Bug 128972 - Port security/krb5 has a linking problem when compiled against base openssl
Summary: Port security/krb5 has a linking problem when compiled against base openssl
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Cy Schubert
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-11-18 20:40 UTC by Dwayne MacKinnon
Modified: 2015-08-14 00:28 UTC (History)
3 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Dwayne MacKinnon 2008-11-18 20:40:00 UTC
After installing security/krb5, any attempt to use the binaries created results in the following error message:

/libexec/ld-elf.so.1: /usr/local/lib/libgssrpc.so: Undefined symbol "gss_mech_krb5"

The behavior only happens when WITH_OPENSSL_BASE=YES is defined in /etc/make.conf.
If the port is allowed to install security/openssl as a dependency this error does not happen.

I've also confirmed this problem on a FreeBSD 7.0-RELEASE-p1 i386 box

How-To-Repeat: Define WITH_OPENSSL_BASE=YES in /etc/make.conf.

Install security/krb5 from by compiling from ports.

Try to run kdb5_util create -s to create a new kerberos database.
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2008-11-18 20:40:09 UTC
Responsible Changed
From-To: freebsd-ports-bugs->cy

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 ben 2010-08-12 03:16:23 UTC
This is a multi-part message in MIME format.
Comment 3 ben 2010-08-12 03:16:23 UTC
This is a multi-part message in MIME format.
Comment 4 Martin Wilke freebsd_committer freebsd_triage 2011-02-13 07:13:44 UTC
State Changed
From-To: open->feedback

problem still present ?
Comment 5 Cy Schubert 2011-04-26 20:38:49 UTC
In message <201104261753.p3QHrW0L007239@crow.ee.washington.edu>, Lee Damon 
writ
es:
> Hello,
> 
> The bug <http://www.freebsd.org/cgi/query-pr.cgi?pr=128972> appears to
> still be present on my FBSD 8.2 systems.  I don't see any updates about
> why the patch isn't applied.  Is there any chance it can be applied to
> the source tree so I can stop manually applying it every time I update?

Your patch doesn't take into account if $KRB5_HOME is set. I've reworkded 
your patch and will test it out. Do you mind testing this out?

Index: Makefile
===================================================================
RCS file: /home/pcvs/ports/security/krb5/Makefile,v
retrieving revision 1.150
diff -u -r1.150 Makefile
--- Makefile	14 Apr 2011 00:39:25 -0000	1.150
+++ Makefile	26 Apr 2011 19:37:58 -0000
@@ -42,8 +42,23 @@
 
 .if defined(KRB5_HOME)
 PREFIX=			${KRB5_HOME}
-CFLAGS+=		-rpath=${KRB5_HOME}/lib
-LDFLAGS+=		-rpath=${KRB5_HOME}/lib
+.if defined(WITH_OPENSSL_BASE)
+# reverse the rpath order set by bsd.openssl.mk
+CONFIGURE_ENV+= LDFLAGS="-rpath=${KRB5_HOME}/lib:${LOCALBASE}/lib:/usr/lib"
+CFLAGS+=		-rpath=${KRB5_HOME}/lib:${LOCALBASE}/lib:/usr/lib
+LDFLAGS+=		-rpath=${KRB5_HOME}/lib:${LOCALBASE}/lib:/usr/lib
+.else
+CONFIGURE_ENV+= LDFLAGS="-rpath=${KRB5_HOME}/lib:/usr/lib"
+CFLAGS+=		-rpath=${KRB5_HOME}/lib:/usr/lib
+LDFLAGS+=		-rpath=${KRB5_HOME}/lib::/usr/lib
+.endif
+.else
+.if defined(WITH_OPENSSL_BASE)
+# reverse the rpath order set by bsd.openssl.mk
+CONFIGURE_ENV+= LDFLAGS="-rpath=${LOCALBASE}/lib:/usr/lib"
+CFLAGS+=		-rpath=${LOCALBASE}/lib:/usr/lib
+LDFLAGS+=		-rpath=${LOCALBASE}/lib:/usr/lib
+.endif
 .endif
 
