This appears to pop up from time to time with various ports that offer a choice for building against base or a port (e.g. PR 198559). I built devel/subversion, which requires www/serf. The serf port was supposed to build against security/heimdal but invocations of svn(1) end with an undefined symbol message: $ pkg version -x serf serf-1.3.9_5 = $ pkg info serf serf-1.3.9_5 Name : serf Version : 1.3.9_5 Installed on : Thu Jul 30 12:55:31 2020 CDT Origin : www/serf Architecture : FreeBSD:12:amd64 Prefix : /usr/local Categories : www Licenses : APACHE20 Maintainer : lev@FreeBSD.org WWW : http://serf.apache.org/ Comment : Serf HTTP client library Options : DOCS : on GSSAPI_BASE : off GSSAPI_HEIMDAL : on GSSAPI_MIT : off Shared Libs required: libexpat.so.1 libgdbm.so.6 libldap-2.4.so.2 libaprutil-1.so.0 libapr-1.so.0 liblber-2.4.so.2 libhcrypto.so.4 libdb-5.3.so.0 Shared Libs provided: libserf-1.so.1 Annotations : FreeBSD_version: 1201000 cpe : cpe:2.3:a:serf:serf:1.3.9:::::freebsd12:x64:5 repo_type : binary repository : basement_repo Flat size : 407KiB Description : The serf library is a C-based HTTP client library built upon the Apache Portable Runtime (APR) library. It multiplexes connections, running the read/write communication asynchronously. Memory copies and transformations are kept to a minimum to provide high performance operation. WWW: http://serf.apache.org/ $ svn status ld-elf.so.1: /usr/local/lib/libserf-1.so.1: Undefined symbol "__gss_c_nt_hostbased_service_oid_desc" $ pkg info -x heim heimdal-7.7.0 $ Rebuilding www/serf using base krb5 appears to work around the issue: $ pkg version -x serf serf-1.3.9_5 = $ pkg info serf serf-1.3.9_5 Name : serf Version : 1.3.9_5 Installed on : Thu Aug 6 10:20:13 2020 CDT Origin : www/serf Architecture : FreeBSD:12:amd64 Prefix : /usr/local Categories : www Licenses : APACHE20 Maintainer : lev@FreeBSD.org WWW : http://serf.apache.org/ Comment : Serf HTTP client library Options : DOCS : on GSSAPI_BASE : on GSSAPI_HEIMDAL : off GSSAPI_MIT : off Shared Libs required: libexpat.so.1 libgdbm.so.6 libldap-2.4.so.2 libaprutil-1.so.0 libapr-1.so.0 liblber-2.4.so.2 libdb-5.3.so.0 Shared Libs provided: libserf-1.so.1 Annotations : FreeBSD_version: 1201000 cpe : cpe:2.3:a:serf:serf:1.3.9:::::freebsd12:x64:5 repo_type : binary repository : basement_repo Flat size : 407KiB Description : The serf library is a C-based HTTP client library built upon the Apache Portable Runtime (APR) library. It multiplexes connections, running the read/write communication asynchronously. Memory copies and transformations are kept to a minimum to provide high performance operation. WWW: http://serf.apache.org/ $ svn status svn: warning: W155007: '/' is not a working copy $
To be honest, I know nothing about Kerberos integration, it was contributed to port... I never build anything with kerberos myself...
Does this still occur? Can you provide ldd output on libserf.so? I have tested serf in and with its developers back then on FreeBSD. gssapi.mk could also be the reason. Waiting for feedback.
Created attachment 229266 [details] ldd output for libserf.so
(In reply to m.ne from comment #3) Thanks, I need to try this in a jail. The error is likely in the SConstruct. This will take me some time to add some attention. Feel free to ping my be the end of the month if I haven't done anything by then. I remember I has similar issue with msktutil back then, but was able to solve them for the port.
One tip for those who'd like to try, with "scons test" it is possible to compile a test application with libserf which would already show how the executable is linked. No need to have full blown Subversion installed.
(In reply to Michael Osipov from comment #4) No worries. The workaround mentioned works for me. I just ran into the issue, and while lacking the time to attempt proper diagnosis I could at least share some information to help.
