Commit Graph

123 Commits

Author SHA1 Message Date
jkim
37e1f5956c Fix a typo introduced in r262209.
MFC after:	3 days
2015-06-18 21:18:43 +00:00
sjg
852129abd1 new depends 2015-06-16 23:37:19 +00:00
sjg
008d7c831f Add META_MODE support.
Off by default, build behaves normally.
WITH_META_MODE we get auto objdir creation, the ability to
start build from anywhere in the tree.

Still need to add real targets under targets/ to build packages.

Differential Revision:       D2796
Reviewed by: brooks imp
2015-06-13 19:20:56 +00:00
sjg
750b155101 Misc fixes from projects/bmake
Differential Revision:       D2748
Reviewed by: brooks imp
2015-06-11 21:13:05 +00:00
sjg
4ad90ad1b7 Explain why NO_BEFOREBUILD_INCLUDES is needed 2015-06-10 19:51:35 +00:00
sjg
de79e1941d Explain why NO_BEFOREBUILD_INCLUDES is needed 2015-06-10 19:48:45 +00:00
sjg
cce9a8030d Explain why NO_BEFOREBUILD_INCLUDES is needed 2015-06-10 04:57:09 +00:00
sjg
75a137820d dirdeps.mk now sets DEP_RELDIR 2015-06-08 23:35:17 +00:00
sjg
65145fa4c8 Merge sync of head 2015-05-27 01:19:58 +00:00
bapt
4baf3c11e2 Make kerberos use the same sqlite libraries as other sqlite consumer.
This reduces the number of copy of sqlite we have to just one and easier
tracking version of sqlite

Differential Revision:	https://reviews.freebsd.org/D2443
Reviewed by:	imp, stas, bjk
2015-05-20 18:56:29 +00:00
will
afad9375d8 Add a ${CP} alias for copying files in the build.
Some users build FreeBSD as non-root in Perforce workspaces.  By default,
Perforce sets files read-only unless they're explicitly being edited.
As a result, the -f argument must be used to cp in order to override the
read-only flag when copying source files to object directories.  Bare use of
'cp' should be avoided in the future.

Update all current users of 'cp' in the src tree.

Reviewed by:	emaste
MFC after:	1 week
Sponsored by:	Spectra Logic
2015-01-16 21:39:08 +00:00
bapt
12715e721b Remove now useless USEPRIVATELIB 2014-11-25 22:43:17 +00:00
bapt
3200f33f24 Convert kerberos to LIBADD and reduce overlinking of the kerberos binaries and
libraries
2014-11-25 09:57:42 +00:00
sjg
b137080f19 Merge from head@274682 2014-11-19 01:07:58 +00:00
will
673f89d2c7 Fix incremental builds involving non-root users with read-only source files.
This is a followup commit to r271771.

MFC after:	1 month
2014-09-18 14:50:21 +00:00
bapt
8a9380f42c Rework privatelib/internallib
Make sure everything linking to a privatelib and/or an internallib does it directly
from the OBJDIR rather than DESTDIR.
Add src.libnames.mk so bsd.libnames.mk is not polluted by libraries not existsing
in final installation
Introduce the LD* variable which is what ld(1) is expecting (via LDADD) to link to
internal/privatelib
Directly link to the .so in case of private library to avoid having to complexify
LDFLAGS.

Phabric:	https://phabric.freebsd.org/D553
Reviewed by:	imp, emaste
2014-08-06 22:17:26 +00:00
sjg
0cd450d4c1 Supress beforebuild dependency on buildincludes 2014-05-16 14:42:34 +00:00
sjg
5860f0d106 Updated dependencies 2014-05-16 14:09:51 +00:00
sjg
1a7e48acf1 Updated dependencies 2014-05-10 05:16:28 +00:00
sjg
5e568154a0 Merge head 2014-04-28 07:50:45 +00:00
emaste
2e449e52b6 Fix installworld failure when kerberos source files have new timestamps
If a kerberos .hx source file is newer than the .h copy, but the content
is the same, then during buildworld the "cmp -s || cp" command in the
.hx.h rule would do nothing, leaving the .h copy with the older
timestamp.  During installworld the rule would again be invoked, causing
a failure as neither cmp or cp would exist in the temporary path.

