248501 – www/serf: appears to build against base krb5 even when Heimdal port is selected

Bug 248501 - www/serf: appears to build against base krb5 even when Heimdal port is selected

Summary: www/serf: appears to build against base krb5 even when Heimdal port is selected

Status:	New

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	Lev A. Serebryakov

URL:
Keywords:

Depends on:
Blocks:

Reported:	2020-08-06 15:17 UTC by Trix Farrar
Modified:	2021-11-08 14:34 UTC (History)
CC List:	2 users (show)

See Also:

Flags:	bugzilla: maintainer-feedback? (lev)

Attachments
ldd output for libserf.so (1.62 KB, text/plain) 2021-11-04 11:59 UTC, Martin Neubauer	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Trix Farrar 2020-08-06 15:17:55 UTC

This appears to pop up from time to time with various ports that offer a choice for building against base or a port (e.g. PR 198559).

I built devel/subversion, which requires www/serf.  The serf port was supposed to build against security/heimdal but invocations of svn(1) end with an undefined symbol message:

$ pkg version -x serf
serf-1.3.9_5                       =
$ pkg info serf
serf-1.3.9_5
Name           : serf
Version        : 1.3.9_5
Installed on   : Thu Jul 30 12:55:31 2020 CDT
Origin         : www/serf
Architecture   : FreeBSD:12:amd64
Prefix         : /usr/local
Categories     : www
Licenses       : APACHE20
Maintainer     : lev@FreeBSD.org
WWW            : http://serf.apache.org/
Comment        : Serf HTTP client library
Options        :
	DOCS           : on
	GSSAPI_BASE    : off
	GSSAPI_HEIMDAL : on
	GSSAPI_MIT     : off
Shared Libs required:
	libexpat.so.1
	libgdbm.so.6
	libldap-2.4.so.2
	libaprutil-1.so.0
	libapr-1.so.0
	liblber-2.4.so.2
	libhcrypto.so.4
	libdb-5.3.so.0
Shared Libs provided:
	libserf-1.so.1
Annotations    :
	FreeBSD_version: 1201000
	cpe            : cpe:2.3:a:serf:serf:1.3.9:::::freebsd12:x64:5
	repo_type      : binary
	repository     : basement_repo
Flat size      : 407KiB
Description    :
The serf library is a C-based HTTP client library built upon the
Apache Portable Runtime (APR) library. It multiplexes connections,
running the read/write communication asynchronously. Memory copies
and transformations are kept to a minimum to provide high
performance operation.

WWW: http://serf.apache.org/
$ svn status
ld-elf.so.1: /usr/local/lib/libserf-1.so.1: Undefined symbol "__gss_c_nt_hostbased_service_oid_desc"
$ pkg info -x heim
heimdal-7.7.0
$ 

Rebuilding www/serf using base krb5 appears to work around the issue:

$ pkg version -x serf
serf-1.3.9_5                       =
$ pkg info serf
serf-1.3.9_5
Name           : serf
Version        : 1.3.9_5
Installed on   : Thu Aug  6 10:20:13 2020 CDT
Origin         : www/serf
Architecture   : FreeBSD:12:amd64
Prefix         : /usr/local
Categories     : www
Licenses       : APACHE20
Maintainer     : lev@FreeBSD.org
WWW            : http://serf.apache.org/
Comment        : Serf HTTP client library
Options        :
	DOCS           : on
	GSSAPI_BASE    : on
	GSSAPI_HEIMDAL : off
	GSSAPI_MIT     : off
Shared Libs required:
	libexpat.so.1
	libgdbm.so.6
	libldap-2.4.so.2
	libaprutil-1.so.0
	libapr-1.so.0
	liblber-2.4.so.2
	libdb-5.3.so.0
Shared Libs provided:
	libserf-1.so.1
Annotations    :
	FreeBSD_version: 1201000
	cpe            : cpe:2.3:a:serf:serf:1.3.9:::::freebsd12:x64:5
	repo_type      : binary
	repository     : basement_repo
Flat size      : 407KiB
Description    :
The serf library is a C-based HTTP client library built upon the
Apache Portable Runtime (APR) library. It multiplexes connections,
running the read/write communication asynchronously. Memory copies
and transformations are kept to a minimum to provide high
performance operation.

WWW: http://serf.apache.org/
$ svn status
svn: warning: W155007: '/' is not a working copy
$

Comment 1 Lev A. Serebryakov freebsd_committer

2020-08-06 16:25:39 UTC

To be honest, I know nothing about Kerberos integration, it was contributed to port...
I never build anything with kerberos myself...

Comment 2 Michael Osipov 2021-04-14 21:08:33 UTC

Does this still occur? Can you provide ldd output on libserf.so? I have tested serf in and with its developers back then on FreeBSD. gssapi.mk could also be the reason. Waiting for feedback.

