After removing the package "keyutils" from a working system, which was only depended upon by Samba: # equery d keyutils [ Searching for packages depending on keyutils... ] net-fs/samba-3.4.6 (ads & client? sys-apps/keyutils) OpenSSH stopped working, saying it couldn't find libkeyutils. I attempted to rebuild it with keyutils still uninstalled in case (despite using -Wl,--as-needed) it got pulled in during build-time when it shouldn't have been, and it failed: /usr/lib/gcc/x86_64-pc-linux-gnu/4.4.3/../../../../x86_64-pc-linux-gnu/bin/ld: cannot find -lkeyutils collect2: ld returned 1 exit status There is no keyutils dependency in either DEPEND or RDEPEND. My set of USE flags for OpenSSH are fairly minimal: Installed versions: 5.3_p1-r1 (05:08:59 PM 06/23/2010)(kerberos ldap pam pkcs11 tcpd -X -X509 -hpn -libedit -selinux -skey -smartcard -static) It seems like keyutils is a hard dependency of OpenSSH that isn't properly declared. Reproducible: Always
emerge --info please
you need to post a full build log as an attachment openssh builds on many systems without keyutils
emerge --info below, will post build log as soon as I get it. Portage 2.1.8.3 (default/linux/amd64/10.0, gcc-4.4.3, glibc-2.11.2-r0, 2.6.33-gentoo-r2 x86_64) ================================================================= System uname: Linux-2.6.33-gentoo-r2-x86_64-Quad-Core_AMD_Opteron-tm-_Processor_2356-with-gentoo-1.12.13 Timestamp of tree: Mon, 28 Jun 2010 14:30:01 +0000 ccache version 2.4 [enabled] app-shells/bash: 4.0_p37 dev-java/java-config: 2.1.11 dev-lang/python: 2.6.5-r2, 3.1.2-r3 dev-util/ccache: 2.4-r7 dev-util/cmake: 2.6.4-r3 sys-apps/baselayout: 1.12.13 sys-apps/sandbox: 1.6-r2 sys-devel/autoconf: 2.65 sys-devel/automake: 1.10.3, 1.11.1 sys-devel/binutils: 2.20.1-r1 sys-devel/gcc: 4.4.3-r2 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.6b virtual/os-headers: 2.6.30-r1 ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="*" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-mtune=core2 -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /opt/openfire/resources/security/" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/eselect/postgresql /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-mtune=core2 -O2 -pipe" DISTDIR="/var/portage/distfiles" FEATURES="assume-digests buildpkg ccache distlocks fixpackages news parallel-fetch protect-owned sandbox sfperms strict unmerge-logs unmerge-orphans userfetch" GENTOO_MIRRORS="http://mirror.datapipe.net/gentoo" LANG="en_US.UTF-8" LDFLAGS="-Wl,-O1 -Wl,--sort-common -Wl,--as-needed" LINGUAS="en en_US" MAKEOPTS="-j9" PKGDIR="/var/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="acl addition ads amd64 apache2 ares async autotrace avalon-framework avalon-logkit bash-completion bcmath berkdb bzip2 c3p0 calendar ccache cgi cli contrast cracklib crypt ctype ctypes-python curl curlwrappers cvs cvsgraph cxx dbus derby diskio djvu dri elf emacs emf enscript exif expat extras fam fastcgi fftw filter flatfile flv fontconfig fortran fpx ftp fts3 fuse gd gdbm gif git gmp gnutls gpg gpm graphviz gs gzip hal hash highlight hotpixels iconv icu idn imagemagick imap inifile ipv6 jabber java java6 javamail jbig jce jms jmx jpeg jpeg2k json kerberos kpoll lcms ldap lensfun libproxy libssh2 log4j lqr lzma lzo maildir mbox mercurial mfd-rewrites mhash mmap mmx mod_python modules mudflap multilib multiuser mysql mysqli ncurses nis nls nptl nptlonly odbc openexr openid openmp openssl optimisememory overlays pam pango pcntl pcre pdf pdo perl php pkcs11 plugins png pop posix postfix postgres ppds pppd psf pygments python random-index raw readline recode reflection rpm ruby samba sasl script sctp securelink server servletapi session sharedext simplexml smp smtp smux snmp soap sockets spell spl sql sqlite sqlite3 sse sse2 ssl static-gzip status stemmer sub subversion svg svnserve swat swig sysfs syslog sysvipc tcl tcpd threads threadsafe tidy tiff tokenizer truetype unicode vhosts vim vim-syntax wddx webdav winbind wmf xml xmlreader xmlrpc xmlwriter xorg xpm xsl zip zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_connect proxy_ftp proxy_http rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en en_US" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="fbdev glint intel mach64 mga neomagic nv r128 radeon savage sis tdfx trident vesa via vmware voodoo" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LC_ALL, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Created attachment 237045 [details] Build log Build log. Generated by removing keyutils from the system, then attempting to build openssh. equery shows that the only package with a dependency on keyutils is samba.
