[Pkg-cyrus-sasl2-debian-devel] Kicking off

Fabian Fagerholm fabbe at paniq.net
Mon Dec 12 21:48:17 UTC 2005 

Hi everyone!

To kick off this project, I'm going to write up a summary of what I've
done so far. There are some rather big issues (at least as far as I can
see) to tackle before we have a working package, or even one that
builds. The biggest is probably the OpenLDAP issue (see below).

I know others have experience with all this so I figure if you correct
my mistakes and provide more detail, we'll have a faily complete
understanding of the whole thing.

Building Cyrus SASL in general
------------------------------

Naturally, to be able to package Cyrus SASL, we need to be able to build
it in the first place. Here's what I've done, to build it from upstream
sources (cyrus-sasl-2.1.22, openldap-2.2.26):

--8<--
1. Build non-ldap version of SASL:
./configure --prefix=/usr --enable-static --enable-shared
--enable-alwaystrue --enable-checkapop --enable-cram --enable-digest
--enable-otp --enable-srp --enable-srp-setpass --enable-krb4
--enable-gssapi --enable-gss_mutexes --enable-plain --enable-anon
--enable-login --enable-ntlm --disable-passdss --enable-sql
--disable-macos-framework --with-pam --with-saslauthd=/var/run/saslauthd
--with-pgsql=/usr/include/postgresql
make
make install

2. Build OpenLDAP with non-ldap SASL:
./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
--with-subdir=ldap --enable-debug --enable-dynamic --enable-syslog
--enable-proctitle --enable-ipv6 --enable-local --with-cyrus-sasl
--with-threads --with-tls --enable-slapd --enable-aci --enable-cleartext
--enable-crypt --enable-spasswd --enable-modules --enable-rewrite
--enable-rlookups --enable-slp --enable-wrappers --enable-bdb=mod
--enable-dnssrv=mod --enable-hdb=mod --enable-ldap=yes --enable-ldbm=mod
--with-ldbm-api=berkeley --enable-meta=mod --enable-monitor=mod
--enable-null=mod --enable-passwd=mod --enable-perl=mod
--enable-shell=mod --enable-sql=mod --enable-dyngroup=mod
--enable-proxycache=mod --enable-slurpd
make depend
make
make install

3. Build ldap version:
./configure --prefix=/usr --enable-static --enable-shared
--enable-alwaystrue --enable-checkapop --enable-cram --enable-digest
--enable-otp --enable-srp --enable-srp-setpass --enable-krb4
--enable-gssapi --enable-gss_mutexes --enable-plain --enable-anon
--enable-login --enable-ntlm --disable-passdss --enable-sql
--enable-ldapdb --disable-macos-framework --with-pam
--with-saslauthd=/var/run/saslauthd --with-ldap
--with-pgsql=/usr/include/postgresql
make
make install
--8<--

This was done in a sarge chroot, and I got the following preliminary
list of build-deps for SASL:

libdb4.2-dev (>= 4.2.52)
libpam0g-dev (>= 0.76-22)
libssl-dev (>= 0.9.7e-3)
libmysqlclient12-dev (>= 4.0.24-10)
libopie-dev (>= 2.32-10)
postgresql-dev (>= 7.4.7-6)
libsqlite0-dev (>= 2.8.16-1)
libldap2-dev (>= 2.1.30-8)
heimdal-dev (>= 0.6.3-10)
kerberos4kth-dev (>= 1.2.2-11)

I tried following the same procedure in a sid chroot, but some packages
had uninstallable dependencies at this time. I didn't investigate very
much so it may be that package names have just changed and I didn't
notice.

There are already issues here as you can see, because I did this before
the discussion about dropping Kerberos 4 support -- or was that the MIT
version only, can't remember now? Anyway, this produces a successful
build, though totally untested.

Questions from the manual build
-------------------------------

      * Which libdb should we link with? My suggestion is to keep with
        whatever is used with the cyrus-imapd packages.
      * Which Kerberos implementation should we link with? (Note:
        postgres links with MIT?)
      * Which MySQL library should we link with?
      * Which SQLite library should we link with?
      * Are there other alternatives besides linking with libldap2-dev?
        There has to be, otherwise cyrus-sasl2 won't build. OpenLDAP 2.2
        must be used.
      * Update libtool and auto* stuff -- at build-time?

Problems with the manual build
------------------------------

      * Upstream's configure script doesn't find the PostgreSQL headers
        in /usr/include/postgresql. Have to specify manually using
        --with-pgsql.
      * Cyrus SASL must be linked against libldap which in turn needs
        SASL. To get around this, a non-LDAP SASL must first be built.
        Then, OpenLDAP can be built using that non-LDAP SASL. Finally, a
        new SASL can be built with LDAP support using the OpenLDAP that
        was built using the non-LDAP SASL. Messy. I don't know exactly
        how to handle this in the packaging, but I guess we'll have to
        bootstrap the package into the archive by building the first
        version of the package manually. Wiser people should comment
        here.

Wishlist for the packaging / Workflow
-------------------------------------

      * Follow the same workflow as the Cyrus IMAPd packages:
              * Use the same SVN repository layout.
              * Support the same SVN helper tools.
              * Use the same packaging layout (dpatch).
              * Support the same packaging helper tools (cvsps,
                dpatch-edit-patch, ...).
              * Use the same rules for patch naming and other things as
                in the Cyrus IMAPd packages.
      * The point of following the Cyrus IMAPd package workflow is to
        make it easy for people to work on both packages. When it makes
        sense to diverge, we diverge.
      * Please document stuff. There's some fairly deep voodoo required
        to package this CMU software, and I think we'll make ourselves,
        each other, and possible future contributors a great service if
        we document in great detail the choices made, down to things
        that are easy when you've done them a few times. Even extremely
        rough jottings are better than nothing. This mailing list is a
        good place to send this kind of quick notes to. Someone might
        pick it up and refine it later.

There is a lot to chew on here, but I wanted to at least dump my
experiences to this list and see where it takes us. If I'm allowed to
request some things, I'd like to see the following based on the
cyrus-imapd packages:

      * A summary of how the SVN repository is laid out: the commands
        used to create the current repository with the
        merge-with-upstream feature of svn-buildpackage.
      * A summary of how the dpatch stuff has been integrated, or just a
        note saying that it's completely standard and thus documented in
        dpatch docs.
      * A summary of how the packaging is laid out. Most of this should
        of course be completely visible by looking at debian/rules --
        I'm thinking about a general overview of the build phases and
        what special stuff is used in the cyrus-imapd packages to make
        the CMUisms work with Debian packaging.

Thanks for listening!

Cheers,
-- 
Fabian Fagerholm <fabbe at paniq.net>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/pkg-cyrus-sasl2-debian-devel/attachments/20051212/5e24250e/attachment.pgp

More information about the Pkg-cyrus-sasl2-debian-devel mailing list