I don't remember exactly why I added it. I think it was because I originally
had it as a standalone configure with the option to have libs and includes
in exec_prefix/lib and exec_prefix/include where exec_prefix is the squid
install path.
So I think for the squid inclusion the patch is fine.
Regards
Markus
----- Original Message -----
From: "Henrik Nordstrom" <hen...@henriknordstrom.net>
To: "Markus Moeller" <hua...@moeller.plus.com>
Cc: "Squid Developers" <squid-dev@squid-cache.org>
Sent: Tuesday, September 08, 2009 4:56 PM
Subject: Re: Patch to authenticate securely to upstream ISA server(or
others)
The mentioned exec_prefix dependent thing was the culpit now.. I ended
up removing that, resulting in the attached patch, but that CPPFLAGS and
LDFLAGS segment looks to me like it belongs in Makefile.am rather than
configure..
Regards
Henrik
tis 2009-09-08 klockan 16:32 +0200 skrev Henrik Nordstrom:
Looks promising.
but I still don't understand why you are testing for $exec_path.. what
does $exec_path (where binaries is to be installed, --exec-path
configure argument) have to do with the path to Kerberos libraries?
Build finished, and it's indeed getting a lot closer. But still some
issues..
ERROR 0001: file '/usr/lib64/squid/negotiate_kerb_auth' contains a
standard rpath '/usr/lib64' in [/usr/lib64]
ERROR 0001: file '/usr/lib64/squid/squid_kerb_auth_test' contains a
standard rpath '/usr/lib64' in [/usr/lib64]
ERROR 0001: file '/usr/lib64/squid/squid_kerb_auth' contains a standard
rpath '/usr/lib64' in [/usr/lib64]
ERROR 0001: file '/usr/lib64/squid/negotiate_kerb_auth_test' contains a
standard rpath '/usr/lib64' in [/usr/lib64]
squid_kerb_auth configure options:
'--disable-option-checking' '--prefix=/usr'
'--build=x86_64-unknown-linux-gnu' '--host=x86_64-unknown-linux-gnu'
'--target=x86_64-redhat-linux-gnu' '--program-prefix='
'--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin'
'--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include'
'--libdir=/usr/lib64' '--libexecdir=/usr/libexec'
'--sharedstatedir=/var/lib' '--mandir=/usr/share/man'
'--infodir=/usr/share/info' '--exec_prefix=/usr'
'--libexecdir=/usr/lib64/squid' '--localstatedir=/var'
'--datadir=/usr/share/squid' '--sysconfdir=/etc/squid'
'--with-logdir=$(localstatedir)/log/squid'
'--with-pidfile=$(localstatedir)/run/squid.pid'
'--disable-dependency-tracking' '--enable-arp-acl'
'--enable-follow-x-forwarded-for'
'--enable-auth=basic,digest,ntlm,negotiate'
'--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,multi-domain-NTLM,SASL,DB,POP3,squid_radius_auth'
'--enable-ntlm-auth-helpers=smb_lm,no_check,fakeauth'
'--enable-digest-auth-helpers=password,ldap,eDirectory'
'--enable-negotiate-auth-helpers=squid_kerb_auth'
'--enable-external-acl-helpers=ip_user,ldap_group,session,unix_group,wbinfo_group'
'--enable-cache-digests' '--enable-cachemgr-hostname=localhost'
'--enable-delay-pools' '--enable-epoll' '--enable-icap-client'
'--enable-ident-lookups' '--enable-linux-netfilter' '--enable-referer-log'
'--enable-removal-policies=heap,lru' '--enable-snmp' '--enable-ssl'
'--enable-storeio=aufs,diskd,ufs' '--enable-useragent-log'
'--enable-wccpv2' '--with-aio' '--with-default-user=squid'
'--with-filedescriptors=16384' '--with-dl' '--with-openssl'
'--with-pthreads' 'build_alias=x86_64-unknown-linux-gnu'
'host_alias=x86_64-unknown-linux-gnu'
'target_alias=x86_64-redhat-linux-gnu'
'CFLAGS=-fPIE -Os -g -pipe -fsigned-char -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2
-fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic'
'LDFLAGS=-pie'
'CXXFLAGS=-fPIE -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
--param=ssp-buffer-size=4 -m64 -mtune=generic'
'FFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
--param=ssp-buffer-size=4 -m64 -mtune=generic -I/usr/lib64/gfortran/modules'
'--with-squid=/home/henrik/build/fedora/squid/devel/squid-3.1.0.13'
'--enable-ltdl-convenience' '--cache-file=/dev/null' '--srcdir=.'"
(called from Squid configure)
And it set LDFLAGS & CPPFLAGS to
LDFLAGS='-pie -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -L../../../lib -L/usr/lib64
-Wl,-R/usr/lib64'
CPPFLAGS=' -I/usr/include -I/usr/include -I../../../ -I../../../include/ -I/home/henrik/build/fedora/squid/devel/squid-3.1.0.13/include
-I/home/henrik/build/fedora/squid/devel/squid-3.1.0.13/src -I/home/henrik/build/fedora/squid/devel/squid-3.1.0.13'
The -R/usr/lib64 and -I/usr/include options are both unasked for.
