Summary: | net-nds/openldap-2.3.24 fails to compile w/ USE="kerberos" | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Timo Gurr (RETIRED) <tgurr> |
Component: | New packages | Assignee: | Gentoo LDAP project <ldap-bugs> |
Status: | VERIFIED FIXED | ||
Severity: | major | CC: | alonbl, alpeterson, amax, andreabaso, ansla80, ashutiwary, bamapookie, brant, ch.assfalg, converter42, dheistand, dliana, flexx, gentoo, gentoo, gentoobugs, hyedad, ikelos, jakub, jesse, keaneyw, kerberos, khenskelinux, kogorman, ladanyi, maxposedon, me, m_liertzer, nathan, paulmedic555, portage, rob.eyre, ruff, samba, sylvain.bertrand |
Priority: | Highest | ||
Version: | 2006.0 | ||
Hardware: | x86 | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: | remove-smbk5pwd.patch |
Description
Timo Gurr (RETIRED)
2006-06-02 00:44:44 UTC
Yes, see Bug 134010, Comment #12. This doesn't work w/ mit-krb5. *** Bug 135281 has been marked as a duplicate of this bug. *** *** Bug 135605 has been marked as a duplicate of this bug. *** *** Bug 135662 has been marked as a duplicate of this bug. *** *** Bug 136487 has been marked as a duplicate of this bug. *** I'm getting this error with "samba" (In reply to comment #1) > Yes, see Bug 134010, Comment #12. This doesn't work w/ mit-krb5. Well, maybe the use flag should be ignored (with a warning perhaps), if mit-krb5 is installed, instead of having the ebuild crash... Or even a simple warning that the ebuild will crash, would help. As-is it can never go stable, IMHO. Why does it have virtual/krb5 in its RDEPEND anyway, if mit-krb5 won't do? If I get it right the only other (x86) provider of virtual/krb5 is app-crypt/heimdal, so RDEPENDing on heimdal directly should prevent this error in the first place, or am I missing something? Cheers, Alexander >>Flexx<< Wessel *** Bug 138917 has been marked as a duplicate of this bug. *** Samba and Kerberos teams: please have a look at this bug. Compiles just fine w/ heimdal and USE="kerberos samba"... As said, this doesn't work w/ mit-krb5. *** Bug 139299 has been marked as a duplicate of this bug. *** *** Bug 140849 has been marked as a duplicate of this bug. *** This is becoming a larger problem: openldap won't build against mit-krb5, but nfs-utils will _only_ build against mit-krb5 - none of the other krb5 implementations will work. This impasse is blocking an update on my system. It isn't just a problem with the ebuilds - the source code itself is at fault. I tried altering the nfs-utils.ebuild to accept heimdal and it failed miserably. specially for LAZY samba and openldap team: just put this files from mit-krb5 to /usr/include/kadm5/ amazing ~ # ls -al /usr/include/kadm5/ total 128 drwxr-xr-x 2 root root 131 2006-07-24 20:26 . drwxr-xr-x 168 root root 24576 2006-07-24 20:33 .. -rw-r--r-- 1 root root 4801 2004-06-26 06:23 adb.h -rw-r--r-- 1 root root 24124 2005-03-23 05:53 admin.h -rw-r--r-- 1 root root 2741 2001-06-21 20:44 admin_internal.h -rw-r--r-- 1 root root 3211 2001-07-26 02:02 admin_xdr.h -rw-r--r-- 1 root root 29480 2004-06-25 03:08 alt_prof.c -rw-r--r-- 1 root root 8765 2001-02-19 05:00 kadm_rpc.h -rw-r--r-- 1 root root 3710 2001-07-08 19:24 server_internal.h amazing ~ # recompile openldap. it works now. need to fix mit-krb5 packages ! (In reply to comment #14) > specially for LAZY samba and openldap team: > > just put this files from mit-krb5 to /usr/include/kadm5/ > > amazing ~ # ls -al /usr/include/kadm5/ [snip] > > recompile openldap. it works now. No it doesn't; I re-emerged mit-krb5 to make sure it was up to date, copied the files, and emerged openldap, and it failed at: * Building contributed smbk5pwd ../../../libtool --mode=compile gcc -O3 -march=pentium4 -fomit-frame-pointer -pipe -DDO_SAMBA -DDO_KRB5 -I../../../include -I../../../servers/slapd -c smbk5pwd.c mkdir .libs gcc -O3 -march=pentium4 -fomit-frame-pointer -pipe -DDO_SAMBA -DDO_KRB5 -I../../../include -I../../../servers/slapd -c smbk5pwd.c -fPIC -DPIC -o .libs/smbk5pwd.o In file included from smbk5pwd.c:45: /usr/include/kadm5/admin.h:43:20: k5-int.h: No such file or directory /usr/include/kadm5/admin.h:45:28: kadm5/kadm_err.h: No such file or directory /usr/include/kadm5/admin.h:46:27: kadm5/adb_err.h: No such file or directory /usr/include/kadm5/admin.h:47:39: kadm5/chpass_util_strings.h: No such file or directory In file included from smbk5pwd.c:45: /usr/include/kadm5/admin.h:167: error: syntax error before "krb5_tl_data" [snip many more errors from