unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / Atom feed
* Questions reqarding packaging and conventions
@ 2021-06-02  5:55 Ignacio Coterillo
  2021-06-03 20:32 ` Leo Famulari
  0 siblings, 1 reply; 2+ messages in thread
From: Ignacio Coterillo @ 2021-06-02  5:55 UTC (permalink / raw)
  To: guix-devel

[-- Attachment #1: Type: text/html, Size: 5185 bytes --]

[-- Attachment #2: Type: text/plain, Size: 2498 bytes --]

Hello,

I'm trying to debug and fix issues with Kerberos based authentication on both Icecat and
qutebrowser and got a few questions:

Via strace I found that icecat tries load `libgssapi.so` which doesn't exist.

Trivially creating the file as a symbolic link to the `libgssapi_krb5.so` provided
by the `mit-krb5` package and exposing via LD_LIBRARY_PATH solves the issue and
fixes Kerberos based authentication.

- Question 1: Should this be fixed in the mit-krb5 package or in the icecat package?

- Question 2: What would be the best way of creating this link in a package?

  I've played with creating a modified `mit-krb5` (i.e. `my-mit-krb5`) with the
  following additional build phase:

  (modify-phases %standard-phases
      (add-after 'install 'create-link
      (lambda _
          (let* ((libpath (getenv "out"))
              (origin (format #f "~a/lib/libgssapi_krb5.so" libpath))
              (target (format #f "~a/lib/libgssapi.so" libpath)))
          (symlink origin target))
          #t))

  This works, but creates the link with full path target instead of relative like the rest of links
  created naturally by the original build process:

  ❯ ls -l /gnu/store/irhvqdpc4zvyj9in514lv859mjkyi7p3-my-mit-krb5-1.18/lib/libgssapi*
  lrwxrwxrwx 3 root root     21 Jan  1  1970 /gnu/store/irhvqdpc4zvyj9in514lv859mjkyi7p3-my-mit-krb5-1.18/lib/libgssapi_krb5.so -> libgssapi_krb5.so.2.2
  lrwxrwxrwx 3 root root     21 Jan  1  1970 /gnu/store/irhvqdpc4zvyj9in514lv859mjkyi7p3-my-mit-krb5-1.18/lib/libgssapi_krb5.so.2 -> libgssapi_krb5.so.2.2
  -r--r--r-- 2 root root 380520 Jan  1  1970 /gnu/store/irhvqdpc4zvyj9in514lv859mjkyi7p3-my-mit-krb5-1.18/lib/libgssapi_krb5.so.2.2
  lrwxrwxrwx 7 root root     82 Jan  1  1970 /gnu/store/irhvqdpc4zvyj9in514lv859mjkyi7p3-my-mit-krb5-1.18/lib/libgssapi.so -> /gnu/store/irhvqdpc4zvyj9in514lv859mjkyi7p3-my-mit-krb5-1.18/lib/libgssapi_krb5.so

  Should I try to `chdir` to the path before creating the link, or is there a cleaner
  way of doing something like this?

qutebrowser Kerberos support comes from `qtwebengine`. The only change needed would
be to add `mit-krb5` as input and add the "--webengine-kerberos=yes" qmake option in its
`configure` build phase.

My question here is about whether there is any policy requiring formal justification to
increase the number of dependencies of a certain package or this would be considered a valid
request/patch.


Best regards,

Ignacio

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: Questions reqarding packaging and conventions
  2021-06-02  5:55 Questions reqarding packaging and conventions Ignacio Coterillo
@ 2021-06-03 20:32 ` Leo Famulari
  0 siblings, 0 replies; 2+ messages in thread
From: Leo Famulari @ 2021-06-03 20:32 UTC (permalink / raw)
  To: Ignacio Coterillo; +Cc: guix-devel

On Wed, Jun 02, 2021 at 07:55:31AM +0200, Ignacio Coterillo wrote:
> I'm trying to debug and fix issues with Kerberos based authentication on both Icecat and
> qutebrowser and got a few questions:
> 
> Via strace I found that icecat tries load `libgssapi.so` which doesn't exist.
> 
> Trivially creating the file as a symbolic link to the `libgssapi_krb5.so` provided
> by the `mit-krb5` package and exposing via LD_LIBRARY_PATH solves the issue and
> fixes Kerberos based authentication.
> 
> - Question 1: Should this be fixed in the mit-krb5 package or in the icecat package?

