Created attachment 232103 [details] add option KERBEROS - possibility to not install security/krb5 Tested on 13.0 amd64.
Thanks, I will look into it, after version 14.8 is released to ports.
(In reply to Matthias Fechner from comment #1) 14.8 is in ports - have you forgotten about this change?
No I have not forgotten it. I focused on get the last version out, as the was a CVE linked with extrem high score. I will testbuild it and will commit it in some minutes. If it breaks with future versions, please commit a PR with a patch, I will commit the fix then accordingly. Thanks.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=ccc9d98b47ff35cda47a10094e7777d962c48108 commit ccc9d98b47ff35cda47a10094e7777d962c48108 Author: VVD <vvd@unislabs.com> AuthorDate: 2022-03-10 16:47:12 +0000 Commit: Matthias Fechner <mfechner@FreeBSD.org> CommitDate: 2022-03-10 16:47:12 +0000 www/gitlab-ce: add option to remove kerberos dep I understand that this option can be helpful, but I do not suggest to use it. If it breaks due to new version and the patch does not apply anymore, please send a PR then I will update this feature accordingly. But I will not testbuild gitlab with many option combinations. PR: 262191 www/gitlab-ce/Makefile | 10 ++++++++-- www/gitlab-ce/files/extra-patch-Gemfile-kerberos-off (new) | 11 +++++++++++ 2 files changed, 19 insertions(+), 2 deletions(-)
Fixed, thanks for taking care of this feature.
Thanks!
Hi everybody, in order to be able to install Gitlab CE 15.9.4 without Kerberos, I had to update `files/extra-patch-Gemfile-kerberos-off` to: ``` +++ Gemfile 2023-04-04 09:18:50.624315000 +0200 @@ -82,7 +82,7 @@ # Kerberos authentication. EE-only gem 'gssapi', '~> 1.3.1', group: :kerberos -gem 'timfel-krb5-auth', '~> 0.8', group: :kerberos +#gem 'timfel-krb5-auth', '~> 0.8', group: :kerberos # Spam and anti-bot protection gem 'recaptcha', '~> 5.12', require: 'recaptcha/rails' ``` Incidentally, I never know what to choose between `heimdal` and `krb5`, all advice welcome :) Best regards, Laurent.
(In reply to Laurent Daverio from comment #7) I made the same patch yesterday too. But I found that devel/gitlab-shell have: BUILD_DEPENDS= heimdal>=0:security/heimdal. Created 2 patches: # cat /usr/ports/devel/gitlab-shell/files/patch-go.mod --- go.mod.orig +++ go.mod @@ -9,7 +9,6 @@ github.com/hashicorp/go-retryablehttp v0.7.1 github.com/mattn/go-shellwords v1.0.11 github.com/mikesmitty/edkey v0.0.0-20170222072505-3356ea4e686a - github.com/openshift/gssapi v0.0.0-20161010215902-5fb4217df13b github.com/otiai10/copy v1.4.2 github.com/pires/go-proxyproto v0.6.2 github.com/prometheus/client_golang v1.13.1 # cat /usr/ports/devel/gitlab-shell/files/patch-go.sum --- go.sum.orig +++ go.sum @@ -277,8 +277,6 @@ github.com/onsi/ginkgo v1.10.3 h1:OoxbjfXVZyod1fmWYhI7SEyaD8B00ynP3T+D5GiyHOY= github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.1 h1:K0jcRCwNQM3vFGh1ppMtDh/+7ApJrjldlX8fA0jDTLQ= -github.com/openshift/gssapi v0.0.0-20161010215902-5fb4217df13b h1:it0YPE/evO6/m8t8wxis9KFI2F/aleOKsI6d9uz0cEk= -github.com/openshift/gssapi v0.0.0-20161010215902-5fb4217df13b/go.mod h1:tNrEB5k8SI+g5kOlsCmL2ELASfpqEofI0+FLBgBdN08= github.com/opentracing/opentracing-go v1.0.2/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs= But it regenerate both files during build stage after configure. But I found hack: if apply this patches after build fails and run make again - it build and install fine. I'm not familiar with go, but I think core of this issue is in internal/sshd/gssapi.go or/and in internal/config/config.go. P.S. I think better to create separate PR for this issue.
(In reply to Laurent Daverio from comment #7) Can you create separate PR with your patch attached as "patch"?
(In reply to Vladimir Druzenko from comment #9) Hi Vladimir, on second thoughts, I wasn't so sure that patching the Gemfile would be a good idea, as it may change a lot between releases, and the patchfile would have to be checked and/or edited frequently :/ My current hack involves: 1/ Typing "make" and waiting for the build to fail 2/ Edit the Makefile to remove the line: KERBEROS_EXTRA_PATCHES_OFF= ${FILESDIR}/extra-patch-Gemfile-kerberos-off (I search for the first occurrence of "extra" in the file) 3/ Open file work/gitlab-foss-*/Gemfile, and remove the line containing "timfel" So, what I'm basically doing is patching the Gemfile manually 4/ Run "make" again to complete build
(In reply to Laurent Daverio from comment #10) Commited: https://cgit.freebsd.org/ports/commit/?id=e873d898b941e784a62a0aa64fc8c11fd709c634