|Summary:||net-fs/nfs-utils - heimdal compatibility|
|Product:||Gentoo Linux||Reporter:||Michael Hammer (RETIRED) <mueli>|
|Component:||Current packages||Assignee:||Gentoo's Team for Core System packages <base-system>|
|Severity:||normal||CC:||binki, dan, mikemol, mmokrejs, prometheanfire, proxy-maint, robink, tokenmathematician, trhosking, yamadharma|
|Package list:||Runtime testing required:||---|
|Bug Depends on:||231395|
new ebuild with heimdal compatibility
for heimdal compatiblity
for heimdal compatiblity
for heimdal compatiblity
Description Michael Hammer (RETIRED) 2008-07-10 10:04:09 UTC
We are just working on getting a usable heimdal into the gentoo tree. Therefore it's necessary to patch the nfs-utils. I've an already working overlay at git://git.overlays.gentoo.org/proj/kerberos.git. I'd like to ask you to inspect the suggested ebuild and the patches I've attached. Kind regards, mueli p.S.: to make this work we also have to patch librpcsecgss -> see bug #231395. You've to unmerge net-libs/libgssglue also! (should we make this a blocker for the case we use heimdal? einfo?)
Comment 1 Michael Hammer (RETIRED) 2008-07-10 10:16:55 UTC
Created attachment 160028 [details] new ebuild with heimdal compatibility
Comment 2 Michael Hammer (RETIRED) 2008-07-10 10:17:21 UTC
Created attachment 160032 [details, diff] for heimdal compatiblity
Comment 3 Michael Hammer (RETIRED) 2008-07-10 10:17:37 UTC
Created attachment 160033 [details, diff] for heimdal compatiblity
Comment 4 Michael Hammer (RETIRED) 2008-07-10 10:17:48 UTC
Created attachment 160035 [details, diff] for heimdal compatiblity
Comment 5 Michael Hammer (RETIRED) 2008-07-28 15:25:05 UTC
Any work on that? We'll need this one and bug #231395 to launch heimdal 1.2.x into tree - so please have a look on it! g, mueli
Comment 6 SpanKY 2008-08-16 05:17:54 UTC
you should be submitting this upstream to the nfs-utils guys ... the heimdal/kerberos stuff is a complete mess and i'm not about to start touching it. there's been too much churn on this front already.
Comment 7 Michael Hammer (RETIRED) 2008-08-19 10:38:25 UTC
(In reply to comment #6) > you should be submitting this upstream to the nfs-utils guys ... You are the package maintainer - could you get in touch with upstream? > [...] there's been too much churn on this front already. --verbose <- what do you mean? what happened? g, mueli
Comment 8 Michael Hammer (RETIRED) 2008-09-11 12:31:09 UTC
vapier could you please comment my questions? It's really hard for me to maintain every kerberos related feature in all packages because these are a lot. I'd really appreciate if you could contact upstream for including a persistent fix to make heimdal nfs compatible. g, mueli
Comment 9 SpanKY 2008-10-26 08:47:01 UTC
i dont know squat about kerberos or heimdal or any of it. i cant go pushing changes i know nothing about.
Comment 10 Michael Hammer (RETIRED) 2008-11-07 09:26:24 UTC
You asked for further pointing on nfs-utils / heimdal compatibility
Comment 11 Honza Macháček 2008-11-22 14:45:08 UTC
Created attachment 172863 [details, diff] nfs-utils-1.1.4-heimdal_functions.patch Since 1.1.3 version openssl tests in utils/gssd/krb5_util.c ccache validity in mit-krb5 specific way. This patch changes (#ifdef HAVE_HEIMDAL) the check_for_tgt function to the code used by the heimdal sources themselves (in kuser/klist.c). Several lines of code lower, KRB5_TC_OPENCLOSE definition had to be added -- used by the openssl code, present in the heimdal sources (appl/dceutils/k5dce.h), but absent from among the headers installed (no k5dce.h there).
Comment 12 Honza Macháček 2008-11-22 14:46:54 UTC
Created attachment 172865 [details, diff] nfs-utils-1.1.2-r1-1.1.4.ebuild.diff A diff for version upgrade of the heimdal aware nfs-utils ebuild (from 1.1.2-r1 to 1.1.4). Applies the patch above.
