124375 – security/heimdal: www/mod_auth_kerb doesn't compile against heimdal in ports

Bug 124375 - security/heimdal: www/mod_auth_kerb doesn't compile against heimdal in ports

Summary: security/heimdal: www/mod_auth_kerb doesn't compile against heimdal in ports

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	Normal Affects Some People
Assignee:	Jung-uk Kim

URL:
Keywords:

Depends on:
Blocks:

Reported:	2008-06-07 15:30 UTC by Wouter Verhelst
Modified:	2014-06-17 18:45 UTC (History)
CC List:	4 users (show)

See Also:

Attachments
Patch to conditionally add "-lgssapi_krb5" to KRB5_LDFLAGS (1.51 KB, patch) 2014-06-17 18:27 UTC, Jung-uk Kim	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Wouter Verhelst 2008-06-07 15:30:00 UTC

When trying to install www/mod_auth_kerb on a machine with the FreeBSD-default Kerberos implementation, heimdal, installed, compilation just dies, with the following near the end of the compile output:

/usr/local/build-1/libtool --silent --mode=compile cc -prefer-pic -O2 -fno-strict-aliasing -pipe -I/usr/local/include    -I/usr/local/include/apache22  -I/usr/local/include/apr-1   -I/usr/local/include/apr-1 -I/usr/local/include -I. -Ispnegokrb5 -I/usr/include  -c -o spnegokrb5/asn1_MechType.lo spnegokrb5/asn1_MechType.c && touch spnegokrb5/asn1_MechType.slo
In file included from /usr/local/include/der.h:97,
                 from spnegokrb5/asn1_MechType.c:11:
/usr/local/include/der-protos.h:13: error: syntax error before '*' token
/usr/local/include/der-protos.h:18: error: syntax error before '*' token
/usr/local/include/der-protos.h:25: error: syntax error before "heim_any"
/usr/local/include/der-protos.h:32: error: syntax error before "heim_any_set"
/usr/local/include/der-protos.h:37: error: syntax error before '*' token
/usr/local/include/der-protos.h:42: error: syntax error before '*' token
/usr/local/include/der-protos.h:47: error: syntax error before '*' token
/usr/local/include/der-protos.h:52: error: syntax error before '*' token
/usr/local/include/der-protos.h:57: error: syntax error before '*' token
/usr/local/include/der-protos.h:62: error: syntax error before '*' token
/usr/local/include/der-protos.h:67: error: syntax error before '*' token
/usr/local/include/der-protos.h:72: error: syntax error before '*' token
/usr/local/include/der-protos.h:77: error: syntax error before '*' token
/usr/local/include/der-protos.h:82: error: syntax error before '*' token
/usr/local/include/der-protos.h:87: error: syntax error before '*' token
/usr/local/include/der-protos.h:91: error: syntax error before '*' token
/usr/local/include/der-protos.h:94: error: syntax error before '*' token
/usr/local/include/der-protos.h:97: error: syntax error before '*' token
/usr/local/include/der-protos.h:100: error: syntax error before '*' token
/usr/local/include/der-protos.h:103: error: syntax error before '*' token
/usr/local/include/der-protos.h:106: error: syntax error before '*' token
/usr/local/include/der-protos.h:109: error: syntax error before '*' token
/usr/local/include/der-protos.h:112: error: syntax error before '*' token
/usr/local/include/der-protos.h:115: error: syntax error before '*' token
/usr/local/include/der-protos.h:118: error: syntax error before '*' token
/usr/local/include/der-protos.h:121: error: syntax error before '*' token
/usr/local/include/der-protos.h:127: error: syntax error before "heim_bit_string"
/usr/local/include/der-protos.h:134: error: syntax error before "heim_bmp_string"
/usr/local/include/der-protos.h:154: error: syntax error before "heim_general_string"
/usr/local/include/der-protos.h:168: error: syntax error before "heim_integer"
/usr/local/include/der-protos.h:175: error: syntax error before "heim_ia5_string"
/usr/local/include/der-protos.h:196: error: syntax error before "heim_octet_string"
/usr/local/include/der-protos.h:203: error: syntax error before "heim_oid"
/usr/local/include/der-protos.h:210: error: syntax error before "heim_printable_string"
/usr/local/include/der-protos.h:238: error: syntax error before "heim_universal_string"
/usr/local/include/der-protos.h:259: error: syntax error before "heim_utf8_string"
/usr/local/include/der-protos.h:266: error: syntax error before "heim_visible_string"
/usr/local/include/der-protos.h:271: error: syntax error before '*' token
/usr/local/include/der-protos.h:276: error: syntax error before '*' token
/usr/local/include/der-protos.h:281: error: syntax error before '*' token
/usr/local/include/der-protos.h:286: error: syntax error before '*' token
/usr/local/include/der-protos.h:291: error: syntax error before '*' token
/usr/local/include/der-protos.h:296: error: syntax error before '*' token
/usr/local/include/der-protos.h:300: error: syntax error before '*' token
/usr/local/include/der-protos.h:303: error: syntax error before '*' token
/usr/local/include/der-protos.h:312: error: syntax error before '*' token
/usr/local/include/der-protos.h:318: error: syntax error before '*' token
/usr/local/include/der-protos.h:321: error: syntax error before '*' token
/usr/local/include/der-protos.h:330: error: syntax error before '*' token
/usr/local/include/der-protos.h:333: error: syntax error before '*' token
/usr/local/include/der-protos.h:336: error: syntax error before '*' token
/usr/local/include/der-protos.h:339: error: syntax error before '*' token
/usr/local/include/der-protos.h:348: error: syntax error before '*' token
/usr/local/include/der-protos.h:351: error: syntax error before '*' token
/usr/local/include/der-protos.h:376: error: syntax error before "heim_oid"
/usr/local/include/der-protos.h:381: error: syntax error before "heim_integer"
/usr/local/include/der-protos.h:385: error: syntax error before '*' token
/usr/local/include/der-protos.h:391: error: syntax error before '*' token
/usr/local/include/der-protos.h:398: error: syntax error before '*' token
/usr/local/include/der-protos.h:405: error: syntax error before '*' token
/usr/local/include/der-protos.h:419: error: syntax error before '*' token
/usr/local/include/der-protos.h:433: error: syntax error before '*' token
/usr/local/include/der-protos.h:440: error: syntax error before '*' token
/usr/local/include/der-protos.h:471: error: syntax error before '*' token
/usr/local/include/der-protos.h:478: error: syntax error before '*' token
/usr/local/include/der-protos.h:485: error: syntax error before '*' token
/usr/local/include/der-protos.h:501: error: syntax error before '*' token
/usr/local/include/der-protos.h:522: error: syntax error before '*' token
/usr/local/include/der-protos.h:529: error: syntax error before '*' token
/usr/local/include/der-protos.h:536: error: syntax error before '*' token
/usr/local/include/der-protos.h:543: error: syntax error before '*' token
/usr/local/include/der-protos.h:547: error: syntax error before '*' token
/usr/local/include/der-protos.h:550: error: syntax error before '*' token
/usr/local/include/der-protos.h:554: error: syntax error before '*' token
/usr/local/include/der-protos.h:558: error: syntax error before '*' token
/usr/local/include/der-protos.h:561: error: syntax error before '*' token
In file included from spnegokrb5/asn1_MechType.c:11:
/usr/local/include/der.h:101: error: syntax error before "heim_octet_string"
apxs:Error: Command failed with rc=65536

