YAFC compile dies due to dependending on incorrectly located heimdal header files to differentiate between Heimdal and MIT Kerberos5. When "kerberos" is enabled in the USE flags, and a recent version of heimdal is used to fill the virtual, the GSSAPI headers are installed in the correct locations for compatability with MIT's dist. Reproducible: Always Steps to Reproduce: 1. emerge =app-crypt/heimdal-0.7.1-r1 2. emerge =net-ftp/yafc-1.1.1 Actual Results: ... if i686-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I. -I../src -I../src/ftp -I../src/libmhe -I/usr/include -I/usr//include -I/usr/include -I/usr//include -I/usr/include -march=pentium4 -mfpmath=sse -O3 -fforce-addr -ftracer -pipe -MT gssapi.o -MD -MP -MF ".deps/gssapi.Tpo" -c -o gssapi.o gssapi.c; \ then mv -f ".deps/gssapi.Tpo" ".deps/gssapi.Po"; else rm -f ".deps/gssapi.Tpo"; exit 1; fi gssapi.c: In function `gss_auth': gssapi.c:288: error: `KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN' undeclared (first use in this function) gssapi.c:288: error: (Each undeclared identifier is reported only once gssapi.c:288: error: for each function it appears in.) make[2]: *** [gssapi.o] Error 1 make[2]: Leaving directory `/var/tmp/portage/yafc-1.1.1/work/yafc-1.1.1/lib' ... Expected Results: Installed YAFC correctly w/ GSSAPI enabled, and using Heimdal's headers/libs. Portage 2.0.53_rc7 (default-linux/x86/2005.0, gcc-3.4.4, glibc-2.3.6-r0, 2.6.12-morph7 i686) ================================================================= System uname: 2.6.12-morph7 i686 Intel(R) Pentium(R) 4 CPU 3.00GHz Gentoo Base System version 1.12.0_pre10 distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] ccache version 2.4 [enabled] dev-lang/python: 2.3.4-r1, 2.4.2 sys-apps/sandbox: 1.2.13 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1 sys-devel/libtool: 1.5.20-r1 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=pentium4 -mfpmath=sse -O3 -fforce-addr -ftracer -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb /usr/lib/mozilla/defaults/pref /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/splash /etc/terminfo /etc/env.d" CXXFLAGS="-march=pentium4 -mfpmath=sse -O3 -fforce-addr -ftracer -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig ccache distlocks sandbox sfperms strict" GENTOO_MIRRORS=" http://www.ibiblio.org/pub/Linux/distributions/gentoo http://distfiles.gentoo.org" MAKEOPTS="-j5" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.namerica.gentoo.org/gentoo-portage" USE="x86 X a52 aac aalib acpi alsa audiofile avi berkdb bitmap-fonts bzip2 cdr crypt cscope cups curl directfb dts dvd eds encode exif expat fam ffmpeg flac foomaticdb fortran gd gdbm gif glut gnome gpm gstreamer gtk gtk2 guile idn imagemagick imlib ipv6 jack java jpeg kerberos lcms ldap libcaca libg++ libwww mad maildir matroska mikmod mmx mng mozilla mp3 mpeg ncurses nptl ogg oggvorbis opengl oss pam pcre pdflib perl png python quicktime readline real ruby sdl speex spell sse sse2 ssl svg tcltk tcpd theora threads tiff truetype truetype-fonts type1-fonts udev unicode usb vorbis wmf xine xinerama xml2 xv xvid zlib userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS
JSYK, i'll have a patch for this one in about 15min. ;]
Created attachment 73212 [details, diff] Patch for heimdal-0.7.1-r1 Ok, it took more than 15... here it is though, compiles cleanly. I'll throw together an ebuild tomorrow, and give it a test run. =] Turned out to be a bit tricky to fix.
+metadata.xml missing
Created attachment 73274 [details] ebuild to apply patch. This ebuild applies the patch, and rebuilds the build scripts. Cleanly compiles on my test machine, and seems to be running, but I'm unsure of what facilities in YAFC actually use the GSSAPI authentication. I tested it by logging in using SSH which is set up to do Kerberos5 authentication.
