Bug 264710 - net/openldap26-server build fails when overlay option SMBPWD is set
Summary: net/openldap26-server build fails when overlay option SMBPWD is set
Status: Open
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: amd64 Any
: --- Affects Only Me
Assignee: Xin LI
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-06-16 09:29 UTC by johannes.kunde
Modified: 2023-12-31 05:39 UTC (History)
7 users (show)

See Also:
linimon: maintainer-feedback? (delphij)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description johannes.kunde 2022-06-16 09:29:48 UTC 
Build of the port openldap26-server fails, when the 'SMBPWD' overlay build option is set. Removing the option from the port configuration solves the issue.

Error output:

gmake[1]: Entering directory '/usr/ports/net/openldap26-server/work/openldap-2.6.2/contrib/slapd-modules/smbk5pwd'
../../../libtool --mode=compile cc -O2 -pipe  -fstack-protector-strong -isystem /usr/local/include -fno-strict-aliasing  -O2 -pipe  -fstack-protector-strong -isystem /usr/local/include -fno-strict-aliasing  -I/usr/local/include -isystem /usr/local/include -DDO_KRB5 -DDO_SAMBA -DDO_SHADOW -I../../../include -I../../../include -I../../../servers/slapd -I/usr/include  -c smbk5pwd.c
libtool: compile:  cc -O2 -pipe -fstack-protector-strong -isystem /usr/local/include -fno-strict-aliasing -O2 -pipe -fstack-protector-strong -isystem /usr/local/include -fno-strict-aliasing -I/usr/local/include -isystem /usr/local/include -DDO_KRB5 -DDO_SAMBA -DDO_SHADOW -I../../../include -I../../../include -I../../../servers/slapd -I/usr/include -c smbk5pwd.c  -fPIC -DPIC -o .libs/smbk5pwd.o
In file included from smbk5pwd.c:47:
In file included from /usr/include/hdb.h:43:
/usr/include/heim_asn1.h:37:52: error: unknown type name 'heim_any'
int     encode_heim_any(unsigned char *, size_t, const heim_any *, size_t *);
                                                       ^
/usr/include/heim_asn1.h:38:52: error: unknown type name 'heim_any'
int     decode_heim_any(const unsigned char *, size_t, heim_any *, size_t *);
                                                       ^
/usr/include/heim_asn1.h:39:20: error: unknown type name 'heim_any'
void    free_heim_any(heim_any *);
                      ^
/usr/include/heim_asn1.h:40:30: error: unknown type name 'heim_any'
size_t  length_heim_any(const heim_any *);
                              ^
/usr/include/heim_asn1.h:41:25: error: unknown type name 'heim_any'
int     copy_heim_any(const heim_any *, heim_any *);
                            ^
/usr/include/heim_asn1.h:41:37: error: unknown type name 'heim_any'
int     copy_heim_any(const heim_any *, heim_any *);
                                        ^
/usr/include/heim_asn1.h:44:14: error: unknown type name 'heim_any_set'
                            const heim_any_set *, size_t *);
                                  ^
/usr/include/heim_asn1.h:46:8: error: unknown type name 'heim_any_set'
                            heim_any_set *,size_t *);
                            ^
/usr/include/heim_asn1.h:47:24: error: unknown type name 'heim_any_set'
void    free_heim_any_set(heim_any_set *);
                          ^
/usr/include/heim_asn1.h:48:34: error: unknown type name 'heim_any_set'
size_t  length_heim_any_set(const heim_any_set *);
                                  ^
/usr/include/heim_asn1.h:49:29: error: unknown type name 'heim_any_set'
int     copy_heim_any_set(const heim_any_set *, heim_any_set *);
                                ^
/usr/include/heim_asn1.h:49:45: error: unknown type name 'heim_any_set'
int     copy_heim_any_set(const heim_any_set *, heim_any_set *);
                                                ^
/usr/include/heim_asn1.h:50:24: error: unknown type name 'heim_any_set'
int     heim_any_cmp(const heim_any_set *, const heim_any_set *);
                           ^
/usr/include/heim_asn1.h:50:46: error: unknown type name 'heim_any_set'
int     heim_any_cmp(const heim_any_set *, const heim_any_set *);
                                                 ^
In file included from smbk5pwd.c:47:
In file included from /usr/include/hdb.h:44:
In file included from /usr/include/hdb_asn1.h:88:
/usr/include/krb5_asn1.h:108:3: error: expected identifier
  KRB5_NT_UNKNOWN = 0,
  ^
/usr/local/include/krb5/krb5.h:242:32: note: expanded from macro 'KRB5_NT_UNKNOWN'
#define KRB5_NT_UNKNOWN        0 /**<  Name type not known */
                               ^
In file included from smbk5pwd.c:47:
In file included from /usr/include/hdb.h:44:
In file included from /usr/include/hdb_asn1.h:88:
/usr/include/krb5_asn1.h:109:3: error: expected identifier
  KRB5_NT_PRINCIPAL = 1,
  ^
/usr/local/include/krb5/krb5.h:243:32: note: expanded from macro 'KRB5_NT_PRINCIPAL'
#define KRB5_NT_PRINCIPAL      1 /**< Just the name of the principal
                               ^
In file included from smbk5pwd.c:47:
In file included from /usr/include/hdb.h:44:
In file included from /usr/include/hdb_asn1.h:88:
/usr/include/krb5_asn1.h:110:3: error: expected identifier
  KRB5_NT_SRV_INST = 2,
  ^
/usr/local/include/krb5/krb5.h:245:32: note: expanded from macro 'KRB5_NT_SRV_INST'
#define KRB5_NT_SRV_INST       2 /**< Service and other unique instance (krbtgt) */
                               ^
In file included from smbk5pwd.c:47:
In file included from /usr/include/hdb.h:44:
In file included from /usr/include/hdb_asn1.h:88:
/usr/include/krb5_asn1.h:111:3: error: expected identifier
  KRB5_NT_SRV_HST = 3,
  ^
/usr/local/include/krb5/krb5.h:246:32: note: expanded from macro 'KRB5_NT_SRV_HST'
#define KRB5_NT_SRV_HST        3 /**< Service with host name as instance
                               ^
In file included from smbk5pwd.c:47:
In file included from /usr/include/hdb.h:44:
In file included from /usr/include/hdb_asn1.h:88:
/usr/include/krb5_asn1.h:112:3: error: expected identifier
  KRB5_NT_SRV_XHST = 4,
  ^
/usr/local/include/krb5/krb5.h:248:32: note: expanded from macro 'KRB5_NT_SRV_XHST'
#define KRB5_NT_SRV_XHST       4 /**< Service with host as remaining components */
                               ^
fatal error: too many errors emitted, stopping now [-ferror-limit=]
20 errors generated.
gmake[1]: *** [Makefile:53: smbk5pwd.lo] Error 1
gmake[1]: Leaving directory '/usr/ports/net/openldap26-server/work/openldap-2.6.2/contrib/slapd-modules/smbk5pwd'
*** Error code 2

