Bug 257234

Summary: net/openldap-sasl-client: GSSAPI option misses security/cyrus-sasl2-gssapi dependency
Product: Ports & Packages Reporter: Harald Schmalzbauer <bugzilla.freebsd>
Component: Individual Port(s)Assignee: Xin LI <delphij>
Status: Closed DUPLICATE    
Severity: Affects Some People CC: bugzilla.freebsd, delphij
Priority: --- Keywords: needs-qa
Version: LatestFlags: bugzilla: maintainer-feedback? (delphij)
koobs: merge-quarterly?
Hardware: Any   
OS: Any   
Attachments:
Description Flags
Make security/cyrus-sasl2-gssapi a dependency for GSSAPI enabled openldap-sasl-client none

Description Harald Schmalzbauer 2021-07-17 14:32:56 UTC
Created attachment 226516 [details]
Make security/cyrus-sasl2-gssapi a dependency for GSSAPI enabled openldap-sasl-client

Due to slave port mechanisms, the ckeck for :MSASL doesn't match where, where :MGSSAPI check registers cyrus-sasl-gssapi>0:security/cyrus-sasl2-gssapi for RUN_DEPENDS.

Please find attached a simple diff which does the same test, where we define SASL option for CLIENT_ONLY == sasl.
Comment 1 Harald Schmalzbauer 2021-07-17 14:37:21 UTC
Additional info:

cd /usr/ports/net/openldap24-sasl-client/
make showconfig
===> The following configuration options are available for openldap-sasl-client-2.4.59:
     DEBUG=off: Build with debugging support
     DOCS=on: Build and/or install documentation
     FETCH=off: Enable fetch(3) support
     GSSAPI=on: With GSSAPI support (implies SASL support)
===> Use 'make config' to modify these settings

Without attached patch:
make package-depends-list
cyrus-sasl-2.1.27_1 /usr/ports/security/cyrus-sasl2 security/cyrus-sasl2
db5-5.3.28_7 /usr/ports/databases/db5 databases/db5

With attached diff:
make package-depends-list
cyrus-sasl-2.1.27_1 /usr/ports/security/cyrus-sasl2 security/cyrus-sasl2
db5-5.3.28_7 /usr/ports/databases/db5 databases/db5
cyrus-sasl-gssapi-2.1.27_1 /usr/ports/security/cyrus-sasl2-gssapi security/cyrus-sasl2-gssapi
Comment 2 Harald Schmalzbauer 2021-07-17 14:50:17 UTC
Another nit, which I'm unsure how to fix:

If you select option GSSAPI in for net/openldap24-client (_not_ net/openldap24-sasl-client), SASL implication doesn't work.

I'd suggest disabling GSSAPI option for non-sasl slave port.
Neither FLAVORizing nor putting significant efforts into any other workaround makes sense in my opinion.
There's a distinct slave port which can easily be requested by WANT_OPENLDAP_SASL=true.

So I think this is a appropriate fix:
diff --git a/net/openldap24-server/Makefile b/net/openldap24-server/Makefile
index aa3d8dafa4..29345a78eb 100644
--- a/net/openldap24-server/Makefile
+++ b/net/openldap24-server/Makefile
@@ -73,20 +73,23 @@ OPENLDAP_SHLIB_MAJOR=       2
 OPENLDAP_SHLIB_MINOR=  11.7
 OPENLDAP_MAJOR=                ${DISTVERSION:R}
 
-OPTIONS_DEFINE=                DEBUG FETCH GSSAPI
+OPTIONS_DEFINE=                DEBUG FETCH
 
 FETCH_DESC=            Enable fetch(3) support
 GSSAPI_DESC=           With GSSAPI support (implies SASL support)
 
 .if defined(CLIENT_ONLY)
 OPTIONS_DEFINE+=       DOCS
+.if ${CLIENT_ONLY} == sasl
+OPTIONS_DEFINE+=       GSSAPI
+.endif
 .else
 OPTIONS_DEFINE+=       DYNACL ACI BDB MDB DNSSRV PASSWD PERL RELAY SHELL
 OPTIONS_DEFINE+=       SOCK ODBC RLOOKUPS SLP SLAPI TCP_WRAPPERS
 OPTIONS_DEFINE+=       ACCESSLOG AUDITLOG COLLECT CONSTRAINT DDS
 OPTIONS_DEFINE+=       DEREF DYNGROUP DYNLIST MEMBEROF PPOLICY PCACHE
 OPTIONS_DEFINE+=       REFINT RETCODE RWM SEQMOD SSSVLV SYNCPROV TRANSLUCENT
-OPTIONS_DEFINE+=       UNIQUE VALSORT SMBPWD SHA2 DYNAMIC_BACKENDS SASL
+OPTIONS_DEFINE+=       UNIQUE VALSORT SMBPWD SHA2 DYNAMIC_BACKENDS SASL GSSAPI
 OPTIONS_DEFINE+=       LMPASSWD
 OPTIONS_DEFINE+=       PBKDF2
 OPTIONS_DEFINE+=       OUTLOOK
Comment 3 Hajimu UMEMOTO freebsd_committer 2021-07-17 15:36:19 UTC
Openldap is not my port but delphij's.
Comment 4 Xin LI freebsd_committer 2021-07-25 08:21:09 UTC
Marking this as duplicate of 257374 as this would be fixed as a side effect.

*** This bug has been marked as a duplicate of bug 257374 ***