[
https://issues.apache.org/jira/browse/IMPALA-8987?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17507879#comment-17507879
]
Wenzhe Zhou edited comment on IMPALA-8987 at 3/16/22, 9:56 PM:
---------------------------------------------------------------
IMPALA-10857 add curl 7.78.0 to native-toolchain. However it build curl without
supports for GSS-API and LDAP as indicated in config.log:
curl version: 7.78.0
SSL: enabled (OpenSSL)
SSH: no (--with-{libssh,libssh2})
zlib: enabled
brotli: no (--with-brotli)
zstd: no (--with-zstd)
GSS-API: no (--with-gssapi)
GSASL: no (libgsasl not found)
TLS-SRP: enabled
resolver: POSIX threaded
IPv6: enabled
Unix sockets: enabled
IDN: no (--with-{libidn2,winidn})
Build libcurl: Shared=yes, Static=yes
Built-in manual: enabled
--libcurl option: enabled (--disable-libcurl-option)
Verbose errors: enabled (--disable-verbose)
Code coverage: disabled
SSPI: no (--enable-sspi)
ca cert bundle: /etc/ssl/certs/ca-certificates.crt
ca cert path: no
ca fallback: no
LDAP: no (--enable-ldap / --with-ldap-lib / --with-lber-lib)
LDAPS: no (--enable-ldaps)
RTSP: enabled
RTMP: no (--with-librtmp)
PSL: no (libpsl not found)
Alt-svc: enabled (--disable-alt-svc)
HSTS: enabled (--disable-hsts)
HTTP1: enabled (internal)
HTTP2: no (--with-nghttp2, --with-hyper)
HTTP3: no (--with-ngtcp2, --with-quiche)
ECH: no (--enable-ech)
Protocols: DICT FILE FTP FTPS GOPHER GOPHERS HTTP HTTPS IMAP IMAPS
MQTT POP3 POP3S RTSP SMB SMBS SMTP SMTPS TELNET TFTP
Features: AsynchDNS HSTS HTTPS-proxy IPv6 Largefile NTLM NTLM_WB SSL
TLS-SRP UnixSockets alt-svc libz
To use 'curl' to do the Kerberos negotiation, we should build curl with
supports for GSS-API.
Note that curl depends on external libraries for features like GSS-API and LADP
(See https://curl.se/docs/libs.html).
Curl depends on external libraries for some features (and libcurl for all
features). You can build curl without them, but curl gets a lot better if you
have a few of these libraries:
Library Used for...
OpenSSL TLS (https) support
zlib The automatic "deflate" decompression
OpenLDAP LDAP support
mbed TLS TLS (https) support
heimdal Support for GSS-API can be provided by the heimdal package and is used
to for provide the Kerberos and SPNEGO authentication in libcurl.
MIT Kerberos The MIT Kerberos package is also a GSS-API library which can be
used to provide support for the Kerberos and SPNEGO authentication in libcurl.
nghttp2 For http2 support.
c-ares For asynchronous name resolves.
libidn For performing the proper IDNA encodings for international domain names
to work.
GnuTLS TLS (https) support.
NSS TLS (https) support.
wolfSSL TLS (https) support.
libssh2 For SCP and SFTP support.
was (Author: wzhou):
IMPALA-10857 add curl 7.78.0 to native-toolchain. However it build curl without
supports for GSS-API and LDAP as indicated in config.log:
curl version: 7.78.0
SSL: enabled (OpenSSL)
SSH: no (--with-{libssh,libssh2})
zlib: enabled
brotli: no (--with-brotli)
zstd: no (--with-zstd)
GSS-API: no (--with-gssapi)
GSASL: no (libgsasl not found)
TLS-SRP: enabled
resolver: POSIX threaded
IPv6: enabled
Unix sockets: enabled
IDN: no (--with-{libidn2,winidn})
Build libcurl: Shared=yes, Static=yes
Built-in manual: enabled
--libcurl option: enabled (--disable-libcurl-option)
Verbose errors: enabled (--disable-verbose)
Code coverage: disabled
SSPI: no (--enable-sspi)
ca cert bundle: /etc/ssl/certs/ca-certificates.crt
ca cert path: no
ca fallback: no
LDAP: no (--enable-ldap / --with-ldap-lib / --with-lber-lib)
LDAPS: no (--enable-ldaps)
RTSP: enabled
RTMP: no (--with-librtmp)
PSL: no (libpsl not found)
Alt-svc: enabled (--disable-alt-svc)
HSTS: enabled (--disable-hsts)
HTTP1: enabled (internal)
HTTP2: no (--with-nghttp2, --with-hyper)
HTTP3: no (--with-ngtcp2, --with-quiche)
ECH: no (--enable-ech)
Protocols: DICT FILE FTP FTPS GOPHER GOPHERS HTTP HTTPS IMAP IMAPS
MQTT POP3 POP3S RTSP SMB SMBS SMTP SMTPS TELNET TFTP
Features: AsynchDNS HSTS HTTPS-proxy IPv6 Largefile NTLM NTLM_WB SSL
TLS-SRP UnixSockets alt-svc libz
To use 'curl' to do the Kerberos negotiation, we should build curl with
supports for GSS-API.
> Make curl available for tests
> -----------------------------
>
> Key: IMPALA-8987
> URL: https://issues.apache.org/jira/browse/IMPALA-8987
> Project: IMPALA
> Issue Type: Improvement
> Components: Infrastructure
> Affects Versions: Impala 3.4.0
> Reporter: Thomas Tauber-Marshall
> Assignee: Wenzhe Zhou
> Priority: Major
>
> With the recent work to add SPNEGO support, some tests were written that use
> 'curl' to do the Kerberos negotiation. These tests are currently disabled as
> curl isn't guaranteed to be available in all of our test environments.
> We should make curl available, eg. by adding it to the toolchain, or figure
> out a way to write these tests that doesn't rely on it.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
