When emerging net-proxy/squid-3.1.0.9_beta or 3.1.0.13_beta problems with DT_RUNPATH and DT_RPATH arise in the kerberos module (reported by scanelf : rpath_security_checks) To be precise emerge reports DT_RUNPATH and DT_RPATH to be "NONE/lib" for the following modules: /usr/libexec/negotiate_kerb_auth /usr/libexec/negotiate_kerb_auth_test /usr/libexec/squid_kerb_auth /usr/libexec/squid_kerb_auth_test Reproducible: Always Steps to Reproduce: 1. add line "<net-proxy/squid-3.2" to /etc/portage/package.unmask 2. USE="kerberos" emerge -v =netproxy/squid-3.1.0.13_beta 3. Check emerge log ... Actual Results: scanelf reports rpath_security check failures ... Expected Results: correct DT_RPATH and DT_RUNPATH settings and therefore no errors from scanelf ebuild was emerged with USE="kerberos pam ssl" (no other use flags selected as reported by emerge -vp squid) Further there is QA Notice reporting that command "ed" is not found. (/bootstrap.sh : line 148). I guess this another problem. Emerging ed manually doesn't change anything.
step 2 should be : ACCEPT_KEYWORDS="~x86" USE="kerberos" emerge -v =net-proxy/squid-3.1.0.13_beta
same thing happens in ebuild net-proxy/squid-3.1.0.8_beta (no longer in portage)
Please paste the output of 'emerge --info' into a bugzilla comment to assist the maintainers in resolving this issue
Portage 2.1.6.13 (default/linux/x86/2008.0, gcc-4.3.2, glibc-2.9_p20081201-r2, 2.6.9-023stab046.2-smp i686) ================================================================= System uname: Linux-2.6.9-023stab046.2-smp-i686-Intel-R-_Xeon-TM-_CPU_2.80GHz-with-gentoo-2.0.1 Timestamp of tree: Sun, 09 Aug 2009 01:45:01 +0000 app-shells/bash: 3.2_p39 dev-lang/python: 2.6.2-r1 sys-apps/baselayout: 2.0.1 sys-apps/openrc: 0.4.3-r3 sys-apps/sandbox: 1.6-r2 sys-devel/autoconf: 2.63-r1 sys-devel/automake: 1.10.2 sys-devel/binutils: 2.18-r3 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 1.5.26 virtual/os-headers: 2.6.27-r2 ACCEPT_KEYWORDS="x86" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=i686 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /var/bind" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/gentoo-release /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/udev/rules.d" CXXFLAGS="-O2 -march=i686 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="distlocks fixpackages parallel-fetch protect-owned sandbox sfperms strict unmerge-orphans userfetch" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" LANG="en_US.UTF-8" LDFLAGS="-Wl,-O1" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="acl berkdb bzip2 cli cracklib crypt cups dri gdbm gpm iconv iproute2 ipv6 isdnlog kerberos mudflap ncurses nls nptl nptlonly openmp pam pcre perl pppd python readline reflection session spl ssl sysfs tcpd unicode vhosts x86 xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="fbdev glint i810 intel mach64 mga neomagic nv r128 radeon savage sis tdfx trident vesa vga via vmware voodoo" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LC_ALL, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
I've tried to reproduce the issue by enabling kerberos USE flag in conjuction with app-crypt/mit-krb5. I've discovered it failed to build with LDFLAGS=-Wl,--as-needed, so I've fixed it then tried again. Apparently this cannot be reproduced with mit-krb5, at least not after --as-needed problem has been solved. I will close this bug as FIXED for now, since I consider that 3.1.0.13_beta-r1 fixes the problem. Feel free to reopen this bug if it doesn't work for you. If that's the case, I want to know the exact set of USE flags you have for squid (equery uses squid) and the kerberos API you have installed (mit-krb5 vs heimdal).
I tried the new squid ebuild (net-proxy/squid-3.1.0.13_beta-r1) with use flags "epoll, kerberos, kernel_linux [doesn't show up with emerge -vp squid], pam, ssl" are set, but the problem remains. I'm using app-crypt/mit-krb5-1.6.3-r6 (no use flag set).
I still cannot reproduce, but I think I know why it behaves like this in your case. Apparently helpers/negotiate_auth/squid_kerb_auth/configure script is executed with --enable-mit=NONE. Please try to investigate and identify the cause for that. If you cannot find it on your own, then attach here log files where you can find --enable-mit=NONE.
Created attachment 203925 [details] log of the configure script from folder helpers/negotiate_auth/squid_auth_kerb
I've been looking through all files in the work directory of the squid build (somewhere in /var/tmp/portage/net-proxy/...). grep (called with grep -r -e "--enable-mit=NONE" * at the root of the work directory) tells me that there is no file with an entry "--enable-mit=NONE" not even with with "--enable-mit=". I found lots of "-enable-mit" though. Unfortunately I'm not familiar with autoconf, etc. However I found the configure log for the kerberos plugin in squid. I saw them references to configure, so I guess it can be helpful to you. I also kept all log information for this ebuild. It's too big to provide it here, but if you need something, let me know.
Fixed in squid-3.1.0.13_beta-r2. It was due to improper usage of $libdir. The default value for this parameter is ${exec_prefix}/lib and the default value of exec_prefix is supposed to be ${prefix}, but this is done only at the end of the configure script. When configure.in happens to use $libdir value, exec_prefix is set at NONE, hence the wrong NONE/lib libdir. I wasn't able to reproduce it because I've tested it on amd64. On this architecture econf sets --libdir to /usr/lib64 while on x86 it doesn't specify it.
Thanks a lot. Just tested the new ebuild. Works like a charm.