As the underlying issue should be resolved by r262209, unconditionally
copy the file.

No objection:	peter@
Tested by:	gjb@
Sponsored by:	The FreeBSD Foundation
2014-04-22 20:37:07 +00:00
peter
3dfc829bda Revert my commit in r261253; the real problem was tackled in r262209. 2014-02-20 20:53:29 +00:00
peter
af89511727 Really (I think) fix the sporadic heimdal build failures with high -j
levels. The root of the problem was that make was attempting to run up
to three concurrent asn1_compile commands to produce the three outputs
that it was declared to produce.  The failure was caused when the
asn1_compiles were started out of sync and a later one was truncating
the files that another thread was trying to copy.  In reality it is
supposed to be run exactly once and all three outputs are produced in
one pass.

Use the same hack as for the parent's Makefile.inc for the compile_et
multi-output rule.
2014-02-19 07:09:14 +00:00
peter
680cc3ef30 Speculatively replace a cp with a cat for gathering data on a
sporadic parallel build failure in the FreeBSD cluster on many-core
systems with ZFS.  cp uses mmap in this scenario, cat does not.
2014-01-28 22:23:39 +00:00
uqs
1ca260a392 Try and fix the dependency/bootstrap issues in kerberos5
libkafs5 needs a header from libkrb5, it includes this from
${.OBJDIR}/mumble, this used to work fine as long as you happen to have
a krb_err.h in your base system, this doesn't work for bootstrapping or
using a cross-compiler with a different sysroot. This is just a
best-effort bandaid, sufficient parallelism can still break it.

Fix a SRCS override that dropped krb5_err.h.

Discussed with:	stas
2013-12-23 14:23:17 +00:00
sjg
292ec5d301 Updated dependencies 2013-10-13 00:24:00 +00:00
sjg
ff87b5d147 Merge head 2013-09-11 18:16:18 +00:00
des
c3bd228383 Clean up the Kerberos build by turning libheimipcc and libheimipcs into
private shared libraries, instead of hacked-together archives of PIC
objects.  This makes it possible to build a static libkrb5 that works.

Reviewed by:	stas
Approved by:	re (gjb)
2013-09-10 18:40:43 +00:00
sjg
62bb106222 Merge from head 2013-09-05 20:18:59 +00:00
rmacklem
c33ddc827e Fix the getpwnam_r() call in the pname_to_uid() kerberos library function so
that it handles the ERANGE error return case. Without this fix, authentication
of users for certain system setups could fail unexpectedly.

Reported by:	Elias Martenson (lokedhs@gmail.com)
Tested by:	Elias Martenson (earlier version)
MFC after:	2 weeks
2013-05-02 12:52:49 +00:00
sjg
6d37b86f2b Updated dependencies 2013-03-11 17:21:52 +00:00
sjg
0ee5295509 Updated dependencies 2013-02-16 01:23:54 +00:00
obrien
3028e3f8ab Sync with HEAD. 2013-02-08 16:10:16 +00:00
brooks
f98d7b3151 Only try to install one link at each path.
Don't install verify_krb5_conf.8.  It is installed in
kerberos5/usr.bin/verify_krb5_conf.
2013-01-23 23:49:35 +00:00
sjg
c7233a669a We need headers from ${KRB5DIR}/include too 2012-11-08 21:30:54 +00:00
sjg
9f7bd28e77 Updated/new Makefile.depend 2012-11-08 21:24:17 +00:00
marcel
9dd41e3647 Sync FreeBSD's bmake branch with Juniper's internal bmake branch.
Requested by: Simon Gerraty <sjg@juniper.net>
2012-08-22 19:25:57 +00:00
obrien
2948183cec Centralize the specification of the krb5 build tools. 2012-06-01 21:26:28 +00:00
obrien
928a481c65 * Remove headers from SRCS that are not generated
(and are in /usr/src/crypto/heimdal/).

* Avoid race conditions with 'make -j<N>'.
2012-05-30 22:21:25 +00:00
stas
dad1111000 - Add a "real" symbol version map to libasn1. The upstream version
of the version map just exported all the symbols, which caused a
  binutils bug being triggered when ld fails to link two objects, one
  of which exports a versioned version of the symbol, and another --
  unversioned. [1]
- Also add version map for libkafs5.

