From nobody Tue Jun 24 17:06:53 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bRWZj6TDcz602j7; Tue, 24 Jun 2025 17:06:53 +0000 (UTC) (envelope-from ivy@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4bRWZj5s2wz436m; Tue, 24 Jun 2025 17:06:53 +0000 (UTC) (envelope-from ivy@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1750784813; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=FcJQWf+25PtPGRMMMwkhK5WrRhBSs4JKwyuR5GlA/jM=; b=nxyUdEjoU52BtVDFmiOTfYSraNqXhEk0VYb5H+1qhUD5iMvvfkLNMzLafUrGnY1WbI2aGx 3zC6VVXpUstHFpKnBpVHRMUS5QArsUPoCV0EMYkb+69xHa0u4hgobvrjNwl9tsNTh2j1MD zG4tEsHafuI2u9cwofQr+i0OJte3QdDmRlPJyhKq+gFH98gchO5JN9PaM6MI+R8GneAJpB elMzyH90yOUGLrZFgA6QFyfc1SkiWL99zogIVf77oamZKtZQAwOz+ff8o0ZMUZXSEFNW/z bNmQVbIVH4U60aJW0xeCWmfmtYvXVlhja3LE+tDb/rllED/4/aRL11kUo5WDvQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1750784813; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=FcJQWf+25PtPGRMMMwkhK5WrRhBSs4JKwyuR5GlA/jM=; b=V2Lan3yiY+g02vVSoBEd9rf28B+VhbzFhz47qOMk/rqqKW56ygb2evNobMZGoVE8ZX1OZA FfTKriFdOSPYk484pn8KVouuVBG0x8zUeNZRgRkUr7ouf+L/rzWZALV7xfKgkXOgA/KqFw G4Toha1vBBFg5SIxAjpNfpRjCX79Fd5zDc5q2toD0hw0kGIpoBfZiMIWHf8wi9mVbQ+o3K Qn1f29IYfBjzc0szw1BE78xndV2HOrgIbvB32/tc/5W9EtBj51qXZM4hy/h1+tfbcbDO3K Qd0dcJQRLDNg8HPYcz3FsTyInenRyiSsA/V9rLhWZJfYGNhEhBfMZC3VRDz6yw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1750784813; a=rsa-sha256; cv=none; b=jbFi1TXDnOZ1wOosJAbz2MBpTS0CuI/HE4vlnxWd6sH9zQZMYDWhoxXiyLz15IRexEW8ri C0v7d5mlocvbSdJyGrUYNHBFv7s3Wq1FIHQyY2oagqIMhdeFTzAsz908NOotZrwRbvkLoU XmPtZTtCHSJYZUmEMdkvmoLFp8A5XdRvcVgdKDu004bWmUkyssE2G3c9jAHNYvnbM6XNr0 8OjE0c84Pnqe5URxxrCXfq0o4ptvosZ4WJZFUkKZk3/9fG3DEcuoUM3XzjFj/vNMk5BEnB ZlfcjN/WrA+cNnJbC+DQHjuBEwrvFMaPeykydn/9pnRt+bQpPB4frcn0xw9j5A== Received: by freefall.freebsd.org (Postfix, from userid 1532) id C20B368C1; Tue, 24 Jun 2025 17:06:53 +0000 (UTC) Date: Tue, 24 Jun 2025 18:06:53 +0100 From: Lexi Winter To: Cy Schubert Cc: Dima Panov , Cy Schubert , src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Subject: Re: git: 7e35117eb07f - main - Makefile: Hook MIT KRB5 into the build Message-ID: Mail-Followup-To: Cy Schubert , Dima Panov , Cy Schubert , src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org References: <202506160251.55G2pwx4063231@gitrepo.freebsd.org> <20250620073050.7f03f74e@slippy> <3742e37c-bca9-4778-881a-94c09aefdb32@FreeBSD.org> <20250623093010.71b18c87@slippy> <5fa53b5b-6c66-4195-8c89-1fc9d7b165bd@FreeBSD.org> <20250624083004.6de66e53@slippy> <20250624165402.5B759112@slippy.cwsent.com> List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="wl1wY8zqm+zZ4JUH" Content-Disposition: inline In-Reply-To: <20250624165402.5B759112@slippy.cwsent.com> --wl1wY8zqm+zZ4JUH Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Cy Schubert: > In message , Lexi Winter writes: > > i'm hoping with MIT krb5 in base, we might be able to find a better > > solution to this, but i haven't had a chance to actually try it. > > it may be we have to go with a glib-style "bootstrap port" solution. =20 > It may help bootstrap but you can't rely on it to supply your KDC needs a= s=20 > it doesn't and will never use LDAP, unless we import OpenLDAP into base,= =20 > and that's another matter of discussion. i am thinking purely in terms of ports here, e.g.: - krb5-ldap requires openldap26@bootstrap - openldap26@bootstrap builds OpenLDAP without Kerberos support - after building krb5-ldap you then build openldap26 with Kerberos support which is a drop-in replacement for openldap26@bootstrap. then you install krb5-ldap and openldap26-server and the openldap26@bootstrap port is never used after the package build is done. the exact details of how this works might be more complicated but my understanding is that this is how devel/glib20 and devel/gobject-introspection manage to depend on each other. i was hoping MIT krb5 in base would avoid the need for this, but i don't think it does: if ports openldap links to base krb5, and ports krb5 links to ports openldap, you'd end up with the KDC binary linking to both base and ports krb5. so in practice, you'd still need to ignore base Kerberos entirely (other than for NFS) and build everything against ports krb5, like we do now. --wl1wY8zqm+zZ4JUH Content-Type: application/pgp-signature; name=signature.asc -----BEGIN PGP SIGNATURE----- iHUEABYKAB0WIQSyjTg96lp3RifySyn1nT63mIK/YAUCaFrbKgAKCRD1nT63mIK/ YAjqAQDBz63Fwkodgt/MFpL4U5Mb9dCJ3K5C47HRpIRgu8J8HgEAjRz+VpMHS9JN eKv2NarpPZReSXTeFCRfRCVjY+EhPgQ= =PHx+ -----END PGP SIGNATURE----- --wl1wY8zqm+zZ4JUH--