Palle Girgensohn
2005-Oct-14 07:04 UTC
linking problems with heimdal in base (ports version works)
Hi!
I'm having some difficulties using the heimdal installed from /usr/src.
Here's the difference between the heimdal port and the heimdal distributed
in the base:
$ ldd /usr/local/lib/libkrb5.so
/usr/local/lib/libkrb5.so:
libcrypto.so.3 => /lib/libcrypto.so.3 (0x281b3000)
libasn1.so.6 => /usr/local/lib/libasn1.so.6 (0x282c4000)
libroken.so.16 => /usr/local/lib/libroken.so.16 (0x282ea000)
libcrypt.so.2 => /lib/libcrypt.so.2 (0x282f8000)
libcom_err.so.2 => /usr/lib/libcom_err.so.2 (0x28311000)
$ ldd /usr/lib/libkrb5.so
/usr/lib/libkrb5.so:
$
This gives me problems. I maintain the postgresql ports, and postgresql
supports Kerberos. Problem is, when installing the heimdal port, everything
works fine, but when using the base heimdal, I can't get programs linking
with postgresq's libpq.so to link, since the configure scripts cannot find
symbols that are in for example libasn1.so. Most ports seem to only pick up
the -lkrb5, not all the other libs needed. Shouldn't they be provided by
libkrb5.so in the same way as the ports' version does?
An example:
make sure there's no heimdal port installed
install databases/postgresql80-client with heimdal kerberos support (make
config; make install)
then try to build databases/postgresql-libpqxx
it fails when it cannot find a bunch of symbols in libkrb5.so (they exist
in the other libs listed above).
configure:20825: checking for ability to link with libpq
configure:20828: checking for main in -lpq
configure:20852: cc -o conftest -O -pipe -march=athlon-xp
-I/usr/local/include -L/usr/local/lib conftest.c -lpq -L/usr/local/lib
>&5
/usr/lib/libkrb5.so.7: undefined reference to `length_PA_ENC_TS_ENC'
/usr/lib/libkrb5.so.7: undefined reference to `length_KDC_REQ_BODY'
/usr/lib/libkrb5.so.7: undefined reference to `free_Principal'
/usr/lib/libkrb5.so.7: undefined reference to `bswap16'
/usr/lib/libkrb5.so.7: undefined reference to `length_EncKrbCredPart'
/usr/lib/libkrb5.so.7: undefined reference to `copy_Realm'
/usr/lib/libkrb5.so.7: undefined reference to `strlwr'
/usr/lib/libkrb5.so.7: undefined reference to `length_TGS_REQ'
...
I don't now enough about the inner secrets of linking, but I do know that
the way the heimdal port's libkrb5.so is built and installed, everything
works, whereas the base heimdal makes it fail.
FreeBSD-5-stable & 5.4p6
Any ideas how to pursue this?
Thanks,
Palle
Michael Nottebrock
2005-Oct-14 08:29 UTC
linking problems with heimdal in base (ports version works)
On Friday, 14. October 2005 16:04, Palle Girgensohn wrote:> This gives me problems. I maintain the postgresql ports, and postgresql > supports Kerberos. Problem is, when installing the heimdal port, everything > works fine, but when using the base heimdal, I can't get programs linking > with postgresq's libpq.so to link, since the configure scripts cannot find > symbols that are in for example libasn1.so. Most ports seem to only pick up > the -lkrb5, not all the other libs needed.Then those ports are buggy. The respective configure scripts should run krb5-config --libs and use that output to determine which additional libraries need to be linked in. -- ,_, | Michael Nottebrock | lofi@freebsd.org (/^ ^\) | FreeBSD - The Power to Serve | http://www.freebsd.org \u/ | K Desktop Environment on FreeBSD | http://freebsd.kde.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20051014/184ef424/attachment.bin
Palle Girgensohn
2005-Oct-30 16:04 UTC
linking problems with heimdal in base (ports version works)
--On m?ndag, oktober 17, 2005 18.18.56 -0400 Brian Fundakowski Feldman <green@freebsd.org> wrote:> On Sun, Oct 16, 2005 at 09:04:58PM +0400, Igor Pokrovsky wrote: >> On Sun, Oct 16, 2005 at 06:35:51PM +0200, Michael Nottebrock wrote: >> > On Sunday, 16. October 2005 09:06, Igor Pokrovsky wrote: >> > > On Fri, Oct 14, 2005 at 09:49:51PM +0200, Michael Nottebrock wrote: >> > > > On Friday, 14. October 2005 21:11, Igor Pokrovsky wrote: >> > > > > > Still, isn't it strange that the kerberos libs don't have any >> > > > > > dependencies registered? A quick check shows that they are >> > > > > > almost the only libs in /usr/lib that have zero output from >> > > > > > ldd. >> > > > > >> > > > > Probably they are statically linked. >> > > > >> > > > No, static libraries don't come with an .so extension. :-) >> > > >> > > No, you missed