Re: Patch to authenticate securely to upstream ISA server(or others)

I don't remember exactly why I added it. I think it was because I originally
had it as a standalone configure with the option to have libs and includes
in exec_prefix/lib and exec_prefix/include where exec_prefix is the squid
install path.

So I think for the squid inclusion the patch is fine.

Regards
Markus

----- Original Message -----
From: "Henrik Nordstrom" <henrik_at_henriknordstrom.net>
To: "Markus Moeller" <huaraz_at_moeller.plus.com>
Cc: "Squid Developers" <squid-dev_at_squid-cache.org>
Sent: Tuesday, September 08, 2009 4:56 PM
Subject: Re: Patch to authenticate securely to upstream ISA server(or
others)

The mentioned exec_prefix dependent thing was the culpit now.. I ended
up removing that, resulting in the attached patch, but that CPPFLAGS and
LDFLAGS segment looks to me like it belongs in Makefile.am rather than
configure..

Regards
Henrik

tis 2009-09-08 klockan 16:32 +0200 skrev Henrik Nordstrom:
> Looks promising.
>
> but I still don't understand why you are testing for $exec_path.. what
> does $exec_path (where binaries is to be installed, --exec-path
> configure argument) have to do with the path to Kerberos libraries?
>
> Build finished, and it's indeed getting a lot closer. But still some
> issues..
>
> ERROR 0001: file '/usr/lib64/squid/negotiate_kerb_auth' contains a
> standard rpath '/usr/lib64' in [/usr/lib64]
> ERROR 0001: file '/usr/lib64/squid/squid_kerb_auth_test' contains a
> standard rpath '/usr/lib64' in [/usr/lib64]
> ERROR 0001: file '/usr/lib64/squid/squid_kerb_auth' contains a standard
> rpath '/usr/lib64' in [/usr/lib64]
> ERROR 0001: file '/usr/lib64/squid/negotiate_kerb_auth_test' contains a
> standard rpath '/usr/lib64' in [/usr/lib64]
>
> squid_kerb_auth configure options:
>
> '--disable-option-checking' '--prefix=/usr'
> '--build=x86_64-unknown-linux-gnu' '--host=x86_64-unknown-linux-gnu'
> '--target=x86_64-redhat-linux-gnu' '--program-prefix='
> '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin'
> '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include'
> '--libdir=/usr/lib64' '--libexecdir=/usr/libexec'
> '--sharedstatedir=/var/lib' '--mandir=/usr/share/man'
> '--infodir=/usr/share/info' '--exec_prefix=/usr'
> '--libexecdir=/usr/lib64/squid' '--localstatedir=/var'
> '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid'
> '--with-logdir=$(localstatedir)/log/squid'
> '--with-pidfile=$(localstatedir)/run/squid.pid'
> '--disable-dependency-tracking' '--enable-arp-acl'
> '--enable-follow-x-forwarded-for'
> '--enable-auth=basic,digest,ntlm,negotiate'
> '--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,multi-domain-NTLM,SASL,DB,POP3,squid_radius_auth'
> '--enable-ntlm-auth-helpers=smb_lm,no_check,fakeauth'
> '--enable-digest-auth-helpers=password,ldap,eDirectory'
> '--enable-negotiate-auth-helpers=squid_kerb_auth'
> '--enable-external-acl-helpers=ip_user,ldap_group,session,unix_group,wbinfo_group'
> '--enable-cache-digests' '--enable-cachemgr-hostname=localhost'
> '--enable-delay-pools' '--enable-epoll' '--enable-icap-client'
> '--enable-ident-lookups' '--enable-linux-netfilter' '--enable-referer-log'
> '--enable-removal-policies=heap,lru' '--enable-snmp' '--enable-ssl'
> '--enable-storeio=aufs,diskd,ufs' '--enable-useragent-log'
> '--enable-wccpv2' '--with-aio' '--with-default-user=squid'
> '--with-filedescriptors=16384' '--with-dl' '--with-openssl'
> '--with-pthreads' 'build_alias=x86_64-unknown-linux-gnu'
> 'host_alias=x86_64-unknown-linux-gnu'
> 'target_alias=x86_64-redhat-linux-gnu'
> 'CFLAGS=-fPIE -Os -g -pipe -fsigned-char -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2
> -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic'
> 'LDFLAGS=-pie'
> 'CXXFLAGS=-fPIE -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
> --param=ssp-buffer-size=4 -m64 -mtune=generic'
> 'FFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
> --param=ssp-buffer-size=4 -m64 -mtune=generic -I/usr/lib64/gfortran/modules'
> '--with-squid=/home/henrik/build/fedora/squid/devel/squid-3.1.0.13'
> '--enable-ltdl-convenience' '--cache-file=/dev/null' '--srcdir=.'"
>
> (called from Squid configure)
>
> And it set LDFLAGS & CPPFLAGS to
> LDFLAGS='-pie -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -L../../../lib -L/usr/lib64
