Bug 212325 - New port: www/mod_auth_gssapi GSSAPI authentication module for Apache
Summary: New port: www/mod_auth_gssapi GSSAPI authentication module for Apache
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Kurt Jaeger
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-09-02 08:14 UTC by Christian Ullrich
Modified: 2016-09-10 19:10 UTC (History)
1 user (show)

See Also:


Attachments
New port (1.75 KB, patch)
2016-09-02 08:14 UTC, Christian Ullrich
no flags Details | Diff
Updated new port (1.81 KB, patch)
2016-09-05 08:22 UTC, Christian Ullrich
no flags Details | Diff
Updated new port (2.94 KB, patch)
2016-09-07 08:45 UTC, Christian Ullrich
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Christian Ullrich 2016-09-02 08:14:51 UTC
Created attachment 174308 [details]
New port

"This module has been built as a replacement for the aging mod_auth_kerb. Its aim is to use only GSSAPI calls and be as much as possible agnostic of the actual mechanism used."

I took a lot of inspiration from other Apache module port's Makefiles, particularly the do-install target (which is a workaround for libtool's inability not to install .la and .a files). Any improvement suggestions
will be welcome.

-- 
Christian
Comment 1 Kurt Jaeger freebsd_committer 2016-09-04 19:44:37 UTC
Have you tried to USE_GITHUB instead of using a MASTER_SITES which points to github ?

Testbuilds@work
Comment 2 Christian Ullrich 2016-09-04 19:55:17 UTC
I did, and as far as I can tell, USE_GITHUB can only download tags (that is, repo snapshots), not prepared release tarballs.

If I use that, I also have to do USES=autoreconf, and I thought it was better to avoid that if possible.
Comment 3 Christian Ullrich 2016-09-05 08:22:22 UTC
Created attachment 174381 [details]
Updated new port

New patch with USE_GITHUB, USES=autoreconf.

I have also added an override of $KRB5_CONFIG in CONFIGURE_ENV, because without that, the port will compile with port MIT headers, then link with base Heimdal libraries, and eventually fail to run due to undefined symbols.
Comment 4 Kurt Jaeger freebsd_committer 2016-09-05 17:59:08 UTC
testbuilds@work
Comment 5 Kurt Jaeger freebsd_committer 2016-09-05 18:25:39 UTC
Testbuilds fail in configure phase. See

http://people.freebsd.org/~pi/logs/www__mod_auth_gssapi-cur-1473097920.txt

(identical problem for the other platforms 11a, 10i, 9.3a)
Comment 6 Christian Ullrich 2016-09-07 08:45:31 UTC
Created attachment 174468 [details]
Updated new port

- Fixes OpenSSL selection (base and port) on 9, 10, 11
  - IGNOREs with base OpenSSL on 9, due to API incompatibility
- IGNOREs with any LibreSSL, due to (im)proper use of footgun with regard
  to the OPENSSL_VERSION_NUMBER macro
- Adds module configuration file
  - I arbitrarily chose the load order prefix (240, currently vacant) based
    on information from apache@ that there are no rules for selecting it
Comment 7 commit-hook freebsd_committer 2016-09-10 19:10:24 UTC
A commit references this bug:

Author: pi
Date: Sat Sep 10 19:10:08 UTC 2016
New revision: 421727
URL: https://svnweb.freebsd.org/changeset/ports/421727

Log:
  New port: www/mod_auth_gssapi

  This module adds support for single-sign-on authentication via GSSAPI
  to the Apache httpd. It is intended as a successor to mod_auth_kerb.

  WWW: https://github.com/modauthgssapi/mod_auth_gssapi

  PR:		212325
  Submitted by:	chris@chrullrich.net

Changes:
  head/www/Makefile
  head/www/mod_auth_gssapi/
  head/www/mod_auth_gssapi/Makefile
  head/www/mod_auth_gssapi/distinfo
  head/www/mod_auth_gssapi/files/
  head/www/mod_auth_gssapi/files/240_mod_auth_gssapi.conf.sample.in
  head/www/mod_auth_gssapi/pkg-descr
Comment 8 Kurt Jaeger freebsd_committer 2016-09-10 19:10:37 UTC
Committed, thanks!