Submitted by:	jchandra@ (based on)
2012-04-08 04:22:09 +00:00
jmallett
4544b2987d Assume a big-endian default on MIPS and drop the "eb" suffix from MACHINE_ARCH.
This makes our naming scheme more closely match other systems and the
expectations of much third-party software.  MIPS builds which are little-endian
should require and exhibit no changes.  Big-endian TARGET_ARCHes must be
changed:
	From:		To:
	mipseb		mips
	mipsn32eb	mipsn32
	mips64eb	mips64

An entry has been added to UPDATING and some foot-shooting protection (complete
with warnings which should become errors in the near future) to the top-level
base system Makefile.
2012-03-29 02:54:35 +00:00
stas
fc5b106034 - Apply binutils workaround on mips.mips as well. Though this TARGET_ARCH
is deprecated, tinderbox uses it.
2012-03-24 00:42:38 +00:00
stas
e7e0b34988 - Update FreeBSD Heimdal distribution to version 1.5.1. This also brings
several new kerberos related libraries and applications to FreeBSD:
  o kgetcred(1) allows one to manually get a ticket for a particular service.
  o kf(1) securily forwards ticket to another host through an authenticated
    and encrypted stream.
  o kcc(1) is an umbrella program around klist(1), kswitch(1), kgetcred(1)
    and other user kerberos operations. klist and kswitch are just symlinks
    to kcc(1) now.
  o kswitch(1) allows you to easily switch between kerberos credentials if
    you're running KCM.
  o hxtool(1) is a certificate management tool to use with PKINIT.
  o string2key(1) maps a password into key.
  o kdigest(8) is a userland tool to access the KDC's digest interface.
  o kimpersonate(8) creates a "fake" ticket for a service.

  We also now install manpages for some lirbaries that were not installed
  before, libheimntlm and libhx509.

- The new HEIMDAL version no longer supports Kerberos 4.  All users are
  recommended to switch to Kerberos 5.

- Weak ciphers are now disabled by default.  To enable DES support (used
  by telnet(8)), use "allow_weak_crypto" option in krb5.conf.

- libtelnet, pam_ksu and pam_krb5 are now compiled with error on warnings
  disabled due to the function they use (krb5_get_err_text(3)) being
  deprecated.  I plan to work on this next.

- Heimdal's KDC now require sqlite to operate.  We use the bundled version
  and install it as libheimsqlite.  If some other FreeBSD components will
  require it in the future we can rename it to libbsdsqlite and use for these
  components as well.

- This is not a latest Heimdal version, the new one was released while I was
  working on the update.  I will update it to 1.5.2 soon, as it fixes some
  important bugs and security issues.
2012-03-22 08:48:42 +00:00
ume
7a41e563a7 - Make heimdal buildable with WITH_OPENLDAP defined, again.
- Our heimdal uses the deprecated OpenLDAP functions.
2011-12-05 16:38:52 +00:00
stas
d35869ca7e - Add missing interdependencies to kerberos libraries. Some of the
kerberos libraries were not linked properly (missing dependencies),
  which causes 3rd party applications linking to fail when --as-needed
  ld flag is used.  I also added the --no-undefined ld(1) flag to make
  sure that there're no missing dependencies.

MFC after:	3 days
2011-09-27 07:14:12 +00:00
bland
41b941dc80 Link GSS mechanics modules against libgssapi so they will not fail due
unresolved symbol errors when in turn libgssapi was loaded with RTLD_LOCAL
flag set (which is the default).

Reviewed by:	dfr, jhb
MFC after:	3 days
2009-10-12 17:10:51 +00:00
delphij
f928371bf4 Disconnect closefrom.c as we have it as a system call. 2009-06-16 00:09:06 +00:00
dfr
ea3d7030c0 Add an implementation of the RPCSEC_GSS authentication protocol for RPC. This
is based on an old implementation from the University of Michigan with lots of
changes and fixes by me and the addition of a Solaris-compatible API.

Sponsored by:	Isilon Systems
Reviewed by:	alfred
2008-08-06 14:02:05 +00:00
dfr
5bf9c97013 Add the hx509 error table. 2008-05-15 08:53:31 +00:00
dfr
a3e613640d Add manpage links to krb5_principal.3. 2008-05-11 10:32:37 +00:00