Opened 11 years ago

Closed 9 years ago

#34230 closed update (fixed)

kerberos5 @1.10.1 port update and more

Reported by: quentinmit (Quentin Smith) Owned by: macports-tickets@…
Priority: Normal Milestone:
Component: ports Version: 2.0.4
Keywords: haspatch Cc: ryandesign (Ryan Schmidt), nonstop.server@…, neverpanic (Clemens Lang)
Port: kerberos5


I've attached a patch here to update the kerberos5 port from 1.7.2 to 1.10.1. In addition to the patch, files/patch-pkinit_crypto_openssl.c.diff should be removed as it's no longer needed.

This new portfile also provides two new variants:

  • com_err, which selects whether to install kerberos5's copy of com_err. With this variant disabled, kerberos5 can be installed side-by-side with e2fsprogs. This variant defaults to on for backwards compatibility, but I think it should probably be turned off at some point.
  • rename, which installs the Kerberos binaries with an "mit-" prefix. This is especially important on Lion, where the system-provided Kerberos is not MIT Kerberos, and you often want to invoke both binaries. Again, for backwards compatibility with the previous port, this defaults to off.

I still know of a few outstanding issues with this port (though it's still better than it was before):

  • It doesn't appear to link against libintl correctly; I have worked around this by disabling the configure check for libintl.
  • If the rename variant is set, it installs a set of headers and libraries (such as gssapi.h and libkrb5.dylib that conflict with the system-provided versions. This is especially important since the system-provided Kerberos and this port are NOT fully compatible. It's especially bad since other ports will compile differently depending on whether this port happens to be activated!

I'm not sure how to resolve the latter point; it seems like this is a long-standing issue with this port. I could perhaps introduce a devel variant that installs the includes and libraries, but MacPorts doesn't seem to do that very often. Could this be a use case for subports?

Attachments (1)

kerberos5-1.10.1.diff (3.5 KB) - added by quentinmit (Quentin Smith) 11 years ago.

Download all attachments as: .zip

Change History (8)

Changed 11 years ago by quentinmit (Quentin Smith)

Attachment: kerberos5-1.10.1.diff added

comment:1 Changed 11 years ago by quentinmit (Quentin Smith)

Sorry, that last bullet should read "Even if the rename variant is set".

comment:2 Changed 11 years ago by nonstop.server@…

Cc: nonstop.server@… added

Cc Me!

comment:3 Changed 11 years ago by ryandesign (Ryan Schmidt)

We don't use variants or subports to install libraries and headers; we install libraries and headers always, unconditionally.

comment:4 Changed 11 years ago by quentinmit (Quentin Smith)

I know that's the case in general, but this is a very specific case - the kerberos5 port and the system Kerberos /conflict/ with each other, and it's important that other ports can be built against the system kerberos and NOT against the kerberos5 port.

comment:5 Changed 10 years ago by ryandesign (Ryan Schmidt)

This ticket supersedes #33639.

comment:6 Changed 10 years ago by neverpanic (Clemens Lang)

Cc: cal@… added

Most of this I have already done (or fixed otherwise) in

which closes ticket #26869.

The only thing left from your patch (which I unfortunately didn't see before doing all the work) is the rename variant and the incompatible headers and libraries. I think the latter could be fixed by installing headers and libraries in a subfolder (e.g. $prefix/include/mit-kerberos/ and $prefix/lib/mit-kerberos/). Doing this might create more problems than it solves, though…

comment:7 Changed 9 years ago by neverpanic (Clemens Lang)

Resolution: fixed
Status: newclosed

Most of this is fixed by now, closing due to lack of interest.

Note: See TracTickets for help on using tickets.