Bug 252866 - WITH_OPENLDAP build option fails on missing file lber.h
Summary: WITH_OPENLDAP build option fails on missing file lber.h
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Some People
Assignee: Kyle Evans
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-01-20 17:29 UTC by Michael Dexter
Modified: 2021-02-04 06:06 UTC (History)
3 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Dexter 2021-01-20 17:29:42 UTC
The WITH_OPENLDAP build option fails on lber.h

/usr/src/crypto/heimdal/lib/hdb/hdb-ldap.c:39:10: fatal error: 'lber.h' file not found
#include <lber.h>

A find in /usr/src does not locate lber.h

--- asn1_hdb_entry_alias.pico ---
cc -target x86_64-unknown-freebsd13.0 --sysroot=/usr/obj/usr/src/amd64.amd64/tmp -B/usr/obj/usr/src/amd64.amd64/tmp/usr/bin -fpic -DPIC  -O2 -pipe -fno-common -I/usr/src/crypto/heimdal/lib/hdb -I/usr/src/crypto/heimdal/lib/asn1  -I/usr/src/crypto/heimdal/lib/roken -I/usr/src/contrib/sqlite3/  -I/usr/src/crypto/heimdal/lib/krb5  -I/usr/src/contrib/com_err  -I. -I/usr/local/include -DOPENLDAP=1 -DLDAP_DEPRECATED=1 -DHDB_DB_DIR="\"/var/heimdal\""   -DHAVE_CONFIG_H -I/usr/src/kerberos5/include -g -MD  -MF.depend.asn1_hdb_entry_alias.pico -MTasn1_hdb_entry_alias.pico -std=gnu99 -Wno-format-zero-length -fstack-protector-strong -Wno-error=deprecated-declarations -Wsystem-headers -Werror -Wno-pointer-sign -Wno-error=absolute-value -Wno-empty-body -Wno-string-plus-int -Wno-unused-const-variable -Wno-tautological-
/bin -fpic -DPIC  -O2 -pipe -fno-common -I/usr/src/crypto/heimdal/lib/hdb -I/usr/src/crypto/heimdal/lib/asn1  -I/usr/src/crypto/heimdal/lib/roken -I/usr/src/contrib/sqlite3/  -I/usr/src/crypto/heimdal/lib/krb5  -I/usr/src/contrib/com_err  -I. -I/usr/local/include -DOPENLDAP=1 -DLDAP_DEPRECATED=1 -DHDB_DB_DIR="\"/var/heimdal\""   -DHAVE_CONFIG_H -I/usr/src/kerberos5/include -g -MD  -MF.depend.asn1_hdb_keyset.pico -MTasn1_hdb_keyset.pico -std=gnu99 -Wno-format-zero-length -fstack-protector-strong -Wno-error=deprecated-declarations -Wsystem-headers -Werror -Wno-pointer-sign -Wno-error=absolute-value -Wno-empty-body -Wno-string-plus-int -Wno-unused-const-variable -Wno-tautological-compare -Wno-unused-value -Wno-parentheses-equality -Wno-unused-function -Wno-enum-conversion -Wno-unused-local-typedef -Wno-address-of-packed-member -Wno-switch -Wno-switch-enum -Wno-knr-promoted-parameter -Wno-parentheses  -Qunused-arguments    -c asn1_hdb_keyset.c -o asn1_hdb_keyset.pico
--- hdb-ldap.o ---
/usr/src/crypto/heimdal/lib/hdb/hdb-ldap.c:39:10: fatal error: 'lber.h' file not found
#include <lber.h>
         ^~~~~~~~
--- hdb-ldap.pico ---
/usr/src/crypto/heimdal/lib/hdb/hdb-ldap.c:39:10: fatal error: 'lber.h' file not found
#include <lber.h>
         ^~~~~~~~
--- hdb-ldap.o ---
1 error generated.
*** [hdb-ldap.o] Error code 1

make[4]: stopped in /usr/src/kerberos5/lib/libhdb
--- hdb-ldap.pico ---
1 error generated.
*** [hdb-ldap.pico] Error code 1
Comment 1 Michael Dexter 2021-01-20 17:35:08 UTC
Related: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=182546
Comment 2 Michael Dexter 2021-01-23 23:11:01 UTC
Confirmed on FreeBSD 13.0-ALPHA2 built on 13.0-ALPHA2.

Full built output is linked from: https://callfortesting.org/results/bos-FreeBSD-13A1/
Comment 3 Michael Dexter 2021-01-30 03:06:00 UTC
Confirmed on FreeBSD 13.0-ALPHA3 built on 13.0-ALPHA3.
Comment 4 commit-hook freebsd_committer 2021-01-30 16:42:33 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=7587d9823a8257b9a2d5b2e58c707026061058c6

commit 7587d9823a8257b9a2d5b2e58c707026061058c6
Author:     Kyle Evans <kevans@FreeBSD.org>
AuthorDate: 2021-01-30 06:09:10 +0000
Commit:     Kyle Evans <kevans@FreeBSD.org>
CommitDate: 2021-01-30 16:41:52 +0000

    build: options: mention ports in the WITH_OPENLDAP description

    There's a third party dependency on this option; currently,
    net/openldap24-{,sasl-}client.  At least mention that an openldap from ports
    is needed for this option.

    PR:             252866
    Reported-by:    Build Option Survey via Michael Dexter
    MFC-after:      3 days

 share/man/man5/src.conf.5         | 4 ++--
 tools/build/options/WITH_OPENLDAP | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)
Comment 5 Michael Dexter 2021-01-30 17:57:37 UTC
This brings it to:

--- asn1_hdb_entry_alias.pico ---
cc -target x86_64-unknown-freebsd14.0 --sysroot=/usr/obj/usr/src/amd64.amd64/tmp -B/usr/obj/usr/src/amd64.amd64/tmp/usr/bin -fpic -DPIC  -O2 -pipe -fno-common -I/usr/src/crypto/heimdal/lib/hdb -I/usr/src/crypto/heimdal/lib/asn1  -I/usr/src/crypto/heimdal/lib/roken -I/usr/src/contrib/sqlite3/  -I/usr/src/crypto/heimdal/lib/krb5  -I/usr/src/contrib/com_err  -I. -I/usr/local/include -DOPENLDAP=1 -DLDAP_DEPRECATED=1 -DHDB_DB_DIR="\"/var/heimdal\""   -DHAVE_CONFIG_H -I/usr/src/kerberos5/include -g -MD  -MF.depend.asn1_hdb_entry_alias.pico -MTasn1_hdb_entry_alias.pico -std=gnu99 -Wno-format-zero-length -fstack-protector-strong -Wno-pointer-sign -Wno-absolute-value -Wno-empty-body -Wno-string-plus-int -Wno-unused-const-variable -Wno-tautological-compare -Wno-unused-value -Wno-parentheses-equality -Wno-unused-function -Wno-enum-conversion -Wno-unused-local-typedef -Wno-address-of-packed-member -Wno-switch -Wno-switch-enum -Wno-knr-promoted-parameter -Wno-parentheses  -Qunused-arguments    -c asn1_hdb_entry_alias.c -o asn1_hdb_entry_alias.pico
--- asn1_hdb_keyset.pic
         ^~~~~~~~
--- hdb-ldap.o ---
1 error generated.
*** [hdb-ldap.o] Error code 1

Can the operator be warned of the dependency?
Comment 6 Kyle Evans freebsd_committer 2021-01-30 20:22:54 UTC
(In reply to Michael Dexter from comment #5)

Tagging in Cy in case he has some thoughts here-

With some effort, yes, we could formally define it (though now we mention it in src.conf(5) where you have to look to discover the knob, and it's implied by the knob name).

IMO, it's not worth it; AFAICT it's only relevant for a kdc and there's some desire to rip out all but the client bits. This knob would presumably be retired completely at that point, which is great since I believe it's the only one that has a hard dependency on a port being installed.
Comment 7 Cy Schubert freebsd_committer 2021-01-31 01:16:51 UTC
I'll take a look at it tonight (PDT).
Comment 8 Cy Schubert freebsd_committer 2021-01-31 02:01:59 UTC
our comment was:

    We have three suboptimal options:

    1. Depend on ports/net/openldap24-client.

    2. Import openldap24-client into src.

    3. Ignore OPENLDAP in Heimdal. Users who need or want LDAP support must install the heimdal or krb5 port.

    I'm not enamoured with options 1 or 2. This leaves options 3, which dovetails nicely with pkgbase.

    I'm of the opinion of removing kerberos server support from base anyway. I offered this but was opposed by a developer/admin who deploys base kerberos servers at his $JOB. (The reason for my proposal to remove kdc from base was that Heimdal and krb5 kadmin protocols are incompatible. And, since most of the world uses MIT krb5 this offers more flexibility. But I digress, this explains my reason for preferring option #3 above.)
Comment 9 Kyle Evans freebsd_committer 2021-01-31 02:17:37 UTC
(In reply to Cy Schubert from comment #8)

Given that, IMHO we should go ahead and close this as fixed since I documented the dependency on the openldap port in src.conf(5). I cannot reproduce any further breakage after my last round of fixes, and #3 is the only reasonable path forward -- #1 requires a decent amount of work for just this one build option that might encourage other shenanigans that we don't necessarily want in the future.
Comment 10 Michael Dexter 2021-01-31 02:19:18 UTC
Can the dependency be mechanically checked at build time and it exit with a warning? If not, this sounds like the best we can do. Thank you!
Comment 11 commit-hook freebsd_committer 2021-02-04 02:56:52 UTC
A commit in branch stable/13 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=d37a305bc52fdb6337c012f869fc54dba9408842

commit d37a305bc52fdb6337c012f869fc54dba9408842
Author:     Kyle Evans <kevans@FreeBSD.org>
AuthorDate: 2021-01-30 06:09:10 +0000
Commit:     Kyle Evans <kevans@FreeBSD.org>
CommitDate: 2021-02-04 02:56:01 +0000

    build: options: mention ports in the WITH_OPENLDAP description

    There's a third party dependency on this option; currently,
    net/openldap24-{,sasl-}client.  At least mention that an openldap from ports
    is needed for this option.

    PR:             252866

    (cherry picked from commit 7587d9823a8257b9a2d5b2e58c707026061058c6)

 share/man/man5/src.conf.5         | 4 ++--
 tools/build/options/WITH_OPENLDAP | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)
Comment 12 Michael Dexter 2021-02-04 06:06:09 UTC
A warning is huge progress. Thank you!

Closing.