Date: Thu, 14 May 2015 14:19:05 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 196671] net/wireshark: fail to build when security/krb5 is installed Message-ID: <bug-196671-13-kDcsXv553H@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-196671-13@https.bugs.freebsd.org/bugzilla/> References: <bug-196671-13@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196671 John Hein <z7dr6ut7gs@snkmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |z7dr6ut7gs@snkmail.com --- Comment #2 from John Hein <z7dr6ut7gs@snkmail.com> --- Created attachment 156777 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=156777&action=edit be more explicit to deconfuse wireshark port regarding kerberos detection/compiling/linking Attached is a patch to fix this issue. It is more explicit about specifying the path to the kerberos lib and include files to use. It addresses the following build issues: (a) When security/krb5 is installed, configure detects the kerberos bits in base properly, but CPPFLAGS causes /usr/local/include/krb5.h to get included and that causes the compiler error described in this bug. (b) If you then explicitly modify #include <krb5.h> to #include </usr/include/krb5.h>, you get past the compiler error, but get undefined refs at link time because you link with /usr/local/lib/libkrb.so. [1] [2] (c) Just adding KRB5_CONFIG=/usr/bin/krb5-config is NOT enough because of (a) and (b). You could (I think) point KRB5_CONFIG=${LOCALBASE}/bin/krb5-config and force the port to depend on either the security/heimdal or security/krb5 port (if GSSAPI is on). But why force that extra dependency when the one in base should do the job just fine. see [3]. And if they have turned off kerberos in base (world built WITHOUT_KERBEROS), then it's their own fault for turning on GSSAPI. But we could support world WITHOUT_KERBEROS and a dependency on a kerberos port installed (LIB_DEPENDS) if GSSAPI is on. That'd be a different patch. [1] such as: epan/.libs/libwireshark.so: undefined reference to `krb5_crypto_destroy' [2] Putting -I /usr/include before -I /usr/local/include is not good enough because gcc ignores the former since it's in the system header path - see gcc info page; clang probably does that, too, but unverified by me. So I just patch the #include line to explicitly point to the proper absolute path. Some words about the patch: Override KRB5_PREFIX to point to a kerberos lib that's not the base one (a heimdal version). One could add an option to define KRB5_PREFIX based on a new option (KRB_BASE yes/no - if no, point KRB5_PREFIX at ${LOCALBASE} by default). But this is just to assist in evaluating packets on the wire that are from kerberos traffic. [3] The kerberos lib in base should work just fine for that (but I have not really tested if there is a difference in wireshark's output based on the different kerberos libs available in FreeBSD: base, ports MIT krb5, ports heimdal krb5). I did test that the port stages just fine with both base kerberos and ports MIT krb5 installed and a build with KRB5_PREFIX=/usr and KRB5_PREFIX=/usr/local. And the configure stage properly detected the various kerberos things correctly. Oh, and I also build tested WITHOUT=GSSAPI and that built successfully and without the kerberos bits enabled as expected. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-196671-13-kDcsXv553H>