my point. I mean that kerberos libs are dynamic but >> > > linked against other libraries statically. >> > >> > If they were, there would be no problem in the first place. >> >> Sorry, it seems I missed a part of the thread. > > Either the ports that use libkrb5 must know its dependencies or they > must be encoded in the shared library's header as dependencies. I vote > for #1 because it's too late for #2. See previous post about how to > solve this.Hi, I'm back on this subject. Just to make things clear: there are no static linking in heimdal. The dependencies between the different libs are just not registered in the base userland dist, but they are in the heimdal port. The Postgresql port does make use of krb5-config --libs. Problem is, they don't get into libpq.so, so all dependant ports must also know that they need kerberos if postgresql was linked with it. the pg_config utility has no way of helping out here. My view is that the base heimdal installation is buggy, it should register dependencies between the shared libs. Here's how libpq.so is linked: palle:libpq$ cc -O -pipe -march=athlon-xp -Wall -Wmissing-prototypes -Wpointer-arith -Wdeclaration-after-statement -Wold-style-definition -Wendif-labels -fno-strict-aliasing -fPIC -DPIC -shared -Wl,-x,-soname,libpq.so.4 fe-auth.o fe-connect.o fe-exec.o fe-misc.o fe-print.o fe-lobj.o fe-protocol2.o fe-protocol3.o pqexpbuffer.o pqsignal.o fe-secure.o md5.o ip.o wchar.o encnames.o noblock.o pgstrcasecmp.o thread.o -L../../../src/port -L/usr/lib -L/usr/local/lib -lssl -lcrypto -lkrb5 -lcrypto -lcrypt -lroken -lasn1 -lcom_err -Wl,-R/usr/local/lib -o libpq.so.4 palle:libpq$ ldd libpq.so libpq.so: libssl.so.3 => /usr/lib/libssl.so.3 (0x28190000) libcrypto.so.3 => /lib/libcrypto.so.3 (0x281c3000) libkrb5.so.7 => /usr/lib/libkrb5.so.7 (0x282d4000) libcrypt.so.2 => /lib/libcrypt.so.2 (0x28312000) libcom_err.so.2 => /usr/lib/libcom_err.so.2 (0x2832b000) palle:libpq$ as you can see, the libasn1 is missing, and that fact makes other stuff, like libpqxx, fail to build, since it misses symbols: configure:20828: checking for main in -lpq configure:20852: cc -o conftest -O -pipe -march=athlon-xp -I/usr/local/include -L/usr/local/lib conftest.c -lpq -L/usr/local/lib >&5 /usr/lib/libkrb5.so.7: undefined reference to `length_PA_ENC_TS_ENC' /usr/lib/libkrb5.so.7: undefined reference to `length_KDC_REQ_BODY' /usr/lib/libkrb5.so.7: undefined reference to `free_Principal' /usr/lib/libkrb5.so.7: undefined reference to `bswap16' /usr/lib/libkrb5.so.7: undefined reference to `length_EncKrbCredPart' /usr/lib/libkrb5.so.7: undefined reference to `copy_Realm' /usr/lib/libkrb5.so.7: undefined reference to `strlwr' /usr/lib/libkrb5.so.7: undefined reference to `length_TGS_REQ' /usr/lib/libkrb5.so.7: undefined reference to `decode_TGS_REP' /usr/lib/libkrb5.so.7: undefined reference to `copy_PrincipalName' Now, you might argue that every single port must know that it shall use kerberos, and add relevant libs to its linker lines, but why all that effort? The security/heimdal port has dependencies registered, so that works fine to link. (The base heimdal must be removed so it won't be picked up by the linker) Is there any way to "force" dependencies into a lib? If so, I could register -lasn1 in libpq.som and everything would be dandy. If you need to fresh your memory up, here's the original question:> I'm having some difficulties using postgresql version 8.0.x with heimdal > installed from /usr/src (i.e. the base system). This is on FreeBSD-5.x. > When using the port of heimdal, from /usr/ports/security/heimdal, it > works. > > The port install into /usr/local, whereas the base system is in /usr. > Here's the difference between the heimdal port and the heimdal > distributed in the base: > > $ ldd /usr/local/lib/libkrb5.so > /usr/local/lib/libkrb5.so: > libcrypto.so.3 => /lib/libcrypto.so.3 (0x281b3000) > libasn1.so.6 => /usr/local/lib/libasn1.so.6 (0x282c4000) > libroken.so.16 => /usr/local/lib/libroken.so.16 (0x282ea000) > libcrypt.so.2 => /lib/libcrypt.so.2 (0x282f8000) > libcom_err.so.2 => /usr/lib/libcom_err.so.2 (0x28311000) > $ ldd /usr/lib/libkrb5.so > /usr/lib/libkrb5.so: > $ > > Same goes for the other heimdal libs, libasn1.so and libcom_err.so. > > I don't know enough about linking details, but shouldn't the > /usr/lib/libkrb5.so lib also contain info about libraries it depends on?... Regards, Palle