Regards
Henrik
tis 2009-09-08 klockan 01:01 +0100 skrev Markus Moeller:
> How about the attached ?
>
> Markus
>
>
> "Henrik Nordstrom" <hen...@henriknordstrom.net> wrote in message
> news:1252272029.23776.54.ca...@henriknordstrom.net...
> > The patch had been somewhat corrupted in flight so had to apply it by
> > hand, but running a test now.
> >
> > It's "no/lib" it is complaining on. Seem it comes from the "system
> > default" test where check_mit / check_heimdal is called with a
> > "random"
> > $enableval from being called outside any AC_ARG_ENABLE macro.. (value
> > in
> > previous AC_ARG_ENABLE macro, i.e. the seam-64 one..)
> >
> >
> > Hmm.. looking at the patch I don't think it's correct. The issue is
> > that
> > -L, -R and -I should only be set if there actually is any paths to set
> > it to, not if the user uses ./configure --exec-prefix=... But it does
> > hide the problem in my case with system integrated kerberos libs, but
> > I
> > guess it also breaks installs needing a non-system path to the
> > kerberos
> > installation.
> >
> > Regards
> > Henrik
> >
> >
> >
> > sön 2009-09-06 klockan 14:37 +0100 skrev Markus Moeller:
> >> Did this fix it ? You talk about -Rno/lib. I only saw -RNONE/lib. If
> >> there
> >> is the case of no then I need to check for no in the two ifs.
> >>
> >> Markus
> >>
> >>
> >> "Markus Moeller" <hua...@moeller.plus.com> wrote in message
> >> news:h7scl8$r2...@ger.gmane.org...
> >> > This should fix it:
> >> >
> >> > --- configure.in 2009-09-04 02:06:24.000000000 +0100
> >> > +++ configure.in.new 2009-09-05 01:47:34.875859258 +0100
> >> > @@ -424,8 +424,12 @@
> >> > [ squid_dir=$withval ]
> >> > )
> >> >
> >> > +if test "x$exec_prefix" != xNONE; then
> >> > eval ac_p_include=$includedir
> >> > CPPFLAGS="$CPPFLAGS -I$ac_p_include -I../../../ -I../../../include/
> >> > -I$squid_dir/include
> >> > -I$squid_dir/src -I$squid_dir"
> >> > +else
> >> > +CPPFLAGS="$CPPFLAGS -I../../../ -I../../../include/ -I$squid_dir/include
> >> > -I$squid_dir/src -I$squid_dir"
> >> > +fi
> >> > AC_CACHE_CHECK([for SQUID at '$squid_dir' ],ac_cv_have_squid,[
> >> > AC_TRY_RUN([
> >> > #include <config.h>
> >> > @@ -439,8 +443,12 @@
> >> > ac_cv_have_squid=yes,
> >> > ac_cv_have_squid=no)
> >> > ])
> >> > +if test "x$exec_prefix" != xNONE; then
> >> > eval ac_p_lib=$libdir
> >> > LDFLAGS="$LDFLAGS -L../../../lib -L$ac_p_lib
> >> > $w_flag$ac_p_lib$w_flag_2"
> >> > +else
> >> > +LDFLAGS="$LDFLAGS -L../../../lib"
> >> > +fi
> >> > if test "x$ac_cv_have_squid" = "xyes"; then
> >> > AC_DEFINE(HAVE_SQUID,1, [Define to 1 if you have SQUID])
> >> > AC_CHECK_HEADERS(getaddrinfo.h getnameinfo.h util.h)
> >> >
> >> >
> >> > Marksu
> >> >
> >> >
> >> > "Henrik Nordstrom" <hen...@henriknordstrom.net> wrote in message
> >> > news:1252072098.571.16.ca...@henriknordstrom.net...
> >> >> lör 2009-09-05 klockan 01:33 +1200 skrev Amos Jeffries:
> >> >>
> >> >>> Markus,
> >> >>> these changes won't help the Fedora build with Squid-3.1
> >> >>> frozen.
> >> >>> That
> >> >>> will require a minimal change of probably just the configure.in.
> >> >>
> >> >> Squid-3.1 has now been packaged for Fedora 12, but so far without
> >> >> squid_kerb_auth due to the configure mess adding invalid linker
> >> >> library
> >> >> path flags which the Fedora automatic package QA checks detects
> >> >> and
> >> >> barfs loudly.
> >> >>
> >> >> The helper can be enabled if the configure bits is fixed. It
> >> >> builds
> >> >> and
> >> >> runs, it's just that the resulting binary is rejected by Fedora QA
> >> >> checks (bad -R option no/lib).
> >> >>
> >> >> Regards
> >> >> Henrik
> >> >>
> >> >>
> >> >
> >> >
> >> >
> >>
> >
> >
