Bug 236959

Summary: www/squid: Broken with GSSAPI_MIT
Product: Ports & Packages Reporter: Renato Botelho <garga>
Component: Individual Port(s)Assignee: Renato Botelho <garga>
Status: Closed FIXED    
Severity: Affects Some People CC: timp87
Priority: --- Flags: bugzilla: maintainer-feedback? (timp87)
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
Fix build with MIT krb5
none
Fix build with MIT (take #2)
none
Fix build with GSSAPI (Take #3) garga: maintainer-approval?

Description Renato Botelho freebsd_committer freebsd_triage 2019-04-02 12:05:25 UTC 
Attermpted to build www/squid, version 4.6, on FreeBSD 12.0-RELEASE with following options:

---Begin OPTIONS List---
===> The following configuration options are available for squid-4.6:
     ARP_ACL=on: ARP/MAC/EUI based authentification
     BDB=off: Berkeley DB support required for session and time quota external helpers
     CACHE_DIGESTS=on: Use cache digests
     DEBUG=off: Build with extended debugging support
     DELAY_POOLS=on: Delay pools (bandwidth limiting)
     DOCS=off: Build and/or install documentation
     ECAP=off: Loadable content adaptation modules
     ESI=off: ESI support
     EXAMPLES=off: Build and/or install examples
     FOLLOW_XFF=on: Support for the X-Following-For header
     FS_AUFS=on: AUFS (threaded-io) support
     FS_DISKD=on: DISKD storage engine controlled by separate service
     FS_ROCK=off: ROCK storage engine
     HTCP=on: HTCP support
     ICAP=on: the ICAP client
     ICMP=on: ICMP pinging and network measurement
     IDENT=on: Ident lookups (RFC 931)
     IPV6=on: IPv6 protocol support
     KQUEUE=on: Kqueue(2) support
     LARGEFILE=on: Support large (>2GB) cache and log files
     LAX_HTTP=on: Do not enforce strict HTTP compliance
     NETTLE=off: Nettle MD5 algorithm support
     PCRE=on: Use Perl Compatible Regular Expressions
     SNMP=on: SNMP support
     SSL=on: SSL gatewaying support
     SSL_CRTD=on: Use ssl_crtd to handle SSL cert requests
     STACKTRACES=off: Enable automatic backtraces on fatal errors
     VIA_DB=off: Forward/Via database
     WCCP=on: Web Cache Coordination Protocol
     WCCPV2=on: Web Cache Coordination Protocol v2
====> Authentication helpers
     AUTH_LDAP=on: Install LDAP authentication helpers
     AUTH_NIS=on: Install NIS/YP authentication helpers
     AUTH_SASL=on: Install SASL authentication helpers
     AUTH_SMB=off: Install SMB auth. helpers (req. Samba)
     AUTH_SQL=off: Install SQL based auth
====> GSSAPI Security API support: you have to select exactly one of them
     GSSAPI_NONE=off: Disable GSSAPI support
     GSSAPI_BASE=off: GSSAPI support via base system (needs Kerberos)
     GSSAPI_HEIMDAL=off: GSSAPI support via security/heimdal
     GSSAPI_MIT=on: GSSAPI support via security/krb5
====> Options available for the radio FW: you can only select none or one of them
     TP_IPF=off: Transparent proxying with IPFilter
     TP_IPFW=off: Transparent proxying with IPFW
     TP_PF=on: Transparent proxying with PF
===> Use 'make config' to modify these settings
---End OPTIONS List---

And it failed with following error:

