Bug 263104
| Summary: | www/nginx: nginx-full fails to link: ld: error: undefined symbol: main (HTTP_AUTH_KRB5 is ON but no GSS_API_* options is set) | ||
|---|---|---|---|
| Product: | Ports & Packages | Reporter: | pete |
| Component: | Individual Port(s) | Assignee: | Jochen Neumeister <joneum> |
| Status: | Closed FIXED | ||
| Severity: | Affects Many People | CC: | joneum, me, reezer |
| Priority: | --- | Keywords: | needs-patch, needs-qa |
| Version: | Latest | Flags: | bugzilla:
maintainer-feedback?
(joneum) koobs: merge-quarterly? |
| Hardware: | Any | ||
| OS: | Any | ||
|
Description
pete
2022-04-06 23:05:20 UTC
It appears that there are problems building the port, specifically compiling one of the modules. So it either has to be fixed or disabled. https://lists.freebsd.org/archives/freebsd-pkg-fallout/2022-April/227683.html I think I've figured out why it is failing to build, one of the modules requires HTTP_AUTH_KRB5 to be set. I figured this out by noticing this error when building:
cc -o objs/ngx_http_auth_spnego_module.so objs/addon/spnego-http-auth-nginx-module-c626163/ngx_http_auth_spnego_module.o objs/ngx_http_auth_spnego_module_modules.o -L/usr/local/lib -L /usr/
local/lib -L -shared
ld: error: undefined symbol: main
>>> referenced by crt1_c.c:73 (/usr/src/lib/csu/amd64/crt1_c.c:73)
>>> /usr/lib/crt1.o:(_start)
This made me realize that www/nginx/files/extra-patch-spnego-http-auth-nginx-module-config was not being applied when the port was being built causing the ld error. but after enabling HTTP_AUTH_KRB5 and rebuilding I am able to build a package, and the spnego module is able to link:
cc -o objs/ngx_http_auth_spnego_module.so objs/addon/spnego-http-auth-nginx-module-c626163/ngx_http_auth_spnego_module.o objs/ngx_http_auth_spnego_module_modules.o -L/usr/local/lib -L /usr/
local/lib -L/usr/local/lib -lkrb5 -lgssapi_krb5 -shared
I am not %100 sure how to fix this for the www/nginx-full port though, my reading of the Makefile makes it seem like it is enabled by default because it is listed in OPTIONS_DEFAULT.
(In reply to pete from comment #2) Sorry there was a typo in my previous reply. HTTP_AUTH_KRB5 *is* enabled by default, I had to manually enable GSSAPI_MIT - after setting this to enabled the port built cleanly. I am still not sure if we should set GSSAPI_MIT to enabled as default, or if there is another piece of logic I'm missing. The port is only a slave port of www/nginx. If www/nginx-full has an error, it comes from www/nginx. So the error is not in www/nginx-full, but in www/nginx. Since www/nginx-full has not been loved for a long time, some modules are missing, which I have added to www/nginx in the course of time. I took over www/nginx-full some time ago, but haven't given it any love yet. So now we should focus on www/nginx, because that's where the error is. For me would now be interesting: How did the error happen with you? Did you change www/nginx-full options, or did you use the default settings? I think the main use case of the port is so people who want different options than www/nginx can install a package, rather than self compiling. Anyways, that is mine. So the pre-built package didn't exist for a while now. https://portsfallout.com/fallout?port=www%2Fnginx-full%24 In other words, we're talking about the default settings. https://www.freshports.org/www/nginx https://www.freshports.org/www/nginx-full you can check here the "Configuration Options:" and you will find that nginx-full has many more modules ON (In reply to Jochen Neumeister from comment #6) I am not sure what you are trying to say by that. I just clarified we are talking about default options of the packages, which is why nginx-full is in fallout, while nginx isn't. and I tried to explain that nginx-full is a slaveport of nginx, and get all the necessary information from it. Only nginx-full has more modules enabled than nginx. (In reply to Jochen Neumeister from comment #8) Hi thanks for taking a look at this, as well as the insight. The reason I created this ticket against www/nginx-full is that I needed to ensure GSSAPI_MIT was set to enabled for that port, otherwise it would fail to build. Once I add manually enabled that option for www/nginx-full I was able to build it and have a functional package. The root cause of the reason that I wanted to use the nginx-full port in the first place was that it has several modules enabled I wanted to take advantage of that weren't in the default port (for example HTTP_FANCYINDEX). For now I've configured poudriere to enable GSSAPI_MIT for www/nginx-full allowing me to use the resulting pkg on my webserver. Hopefully it's as straight forward as I think it is and makes sense to just ensure that option is defined in OPTIONS_DEFAULT in the Makefile. Let's clear this up. Regardless of where or what port nginx-full's configuration come from...
nginx-full has by default (OPTIONS_DEFAULT)
HTTP_AUTH_KRB5=on: 3rd party http_auth_gss module
but does not have a corresponding GSSAPI_* option enabled:
GSSAPI_HEIMDAL=off: GSSAPI support via security/heimdal
GSSAPI_MIT=off: GSSAPI support via security/krb5
nginx-full needs to either:
- Remove HTTP_AUTH_KRB5 from OPTIONS_DEFAULT, but this would not be consistent with -full
OR
- Add/set a default GSSAPI_* option, either via HTTP_AUTH_KRB5_*IMPLIES* or otherwise.
Right now, both the nginx-full port in its default state, and the nginx-full binary package are broken, with the latter package not being available to users.
Hello, just bumping this ticket. I agree with the previous comment/synopsis from koobs, so hoping the changes we need to make are pretty minor to unbreak builds. fixed |