Comment 13 SpanKY 2008-12-06 20:29:37 UTC
i dont really see much problem with the patches persay ... but until they get merged upstream, you'll have to commit & maintain ... i simply know nothing about kerberos to assist if you dont mind these stipulations, feel free to add kerberos markings to the metadata.xml and commit the patches here
Comment 14 Dmitry S. Kulyabov 2009-02-02 09:13:12 UTC
Created attachment 180673 [details] net-fs/nfs-utils/nfs-utils-1.1.4-r1.ebuild
Comment 15 Bob 2010-03-11 16:07:20 UTC
It would be nice if someone put the updates, if not into the tree (which is really where the patch belongs), then at least into the kerberos overlay.
Comment 16 Alexander Dubov 2010-11-29 16:45:00 UTC
I added the patch from down the link to my nfs-utils-1.2.3 ebuild to make it compile and work with heimdal. Care should be taken, however, for it not to pull in libgssglue includes (it is necessary when compiling against mit-krb5, but harmful with heimdal). http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/nfs-utils/nfs-utils-heimdal.patch Can patches from other distros be added to portage tree?
Comment 17 Michael Mol 2013-02-25 02:10:30 UTC
Could we get some attention to this? It's blocks enabling kerberos system-wide on my server (where I have samba-4.0.3 installed, which depends on heimdal). There's a comment in the ebuild for 1.2.6: # kth-krb doesn't provide the right include # files, and nfs-utils doesn't build against heimdal either, # so don't depend on virtual/krb. # (04 Feb 2005 agriffis) This is 8 years old already! And I'm the first activity on this bug in four years!
Comment 18 Michael Mol 2013-02-25 02:11:03 UTC
Two years. :)
Comment 19 Mike Gilbert 2013-02-25 03:10:31 UTC
*** Bug 459088 has been marked as a duplicate of this bug. ***
Comment 20 Tim Hosking 2013-03-24 15:46:29 UTC
This is still an issue. Now that OS X uses heimdal, persevering with mit-krb5 is causing some problems. Yes, it should still work, but it has some inconsistencies.
Comment 21 Markos Chandras (RETIRED) 2013-03-24 15:57:55 UTC
Adding proxy-maint@ just in case a user wants to help with that. I see many attachments here so a clear list of what needs and what does not need to be reviewed might be helpful (everything should be based on 1.2.6 ebuild)
Comment 22 Tim Hosking 2013-03-24 16:07:05 UTC
I can't give a full list, but these are what my system is reporting:- media # equery depends mit-krb5 * These packages depend on mit-krb5: dev-libs/openssl-1.0.1c (kerberos ? app-crypt/mit-krb5) net-fs/nfs-utils-1.2.6 (kerberos ? app-crypt/mit-krb5) net-libs/c-client-2007f-r4 (kerberos ? app-crypt/mit-krb5) virtual/krb5-0 (app-crypt/mit-krb5)
Comment 23 Tim Hosking 2013-03-24 16:09:59 UTC
And I understand that Samba4 requires heimdal. Also http://forums.gentoo.org/viewtopic-p-6939946.html seems to suggest that Bind requires kit-krb5, so currently it appears to be impossible to run Samba4, NFS & Bind on the same machine.
Comment 24 Michael Mol 2013-03-25 03:42:50 UTC
Samba4 supports app-crypt/mit-krb5, but the ebuild doesn't reflect that. (See bug 195703, comment 173.) It looks like nfs-utils explicitly supports heimdal, but it's bailing out because it's looking for libroken.a. My system, at least, only has a libroken.so. IIRC, there's a post-build step in portage that removes the libtool .a files, which is likely why this fails in this case. From nfs-util's ./configure script: elif test \( -f $dir/include/heim_err.h -o\ -f $dir/include/heimdal/heim_err.h \) -a \ -f $dir/lib/libroken.a; then $as_echo "#define HAVE_HEIMDAL 1" >>confdefs.h ... so the reason this doesn't work on Gentoo appears to be whatever is removing the .a file. Alternately, we could see about fixing the configure script to support shared libraries.
Comment 25 Mario Fetka (geos_one) 2013-04-19 07:49:58 UTC
pld linux is maintainig a patch to get it compile againt heimdal http://git.pld-linux.org/gitweb.cgi?p=packages/nfs-utils.git;a=blob;f=nfs-utils-heimdal.patch;h=3df950a1962d5094aa7f18e19e5c5b0b78b4ce3e;hb=HEAD
Comment 26 Mario Fetka (geos_one) 2013-11-21 08:51:19 UTC
the new location for the patch is at github https://github.com/pld-linux/nfs-utils/blob/master/nfs-utils-heimdal.patch