Commit Graph

198 Commits

Author SHA1 Message Date
will
afad9375d8 Add a ${CP} alias for copying files in the build.
Some users build FreeBSD as non-root in Perforce workspaces.  By default,
Perforce sets files read-only unless they're explicitly being edited.
As a result, the -f argument must be used to cp in order to override the
read-only flag when copying source files to object directories.  Bare use of
'cp' should be avoided in the future.

Update all current users of 'cp' in the src tree.

Reviewed by:	emaste
MFC after:	1 week
Sponsored by:	Spectra Logic
2015-01-16 21:39:08 +00:00
bapt
2f94824303 Remove GNU texinfo from base along with all info pages.
To be able to info pages consider installing texinfo from ports print/texinfo or
via pkg: pkg install texinfo

Differential Revision:	https://reviews.freebsd.org/D1409
Reviewed by:	emaste, imp (previous version)
Relnotes:	yes
2015-01-02 18:45:03 +00:00
bapt
12715e721b Remove now useless USEPRIVATELIB 2014-11-25 22:43:17 +00:00
bapt
3200f33f24 Convert kerberos to LIBADD and reduce overlinking of the kerberos binaries and
libraries
2014-11-25 09:57:42 +00:00
will
673f89d2c7 Fix incremental builds involving non-root users with read-only source files.
This is a followup commit to r271771.

MFC after:	1 month
2014-09-18 14:50:21 +00:00
bdrewery
b619f0c747 Revert r267233 for now. PIE support needs to be reworked.
1. 50+% of NO_PIE use is fixed by adding -fPIC to INTERNALLIB and other
   build-only utility libraries.
2. Another 40% is fixed by generating _pic.a variants of various libraries.
3. Some of the NO_PIE use is a bit absurd as it is disabling PIE (and ASLR)
   where it never would work anyhow, such as csu or loader. This suggests
   there may be better ways of adding support to the tree. Many of these
   cases can be fixed such that -fPIE will work but there is really no
   reason to have it in those cases.
4. Some of the uses are working around hacks done to some Makefiles that are
   really building libraries but have been using bsd.prog.mk because the code
   is cleaner. Had they been using bsd.lib.mk then NO_PIE would not have
   been needed.

We likely do want to enable PIE by default (opt-out) for non-tree consumers
(such as ports). For in-tree though we probably want to only enable PIE
(opt-in) for common attack targets such as remote service daemons and setuid
utilities. This is also a great performance compromise since ASLR is expected
to reduce performance. As such it does not make sense to enable it in all
utilities such as ls(1) that have little benefit to having it enabled.

Reported by:	kib
2014-08-19 15:04:32 +00:00
bapt
8a9380f42c Rework privatelib/internallib
Make sure everything linking to a privatelib and/or an internallib does it directly
from the OBJDIR rather than DESTDIR.
Add src.libnames.mk so bsd.libnames.mk is not polluted by libraries not existsing
in final installation
Introduce the LD* variable which is what ld(1) is expecting (via LDADD) to link to
internal/privatelib
Directly link to the .so in case of private library to avoid having to complexify
LDFLAGS.

Phabric:	https://phabric.freebsd.org/D553
Reviewed by:	imp, emaste
2014-08-06 22:17:26 +00:00
brooks
ea5a037d1f Replace all uses of libncurses and libtermcap with their wide character
variants.  This allows usable file system images (i.e. those with both a
shell and an editor) to be created with only one copy of the curses library.

Exp-run:	antoine
PR:		189842
Discussed with:	bapt
Sponsored by:	DARPA, AFRL
2014-07-17 18:24:34 +00:00
bdrewery
989e2c6000 In preparation for ASLR [1] support add WITH_PIE to support building with -fPIE.
This is currently an opt-in build flag. Once ASLR support is ready and stable
it should changed to opt-out and be enabled by default along with ASLR.

Each application Makefile uses opt-out to ensure that ASLR will be enabled by
default in new directories when the system is compiled with PIE/ASLR. [2]

Mark known build failures as NO_PIE for now.

The only known runtime failure was rtld.