smbk5pwd.c] make: *** [smbk5pwd.lo] Error 1 !!! ERROR: net-nds/openldap-2.3.24-r2 failed. Call stack: ebuild.sh, line 1545: Called dyn_compile ebuild.sh, line 940: Called src_compile openldap-2.3.24-r2.ebuild, line 320: Called die !!! failed to compile smbk5pwd module !!! If you need support, post the topmost build error, and the call stack if relevant. solution to fix UDEV + LDAP (udev hangs at boot) # /etc/conf.d/local.start # This is a good place to load any misc programs # on startup (use &>/dev/null to hide output) mount -n --bind /etc/nsswitch.conf.ldap /etc/nsswitch.conf mount -n --bind /etc/pam.d/system-auth.ldap /etc/pam.d/system-auth pkill -HUP nscd # /etc/conf.d/local.stop # This is a good place to unload any misc. # programs you started above. # For example, if you are using OSS and have # "/usr/local/bin/soundon" above, put # "/usr/local/bin/soundoff" here. umount -fl /etc/nsswitch.conf umount -fl /etc/pam.d/system-auth pkill -HUP nscd (In reply to comment #14) > specially for LAZY samba and openldap team: > > just put this files from mit-krb5 to /usr/include/kadm5/ > > amazing ~ # ls -al /usr/include/kadm5/ > total 128 > drwxr-xr-x 2 root root 131 2006-07-24 20:26 . > drwxr-xr-x 168 root root 24576 2006-07-24 20:33 .. > -rw-r--r-- 1 root root 4801 2004-06-26 06:23 adb.h > -rw-r--r-- 1 root root 24124 2005-03-23 05:53 admin.h > -rw-r--r-- 1 root root 2741 2001-06-21 20:44 admin_internal.h > -rw-r--r-- 1 root root 3211 2001-07-26 02:02 admin_xdr.h > -rw-r--r-- 1 root root 29480 2004-06-25 03:08 alt_prof.c > -rw-r--r-- 1 root root 8765 2001-02-19 05:00 kadm_rpc.h > -rw-r--r-- 1 root root 3710 2001-07-08 19:24 server_internal.h > amazing ~ # > > > recompile openldap. it works now. > > need to fix mit-krb5 packages ! > (In reply to comment #15) > (In reply to comment #14) > > specially for LAZY samba and openldap team: > > > > just put this files from mit-krb5 to /usr/include/kadm5/ > > > > amazing ~ # ls -al /usr/include/kadm5/ > [snip] > > > > recompile openldap. it works now. > > No it doesn't; I re-emerged mit-krb5 to make sure it was up to date, copied the > files, and emerged openldap, and it failed at: > please show me ls -al /usr/include/kadm5/ I have only files there and all recompiled fine! :-)))))))) also make locate k5-int.h where is it ? or equery f mit-krb5 It's been over two months now. Are we any closer to a solution? The files posted by Alexey aren't present on my system, so I can't test that workaround. This problem is still blocking updates. *** Bug 144726 has been marked as a duplicate of this bug. *** Problem still exists on a fresh install of Gentoo 2006.1 On a brand-new 2006.1 install, compiling (but not merging) Heimdal and copying the headers to /usr/include/heimdal makes OpenLDAP compile. if you set "net-fs/nfs-utils -kerberos" then you can use heimdal as kerberos 5 implementation. Than openldap can be compiled and installed. echo "net-fs/nfs-utils -kerberos" >> /etc/portage/package.use emerge --unmerge mit-krb5 && emerge virtual/krb5 && emerge openldap :) nfs-utils ebuild does not consider heimdal as kerberos 5 implementation so that it is required to remove kerberos flag from this ebuild :( In NFS faq it is stated that NFS4 kerberos support is not working :( but it seems it is a bit outdated. It states only Fedora Core 2 has NFS4 with kerberos authantication :( Now for the really ironic bit - heimdal uses the 'ldap' USE flag. So if you have ldap in your USE flags, portage will emerge openldap first; but openldap needs heimdal; but heimdal needs openldap ;) So, use 'USE="-ldap" emerge heimdal && emerge openldap && emerge heimdal" to get around it. exactly what ive done on all my systems :) Yes, this worked like a charm for me. Thanks!! do i need to highlight that all these hacks are rather awful and we probably could do with an official solution? Ie: make mit-krb5 and heidemial co-exist peacefully somehow (package-config magic? ) or do something like changing the ebuild so it will download the needed krb5 and compile the needed stuff & headers before hand and put them so only openldap can get it somehow. Users shouldn't really have to read bugs.gentoo.org for software marked stable ;) Just suggestions. er... ignore that remark about stable, catted the wrong file :S I think smbk5pwd should be a separate ebuild. this still causes problem with version 2.3.27 Will this be fixed for this version? fetchmail is another tool which cannot cope with heimdal. What solution