 .include <bsd.port.pre.mk>


-- 
Cheers,
Cy Schubert <Cy.Schubert@komquats.com>
FreeBSD UNIX:  <cy@FreeBSD.org>   Web:  http://www.FreeBSD.org

	Q: How did the regular expression cross the road?
	A: ^.*$
Comment 6 nomad 2011-04-26 20:46:46 UTC
It's not my patch but I'm happy to test it.

nomad

On 4/26/11 12:38 , Cy Schubert wrote:
> In message <201104261753.p3QHrW0L007239@crow.ee.washington.edu>, Lee Damon 
> writ
> es:
>> Hello,
>>
>> The bug <http://www.freebsd.org/cgi/query-pr.cgi?pr=128972> appears to
>> still be present on my FBSD 8.2 systems.  I don't see any updates about
>> why the patch isn't applied.  Is there any chance it can be applied to
>> the source tree so I can stop manually applying it every time I update?
> 
> Your patch doesn't take into account if $KRB5_HOME is set. I've reworkded 
> your patch and will test it out. Do you mind testing this out?
> 
> Index: Makefile
> ===================================================================
> RCS file: /home/pcvs/ports/security/krb5/Makefile,v
> retrieving revision 1.150
> diff -u -r1.150 Makefile
> --- Makefile	14 Apr 2011 00:39:25 -0000	1.150
> +++ Makefile	26 Apr 2011 19:37:58 -0000
> @@ -42,8 +42,23 @@
>  
>  .if defined(KRB5_HOME)
>  PREFIX=			${KRB5_HOME}
> -CFLAGS+=		-rpath=${KRB5_HOME}/lib
> -LDFLAGS+=		-rpath=${KRB5_HOME}/lib
> +.if defined(WITH_OPENSSL_BASE)
> +# reverse the rpath order set by bsd.openssl.mk
> +CONFIGURE_ENV+= LDFLAGS="-rpath=${KRB5_HOME}/lib:${LOCALBASE}/lib:/usr/lib"
> +CFLAGS+=		-rpath=${KRB5_HOME}/lib:${LOCALBASE}/lib:/usr/lib
> +LDFLAGS+=		-rpath=${KRB5_HOME}/lib:${LOCALBASE}/lib:/usr/lib
> +.else
> +CONFIGURE_ENV+= LDFLAGS="-rpath=${KRB5_HOME}/lib:/usr/lib"
> +CFLAGS+=		-rpath=${KRB5_HOME}/lib:/usr/lib
> +LDFLAGS+=		-rpath=${KRB5_HOME}/lib::/usr/lib
> +.endif
> +.else
> +.if defined(WITH_OPENSSL_BASE)
> +# reverse the rpath order set by bsd.openssl.mk
> +CONFIGURE_ENV+= LDFLAGS="-rpath=${LOCALBASE}/lib:/usr/lib"
> +CFLAGS+=		-rpath=${LOCALBASE}/lib:/usr/lib
> +LDFLAGS+=		-rpath=${LOCALBASE}/lib:/usr/lib
> +.endif
>  .endif
>  
>  .include <bsd.port.pre.mk>
> 
>
Comment 7 nomad 2011-04-26 22:22:16 UTC
Doesn't seem to have fixed it.  I don't have WITH_OPENSSL_BASE defined
in /etc/make.conf but I still get the undefined symbol error.

coho# cat /etc/make.conf
WITH_SASL=YES
# added by use.perl 2011-04-26 11:18:34
PERL_VERSION=5.10.1
coho# kinit nomad
/libexec/ld-elf.so.1: /usr/local/lib/libgssrpc.so: Undefined symbol
"gss_mech_krb5"

I just tried adding
	WITH_OPENSSL_BASE=YES
to /etc/make.conf and the error goes away.  Interesting.

