From owner-svn-ports-head@freebsd.org  Sun Apr 22 15:46:12 2018
Return-Path: <owner-svn-ports-head@freebsd.org>
Delivered-To: svn-ports-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0FA82FA9637;
 Sun, 22 Apr 2018 15:46:12 +0000 (UTC)
 (envelope-from cy.schubert@cschubert.com)
Received: from smtp-out-so.shaw.ca (smtp-out-so.shaw.ca [64.59.136.139])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "Client", Issuer "CA" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 68310718C7;
 Sun, 22 Apr 2018 15:46:11 +0000 (UTC)
 (envelope-from cy.schubert@cschubert.com)
Received: from spqr.komquats.com ([70.67.125.17]) by shaw.ca with ESMTPA
 id AHBifJLnkbrv9AHBjfoC09; Sun, 22 Apr 2018 09:46:04 -0600
X-Authority-Analysis: v=2.3 cv=JOMVTfCb c=1 sm=1 tr=0
 a=VFtTW3WuZNDh6VkGe7fA3g==:117 a=VFtTW3WuZNDh6VkGe7fA3g==:17
 a=Kd1tUaAdevIA:10 a=YxBL1-UpAAAA:8 a=6I5d2MoRAAAA:8 a=_6zSmo5mCeLP97zgmO8A:9
 a=l-I3-V2jCiwkWrS1:21 a=VN2pSlZyWpr6cZ4E:21 a=QEXdDO2ut3YA:10
 a=cVPBiGgemJe3xm_RIW0A:9 a=ISMzCti9LwvRJnU-:21 a=04y2uqtiOYfye4xa:21
 a=06BfpVLrpbNGuDLq:21 a=_W_S_7VecoQA:10 a=Ia-lj3WSrqcvXOmTRaiG:22
 a=IjZwj45LgO3ly-622nXo:22
Received: from [192.168.1.110] (S0106002401cb186f.gv.shawcable.net
 [70.67.125.17])
 by spqr.komquats.com (Postfix) with ESMTPSA id BE100181;
 Sun, 22 Apr 2018 08:46:00 -0700 (PDT)
MIME-Version: 1.0
From: Cy Schubert <Cy.Schubert@cschubert.com>
Subject: RE: svn commit: r468031 - in head/www/nginx: . files
Date: Sun, 22 Apr 2018 08:46:10 -0700
To: Jochen Neumeister <joneum@FreeBSD.org>, 
 "ports-committers@freebsd.org" <ports-committers@freebsd.org>, 
 "svn-ports-all@freebsd.org" <svn-ports-all@freebsd.org>, 
 "svn-ports-head@freebsd.org" <svn-ports-head@freebsd.org>
Message-Id: <20180422154600.BE100181@spqr.komquats.com>
X-CMAE-Envelope: MS4wfKF5P1xbFJAde13rOxveJATV6BxGwPamlgPh+sZhkiUmu/aktWgXd3QuQd2kikJTOl3zv2qvSGnLwsZSgVoE7LJsUulSnCZXs2yRVCu29s+dSU9O2drl
 hp5/Wz941d3WeZ8l6FK6Qawt0RxsBxb8gBAFmQ06Xst49oYsly6CHlsMgy7TuMQLYKEwuxZYC9L0WRegxE6JGjMuYAnsgbe7nkUfTVtIKTMN3qRT8WdfAO0i
 SPF2ZYDX5c/jGOaHBbooDbyAN+kVIQPw30uetFxYJsakxCfQbgRDSyxSE50TnUmuOYHRAzD7enzVtWjbwdICuw==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.25
X-BeenThere: svn-ports-head@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: SVN commit messages for the ports tree for head
 <svn-ports-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-ports-head>, 
 <mailto:svn-ports-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-head/>
List-Post: <mailto:svn-ports-head@freebsd.org>
List-Help: <mailto:svn-ports-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-ports-head>,
 <mailto:svn-ports-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Apr 2018 15:46:12 -0000

Thank you. This helps a lot with the private heimdal in base project.

---
Sent using a tiny phone keyboard.
Apologies for any typos and autocorrect.
Also, this old phone only supports top post. Apologies.