Comment 3 Martin Neubauer 2021-11-04 11:59:00 UTC

Created attachment 229266 [details]
ldd output for libserf.so

Comment 4 Michael Osipov 2021-11-04 13:19:57 UTC

(In reply to m.ne from comment #3)

Thanks, I need to try this in a jail. The error is likely in the SConstruct. This will take me some time to add some attention. Feel free to ping my be the end of the month if I haven't done anything by then. I remember I has similar issue with msktutil back then, but was able to solve them for the port.

Comment 5 Michael Osipov 2021-11-04 13:47:00 UTC

One tip for those who'd like to try, with "scons test" it is possible to compile a test application with libserf which would already show how the executable is linked. No need to have full blown Subversion installed.

Comment 6 Martin Neubauer 2021-11-05 13:46:07 UTC

(In reply to Michael Osipov from comment #4)
No worries. The workaround mentioned works for me. I just ran into the issue, and while lacking the time to attempt proper diagnosis I could at least share some   information to help.

Comment 7 Michael Osipov 2021-11-08 13:51:32 UTC

Something is truly screwed up here:

root@mskutil:/usr/ports/www/serf/work/serf-1.3.9 # scons test
scons: Reading SConscript files ...
Checking for GNU-compatible C compiler...(cached) yes
scons: done reading SConscript files.
scons: Building targets ...
cc -o test/CuTest.o -c -O2 -pipe -fstack-protector-strong -fno-strict-aliasing -std=c99 -Wdeclaration-after-statement -Wmissing-prototypes -Wall -O2 -DNDEBUG -DSERF_HAVE_GSSAPI -DMOCKHTTP_OPENSSL -I. -I/usr/local/include/apr-1 -I/usr/include -I/usr/local/include -I/usr/include -I/usr/local/include/heimdal test/CuTest.c
cc -o test/mock_buckets.o -c -O2 -pipe -fstack-protector-strong -fno-strict-aliasing -std=c99 -Wdeclaration-after-statement -Wmissing-prototypes -Wall -O2 -DNDEBUG -DSERF_HAVE_GSSAPI -DMOCKHTTP_OPENSSL -I. -I/usr/local/include/apr-1 -I/usr/include -I/usr/local/include -I/usr/include -I/usr/local/include/heimdal test/mock_buckets.c
cc -o test/serf_bwtp.o -c -O2 -pipe -fstack-protector-strong -fno-strict-aliasing -std=c99 -Wdeclaration-after-statement -Wmissing-prototypes -Wall -O2 -DNDEBUG -DSERF_HAVE_GSSAPI -DMOCKHTTP_OPENSSL -I. -I/usr/local/include/apr-1 -I/usr/include -I/usr/local/include -I/usr/include -I/usr/local/include/heimdal test/serf_bwtp.c
cc -o test/serf_bwtp -Wl,--enable-new-dtags -Wl,-rpath -Wl,/usr/local/lib/heimdal -Wl,-rpath=/usr/ports/www/serf/work/serf-1.3.9 test/serf_bwtp.o -L. -L/usr/local/lib -L/usr/lib -L/usr/lib -L/usr/local/lib/heimdal -lserf-1 -lssl -lcrypto -lz -lapr-1 -laprutil-1 -lexpat -lgssapi -lkrb5 -lheimntlm -lcom_err -lhcrypto -lasn1 -lwind -lheimbase -lroken -lcrypt -lpthread
ld: error: ./libserf-1.so: undefined reference to __gss_c_nt_hostbased_service_oid_desc
ld: error: ./libserf-1.so: undefined reference to __gss_spnego_mechanism_oid_desc
cc: error: linker command failed with exit code 1 (use -v to see invocation)
scons: *** [test/serf_bwtp] Error 1
scons: building terminated because of errors.
root@mskutil:/usr/ports/www/serf/work/serf-1.3.9 #

Comment 8 Michael Osipov 2021-11-08 14:10:54 UTC

So, the linker command line should be this:
cc -o libserf-1.so.1.3.0 -Wl,--enable-new-dtags -Wl,-rpath -Wl,/usr/local/lib/heimdal -shared -Wl,-soname=libserf-1.so.1 -Wl,-rpath=/usr/local/lib -Wl,-rpath=/usr/local/lib -Wl,-rpath=/usr/local/lib/heimdal context.os incoming.os outgoing.os ssltunnel.os buckets/aggregate_buckets.os buckets/allocator.os buckets/barrier_buckets.os buckets/buckets.os buckets/bwtp_buckets.os buckets/chunk_buckets.os buckets/dechunk_buckets.os buckets/deflate_buckets.os buckets/file_buckets.os buckets/headers_buckets.os buckets/iovec_buckets.os buckets/limit_buckets.os buckets/mmap_buckets.os buckets/request_buckets.os buckets/response_body_buckets.os buckets/response_buckets.os buckets/simple_buckets.os buckets/socket_buckets.os buckets/ssl_buckets.os auth/auth.os auth/auth_basic.os auth/auth_digest.os auth/auth_spnego.os auth/auth_spnego_gss.os auth/auth_spnego_sspi.os -L/usr/local/lib -L/usr/local/lib/heimdal -lssl -lcrypto -lz -lapr-1 -laprutil-1 -lexpat -lgssapi -lkrb5 -lheimntlm -lcom_err -lhcrypto -lasn1 -lwind -lheimbase -lroken -lcrypt -lpthread

