_MIT +OPTIONS_DEFAULT= GSSAPI_MIT GSSAPI_HEIMDAL_USES= gssapi:heimdal,flags GSSAPI_HEIMDAL_CONFIGURE_ON= --enable-gssapi="${GSSAPIBASEDIR}" \ --with-gss_impl=heimdal Index: security/cyrus-sasl2-saslauthd/Makefile =================================================================== --- security/cyrus-sasl2-saslauthd/Makefile +++ security/cyrus-sasl2-saslauthd/Makefile @@ -17,7 +17,7 @@ OPTIONS_DEFINE= DOCS HTTPFORM OPENLDAP OPENLDAP_SASL OPTIONS_RADIO= GSSAPI SASLDB OPTIONS_RADIO_SASLDB= BDB1 BDB GDBM -OPTIONS_DEFAULT= BDB1 +OPTIONS_DEFAULT= BDB1 GSSAPI_MIT HTTPFORM_DESC= Enable HTTP form authentication HTTPFORM_CONFIGURE_ENABLE=httpform @@ -41,14 +41,7 @@ --with-dblib=gdbm \ --with-gdbm=${LOCALBASE} -.if exists(/usr/lib/libkrb5.a) -OPTIONS_RADIO_GSSAPI+= GSSAPI_BASE -OPTIONS_DEFAULT+= GSSAPI_BASE -.endif -OPTIONS_RADIO_GSSAPI+= GSSAPI_HEIMDAL GSSAPI_MIT -GSSAPI_BASE_USES= gssapi:base -GSSAPI_BASE_CONFIGURE_ON= --enable-gssapi="${GSSAPIBASEDIR}" \ - --with-gss_impl=heimdal +OPTIONS_RADIO_GSSAPI= GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_HEIMDAL_USES= gssapi:heimdal,flags GSSAPI_HEIMDAL_CONFIGURE_ON= --enable-gssapi="${GSSAPIBASEDIR}" \ --with-gss_impl=heimdal Index: security/openssh-portable/Makefile =================================================================== --- security/openssh-portable/Makefile +++ security/openssh-portable/Makefile @@ -31,7 +31,7 @@ OVERWRITE_BASE SCTP LDNS NONECIPHER OPTIONS_DEFAULT= LIBEDIT PAM TCP_WRAPPERS HPN LDNS OPTIONS_RADIO= KERBEROS -OPTIONS_RADIO_KERBEROS= MIT HEIMDAL HEIMDAL_BASE +OPTIONS_RADIO_KERBEROS= MIT HEIMDAL TCP_WRAPPERS_DESC= tcp_wrappers support BSM_DESC= OpenBSM Auditing KERB_GSSAPI_DESC= Kerberos/GSSAPI patch (req: GSSAPI) @@ -41,7 +41,6 @@ SCTP_DESC= SCTP support OVERWRITE_BASE_DESC= EOL, No longer supported. HEIMDAL_DESC= Heimdal Kerberos (security/heimdal) -HEIMDAL_BASE_DESC= Heimdal Kerberos (base) MIT_DESC= MIT Kerberos (security/krb5) NONECIPHER_DESC= NONE Cipher support @@ -138,28 +137,11 @@ .endif -.if ${PORT_OPTIONS:MHEIMDAL_BASE} && ${PORT_OPTIONS:MKERB_GSSAPI} -BROKEN= KERB_GSSAPI Requires either MIT or HEMIDAL, does not build with base Heimdal currently -.endif - -.if ${PORT_OPTIONS:MHEIMDAL_BASE} && !exists(/usr/lib/libkrb5.so) -IGNORE= you have selected HEIMDAL_BASE but do not have heimdal installed in base -.endif - -.if ${PORT_OPTIONS:MMIT} || ${PORT_OPTIONS:MHEIMDAL} || ${PORT_OPTIONS:MHEIMDAL_BASE} -. if ${PORT_OPTIONS:MHEIMDAL_BASE} -CONFIGURE_LIBS+= -lgssapi_krb5 -CONFIGURE_ARGS+= --with-kerberos5=/usr -. else +.if ${PORT_OPTIONS:MMIT} || ${PORT_OPTIONS:MHEIMDAL} CONFIGURE_ARGS+= --with-kerberos5=${LOCALBASE} -. endif -. if ${OPENSSLBASE} == "/usr" -CONFIGURE_ARGS+= --without-rpath -LDFLAGS= # empty -. endif .else . if ${PORT_OPTIONS:MKERB_GSSAPI} -IGNORE= KERB_GSSAPI requires one of MIT HEIMDAL or HEIMDAL_BASE +IGNORE= KERB_GSSAPI requires one of MIT or HEIMDAL . endif .endif Index: security/p5-Authen-Krb5-Simple/Makefile =================================================================== --- security/p5-Authen-Krb5-Simple/Makefile +++ security/p5-Authen-Krb5-Simple/Makefile @@ -14,11 +14,9 @@ CONFIGURE_ENV= GSSAPIBASEDIR="${GSSAPIBASEDIR}" OPTIONS_SINGLE= GSSAPI -OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT -OPTIONS_DEFAULT= GSSAPI_BASE +OPTIONS_SINGLE_GSSAPI= GSSAPI_HEIMDAL GSSAPI_MIT +OPTIONS_DEFAULT= GSSAPI_MIT -GSSAPI_BASE_USES= gssapi -GSSAPI_BASE_CONFIGURE_ENV= HAVE_HEIMDAL=1 GSSAPI_HEIMDAL_USES= gssapi:heimdal GSSAPI_HEIMDAL_CONFIGURE_ENV= HAVE_HEIMDAL=1 GSSAPI_MIT_USES= gssapi:mit Index: security/p5-Authen-Krb5/Makefile =================================================================== --- security/p5-Authen-Krb5/Makefile +++ security/p5-Authen-Krb5/Makefile @@ -17,11 +17,9 @@ CONFIGURE_ENV= GSSAPIBASEDIR="${GSSAPIBASEDIR}" OPTIONS_SINGLE= GSSAPI -OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT -OPTIONS_DEFAULT= GSSAPI_BASE +OPTIONS_SINGLE_GSSAPI= GSSAPI_HEIMDAL GSSAPI_MIT +OPTIONS_DEFAULT= GSSAPI_MIT -GSSAPI_BASE_USES= gssapi -GSSAPI_BASE_CONFIGURE_ENV= HAVE_HEIMDAL=1 GSSAPI_HEIMDAL_USES= gssapi:heimdal GSSAPI_HEIMDAL_CONFIGURE_ENV= HAVE_HEIMDAL=1 GSSAPI_MIT_USES= gssapi:mit Index: security/p5-GSSAPI/Makefile =================================================================== --- security/p5-GSSAPI/Makefile +++ security/p5-GSSAPI/Makefile @@ -14,11 +14,10 @@ USES= perl5 USE_PERL5= configure -OPTIONS_DEFAULT= GSSAPI_BASE +OPTIONS_DEFAULT= GSSAPI_MIT OPTIONS_SINGLE= GSSAPI -OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT +OPTIONS_SINGLE_GSSAPI= GSSAPI_HEIMDAL GSSAPI_MIT -GSSAPI_BASE_USES= gssapi GSSAPI_HEIMDAL_USES= gssapi:heimdal GSSAPI_MIT_USES= gssapi:mit Index: security/p5-Heimdal-Kadm5/Makefile =================================================================== --- security/p5-Heimdal-Kadm5/Makefile +++ security/p5-Heimdal-Kadm5/Makefile @@ -10,17 +10,10 @@ MAINTAINER= hrs@FreeBSD.org COMMENT= Perl extension for Heimdal administrative client library -USES= perl5 +USES= perl5 gssapi:heimdal USE_PERL5= configure CONFIGURE_ENV= GSSAPIBASEDIR="${GSSAPIBASEDIR}" -OPTIONS_SINGLE= GSSAPI -OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL -OPTIONS_DEFAULT= GSSAPI_BASE - -GSSAPI_BASE_USES= gssapi -GSSAPI_HEIMDAL_USES= gssapi:heimdal - post-build: ${STRIP_CMD} ${WRKSRC}/blib/arch/auto/Heimdal/Kadm5/Kadm5.so Index: security/p5-openxpki/Makefile =================================================================== --- security/p5-openxpki/Makefile +++ security/p5-openxpki/Makefile @@ -114,7 +114,7 @@ .include -.if defined(WITH_OPENSSL_PORT) && defined(OPENSSL_PORT) && ${OPENSSL_PORT} == security/libressl +.if ${SSL_DEFAULT:Mlibressl*} IGNORE= this version of OpenXPKI is not fully functional with LibreSSL library, use OpenSSL instead .endif Index: security/pam_krb5/Makefile =================================================================== --- security/pam_krb5/Makefile +++ security/pam_krb5/Makefile @@ -20,14 +20,12 @@ USE_PERL5= build OPTIONS_SINGLE= LINK -OPTIONS_SINGLE_LINK= MIT HEIMDAL_BASE HEIMDAL_PORT +OPTIONS_SINGLE_LINK= MIT HEIMDAL_PORT OPTIONS_DEFAULT= MIT MIT_DESC= Link against MIT Kerberos MIT_USES= gssapi:mit HEIMDAL_PORT_DESC= Link against Heimdal in ports Kerberos HEIMDAL_PORT_USES= gssapi:heimdal -HEIMDAL_BASE_DESC= Link against Heimdal in base Kerberos -HEIMDAL_BASE_USES= gssapi:base