Cy Schubert
<Cy.Schubert@cschubert.com> or <cy@freebsd.org>
The need of the many outweighs the greed of the few.
---

-----Original Message-----
From: Jochen Neumeister
Sent: 22/04/2018 08:05
To: ports-committers@freebsd.org; svn-ports-all@freebsd.org; svn-ports-head=
@freebsd.org
Subject: svn commit: r468031 - in head/www/nginx: . files

Author: joneum
Date: Sun Apr 22 14:59:23 2018
New Revision: 468031
URL: https://svnweb.freebsd.org/changeset/ports/468031

Log:
  HTTP_AUTH_KRB5 option is not fully implemented. This patch makes it build=
 with security/krb5 and security/heimdal
 =20
  PR:		226044
  Reviewed by:	brnrd
  Differential Revision:	https://reviews.freebsd.org/D14973

Modified:
  head/www/nginx/Makefile
  head/www/nginx/Makefile.extmod
  head/www/nginx/Makefile.options.desc
  head/www/nginx/files/extra-patch-spnego-http-auth-nginx-module-config

Modified: head/www/nginx/Makefile
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D
--- head/www/nginx/Makefile	Sun Apr 22 13:52:01 2018	(r468030)
+++ head/www/nginx/Makefile	Sun Apr 22 14:59:23 2018	(r468031)
@@ -71,7 +71,7 @@ OPTIONS_GROUP_HTTPGRP=3D	GOOGLE_PERFTOOLS HTTP HTTP_ADDI
 	HTTP_REWRITE HTTP_SECURE_LINK HTTP_SLICE HTTP_SSL HTTP_STATUS HTTP_SUB \
 	HTTP_XSLT HTTPV2 STREAM STREAM_SSL STREAM_SSL_PREREAD
 # External modules (arrayvar MUST appear after devel_kit for build-dep)
-OPTIONS_GROUP_HTTPGRP+=3D	AJP  AWS_AUTH BROTLI CACHE_PURGE CLOJURE CT DEVE=
L_KIT \
+OPTIONS_GROUP_HTTPGRP+=3D	AJP AWS_AUTH BROTLI CACHE_PURGE CLOJURE CT DEVEL=
_KIT \
 	ARRAYVAR DRIZZLE DYNAMIC_UPSTREAM ECHO ENCRYPTSESSION FASTDFS FORMINPUT \
 	GRIDFS HEADERS_MORE HTTP_ACCEPT_LANGUAGE HTTP_AUTH_DIGEST HTTP_AUTH_KRB5 =
\
 	HTTP_AUTH_LDAP HTTP_AUTH_PAM HTTP_DAV_EXT HTTP_EVAL HTTP_FANCYINDEX \
@@ -84,12 +84,19 @@ OPTIONS_GROUP_HTTPGRP+=3D	AJP  AWS_AUTH BROTLI CACHE_PU=
R
 	SET_MISC SFLOW SHIBBOLETH SLOWFS_CACHE SMALL_LIGHT SRCACHE XSS
 OPTIONS_GROUP_MAILGRP=3D	MAIL MAIL_IMAP MAIL_POP3 MAIL_SMTP MAIL_SSL
 OPTIONS_DEFINE=3D	DEBUG DEBUGLOG DSO FILE_AIO IPV6 THREADS WWW
-OPTIONS_DEFAULT?=3DDSO FILE_AIO HTTP HTTP_ADDITION HTTP_AUTH_REQ HTTP_CACH=
E \
+OPTIONS_DEFAULT?=3D	DSO FILE_AIO HTTP HTTP_ADDITION HTTP_AUTH_REQ HTTP_CAC=
HE \
 		HTTP_DAV HTTP_FLV HTTP_GZIP_STATIC HTTP_GUNZIP_FILTER \
 		HTTP_MP4 HTTP_RANDOM_INDEX HTTP_REALIP HTTP_SECURE_LINK \
 		HTTP_SLICE HTTP_REWRITE HTTP_SSL HTTP_STATUS HTTP_SUB \
 		HTTPV2 MAIL MAIL_SSL STREAM STREAM_SSL STREAM_SSL_PREREAD \
 		THREADS WWW
+
+OPTIONS_RADIO+=3D		GSSAPI
+OPTIONS_RADIO_GSSAPI=3D	GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT
+GSSAPI_BASE_USES=3D	gssapi
+GSSAPI_HEIMDAL_USES=3D	gssapi:heimdal,flags
+GSSAPI_MIT_USES=3D	gssapi:mit
+
 OPTIONS_SUB=3D	yes
=20
 .include "Makefile.options.desc"
@@ -101,6 +108,10 @@ ${opt}_IMPLIES=3D	MAIL
 .for opt in ${OPTIONS_GROUP_HTTPGRP:NHTTP} WWW
 ${opt}_IMPLIES=3D	HTTP
 .endfor
+
+GSSAPI_BASE_IMPLIES=3D	HTTP_AUTH_KRB5
+GSSAPI_HEIMDAL_IMPLIES=3D	HTTP_AUTH_KRB5
+GSSAPI_MIT_IMPLIES=3D	HTTP_AUTH_KRB5
=20
 # If the target is makesum, make sure that every distfile is fetched.
 .if ${.TARGETS:Mmakesum}