The difference between this and the actual one that /usr/lib does not appear or must not appear *before* /usr/local. Same applies for RPATH.

root@mskutil:/usr/ports/www/serf/work/serf-1.3.9 # ldd ./libserf-1.so.1.3.0                             ./libserf-1.so.1.3.0:
        libssl.so.111 => /usr/lib/libssl.so.111 (0x800692000)
        libcrypto.so.111 => /lib/libcrypto.so.111 (0x800e00000)
        libz.so.6 => /lib/libz.so.6 (0x800736000)
        libapr-1.so.0 => /usr/local/lib/libapr-1.so.0 (0x800752000)
        libaprutil-1.so.0 => /usr/local/lib/libaprutil-1.so.0 (0x800793000)
        libexpat.so.1 => /usr/local/lib/libexpat.so.1 (0x8007c2000)
        libgssapi.so.3 => /usr/local/lib/heimdal/libgssapi.so.3 (0x8010f2000)
        libkrb5.so.26 => /usr/local/lib/heimdal/libkrb5.so.26 (0x801131000)
        libheimntlm.so.0 => /usr/local/lib/heimdal/libheimntlm.so.0 (0x8007ef000)
        libcom_err.so.1 => /usr/local/lib/heimdal/libcom_err.so.1 (0x8011bf000)
        libhcrypto.so.4 => /usr/local/lib/heimdal/libhcrypto.so.4 (0x8011c5000)
        libasn1.so.8 => /usr/local/lib/heimdal/libasn1.so.8 (0x801207000)
        libwind.so.0 => /usr/local/lib/heimdal/libwind.so.0 (0x8012b6000)
        libheimbase.so.1 => /usr/local/lib/heimdal/libheimbase.so.1 (0x8012e1000)
        libroken.so.18 => /usr/local/lib/heimdal/libroken.so.18 (0x8012f4000)
        libcrypt.so.5 => /lib/libcrypt.so.5 (0x80130a000)
        libthr.so.3 => /lib/libthr.so.3 (0x80132b000)
        libc.so.7 => /lib/libc.so.7 (0x80024e000)
        libheimsqlite.so.0 => /usr/local/lib/heimdal/libheimsqlite.so.0 (0x801358000)
        libintl.so.8 => /usr/local/lib/libintl.so.8 (0x80145c000)

Comment 9 Michael Osipov 2021-11-08 14:34:54 UTC

I think I have it, but I don't know yet how to solve this. Need to talk to the port maintainer. The problem is the order -L is added for the compiler/linker:
root@mskutil:/usr/ports/www/serf/work/serf-1.3.9 # scons --help
scons: Reading SConscript files ...
Checking for GNU-compatible C compiler...(cached) yes
scons: done reading SConscript files.

DESTDIR: Required *dummy*, without scons will stop with "Unknown variables: DESTDIR"
    default: None
    actual: /usr/ports/www/serf/work/stage

PREFIX: Directory to install under ( /path/to/PREFIX )
    default: /usr/local
    actual: /usr/local

LIBDIR: Directory to install architecture dependent libraries under ( /path/to/LIBDIR )
    default: $PREFIX/lib
    actual: /usr/local/lib

APR: Path to apr-1-config, or to APR's install area ( /path/to/APR )
    default: /usr
    actual: /usr/local/bin/apr-1-config

APU: Path to apu-1-config, or to APR's install area ( /path/to/APU )
    default: /usr
    actual: /usr/local/bin/apu-1-config

OPENSSL: Path to OpenSSL's install area ( /path/to/OPENSSL )
    default: /usr
    actual: /usr

ZLIB: Path to zlib's install area ( /path/to/ZLIB )
    default: /usr
    actual: /usr

GSSAPI: Path to GSSAPI's install area ( /path/to/GSSAPI )
    default: None
    actual: /usr/bin/krb5-config

DEBUG: Enable debugging info and strict compile warnings (yes|no)
    default: False
    actual: False

APR_STATIC: Enable using a static compiled APR (yes|no)
    default: False
    actual: False

CC: Command name or path of the C compiler
    default: None
    actual: cc

CFLAGS: Extra flags for the C compiler (space-separated)
    default: None
    actual: -O2 -pipe -fstack-protector-strong -fno-strict-aliasing

LIBS: Extra libraries passed to the linker, e.g. "-l<library1> -l<library2>" (space separated)
    default: None
    actual: None

LINKFLAGS: Extra flags for the linker (space-separated)
    default: None
    actual:

CPPFLAGS: Extra flags for the C preprocessor (space separated)
    default: None
    actual: None

So everything with /usr is added and if you check SConstruct you'll see that GSS-API is handled last which means that at least for OpenSSL base the path has already been added which breaks link time and run time. Same applies for zlib in base.