tinderbox tinderbox # krb5-config --libs -Wl,-O1 -lkrb5 -lk5crypto -lcom_err -lkeyutils -lresolv -ldl
mit-krb5 is indeed the culprit here. It links against keyutils if it finds keyutils.h during compile time. It should have been a runtime test not compile time but that does not help us now. I do not want to force sys-apps/keyutils to all mit-krb5 users but I do not see any other viable solution. Suggestions welcome. Otherwise, I will bump mit-krb5-1.8.2 with a dependency on sys-apps/keyutils.
(In reply to comment #6) > I do not want to force sys-apps/keyutils to all mit-krb5 users but I do not see > any other viable solution. Suggestions welcome. Otherwise, I will bump > mit-krb5-1.8.2 with a dependency on sys-apps/keyutils. You either have to patch the source (somehow) to make it optional or force it.
Created attachment 237341 [details] mit-krb5-1.8.2-r1.ebuild Please see attached mit-krb5-1.8.2-r1 ebuild. Changelog: Added keyutils to DEPEND - bug #326201. Dropped m68k - bug #326709 For your reference, diff is: --- mit-krb5-1.8.2.ebuild 2010-06-23 19:05:23.000000000 +0300 +++ mit-krb5-1.8.2-r1.ebuild 2010-07-03 09:22:18.000000000 +0300 @@ -1,6 +1,6 @@ # Copyright 1999-2010 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-crypt/mit-krb5/mit-krb5-1.8.2.ebuild,v 1.4 2010/06/23 15:59:15 angelos Exp $ +# $Header: $ EAPI="2" @@ -14,11 +14,12 @@ LICENSE="as-is" SLOT="0" -KEYWORDS="~alpha amd64 ~arm hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" IUSE="ldap doc xinetd" RDEPEND="!virtual/krb5 >=sys-libs/e2fsprogs-libs-1.41.0 + sys-apps/keyutils ldap? ( net-nds/openldap ) xinetd? ( sys-apps/xinetd )" DEPEND="${RDEPEND}
As affected openssl/keyutils/mit-krb5 versions are stabilizied, when this goes in tree it should probably not be keyworded.
Created attachment 237535 [details] mit-krb5-1.8.2-r1.ebuild sys-apps/keyutils keyworded for m68k. No need to drop it. Attached is the revized ebuild. Changelog: sys-apps/keyutils added to DEPEND - bug #326201.
added as -r1. Eray, can you file a bug to get keyutils marked stable on the arches that are marked stable with mit-krb5? (eg, ppc64 - I haven't looked for others).
*** Bug 216963 has been marked as a duplicate of this bug. ***
(In reply to comment #11) > Eray, can you file a bug to get keyutils marked stable on the arches that are > marked stable with mit-krb5? (eg, ppc64 - I haven't looked for others). Will do. Thanks for the bump.
(stumbled over here as keyutils isn't EAPI 3 yet) (In reply to comment #6) > I do not want to force sys-apps/keyutils to all mit-krb5 users but I do not see > any other viable solution. Suggestions welcome. Setting ac_cv_header_keyutils_h=no prior to econf circumvents the configure-check to not use keyutils even when it's there: append-flags "-I/usr/include/et" + ac_cv_header_keyutils_h=no \ econf \ $(use_with ldap) \ Do whatever you like with this hint.