[PATCH] gnu: curl: Use mit-krb5 as GSSAPI implementation.

Done

Details

3 participants

Efraim Flashner
Ludovic Courtès
Tomáš ?ech

Owner: unassigned

Submitted by: Tomáš ?ech

Severity: normal

Tomáš ?ech wrote on 13 Apr 2018 00:40

Recipients:(address . guix-patches@gnu.org)(name . Tomáš ?ech)(address . sleep_walker@gnu.org)

Message-ID:20180412224006.25134-1-sleep_walker@gnu.org

* gnu/packages/curl.scm (curl)[inputs]: Replace gss with mit-krb5.
[arguments]: Help configure with locating mit-krb5.
---
 gnu/packages/curl.scm | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

Toggle diff (37 lines)diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
index fbf177d9d..38f7195ca 100644
--- a/gnu/packages/curl.scm
+++ b/gnu/packages/curl.scm
@@ -36,6 +36,7 @@
   #:use-module (gnu packages golang)
   #:use-module (gnu packages groff)
   #:use-module (gnu packages gsasl)
+  #:use-module (gnu packages kerberos)
   #:use-module (gnu packages libidn)
   #:use-module (gnu packages openldap)
   #:use-module (gnu packages perl)
@@ -60,9 +61,9 @@
    (outputs '("out"
               "doc"))                             ;1.2 MiB of man3 pages
    (inputs `(("gnutls" ,gnutls)
-             ("gss" ,gss)
              ("libidn" ,libidn)
              ("libssh2" ,libssh2)
+             ("mit-krb5" ,mit-krb5)
              ("openldap" ,openldap)
              ("zlib" ,zlib)))
    (native-inputs
@@ -81,7 +82,10 @@
            (separator #f)                         ;single entry
            (files '("etc/ssl/certs/ca-certificates.crt")))))
    (arguments
-    `(#:configure-flags '("--with-gnutls" "--with-gssapi")
+    `(#:configure-flags (list
+                         "--with-gnutls"
+                         (string-append "--with-gssapi="
+                                        (assoc-ref %build-inputs "mit-krb5")))
       ;; Add a phase to patch '/bin/sh' occurances in tests/runtests.pl
       #:phases
       (modify-phases %standard-phases
-- 
2.16.3

Tomáš ?ech wrote on 21 Apr 2018 17:52

Re: bug#31141: Acknowledgement ([PATCH] gnu: curl: Use mit-krb5 as GSSAPI implementation.)

Recipients:(address . 31141@debbugs.gnu.org)

Message-ID:20180421155228.GB12004@doom

Hi,

did anyone have time to have a look on this change?

Is that problematic for you?

Best regards,

S_W

Tomáš ?ech wrote on 21 Apr 2018 18:10

[PATCH] gnu: curl: Use mit-krb5 as GSSAPI implementation.

Recipients:(address . 31141@debbugs.gnu.org)(name . Tomáš ?ech)(address . sleep_walker@gnu.org)

Message-ID:20180421161017.25789-1-sleep_walker@gnu.org

* gnu/packages/curl.scm (curl)[inputs]: Replace gss with mit-krb5.
[arguments]: Help configure with locating mit-krb5.
---
 gnu/packages/curl.scm | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

Toggle diff (37 lines)diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
index ae8b9600d..b5e1f52da 100644
--- a/gnu/packages/curl.scm
+++ b/gnu/packages/curl.scm
@@ -38,6 +38,7 @@
   #:use-module (gnu packages groff)
   #:use-module (gnu packages gsasl)
   #:use-module (gnu packages guile)
+  #:use-module (gnu packages kerberos)
   #:use-module (gnu packages libidn)
   #:use-module (gnu packages openldap)
   #:use-module (gnu packages perl)
@@ -62,9 +63,9 @@
    (outputs '("out"
               "doc"))                             ;1.2 MiB of man3 pages
    (inputs `(("gnutls" ,gnutls)
-             ("gss" ,gss)
              ("libidn" ,libidn)
              ("libssh2" ,libssh2)
+             ("mit-krb5" ,mit-krb5)
              ("openldap" ,openldap)
              ("zlib" ,zlib)))
    (native-inputs
@@ -83,7 +84,10 @@
            (separator #f)                         ;single entry
            (files '("etc/ssl/certs/ca-certificates.crt")))))
    (arguments
-    `(#:configure-flags '("--with-gnutls" "--with-gssapi")
+    `(#:configure-flags (list
+                         "--with-gnutls"
+                         (string-append "--with-gssapi="
+                                        (assoc-ref %build-inputs "mit-krb5")))
       ;; Add a phase to patch '/bin/sh' occurances in tests/runtests.pl
       #:phases
       (modify-phases %standard-phases
-- 
2.17.0

Ludovic Courtès wrote on 23 Apr 2018 14:57

Recipients:(name . Tomáš ?ech)(address . sleep_walker@gnu.org)(address . 31141@debbugs.gnu.org)

Message-ID:87o9ia2i81.fsf@gnu.org

Hello,

Tomáš ?ech <sleep_walker@gnu.org> skribis:

