From owner-svn-ports-all@freebsd.org Tue Nov 3 23:42:49 2015 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0E2D4A26014; Tue, 3 Nov 2015 23:42:49 +0000 (UTC) (envelope-from hrs@FreeBSD.org) Received: from mail.allbsd.org (gatekeeper.allbsd.org [IPv6:2001:2f0:104:e001::32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.allbsd.org", Issuer "RapidSSL CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id D0D7F109D; Tue, 3 Nov 2015 23:42:47 +0000 (UTC) (envelope-from hrs@FreeBSD.org) Received: from alph.d.allbsd.org (alph.d.allbsd.org [IPv6:2001:2f0:104:e010:862b:2bff:febc:8956] (may be forged)) (authenticated bits=56) by mail.allbsd.org (8.14.9/8.14.9) with ESMTP id tA3NgZTf085193 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 4 Nov 2015 08:42:36 +0900 (JST) (envelope-from hrs@FreeBSD.org) Received: from localhost (localhost [IPv6:::1]) (authenticated bits=0) by alph.d.allbsd.org (8.15.2/8.14.9) with ESMTPA id tA3NgZGg090536; Wed, 4 Nov 2015 08:42:35 +0900 (JST) (envelope-from hrs@FreeBSD.org) Date: Wed, 04 Nov 2015 08:36:41 +0900 (JST) Message-Id: <20151104.083641.2117830857202894349.hrs@allbsd.org> To: Cy.Schubert@komquats.com Cc: marino@freebsd.org, ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: Re: svn commit: r400565 - head/security/pam_krb5 From: Hiroki Sato In-Reply-To: <201511030457.tA34vkf5040066@slippy.cwsent.com> References: <201511030457.tA34vkf5040066@slippy.cwsent.com> X-PGPkey-fingerprint: BDB3 443F A5DD B3D0 A530 FFD7 4F2C D3D8 2793 CF2D X-Mailer: Mew version 6.7 on Emacs 24.5 / Mule 6.0 (HANACHIRUSATO) Mime-Version: 1.0 Content-Type: Multipart/Signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="--Security_Multipart0(Wed_Nov__4_08_36_41_2015_953)--" Content-Transfer-Encoding: 7bit X-Virus-Scanned: clamav-milter 0.98.6 at gatekeeper.allbsd.org X-Virus-Status: Clean X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (mail.allbsd.org [IPv6:2001:2f0:104:e001::32]); Wed, 04 Nov 2015 08:42:40 +0900 (JST) X-Spam-Status: No, score=-98.0 required=13.0 tests=CONTENT_TYPE_PRESENT, RCVD_IN_AHBL, RCVD_IN_AHBL_PROXY, RCVD_IN_AHBL_SPAM, RDNS_NONE, USER_IN_WHITELIST autolearn=no autolearn_force=no version=3.4.0 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on gatekeeper.allbsd.org X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Nov 2015 23:42:49 -0000 ----Security_Multipart0(Wed_Nov__4_08_36_41_2015_953)-- Content-Type: Multipart/Mixed; boundary="--Next_Part(Wed_Nov__4_08_36_41_2015_381)--" Content-Transfer-Encoding: 7bit ----Next_Part(Wed_Nov__4_08_36_41_2015_381)-- Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cy Schubert wrote in <201511030457.tA34vkf5040066@slippy.cwsent.com>: Cy> In message <56377C39.5000401@marino.st>, John Marino writes: Cy> > We don't have to settle for what it is. We can control the build flags. Cy> > Cy> > The bottom line is that a regression happened. If the current makefile Cy> > can't be fixed to operate as it was before, the change should be Cy> > reverted, right? Cy> Cy> Actually, it never worked in the first place. That is because the heimdal Cy> port puts its include files in ${LOCALBASE}/include/heimdal (take note of Cy> "heimdal" at the end of the path) and libraries in ${LOCALBASE}/lib/heimdal Cy> (same as above). Ldd ${LOCALBASE}/lib/security/pam_krb5.so makes that Cy> abundantly clear. Cy> Cy> Having said that, it's still no reason or excuse for it not to work. Tested Cy> in a virgin jail, it's working now, and committed. Sorry about the Cy> confusion. Can you please use the pre-defined variables for them instead of hardcoded pathnames? Pathnames for headers and libraries are defined as GSSAPIINCDIR and GSSAPILIBDIR in gssapi.mk in an implementation-neutral way (and "flags" modifier like "gssapi:heimdal,flags" imports them into CFLAGS and LDFLAGS if necessary). Tests for KRB5_HOME and HEIMDAL_HOME should also be replaced with GSSAPIBASEDIR. I confirmed that the attached patch worked fine. -- Hiroki ----Next_Part(Wed_Nov__4_08_36_41_2015_381)-- Content-Type: Text/X-Patch; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="pam_krb5.diff" Index: Makefile =================================================================== --- Makefile (revision 400700) +++ Makefile (working copy) @@ -23,37 +23,17 @@ OPTIONS_SINGLE_LINK= MIT HEIMDAL_BASE HEIMDAL_PORT OPTIONS_DEFAULT= MIT MIT_DESC= Link against MIT Kerberos +MIT_USES= gssapi:mit HEIMDAL_PORT_DESC= Link against Heimdal in ports Kerberos +HEIMDAL_PORT_USES= gssapi:heimdal HEIMDAL_BASE_DESC= Link against Heimdal in base Kerberos +HEIMDAL_BASE_USES= gssapi:base -.include +CONFIGURE_ARGS+= --with-krb5="${GSSAPIBASEDIR}" \ + --with-krb5-include="${GSSAPIINCDIR}" \ + --with-krb5-lib="${GSSAPILIBDIR}" +CONFIGURE_ENV= PATH_KRB5_CONFIG="${KRB5CONFIG}" -.if ${PORT_OPTIONS:MHEIMDAL_BASE} -USES+= gssapi:base -.elif ${PORT_OPTIONS:MHEIMDAL_PORT} -USES+= gssapi:heimdal -.if defined(HEIMDAL_HOME) -KRB5_DIR?= ${HEIMDAL_HOME} -.else -KRB5_DIR?= ${LOCALBASE} -.endif -CONFIGURE_ARGS+= --with-krb5="${KRB5_DIR}" \ - --with-krb5-include="${KRB5_DIR}/include/heimdal" \ - --with-krb5-lib="${KRB5_DIR}/lib/heimdal" -CONFIGURE_ENV= PATH_KRB5_CONFIG=${KRB5_DIR}/bin/krb5-config -.elif ${PORT_OPTIONS:MMIT} -USES+= gssapi:mit -LIB_DEPENDS= libkrb5.so.3:${PORTSDIR}/security/krb5 -.if defined(KRB5_HOME) -KRB5_DIR?= ${KRB5_HOME} -.else -KRB5_DIR?= ${LOCALBASE} -.endif -CONFIGURE_ARGS+= --with-krb5="${KRB5_DIR}" -.else -IGNORE= KRB5_IMPL option must be set -.endif - MANDIR= ${STAGEDIR}${MANPREFIX}/man post-install: ----Next_Part(Wed_Nov__4_08_36_41_2015_381)---- ----Security_Multipart0(Wed_Nov__4_08_36_41_2015_953)-- Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEABECAAYFAlY5RQkACgkQTyzT2CeTzy1lVACgt+P/Zh3/5vEt0/4Za3EQ3RlQ KN4AoLs9rgXUVpyzKtzeuuUc56S4dnMK =1Zhm -----END PGP SIGNATURE----- ----Security_Multipart0(Wed_Nov__4_08_36_41_2015_953)----