nomad

On 4/26/11 12:38 , Cy Schubert wrote:
> In message <201104261753.p3QHrW0L007239@crow.ee.washington.edu>, Lee Damon 
> writ
> es:
>> Hello,
>>
>> The bug <http://www.freebsd.org/cgi/query-pr.cgi?pr=128972> appears to
>> still be present on my FBSD 8.2 systems.  I don't see any updates about
>> why the patch isn't applied.  Is there any chance it can be applied to
>> the source tree so I can stop manually applying it every time I update?
> 
> Your patch doesn't take into account if $KRB5_HOME is set. I've reworkded 
> your patch and will test it out. Do you mind testing this out?
> 
> Index: Makefile
> ===================================================================
> RCS file: /home/pcvs/ports/security/krb5/Makefile,v
> retrieving revision 1.150
> diff -u -r1.150 Makefile
> --- Makefile	14 Apr 2011 00:39:25 -0000	1.150
> +++ Makefile	26 Apr 2011 19:37:58 -0000
> @@ -42,8 +42,23 @@
>  
>  .if defined(KRB5_HOME)
>  PREFIX=			${KRB5_HOME}
> -CFLAGS+=		-rpath=${KRB5_HOME}/lib
> -LDFLAGS+=		-rpath=${KRB5_HOME}/lib
> +.if defined(WITH_OPENSSL_BASE)
> +# reverse the rpath order set by bsd.openssl.mk
> +CONFIGURE_ENV+= LDFLAGS="-rpath=${KRB5_HOME}/lib:${LOCALBASE}/lib:/usr/lib"
> +CFLAGS+=		-rpath=${KRB5_HOME}/lib:${LOCALBASE}/lib:/usr/lib
> +LDFLAGS+=		-rpath=${KRB5_HOME}/lib:${LOCALBASE}/lib:/usr/lib
> +.else
> +CONFIGURE_ENV+= LDFLAGS="-rpath=${KRB5_HOME}/lib:/usr/lib"
> +CFLAGS+=		-rpath=${KRB5_HOME}/lib:/usr/lib
> +LDFLAGS+=		-rpath=${KRB5_HOME}/lib::/usr/lib
> +.endif
> +.else
> +.if defined(WITH_OPENSSL_BASE)
> +# reverse the rpath order set by bsd.openssl.mk
> +CONFIGURE_ENV+= LDFLAGS="-rpath=${LOCALBASE}/lib:/usr/lib"
> +CFLAGS+=		-rpath=${LOCALBASE}/lib:/usr/lib
> +LDFLAGS+=		-rpath=${LOCALBASE}/lib:/usr/lib
> +.endif
>  .endif
>  
>  .include <bsd.port.pre.mk>
> 
>
Comment 8 nomad 2011-04-26 22:39:51 UTC
I should say, the reason I noticed this problem is that when I use the
default Makefile I get this error:

/libexec/ld-elf.so.1: /usr/local/lib/libgssrpc.so: Undefined symbol
"gss_mech_krb5"

This is without anything special defined in /etc/make.conf.

That's how I noticed the patch in the first place - it was the first hit
in Google for the error I get.

nomad

On 4/26/11 12:38 , Cy Schubert wrote:
> In message <201104261753.p3QHrW0L007239@crow.ee.washington.edu>, Lee Damon 
> writ
> es:
>> Hello,
>>
>> The bug <http://www.freebsd.org/cgi/query-pr.cgi?pr=128972> appears to
>> still be present on my FBSD 8.2 systems.  I don't see any updates about
>> why the patch isn't applied.  Is there any chance it can be applied to
>> the source tree so I can stop manually applying it every time I update?
> 
> Your patch doesn't take into account if $KRB5_HOME is set. I've reworkded 
> your patch and will test it out. Do you mind testing this out?
> 
> Index: Makefile
> ===================================================================
> RCS file: /home/pcvs/ports/security/krb5/Makefile,v
> retrieving revision 1.150
> diff -u -r1.150 Makefile
> --- Makefile	14 Apr 2011 00:39:25 -0000	1.150
> +++ Makefile	26 Apr 2011 19:37:58 -0000
> @@ -42,8 +42,23 @@
>  
>  .if defined(KRB5_HOME)
>  PREFIX=			${KRB5_HOME}
> -CFLAGS+=		-rpath=${KRB5_HOME}/lib
> -LDFLAGS+=		-rpath=${KRB5_HOME}/lib
> +.if defined(WITH_OPENSSL_BASE)
> +# reverse the rpath order set by bsd.openssl.mk
> +CONFIGURE_ENV+= LDFLAGS="-rpath=${KRB5_HOME}/lib:${LOCALBASE}/lib:/usr/lib"
> +CFLAGS+=		-rpath=${KRB5_HOME}/lib:${LOCALBASE}/lib:/usr/lib
> +LDFLAGS+=		-rpath=${KRB5_HOME}/lib:${LOCALBASE}/lib:/usr/lib
> +.else
> +CONFIGURE_ENV+= LDFLAGS="-rpath=${KRB5_HOME}/lib:/usr/lib"
> +CFLAGS+=		-rpath=${KRB5_HOME}/lib:/usr/lib
> +LDFLAGS+=		-rpath=${KRB5_HOME}/lib::/usr/lib
> +.endif
> +.else
> +.if defined(WITH_OPENSSL_BASE)
> +# reverse the rpath order set by bsd.openssl.mk
> +CONFIGURE_ENV+= LDFLAGS="-rpath=${LOCALBASE}/lib:/usr/lib"
> +CFLAGS+=		-rpath=${LOCALBASE}/lib:/usr/lib
> +LDFLAGS+=		-rpath=${LOCALBASE}/lib:/usr/lib
> +.endif
>  .endif
>  
>  .include <bsd.port.pre.mk>
> 
>
Comment 9 Cy Schubert 2011-04-27 20:31:03 UTC
Testing the patch on my 8-STABLE (i386) testbed, I am unable to reproduce 
the problem with and without OpenSSL from ports installed.


