After installing security/krb5, any attempt to use the binaries created results in the following error message: /libexec/ld-elf.so.1: /usr/local/lib/libgssrpc.so: Undefined symbol "gss_mech_krb5" The behavior only happens when WITH_OPENSSL_BASE=YES is defined in /etc/make.conf. If the port is allowed to install security/openssl as a dependency this error does not happen. I've also confirmed this problem on a FreeBSD 7.0-RELEASE-p1 i386 box How-To-Repeat: Define WITH_OPENSSL_BASE=YES in /etc/make.conf. Install security/krb5 from by compiling from ports. Try to run kdb5_util create -s to create a new kerberos database.
Responsible Changed From-To: freebsd-ports-bugs->cy Over to maintainer (via the GNATS Auto Assign Tool)
This is a multi-part message in MIME format.
State Changed From-To: open->feedback problem still present ?
In message <201104261753.p3QHrW0L007239@crow.ee.washington.edu>, Lee Damon writ es: > Hello, > > The bug <http://www.freebsd.org/cgi/query-pr.cgi?pr=128972> appears to > still be present on my FBSD 8.2 systems. I don't see any updates about > why the patch isn't applied. Is there any chance it can be applied to > the source tree so I can stop manually applying it every time I update? Your patch doesn't take into account if $KRB5_HOME is set. I've reworkded your patch and will test it out. Do you mind testing this out? Index: Makefile =================================================================== RCS file: /home/pcvs/ports/security/krb5/Makefile,v retrieving revision 1.150 diff -u -r1.150 Makefile --- Makefile 14 Apr 2011 00:39:25 -0000 1.150 +++ Makefile 26 Apr 2011 19:37:58 -0000 @@ -42,8 +42,23 @@ .if defined(KRB5_HOME) PREFIX= ${KRB5_HOME} -CFLAGS+= -rpath=${KRB5_HOME}/lib -LDFLAGS+= -rpath=${KRB5_HOME}/lib +.if defined(WITH_OPENSSL_BASE) +# reverse the rpath order set by bsd.openssl.mk +CONFIGURE_ENV+= LDFLAGS="-rpath=${KRB5_HOME}/lib:${LOCALBASE}/lib:/usr/lib" +CFLAGS+= -rpath=${KRB5_HOME}/lib:${LOCALBASE}/lib:/usr/lib +LDFLAGS+= -rpath=${KRB5_HOME}/lib:${LOCALBASE}/lib:/usr/lib +.else +CONFIGURE_ENV+= LDFLAGS="-rpath=${KRB5_HOME}/lib:/usr/lib" +CFLAGS+= -rpath=${KRB5_HOME}/lib:/usr/lib +LDFLAGS+= -rpath=${KRB5_HOME}/lib::/usr/lib +.endif +.else +.if defined(WITH_OPENSSL_BASE) +# reverse the rpath order set by bsd.openssl.mk +CONFIGURE_ENV+= LDFLAGS="-rpath=${LOCALBASE}/lib:/usr/lib" +CFLAGS+= -rpath=${LOCALBASE}/lib:/usr/lib +LDFLAGS+= -rpath=${LOCALBASE}/lib:/usr/lib +.endif .endif .include <bsd.port.pre.mk> -- Cheers, Cy Schubert <Cy.Schubert@komquats.com> FreeBSD UNIX: <cy@FreeBSD.org> Web: http://www.FreeBSD.org Q: How did the regular expression cross the road? A: ^.*$
It's not my patch but I'm happy to test it. nomad On 4/26/11 12:38 , Cy Schubert wrote: > In message <201104261753.p3QHrW0L007239@crow.ee.washington.edu>, Lee Damon > writ > es: >> Hello, >> >> The bug <http://www.freebsd.org/cgi/query-pr.cgi?pr=128972> appears to >> still be present on my FBSD 8.2 systems. I don't see any updates about >> why the patch isn't applied. Is there any chance it can be applied to >> the source tree so I can stop manually applying it every time I update? > > Your patch doesn't take into account if $KRB5_HOME is set. I've reworkded > your patch and will test it out. Do you mind testing this out? > > Index: Makefile > =================================================================== > RCS file: /home/pcvs/ports/security/krb5/Makefile,v > retrieving revision 1.150 > diff -u -r1.150 Makefile > --- Makefile 14 Apr 2011 00:39:25 -0000 1.150 > +++ Makefile 26 Apr 2011 19:37:58 -0000 > @@ -42,8 +42,23 @@ > > .if defined(KRB5_HOME) > PREFIX= ${KRB5_HOME} > -CFLAGS+= -rpath=${KRB5_HOME}/lib > -LDFLAGS+= -rpath=${KRB5_HOME}/lib > +.if defined(WITH_OPENSSL_BASE) > +# reverse the rpath order set by bsd.openssl.mk > +CONFIGURE_ENV+= LDFLAGS="-rpath=${KRB5_HOME}/lib:${LOCALBASE}/lib:/usr/lib" > +CFLAGS+= -rpath=${KRB5_HOME}/lib:${LOCALBASE}/lib:/usr/lib > +LDFLAGS+= -rpath=${KRB5_HOME}/lib:${LOCALBASE}/lib:/usr/lib > +.else > +CONFIGURE_ENV+= LDFLAGS="-rpath=${KRB5_HOME}/lib:/usr/lib" > +CFLAGS+= -rpath=${KRB5_HOME}/lib:/usr/lib > +LDFLAGS+= -rpath=${KRB5_HOME}/lib::/usr/lib > +.endif > +.else > +.if defined(WITH_OPENSSL_BASE) > +# reverse the rpath order set by bsd.openssl.mk > +CONFIGURE_ENV+= LDFLAGS="-rpath=${LOCALBASE}/lib:/usr/lib" > +CFLAGS+= -rpath=${LOCALBASE}/lib:/usr/lib > +LDFLAGS+= -rpath=${LOCALBASE}/lib:/usr/lib > +.endif > .endif > > .include <bsd.port.pre.mk> > >
Doesn't seem to have fixed it. I don't have WITH_OPENSSL_BASE defined in /etc/make.conf but I still get the undefined symbol error. coho# cat /etc/make.conf WITH_SASL=YES # added by use.perl 2011-04-26 11:18:34 PERL_VERSION=5.10.1 coho# kinit nomad /libexec/ld-elf.so.1: /usr/local/lib/libgssrpc.so: Undefined symbol "gss_mech_krb5" I just tried adding WITH_OPENSSL_BASE=YES to /etc/make.conf and the error goes away. Interesting. nomad On 4/26/11 12:38 , Cy Schubert wrote: > In message <201104261753.p3QHrW0L007239@crow.ee.washington.edu>, Lee Damon > writ > es: >> Hello, >> >> The bug <http://www.freebsd.org/cgi/query-pr.cgi?pr=128972> appears to >> still be present on my FBSD 8.2 systems. I don't see any updates about >> why the patch isn't applied. Is there any chance it can be applied to >> the source tree so I can stop manually applying it every time I update? > > Your patch doesn't take into account if $KRB5_HOME is set. I've reworkded > your patch and will test it out. Do you mind testing this out? > > Index: Makefile > =================================================================== > RCS file: /home/pcvs/ports/security/krb5/Makefile,v > retrieving revision 1.150 > diff -u -r1.150 Makefile > --- Makefile 14 Apr 2011 00:39:25 -0000 1.150 > +++ Makefile 26 Apr 2011 19:37:58 -0000 > @@ -42,8 +42,23 @@ > > .if defined(KRB5_HOME) > PREFIX= ${KRB5_HOME} > -CFLAGS+= -rpath=${KRB5_HOME}/lib > -LDFLAGS+= -rpath=${KRB5_HOME}/lib > +.if defined(WITH_OPENSSL_BASE) > +# reverse the rpath order set by bsd.openssl.mk > +CONFIGURE_ENV+= LDFLAGS="-rpath=${KRB5_HOME}/lib:${LOCALBASE}/lib:/usr/lib" > +CFLAGS+= -rpath=${KRB5_HOME}/lib:${LOCALBASE}/lib:/usr/lib > +LDFLAGS+= -rpath=${KRB5_HOME}/lib:${LOCALBASE}/lib:/usr/lib > +.else > +CONFIGURE_ENV+= LDFLAGS="-rpath=${KRB5_HOME}/lib:/usr/lib" > +CFLAGS+= -rpath=${KRB5_HOME}/lib:/usr/lib > +LDFLAGS+= -rpath=${KRB5_HOME}/lib::/usr/lib > +.endif > +.else > +.if defined(WITH_OPENSSL_BASE) > +# reverse the rpath order set by bsd.openssl.mk > +CONFIGURE_ENV+= LDFLAGS="-rpath=${LOCALBASE}/lib:/usr/lib" > +CFLAGS+= -rpath=${LOCALBASE}/lib:/usr/lib > +LDFLAGS+= -rpath=${LOCALBASE}/lib:/usr/lib > +.endif > .endif > > .include <bsd.port.pre.mk> > >
