Re: Importing Heimdal 7.8.0

In reply to: Minsoo Choo : "Importing Heimdal 7.8.0"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Cy Schubert <Cy.Schubert_at_cschubert.com>
Date: Sun, 28 Jan 2024 14:49:09 UTC
In message <RXB5EBpxQpjbYQliH9nPyZKbaP2qAIfex2iEcanqW7rPoCiFzZKzJgUmd24Z_MCQ
vND
J1_lmnD5lue9BicXM59W_D4zL00ekultlPSD_pAw=@proton.me>, Minsoo Choo writes:
> Hello everyone,
> 
> I'm currently working on importing the latest version of Heimdal, which is 7.8.0. Although it seems that a contributor is trying to import kerberos5 by this summer [1], I will try as much as I can since I found out the process easier than I expected.
> 
> There are some modifications that need to be discussed before commiting changes:
> 
> - Introduction of hcrypto library. OpenSSL will be used as its backend. NetBSD patched files to use OpenSSL direclty [2], but this is harder to maintain in future.
> - Moving libcom_err from /lib to /kerberos/lib
> - Moving compile_et from /usr.bin to /keberos/usr.bin
> - libgssapi: Heimdal has expended FreeBSD's libgssapi implementation, and it internally uses private functions that is not accessible from FreeBSD's libgssapi. In newer versions of Heimdal's libgssapi, it is really hard to separate libgssapi_krb5, libgssapi_spnego, and libgssapi_ntlm. My suggestion is to build libheimgssapi for heimdal's internal use and keep our libgssapi.
> 
> Because I'm not very familiar with FreeBSD src tree yet, I encoutered some problems:
> 
> - How do I regenerate Makefile.depend? What command arguments do I need to use mkdep(1)? We need it for new Makefiles introduced for new libraries and programs.
> - How do I make libhcrypto before libhx509? It looks like Makefile.inc1 needs to be fixed but I can't figure it out.
> 
> Reviews:
> Since the import of heimdal is too big, I separated reviews in two.
> D43625 [3]: Import heimdal 7.8.0 to crypto/heimdal. No reviews or modificatoins needed for now.
> D43624 [4]: Changes to FreeBSD base to build heimdal. Reviews and advice needed.
> 
> [1] https://lists.freebsd.org/archives/freebsd-arch/2023-December/000580.html
> [2] https://github.com/IIJ-NetBSD/netbsd-src/tree/master/crypto/external/bsd/heimdal
> [3] https://reviews.freebsd.org/D43625[4] [https://reviews.freebsd.org/D4362](https://reviews.freebsd.org/D43625)4
> 

I'm in the works of replacing Heimdal 1.5.2 with MIT KRB5 1.21.2.


-- 
Cheers,
Cy Schubert <Cy.Schubert@cschubert.com>
FreeBSD UNIX:  <cy@FreeBSD.org>   Web:  https://FreeBSD.org
NTP:           <cy@nwtime.org>    Web:  https://nwtime.org

			e^(i*pi)+1=0