What (if anything) is needed to get this fix into portage? Is metadata.xml missing, or out of date? -cc
I tested the patch here and have the following objection about how the shared libs from heimdal are linked in: checking for Kerberos 5 in /usr//lib... yes checking for Kerberos 5 headers in /usr//include... yes checking for GSSAPI library... yes checking for GSSAPI headers in /usr/include... yes checking for gssapi/gssapi_krb5.h... no checking for gssapi/krb5_err.h... yes checking for strlcpy... yes configure: creating ./config.status config.status: creating Makefile config.status: creating doc/Makefile config.status: creating lib/Makefile config.status: creating src/Makefile config.status: creating src/ftp/Makefile config.status: creating src/libmhe/Makefile config.status: creating contrib/yafc-rw.spec config.status: creating contrib/yafc-mandrake.spec config.status: creating config.h config.status: executing depfiles commands compiler ....................... i686-pc-linux-gnu-gcc -O2 -march=pentium4 -mmmx -msse -msse2 -fomit-frame-pointer -pipe preprocessor flags ............. -I/usr/include -I/usr//include -I/usr/include -I/usr//include -I/usr/include linker flags ................... -L/usr//lib -L/usr/lib -L/usr//lib -L/usr/lib libraries ...................... -lgssapi -lkrb5 -lcrypto -lcom_err -lreadline -lncurses installation prefix ............ /usr using Kerberos 4 ............... using Kerberos 5 ............... yes using readline ................. yes, version 4.2 or higher if i686-pc-linux-gnu-gcc -DSYSCONFDIR=\"/etc\" -DHAVE_CONFIG_H -I. -I. -I.. -I. -I.. -I. -I../lib -I../src/ftp -I../src/libmhe -I/usr/include -I/usr//include -I/usr/include -I/usr//include -I/usr/include -O2 -march=pentium4 -mmmx -msse -msse2 -fomit-frame-pointer -pipe -MT utils.o -MD -MP -MF ".deps/utils.Tpo" -c -o utils.o utils.c; \ then mv -f ".deps/utils.Tpo" ".deps/utils.Po"; else rm -f ".deps/utils.Tpo"; exit 1; fi /bin/sh ../libtool --tag=CC --mode=link i686-pc-linux-gnu-gcc -O2 -march=pentium4 -mmmx -msse -msse2 -fomit-frame-pointer -pipe -L/usr//lib -L/usr/lib -L/usr//lib -L/usr/lib -o yafc main.o alias.o cmd.o commands.o completion.o get.o fxp.o gvars.o lglob.o help.o input.o local.o login.o list.o put.o rm.o tag.o redir.o prompt.o transfer.o rc.o set.o ltag.o bookmark.o utils.o ftp/libftp.a libmhe/libmhe.a ../lib/libfoo.a -lgssapi -lkrb5 -lcrypto -lcom_err -lreadline -lncurses mkdir .libs i686-pc-linux-gnu-gcc -O2 -march=pentium4 -mmmx -msse -msse2 -fomit-frame-pointer -pipe -o yafc main.o alias.o cmd.o commands.o completion.o get.o fxp.o gvars.o lglob.o help.o input.o local.o login.o list.o put.o rm.o tag.o redir.o prompt.o transfer.o rc.o set.o ltag.o bookmark.o utils.o -L/usr//lib -L/usr/lib ftp/libftp.a libmhe/libmhe.a ../lib/libfoo.a /usr/lib/libgssapi.so /usr/lib/libkrb5.so /usr/lib/libasn1.so /usr/lib/libroken.so -ldb -ldl -lresolv -lpthread -lcrypto -lcom_err -lreadline -lncurses make[4]: Leaving directory `/var/tmp/portage/yafc-1.1.1-r1/work/yafc-1.1.1/src' # ldd /usr/bin/yafc linux-gate.so.1 => (0xffffe000) libgssapi.so.4 => /usr/lib/libgssapi.so.4 (0xb7fac000) libkrb5.so.17 => /usr/lib/libkrb5.so.17 (0xb7f53000) libasn1.so.6 => /usr/lib/libasn1.so.6 (0xb7f18000) libroken.so.16 => /usr/lib/libroken.so.16 (0xb7f03000) libdb-4.2.so => /usr/lib/libdb-4.2.so (0xb7e2b000) libdl.so.2 => /lib/libdl.so.2 (0xb7e27000) libresolv.so.2 => /lib/libresolv.so.2 (0xb7e14000) libpthread.so.0 => /lib/tls/libpthread.so.0 (0xb7e02000) libcrypto.so.0.9.7 => /usr/lib/libcrypto.so.0.9.7 (0xb7d04000) libcom_err.so.2 => /lib/libcom_err.so.2 (0xb7d01000) libreadline.so.5 => /lib/libreadline.so.5 (0xb7cd2000) libncurses.so.5 => /lib/libncurses.so.5 (0xb7c89000) libc.so.6 => /lib/tls/libc.so.6 (0xb7b73000) libcrypt.so.1 => /lib/libcrypt.so.1 (0xb7b46000) /lib/ld-linux.so.2 (0xb7fe5000) #
Although one could worry why the shared libs are on the linker commandline as shown in comment #6 as: "-L/usr//lib -L/usr/lib ftp/libftp.a libmhe/libmhe.a ../lib/libfoo.a /usr/lib/libgssapi.so /usr/lib/libkrb5.so /usr/lib/libasn1.so /usr/lib/libroken.so -ldb -ldl -lresolv -lpthread -lcrypto -lcom_err -lreadline -lncurses" mainly I wanted to confirm the ebuild patch and the patch for heimdal WORK! To have the ftp service accept your kerberos password as usually there has to be host/my.machine@REALM key in KDC database and also its copy in /etc/krb5.keytab on the machine where you want to login using ftp. If you have created ftp/my.host@REALM key then it also has to be extracted into /etc/krb5.keytab: http://www.pdc.kth.se/heimdal/heimdal.html#keytabs http://www.stacken.kth.se/lists/heimdal-discuss/2003-09/msg00028.html Obtain your kerberos ticket, start in another window (or setup the service under xinetd directly): /usr/sbin/kftpd -a none -d -v -i and from another do: # yafc ftp://mmokrejs@my.host yafc 1.1.1 Copyright (C) 1998-2001 Martin Hedenfalk <mhe@home.se>. This program comes with ABSOLUTELY NO WARRANTY; for details type 'warranty'. This is free software; type 'copyright' for details. Connecting to my.host (xxx.xxx.xxx.xxx) at port 21... phylo FTP server (Version 6.00+Heimdal 0.7.2) ready. Trying GSSAPI... Authentication successful. This is \n.\O (\s \m \r) \t User mmokrejs logged in. Data protection is clear yafc my.host:~> ls yafc my.host:~> ls -la total 7519 drwxr-xr-x 4 mmokrejs users 4096 Mar 9 19:27 . drwxr-xr-x 7 root root 81 Mar 7 15:05 .. -rw------- 1 mmokrejs users 40 Mar 7 15:06 .bash_history -rw-r--r-- 1 mmokrejs users 127 Mar 7 15:05 .bash_logout -rw-r--r-- 1 mmokrejs users 193 Mar 7 15:05 .bash_profile -rw-r--r-- 1 mmokrejs users 976 Mar 7 15:05 .bashrc -rw------- 1 mmokrejs users 64 Mar 9 19:01 .k5login drwx------ 5 mmokrejs users 36 Mar 7 15:06 .maildir drwx------ 5 mmokrejs users 36 Mar 7 15:06 .maildir-sent -rw-r--r-- 1 mmokrejs users 82 Mar 7 15:05 .qmail.sample -rw-r--r-- 1 mmokrejs users 1788 Mar 7 15:05 .tcsh.config yafc my.host:~> quit
Please push the patch into portage, at least one can compile and it actually *works* (see my previous comment). The library issues are not that hot I think.
