[Bug 226261] www/mod_auth_kerb2
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed Feb 28 13:41:17 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226261
Bug ID: 226261
Summary: www/mod_auth_kerb2
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: Individual Port(s)
Assignee: apache at FreeBSD.org
Reporter: rocky at herveybayaustralia.com.au
Assignee: apache at FreeBSD.org
Flags: maintainer-feedback?(apache at FreeBSD.org)
This issue has come up in other bug reports but this has failed on
11.1-RELEASE. mod_auth_kerb2 builds and install ok, but fails at runtime
causing apache to fail to start.
httpd: Syntax error on line 169 of /usr/local/etc/apache24/httpd.conf: Cannot
load libexec/apache24/mod_auth_kerb.so into server:
/usr/local/libexec/apache24/mod_auth_kerb.so: Undefined symbol
"krb5_rc_dfl_init"
ldd /usr/local/libexec/apache24/mod_auth_kerb.so
/usr/local/libexec/apache24/mod_auth_kerb.so:
libgssapi_krb5.so.10 => /usr/lib/libgssapi_krb5.so.10 (0x801208000)
libkrb5.so.11 => /usr/lib/libkrb5.so.11 (0x801427000)
libk5crypto.so.3.1 => /usr/local/lib/libk5crypto.so.3.1 (0x8016a5000)
libcom_err.so.5 => /usr/lib/libcom_err.so.5 (0x8018d9000)
libc.so.7 => /lib/libc.so.7 (0x800824000)
libgssapi.so.10 => /usr/lib/libgssapi.so.10 (0x801adb000)
libcrypto.so.8 => /lib/libcrypto.so.8 (0x801e00000)
libroken.so.11 => /usr/lib/libroken.so.11 (0x802269000)
libasn1.so.11 => /usr/lib/libasn1.so.11 (0x80247c000)
libcrypt.so.5 => /lib/libcrypt.so.5 (0x80271e000)
libhx509.so.11 => /usr/lib/libhx509.so.11 (0x80293d000)
libwind.so.11 => /usr/lib/libwind.so.11 (0x802b8a000)
libheimbase.so.11 => /usr/lib/libheimbase.so.11 (0x802db2000)
libprivateheimipcc.so.11 => /usr/lib/libprivateheimipcc.so.11 (0x802fb6000)
libkrb5support.so.0.1 => /usr/local/lib/libkrb5support.so.0.1 (0x8031b8000)
libintl.so.8 => /usr/local/lib/libintl.so.8 (0x8033c6000)
libthr.so.3 => /lib/libthr.so.3 (0x8035d1000)
readelf -Ws /usr/local/lib/libkrb5.so | grep krb5_rc_dfl_init
1422: 000000000007c7b0 234 FUNC GLOBAL DEFAULT 11 krb5_rc_dfl_init
readelf -Ws /usr/lib/libkrb5.so | grep krb5_rc_dfl_init
make debug-krb shows everything works as expected in the ports framework:
cc -O2 -pipe -fstack-protector -fno-strict-aliasing -o /tmp/debug-krb.x
-I"/usr/local/include" -lkrb5 -lgssapi_krb5 -L"/usr/local/lib"
-Wl,-rpath,/usr/local/lib /tmp/debug-krb.c && ldd /tmp/debug-krb.x; /bin/rm
-f /tmp/debug-krb.x
/tmp/debug-krb.x:
libkrb5.so.3.3 => /usr/local/lib/libkrb5.so.3.3 (0x800822000)
libgssapi_krb5.so.2.2 => /usr/local/lib/libgssapi_krb5.so.2.2 (0x800b08000)
libc.so.7 => /lib/libc.so.7 (0x800d50000)
libk5crypto.so.3.1 => /usr/local/lib/libk5crypto.so.3.1 (0x801108000)
libcom_err.so.3.0 => /usr/local/lib/libcom_err.so.3.0 (0x80133c000)
libkrb5support.so.0.1 => /usr/local/lib/libkrb5support.so.0.1 (0x80153f000)
libintl.so.8 => /usr/local/lib/libintl.so.8 (0x80174d000)
PREFIX: /usr/local
GSSAPIBASEDIR: /usr/local
GSSAPIINCDIR: /usr/local/include
GSSAPILIBDIR: /usr/local/lib
GSSAPILIBS: -lkrb5 -lgssapi_krb5
GSSAPICPPFLAGS: -I/usr/local/include
GSSAPILDFLAGS: -L/usr/local/lib
GSSAPI_CONFIGURE_ARGS: CFLAGS=-I/usr/local/include -O2 -pipe -fstack-protector
-fno-strict-aliasing LDFLAGS=-L/usr/local/lib
-Wl,-rpath,/usr/local/lib:/usr/lib -fstack-protector LIBS=-lkrb5 -lgssapi_krb5
KRB5CONFIG=/usr/local/bin/krb5-config
KRB5CONFIG: /usr/local/bin/krb5-config
CFLAGS: -O2 -pipe -fstack-protector -fno-strict-aliasing
LDFLAGS: -Wl,-rpath,/usr/local/lib:/usr/lib -fstack-protector
LDADD:
Looking through the commands used (little though there is) shows libtool needs
-L/usr/local/lib before -o src/mod_auth_kerb.la.
Seeing as apxs actually runs libtool, apxs needs to be told to pass this info
along.
apxs -q reveals LDFLAGS=-L/usr/lib -fstack-protector
This is builtin when apxs is compiled - which may vary from system to system
(which probably explains the hit and miss of functionality).
To override this variable apxs needs to be passed:
apxs -S LDFLAGS=-L/usr/local/lib
So, in order to resolve this issue, line 16 on the work/ Makefile ./apxs.sh arg
4 needs to adjusted to "-S LDFLAGS=-L/usr/local/lib -c".
No patch is supplied here due to concern with the loss of the the other
components of LDFLAGS in apxs (couldn't prepend the -L/usr/local/lib to the
other arguments - _needs to be first_), and that this needs to probably reflect
say GSSAPIBASEDIR or KRB5_HOME or something, but this works:
ldd work/stage/usr/local/libexec/apache24/mod_auth_kerb.so
work/stage/usr/local/libexec/apache24/mod_auth_kerb.so:
libgssapi_krb5.so.2.2 => /usr/local/lib/libgssapi_krb5.so.2.2
(0x801208000)
libkrb5.so.3.3 => /usr/local/lib/libkrb5.so.3.3 (0x801450000)
libk5crypto.so.3.1 => /usr/local/lib/libk5crypto.so.3.1 (0x801736000)
libcom_err.so.3.0 => /usr/local/lib/libcom_err.so.3.0 (0x80196a000)
libc.so.7 => /lib/libc.so.7 (0x800824000)
libkrb5support.so.0.1 => /usr/local/lib/libkrb5support.so.0.1
(0x801b6d000)
libintl.so.8 => /usr/local/lib/libintl.so.8 (0x801d7b000)
service apache24 restart
Performing sanity check on apache24 configuration:
AH00548: NameVirtualHost has no effect and will be removed in the next release
/usr/local/etc/apache24/extra/httpd-vhosts.conf:25
Syntax OK
Stopping apache24.
Waiting for PIDS: 20506.
Performing sanity check on apache24 configuration:
AH00548: NameVirtualHost has no effect and will be removed in the next release
/usr/local/etc/apache24/extra/httpd-vhosts.conf:25
Syntax OK
Starting apache24.
AH00548: NameVirtualHost has no effect and will be removed in the next release
/usr/local/etc/apache24/extra/httpd-vhosts.conf:25
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-apache
mailing list