The new port version fails to compile with GSSAPI_MIT set. The immediate cause is this configure failure: checking for Kerberos V in /usr/local... found checking for krb5_des_string_to_key in -lcrypto... no checking for krb5_des_string_to_key in -lk5crypto... no configure: error: Kerberos 5 DES libraries not found gmake[2]: *** [Makefile:622: config.status] Error 1 gmake[2]: Leaving directory '/var/ports/usr/ports/mail/fetchmail/work/fetchmail-6.3.26' ===> Compilation failed unexpectedly. However, the root cause might be this earlier error: CDPATH="${ZSH_VERSION+.}:" && cd . && /bin/sh /var/ports/usr/ports/mail/fetchmail/work/fetchmail-6.3.26/missing --run aclocal-1.11 -I m4 -I m4-local /var/ports/usr/ports/mail/fetchmail/work/fetchmail-6.3.26/missing: aclocal-1.11: not found WARNING: `aclocal-1.11' is missing on your system. You should only need it if you modified `acinclude.m4' or `configure.ac'. You might want to install the `Automake' and `Perl' packages. Grab them from any GNU archive site. CDPATH="${ZSH_VERSION+.}:" && cd . && /bin/sh /var/ports/usr/ports/mail/fetchmail/work/fetchmail-6.3.26/missing --run autoconf cd . && /bin/sh /var/ports/usr/ports/mail/fetchmail/work/fetchmail-6.3.26/missing --run automake-1.11 --foreign /var/ports/usr/ports/mail/fetchmail/work/fetchmail-6.3.26/missing: automake-1.11: not found WARNING: `automake-1.11' is missing on your system. You should only need it if you modified `Makefile.am', `acinclude.m4' or `configure.ac'. You might want to install the `Automake' and `Perl' packages. Grab them from any GNU archive site. aclocal.m4:17: warning: this file was generated for autoconf 2.68. You have another version of autoconf. It may work, but is not guaranteed to. If you have problems, you may need to regenerate the build system entirely. To do so, use the procedure documented by the package, typically `autoreconf'. /bin/sh ./config.status --recheck This is a 11.2-RELEASE-p7 install on amd64, automake is installed, but not version 1.11.
I cannot replicate this failure on 11.2/amd64. When using 'poudriere testport' with the following make.conf: DEFAULT_VERSIONS+= ssl=base OPTIONS_UNSET+= GSSAPI_BASE OPTIONS_SET+= GSSAPI_MIT I see the following when configure runs: checking for Kerberos V in /usr/local... found checking for krb5_des_string_to_key in -lcrypto... no checking for krb5_des_string_to_key in -lk5crypto... yes checking for krb5_init_context in -lkrb5... yes And the port builds successfully. Full log at: http://pages.cs.wisc.edu/~chalpin/freebsd/bug234740_tp_base When using 'poudriere testport' with the following make.conf: DEFAULT_VERSIONS+= ssl=openssl OPTIONS_UNSET+= GSSAPI_BASE OPTIONS_SET+= GSSAPI_MIT I see the following when configure runs: checking for Kerberos V in /usr/local... found checking for krb5_des_string_to_key in -lcrypto... no checking for krb5_des_string_to_key in -lk5crypto... yes checking for krb5_init_context in -lkrb5... yes And the port builds successfully. Full log at: http://pages.cs.wisc.edu/~chalpin/freebsd/bug234740_tp_port In both of the above cases, the Automake warning you report appears but does not cause a problem. Can you provide more information about your build environment, especially any make.conf settings that would affect how krb5 is built?