[1] http://www.bsdcan.org/2014/schedule/events/452.en.html
Submitted by:		Shawn Webb <lattera@gmail.com>
Discussed between:	des@ and Shawn Webb [2]
2014-06-08 17:29:31 +00:00
imp
2118f42afd Use src.opts.mk in preference to bsd.own.mk except where we need stuff
from the latter.
2014-05-06 04:22:01 +00:00
imp
a32e8ab24f Use MK_OPENLDAP in preference to WITH_OPENLDAP and make it a default
NO option to match the opt-in nature of the historical nature of this
option.
2014-04-24 23:17:31 +00:00
emaste
2e449e52b6 Fix installworld failure when kerberos source files have new timestamps
If a kerberos .hx source file is newer than the .h copy, but the content
is the same, then during buildworld the "cmp -s || cp" command in the
.hx.h rule would do nothing, leaving the .h copy with the older
timestamp.  During installworld the rule would again be invoked, causing
a failure as neither cmp or cp would exist in the temporary path.

As the underlying issue should be resolved by r262209, unconditionally
copy the file.

No objection:	peter@
Tested by:	gjb@
Sponsored by:	The FreeBSD Foundation
2014-04-22 20:37:07 +00:00
imp
c39e6fc2c9 NO_MAN= has been deprecated in favor of MAN= for some time, go ahead
and finish the job. ncurses is now the only Makefile in the tree that
uses it since it wasn't a simple mechanical change, and will be
addressed in a future commit.
2014-04-13 05:21:56 +00:00
imp
ee2da7ebbe use MK_KERBEROS=no in preference to WITHOUT_KERBEROS 2014-04-05 17:54:50 +00:00
peter
3dfc829bda Revert my commit in r261253; the real problem was tackled in r262209. 2014-02-20 20:53:29 +00:00
peter
af89511727 Really (I think) fix the sporadic heimdal build failures with high -j
levels. The root of the problem was that make was attempting to run up
to three concurrent asn1_compile commands to produce the three outputs
that it was declared to produce.  The failure was caused when the
asn1_compiles were started out of sync and a later one was truncating
the files that another thread was trying to copy.  In reality it is
supposed to be run exactly once and all three outputs are produced in
one pass.

Use the same hack as for the parent's Makefile.inc for the compile_et
multi-output rule.
2014-02-19 07:09:14 +00:00
peter
680cc3ef30 Speculatively replace a cp with a cat for gathering data on a
sporadic parallel build failure in the FreeBSD cluster on many-core
systems with ZFS.  cp uses mmap in this scenario, cat does not.
2014-01-28 22:23:39 +00:00
uqs
1ca260a392 Try and fix the dependency/bootstrap issues in kerberos5
libkafs5 needs a header from libkrb5, it includes this from
${.OBJDIR}/mumble, this used to work fine as long as you happen to have
a krb_err.h in your base system, this doesn't work for bootstrapping or
using a cross-compiler with a different sysroot. This is just a
best-effort bandaid, sufficient parallelism can still break it.

Fix a SRCS override that dropped krb5_err.h.

Discussed with:	stas
2013-12-23 14:23:17 +00:00
des
c3bd228383 Clean up the Kerberos build by turning libheimipcc and libheimipcs into
private shared libraries, instead of hacked-together archives of PIC
objects.  This makes it possible to build a static libkrb5 that works.

Reviewed by:	stas
Approved by:	re (gjb)
2013-09-10 18:40:43 +00:00
rmacklem
c33ddc827e Fix the getpwnam_r() call in the pname_to_uid() kerberos library function so
that it handles the ERANGE error return case. Without this fix, authentication
of users for certain system setups could fail unexpectedly.

Reported by:	Elias Martenson (lokedhs@gmail.com)
Tested by:	Elias Martenson (earlier version)
MFC after:	2 weeks
2013-05-02 12:52:49 +00:00
brooks
da973a9cc0 Add -lheimntlm to LDADD directly.
With the current binutils, symbols from libheimtlm.so are loaded because
it is referenced by DT_NEEDED.  This feature is not implemented in
mclinker (https://code.google.com/p/mclinker/issues/detail?id=104).
I encountered the same issue when linking with a recent devel/binutils
invoked via clang.  This was the only use of DT_NEEDED in the tree so
removing it simplifies toolchain requirements.