Modified: head/www/nginx/Makefile.extmod
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D
--- head/www/nginx/Makefile.extmod	Sun Apr 22 13:52:01 2018	(r468030)
+++ head/www/nginx/Makefile.extmod	Sun Apr 22 14:59:23 2018	(r468031)
@@ -83,11 +83,7 @@ HTTP_AUTH_DIGEST_VARS=3D		DSO_EXTMODS+=3Dauth_digest
=20
 HTTP_AUTH_KRB5_GH_TUPLE=3D	stnoonan:spnego-http-auth-nginx-module:7e028a5:=
auth_krb5
 HTTP_AUTH_KRB5_VARS=3D		DSO_EXTMODS+=3Dauth_krb5
-#HTTP_AUTH_KRB5_EXTRA_PATCHES=3D${PATCHDIR}/extra-patch-spnego-http-auth-n=
ginx-module-config
-#OPTIONS_RADIO+=3D		GSSAPI
-#OPTIONS_RADIO_GSSAPI+=3D	GSSAPI_HEIMDAL GSSAPI_MIT
-#GSSAPI_HEIMDAL_USES=3D	gssapi:heimdal,flags
-#GSSAPI_MIT_USES=3D	gssapi:mit
+HTTP_AUTH_KRB5_EXTRA_PATCHES=3D	${PATCHDIR}/extra-patch-spnego-http-auth-n=
ginx-module-config
=20
 HTTP_AUTH_LDAP_GH_TUPLE=3D	kvspb:nginx-auth-ldap:42d195d:http_auth_ldap
 HTTP_AUTH_LDAP_VARS=3D		DSO_EXTMODS+=3Dhttp_auth_ldap

Modified: head/www/nginx/Makefile.options.desc
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D
--- head/www/nginx/Makefile.options.desc	Sun Apr 22 13:52:01 2018	(r468030)
+++ head/www/nginx/Makefile.options.desc	Sun Apr 22 14:59:23 2018	(r468031)
@@ -20,6 +20,7 @@ FILE_AIO_DESC=3D			Enable file aio
 FORMINPUT_DESC=3D			3rd party form_input module
 GOOGLE_PERFTOOLS_DESC=3D		Enable google perftools module
 GRIDFS_DESC=3D			3rd party gridfs module
+GSSAPI_DESC=3D			GSSAPI implementation (imply HTTP_AUTH_KRB5)
 HEADERS_MORE_DESC=3D		3rd party headers_more module
 HTTPGRP_DESC=3D			Modules that require HTTP module
 HTTPV2_DESC=3D			Enable HTTP/2 protocol support (SSL req.)

Modified: head/www/nginx/files/extra-patch-spnego-http-auth-nginx-module-co=
nfig
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D
--- head/www/nginx/files/extra-patch-spnego-http-auth-nginx-module-config	S=
un Apr 22 13:52:01 2018	(r468030)
+++ head/www/nginx/files/extra-patch-spnego-http-auth-nginx-module-config	S=
un Apr 22 14:59:23 2018	(r468031)
@@ -1,9 +1,20 @@
 --- ../spnego-http-auth-nginx-module-0c6ff3f/config.orig	2017-04-15 13:07:=
01.159506000 -0400
-+++ ../spnego-http-auth-nginx-module-0c6ff3f/config	2017-04-15 13:07:36.28=
3398000 -0400
-@@ -1,5 +1,5 @@
++++ ../spnego-http-auth-nginx-module-7e028a5/config	2018-04-20 00:15:08.51=
5289000 +0200
+@@ -1,9 +1,6 @@
  ngx_addon_name=3Dngx_http_auth_spnego_module
 -ngx_feature_libs=3D"-lgssapi_krb5 -lkrb5 -lcom_err"
-+ngx_feature_libs=3D"%%GSSAPILIBS%% -lcom_err"
+-
+-if uname -o | grep -q FreeBSD; then
+-    ngx_feature_libs=3D"$ngx_feature_libs -lgssapi"
+-fi
++ngx_feature_libs=3D"%%GSSAPILIBS%%"
++ngx_module_incs=3D"%%GSSAPINCDIR%%"
 =20
- if uname -o | grep -q FreeBSD; then
-     ngx_feature_libs=3D"$ngx_feature_libs -lgssapi"
+ if test -n "$ngx_module_link"; then
+     ngx_module_type=3DHTTP
+@@ -16,3 +13,5 @@ else
+     NGX_ADDON_SRCS=3D"$NGX_ADDON_SRCS $ngx_addon_dir/ngx_http_auth_spnego=
_module.c"
+     CORE_LIBS=3D"$CORE_LIBS $ngx_feature_libs"
+ fi
++
++LDFLAGS=3D"-L%%GSSAPILIBDIR%% $LDFLAGS"