I'm using LibreSSL from Ports. My (partial) make.conf: DEFAULT_VERSIONS= bdb=5 perl5=5.28 mysql=10.2m php=7.2 ruby=2.4 ssl=libressl CPUTYPE?=native CFLAGS= -O3 -pipe -funroll-loops OPTIONS_UNSET=X11 GSSAPI_BASE OPTIONS_SET= GSSAPI_MIT WITH_PKGNG=yes WITH_CCACHE_BUILD=yes WITH_LIBCPLUSPLUS=yes
It appears I can reproduce this on FreeBSD 12.0 with krb5-1.17. This report seems related, https://www.mail-archive.com/kerberos@mit.edu/msg04772.html - where Sam Hartman mentions "That's an internal API. IT seems highly unlikely that fetchmail actually wants des_string_to_key. I suspect it should look for some more reasonable symbol depending on what it is trynig to do." Might be that the upstream code needed some updating. Seems that it is trying to guess which libraries to pull in, when these days it might be better to just run krb5-config. Upon closer inspection, it would seem that the new patch that got pulled in in [2] triggers a regeneration of the configure script, which then clobbers cy@'s fix [3] that patched configure directly... ----------------------- [2] https://svnweb.freebsd.org/ports/head/mail/fetchmail/Makefile?r1=485579&r2=489439 [3] https://svnweb.freebsd.org/ports?view=revision&revision=468557
(In reply to Matthias Andree from comment #3) Ah yes, that's a tidbit that I forgot to mention: There is a patch for the symbol included in the port files, but it doesn't seem to get applied (anymore).
[mandree@freeryzen /usr/ports.svn/mail/fetchmail]$ svn st -v 489889 489439 cem . 489889 489439 cem Makefile 489889 489439 cem distinfo 489889 489439 cem files 489889 484295 roberto files/fetchmail.in 489889 313331 beech files/fetchmailconf.in 489889 340872 mat files/fetchmailrc.sample 489889 468557 cy files/patch-configure 489889 489439 cem files/patch-fetchmail.c 489889 489439 cem files/patch-socket.c 489889 340719 mat files/pkg-message.in 489889 372129 mandree pkg-descr 489889 419379 kevlo pkg-plist The build log from a live 12.0-RELEASE-p2 system that's otherwise running FreeBSD-latest packages is at: https://people.freebsd.org/~mandree/fetchmail-6.3.26_9.log I cannot reproduce this failure in poudriere either, only on the bare system. I have also uploaded the config.log files from the first run ("make configure"), and the second run ("make") - it runs off of a different version, without Cy's patch, with a different environment - diff the two logs to see for yourself. https://people.freebsd.org/~mandree/fetchmail-6.3.26_9-config-1.log https://people.freebsd.org/~mandree/fetchmail-6.3.26_9-config-2.log
Corey, Fedora's fetchmail-6.3.26-ssl-backport.patch includes the SNI patch, so the 9b8b634.patch from Gitlab can be omitted.
Created attachment 201001 [details] fix GSSAPI and NLS-less builds Corey, I am proposing the attached patch. It moves Cy Schubert's fix for krb5_des_string_to_key vs. krb5int_des_string_to_key into a configure.ac patch, formalizes running autoreconf, and adds a workaround for a framework bug that waives running autopoint when NLS is disabled, details inside the Makefile patch itself. At the same time, the SNI patch gets dropped, it is part of the Fedora TLS backport. It also appears that fetchmail 6.3.26 isn't up to parallel tests, so while at it, I am adding two options for the modern automake, namely subdir-objects serial-tests.
Comment on attachment 201001 [details] fix GSSAPI and NLS-less builds This looks good to me. Thank you! It passes poudriere testport on 11.2/amd64 with: 1) default settings 2) ssl=base + GSSAPI_MIT 3) ssl=port + GSSAPI_MIT 4) ssl=libressl + GSSAPI_MIT
A commit references this bug: Author: mandree Date: Fri Jan 11 06:36:29 UTC 2019 New revision: 489947 URL: https://svnweb.freebsd.org/changeset/ports/489947 Log: Fix GSSAPI-based, and NLS-less, builds. This was also tested on a live 12.0 amd64 machine, 11.2-arm64 and 11.2-i386 poudriere boxes with base GSSAPI. PR: 234740 Reported by: Peter Putzer (Bugzilla), Alex V. Petrov (e-mail) Approved by: Corey Halpin (maintainer) Changes: head/mail/fetchmail/Makefile head/mail/fetchmail/files/patch-configure head/mail/fetchmail/files/patch-configure.ac