Comment 1 Edwin Groothuis freebsd_committer

2008-06-07 15:30:08 UTC

Responsible Changed
From-To: freebsd-ports-bugs->apache

Over to maintainer (via the GNATS Auto Assign Tool)

Comment 2 Ryan Steinmetz 2008-12-06 19:54:20 UTC

This is only an issue when you have installed the heimdal port.  mod_auth_kerb compiles fine using the heimdal installation in base.


-- 
Ryan Steinmetz
Lead Security/Systems Administrator
Finance & Administration
Systems & Technology
Rochester Institute of Technology
585.475.5663
PGP: EF36 D45A 5CA9 28B1 A550  18CD A43C D111 7AD7 FAF2

Comment 3 Philip M. Gollucci freebsd_committer

2010-05-14 06:08:18 UTC

Responsible Changed
From-To: apache->freebsd-ports-bugs

apache@ doesn't maintain heimdal

Comment 4 Edwin Groothuis freebsd_committer

2010-09-14 19:42:24 UTC

Responsible Changed
From-To: freebsd-ports-bugs->apache

apache@ wants this port PRs (via the GNATS Auto Assign Tool)

Comment 5 Joerg Pulz 2010-11-07 19:49:57 UTC

[Resent as i messed up the subject in the previous mail]

Hi,

security/heimdal was updated to version 1.4 on 2010/10/31.
Please test if you still have problems.

If we receive no response, i would propose to close this PR as it relates to 
FreeBSD-6.3 and 6.x is EOL end of november 2010.

Kind regards
Joerg

-- 
The beginning is the most important part of the work.
 				-Plato

Comment 6 w 2010-11-07 23:36:02 UTC

On Sun, Nov 07, 2010 at 08:49:57PM +0100, Joerg Pulz wrote:
> [Resent as i messed up the subject in the previous mail]
> 
> Hi,
> 
> security/heimdal was updated to version 1.4 on 2010/10/31.
> Please test if you still have problems.