CONFIGURE_ARGS+= --with-krb5="${GSSAPIBASEDIR}" \ --with-krb5-include="${GSSAPIINCDIR}" \ Index: security/py-kerberos/Makefile =================================================================== --- security/py-kerberos/Makefile +++ security/py-kerberos/Makefile @@ -13,24 +13,21 @@ LICENSE= APACHE20 -OPTIONS_DEFAULT= GSSAPI_BASE +OPTIONS_DEFAULT= GSSAPI_MIT OPTIONS_SINGLE= GSSAPI -OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT +OPTIONS_SINGLE_GSSAPI= GSSAPI_HEIMDAL GSSAPI_MIT -GSSAPI_BASE_USES= gssapi GSSAPI_HEIMDAL_USES= gssapi:heimdal GSSAPI_MIT_USES= gssapi:mit USES= python USE_PYTHON= distutils autoplist -GSSAPI_BASE_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-src_kerberosbasic.h \ +GSSAPI_HEIMDAL_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-src_kerberosbasic.h \ ${PATCHDIR}/extra-patch-src_kerberosgss.c \ ${PATCHDIR}/extra-patch-src_kerberosgss.h \ ${PATCHDIR}/extra-patch-src_kerberospw.h -GSSAPI_HEIMDAL_EXTRA_PATCHES= ${GSSAPI_BASE_EXTRA_PATCHES} - post-patch: @${REINPLACE_CMD} -e 's|commands.getoutput("krb5-config|commands.getoutput("${GSSAPIBASEDIR}/bin/krb5-config|g' ${WRKSRC}/setup.py Index: security/softhsm2/Makefile =================================================================== --- security/softhsm2/Makefile +++ security/softhsm2/Makefile @@ -38,7 +38,7 @@ CRYP_OPEN_VARS= WITH_OPENSSL_PORT=yes CRYP_OPEN_CONFIGURE_ON= --with-crypto-backend=openssl -.if defined(OPENSSL_PORT) && ${OPENSSL_PORT} == security/libressl +.if ${SSL_DEFAULT:Mlibressl*} CONFIGURE_ARGS+= --disable-gost .endif Index: security/stunnel/Makefile =================================================================== --- security/stunnel/Makefile +++ security/stunnel/Makefile @@ -74,11 +74,11 @@ LDFLAGS+= -lpthread .endif -.if ${PORT_OPTIONS:MFIPS} && defined(OPENSSL_PORT) && ${OPENSSL_PORT} == security/libressl +.if ${PORT_OPTIONS:MFIPS} && ${SSL_DEFAULT:Mlibressl*} IGNORE= LibreSSL does not support FIPS standard .endif -.if defined(OPENSSL_PORT) && ${OPENSSL_PORT} == security/libressl +.if ${SSL_DEFAULT:Mlibressl*} NO_PACKAGE= The stunnel license restricts distribution when linked to non-OpenSSL non-base SSL-libraries .endif Index: www/mod_auth_kerb2/Makefile =================================================================== --- www/mod_auth_kerb2/Makefile +++ www/mod_auth_kerb2/Makefile @@ -24,22 +24,12 @@ CONFIGURE_ARGS= -with-krb5=${GSSAPIBASEDIR} --without-krb4 OPTIONS_SINGLE= GSSAPI -OPTIONS_DEFAULT= GSSAPI_BASE -OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT -GSSAPI_BASE_DESC= Use Base version of GSS API +OPTIONS_DEFAULT= GSSAPI_MIT +OPTIONS_SINGLE_GSSAPI= GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_HEIMDAL_DESC= Use Heimdal implementation of GSS API GSSAPI_MIT_DESC= Use MIT implementation of GSS API GSSAPI_DESC= Use Base version of GSS API -GSSAPI_BASE_USES= gssapi GSSAPI_HEIMDAL_USES= gssapi:heimdal GSSAPI_MIT_USES= gssapi:mit -.include - -.if ${PORT_OPTIONS:MGSSAPI_BASE} && ${OSVERSION} < 903504 -post-patch: - ${REINPLACE_CMD} -e 's|@KRB5_LDFLAGS@|@KRB5_LDFLAGS@ -lgssapi_krb5|' \ - ${WRKSRC}/Makefile.in -.endif - .include Index: www/serf/Makefile =================================================================== --- www/serf/Makefile +++ www/serf/Makefile @@ -21,10 +21,9 @@ OPTIONS_DEFINE= DOCS OPTIONS_RADIO= KERBEROS -OPTIONS_RADIO_KERBEROS= MIT HEIMDAL HEIMDAL_BASE +OPTIONS_RADIO_KERBEROS= MIT HEIMDAL HEIMDAL_DESC= Heimdal Kerberos (security/heimdal) -HEIMDAL_BASE_DESC= Heimdal Kerberos (base) MIT_DESC= MIT Kerberos (security/krb5) MIT_LIB_DEPENDS= libkrb5.so.3:security/krb5 HEIMDAL_LIB_DEPENDS= libkrb5.so.26:security/heimdal @@ -39,9 +38,6 @@ .include -.if ${PORT_OPTIONS:MHEIMDAL_BASE} -SCONS_ARGS+= GSSAPI="/usr" -.endif .if ${PORT_OPTIONS:MMIT} || ${PORT_OPTIONS:MHEIMDAL} SCONS_ARGS+= GSSAPI="${LOCALBASE}" .endif Index: www/squid/Makefile =================================================================== --- www/squid/Makefile +++ www/squid/Makefile @@ -53,12 +53,12 @@ TP_IPF TP_IPFW TP_PF VIA_DB WCCP WCCPV2 DOCS EXAMPLES OPTIONS_SINGLE= GSSAPI -OPTIONS_SINGLE_GSSAPI= GSSAPI_NONE GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT +OPTIONS_SINGLE_GSSAPI= GSSAPI_NONE GSSAPI_HEIMDAL GSSAPI_MIT OPTIONS_DEFAULT=ARP_ACL AUTH_NIS CACHE_DIGESTS DELAY_POOLS DOCS EXAMPLES FOLLOW_XFF \ FS_AUFS FS_DISKD FS_ROCK HTCP ICAP ICMP IDENT IPV6 KQUEUE LARGEFILE \ LAX_HTTP SNMP SSL SSL_CRTD TP_IPF TP_IPFW TP_PF VIA_DB WCCP WCCPV2 \ - GSSAPI_BASE + GSSAPI_MIT ARP_ACL_CONFIGURE_ENABLE= eui AUTH_LDAP_CFLAGS= -I${LOCALBASE}/include @@ -112,9 +112,6 @@ --without-mit-krb5 \ --without-gss -GSSAPI_BASE_USES= gssapi -GSSAPI_BASE_CONFIGURE_ON= --with-heimdal-krb5=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS} - GSSAPI_HEIMDAL_USES= gssapi:heimdal GSSAPI_HEIMDAL_CONFIGURE_ON= --with-heimdal-krb5=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS} @@ -128,7 +125,6 @@ AUTH_DESC= Authentication helpers GSSAPI_DESC= Install Kerberos authentication helpers GSSAPI_NONE_DESC= Build without Kerberos support -GSSAPI_BASE_DESC= Build with Kerberos support from base GSSAPI_HEIMDAL_DESC= Build with Kerberos support from security/heimdal GSSAPI_MIT_DESC= Build with Kerberos support from security/krb5 AUTH_LDAP_DESC= Install LDAP authentication helpers @@ -256,11 +252,6 @@ PLIST_SUB+= AUTH_KERB="" .endif -# Make it build on FreeBSD < 10 -.if ${PORT_OPTIONS:MGSSAPI_BASE} -EXTRA_PATCHES+= ${FILESDIR}/extra-patch-build-8-9 -.endif - CONFIGURE_ARGS+= --enable-auth-basic="${basic_auth}" \ --enable-auth-digest="${digest_auth}" \ --enable-external-acl-helpers="${external_acl}" \ Index: www/squid/files/extra-patch-build-8-9 =================================================================== --- www/squid/files/extra-patch-build-8-9 +++ /dev/null @@ -1,11 +0,0 @@ ---- helpers/negotiate_auth/kerberos/negotiate_kerberos.h.orig 2015-08-01 06:08:17 UTC -+++ helpers/negotiate_auth/kerberos/negotiate_kerberos.h -@@ -140,7 +140,7 @@ int check_gss_err(OM_uint32 major_status - - char *gethost_name(void); - --#if (HAVE_GSSKRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT || HAVE_GSS_MAP_NAME_TO_ANY) && HAVE_KRB5_PAC -+#if (HAVE_GSSKRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT || HAVE_GSS_MAP_NAME_TO_ANY) && HAVE_KRB5_PAC && __FreeBSD__ >= 10 - #define HAVE_PAC_SUPPORT 1 - #define MAX_PAC_GROUP_SIZE 200*60 - typedef struct {