Toggle quote (27 lines)> * gnu/packages/curl.scm (curl)[inputs]: Replace gss with mit-krb5.
> [arguments]: Help configure with locating mit-krb5.
> ---
>  gnu/packages/curl.scm | 8 ++++++--
>  1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
> index ae8b9600d..b5e1f52da 100644
> --- a/gnu/packages/curl.scm
> +++ b/gnu/packages/curl.scm
> @@ -38,6 +38,7 @@
>    #:use-module (gnu packages groff)
>    #:use-module (gnu packages gsasl)
>    #:use-module (gnu packages guile)
> +  #:use-module (gnu packages kerberos)
>    #:use-module (gnu packages libidn)
>    #:use-module (gnu packages openldap)
>    #:use-module (gnu packages perl)
> @@ -62,9 +63,9 @@
>     (outputs '("out"
>                "doc"))                             ;1.2 MiB of man3 pages
>     (inputs `(("gnutls" ,gnutls)
> -             ("gss" ,gss)
>               ("libidn" ,libidn)
>               ("libssh2" ,libssh2)
> +             ("mit-krb5" ,mit-krb5)

Could you explain the rationale?  In general, if there’s a choice and no
compelling reason to do otherwise, we try to favor the GNU
implementation (in this case, GNU GSS) by default.

Thanks,
Ludo’.

Tomáš ?ech wrote on 23 Apr 2018 16:53

Recipients:(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 31141@debbugs.gnu.org)

Message-ID:20180423145345.xk4qeubkovrat37m@doom

Hello,

On Mon, Apr 23, 2018 at 02:57:34PM +0200, Ludovic Courtès wrote:

Toggle quote (35 lines)>Hello,
>
>Tomáš ?ech <sleep_walker@gnu.org> skribis:
>
>> * gnu/packages/curl.scm (curl)[inputs]: Replace gss with mit-krb5.
>> [arguments]: Help configure with locating mit-krb5.
>> ---
>>  gnu/packages/curl.scm | 8 ++++++--
>>  1 file changed, 6 insertions(+), 2 deletions(-)
>>
>> diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
>> index ae8b9600d..b5e1f52da 100644
>> --- a/gnu/packages/curl.scm
>> +++ b/gnu/packages/curl.scm
>> @@ -38,6 +38,7 @@
>>    #:use-module (gnu packages groff)
>>    #:use-module (gnu packages gsasl)
>>    #:use-module (gnu packages guile)
>> +  #:use-module (gnu packages kerberos)
>>    #:use-module (gnu packages libidn)
>>    #:use-module (gnu packages openldap)
>>    #:use-module (gnu packages perl)
>> @@ -62,9 +63,9 @@
>>     (outputs '("out"
>>                "doc"))                             ;1.2 MiB of man3 pages
>>     (inputs `(("gnutls" ,gnutls)
>> -             ("gss" ,gss)
>>               ("libidn" ,libidn)
>>               ("libssh2" ,libssh2)
>> +             ("mit-krb5" ,mit-krb5)
>
>Could you explain the rationale?  In general, if there’s a choice and no
>compelling reason to do otherwise, we try to favor the GNU
>implementation (in this case, GNU GSS) by default.

I am using curl against services with Kerberos authentication. Login

against authority server and obtain ticket proving that I am who I

am. I can use that ticket against services.

I'm not able to do the same with GNU GSS implementation. I might be

wrong but it didn't seem to allow me to do the same at least in the

shape we have it.

After this change it works for me as expected.

Best regards,

S_W

Ludovic Courtès wrote on 23 Apr 2018 17:24

Recipients:(name . Tomáš ?ech)(address . sleep_walker@gnu.org)(address . 31141@debbugs.gnu.org)

Message-ID:87fu3mymhf.fsf@gnu.org

Hello,

Tomáš ?ech <sleep_walker@gnu.org> skribis:

Toggle quote (8 lines)

> I am using curl against services with Kerberos authentication. Login

> against authority server and obtain ticket proving that I am who I

> am. I can use that ticket against services.

> I'm not able to do the same with GNU GSS implementation. I might be

> wrong but it didn't seem to allow me to do the same at least in the

> shape we have it.

I just realized that the equivalent of mit-krb5 would be GNU�Shishi, not

GNU�GSS. Does that one work for you? (Perhaps GSS is still needed in

addition to Shishi though, dunno.)

If not, I have nothing against switching to mit-krb5 if that doesn’t

work either, with a comment explaining it.

Thanks,

Ludo’.

Efraim Flashner wrote on 10 Apr 2020 00:50

Re: [bug#31141] [PATCH] gnu: curl: Use mit-krb5 as GSSAPI

Recipients:(address . 31141-done@debbugs.gnu.org)

Message-ID:20200409225049.GZ1518@E5400

This seems to have been applied with commit
828d3765a71ce1b74d1ab122c84d5c16eabf98b9 in May 2019.

-- 
Efraim Flashner   <efraim@flashner.co.il>   ????? ?????
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

Closed

Your comment

This issue is archived.

To comment on this conversation send an email to 31141@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it

mumi current 31141

Then, you may apply the latest patchset in this issue (with sign off)

mumi am -- -s

Or, compose a reply to this issue

mumi compose

Or, send patches to this issue

mumi send-email *.patch

is:open	open issues
is:done	closed issues
submitter:<who>	search issue submitter
author:<who>	search by message author
date:yesterday..now	search by issue date
mdate:3m..2d	search by message date