If the mit-krb5 authors aim to provide libgssapi.so, then we should
adjust our package to achieve that. Otherwise, I'd guess it's a problem
in icecat / firefox. Do you know what other distros do?

> - Question 2: What would be the best way of creating this link in a package?
> 
>   I've played with creating a modified `mit-krb5` (i.e. `my-mit-krb5`) with the
>   following additional build phase:
> 
>   (modify-phases %standard-phases
>       (add-after 'install 'create-link
>       (lambda _
>           (let* ((libpath (getenv "out"))
>               (origin (format #f "~a/lib/libgssapi_krb5.so" libpath))
>               (target (format #f "~a/lib/libgssapi.so" libpath)))
>           (symlink origin target))
>           #t))

That would work, but like I said above, the mit-krb5 build scripts
should have a way to do this, or it's likely a change to be made in the
icecat package.

>   This works, but creates the link with full path target instead of relative like the rest of links
>   created naturally by the original build process:
> 
>   ❯ ls -l /gnu/store/irhvqdpc4zvyj9in514lv859mjkyi7p3-my-mit-krb5-1.18/lib/libgssapi*
>   lrwxrwxrwx 3 root root     21 Jan  1  1970 /gnu/store/irhvqdpc4zvyj9in514lv859mjkyi7p3-my-mit-krb5-1.18/lib/libgssapi_krb5.so -> libgssapi_krb5.so.2.2
>   lrwxrwxrwx 3 root root     21 Jan  1  1970 /gnu/store/irhvqdpc4zvyj9in514lv859mjkyi7p3-my-mit-krb5-1.18/lib/libgssapi_krb5.so.2 -> libgssapi_krb5.so.2.2
>   -r--r--r-- 2 root root 380520 Jan  1  1970 /gnu/store/irhvqdpc4zvyj9in514lv859mjkyi7p3-my-mit-krb5-1.18/lib/libgssapi_krb5.so.2.2
>   lrwxrwxrwx 7 root root     82 Jan  1  1970 /gnu/store/irhvqdpc4zvyj9in514lv859mjkyi7p3-my-mit-krb5-1.18/lib/libgssapi.so -> /gnu/store/irhvqdpc4zvyj9in514lv859mjkyi7p3-my-mit-krb5-1.18/lib/libgssapi_krb5.so
> 
>   Should I try to `chdir` to the path before creating the link, or is there a cleaner
>   way of doing something like this?

Not sure, but I agree that it should be a relative link, if adjusting
mit-krb5 is the solution we choose.

> qutebrowser Kerberos support comes from `qtwebengine`. The only change needed would
> be to add `mit-krb5` as input and add the "--webengine-kerberos=yes" qmake option in its
> `configure` build phase.

Sounds good.

> My question here is about whether there is any policy requiring formal justification to
> increase the number of dependencies of a certain package or this would be considered a valid
> request/patch.

There's no policy. In general, we aim to provide fully-featured
packages, but that is an informal habit rather than a strict guideline.


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2021-06-03 20:33 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-06-02  5:55 Questions reqarding packaging and conventions Ignacio Coterillo
2021-06-03 20:32 ` Leo Famulari

unofficial mirror of guix-devel@gnu.org 

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://yhetil.org/guix-devel/0 guix-devel/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 guix-devel guix-devel/ https://yhetil.org/guix-devel \
		guix-devel@gnu.org
	public-inbox-index guix-devel

Example config snippet for mirrors.
Newsgroups are available over NNTP:
	nntp://news.yhetil.org/yhetil.gnu.guix.devel
	nntp://news.gmane.io/gmane.comp.gnu.guix.devel


AGPL code for this site: git clone http://ou63pmih66umazou.onion/public-inbox.git