Submitted by:	Pete Chou <petechou@gmail.com> (mclinker issue)
2013-02-11 09:45:24 +00:00
brooks
f98d7b3151 Only try to install one link at each path.
Don't install verify_krb5_conf.8.  It is installed in
kerberos5/usr.bin/verify_krb5_conf.
2013-01-23 23:49:35 +00:00
marcel
52e7fd7c54 Add support for bmake. This includes:
1.  Don't do upgrade_checks when using bmake. As long as we have WITH_BMAKE,
    there's a bootstrap complication in ths respect. Avoid it. Make the
    necessary changes to have upgrade_checks work wth bmake anyway.
2.  Remove the use of -E. It's not needed in our build because we use ?= for
    the respective variables, which means that we'll take the environment
    value (if any) anyway.
3.  Properly declare phony targets as phony as bmake is a lot smarter (and
    thus agressive) about build avoidance.
4.  Make sure CLEANFILES is complete and use it on .NOPATH. bmake is a lot
    smarter about build avoidance and should not find files we generate in
    the source tree. We should not have files in the repository we want to
    generate, but this is an easier way to cross this hurdle.
5.  Have behavior under bmake the same as it is under make with respect to
    halting when sub-commands fail. Add "set -e" to compound commands so
    that bmake is informed when sub-commands fail.
6.  Make sure crunchgen uses the same make as the rest of the build. This
    is important when the make utility isn't called make (but bmake for
    example).
7.  While here, add support for using MAKEOBJDIR to set the object tree
    location. It's the second alternative bmake looks for when determining
    the actual object directory (= .OBJDIR).

Submitted by:	Simon Gerraty <sjg@juniper.net>
Submitted by:	John Van Horne <jvanhorne@juniper.net>
2012-10-06 20:01:05 +00:00
obrien
2948183cec Centralize the specification of the krb5 build tools. 2012-06-01 21:26:28 +00:00
obrien
928a481c65 * Remove headers from SRCS that are not generated
(and are in /usr/src/crypto/heimdal/).

* Avoid race conditions with 'make -j<N>'.
2012-05-30 22:21:25 +00:00
stas
e98d05b4f0 - Update FreeBSD's Heimdal distribution to 1.5.2. This is a bugfix
release, which fixes a DoS issue in libkrb5.
2012-04-08 08:19:17 +00:00
stas
dad1111000 - Add a "real" symbol version map to libasn1. The upstream version
of the version map just exported all the symbols, which caused a
  binutils bug being triggered when ld fails to link two objects, one
  of which exports a versioned version of the symbol, and another --
  unversioned. [1]
- Also add version map for libkafs5.

Submitted by:	jchandra@ (based on)
2012-04-08 04:22:09 +00:00
jmallett
4544b2987d Assume a big-endian default on MIPS and drop the "eb" suffix from MACHINE_ARCH.
This makes our naming scheme more closely match other systems and the
expectations of much third-party software.  MIPS builds which are little-endian
should require and exhibit no changes.  Big-endian TARGET_ARCHes must be
changed:
	From:		To:
	mipseb		mips
	mipsn32eb	mipsn32
	mips64eb	mips64

An entry has been added to UPDATING and some foot-shooting protection (complete
with warnings which should become errors in the near future) to the top-level
base system Makefile.
2012-03-29 02:54:35 +00:00
stas
fc5b106034 - Apply binutils workaround on mips.mips as well. Though this TARGET_ARCH
is deprecated, tinderbox uses it.
2012-03-24 00:42:38 +00:00
stas
e7e0b34988 - Update FreeBSD Heimdal distribution to version 1.5.1. This also brings
several new kerberos related libraries and applications to FreeBSD:
  o kgetcred(1) allows one to manually get a ticket for a particular service.
  o kf(1) securily forwards ticket to another host through an authenticated
    and encrypted stream.
  o kcc(1) is an umbrella program around klist(1), kswitch(1), kgetcred(1)
    and other user kerberos operations. klist and kswitch are just symlinks
    to kcc(1) now.
  o kswitch(1) allows you to easily switch between kerberos credentials if
    you're running KCM.
  o hxtool(1) is a certificate management tool to use with PKINIT.
  o string2key(1) maps a password into key.
  o kdigest(8) is a userland tool to access the KDC's digest interface.
  o kimpersonate(8) creates a "fake" ticket for a service.

  We also now install manpages for some lirbaries that were not installed
  before, libheimntlm and libhx509.

- The new HEIMDAL version no longer supports Kerberos 4.  All users are
  recommended to switch to Kerberos 5.

- Weak ciphers are now disabled by default.  To enable DES support (used
  by telnet(8)), use "allow_weak_crypto" option in krb5.conf.

- libtelnet, pam_ksu and pam_krb5 are now compiled with error on warnings
  disabled due to the function they use (krb5_get_err_text(3)) being
  deprecated.  I plan to work on this next.

- Heimdal's KDC now require sqlite to operate.  We use the bundled version
  and install it as libheimsqlite.  If some other FreeBSD components will
  require it in the future we can rename it to libbsdsqlite and use for these
  components as well.

