svn commit: r468031 - in head/www/nginx: . files

Jochen Neumeister joneum at FreeBSD.org
Sun Apr 22 14:59:25 UTC 2018 

Author: joneum
Date: Sun Apr 22 14:59:23 2018
New Revision: 468031
URL: https://svnweb.freebsd.org/changeset/ports/468031

Log:
  HTTP_AUTH_KRB5 option is not fully implemented. This patch makes it build with security/krb5 and security/heimdal
  
  PR:		226044
  Reviewed by:	brnrd
  Differential Revision:	https://reviews.freebsd.org/D14973

Modified:
  head/www/nginx/Makefile
  head/www/nginx/Makefile.extmod
  head/www/nginx/Makefile.options.desc
  head/www/nginx/files/extra-patch-spnego-http-auth-nginx-module-config

Modified: head/www/nginx/Makefile
==============================================================================
--- head/www/nginx/Makefile	Sun Apr 22 13:52:01 2018	(r468030)
+++ head/www/nginx/Makefile	Sun Apr 22 14:59:23 2018	(r468031)
@@ -71,7 +71,7 @@ OPTIONS_GROUP_HTTPGRP=	GOOGLE_PERFTOOLS HTTP HTTP_ADDI
 	HTTP_REWRITE HTTP_SECURE_LINK HTTP_SLICE HTTP_SSL HTTP_STATUS HTTP_SUB \
 	HTTP_XSLT HTTPV2 STREAM STREAM_SSL STREAM_SSL_PREREAD
 # External modules (arrayvar MUST appear after devel_kit for build-dep)
-OPTIONS_GROUP_HTTPGRP+=	AJP  AWS_AUTH BROTLI CACHE_PURGE CLOJURE CT DEVEL_KIT \
+OPTIONS_GROUP_HTTPGRP+=	AJP AWS_AUTH BROTLI CACHE_PURGE CLOJURE CT DEVEL_KIT \
 	ARRAYVAR DRIZZLE DYNAMIC_UPSTREAM ECHO ENCRYPTSESSION FASTDFS FORMINPUT \
 	GRIDFS HEADERS_MORE HTTP_ACCEPT_LANGUAGE HTTP_AUTH_DIGEST HTTP_AUTH_KRB5 \
 	HTTP_AUTH_LDAP HTTP_AUTH_PAM HTTP_DAV_EXT HTTP_EVAL HTTP_FANCYINDEX \
@@ -84,12 +84,19 @@ OPTIONS_GROUP_HTTPGRP+=	AJP  AWS_AUTH BROTLI CACHE_PUR
 	SET_MISC SFLOW SHIBBOLETH SLOWFS_CACHE SMALL_LIGHT SRCACHE XSS
 OPTIONS_GROUP_MAILGRP=	MAIL MAIL_IMAP MAIL_POP3 MAIL_SMTP MAIL_SSL
 OPTIONS_DEFINE=	DEBUG DEBUGLOG DSO FILE_AIO IPV6 THREADS WWW
-OPTIONS_DEFAULT?=DSO FILE_AIO HTTP HTTP_ADDITION HTTP_AUTH_REQ HTTP_CACHE \
+OPTIONS_DEFAULT?=	DSO FILE_AIO HTTP HTTP_ADDITION HTTP_AUTH_REQ HTTP_CACHE \
 		HTTP_DAV HTTP_FLV HTTP_GZIP_STATIC HTTP_GUNZIP_FILTER \
 		HTTP_MP4 HTTP_RANDOM_INDEX HTTP_REALIP HTTP_SECURE_LINK \
 		HTTP_SLICE HTTP_REWRITE HTTP_SSL HTTP_STATUS HTTP_SUB \
 		HTTPV2 MAIL MAIL_SSL STREAM STREAM_SSL STREAM_SSL_PREREAD \
 		THREADS WWW
+
+OPTIONS_RADIO+=		GSSAPI
+OPTIONS_RADIO_GSSAPI=	GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT
+GSSAPI_BASE_USES=	gssapi
+GSSAPI_HEIMDAL_USES=	gssapi:heimdal,flags
+GSSAPI_MIT_USES=	gssapi:mit
+
 OPTIONS_SUB=	yes
 
 .include "Makefile.options.desc"
@@ -101,6 +108,10 @@ ${opt}_IMPLIES=	MAIL
 .for opt in ${OPTIONS_GROUP_HTTPGRP:NHTTP} WWW
 ${opt}_IMPLIES=	HTTP
 .endfor
+
+GSSAPI_BASE_IMPLIES=	HTTP_AUTH_KRB5
+GSSAPI_HEIMDAL_IMPLIES=	HTTP_AUTH_KRB5
+GSSAPI_MIT_IMPLIES=	HTTP_AUTH_KRB5
 
