| Summary: | net-nds/openldap[gnutls] fails to build with net-libs/gnutls-3 | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Diego Elio Pettenò (RETIRED) <flameeyes> |
| Component: | New packages | Assignee: | Gentoo LDAP project <ldap-bugs> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | andriy155, ansla80, anton.kochkov, aoyu93, as.gentoo, cctsurf, cJ-gentoo, cornicx, da5id2001, Dan.Johansson, dschridde+gentoobugs, eugene.shalygin, eXt, follettoonip, gabemarcano, gentoo, grozin, harrisl, ibuyandtrade0+bugs.gentoo.org, jkomar, jospezial, jwbraun, kamensky.fb, kkrizka, kripton, manschwetus, mark+gentoobugs, Martin.vGagern, nixphoeni, optiluca, order+gentoo, pageexec, patrick, patriellabork, pokstar, polidevk.polidevk, qbasicer, rose, rzubaly, silvio.gerli, skrattaren, thev00d00, Timewulf, travisghansen, tsdh, u.plate, undrwater, vityokster |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://tinderboxlogs.s3.amazonaws.com/tbamd64.excelsior.flameeyes.eu/net-nds%3Aopenldap-2.4.31-r1%3A20120616-174623.html | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | |||
| Bug Blocks: | 421391 | ||
| Attachments: |
patch to support gnutls-3
ebuild including provided patch to support gnutls-3 update after reading manpages Another patch without return in case no CA |
||
|
Description
Diego Elio Pettenò (RETIRED)
2012-06-16 17:53:46 UTC
I can confirm this also. It fails with net-libs/gnutls-2.12.18 too. tls_g.c:46:20: fatal error: gcrypt.h: No such file or directory compilation terminated. @Martin: No, I think your problem is a different one. Have a look at my bug #438890 *** Bug 440748 has been marked as a duplicate of this bug. *** *** Bug 440902 has been marked as a duplicate of this bug. *** Yeah I'm getting the same thing. I filed an issue upstream. http://www.openldap.org/its/index.cgi/Incoming?id=7430 *** Bug 441606 has been marked as a duplicate of this bug. *** As a workaround, to avoid a broken openldap, I emerged openldap with USE=-gnutls. (In reply to comment #6) > I filed an issue upstream. > > http://www.openldap.org/its/index.cgi/Incoming?id=7430 Those guys are strange: http://www.openldap.org/its/index.cgi/Incoming?id=6359 (In reply to comment #9) > (In reply to comment #6) > > I filed an issue upstream. > > > > http://www.openldap.org/its/index.cgi/Incoming?id=7430 > > Those guys are strange: > http://www.openldap.org/its/index.cgi/Incoming?id=6359 Perhaps they need to be notified about the upstream status of gnutls 2.x ? Sometimes even such projects aren't good at tracking the other projects (just note how long it took wine to use udisks instead of hal). Created attachment 329746 [details, diff] patch to support gnutls-3 #if on GNUTLS_VERSION_MAJOR in libraries/libldap/tls_g.c Source : https://www.gnu.org/software/gnutls/manual/html_node/Upgrading-from-previous-versions.html Created attachment 329748 [details]
ebuild including provided patch to support gnutls-3
This works for me, against GnuTLS-3.1.4. Thanks! (In reply to comment #11) > Created attachment 329746 [details, diff] [details, diff] > patch to support gnutls-3 > > #if on GNUTLS_VERSION_MAJOR in libraries/libldap/tls_g.c > > Source : > https://www.gnu.org/software/gnutls/manual/html_node/Upgrading-from-previous- > versions.html Did you bother to read the manpages for these two functions ? This is not gtk2 -> gtk3 porting - the arguments have a significantly different meaning. Created attachment 329782 [details, diff] update after reading manpages Ouch, indeed, just checked for the "new" parameter called flags and assumed everything else business as usual, sorry for that... so here is a new patch, after reading man pages, sources, and this post : http://comments.