[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Mass bug filing: Dependency/file list predictability

Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de> writes:
> Russ Allbery <rra@debian.org> writes:

>> I don't know of any Kerberos software, among dozens of packages, that
>> works this way.  This simply isn't how multiple Kerberos
>> implementations have ever been handled; they all just check for Heimdal
>> and MIT Kerberos and use whichever one is found.  This has always
>> worked in the past since Heimdal and MIT Kerberos dev packages conflict
>> with each other (not only in Debian but everywhere else as well).  Now
>> we're adding a new, rather useless GSSAPI library that uses the same
>> library names as Heimdal but doesn't actually work and doesn't conflict
>> with MIT Kerberos.

> Maybe then the gssapi-dev should also conflict?

It doesn't really have a technical reason for conflicting other than that
it breaks the assumptions of existing configure scripts, so I understand
why the maintainer didn't set it up that way.

> In the test if libheimdal exists you first check if --with-heimdal (or
> --without) was used and only otherwise do the actual test. [Or you can
> test and see if it finds a lib if --with-heimdal was given and file if
> not].

So in addition to having a --with-krb5 flag specifying the paths to the
libraries, I also need to add a --without-* flag for every Kerberos
implementation that I support which disables probing for that
implementation?  That's kind of lame, and it also means that one would
prevent compilation against the generic mechglue layer by using
--without-heimdal, which is just weird.

The root problem is that the generic mechglue layer is indistinguishable
from Heimdal, at least so far as I know.  Maybe I can figure out some
other symbol to check (that isn't internal) to determine that it's not
Heimdal and disqualify it.

The whole point of Kerberos implementations, and, for that matter, GSS-API
implementations, is that they're supposed to be interchangeable and
implement the same API precisely so that users aren't subjected to this
sort of thing and software just quietly builds with what you have
installed on your system.  I guess that points to the other basic problem,
which is that distribution packaging is a special case and probably needs
its own solution.

I guess I could add a --without-heimdal (and --without-mit) specifically
for distributions and just advise normal users to ignore those flags
unless they have the same problem of multiple libraries installed in the
same prefix.

It's tempting to just Build-Conflict with libgssapi-dev, though.  It's a
lot less work and I'm not sure I believe in the likelihood of this problem
for anyone outside of Debian.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>
Reply to: