[Pkg-xmpp-devel] Bug#776847: gsasl 1.8.0-6 does not support GSSAPI

Simon Josefsson simon at josefsson.org
Mon Feb 16 22:38:46 UTC 2015 

Den Mon, 16 Feb 2015 22:51:26 +0100
skrev Re: Bug#776847: gsasl 1.8.0-6 does not support GSSAPI:

> 
> On 16/02/15 22:13, Simon Josefsson wrote:
> > It seems clear that the #745332 fix was incorrect.  You can see in
> > the build logs GSSAPI is not enabled since krb5-config isn't found:
> >
> > https://buildd.debian.org/status/fetch.php?pkg=gsasl&arch=amd64&ver=1.8.0-6&stamp=1412611018
> >
> > On considering solutions, I don't like the unpredictability in
> > depending on libkrb5-dev|libheimdal-dev.  The GSSAPI library used by
> > the binary libgsasl package in Debian will depend on whether the
> > buildds have Heimdal or MIT installed when you built the package.
> > Coping with different GSS libraries on different architecture
> > sounds like a recipe for disaster.  For Jessie, gsasl should be
> > built against the same Kerberos library on all architectures,
> > unless there is a reason not to -- and I don't know of a reason.
> > MIT is picked arbitrarily here.
> >
> > Cc'ing Jelmer (who reported 745332) and Andreas (who uploaded it) --
> > any comments?  Jelmer, what prompted your initial report?  The way I
> > see it, it is important (for us) that you buildds don't have
> > multiple Kerberos development packages installed when they build
> > gsasl.  So the old way was the preferred way, causing heimdal-dev
> > to be removed and libkrb5-dev to be pulled in.  People with other
> > preferences who build their own packages can surely modify the
> > gsasl package to their liking.
> >
> > I've pushed a fix in git and attmpted to upload to experimental, so
> > you can test the new packages.
> The main reason for proposing this change was just to make it easier
> to have heimdal-dev installed while working on other parts of the
> system. At the moment, building gsasl requires uninstalling a number
> of packages for me, that indirectly depend on heimdal-dev.
> 
> With the patch, the intent was to gsasl still build against MIT
> kerberos
> - e.g. no change in the binary packages. It merely changed the
> dependency from libkrb5-dev to libkrb5-multidev, the latter of which
> doesn't prevent heimdal-dev from being installed.

Right -- but the patch also had the consequence of completely disabling
GSSAPI in gsasl.  Reverting the patch makes GSSAPI work again.

> Anyway, as you say, I can manually patch gsasl if I need to, and at
> the moment I don't work on any packages that depend on libgsasl-dev.
> I still think it would be nice to not have gsasl conflict with
> heimdal-dev, but it's not the end of the world if it doesn't.

Maybe libkrb5-dev|heimdal-dev is a better build-dep -- but I don't know
what holds for Debian buildds: are they allowed to have some packages
pre-installed?  If they can never have heimdal-dev installed (or for
some other reason prefer heimdal-dev over libkrb5-dev), I don't see a
problem using libkrb5-dev|heimdal-dev instead of libkrb5-dev.  But if
there are no guarantees, I prefer hard-coding libkrb5-dev to avoid
linking with different Kerberos libraries depending on Debian
architecture.  Does anyone know?

Btw, packages have hit experimental, if someone wants to test them.  We
can look at build logs to see if it enables GSSAPI or not.

/Simon

> 
> Cheers,
> 
> Jelmer
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signatur
URL: <http://lists.alioth.debian.org/pipermail/pkg-xmpp-devel/attachments/20150216/67ae35d2/attachment.sig>

More information about the Pkg-xmpp-devel mailing list