I can still reproduce (though it's with mod_auth_kerb2 rather than
mod_auth_kerb now; the latter requires apache 1.3, which I'm not using)

wouter@flamenco:/usr/ports/www/mod_auth_kerb2$ uname -r
8.1-STABLE

That's inside a jail, if that matters.

-- 
The biometric identification system at the gates of the CIA headquarters
works because there's a guard with a large gun making sure no one is
trying to fool the system.
  http://www.schneier.com/blog/archives/2009/01/biometrics.html

Comment 7 Dewayne 2014-03-19 01:15:33 UTC

To build the www/mod_auth_kerb2 package on a 9.2Stable system using the
security/heimdal port,
is  to copy the following into files/

--- patch-Makefile.in.orig      2014-03-13 19:57:40.000000000 +1100
+++ patch-Makefile.in   2014-03-13 19:58:11.000000000 +1100
@@ -4,7 +4,7 @@
  APXS = @APXS@
  KRB5_CPPFLAGS = @KRB5_CPPFLAGS@
 -KRB5_LDFLAGS = @KRB5_LDFLAGS@
-+KRB5_LDFLAGS = @KRB5_LDFLAGS@ -lgssapi_krb5
++KRB5_LDFLAGS = @KRB5_LDFLAGS@
  KRB4_CPPFLAGS = @KRB4_CPPFLAGS@
  KRB4_LDFLAGS = @KRB4_LDFLAGS@
  LIB_resolv = @LIB_resolv@


 patch-src__mod_auth_kerb_last.c
--- src/mod_auth_kerb.c.orig        2013-11-27 16:33:18.000000000 +1100
+++ src/mod_auth_kerb.c     2013-11-27 16:33:35.000000000 +1100
@@ -100,6 +100,7 @@
 #include <krb5.h>
 #ifdef HEIMDAL
 #  include <gssapi/gssapi.h>
+#  include <gssapi/gssapi_krb5.h>
 #else
 #  include <gssapi/gssapi.h>
 #  include <gssapi/gssapi_generic.h>

caveat:  heimdal is placed into /usr (PREFIX=/usr), so my
HEIMDAL_HOME=/usr which enables the include files and libraries to be
found by other ports.
Regards, Dewayne.

Comment 8 John Marino freebsd_committer

2014-06-10 10:46:36 UTC

dewayne, I don't understand your caveat.  Isn't the ports heimdal normally installed in /usr/local ?  So that your patch only works for non-std installations?

Comment 9 dewayne 2014-06-10 13:06:22 UTC

The problem is when you use the heimdal port. Heimdal 1.5.2 in ports, being a later version, doesn't have the same include files and libraries that the base  system heimdal has.  Fortunately most ports that require heimdal can build from either the base or heimdal port; except where the port maintainer only considers the use case of heimdal from base, as in this case.

And yes, I'm deliberately overwriting heimdal in the base system but that is largely incidental for this issue with mod_auth_kerb2.  Fortunately someone lost in antiquity made the good decision to make available & use HEIMDAL_HOME in addition to PREFIX.

As I recall I had a useful discussion with Timur, I think, about the tasks/steps needed to get heimdal port consistently integrated with other ports. Quite a few maintainers make a pretty good effort eg security/cyrus-sasl2-gssapi/ or net/samba36, and by consistent I mean across more ports that check for and make similar decisions.  I'd be happy to share if interested & have time?

Comment 10 Jung-uk Kim freebsd_committer

2014-06-17 18:27:44 UTC

Created attachment 143878 [details]
Patch to conditionally add "-lgssapi_krb5" to KRB5_LDFLAGS

Comment 11 Jung-uk Kim freebsd_committer

2014-06-17 18:30:53 UTC

I was bitten by this bug, too.  Please note libgssapi_krb5.so does not exist in security/heimdal.

Comment 12 John Marino freebsd_committer

2014-06-17 18:34:05 UTC

Jung-uk Kim, why not just take over this PR?  It was opened 6 years ago, so I would classify that as "timed out".

I suspect from the comments that it shouldn't even be assigned to "apache@".

Comment 13 Jung-uk Kim freebsd_committer

2014-06-17 18:38:11 UTC

I'll take it from here as marino suggested.

Comment 14 commit-hook freebsd_committer

2014-06-17 18:44:40 UTC

A commit references this bug:

Author: jkim
Date: Tue Jun 17 18:44:05 UTC 2014
New revision: 358159
URL: http://svnweb.freebsd.org/changeset/ports/358159

Log:
  Conditionally add "-lgssapi_krb5" to KRB5_LDFLAGS.  This fixes build with
  security/heimdal.

  PR:		ports/124375
  Approved by:	apache (maintainer, timeout 6+ years)

Changes:
  head/www/mod_auth_kerb2/Makefile
  head/www/mod_auth_kerb2/files/patch-Makefile.in