do you consider feasible? a) Make fetchmail and others work with heimdal (can also be read as: make heimdal work with fetchmail and co) b) Make openldap work with mit-krb5 c) Allow mit-krb5 and heimdal to coexist somehow d) ? *** Bug 149373 has been marked as a duplicate of this bug. *** How could it made stable with known problem? Hi Guys, We're having a frustrated debate regarding this issue. See- http://forums.gentoo.org/viewtopic-t-502179-highlight-openldap.html Current ststus is masking openldap, which is very sad. krb5 and heimdal collision is quite serious, since there are people who need to re-compile hugh stuff now. Please try to come up with a better solution. People can not simply remove krb5 without spending many hours afterwards. Thanks, Doron. Is all this kerberose tomfoolery for the purpose of supporting storage of kerberos data in tree? If so, do we even have a non-broken krb5 schema? The last I read about this, the schema was totally borked and had been pulled from the openldap tree. Created attachment 98480 [details, diff]
remove-smbk5pwd.patch
no its because of smbk5pwd in the openldap ebuild, which enables the user to let openldap update both the ldap, nt and lanman password without the need of a third party tool (or samba itself) doing so, but it only works/builds with heimdal not mit-krb5. i have removed the part where it builds smbk5pwd from the ebuild and it works fine.
I've been looking at the ebuild. It seems removing the samba useflag would have the same result. I've gave it a try, it worked fine. *** Bug 149682 has been marked as a duplicate of this bug. *** Erm, folks - how about nuking the samba nonsense in the ebuild until it works? (In reply to comment #39) > Erm, folks - how about nuking the samba nonsense in the ebuild until it works? > If the openLDAP team only supports heimdal, then yes, I think it should be masked. I am $ USE="-samba" emerge openldap just now... How come you support heimdal and not mit-krb5??? (In reply to comment #40) > (In reply to comment #39) > > Erm, folks - how about nuking the samba nonsense in the ebuild until it works? > > > > If the openLDAP team only supports heimdal, then yes, I think it should be > masked. I am $ USE="-samba" emerge openldap just now... How come you support > heimdal and not mit-krb5??? Uh eh? I'm not suggesting any masking, what I've said is that the smpk5pwd snippet should be either removed altogether until a solution is found, or it's compilation made conditional on has_version app-crypt/heimdal and spit out a warning that it won't be compiled if case people don't have heimdal, instead of ebuild bombing out or instead of forcing heimdal and blockers on people. Moved it to its own useflag now and set dependencies accordingly *** Bug 150074 has been marked as a duplicate of this bug. *** I do wonder, too, if this is ever going to be fixed somehow? Even if I manually unpack krb5-1.4.3 and copy over the header files, there are still those errors: In file included from smbk5pwd.c:45: /usr/include/kadm5/admin.h:43:20: error: k5-int.h: No such file or directory /usr/include/kadm5/admin.h:45:28: error: kadm5/kadm_err.h: No such file or directory /usr/include/kadm5/admin.h:46:27: error: kadm5/adb_err.h: No such file or directory /usr/include/kadm5/admin.h:47:39: error: kadm5/chpass_util_strings.h: No such file or directory k5-int.h is there, but the rest of the Header-Files (which are in the Includes of /usr/include/kadm5/admin.h !), I can not even find anywhere in the mit-krb5 files. Sysinfos: EntGentoo01 krb5-1.4.3 # equery list mit-krb5 [ Searching for package 'mit-krb5' in all categories among: ] * installed packages [I--] [ ] app-crypt/mit-krb5-1.4.3-r3 (0) EntGentoo01 krb5-1.4.3 # equery list openldap [ Searching for package 'openldap' in all categories among: ] * installed packages [I--] [ ] net-nds/openldap-2.3.24-r1 (0) EntGentoo01 krb5-1.4.3 # emerge -pv openldap mit-krb5 These are the packages that would be merged, in order: Calculating dependencies... done! [ebuild U ] net-nds/openldap-2.3.27 [2.3.24-r1] USE="berkdb crypt gdbm ipv6 kerberos perl readline samba ssl tcpd -debug -minimal -odbc -overlays -sasl (-selinux) -slp" 0 kB [ebuild R ] app-crypt/mit-krb5-1.4.3-r3 USE="ipv6 -doc -krb4 -static -tcl" 0 kB Total size of downloads: 0 kB EntGentoo01 krb5-1.4.3 # Currently recompiling with krb5-int.h also in place, though I do not expect it to work. Cheers, Christian Maybe you should emerge --sync? |