If a kerberos .hx source file is newer than the .h copy, but the content
is the same, then during buildworld the "cmp -s || cp" command in the
.hx.h rule would do nothing, leaving the .h copy with the older
timestamp. During installworld the rule would again be invoked, causing
a failure as neither cmp or cp would exist in the temporary path.
As the underlying issue should be resolved by r262209, unconditionally
copy the file.
No objection: peter@
Tested by: gjb@
Sponsored by: The FreeBSD Foundation
and finish the job. ncurses is now the only Makefile in the tree that
uses it since it wasn't a simple mechanical change, and will be
addressed in a future commit.
levels. The root of the problem was that make was attempting to run up
to three concurrent asn1_compile commands to produce the three outputs
that it was declared to produce. The failure was caused when the
asn1_compiles were started out of sync and a later one was truncating
the files that another thread was trying to copy. In reality it is
supposed to be run exactly once and all three outputs are produced in
one pass.
Use the same hack as for the parent's Makefile.inc for the compile_et
multi-output rule.
libkafs5 needs a header from libkrb5, it includes this from
${.OBJDIR}/mumble, this used to work fine as long as you happen to have
a krb_err.h in your base system, this doesn't work for bootstrapping or
using a cross-compiler with a different sysroot. This is just a
best-effort bandaid, sufficient parallelism can still break it.
Fix a SRCS override that dropped krb5_err.h.
Discussed with: stas
private shared libraries, instead of hacked-together archives of PIC
objects. This makes it possible to build a static libkrb5 that works.
Reviewed by: stas
Approved by: re (gjb)
that it handles the ERANGE error return case. Without this fix, authentication
of users for certain system setups could fail unexpectedly.
Reported by: Elias Martenson (lokedhs@gmail.com)
Tested by: Elias Martenson (earlier version)
MFC after: 2 weeks
With the current binutils, symbols from libheimtlm.so are loaded because
it is referenced by DT_NEEDED. This feature is not implemented in
mclinker (https://code.google.com/p/mclinker/issues/detail?id=104).
I encountered the same issue when linking with a recent devel/binutils
invoked via clang. This was the only use of DT_NEEDED in the tree so
removing it simplifies toolchain requirements.
Submitted by: Pete Chou <petechou@gmail.com> (mclinker issue)
1. Don't do upgrade_checks when using bmake. As long as we have WITH_BMAKE,
there's a bootstrap complication in ths respect. Avoid it. Make the
necessary changes to have upgrade_checks work wth bmake anyway.
2. Remove the use of -E. It's not needed in our build because we use ?= for
the respective variables, which means that we'll take the environment
value (if any) anyway.
3. Properly declare phony targets as phony as bmake is a lot smarter (and
thus agressive) about build avoidance.
4. Make sure CLEANFILES is complete and use it on .NOPATH. bmake is a lot
smarter about build avoidance and should not find files we generate in
the source tree. We should not have files in the repository we want to
generate, but this is an easier way to cross this hurdle.
5. Have behavior under bmake the same as it is under make with respect to
halting when sub-commands fail. Add "set -e" to compound commands so
that bmake is informed when sub-commands fail.
6. Make sure crunchgen uses the same make as the rest of the build. This
is important when the make utility isn't called make (but bmake for
example).
7. While here, add support for using MAKEOBJDIR to set the object tree
location. It's the second alternative bmake looks for when determining
the actual object directory (= .OBJDIR).
Submitted by: Simon Gerraty <sjg@juniper.net>
Submitted by: John Van Horne <jvanhorne@juniper.net>
of the version map just exported all the symbols, which caused a
binutils bug being triggered when ld fails to link two objects, one
of which exports a versioned version of the symbol, and another --
unversioned. [1]
- Also add version map for libkafs5.
Submitted by: jchandra@ (based on)
This makes our naming scheme more closely match other systems and the
expectations of much third-party software. MIPS builds which are little-endian
should require and exhibit no changes. Big-endian TARGET_ARCHes must be
changed:
From: To:
mipseb mips
mipsn32eb mipsn32
mips64eb mips64
An entry has been added to UPDATING and some foot-shooting protection (complete
with warnings which should become errors in the near future) to the top-level
base system Makefile.
several new kerberos related libraries and applications to FreeBSD:
o kgetcred(1) allows one to manually get a ticket for a particular service.
o kf(1) securily forwards ticket to another host through an authenticated
and encrypted stream.
o kcc(1) is an umbrella program around klist(1), kswitch(1), kgetcred(1)
and other user kerberos operations. klist and kswitch are just symlinks
to kcc(1) now.
o kswitch(1) allows you to easily switch between kerberos credentials if
you're running KCM.
o hxtool(1) is a certificate management tool to use with PKINIT.
o string2key(1) maps a password into key.
o kdigest(8) is a userland tool to access the KDC's digest interface.
o kimpersonate(8) creates a "fake" ticket for a service.
We also now install manpages for some lirbaries that were not installed
before, libheimntlm and libhx509.
- The new HEIMDAL version no longer supports Kerberos 4. All users are
recommended to switch to Kerberos 5.
- Weak ciphers are now disabled by default. To enable DES support (used
by telnet(8)), use "allow_weak_crypto" option in krb5.conf.
- libtelnet, pam_ksu and pam_krb5 are now compiled with error on warnings
disabled due to the function they use (krb5_get_err_text(3)) being
deprecated. I plan to work on this next.
- Heimdal's KDC now require sqlite to operate. We use the bundled version
and install it as libheimsqlite. If some other FreeBSD components will
require it in the future we can rename it to libbsdsqlite and use for these
components as well.
- This is not a latest Heimdal version, the new one was released while I was
working on the update. I will update it to 1.5.2 soon, as it fixes some
important bugs and security issues.
kerberos libraries were not linked properly (missing dependencies),
which causes 3rd party applications linking to fail when --as-needed
ld flag is used. I also added the --no-undefined ld(1) flag to make
sure that there're no missing dependencies.
MFC after: 3 days
This change was erronously ommitted from the r185690, and attempt
to simply add the prototype to string.h has revealed that several
contributed programs defined local prototypes for strndup(), controlled
by autoconfed config.h. So, manually change #undef HAVE_STRNDUP to
#define HAVE_STRNDUP 1. Next import of the corresponding program would
regenerate config.h, overriding the changes in this commit.
No objections from: kan
is based on an old implementation from the University of Michigan with lots of
changes and fixes by me and the addition of a Solaris-compatible API.
Sponsored by: Isilon Systems
Reviewed by: alfred
libraries had not had their versions bumped relative to 6.3-REL but
had indeed been changed. We need to bump their version so they can be
properly added to the compat6x port:
libasn1.so.8 libgssapi.so.8 libhdb.so.8 libkadm5clnt.so.8
libkadm5srv.so.8 libkafs5.so.8 libkrb5.so.8 libobjc.so.2
MFC After: 1 day
In the Heimdal distro, only kerberized telnet refers to INET6,
but we don't build it, we use contrib/telnet linked with the
Kerberos libs instead.
Tested with: cmp(1)
similar the the Solaris implementation. Repackage the krb5 GSS mechanism
as a plugin library for the new implementation. This also includes a
comprehensive set of manpages for the GSS-API functions with text mostly
taken from the RFC.
Reviewed by: Love Hörnquist Åstrand <lha@it.su.se>, ru (build system), des (openssh parts)
causes them to be recreated (if needed) early, when doing "make
depend" here, before generating headers that depend on them.
This should fix breakages often seen while doing incremental
(NO_CLEAN) cross-builds.