Qunused-arguments -Wno-deprecated-register  -D_REENTRANT -I/usr/local/include -I/usr/include -O2 -pipe -I/usr/local/include -I/usr/local/include -fstack-protector -DLDAP_DEPRECATED -fno-strict-aliasing   -I/usr/local/include -MT support_krb5.o -MD -MP -MF $depbase.Tpo -c -o support_krb5.o support_krb5.cc && mv -f $depbase.Tpo $depbase.Po
support_krb5.cc:292:117: error: format specifies type 'char *' but the argument has type 'krb5_data' (aka '_krb5_data') [-Werror,-Wformat]
            debug((char *) "%s| %s: DEBUG: Keytab entry has realm name: %s\n", LogTime(), PROGRAM, entry.principal->realm);
                                                                        ~~                                          ^~~~~
../../../../compat/debug.h:31:41: note: expanded from macro 'debug'
                         fprintf(stderr,X); \
                                        ^
support_krb5.cc:297:18: error: no matching function for call to 'strcasecmp'
            if (!strcasecmp(domain, entry.principal->realm))
                 ^~~~~~~~~~
/usr/include/strings.h:65:6: note: candidate function not viable: no known conversion from 'krb5_data' (aka '_krb5_data') to 'const char *' for 2nd argument
int      strcasecmp(const char *, const char *) __pure;
         ^
support_krb5.cc:456:80: error: no matching function for call to 'strlen'
                service = (char *) xmalloc(strlen("krbtgt") + strlen(domain) + strlen(principal_list[i]->realm) + 3);
                                                                               ^~~~~~
/usr/include/string.h:97:9: note: candidate function not viable: no known conversion from 'krb5_data' (aka '_krb5_data') to 'const char *' for 1st argument
size_t   strlen(const char *) __pure;
         ^
support_krb5.cc:457:71: error: no matching function for call to 'strlen'
                snprintf(service, strlen("krbtgt") + strlen(domain) + strlen(principal_list[i]->realm) + 3, "krbtgt/%s@%s", domain, principal_list[i]->realm);
                                                                      ^~~~~~
/usr/include/string.h:97:9: note: candidate function not viable: no known conversion from 'krb5_data' (aka '_krb5_data') to 'const char *' for 1st argument
size_t   strlen(const char *) __pure;
         ^
4 errors generated.
*** Error code 1

Stop.
make[6]: stopped in /wrkdirs/usr/ports/www/squid/work/squid-4.6/src/acl/external/kerberos_ldap_group
*** Error code 1

Stop.
make[5]: stopped in /wrkdirs/usr/ports/www/squid/work/squid-4.6/src/acl/external
*** Error code 1

Stop.
make[4]: stopped in /wrkdirs/usr/ports/www/squid/work/squid-4.6/src/acl
*** Error code 1

Stop.
make[3]: stopped in /wrkdirs/usr/ports/www/squid/work/squid-4.6/src
*** Error code 1

Stop.
make[2]: stopped in /wrkdirs/usr/ports/www/squid/work/squid-4.6/src
*** Error code 1

Stop.
make[1]: stopped in /wrkdirs/usr/ports/www/squid/work/squid-4.6
*** Error code 1

Stop.
make: stopped in /usr/ports/www/squid
Comment 1 Pavel Timofeev 2019-04-05 19:14:03 UTC 
I can't reproduce it.
Could you please provide /etc/make.conf content also?
And, please, post 'pkg info' for your openldap installed package here.
Comment 2 Renato Botelho freebsd_committer freebsd_triage 2019-04-08 11:42:56 UTC 
(In reply to timp87 from comment #1)
I opened a ticket upstream, lets try to follow it there before make any change here.

https://bugs.squid-cache.org/show_bug.cgi?id=4933
Comment 3 Renato Botelho freebsd_committer freebsd_triage 2019-04-08 11:49:46 UTC 
Created attachment 203475 [details]
Fix build with MIT krb5

Fix proposed on upstream ticket
Comment 4 Renato Botelho freebsd_committer freebsd_triage 2019-04-08 12:25:39 UTC 
Created attachment 203477 [details]
Fix build with MIT (take #2)

pkgconfig is needed by configure script to find krb5-config
Comment 5 Renato Botelho freebsd_committer freebsd_triage 2019-04-08 23:53:41 UTC 
Created attachment 203509 [details]
Fix build with GSSAPI (Take #3)

Previous patch broke build with GSSAPI_BASE. This one work with all GSSAPI options. It passes krb5-config path as a parameter to configure making it to find the binary and work as expected
Comment 6 commit-hook freebsd_committer freebsd_triage 2019-04-22 12:30:19 UTC 
A commit references this bug:

Author: garga
Date: Mon Apr 22 12:29:44 UTC 2019
New revision: 499632
URL: https://svnweb.freebsd.org/changeset/ports/499632

Log:
  www/squid: Fix build with GSSAPI options

  In some circumstances squid's configure script cannot detect properly which
  GSSAPI is being used to build with and break build.  Applied patch from
  upstream ticket and also passes path of desired krb5-config to be used
  during build

  PR:		236959
  Approved by:	maintainer timeout (2 weeks)
  Obtained from:	https://bugs.squid-cache.org/show_bug.cgi?id=4933 (based on)
  Sponsored by:	Rubicon Communications, LLC (Netgate)

Changes:
  head/www/squid/Makefile
  head/www/squid/files/patch-configure