Created attachment 634938 [details] mod_auth_gssapi.ebuild Hi, I have been using the mod_auth_kerb package to authenticate access to web pages against a mit-krb5 server. However as this package is fast becoming obsolete and does NOT seem to work with versions greater then "app-crypt/mit-krb5-1.17-r1", I have very clumsily created an ebuild for "mod_auth_gssapi"(my first ebuild ever) as a replacement alternative for mod_auth_kerb. NOW let me please confess that before writing the ebuild I "stole" the mod_auth_gssapi.so from a Debian install and copied it over to "/usr/lib64/apache2/modules" directory and it WORKED perfectly. HOWEVER the module that gets installed during my ebuild throws an error @apache2 restart: * apache2 has detected an error in your setup: apache2: Syntax error on line 153 of /etc/apache2/httpd.conf: Syntax error on line 2 of /etc/apache2/modules.d/13_mod_auth_gssapi.conf: Cannot load modules/mod_auth_gssapi.so into server: /usr/lib64/apache2/modules/mod_auth_gssapi.so: undefined symbol: gss_mech_krb5_wrong * ERROR: apache2 failed to stop Although according to the git page this modules has only MIT krb5 (>=1.11) Apache httpd (>=2.4.11) as dependencies and has a very simple build : autoreconf -fi ./configure make make install STILL the installed module throws the above error whereas the "stolen" from Debian module does NOT... Maybe the respected community would be inclined to help me make this ebuild produce a functional module.. Please forgive my inexperience........ With Regards and Appreciation Andreas
Thank you for your contribution. I had a short look on the ebuild. Here a few ideas: • it is no proper ebuild. • Please test the ebuild with repoman full -d -x https://wiki.gentoo.org/wiki/Repoman and pkgcheck • We always try to use the latest EAPI, please bump to EAPI=7 • please fix the header. (see /usr/portage/skel.ebuild and https://devmanual.gentoo.org/ebuild-writing/eapi/) • We usually sort the KEYWORDS as ekeyword does. This makes comparison between packages easier. Simply run ekeywords on the ebuild to let it sort. • Please be more specific in the DESCRIPTION. The objective description may be <=80 characters long. • A bot can look for additional mistakes, if you upload a PR via github Read developer manual and join IRC #gentoo-dev-help
Did you figure this one out? I am in the same position now
This is how far I gotten, not tested yet, mod_auth_gssapi-1.6.2.ebuild: # Copyright 1999-2020 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=6 inherit apache-module eutils systemd DESCRIPTION="GSSAPI authentication for Apache" HOMEPAGE="https://github.com/gssapi/mod_auth_gssapi" SRC_URI="https://github.com/gssapi/mod_auth_gssapi/releases/download/v${PV}/${PF}.tar.gz" LICENSE="Apache-2.0" KEYWORDS="amd64" SLOT="0" IUSE="" APACHE2_MOD_DEFINE="AUTH_GSSAPI" APACHE2_MOD_CONF="11_${PN}" DOCFILES=( README ) DEPEND="virtual/krb5 www-servers/apache" RDEPEND="${DEPEND}" need_apache2 pkg_setup() { _init_apache2 _init_apache2_late #depend.apache_pkg_setup, needs IUSE=+apache2, why? } src_configure() { #--with-installpath= econf } src_compile() { apache-module_src_compile } src_install() { apache-module_src_install systemd_dotmpfilesd "${FILESDIR}/${PN}.conf" }
Created attachment 655486 [details] mod_auth_gssapi-1.6.3.ebuild apache only support EAPI=6
Created attachment 655488 [details] mod_auth_gssapi.conf
Created attachment 655490 [details] 11_mod_auth_gssapi.conf
joakim, if you have a use for this, willing to maintain it? (if so, git format-patch adding the ebuild please with sign-off?) if not, no worries.
Created attachment 859253 [details] Build failure I am having trouble trying to build this. First I had sandbox violations now I have build errors.
I tried the 1.6.3 ebuild then renamed to 1.6.5 after it failed and tried that.
I've had a look at the ebuild - the license is wrong (should be MIT) - missing DEPEND on dev-libs/openssl (it directly uses functions from openssl) - tmpfiles.d conf references directory not used by the example snippet. The main reason the builds were failing is that the configure script attempts to call apxs -q LIBTOOL, this perl command will error out for that query. This results in LIBTOOL being unset. So I've got a 1.6.5 ebuild building (amd64 & x86), but I've not had time to faff about setting up some keytabs for apache (as yet).
Created attachment 873748 [details] improved ebuild builds and loads, but has not been tested for successful operation
Created attachment 873749 [details] tmpfiles.conf I prefer the tmpfile.d snippets to be clear what they are before opening them.
Created attachment 873750 [details] updated 11_mod_auth_gssapi.conf Removed the link to the old blog post. added a few extra commented options - in particular the session cookie options which I think most people who want this package will want.