Summary: | databases/postgresql*-server: problems compiling with GSSAPI providers from ports. | ||||||
---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | c.kworr | ||||
Component: | Individual Port(s) | Assignee: | pgsql | ||||
Status: | New --- | ||||||
Severity: | Affects Some People | CC: | chris, cullum, cy, hrs, pmc | ||||
Priority: | --- | ||||||
Version: | Latest | ||||||
Hardware: | Any | ||||||
OS: | Any | ||||||
Attachments: |
|
Description
c.kworr
2018-02-10 09:56:10 UTC
MIT KRB5 has no libgssapi. It is libgssapi_krb5. libgssapi is available in base and in the heimdal port. Having said that, on my laptop I am able to successfully build postgres95-server: stage/usr/local/bin/pg_upgrade' gmake[3]: Leaving directory '/export/wrkdir/amd64/export/home/cy/freebsd/svn/ports/databases/postgresql95-server/work/postgresql-9.5.11/src/bin/pg_upgrade' gmake[2]: Leaving directory '/export/wrkdir/amd64/export/home/cy/freebsd/svn/ports/databases/postgresql95-server/work/postgresql-9.5.11/src/bin/pg_upgrade' ====> Compressing man pages (compress-man) ===> Staging rc.d startup script(s) slippy$ slippy$ env | grep -i ports PWD=/home/cy/freebsd/svn/ports/databases/postgresql95-server PORT_DBDIR=/home/cy/freebsd/db/ports PORTSDIR=/home/cy/freebsd/svn/ports slippy$ cat ~/freebsd/db/ports/databases_postgresql95-server/options # This file is auto-generated by 'make config'. # Options for postgresql95-server-9.5.11 _OPTIONS_READ=postgresql95-server-9.5.11 _FILE_COMPLETE_OPTIONS_LIST=DEBUG DTRACE GSSAPI ICU INTDATE LDAP NLS OPTIMIZED_CFLAGS PAM SSL TZDATA XML OPTIONS_FILE_UNSET+=DEBUG OPTIONS_FILE_UNSET+=DTRACE OPTIONS_FILE_SET+=GSSAPI ^^^^^^ OPTIONS_FILE_UNSET+=ICU OPTIONS_FILE_SET+=INTDATE OPTIONS_FILE_UNSET+=LDAP OPTIONS_FILE_SET+=NLS OPTIONS_FILE_UNSET+=OPTIMIZED_CFLAGS OPTIONS_FILE_UNSET+=PAM OPTIONS_FILE_SET+=SSL OPTIONS_FILE_SET+=TZDATA OPTIONS_FILE_SET+=XML slippy$ pkg info -I krb5 krb5-1.16 MIT implementation of RFC 4120 network authentication service slippy$ I suspect that this may be an environmental issue. No, this is not an environmental issue. When setting options GSSAPI, the postgresql Makefile explicitely sets 'LDFLAGS+=-lgssapi', and therefore configure will always look for the Heimdal gssapi. If this were not set, then configure would at first look for a -lgssapi_krb5 and then for -lgssapi, and therefore would find a MIT kerberos even with an unmodified base containing the Heimdal gssapi. The issue got more relevance since pgadmin4, since version 5.3, now uses Gssapi credstore extension, and this is currently only available in MIT. (Heimdal has it in head, but not in the current 7.7 release). What you can do, is: compile and link the postgresql with Heimdal gssapi from base, and then force it to runtime-link with the MIT gssapi, by means of the appropriate LD_PRELOAD settings. Since gssapi is pretty standardized, and since the latter is a superset, this actually happens to work. (But I would not want to do this in production; it rather happened to me accidentially.) I would much appreciate to get the radio buttons just like almost everything else in ports has them. I have built a separate instance WITHOUT_KERBEROS to run my pgadmin4, but I definitely do not want to also change my entire build&deploy scheme to also do WITHOUT_KERBEROS. Created attachment 254240 [details]
Use standard gssapi.mk variables for databases/postgresql16-server
As a result of this bug, it is impossible to build PostgreSQL 16 from FreeBSD ports with GSSAPI support. Version 16 depends on some newer krb5 functions that do not exist in the base system's ancient Heimdal distribution.
The attached patch modifies the postgresql Makefile to use gssapi.mk, along with the standard GSSAPI_ option names used by most other ports.
Tested with MIT kerberos and postgresql16.
|