> -Wl,-R/usr/lib64'
> CPPFLAGS=' -I/usr/include -I/usr/include -I../../../ -I../../../include/ -I/home/henrik/build/fedora/squid/devel/squid-3.1.0.13/include
> -I/home/henrik/build/fedora/squid/devel/squid-3.1.0.13/src -I/home/henrik/build/fedora/squid/devel/squid-3.1.0.13'
>
> The -R/usr/lib64 and -I/usr/include options are both unasked for.
>
> Regards
> Henrik
>
>
> tis 2009-09-08 klockan 01:01 +0100 skrev Markus Moeller:
> > How about the attached ?
> >
> > Markus
> >
> >
> > "Henrik Nordstrom" <henrik_at_henriknordstrom.net> wrote in message
> > news:1252272029.23776.54.camel_at_henriknordstrom.net...
> > > The patch had been somewhat corrupted in flight so had to apply it by
> > > hand, but running a test now.
> > >
> > > It's "no/lib" it is complaining on. Seem it comes from the "system
> > > default" test where check_mit / check_heimdal is called with a
> > > "random"
> > > $enableval from being called outside any AC_ARG_ENABLE macro.. (value
> > > in
> > > previous AC_ARG_ENABLE macro, i.e. the seam-64 one..)
> > >
> > >
> > > Hmm.. looking at the patch I don't think it's correct. The issue is
> > > that
> > > -L, -R and -I should only be set if there actually is any paths to set
> > > it to, not if the user uses ./configure --exec-prefix=... But it does
> > > hide the problem in my case with system integrated kerberos libs, but
> > > I
> > > guess it also breaks installs needing a non-system path to the
> > > kerberos
> > > installation.
> > >
> > > Regards
> > > Henrik
> > >
> > >
> > >
> > > sön 2009-09-06 klockan 14:37 +0100 skrev Markus Moeller:
> > >> Did this fix it ? You talk about -Rno/lib. I only saw -RNONE/lib. If
> > >> there
> > >> is the case of no then I need to check for no in the two ifs.
> > >>
> > >> Markus
> > >>
> > >>
> > >> "Markus Moeller" <huaraz_at_moeller.plus.com> wrote in message
> > >> news:h7scl8$r28$1_at_ger.gmane.org...
> > >> > This should fix it:
> > >> >
> > >> > --- configure.in 2009-09-04 02:06:24.000000000 +0100
> > >> > +++ configure.in.new 2009-09-05 01:47:34.875859258 +0100
> > >> > @@ -424,8 +424,12 @@
> > >> > [ squid_dir=$withval ]
> > >> > )
> > >> >
> > >> > +if test "x$exec_prefix" != xNONE; then
> > >> > eval ac_p_include=$includedir
> > >> > CPPFLAGS="$CPPFLAGS -I$ac_p_include -I../../../ -I../../../include/
> > >> > -I$squid_dir/include
> > >> > -I$squid_dir/src -I$squid_dir"
> > >> > +else
> > >> > +CPPFLAGS="$CPPFLAGS -I../../../ -I../../../include/ -I$squid_dir/include
> > >> > -I$squid_dir/src -I$squid_dir"
> > >> > +fi
> > >> > AC_CACHE_CHECK([for SQUID at '$squid_dir' ],ac_cv_have_squid,[
> > >> > AC_TRY_RUN([
> > >> > #include <config.h>
> > >> > @@ -439,8 +443,12 @@
> > >> > ac_cv_have_squid=yes,
> > >> > ac_cv_have_squid=no)
> > >> > ])
> > >> > +if test "x$exec_prefix" != xNONE; then
> > >> > eval ac_p_lib=$libdir
> > >> > LDFLAGS="$LDFLAGS -L../../../lib -L$ac_p_lib
> > >> > $w_flag$ac_p_lib$w_flag_2"
> > >> > +else
> > >> > +LDFLAGS="$LDFLAGS -L../../../lib"
> > >> > +fi
> > >> > if test "x$ac_cv_have_squid" = "xyes"; then
> > >> > AC_DEFINE(HAVE_SQUID,1, [Define to 1 if you have SQUID])
> > >> > AC_CHECK_HEADERS(getaddrinfo.h getnameinfo.h util.h)
> > >> >
> > >> >
> > >> > Marksu
> > >> >
> > >> >
> > >> > "Henrik Nordstrom" <henrik_at_henriknordstrom.net> wrote in message
> > >> > news:1252072098.571.16.camel_at_henriknordstrom.net...
> > >> >> lör 2009-09-05 klockan 01:33 +1200 skrev Amos Jeffries:
> > >> >>
> > >> >>> Markus,
> > >> >>> these changes won't help the Fedora build with Squid-3.1
> > >> >>> frozen.
> > >> >>> That
> > >> >>> will require a minimal change of probably just the configure.in.
> > >> >>
> > >> >> Squid-3.1 has now been packaged for Fedora 12, but so far without
> > >> >> squid_kerb_auth due to the configure mess adding invalid linker
> > >> >> library
> > >> >> path flags which the Fedora automatic package QA checks detects
> > >> >> and
> > >> >> barfs loudly.
> > >> >>
> > >> >> The helper can be enabled if the configure bits is fixed. It
> > >> >> builds
> > >> >> and
> > >> >> runs, it's just that the resulting binary is rejected by Fedora QA
> > >> >> checks (bad -R option no/lib).
> > >> >>
> > >> >> Regards
> > >> >> Henrik
> > >> >>
> > >> >>
> > >> >
> > >> >
> > >> >
> > >>
> > >
> > >
Received on Tue Sep 08 2009 - 18:09:00 MDT