Created attachment 163548 [details] add krb5 1.14 in src/external/pac_responder.m4 Since krd5 1.14 is the default sssd does not compile anymore with SMB=on. pkg-static: Unable to access file /usr/ports/security/sssd/work/stage/usr/local/lib/krb5/plugins/authdata/sssd_pac_plugin.so: No such file or directory pkg-static: Unable to access file /usr/ports/security/sssd/work/stage/usr/local/libexec/sssd/sssd_pac: No such file or directory *** Error code 74 The attached patch fix this issue by enabling krb5 1.14* in pac_responder Also reported via the forum : https://forums.freebsd.org/threads/sssd-failing-to-build-all-components.54097/
Patch is already in upstream since Mon Oct 26 07:00:50 2015 +0100
@Joris, can you please provide your patch against the security/sssd port instead of the upstream source? Thanks!
I did not any problem to apply attached patch to sssd port. So what kind of problems do you have with the patch?
(In reply to lukas.slebodnik from comment #3) The patch should create a patch-* file in files/, generated by `make makepatch`
(In reply to Kubilay Kocak from comment #4) I don't really understand what I have to do. Do you mean something like diff -Nru security/sssd.orig security/sssd ?
@Joris, my apologies, I totally missed the first line of the existing patch, indicating it's for an existing files/patch-* file. This is good to go
A commit references this bug: Author: riggs Date: Sat Dec 12 07:08:24 UTC 2015 New revision: 403589 URL: https://svnweb.freebsd.org/changeset/ports/403589 Log: Add support of krb5 1.14 for external/pac PR: 204827 Submitted by: joris.dedieu@gmail.com Approved by: lukas.slebodnik@intrak.sk (maintainer) MFH: 2015Q4 Changes: head/security/sssd/Makefile head/security/sssd/files/patch-src__external__pac_responder.m4
Now that we have krb5 1.15 the issue came back.
Created attachment 180843 [details] add krb5 1.15 in src/external/pac_responder.m4
Comment on attachment 180843 [details] add krb5 1.15 in src/external/pac_responder.m4 Thank you
Comment on attachment 180843 [details] add krb5 1.15 in src/external/pac_responder.m4 maintainer-approval + for add krb5 1.15 in src/external/pac_responder.m4
hmm,
A commit references this bug: Author: riggs Date: Sat Mar 18 12:06:47 UTC 2017 New revision: 436401 URL: https://svnweb.freebsd.org/changeset/ports/436401 Log: Add support of krb5 1.15; bump PORTREVISION PR: 204827 Submitted by: joris.dedieu@gmail.com Approved by: lukas.slebodnik@intrak.sk (maintainer) MFH: 2017Q1 Changes: head/security/sssd/Makefile head/security/sssd/files/patch-src__external__pac_responder.m4 head/security/sssd/files/patch-src_external_pac__responder.m4
A commit references this bug: Author: riggs Date: Sun Mar 19 09:14:10 UTC 2017 New revision: 436479 URL: https://svnweb.freebsd.org/changeset/ports/436479 Log: MFH: r436401 Add support of krb5 1.15; bump PORTREVISION PR: 204827 Submitted by: joris.dedieu@gmail.com Approved by: lukas.slebodnik@intrak.sk (maintainer) Approved by: ports-secteam (feld) Changes: _U branches/2017Q1/ branches/2017Q1/security/sssd/Makefile branches/2017Q1/security/sssd/files/patch-src__external__pac_responder.m4 branches/2017Q1/security/sssd/files/patch-src_external_pac__responder.m4
Created attachment 191134 [details] change krb5 version parsing method
Now we are in krb5 1.16 ... I tried to provide a generic parsing method sothat it will be OK for a while, but IMHO the think to do is to suppress this check as we have krb5>=1.10:security/krb5 in BUILD_DEPENDS
I am sorry but last patch is not 100% correct. sssd use internal(non-public) interface from MIT krb5 for sssd_pac. This is the reason why each version need to be carefully reviewed in upstream (I do not have such knowledge) and then is new version added to "whitelist" instead of using wildcard or ">= $version" Please use the simillar approach as in previous patches.
Comment on attachment 191134 [details] change krb5 version parsing method @see previous comment
Created attachment 191971 [details] add krb5 1.16 in src/external/pac_responder.m4
Here is the patch for 1.16
see also Bug # 227201.
On a general note: For a proper record of what-happened-when-and-why it would be very useful not to bundle different things in one PR. Originally this was about adding support of krb in 1.14. Subsequently, things that address things after that should go into a new PR. Please try and help to keep bug tracking organised by doing so. Now, to address the problem and get this one committed: Can we get one single patch against an up-to-date ports tree that obsoletes all the open attachments and receives maintainer approval? Thank you all in advance
(In reply to Thomas Zander from comment #22) IMO, you should combine the first two approved patches and commit them as approved by 'portmgr' and maintainer, because the core issue is about broken build.
Committed, thanks!
A commit references this bug: Author: yuri Date: Tue Jun 19 02:46:54 UTC 2018 New revision: 472753 URL: https://svnweb.freebsd.org/changeset/ports/472753 Log: security/sssd: Add 1.16 to supported krb5 versions PR: 204827 Approved by: lukas.slebodnik@intrak.sk (maintainer) Changes: head/security/sssd/Makefile head/security/sssd/files/patch-src_external_pac__responder.m4
As usual changing default version of kerberos from krb5.1.17 breaks sssd See also (#236113) Joris
Fixed with ports r502928. *** This bug has been marked as a duplicate of bug 236113 ***