 # If the target is makesum, make sure that every distfile is fetched.
 .if ${.TARGETS:Mmakesum}

Modified: head/www/nginx/Makefile.extmod
==============================================================================
--- head/www/nginx/Makefile.extmod	Sun Apr 22 13:52:01 2018	(r468030)
+++ head/www/nginx/Makefile.extmod	Sun Apr 22 14:59:23 2018	(r468031)
@@ -83,11 +83,7 @@ HTTP_AUTH_DIGEST_VARS=		DSO_EXTMODS+=auth_digest
 
 HTTP_AUTH_KRB5_GH_TUPLE=	stnoonan:spnego-http-auth-nginx-module:7e028a5:auth_krb5
 HTTP_AUTH_KRB5_VARS=		DSO_EXTMODS+=auth_krb5
-#HTTP_AUTH_KRB5_EXTRA_PATCHES=${PATCHDIR}/extra-patch-spnego-http-auth-nginx-module-config
-#OPTIONS_RADIO+=		GSSAPI
-#OPTIONS_RADIO_GSSAPI+=	GSSAPI_HEIMDAL GSSAPI_MIT
-#GSSAPI_HEIMDAL_USES=	gssapi:heimdal,flags
-#GSSAPI_MIT_USES=	gssapi:mit
+HTTP_AUTH_KRB5_EXTRA_PATCHES=	${PATCHDIR}/extra-patch-spnego-http-auth-nginx-module-config
 
 HTTP_AUTH_LDAP_GH_TUPLE=	kvspb:nginx-auth-ldap:42d195d:http_auth_ldap
 HTTP_AUTH_LDAP_VARS=		DSO_EXTMODS+=http_auth_ldap

Modified: head/www/nginx/Makefile.options.desc
==============================================================================
--- head/www/nginx/Makefile.options.desc	Sun Apr 22 13:52:01 2018	(r468030)
+++ head/www/nginx/Makefile.options.desc	Sun Apr 22 14:59:23 2018	(r468031)
@@ -20,6 +20,7 @@ FILE_AIO_DESC=			Enable file aio
 FORMINPUT_DESC=			3rd party form_input module
 GOOGLE_PERFTOOLS_DESC=		Enable google perftools module
 GRIDFS_DESC=			3rd party gridfs module
+GSSAPI_DESC=			GSSAPI implementation (imply HTTP_AUTH_KRB5)
 HEADERS_MORE_DESC=		3rd party headers_more module
 HTTPGRP_DESC=			Modules that require HTTP module
 HTTPV2_DESC=			Enable HTTP/2 protocol support (SSL req.)

Modified: head/www/nginx/files/extra-patch-spnego-http-auth-nginx-module-config
==============================================================================
--- head/www/nginx/files/extra-patch-spnego-http-auth-nginx-module-config	Sun Apr 22 13:52:01 2018	(r468030)
+++ head/www/nginx/files/extra-patch-spnego-http-auth-nginx-module-config	Sun Apr 22 14:59:23 2018	(r468031)
@@ -1,9 +1,20 @@
 --- ../spnego-http-auth-nginx-module-0c6ff3f/config.orig	2017-04-15 13:07:01.159506000 -0400
-+++ ../spnego-http-auth-nginx-module-0c6ff3f/config	2017-04-15 13:07:36.283398000 -0400
-@@ -1,5 +1,5 @@
++++ ../spnego-http-auth-nginx-module-7e028a5/config	2018-04-20 00:15:08.515289000 +0200
+@@ -1,9 +1,6 @@
  ngx_addon_name=ngx_http_auth_spnego_module
 -ngx_feature_libs="-lgssapi_krb5 -lkrb5 -lcom_err"
-+ngx_feature_libs="%%GSSAPILIBS%% -lcom_err"
+-
+-if uname -o | grep -q FreeBSD; then
+-    ngx_feature_libs="$ngx_feature_libs -lgssapi"
+-fi
++ngx_feature_libs="%%GSSAPILIBS%%"
++ngx_module_incs="%%GSSAPINCDIR%%"
  
- if uname -o | grep -q FreeBSD; then
-     ngx_feature_libs="$ngx_feature_libs -lgssapi"
+ if test -n "$ngx_module_link"; then
+     ngx_module_type=HTTP
+@@ -16,3 +13,5 @@ else
+     NGX_ADDON_SRCS="$NGX_ADDON_SRCS $ngx_addon_dir/ngx_http_auth_spnego_module.c"
+     CORE_LIBS="$CORE_LIBS $ngx_feature_libs"
+ fi
++
++LDFLAGS="-L%%GSSAPILIBDIR%% $LDFLAGS"

More information about the svn-ports-all mailing list