I should say, the reason I noticed this problem is that when I use the default Makefile I get this error: /libexec/ld-elf.so.1: /usr/local/lib/libgssrpc.so: Undefined symbol "gss_mech_krb5" This is without anything special defined in /etc/make.conf. That's how I noticed the patch in the first place - it was the first hit in Google for the error I get. nomad On 4/26/11 12:38 , Cy Schubert wrote: > In message <201104261753.p3QHrW0L007239@crow.ee.washington.edu>, Lee Damon > writ > es: >> Hello, >> >> The bug <http://www.freebsd.org/cgi/query-pr.cgi?pr=128972> appears to >> still be present on my FBSD 8.2 systems. I don't see any updates about >> why the patch isn't applied. Is there any chance it can be applied to >> the source tree so I can stop manually applying it every time I update? > > Your patch doesn't take into account if $KRB5_HOME is set. I've reworkded > your patch and will test it out. Do you mind testing this out? > > Index: Makefile > =================================================================== > RCS file: /home/pcvs/ports/security/krb5/Makefile,v > retrieving revision 1.150 > diff -u -r1.150 Makefile > --- Makefile 14 Apr 2011 00:39:25 -0000 1.150 > +++ Makefile 26 Apr 2011 19:37:58 -0000 > @@ -42,8 +42,23 @@ > > .if defined(KRB5_HOME) > PREFIX= ${KRB5_HOME} > -CFLAGS+= -rpath=${KRB5_HOME}/lib > -LDFLAGS+= -rpath=${KRB5_HOME}/lib > +.if defined(WITH_OPENSSL_BASE) > +# reverse the rpath order set by bsd.openssl.mk > +CONFIGURE_ENV+= LDFLAGS="-rpath=${KRB5_HOME}/lib:${LOCALBASE}/lib:/usr/lib" > +CFLAGS+= -rpath=${KRB5_HOME}/lib:${LOCALBASE}/lib:/usr/lib > +LDFLAGS+= -rpath=${KRB5_HOME}/lib:${LOCALBASE}/lib:/usr/lib > +.else > +CONFIGURE_ENV+= LDFLAGS="-rpath=${KRB5_HOME}/lib:/usr/lib" > +CFLAGS+= -rpath=${KRB5_HOME}/lib:/usr/lib > +LDFLAGS+= -rpath=${KRB5_HOME}/lib::/usr/lib > +.endif > +.else > +.if defined(WITH_OPENSSL_BASE) > +# reverse the rpath order set by bsd.openssl.mk > +CONFIGURE_ENV+= LDFLAGS="-rpath=${LOCALBASE}/lib:/usr/lib" > +CFLAGS+= -rpath=${LOCALBASE}/lib:/usr/lib > +LDFLAGS+= -rpath=${LOCALBASE}/lib:/usr/lib > +.endif > .endif > > .include <bsd.port.pre.mk> > >
Testing the patch on my 8-STABLE (i386) testbed, I am unable to reproduce the problem with and without OpenSSL from ports installed. -- Cheers, Cy Schubert <Cy.Schubert@komquats.com> FreeBSD UNIX: <cy@FreeBSD.org> Web: http://www.FreeBSD.org Q: How did the regular expression cross the road? A: ^.*$ In message <4DB73BA7.6080900@ssli.ee.washington.edu>, Lee Damon writes: > I should say, the reason I noticed this problem is that when I use the > default Makefile I get this error: > > /libexec/ld-elf.so.1: /usr/local/lib/libgssrpc.so: Undefined symbol > "gss_mech_krb5" > > This is without anything special defined in /etc/make.conf. > > That's how I noticed the patch in the first place - it was the first hit > in Google for the error I get. > > nomad > > On 4/26/11 12:38 , Cy Schubert wrote: > > In message <201104261753.p3QHrW0L007239@crow.ee.washington.edu>, Lee Damon > > writ > > es: > >> Hello, > >> > >> The bug <http://www.freebsd.org/cgi/query-pr.cgi?pr=128972> appears to > >> still be present on my FBSD 8.2 systems. I don't see any updates about > >> why the patch isn't applied. Is there any chance it can be applied to > >> the source tree so I can stop manually applying it every time I update? > > > > Your patch doesn't take into account if $KRB5_HOME is set. I've reworkded > > your patch and will test it out. Do you mind testing this out? > > > > Index: Makefile > > =================================================================== > > RCS file: /home/pcvs/ports/security/krb5/Makefile,v > > retrieving revision 1.150 > > diff -u -r1.150 Makefile > > --- Makefile 14 Apr 2011 00:39:25 -0000 1.150 > > +++ Makefile 26 Apr 2011 19:37:58 -0000 > > @@ -42,8 +42,23 @@ > > > > .if defined(KRB5_HOME) > > PREFIX= ${KRB5_HOME} > > -CFLAGS+= -rpath=${KRB5_HOME}/lib > > -LDFLAGS+= -rpath=${KRB5_HOME}/lib > > +.if defined(WITH_OPENSSL_BASE) > > +# reverse the rpath order set by bsd.openssl.mk > > +CONFIGURE_ENV+= LDFLAGS="-rpath=${KRB5_HOME}/lib:${LOCALBASE}/lib:/usr/lib > " > > +CFLAGS+= -rpath=${KRB5_HOME}/lib:${LOCALBASE}/lib:/usr/lib > > +LDFLAGS+= -rpath=${KRB5_HOME}/lib:${LOCALBASE}/lib:/usr/lib > > +.else > > +CONFIGURE_ENV+= LDFLAGS="-rpath=${KRB5_HOME}/lib:/usr/lib" > > +CFLAGS+= -rpath=${KRB5_HOME}/lib:/usr/lib > > +LDFLAGS+= -rpath=${KRB5_HOME}/lib::/usr/lib > > +.endif > > +.else > > +.if defined(WITH_OPENSSL_BASE) > > +# reverse the rpath order set by bsd.openssl.mk > > +CONFIGURE_ENV+= LDFLAGS="-rpath=${LOCALBASE}/lib:/usr/lib" > > +CFLAGS+= -rpath=${LOCALBASE}/lib:/usr/lib > > +LDFLAGS+= -rpath=${LOCALBASE}/lib:/usr/lib > > +.endif > > .endif > > > > .include <bsd.port.pre.mk> > > > >
>Submitter-Id: current-users >Originator: Chris Wilson >Organization: Aptivate Ltd >Confidential: no >Synopsis: ports/128972 still applies in 9.1: Port security/krb5 has a linking problem when compiled against base openssl >Severity: non-critical >Priority: low >Category: ports >Class: sw-bug >Release: 9.1-RELEASE >Environment: FreeBSD noc.sse.ws.afnog.org 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r243826: Tue Dec 4 06:55:39 UTC 2012 root@obrian.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 >Description: Either installing the binary package (pkg_add -r krb5-19) or installing /usr/ports/security/krb5, I get the same error as reported in that PR: ===> Cleaning for krb5-1.10.3_1 [inst@noc /usr/ports/security/krb5]$ kdb5_util /usr/local/lib/libgssrpc.so: Undefined symbol "gss_mech_krb5" >How-To-Repeat: pkg_add -r krb5-19 kdb5_util >Fix:
Is this PR still relevant?
(In reply to Carlo Strub from comment #11) Yes, I just reproduce this issue. I get "Undefined symbol "gss_mech_krb5" referenced from COPY relocation in /usr/local/sbin/ocserv" See #202253 for more details.
I'm still not able to reproduce this locally. The krb5 ports do not use or reference libgssapi.so, only libgssapi_krb5.so: slippy# ldd /usr/local/sbin/kdb5_util /usr/local/sbin/kdb5_util: libkadm5srv_mit.so => /usr/local/lib/libkadm5srv_mit.so (0x2c432000) libkdb5.so => /usr/local/lib/libkdb5.so (0x2c650000) libgssrpc.so => /usr/local/lib/libgssrpc.so (0x2c862000) libgssapi_krb5.so => /usr/local/lib/libgssapi_krb5.so (0x2ca7e000) libkrb5.so => /usr/local/lib/libkrb5.so (0x2ccc5000) libk5crypto.so => /usr/local/lib/libk5crypto.so (0x2cfa7000) libcom_err.so => /usr/local/lib/libcom_err.so (0x2d1d6000) libkrb5support.so => /usr/local/lib/libkrb5support.so (0x2d3d9000) libintl.so.8 => /usr/local/lib/libintl.so.8 (0x2d5e6000) libthr.so.3 => /lib/libthr.so.3 (0x2d7f1000) libc.so.7 => /lib/libc.so.7 (0x2da15000) slippy# Are you sure you're linking against the correct library?
(In reply to Cy Schubert from comment #13) You're right! ocserv port needs gssapi:mit as dependency. So, this issue is solved.
Resolved according to the original reporter, thanks for the feedback!