- This is not a latest Heimdal version, the new one was released while I was
  working on the update.  I will update it to 1.5.2 soon, as it fixes some
  important bugs and security issues.
2012-03-22 08:48:42 +00:00
ume
e27fef4e5f Don't support OpenLDAP during lib32 build. 2011-12-06 12:03:01 +00:00
ume
7a41e563a7 - Make heimdal buildable with WITH_OPENLDAP defined, again.
- Our heimdal uses the deprecated OpenLDAP functions.
2011-12-05 16:38:52 +00:00
fjoe
72e217547f Link with -ledit instead of -lreadline. 2011-11-29 03:49:03 +00:00
stas
d35869ca7e - Add missing interdependencies to kerberos libraries. Some of the
kerberos libraries were not linked properly (missing dependencies),
  which causes 3rd party applications linking to fail when --as-needed
  ld flag is used.  I also added the --no-undefined ld(1) flag to make
  sure that there're no missing dependencies.

MFC after:	3 days
2011-09-27 07:14:12 +00:00
marius
1b609861c8 The kerberos5 tools are only used as build tools but not otherwise and
didn't get installed either.

MFC after:	1 week
2011-06-25 16:13:56 +00:00
antoine
36f3e22925 Fix a typo.
MFC after:	1 month
2010-01-09 18:53:03 +00:00
antoine
2c83252eff Fix a typo.
MFC after:	1 month
2010-01-09 18:51:50 +00:00
bland
41b941dc80 Link GSS mechanics modules against libgssapi so they will not fail due
unresolved symbol errors when in turn libgssapi was loaded with RTLD_LOCAL
flag set (which is the default).

Reviewed by:	dfr, jhb
MFC after:	3 days
2009-10-12 17:10:51 +00:00
delphij
f928371bf4 Disconnect closefrom.c as we have it as a system call. 2009-06-16 00:09:06 +00:00
delphij
56adb57f99 Now we have closefrom(). 2009-06-15 23:03:38 +00:00
kib
2e6f1edb43 Add strndup(3) prototype to string.h.
This change was erronously ommitted from the r185690, and attempt
to simply add the prototype to string.h has revealed that several
contributed programs defined local prototypes for strndup(), controlled
by autoconfed config.h. So, manually change #undef HAVE_STRNDUP to
#define HAVE_STRNDUP 1. Next import of the corresponding program would
regenerate config.h, overriding the changes in this commit.

No objections from: kan
2008-12-08 21:04:24 +00:00
dfr
ea3d7030c0 Add an implementation of the RPCSEC_GSS authentication protocol for RPC. This
is based on an old implementation from the University of Michigan with lots of
changes and fixes by me and the addition of a Solaris-compatible API.

Sponsored by:	Isilon Systems
Reviewed by:	alfred
2008-08-06 14:02:05 +00:00
marius
3807b1c27a Add roken.h to SRCS. This fixes the compilation of slc during a
buildworld on a host running a world built with WITHOUT_KERBEROS
defined.
2008-06-18 21:20:50 +00:00
dfr
5bf9c97013 Add the hx509 error table. 2008-05-15 08:53:31 +00:00
dfr
a3e613640d Add manpage links to krb5_principal.3. 2008-05-11 10:32:37 +00:00
dfr
a7865e4ffe Don't try to make links to manpages that no longer exist. Fixes installworld
Submitted by: phk
2008-05-11 08:27:17 +00:00
dfr
4f251e2f8c Update magic sed script for heimdal-1.1 2008-05-09 13:27:20 +00:00
dfr
72cd8a18af Update heimdal_version.
Pointed out by: antoine@
2008-05-08 13:11:34 +00:00
dfr
be0348cb75 Fix conflicts after heimdal-1.1 import and add build infrastructure. Import
all non-style changes made by heimdal to our own libgssapi.
2008-05-07 13:53:12 +00:00
kensmith
55889a3fe4 While checking over the libraries for 7.0-REL Kris found the following
libraries had not had their versions bumped relative to 6.3-REL but
had indeed been changed.  We need to bump their version so they can be
properly added to the compat6x port:

	libasn1.so.8 libgssapi.so.8 libhdb.so.8 libkadm5clnt.so.8
	libkadm5srv.so.8 libkafs5.so.8 libkrb5.so.8 libobjc.so.2

MFC After:	1 day
2007-11-20 04:20:32 +00:00