From owner-svn-ports-all@freebsd.org Sun Apr 22 14:59:25 2018 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EA617FA62D8; Sun, 22 Apr 2018 14:59:24 +0000 (UTC) (envelope-from joneum@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9C3588638B; Sun, 22 Apr 2018 14:59:24 +0000 (UTC) (envelope-from joneum@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 7CCE017429; Sun, 22 Apr 2018 14:59:24 +0000 (UTC) (envelope-from joneum@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w3MExOOg016483; Sun, 22 Apr 2018 14:59:24 GMT (envelope-from joneum@FreeBSD.org) Received: (from joneum@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w3MExOjn016479; Sun, 22 Apr 2018 14:59:24 GMT (envelope-from joneum@FreeBSD.org) Message-Id: <201804221459.w3MExOjn016479@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: joneum set sender to joneum@FreeBSD.org using -f From: Jochen Neumeister Date: Sun, 22 Apr 2018 14:59:24 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r468031 - in head/www/nginx: . files X-SVN-Group: ports-head X-SVN-Commit-Author: joneum X-SVN-Commit-Paths: in head/www/nginx: . files X-SVN-Commit-Revision: 468031 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Apr 2018 14:59:25 -0000 Author: joneum Date: Sun Apr 22 14:59:23 2018 New Revision: 468031 URL: https://svnweb.freebsd.org/changeset/ports/468031 Log: HTTP_AUTH_KRB5 option is not fully implemented. This patch makes it build with security/krb5 and security/heimdal PR: 226044 Reviewed by: brnrd Differential Revision: https://reviews.freebsd.org/D14973 Modified: head/www/nginx/Makefile head/www/nginx/Makefile.extmod head/www/nginx/Makefile.options.desc head/www/nginx/files/extra-patch-spnego-http-auth-nginx-module-config Modified: head/www/nginx/Makefile ============================================================================== --- head/www/nginx/Makefile Sun Apr 22 13:52:01 2018 (r468030) +++ head/www/nginx/Makefile Sun Apr 22 14:59:23 2018 (r468031) @@ -71,7 +71,7 @@ OPTIONS_GROUP_HTTPGRP= GOOGLE_PERFTOOLS HTTP HTTP_ADDI HTTP_REWRITE HTTP_SECURE_LINK HTTP_SLICE HTTP_SSL HTTP_STATUS HTTP_SUB \ HTTP_XSLT HTTPV2 STREAM STREAM_SSL STREAM_SSL_PREREAD # External modules (arrayvar MUST appear after devel_kit for build-dep) -OPTIONS_GROUP_HTTPGRP+= AJP AWS_AUTH BROTLI CACHE_PURGE CLOJURE CT DEVEL_KIT \ +OPTIONS_GROUP_HTTPGRP+= AJP AWS_AUTH BROTLI CACHE_PURGE CLOJURE CT DEVEL_KIT \ ARRAYVAR DRIZZLE DYNAMIC_UPSTREAM ECHO ENCRYPTSESSION FASTDFS FORMINPUT \ GRIDFS HEADERS_MORE HTTP_ACCEPT_LANGUAGE HTTP_AUTH_DIGEST HTTP_AUTH_KRB5 \ HTTP_AUTH_LDAP HTTP_AUTH_PAM HTTP_DAV_EXT HTTP_EVAL HTTP_FANCYINDEX \ @@ -84,12 +84,19 @@ OPTIONS_GROUP_HTTPGRP+= AJP AWS_AUTH BROTLI CACHE_PUR SET_MISC SFLOW SHIBBOLETH SLOWFS_CACHE SMALL_LIGHT SRCACHE XSS OPTIONS_GROUP_MAILGRP= MAIL MAIL_IMAP MAIL_POP3 MAIL_SMTP MAIL_SSL OPTIONS_DEFINE= DEBUG DEBUGLOG DSO FILE_AIO IPV6 THREADS WWW -OPTIONS_DEFAULT?=DSO FILE_AIO HTTP HTTP_ADDITION HTTP_AUTH_REQ HTTP_CACHE \ +OPTIONS_DEFAULT?= DSO FILE_AIO HTTP HTTP_ADDITION HTTP_AUTH_REQ HTTP_CACHE \ HTTP_DAV HTTP_FLV HTTP_GZIP_STATIC HTTP_GUNZIP_FILTER \ HTTP_MP4 HTTP_RANDOM_INDEX HTTP_REALIP HTTP_SECURE_LINK \ HTTP_SLICE HTTP_REWRITE HTTP_SSL HTTP_STATUS HTTP_SUB \ HTTPV2 MAIL MAIL_SSL STREAM STREAM_SSL STREAM_SSL_PREREAD \ THREADS WWW + +OPTIONS_RADIO+= GSSAPI +OPTIONS_RADIO_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT +GSSAPI_BASE_USES= gssapi +GSSAPI_HEIMDAL_USES= gssapi:heimdal,flags +GSSAPI_MIT_USES= gssapi:mit + OPTIONS_SUB= yes .include "Makefile.options.desc" @@ -101,6 +108,10 @@ ${opt}_IMPLIES= MAIL .for opt in ${OPTIONS_GROUP_HTTPGRP:NHTTP} WWW ${opt}_IMPLIES= HTTP .endfor + +GSSAPI_BASE_IMPLIES= HTTP_AUTH_KRB5 +GSSAPI_HEIMDAL_IMPLIES= HTTP_AUTH_KRB5 +GSSAPI_MIT_IMPLIES= HTTP_AUTH_KRB5 # If the target is makesum, make sure that every distfile is fetched. .if ${.TARGETS:Mmakesum} Modified: head/www/nginx/Makefile.extmod ============================================================================== --- head/www/nginx/Makefile.extmod Sun Apr 22 13:52:01 2018 (r468030) +++ head/www/nginx/Makefile.extmod Sun Apr 22 14:59:23 2018 (r468031) @@ -83,11 +83,7 @@ HTTP_AUTH_DIGEST_VARS= DSO_EXTMODS+=auth_digest HTTP_AUTH_KRB5_GH_TUPLE= stnoonan:spnego-http-auth-nginx-module:7e028a5:auth_krb5 HTTP_AUTH_KRB5_VARS= DSO_EXTMODS+=auth_krb5 -#HTTP_AUTH_KRB5_EXTRA_PATCHES=${PATCHDIR}/extra-patch-spnego-http-auth-nginx-module-config -#OPTIONS_RADIO+= GSSAPI -#OPTIONS_RADIO_GSSAPI+= GSSAPI_HEIMDAL GSSAPI_MIT -#GSSAPI_HEIMDAL_USES= gssapi:heimdal,flags -#GSSAPI_MIT_USES= gssapi:mit +HTTP_AUTH_KRB5_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-spnego-http-auth-nginx-module-config HTTP_AUTH_LDAP_GH_TUPLE= kvspb:nginx-auth-ldap:42d195d:http_auth_ldap HTTP_AUTH_LDAP_VARS= DSO_EXTMODS+=http_auth_ldap Modified: head/www/nginx/Makefile.options.desc ============================================================================== --- head/www/nginx/Makefile.options.desc Sun Apr 22 13:52:01 2018 (r468030) +++ head/www/nginx/Makefile.options.desc Sun Apr 22 14:59:23 2018 (r468031) @@ -20,6 +20,7 @@ FILE_AIO_DESC= Enable file aio FORMINPUT_DESC= 3rd party form_input module GOOGLE_PERFTOOLS_DESC= Enable google perftools module GRIDFS_DESC= 3rd party gridfs module +GSSAPI_DESC= GSSAPI implementation (imply HTTP_AUTH_KRB5) HEADERS_MORE_DESC= 3rd party headers_more module HTTPGRP_DESC= Modules that require HTTP module HTTPV2_DESC= Enable HTTP/2 protocol support (SSL req.) Modified: head/www/nginx/files/extra-patch-spnego-http-auth-nginx-module-config ============================================================================== --- head/www/nginx/files/extra-patch-spnego-http-auth-nginx-module-config Sun Apr 22 13:52:01 2018 (r468030) +++ head/www/nginx/files/extra-patch-spnego-http-auth-nginx-module-config Sun Apr 22 14:59:23 2018 (r468031) @@ -1,9 +1,20 @@ --- ../spnego-http-auth-nginx-module-0c6ff3f/config.orig 2017-04-15 13:07:01.159506000 -0400 -+++ ../spnego-http-auth-nginx-module-0c6ff3f/config 2017-04-15 13:07:36.283398000 -0400 -@@ -1,5 +1,5 @@ ++++ ../spnego-http-auth-nginx-module-7e028a5/config 2018-04-20 00:15:08.515289000 +0200 +@@ -1,9 +1,6 @@ ngx_addon_name=ngx_http_auth_spnego_module -ngx_feature_libs="-lgssapi_krb5 -lkrb5 -lcom_err" -+ngx_feature_libs="%%GSSAPILIBS%% -lcom_err" +- +-if uname -o | grep -q FreeBSD; then +- ngx_feature_libs="$ngx_feature_libs -lgssapi" +-fi ++ngx_feature_libs="%%GSSAPILIBS%%" ++ngx_module_incs="%%GSSAPINCDIR%%" - if uname -o | grep -q FreeBSD; then - ngx_feature_libs="$ngx_feature_libs -lgssapi" + if test -n "$ngx_module_link"; then + ngx_module_type=HTTP +@@ -16,3 +13,5 @@ else + NGX_ADDON_SRCS="$NGX_ADDON_SRCS $ngx_addon_dir/ngx_http_auth_spnego_module.c" + CORE_LIBS="$CORE_LIBS $ngx_feature_libs" + fi ++ ++LDFLAGS="-L%%GSSAPILIBDIR%% $LDFLAGS"