From owner-freebsd-ports-bugs@freebsd.org Mon Dec 21 17:56:41 2015 Return-Path: Delivered-To: freebsd-ports-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 14013A4DF02 for ; Mon, 21 Dec 2015 17:56:41 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0434A1602 for ; Mon, 21 Dec 2015 17:56:41 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id tBLHuejd073347 for ; Mon, 21 Dec 2015 17:56:40 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 205493] net/freeradius3: Does not link properly against selected kerberos implementation Date: Mon, 21 Dec 2015 17:56:40 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: freebsd@simweb.ch X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: zi@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter flagtypes.name attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Dec 2015 17:56:41 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=205493 Bug ID: 205493 Summary: net/freeradius3: Does not link properly against selected kerberos implementation Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: zi@FreeBSD.org Reporter: freebsd@simweb.ch Flags: maintainer-feedback?(zi@FreeBSD.org) Assignee: zi@FreeBSD.org Created attachment 164463 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=164463&action=edit Patch net/freeradius3/Makefile to fix/improve kerberos selection. Hi net/freeradius3 seems to link always against Heimdal kerberos in base as soon as one of the 3 possible options is enabled. The issue is already visible 'make stage': # HEIMDAL # ldd work/stage/usr/local/lib/freeradius-3.0.10/rlm_krb5.so work/stage/usr/local/lib/freeradius-3.0.10/rlm_krb5.so: libkrb5.so.11 => /usr/lib/libkrb5.so.11 (0x801604000) -> OK. HEIMDAL_PORT: Builds but doesn't find the library and thus no rlm_krb5.so is built KERBEROS: stops with an error when building rlm_krb5, I haven't dug deeper there. The main cause is due to an upstream change which changed the Kerberos parameters starting with 3.0.1. 3.0.0 used the same options as are still valid with 2.2.9, not 3.0.1 onwards.* The relevant file in the FreeRADIUS source is src/modules/rlm_krb5/configure(.ac), the option is not revealed by 'configure --help' I'd propose to make a selection group which makes it impossible to chose more than 1 Kerberos implementation, but still allows disabling rlm_krb5 entirely. The dependency was changed with the following idea: HEIMDAL_BASE: libkrb5.so*.26*, otherwise the dependency is fullfilled by librkrb5.so in base After the modifications: # HEIMDAL (test with and without security/heimdal installed) # ldd work/stage/usr/local/lib/freeradius-3.0.10/rlm_krb5.so work/stage/usr/local/lib/freeradius-3.0.10/rlm_krb5.so: libkrb5.so.11 => /usr/lib/libkrb5.so.11 (0x801604000) [...] # HEIMDAL_PORT (security/heimdal installed, security/krb5 absend as they conflict) # ldd work/stage/usr/local/lib/freeradius-3.0.10/rlm_krb5.so work/stage/usr/local/lib/freeradius-3.0.10/rlm_krb5.so: libkrb5.so.26 => /usr/local/lib/heimdal/libkrb5.so.26 (0x801604000) [...] # KERBEROS (security/krb5 instaled, security/heimdal absend as they conflict) # ldd work/stage/usr/local/lib/freeradius-3.0.10/rlm_krb5.so work/stage/usr/local/lib/freeradius-3.0.10/rlm_krb5.so: libkrb5.so.3.3 => /usr/local/lib/libkrb5.so.3.3 (0x801604000) [...] There is still 1 corner case which I don't know how to fix yet: If the system has krb5 installed from ports/packages but the port is built with HEIMDAL from base it gets confused and fails to build. Upstream has said that usually there should not be 2 different Kerberos libraries and currently I don't know where the exception should be handled best. -- Mathieu * Here is the commit from back then: https://github.com/FreeRADIUS/freeradius-server/commit/7889d4b840920526b4598422771617d389ea5ab7 -- You are receiving this mail because: You are the assignee for the bug.