-- 
Cheers,
Cy Schubert <Cy.Schubert@komquats.com>
FreeBSD UNIX:  <cy@FreeBSD.org>   Web:  http://www.FreeBSD.org

	Q: How did the regular expression cross the road?
	A: ^.*$


In message <4DB73BA7.6080900@ssli.ee.washington.edu>, Lee Damon writes:
> I should say, the reason I noticed this problem is that when I use the
> default Makefile I get this error:
> 
> /libexec/ld-elf.so.1: /usr/local/lib/libgssrpc.so: Undefined symbol
> "gss_mech_krb5"
> 
> This is without anything special defined in /etc/make.conf.
> 
> That's how I noticed the patch in the first place - it was the first hit
> in Google for the error I get.
> 
> nomad
> 
> On 4/26/11 12:38 , Cy Schubert wrote:
> > In message <201104261753.p3QHrW0L007239@crow.ee.washington.edu>, Lee Damon 
> > writ
> > es:
> >> Hello,
> >>
> >> The bug <http://www.freebsd.org/cgi/query-pr.cgi?pr=128972> appears to
> >> still be present on my FBSD 8.2 systems.  I don't see any updates about
> >> why the patch isn't applied.  Is there any chance it can be applied to
> >> the source tree so I can stop manually applying it every time I update?
> > 
> > Your patch doesn't take into account if $KRB5_HOME is set. I've reworkded 
> > your patch and will test it out. Do you mind testing this out?
> > 
> > Index: Makefile
> > ===================================================================
> > RCS file: /home/pcvs/ports/security/krb5/Makefile,v
> > retrieving revision 1.150
> > diff -u -r1.150 Makefile
> > --- Makefile	14 Apr 2011 00:39:25 -0000	1.150
> > +++ Makefile	26 Apr 2011 19:37:58 -0000
> > @@ -42,8 +42,23 @@
> >  
> >  .if defined(KRB5_HOME)
> >  PREFIX=			${KRB5_HOME}
> > -CFLAGS+=		-rpath=${KRB5_HOME}/lib
> > -LDFLAGS+=		-rpath=${KRB5_HOME}/lib
> > +.if defined(WITH_OPENSSL_BASE)
> > +# reverse the rpath order set by bsd.openssl.mk
> > +CONFIGURE_ENV+= LDFLAGS="-rpath=${KRB5_HOME}/lib:${LOCALBASE}/lib:/usr/lib
> "
> > +CFLAGS+=		-rpath=${KRB5_HOME}/lib:${LOCALBASE}/lib:/usr/lib
> > +LDFLAGS+=		-rpath=${KRB5_HOME}/lib:${LOCALBASE}/lib:/usr/lib
> > +.else
> > +CONFIGURE_ENV+= LDFLAGS="-rpath=${KRB5_HOME}/lib:/usr/lib"
> > +CFLAGS+=		-rpath=${KRB5_HOME}/lib:/usr/lib
> > +LDFLAGS+=		-rpath=${KRB5_HOME}/lib::/usr/lib
> > +.endif
> > +.else
> > +.if defined(WITH_OPENSSL_BASE)
> > +# reverse the rpath order set by bsd.openssl.mk
> > +CONFIGURE_ENV+= LDFLAGS="-rpath=${LOCALBASE}/lib:/usr/lib"
> > +CFLAGS+=		-rpath=${LOCALBASE}/lib:/usr/lib
> > +LDFLAGS+=		-rpath=${LOCALBASE}/lib:/usr/lib
> > +.endif
> >  .endif
> >  
> >  .include <bsd.port.pre.mk>
> > 
> >
Comment 10 chris+freebsd 2013-06-12 16:39:25 UTC
>Submitter-Id:	current-users
>Originator:	Chris Wilson
>Organization:	Aptivate Ltd
>Confidential:	no
>Synopsis:	ports/128972 still applies in 9.1: Port security/krb5 has a linking problem when compiled against base openssl
>Severity:	non-critical
>Priority:	low
>Category:	ports
>Class:		sw-bug
>Release:	9.1-RELEASE
>Environment:	FreeBSD noc.sse.ws.afnog.org 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r243826: Tue Dec  4 06:55:39 UTC 2012     root@obrian.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  i386
>Description:
Either installing the binary package (pkg_add -r krb5-19) or installing /usr/ports/security/krb5, I get the same error as reported in that PR:

===>  Cleaning for krb5-1.10.3_1
[inst@noc /usr/ports/security/krb5]$ kdb5_util
/usr/local/lib/libgssrpc.so: Undefined symbol "gss_mech_krb5"

>How-To-Repeat:
pkg_add -r krb5-19
kdb5_util
>Fix:
Comment 11 Carlo Strub freebsd_committer freebsd_triage 2014-09-07 17:51:55 UTC
Is this PR still relevant?
Comment 12 Carlos J Puga Medina 2015-08-11 23:35:17 UTC
(In reply to Carlo Strub from comment #11)

Yes, I just reproduce this issue. I get "Undefined symbol "gss_mech_krb5" referenced from COPY relocation in /usr/local/sbin/ocserv"

See #202253 for more details.
Comment 13 Cy Schubert freebsd_committer freebsd_triage 2015-08-12 06:38:56 UTC
I'm still not able to reproduce this locally.

The krb5 ports do not use or reference libgssapi.so, only libgssapi_krb5.so:

slippy# ldd /usr/local/sbin/kdb5_util
/usr/local/sbin/kdb5_util:
	libkadm5srv_mit.so => /usr/local/lib/libkadm5srv_mit.so (0x2c432000)
	libkdb5.so => /usr/local/lib/libkdb5.so (0x2c650000)
	libgssrpc.so => /usr/local/lib/libgssrpc.so (0x2c862000)
	libgssapi_krb5.so => /usr/local/lib/libgssapi_krb5.so (0x2ca7e000)
	libkrb5.so => /usr/local/lib/libkrb5.so (0x2ccc5000)
	libk5crypto.so => /usr/local/lib/libk5crypto.so (0x2cfa7000)
	libcom_err.so => /usr/local/lib/libcom_err.so (0x2d1d6000)
	libkrb5support.so => /usr/local/lib/libkrb5support.so (0x2d3d9000)
	libintl.so.8 => /usr/local/lib/libintl.so.8 (0x2d5e6000)
	libthr.so.3 => /lib/libthr.so.3 (0x2d7f1000)
	libc.so.7 => /lib/libc.so.7 (0x2da15000)
slippy# 

Are you sure you're linking against the correct library?
Comment 14 Carlos J Puga Medina 2015-08-12 16:56:07 UTC
(In reply to Cy Schubert from comment #13)

You're right! ocserv port needs gssapi:mit as dependency. So, this issue is solved.
Comment 15 Xin LI freebsd_committer freebsd_triage 2015-08-14 00:28:50 UTC
Resolved according to the original reporter, thanks for the feedback!