Bug 234740 - mail/fetchmail: fetchmail-6.3.26_9 fails to compile with GSSAPI_MIT port option enabled
Summary: mail/fetchmail: fetchmail-6.3.26_9 fails to compile with GSSAPI_MIT port opt...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: amd64 Any
: --- Affects Many People
Assignee: Matthias Andree
URL:
Keywords: patch, regression
Depends on:
Blocks:
 
Reported: 2019-01-08 11:27 UTC by Peter Putzer
Modified: 2019-01-11 06:37 UTC (History)
4 users (show)

See Also:
chalpin: maintainer-feedback+
mandree: maintainer-feedback? (chalpin)


Attachments
fix GSSAPI and NLS-less builds (3.74 KB, patch)
2019-01-10 21:55 UTC, Matthias Andree
chalpin: maintainer-approval+
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Peter Putzer 2019-01-08 11:27:32 UTC
The new port version fails to compile with GSSAPI_MIT set.

The immediate cause is this configure failure:

checking for Kerberos V in /usr/local... found
checking for krb5_des_string_to_key in -lcrypto... no
checking for krb5_des_string_to_key in -lk5crypto... no
configure: error: Kerberos 5 DES libraries not found
gmake[2]: *** [Makefile:622: config.status] Error 1
gmake[2]: Leaving directory '/var/ports/usr/ports/mail/fetchmail/work/fetchmail-6.3.26'
===> Compilation failed unexpectedly.

However, the root cause might be this earlier error:

CDPATH="${ZSH_VERSION+.}:" && cd . && /bin/sh /var/ports/usr/ports/mail/fetchmail/work/fetchmail-6.3.26/missing --run aclocal-1.11 -I m4 -I m4-local
/var/ports/usr/ports/mail/fetchmail/work/fetchmail-6.3.26/missing: aclocal-1.11: not found
WARNING: `aclocal-1.11' is missing on your system.  You should only need it if
         you modified `acinclude.m4' or `configure.ac'.  You might want
         to install the `Automake' and `Perl' packages.  Grab them from
         any GNU archive site.
CDPATH="${ZSH_VERSION+.}:" && cd . && /bin/sh /var/ports/usr/ports/mail/fetchmail/work/fetchmail-6.3.26/missing --run autoconf
 cd . && /bin/sh /var/ports/usr/ports/mail/fetchmail/work/fetchmail-6.3.26/missing --run automake-1.11 --foreign
/var/ports/usr/ports/mail/fetchmail/work/fetchmail-6.3.26/missing: automake-1.11: not found
WARNING: `automake-1.11' is missing on your system.  You should only need it if
         you modified `Makefile.am', `acinclude.m4' or `configure.ac'.
         You might want to install the `Automake' and `Perl' packages.
         Grab them from any GNU archive site.
aclocal.m4:17: warning: this file was generated for autoconf 2.68.
You have another version of autoconf.  It may work, but is not guaranteed to.
If you have problems, you may need to regenerate the build system entirely.
To do so, use the procedure documented by the package, typically `autoreconf'.
/bin/sh ./config.status --recheck

This is a 11.2-RELEASE-p7 install on amd64, automake is installed, but not version 1.11.
Comment 1 Corey Halpin 2019-01-10 00:16:50 UTC
I cannot replicate this failure on 11.2/amd64.

When using 'poudriere testport' with the following make.conf:

DEFAULT_VERSIONS+= ssl=base
OPTIONS_UNSET+= GSSAPI_BASE
OPTIONS_SET+= GSSAPI_MIT

I see the following when configure runs:

checking for Kerberos V in /usr/local... found
checking for krb5_des_string_to_key in -lcrypto... no
checking for krb5_des_string_to_key in -lk5crypto... yes
checking for krb5_init_context in -lkrb5... yes

And the port builds successfully. Full log at: http://pages.cs.wisc.edu/~chalpin/freebsd/bug234740_tp_base 


When using 'poudriere testport' with the following make.conf:
DEFAULT_VERSIONS+= ssl=openssl
OPTIONS_UNSET+= GSSAPI_BASE
OPTIONS_SET+= GSSAPI_MIT

I see the following when configure runs:

checking for Kerberos V in /usr/local... found
checking for krb5_des_string_to_key in -lcrypto... no
checking for krb5_des_string_to_key in -lk5crypto... yes
checking for krb5_init_context in -lkrb5... yes

And the port builds successfully. Full log at: http://pages.cs.wisc.edu/~chalpin/freebsd/bug234740_tp_port 

In both of the above cases, the Automake warning you report appears but does not cause a problem.