Stop.
make: stopped in /usr/ports/net/openldap26-server

===>>> make build failed for net/openldap26-server
===>>> Aborting update

===>>> Update for net/openldap26-server failed
===>>> Aborting update


===>>> You can restart from the point of failure with this command line:
       portmaster <flags> net/openldap26-server lang/cython@py38 security/sudo security/sssd editors/vim@console 

This command has been saved to ~/portmasterfail.txt
Comment 1 Xin LI freebsd_committer freebsd_triage 2022-06-19 20:47:28 UTC 
I can't reproduce this with pourdriere build with SMBPWD option enabled.

Note that SMBPWD is intended for Heimdal Kerberos implementation (which is also the default Kerberos 5 implementation that is bundled with FreeBSD base system) and you appear to have MIT Kerberos 5 installed, please remove and try again.
Comment 2 Cy Schubert freebsd_committer freebsd_triage 2022-06-19 22:06:45 UTC 
Correct. There is no such function as encode_heim_any() in MIT KRB5.

We should probably have some kind of IGNORE_KRB5 option like we do for IGNORE_OPENSSL, and apply that to the SMBPWD option in openldap.

This ticket should be closed.

BTW, a workaround for ports that expect some version of KRB5 not be installed during build is either temporarily uninstall MIT KRB5 during the build (something that had to be done prior to poudriere), build openldap using poudriere, or make package in a jail or chroot then pkg add the resulting package.
Comment 3 johannes.kunde 2022-06-28 12:55:20 UTC 
You're right, I didn't build with poudriere, but installed it with portmaster directly from ports. I think the proposed "KRB5_IGNORE" would do it.
Comment 4 Andrew 2023-04-01 13:38:15 UTC 
This is affecting me too. It's frustrating because the problem isn't apparent from anything in the options or any of the error messages. In fact, all the error messages point to something to do with Heimdal, but the apparent solution (turning off GSSAPI) has nothing to do with fixing it.

I don't agree that the ticket should be closed: as long as MIT Kerberos is still a live port, the SMBPWD option conflicts with it, and the SMBPWD option defaults to on, this is going to trip up a significant number of users. It's still a live bug.

Rather than looking for a new IGNORE_KRB5, could you use SMBPWD_CONFLICTS_BUILD=krb5? I couldn't get it to do what I'd expected in the roughly 20 minutes I had available to play with the Makefile, but from the Handbook it sounds like what's needed here.

This also affects openldap25-server, by the way.
Comment 5 Mark Linimon freebsd_committer freebsd_triage 2023-08-22 20:51:55 UTC 
To delphij: please take a look at this PR and comment.  Thanks.