I am hitting the same bug even with net-ftp/yafc-1.1: configure: WARNING: argument to --with-readline not a directory -- ignored checking for library containing tgetent... -lncurses checking for readline >= 2.0... version 4.2 or higher checking readline/readline.h usability... yes checking readline/readline.h presence... yes checking for readline/readline.h... yes checking readline/history.h usability... yes checking readline/history.h presence... yes checking for readline/history.h... yes checking for library containing inet_aton... none required checking for library containing herror... none required checking for gettimeofday... yes checking for uname... yes checking for setsockopt... yes checking whether herror is declared... no checking whether asprintf is declared... no checking whether vasprintf is declared... no checking for Kerberos 5... yes checking for Kerberos 5 headers... yes checking for GSSAPI library... yes checking for GSSAPI headers... yes checking for gssapi/gssapi_krb5.h... no checking for Kerberos 4... no checking for Kerberos 4 in /usr/lib... no checking for Kerberos 4 in /usr/local/lib... no checking for strlcpy... yes configure: creating ./config.status config.status: creating Makefile config.status: creating doc/Makefile config.status: creating lib/Makefile config.status: creating src/Makefile config.status: creating src/ftp/Makefile config.status: creating src/libmhe/Makefile config.status: creating contrib/yafc-rw.spec config.status: creating contrib/yafc-mandrake.spec config.status: creating config.h config.status: executing depfiles commands compiler ....................... i686-pc-linux-gnu-gcc -O3 -march=pentium4 -mmmx -msse -msse2 -msse3 -pipe preprocessor flags ............. linker flags ................... libraries ...................... -lgssapi -lkrb5 -lcrypto -lcom_err -lreadline -lncurses installation prefix ............ /usr using Kerberos 4 ............... using Kerberos 5 ............... yes using readline ................. yes, version 4.2 or higher make all-recursive make[1]: Entering directory `/var/tmp/portage/net-ftp/yafc-1.1/work/yafc-1.1' Making all in doc make[2]: Entering directory `/var/tmp/portage/net-ftp/yafc-1.1/work/yafc-1.1/doc' make[2]: Nothing to be done for `all'. make[2]: Leaving directory `/var/tmp/portage/net-ftp/yafc-1.1/work/yafc-1.1/doc' Making all in lib make[2]: Entering directory `/var/tmp/portage/net-ftp/yafc-1.1/work/yafc-1.1/lib' if i686-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I. -I../src -I../src/ftp -I../src/libmhe -O3 -march=pentium4 -mmmx -msse -msse2 -msse3 -pipe -MT xmalloc.o -MD -MP -MF ".deps/xmalloc.Tpo" -c -o xmalloc.o xmalloc.c; \ then mv -f ".deps/xmalloc.Tpo" ".deps/xmalloc.Po"; else rm -f ".deps/xmalloc.Tpo"; exit 1; fi if i686-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I. -I../src -I../src/ftp -I../src/libmhe -O3 -march=pentium4 -mmmx -msse -msse2 -msse3 -pipe -MT fnmatch.o -MD -MP -MF ".deps/fnmatch.Tpo" -c -o fnmatch.o fnmatch.c; \ then mv -f ".deps/fnmatch.Tpo" ".deps/fnmatch.Po"; else rm -f ".deps/fnmatch.Tpo"; exit 1; fi if i686-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I. -I../src -I../src/ftp -I../src/libmhe -O3 -march=pentium4 -mmmx -msse -msse2 -msse3 -pipe -MT makepath.o -MD -MP -MF ".deps/makepath.Tpo" -c -o makepath.o makepath.c; \ then mv -f ".deps/makepath.Tpo" ".deps/makepath.Po"; else rm -f ".deps/makepath.Tpo"; exit 1; fi if i686-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I. -I../src -I../src/ftp -I../src/libmhe -O3 -march=pentium4 -mmmx -msse -msse2 -msse3 -pipe -MT base64.o -MD -MP -MF ".deps/base64.Tpo" -c -o base64.o base64.c; \ then mv -f ".deps/base64.Tpo" ".deps/base64.Po"; else rm -f ".deps/base64.Tpo"; exit 1; fi if i686-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I. -I../src -I../src/ftp -I../src/libmhe -O3 -march=pentium4 -mmmx -msse -msse2 -msse3 -pipe -MT modechange.o -MD -MP -MF ".deps/modechange.Tpo" -c -o modechange.o modechange.c; \ then mv -f ".deps/modechange.Tpo" ".deps/modechange.Po"; else rm -f ".deps/modechange.Tpo"; exit 1; fi In file included from modechange.c:86: modechange.c: In function `mode_compile': modechange.c:331: warning: passing arg 1 of `oatoi' discards qualifiers from pointer target type if i686-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I. -I../src -I../src/ftp -I../src/libmhe -O3 -march=pentium4 -mmmx -msse -msse2 -msse3 -pipe -MT bashline.o -MD -MP -MF ".deps/bashline.Tpo" -c -o bashline.o bashline.c; \ then mv -f ".deps/bashline.Tpo" ".deps/bashline.Po"; else rm -f ".deps/bashline.Tpo"; exit 1; fi if i686-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I. -I../src -I../src/ftp -I../src/libmhe -O3 -march=pentium4 -mmmx -msse -msse2 -msse3 -pipe -MT security.o -MD -MP -MF ".deps/security.Tpo" -c -o security.o security.c; \ then mv -f ".deps/security.Tpo" ".deps/security.Po"; else rm -f ".deps/security.Tpo"; exit 1; fi if i686-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I. -I../src -I../src/ftp -I../src/libmhe -O3 -march=pentium4 -mmmx -msse -msse2 -msse3 -pipe -MT gssapi.o -MD -MP -MF ".deps/gssapi.Tpo" -c -o gssapi.o gssapi.c; \ then mv -f ".deps/gssapi.Tpo" ".deps/gssapi.Po"; else rm -f ".deps/gssapi.Tpo"; exit 1; fi gssapi.c: In function `gss_auth': gssapi.c:288: error: `KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN' undeclared (first use in this function) gssapi.c:288: error: (Each undeclared identifier is reported only once gssapi.c:288: error: for each function it appears in.) make[2]: *** [gssapi.o] Error 1 make[2]: Leaving directory `/var/tmp/portage/net-ftp/yafc-1.1/work/yafc-1.1/lib' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/var/tmp/portage/net-ftp/yafc-1.1/work/yafc-1.1' make: *** [all] Error 2 !!! ERROR: net-ftp/yafc-1.1 failed. Call stack: ebuild.sh, line 1576: Called dyn_compile ebuild.sh, line 945: Called src_compile yafc-1.1.ebuild, line 21: Called die
Chandler could you also create those patches for version 1.1.1-r1? Since the problem still applies. Thanks is advance
Anybody going to apply the patch to portage tree? Thanks.
Created attachment 130875 [details] yafc-1.1.1-r1.ebuild Diff to yafc-1.1.1-r1.ebuild to apply the fix for kerberos and heimdal
Created attachment 130877 [details] yafc-1.1.1-r1.ebuild.diff SOrry, the above is the modified ebuild, this one is the diff
The above patch and the modified ebuild fix the compile error with USE=kerberos and heimdal.
Wouldn't like kerberos people take over this package, as it tricky part for everybody else is the kerberos part?
The patch and the updated ebuild have been committed to the tree by Ferris (fmccor) - thanks. As there's nothing specific about sparc here, sparc is gone. I still have to configure heimdal to test yafc, so any help will be welcomed.
(In reply to comment #16) > The patch and the updated ebuild have been committed to the tree by Ferris > (fmccor) - thanks. > As there's nothing specific about sparc here, sparc is gone. > I still have to configure heimdal to test yafc, so any help will be welcomed. > Jorge, I configured a chroot with heimdal instead of mit-krb5 and built yafc with USE='kerberos readline'. It built fine, and so far as I can tell, works just like it should. (This is on a sparc SB1000 in a paludis chroot.)
Ferris, in that case let's close this. If anyone has any issue using yafc with heimdal, feel free to reopen the bug.
Works, thanks.