Can you provide more information about your build environment, especially any make.conf settings that would affect how krb5 is built?
Comment 2 Peter Putzer 2019-01-10 12:25:41 UTC
I'm using LibreSSL from Ports. My (partial) make.conf:

DEFAULT_VERSIONS= bdb=5 perl5=5.28 mysql=10.2m php=7.2 ruby=2.4 ssl=libressl
CPUTYPE?=native
CFLAGS= -O3 -pipe -funroll-loops
OPTIONS_UNSET=X11 GSSAPI_BASE
OPTIONS_SET= GSSAPI_MIT
WITH_PKGNG=yes
WITH_CCACHE_BUILD=yes
WITH_LIBCPLUSPLUS=yes
Comment 3 Matthias Andree freebsd_committer 2019-01-10 20:28:28 UTC
It appears I can reproduce this on FreeBSD 12.0 with krb5-1.17. 
This report seems related, https://www.mail-archive.com/kerberos@mit.edu/msg04772.html - where Sam Hartman mentions "That's an internal API.  IT seems highly unlikely that fetchmail actually wants des_string_to_key.  I suspect it should look for some more reasonable symbol depending on what it is trynig to do."

Might be that the upstream code needed some updating. Seems that it is trying to guess which libraries to pull in, when these days it might be better to just run krb5-config.

Upon closer inspection, it would seem that the new patch that got pulled in in [2] triggers a regeneration of the configure script, which then clobbers cy@'s fix [3] that patched configure directly... 
-----------------------

[2] https://svnweb.freebsd.org/ports/head/mail/fetchmail/Makefile?r1=485579&r2=489439
[3] https://svnweb.freebsd.org/ports?view=revision&revision=468557
Comment 4 Peter Putzer 2019-01-10 20:31:02 UTC
(In reply to Matthias Andree from comment #3)

Ah yes, that's a tidbit that I forgot to mention: There is a patch for the symbol included in the port files, but it doesn't seem to get applied (anymore).
Comment 5 Matthias Andree freebsd_committer 2019-01-10 20:55:58 UTC
[mandree@freeryzen /usr/ports.svn/mail/fetchmail]$ svn st -v
            489889   489439 cem          .
            489889   489439 cem          Makefile
            489889   489439 cem          distinfo
            489889   489439 cem          files
            489889   484295 roberto      files/fetchmail.in
            489889   313331 beech        files/fetchmailconf.in
            489889   340872 mat          files/fetchmailrc.sample
            489889   468557 cy           files/patch-configure
            489889   489439 cem          files/patch-fetchmail.c
            489889   489439 cem          files/patch-socket.c
            489889   340719 mat          files/pkg-message.in
            489889   372129 mandree      pkg-descr
            489889   419379 kevlo        pkg-plist

The build log from a live 12.0-RELEASE-p2 system that's otherwise running FreeBSD-latest packages is at:
https://people.freebsd.org/~mandree/fetchmail-6.3.26_9.log 

I cannot reproduce this failure in poudriere either, only on the bare system.

I have also uploaded the config.log files from the first run ("make configure"), and the second run ("make") - it runs off of a different version, without Cy's patch, with a different environment - diff the two logs to see for yourself.

https://people.freebsd.org/~mandree/fetchmail-6.3.26_9-config-1.log
https://people.freebsd.org/~mandree/fetchmail-6.3.26_9-config-2.log
Comment 6 Matthias Andree freebsd_committer 2019-01-10 21:00:37 UTC
Corey, Fedora's fetchmail-6.3.26-ssl-backport.patch includes the SNI patch, so the 9b8b634.patch from Gitlab can be omitted.
Comment 7 Matthias Andree freebsd_committer 2019-01-10 21:55:55 UTC
Created attachment 201001 [details]
fix GSSAPI and NLS-less builds

Corey, I am proposing the attached patch. 

It moves Cy Schubert's fix for krb5_des_string_to_key vs. krb5int_des_string_to_key into a configure.ac patch, formalizes running autoreconf, and adds a workaround for a framework bug that waives running autopoint when NLS is disabled, details inside the Makefile patch itself.

At the same time, the SNI patch gets dropped, it is part of the Fedora TLS backport.

It also appears that fetchmail 6.3.26 isn't up to parallel tests, so while at it, I am adding two options for the modern automake, namely subdir-objects serial-tests.
Comment 8 Corey Halpin 2019-01-11 00:15:21 UTC
Comment on attachment 201001 [details]
fix GSSAPI and NLS-less builds

This looks good to me.  Thank you!

It passes poudriere testport on 11.2/amd64 with:
  1) default settings
  2) ssl=base + GSSAPI_MIT
  3) ssl=port + GSSAPI_MIT
  4) ssl=libressl + GSSAPI_MIT
Comment 9 commit-hook freebsd_committer 2019-01-11 06:36:49 UTC
A commit references this bug:

Author: mandree
Date: Fri Jan 11 06:36:29 UTC 2019
New revision: 489947
URL: https://svnweb.freebsd.org/changeset/ports/489947

Log:
  Fix GSSAPI-based, and NLS-less, builds.

  This was also tested on a live 12.0 amd64 machine,
  11.2-arm64 and 11.2-i386 poudriere boxes with base GSSAPI.

  PR:		234740
  Reported by:	Peter Putzer (Bugzilla), Alex V. Petrov (e-mail)
  Approved by:	Corey Halpin (maintainer)

Changes:
  head/mail/fetchmail/Makefile
  head/mail/fetchmail/files/patch-configure
  head/mail/fetchmail/files/patch-configure.ac