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5066 It does compile fine here, but I don't have an environment set up right now to test and validate this - so this still needs testings. Sorry again and thanks for banging my head ~ Patch reapplied and compiles fine here. Both Server and Client (running LDAPS) seems to be working fine, thus far. Confirmed here, latest patch compiles fine and (it seems :D) works fine. can confirm that the patch works for 2.4.33 Do any of 'the patch works' come from somebody, who looked at that block of code, understood what it does and ran a test that would trigger the required conditions ? Cause "it builds" is nearly meaningless in this case. net-nds/openldap-2.4.33-r1 still fails with: ./.libs/libldap.so: undefined reference to `gnutls_certificate_get_x509_cas' │* kde-misc/krunner-kopete-contacts collect2: ld returned 1 exit status │ Available versions: (4) (~)0.4 make[2]: *** [apitest] Error 1 :( the patch works for 2.4.33-r1 (In reply to comment #21) > the patch works for 2.4.33-r1 :roll: Once again, what's your definition of "works" ? The proper or the meaningless one ? *** Bug 448336 has been marked as a duplicate of this bug. *** *** Bug 448286 has been marked as a duplicate of this bug. *** Created attachment 333892 [details, diff] Another patch without return in case no CA Patch in attachment #329782 [details, diff] is not good because it will return if no issuer can be found. That's wrong. Meaning of building the certificate array in order of issuers is to send this certificate chain by server when exchanging identity. This is to raise chance client will recognize at least one CA and find trust chain to the end-point certificate. If server does have complete chain to CA root, this is no tragedy, server will send just the part of chain he knows about. Attached patch fixes this issue. Also attached patch updates `max' variable for whatever reason the GnutTLS-2 branch does. Notice for the maintainer: I did not test the patch. (In reply to comment #25) > If server does have complete chain to CA root, this is no tragedy, server > will send just the part of chain he knows about. s/does have/does not have/ *** Bug 451560 has been marked as a duplicate of this bug. *** Using -gnutls allows openldap to install without errors. Anybody know if ssl is an adequate substitute for gnutls in openldap? + 14 Jan 2013; Patrick Lauer <patrick@gentoo.org> openldap-2.3.43-r1.ebuild, + openldap-2.3.43-r2.ebuild, openldap-2.4.19-r1.ebuild, openldap-2.4.21.ebuild, + openldap-2.4.23.ebuild, openldap-2.4.24.ebuild, openldap-2.4.25-r1.ebuild, + openldap-2.4.25.ebuild, openldap-2.4.28-r1.ebuild, openldap-2.4.28.ebuild, + openldap-2.4.30.ebuild, openldap-2.4.31-r1.ebuild, openldap-2.4.31.ebuild, + openldap-2.4.32.ebuild, openldap-2.4.33-r1.ebuild, openldap-2.4.33.ebuild: + Fixing gnutls dep #421463 This at least avoids build failures. I don't have an opinion on the provided patches, so I've ignored them for now. *** Bug 455954 has been marked as a duplicate of this bug. *** As my bug is a duplicate of this, I post my problem here:
jlgentoo ~ # emerge -va1 openldap
These are the packages that would be merged, in order:
Calculating dependencies... done!
[ebuild UD ] net-libs/gnutls-2.12.23 [3.1.7] USE="cxx lzo%* nettle%* nls zlib -bindist% -doc -examples -guile -pkcs11 -static-libs {-test} (-dane%)" LINGUAS="(-cs%) (-de%*) (-en%) (-fi%) (-fr%) (-it%) (-ms%) (-nl%) (-pl%) (-sv%) (-uk%) (-vi%) (-zh_CN%)" 7,109 kB
[ebuild N ] net-nds/openldap-2.4.33-r1 USE="berkdb crypt gnutls icu ipv6 samba ssl syslog tcpd -cxx -debug -experimental -iodbc -kerberos -minimal -odbc -overlays -perl -sasl (-selinux) -slp -smbkrb5passwd" 5,348 kB
Total: 2 packages (1 downgrade, 1 new), Size of downloads: 12,457 kB
!!! Multiple package instances within a single package slot have been pulled
!!! into the dependency graph, resulting in a slot conflict:
net-libs/gnutls:0
(net-libs/gnutls-3.1.7::gentoo, installed) pulled in by
>=net-libs/gnutls-3.1 required by (net-ftp/filezilla-3.6.0.2::gentoo, installed)
(net-libs/gnutls-2.12.23::gentoo, ebuild scheduled for merge) pulled in by
<net-libs/gnutls-3 required by (net-nds/openldap-2.4.33-r1::gentoo, ebuild scheduled for merge)
I came to this problem when I wanted to emerge libreoffice-4.0.0.2 which depends on ldap.
Can gnutls be slotted?
I'm running into the same problem as jospezial in post #31; why does libreoffice need ldap and why doesn't it have a use flag to tell it not to use it? At this point, I'd say it's probably easier to set -gnutls on openldap and forget about it--at least for users like me who don't need or use ldap. FYI, I'm testing Petr's patch, just setting up the SSL infrastructure to give it a good go. (In reply to comment #33) > FYI, I'm testing Petr's patch, just setting up the SSL infrastructure to > give it a good go. How is the patch testing going? InCVS. |
