Paths

Table of Contentst

Uses/gssapi.mk: Fix base Kerberos for MIT KRB5
ClosedPublic
Actions

Authored by ivy on Sat, Aug 9, 7:10 AM.

Details

Reviewers

cy
des

Group Reviewers

krb5

Commits

R11:d30d5dfae517: Uses/gssapi.mk: Improve base Kerberos detection

Summary

After src e26259f48afe, base no longer includes libgssapi, so remove
that from GSSAPILIBS.

We can't check for /usr/libexec/krb5kdc to determine if base uses
MIT Kerberos, because this is part of the kerberos-kdc package and
might not be installed. Instead, arbitrarily pick a file which is
in kerberos-lib-dev and only exists with MIT: /usr/include/krad.h.

Diff Detail

Repository

R11 FreeBSD ports repository

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 66142
Build 63025: arc lint + arc unit

Event Timeline

ivy created this revision.Sat, Aug 9, 7:10 AM

Harbormaster completed remote builds in B66131: Diff 160106.Sat, Aug 9, 7:10 AM

ivy requested review of this revision.Sat, Aug 9, 7:10 AM

i tested this with ftp/curl and it fixes the build with base GSSAPI, which was previously broken.

there's another issue relating to library paths where we pick libraries essentially randomly from either /usr/lib or /usr/local/lib in a way that doesn't look functional:

% ldd /usr/local/bin/curl | egrep 'gss|krb5'
	libkrb5.so.122 => /usr/lib/libkrb5.so.122 (0x3a5390104000)
	libgssapi_krb5.so.122 => /usr/lib/libgssapi_krb5.so.122 (0x3a53903a5000)
	libkrb5.so.3.3 => /usr/local/lib/libkrb5.so.3.3 (0x3a5392c20000)
	libgssapi_krb5.so.2.2 => /usr/local/lib/libgssapi_krb5.so.2.2 (0x3a538e56c000)
	libkrb5profile.so.122 => /usr/lib/libkrb5profile.so.122 (0x3a538ec4c000)
	libkrb5support.so.122 => /usr/lib/libkrb5support.so.122 (0x3a53958a0000)
	libkrb5support.so.0.1 => /usr/local/lib/libkrb5support.so.0.1 (0x3a539811f000)

but this probably only happens if you don't use poudriere and build things against base GSSAPI while also having security/krb5 installed, which is not the most common use case.

if D51842 lands, i'll update this to use /usr/libdata/pkgconfig/mit-krb5-gssapi.pc instead of /usr/include/krad.h.

ivy added a parent revision: D51842: krb5: Install pkgconfig data.Sat, Aug 9, 8:58 AM

I think you should go ahead and assume that D51842 will land

update

i used mit-krb5.pc instead of mit-krb5-gssapi.pc just in case we decide to make
WITHOUT_GSSAPI work for MIT (although i don't think that's likely).

Harbormaster completed remote builds in B66142: Diff 160142.Sat, Aug 9, 10:38 PM

des accepted this revision.Sun, Aug 10, 12:38 AM

This revision is now accepted and ready to land.Sun, Aug 10, 12:38 AM

cy accepted this revision.Sun, Aug 10, 1:06 PM

cy added inline comments.

Mk/Uses/gssapi.mk
89	This is certainly better than I've been doing.

Go ahead and do the pkgconfig change. It's certainly better than what I have been doing.

In D51841#1184825, @cy wrote:

Go ahead and do the pkgconfig change. It's certainly better than what I have been doing.

thanks -- does that mean you're also okay with D51842? (that's needed to actually install the pkgconfig files in base.)

cy mentioned this in R11:a936bd8b3f16: devel/cvs: Use pkgconfig file to test for MIT KRB5 existence.Sun, Aug 10, 1:41 PM

cy mentioned this in R11:6a1d45c2899d: mail/cyrus-imapd*: Use pkgconfig file to test for MIT KRB5 existence.

ivy mentioned this in D51842: krb5: Install pkgconfig data.Sun, Aug 10, 5:09 PM

Closed by commit R11:d30d5dfae517: Uses/gssapi.mk: Improve base Kerberos detection (authored by ivy). · Explain WhyMon, Aug 11, 12:15 PM

This revision was automatically updated to reflect the committed changes.

ivy added a commit: R11:d30d5dfae517: Uses/gssapi.mk: Improve base Kerberos detection.

Revision Contents
Changeset List

Path

Size

Mk/

Uses/

gssapi.mk

4 lines

Diff 160142

View Options

Uses/gssapi.mk: Fix base Kerberos for MIT KRB5ClosedPublicActions