nginx cannot start with this error: nginx: [emerg] dlopen() "/usr/local/libexec/nginx/ngx_http_auth_spnego_module.so" failed (/usr/local/libexec/nginx/ngx_http_auth_spnego_module.so: Undefined symbol "__gss_krb5_mechanism_oid_desc") in /usr/local/etc/nginx/nginx.conf:7 nginx: configuration file /usr/local/etc/nginx/nginx.conf test failed OPTIONS_FILE_SET+=GSSAPI_HEIMDAL OPTIONS_FILE_UNSET+=GSSAPI_MIT fix: --- extra-patch-spnego-http-auth-nginx-module-config.orig 2020-10-19 14:34:15.000000000 +0300 +++ extra-patch-spnego-http-auth-nginx-module-config 2022-02-09 04:32:37.602451000 +0300 @@ -3,8 +3,8 @@ @@ -1,8 +1,10 @@ ngx_addon_name=ngx_http_auth_spnego_module -ngx_feature_libs="-lgssapi_krb5 -lkrb5 -lcom_err" -+ngx_feature_libs="%%GSSAPILIBS%%" -+ngx_module_incs="%%GSSAPINCDIR%%" ++ngx_feature_libs="-L %%GSSAPILIBDIR%% %%GSSAPILIBS%%" ++ngx_module_incs="%%GSSAPIINCDIR%%" + if uname -o | grep -q FreeBSD; then
Thank you for the report and patch Igor. Could you include your change as an attachment please
U use this config, correct? GSSAPI_HEIMDAL=on: GSSAPI support via security/heimdal GSSAPI_MIT=off: GSSAPI support via security/krb5
Created attachment 231695 [details] extra-patch-spnego-http-auth-nginx-module-config.patch
(In reply to Jochen Neumeister from comment #2) yes need full config?
i cannot reproduce the error: ====> GSSAPI implementation (imply HTTP_AUTH_KRB5): you can only select none or one of them GSSAPI_HEIMDAL=on: GSSAPI support via security/heimdal GSSAPI_MIT=off: GSSAPI support via security/krb5 ===> Use 'make config' to modify these settings nginx:/usr/ports/www/nginx@[9:48] # service nginx onestart Performing sanity check on nginx configuration: nginx: the configuration file /usr/local/etc/nginx/nginx.conf syntax is ok nginx: configuration file /usr/local/etc/nginx/nginx.conf test is successful Starting nginx.
(In reply to Jochen Neumeister from comment #5) did you include this line in nginx.conf? load_module /usr/local/libexec/nginx/ngx_http_auth_spnego_module.so; please see that without patch compiler didn't now where to find krb5 headers and libs, and all time take base default (/usr/include /usr/lib)
I will patch the module today and update to the latest version. Thanks for your report
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=7ab2abfa9d0a0c7efec47aafe89e2e1faf535be8 commit 7ab2abfa9d0a0c7efec47aafe89e2e1faf535be8 Author: Jochen Neumeister <joneum@FreeBSD.org> AuthorDate: 2022-02-10 16:48:43 +0000 Commit: Jochen Neumeister <joneum@FreeBSD.org> CommitDate: 2022-02-10 16:53:14 +0000 www/nginx: update third-party spnego-http-auth module There was an error when loading the module in nginx.conf. This update also fixes this error: nginx: [emerg] dlopen() "/usr/local/libexec/nginx/ngx_http_auth_spnego_module.so" failed (/usr/local/libexec/nginx/ngx_http_auth_spnego_module.so: Undefined symbol "__gss_krb5_mechanism_oid_desc") in /usr/local/etc/nginx/nginx.conf:7 nginx: configuration file /usr/local/etc/nginx/nginx.conf test failed PR: 261810 Sponsored by: Netzkommune GmbH www/nginx/Makefile | 2 +- www/nginx/Makefile.extmod | 2 +- www/nginx/distinfo | 6 +++--- www/nginx/files/extra-patch-spnego-http-auth-nginx-module-config | 6 +++--- 4 files changed, 8 insertions(+), 8 deletions(-)
patch applied incorrectly: ngx_module_incs="%%GSSAPINCDIR%%" ^ missed I in patch ++ngx_module_incs="%%GSSAPIINCDIR%%" ^^ see correct name: /usr/ports/ww/nginx/Makefile /usr/ports/Mk/Uses/gssapi.mk
i think new version ngx_http_auth_spnego_module.c work only with MIT krb5 may be you revert it for now later i can try check whats wrong with new version
Created attachment 231941 [details] Fix Heimdal build Fix Heimdal build
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=6c58c2274ed66612211ad75925eb27c3ae3853e7 commit 6c58c2274ed66612211ad75925eb27c3ae3853e7 Author: Jochen Neumeister <joneum@FreeBSD.org> AuthorDate: 2022-02-19 21:01:48 +0000 Commit: Jochen Neumeister <joneum@FreeBSD.org> CommitDate: 2022-02-19 21:04:11 +0000 www/nginx: update third-party ngx_fancyindex module Update third-party ngx-fancyindex module from v0.5.1 to v0.5.2 Add patch to fix heimdal build (1) PR: 261810 (1) Sponsored by: Netzkommune GmbH www/nginx/Makefile | 2 +- www/nginx/Makefile.extmod | 5 ++- www/nginx/distinfo | 6 +-- ...extra-patch-ngx_http_auth_spnego_module.c (new) | 49 ++++++++++++++++++++++ 4 files changed, 56 insertions(+), 6 deletions(-)