Something is truly screwed up here: root@mskutil:/usr/ports/www/serf/work/serf-1.3.9 # scons test scons: Reading SConscript files ... Checking for GNU-compatible C compiler...(cached) yes scons: done reading SConscript files. scons: Building targets ... cc -o test/CuTest.o -c -O2 -pipe -fstack-protector-strong -fno-strict-aliasing -std=c99 -Wdeclaration-after-statement -Wmissing-prototypes -Wall -O2 -DNDEBUG -DSERF_HAVE_GSSAPI -DMOCKHTTP_OPENSSL -I. -I/usr/local/include/apr-1 -I/usr/include -I/usr/local/include -I/usr/include -I/usr/local/include/heimdal test/CuTest.c cc -o test/mock_buckets.o -c -O2 -pipe -fstack-protector-strong -fno-strict-aliasing -std=c99 -Wdeclaration-after-statement -Wmissing-prototypes -Wall -O2 -DNDEBUG -DSERF_HAVE_GSSAPI -DMOCKHTTP_OPENSSL -I. -I/usr/local/include/apr-1 -I/usr/include -I/usr/local/include -I/usr/include -I/usr/local/include/heimdal test/mock_buckets.c cc -o test/serf_bwtp.o -c -O2 -pipe -fstack-protector-strong -fno-strict-aliasing -std=c99 -Wdeclaration-after-statement -Wmissing-prototypes -Wall -O2 -DNDEBUG -DSERF_HAVE_GSSAPI -DMOCKHTTP_OPENSSL -I. -I/usr/local/include/apr-1 -I/usr/include -I/usr/local/include -I/usr/include -I/usr/local/include/heimdal test/serf_bwtp.c cc -o test/serf_bwtp -Wl,--enable-new-dtags -Wl,-rpath -Wl,/usr/local/lib/heimdal -Wl,-rpath=/usr/ports/www/serf/work/serf-1.3.9 test/serf_bwtp.o -L. -L/usr/local/lib -L/usr/lib -L/usr/lib -L/usr/local/lib/heimdal -lserf-1 -lssl -lcrypto -lz -lapr-1 -laprutil-1 -lexpat -lgssapi -lkrb5 -lheimntlm -lcom_err -lhcrypto -lasn1 -lwind -lheimbase -lroken -lcrypt -lpthread ld: error: ./libserf-1.so: undefined reference to __gss_c_nt_hostbased_service_oid_desc ld: error: ./libserf-1.so: undefined reference to __gss_spnego_mechanism_oid_desc cc: error: linker command failed with exit code 1 (use -v to see invocation) scons: *** [test/serf_bwtp] Error 1 scons: building terminated because of errors. root@mskutil:/usr/ports/www/serf/work/serf-1.3.9 #
So, the linker command line should be this: cc -o libserf-1.so.1.3.0 -Wl,--enable-new-dtags -Wl,-rpath -Wl,/usr/local/lib/heimdal -shared -Wl,-soname=libserf-1.so.1 -Wl,-rpath=/usr/local/lib -Wl,-rpath=/usr/local/lib -Wl,-rpath=/usr/local/lib/heimdal context.os incoming.os outgoing.os ssltunnel.os buckets/aggregate_buckets.os buckets/allocator.os buckets/barrier_buckets.os buckets/buckets.os buckets/bwtp_buckets.os buckets/chunk_buckets.os buckets/dechunk_buckets.os buckets/deflate_buckets.os buckets/file_buckets.os buckets/headers_buckets.os buckets/iovec_buckets.os buckets/limit_buckets.os buckets/mmap_buckets.os buckets/request_buckets.os buckets/response_body_buckets.os buckets/response_buckets.os buckets/simple_buckets.os buckets/socket_buckets.os buckets/ssl_buckets.os auth/auth.os auth/auth_basic.os auth/auth_digest.os auth/auth_spnego.os auth/auth_spnego_gss.os auth/auth_spnego_sspi.os -L/usr/local/lib -L/usr/local/lib/heimdal -lssl -lcrypto -lz -lapr-1 -laprutil-1 -lexpat -lgssapi -lkrb5 -lheimntlm -lcom_err -lhcrypto -lasn1 -lwind -lheimbase -lroken -lcrypt -lpthread The difference between this and the actual one that /usr/lib does not appear or must not appear *before* /usr/local. Same applies for RPATH. root@mskutil:/usr/ports/www/serf/work/serf-1.3.9 # ldd ./libserf-1.so.1.3.0 ./libserf-1.so.1.3.0: libssl.so.111 => /usr/lib/libssl.so.111 (0x800692000) libcrypto.so.111 => /lib/libcrypto.so.111 (0x800e00000) libz.so.6 => /lib/libz.so.6 (0x800736000) libapr-1.so.0 => /usr/local/lib/libapr-1.so.0 (0x800752000) libaprutil-1.so.0 => /usr/local/lib/libaprutil-1.so.0 (0x800793000) libexpat.so.1 => /usr/local/lib/libexpat.so.1 (0x8007c2000) libgssapi.so.3 => /usr/local/lib/heimdal/libgssapi.so.3 (0x8010f2000) libkrb5.so.26 => /usr/local/lib/heimdal/libkrb5.so.26 (0x801131000) libheimntlm.so.0 => /usr/local/lib/heimdal/libheimntlm.so.0 (0x8007ef000) libcom_err.so.1 => /usr/local/lib/heimdal/libcom_err.so.1 (0x8011bf000) libhcrypto.so.4 => /usr/local/lib/heimdal/libhcrypto.so.4 (0x8011c5000) libasn1.so.8 => /usr/local/lib/heimdal/libasn1.so.8 (0x801207000) libwind.so.0 => /usr/local/lib/heimdal/libwind.so.0 (0x8012b6000) libheimbase.so.1 => /usr/local/lib/heimdal/libheimbase.so.1 (0x8012e1000) libroken.so.18 => /usr/local/lib/heimdal/libroken.so.18 (0x8012f4000) libcrypt.so.5 => /lib/libcrypt.so.5 (0x80130a000) libthr.so.3 => /lib/libthr.so.3 (0x80132b000) libc.so.7 => /lib/libc.so.7 (0x80024e000) libheimsqlite.so.0 => /usr/local/lib/heimdal/libheimsqlite.so.0 (0x801358000) libintl.so.8 => /usr/local/lib/libintl.so.8 (0x80145c000)
I think I have it, but I don't know yet how to solve this. Need to talk to the port maintainer. The problem is the order -L is added for the compiler/linker: root@mskutil:/usr/ports/www/serf/work/serf-1.3.9 # scons --help scons: Reading SConscript files ... Checking for GNU-compatible C compiler...(cached) yes scons: done reading SConscript files. DESTDIR: Required *dummy*, without scons will stop with "Unknown variables: DESTDIR" default: None actual: /usr/ports/www/serf/work/stage PREFIX: Directory to install under ( /path/to/PREFIX ) default: /usr/local actual: /usr/local LIBDIR: Directory to install architecture dependent libraries under ( /path/to/LIBDIR ) default: $PREFIX/lib actual: /usr/local/lib APR: Path to apr-1-config, or to APR's install area ( /path/to/APR ) default: /usr actual: /usr/local/bin/apr-1-config APU: Path to apu-1-config, or to APR's install area ( /path/to/APU ) default: /usr actual: /usr/local/bin/apu-1-config OPENSSL: Path to OpenSSL's install area ( /path/to/OPENSSL ) default: /usr actual: /usr ZLIB: Path to zlib's install area ( /path/to/ZLIB ) default: /usr actual: /usr GSSAPI: Path to GSSAPI's install area ( /path/to/GSSAPI ) default: None actual: /usr/bin/krb5-config DEBUG: Enable debugging info and strict compile warnings (yes|no) default: False actual: False APR_STATIC: Enable using a static compiled APR (yes|no) default: False actual: False CC: Command name or path of the C compiler default: None actual: cc CFLAGS: Extra flags for the C compiler (space-separated) default: None actual: -O2 -pipe -fstack-protector-strong -fno-strict-aliasing LIBS: Extra libraries passed to the linker, e.g. "-l<library1> -l<library2>" (space separated) default: None actual: None LINKFLAGS: Extra flags for the linker (space-separated) default: None actual: CPPFLAGS: Extra flags for the C preprocessor (space separated) default: None actual: None So everything with /usr is added and if you check SConstruct you'll see that GSS-API is handled last which means that at least for OpenSSL base the path has already been added which breaks link time and run time. Same applies for zlib in base.