257395 – app-admin/sudo-1.7.0 requires dev-libs/cyrus-sasl but USE=sasl never used on this system

Bug 257395 - app-admin/sudo-1.7.0 requires dev-libs/cyrus-sasl but USE=sasl never used on this system

Summary: app-admin/sudo-1.7.0 requires dev-libs/cyrus-sasl but USE=sasl never used on ...

Status:	RESOLVED NEEDINFO

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	New packages (show other bugs)
Hardware:	x86 Linux

Importance:	High normal (vote)
Assignee:	Diego Elio Pettenò (RETIRED)

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2009-02-02 15:08 UTC by Pavel Semenenko
Modified:	2011-03-01 17:04 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Pavel Semenenko 2009-02-02 15:08:56 UTC

When I upgrade sudo from 1.6.9-r17 to 1.7.0 it require cyrus-sasl package.
But my system don't use sasl autentification.

Reproducible: Always

Steps to Reproduce:
1. simple emerge =app-admin/sudo-1.7.0

Actual Results:  
require cyrus-sasl

Expected Results:  
I want to choose, if I need sasl autentification and so cyrus-sasl package.

I tried to modify ebuild, and remove dependency cyrus-sasl, and making crashes with error:
./ldap.c:66:20: error: sasl.h: No such file or directory
./ldap.c: In function ‘sudo_ldap_sasl_interact’:
...skipped...

my openldap package builded without sasl support, so how sudo_ldap_sasl_interact will be working?

I think early, that cyrus-sasl is a general package for sasl authentification, and its presents in system is depending of USE=sasl flag. But in this case this is invalid.

Comment 1 Arfrever Frehtes Taifersar Arahesis (RETIRED) gentoo-dev

2009-02-02 20:38:45 UTC

dev-libs/cyrus-sasl is required when USE="ldap" is enabled.

Comment 2 Pavel Semenenko 2009-02-03 08:32:01 UTC

(In reply to comment #1)
> dev-libs/cyrus-sasl is required when USE="ldap" is enabled.
> 

I knew this.
Do you read first message clearly?
In this package sasl autentification can be use if openldap is builded with sasl. When openldap builded without sasl, sudo can't use sasl authentification and so don't use it. So I must have unusable package in system cyrus-sasl.

In other words, whenever sasl authentification is used in system, sudo require package cyrus-sasl.

So for gentoo use system, it's more right, to add use flag sasl, and let users choose if they need sasl.

Comment 3 Diego Elio Pettenò (RETIRED) gentoo-dev

2009-02-04 14:12:01 UTC

Since I know zilch about ldap, I'm going to ask a hand to those who do know it.

Sudo will try to use sasl if openldap is using sasl, for what I can see, as it checks for the symbol 'ldap_sasl_interactive_bind_s'. Is that defined even without sasl enabled on openldap?

Comment 4 Diego Elio Pettenò (RETIRED) gentoo-dev

2009-03-20 14:04:03 UTC

Okay, the 1.7.1b4 release of sudo (which I just committed under package.mask) lists this change:

    *  Fixed an ldap-related compilation problem when the ldap libraries support ldap_sasl_interactive_bind_s() but no sasl headers are present. 

can you please confirm whether this version fixes the issue? If so I'd just be tempted to unmask 1.7.1b4 and mark this as fixed (or otherwise backport the change in that release).

Thanks!

Comment 5 Diego Elio Pettenò (RETIRED) gentoo-dev

2009-04-08 17:39:55 UTC

Please reopen if this is still a problem with sudo 1.7.1_rc1 and later.

Comment 6 Tyler Montbriand 2010-08-13 18:13:32 UTC

Braindead SASL requirements are still a problem in app-admin/sudo-1.7.3, please reopen.

Comment 7 Diego Elio Pettenò (RETIRED) gentoo-dev

2010-08-15 13:20:36 UTC

Tyler can you provide a build log please?