From owner-freebsd-current@FreeBSD.ORG Sat Aug 8 01:50:26 2009 Return-Path: Delivered-To: freebsd-current@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 07E7A106566B for ; Sat, 8 Aug 2009 01:50:26 +0000 (UTC) (envelope-from bf1783@googlemail.com) Received: from mail-ew0-f206.google.com (mail-ew0-f206.google.com [209.85.219.206]) by mx1.freebsd.org (Postfix) with ESMTP id 6318F8FC0A for ; Sat, 8 Aug 2009 01:50:25 +0000 (UTC) Received: by ewy2 with SMTP id 2so1926639ewy.43 for ; Fri, 07 Aug 2009 18:50:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=odB0DdOzHyyPCsTR07LnOU81Y8ueZ68A0huzIE7k5V4=; b=pUFVPbaBymVEgPxaPklPonlLb+S33g4gfsIOgyoGHiJQEGeIYaupOZe14OsGi1xhJ/ HObZugZfq8qqXpsf7YsAo9dnbnKlJiAdztEAdXNtgq9Yjgug00G0J3EUfzk5CFjfx/SL X+hFZshwScoLcldMzq8BHtwbKS4URctcx0kHk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=b3G3F3Tq/bDHvIhX/4X5+HbcWdGyzXuEELYzUHZteaCWVaCBBpdhzmcu+liwDOZLaA 6oW8aeGlpu1eh6kgIhNhLckuXylIbw38kgAqu0hjm/sEBh5+I5ovuoEhVjoiSmWEUYtv ke9cTQuTp23YyXwDIPS0NanQUaw09Mh8duEsE= MIME-Version: 1.0 Received: by 10.216.4.80 with SMTP id 58mr364428wei.173.1249696224287; Fri, 07 Aug 2009 18:50:24 -0700 (PDT) In-Reply-To: <20090807205432.8FA4D1CC31@ptavv.es.net> References: <20090807205432.8FA4D1CC31@ptavv.es.net> Date: Sat, 8 Aug 2009 01:50:24 +0000 Message-ID: From: "b. f." To: Kevin Oberman Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-current@FreeBSD.org Subject: Re: Unable to build HEAD X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 08 Aug 2009 01:50:26 -0000 On 8/7/09, Kevin Oberman wrote: >> Date: Thu, 6 Aug 2009 11:37:50 +0000 >> From: "b. f." >> >> On 8/6/09, Kevin Oberman wrote: >> >I have tested a patch from bf and it works. I've asked if he wants to >> >submit the PR or if he wants me to. If I don;t hear from him, I'll >> >submit tomorrow. >> >> Slightly revised and augmented patch is in: >> >> http://www.freebsd.org/cgi/query-pr.cgi?pr=137483 > > I think the patch is right, but I am still broken. I also had to remove > the ".if ${MK_OPENSSH) != "no" and paired ".endif" from > /usr/src/lib/libpam/modules/modules.inc. Once this was done, it looks > like everything is correct. > > I think the right answer is to either unconditionally build the pam > module or to add an option that is specific to the module. I think the > former is really the way to go as the module only adds 46K to the system > and, if you build without OpenSSH, you are either building an embedded > system where you will almost certainly be trimming a lot further than > the src.conf file allows, or because you are using the version from > ports. If the latter, you almost certainly WILL want pam_ssh. I agree, this is a problem if you still want pam_ssh, and want to use OpenSSH from Ports. A similar situation exists for pam_krb5 and pam_ksu with WITHOUT_KERBEROS=yes. But I don't see how you can still properly build working versions of these modules without putting in some hooks to link to the needed libraries in ${LOCALBASE}. (They need to be linked against the appropriate OpenSSH and Heimdal libraries.) How were you able to build pam_ssh when WITHOUT_OPENSSH=yes? Do you still have some old OpenSSH cruft installed in your base system that wasn't removed by make delete-old/make-delete-old-libs (which aren't set up properly for this option yet, as I pointed out), and so the modules were able to link against the old libraries? b.