Re: Major changes to Heimdal in Heimdal 0.3e-5
>>>>> "Mikael" == Mikael Andersson <mikan@mikan.net> writes:
Mikael> I think we need to split the krb4-{lib,dev} packets into
Mikael> at least two parts, one wish not conflict with heimdal and
Mikael> contain the files to get heimdal compile with krb4 support
Mikael> and another wish contains the other files. At the same
Mikael> time I think that we should compile krb4 with ssl instead
Mikael> of des, but that patch isn't in the upstream yet.
I don't think that is required anymore, as no files currently conflict.
>> I wish I could down load a list of files each package contains,
>> without down-loading everything.
Mikael> Same here. Maybe an extension to package.debian.org?
As Sam told me in private, you can down load the contents.gz file,
however, that is a slight overkill when you only want to know what
files are contained in one package...
Mikael> The -lkrb5 flags only give you krb5 support into stuff
Mikael> like sasl-modules, and I want them with krb4 support also.
Oh, I think I see the problem, now.
>> Or, does compiling in krb4 support change the binary API of
>> Heimdal?
Mikael> Not what I known, but i doesn't extend it to support krb4.
Mikael> What kind of patches is it you have mailed to upstream
Mikael> (assar and joda) and doesn't get into the cvstree? I speak
Mikael> with assar quite often and can maybe try to convince him
Mikael> that the patches are needed.
I am getting a bit sick of all of this Debian stuff right now (last
Wednesday I went to fix problems A, B, and C, on my computer and now I
still have these problems, plus X, Y, and Z, too :-( ). So I really
need a few days break, I think, so I can concentrate on other tasks.
I will publish what I have done so far, and judging from the demand
for krb4 support, I think somebody else will fix the last minor tasks
that need to be done (I think I have done the hardest parts).
The URL is <http://www.csse.monash.edu.au/~bmay/heimdal/>. It is only
a temp location, because I don't want lots of people down load the
2.5Meg file over my slow Internet Link.
This directory contains the orig.tar.gz, diff.gz, and dsc files.
krb4 support has been enabled, but it won't compile libkafs. When it
does compile that extra library, somebody will have to create a new
package, eg: libkafs0-heimdal for this library.
The source+diff file contains a directory, debian/patches, with
all my patches. Currently it contains:
[1121] [snoopy:unstable:bam] ~/source/ext2fs/heimdal-0.3e >ls debian/patches | cat
[ fixed & obtained from upstream ]
000_weakkey # fixed upstream
001_replay_log # fixed upstream
[ Most important; these next 3 patches; I have considered merging them
together as they modify similar sets of files, but don't want to rush
into this just yet ]
002_depends # fix library depenencies and krb4 problems[1]
010_openssl # fix problems compiling against openssl libcrypto,
# including bad -R (--rpath) parameter[1].
011_sharedlibs # lots of other shared library fixes[2]. Use installed
# version of libreadline. Use libss instead of libsl,
# as libsl is only a cut down version of libss that
# doesn't seem to be required. Also support using
# installed versions of libcom_err and libss (currently
# disabled due to compatibility problems with
# libcom_err included with e2fsprogs). I might have
# missed something here.
[ cool ideas that upstream have considered and in some cases rejected;
I am not yet complaining about these, as they a very simple changes ]
012_maildir # maildir support for POP daemon (actually Maildir
# support was already implemented, just never used)
013_cache # can't remember what this was for
015_ftp # fix bug #81663 (ports > 32767 didn't work)
[ debian specific stuff ]
020_missingconf # probably don't really need this
021_debian # FHS stuff and setconfig (setconfig could be removed)
[ auto tools patches ]
030_autotools # Heimdal requires CVS versions of autoconf, automake,
# and libtool 1.4. Find these in Debian experimental.
# Use the script scripts/autotools to update this
# patch file.
What needs to be done (I think I already mentioned this, but just in case):
1. fix compile errors. Check to see if linking Heimdal against
-lcrypto and krb4 against -ldes is going to cause and major problems
(I suspect not, but don't take my word for it).
2. check that all library dependencies are correct (use
objdump). Ideally, no library/binaries should not depend on other
libraries it doesn't *directly* use, but at the same time, you
shouldn't rely on a required library being automatically pulled in via
a indirect dependency. I *think* it is currently OK (with the
002_depend patch), but krb4 support might change this.
3. If adding Kerberos support created a new library, then create
new package:
a) copy, paste & modify lines in debian/rules
b) copy lib*.* files under debian/
c) add new entry to debian/control and update depends: for heimdal-dev.
4. send changes back to me, and if everything works, I will upload
ASAP.
5. Get upstream to include these patches. At least 002_depends,
010_openssl, and 011_sharedlibs; I don't want to find that I have to
redo all of this work when they release a new version...
Note:
[1] --rpath fixes might be buggy, as they use -rpath, not --rpath. This
part of the original patch didn't come from me ;-). I haven't bothered
fixing it, as the error produces an early warning that I need to disable
the -rpath.
[2] something like this might already be in upstream. I don't know.
--
Brian May <bam@debian.org>
Reply to: