Highlights:
- RHEL-7 support - Migration to Pagure completed - Support syncing changed credentials
Robbie Harwood (13): - Clean up build flags - Detect kerberos.schema on RHEL - Fix behavior when not passed config_dir on the command line - Document debug_level option in gssproxy.conf(5) - Fix asprintf(3) call in ensure_segregated_ccache() - Appease Coverity - Remove unused variables in t_acquire.c - Markdown conversion of docs from Trac - Pagure-ify release process - Remove outdated selinux issue from Apache docs - Update Apache docs to match latest releases - Fix broken link in protocol docs - Release version 0.7.0
Simo Sorce (16): - Fix incorrect use of non-null terminated string - Fix another incorrect use of non-null term. string - Always check if we have a remote credential - Fix potential memleak from gpm_release_cred - Local vs Remote cred check fixes - Add a helper function to pack options - Add ability to sync creds back on modification - Do not re-export unchanged creds - Rework gpp_cred_handle management - Add utility function to compare gssx_creds - Always request cred sync on init_sec_context - If credentials changed try to store them - Change tests to always exercise ccache sycns - Add support for the NO_CI_FLAG credentials option - Add test to check setting cred options - Ensure test suite reports failure on traceback
Source: https://releases.pagure.org/gssproxy/gssproxy-0.7.0.tar.gz sha512sum: https://releases.pagure.org/gssproxy/gssproxy-0.7.0.tar.gz.sha512sum.txt
Am Tue, 07 Mar 2017 17:26:21 -0500 schrieb Robbie Harwood rharwood@redhat.com:
- Add support for the NO_CI_FLAG credentials option
I guess this has lead to this build failure:
In file included from src/gp_export.c:11:0: src/gp_export.c: In function ‘gp_set_cred_options’: src/gp_export.c:437:49: error: ‘GSS_KRB5_CRED_NO_CI_FLAGS_X’ undeclared (first use in this function) discard_const(GSS_KRB5_CRED_NO_CI_FLAGS_X), ^ src/gp_proxy.h:15:50: note: in definition of macro ‘discard_const’ #define discard_const(ptr) ((void *)((uintptr_t)(ptr))) ^~~ src/gp_export.c:437:49: note: each undeclared identifier is reported only once for each function it appears in discard_const(GSS_KRB5_CRED_NO_CI_FLAGS_X), ^ src/gp_proxy.h:15:50: note: in definition of macro ‘discard_const’ #define discard_const(ptr) ((void *)((uintptr_t)(ptr))) ^~~ make[2]: *** [Makefile:1218: src/gp_export.o] Error 1 make[2]: *** Waiting for unfinished jobs.... make[1]: *** [Makefile:1513: all-recursive] Error 1 make: *** [Makefile:758: all] Error 2 ==> ERROR: A failure occurred in build().
-Andy Arch Linux
Andreas, what krb5 implementation/version are you building gssproxy against ?
(It is recommended to build it against MIT Kerberos, given Heimdal does not have an interposer plugin system anyway).
Simo.
On Thu, 2017-03-09 at 13:10 +0100, Andreas Radke wrote:
Am Tue, 07 Mar 2017 17:26:21 -0500 schrieb Robbie Harwood rharwood@redhat.com:
- Add support for the NO_CI_FLAG credentials option
I guess this has lead to this build failure:
In file included from src/gp_export.c:11:0: src/gp_export.c: In function ‘gp_set_cred_options’: src/gp_export.c:437:49: error: ‘GSS_KRB5_CRED_NO_CI_FLAGS_X’ undeclared (first use in this function) discard_const(GSS_KRB5_CRED_NO_CI_ FLAGS_X), ^ src/gp_proxy.h:15:50: note: in definition of macro ‘discard_const’ #define discard_const(ptr) ((void *)((uintptr_t)(ptr))) ^~~ src/gp_export.c:437:49: note: each undeclared identifier is reported only once for each function it appears in discard_const(GSS_KRB5_CRED_NO_CI_ FLAGS_X), ^ src/gp_proxy.h:15:50: note: in definition of macro ‘discard_const’ #define discard_const(ptr) ((void *)((uintptr_t)(ptr))) ^~~ make[2]: *** [Makefile:1218: src/gp_export.o] Error 1 make[2]: *** Waiting for unfinished jobs.... make[1]: *** [Makefile:1513: all-recursive] Error 1 make: *** [Makefile:758: all] Error 2 ==> ERROR: A failure occurred in build().
-Andy Arch Linux _______________________________________________ gss-proxy mailing list -- gss-proxy@lists.fedorahosted.org To unsubscribe send an email to gss-proxy-leave@lists.fedorahosted.or g
Am Thu, 09 Mar 2017 07:45:28 -0500 schrieb Simo Sorce simo@redhat.com:
Andreas, what krb5 implementation/version are you building gssproxy against ?
(It is recommended to build it against MIT Kerberos, given Heimdal does not have an interposer plugin system anyway).
Simo.
https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packag...
-Andy
On Thu, 2017-03-09 at 13:49 +0100, Andreas Radke wrote:
Am Thu, 09 Mar 2017 07:45:28 -0500 schrieb Simo Sorce simo@redhat.com:
Andreas, what krb5 implementation/version are you building gssproxy against ?
(It is recommended to build it against MIT Kerberos, given Heimdal does not have an interposer plugin system anyway).
Simo.
https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h =packages/krb5
Sorry but this really doesn't tell me what version you have installed.
Now looking at https://www.archlinux.org/packages I see you have an outdate 1.13.7 version that does NOT have that stuff in gssapi_krb5.h, but you also have 1.15.1 in staging, can you try to build against that version ?
Simo.
Am Thu, 09 Mar 2017 08:36:36 -0500 schrieb Simo Sorce simo@redhat.com:
Sorry but this really doesn't tell me what version you have installed.
Now looking at https://www.archlinux.org/packages I see you have an outdate 1.13.7 version that does NOT have that stuff in gssapi_krb5.h, but you also have 1.15.1 in staging, can you try to build against that version ?
Simo.
You're right. Building against our more recent krb5 version in staging repository finished well.
-Andy
On (09/03/17 08:36), Simo Sorce wrote:
On Thu, 2017-03-09 at 13:49 +0100, Andreas Radke wrote:
Am Thu, 09 Mar 2017 07:45:28 -0500 schrieb Simo Sorce simo@redhat.com:
Andreas, what krb5 implementation/version are you building gssproxy against ?
(It is recommended to build it against MIT Kerberos, given Heimdal does not have an interposer plugin system anyway).
Simo.
https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h =packages/krb5
Sorry but this really doesn't tell me what version you have installed.
Now looking at https://www.archlinux.org/packages I see you have an outdate 1.13.7 version that does NOT have that stuff in gssapi_krb5.h, but you also have 1.15.1 in staging, can you try to build against that version ?
Then it would be good to bump minimal version of krb5-gssapi in configure.ac. It should fail at configure time IMHO.
https://pagure.io/gssproxy/blob/master/f/proxy/configure.ac#_117
ATM there is 1.12.0. And I have no idea which is a minimal required version. Maybe 1.14.x which is in CentOS 7.3
LS
On pe, 10 maalis 2017, Lukas Slebodnik wrote:
On (09/03/17 08:36), Simo Sorce wrote:
On Thu, 2017-03-09 at 13:49 +0100, Andreas Radke wrote:
Am Thu, 09 Mar 2017 07:45:28 -0500 schrieb Simo Sorce simo@redhat.com:
Andreas, what krb5 implementation/version are you building gssproxy against ?
(It is recommended to build it against MIT Kerberos, given Heimdal does not have an interposer plugin system anyway).
Simo.
https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h =packages/krb5
Sorry but this really doesn't tell me what version you have installed.
Now looking at https://www.archlinux.org/packages I see you have an outdate 1.13.7 version that does NOT have that stuff in gssapi_krb5.h, but you also have 1.15.1 in staging, can you try to build against that version ?
Then it would be good to bump minimal version of krb5-gssapi in configure.ac. It should fail at configure time IMHO.
https://pagure.io/gssproxy/blob/master/f/proxy/configure.ac#_117
ATM there is 1.12.0. And I have no idea which is a minimal required version. Maybe 1.14.x which is in CentOS 7.3
krb5 1.14 is where GSS_KRB5_CRED_NO_CI_FLAGS_X was introduced.
$ git tag --contains 7e6965ae33338216650384ca559d49e90312087a | head krb5-1.14-alpha1 krb5-1.14-beta1 krb5-1.14-beta2 krb5-1.14-final krb5-1.14.1-final krb5-1.14.2-final krb5-1.14.3-final krb5-1.14.4-final krb5-1.14.5-final krb5-1.15-beta1
LS _______________________________________________ gss-proxy mailing list -- gss-proxy@lists.fedorahosted.org To unsubscribe send an email to gss-proxy-leave@lists.fedorahosted.org
On Fri, 2017-03-10 at 12:56 +0200, Alexander Bokovoy wrote:
On pe, 10 maalis 2017, Lukas Slebodnik wrote:
On (09/03/17 08:36), Simo Sorce wrote:
On Thu, 2017-03-09 at 13:49 +0100, Andreas Radke wrote:
Am Thu, 09 Mar 2017 07:45:28 -0500 schrieb Simo Sorce simo@redhat.com:
Andreas, what krb5 implementation/version are you building gssproxy against ?
(It is recommended to build it against MIT Kerberos, given Heimdal does not have an interposer plugin system anyway).
Simo.
https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGB UILD?h =packages/krb5
Sorry but this really doesn't tell me what version you have installed.
Now looking at https://www.archlinux.org/packages I see you have an outdate 1.13.7 version that does NOT have that stuff in gssapi_krb5.h, but you also have 1.15.1 in staging, can you try to build against that version ?
Then it would be good to bump minimal version of krb5-gssapi in configure.ac. It should fail at configure time IMHO.
https://pagure.io/gssproxy/blob/master/f/proxy/configure.ac#_117
ATM there is 1.12.0. And I have no idea which is a minimal required version. Maybe 1.14.x which is in CentOS 7.3
krb5 1.14 is where GSS_KRB5_CRED_NO_CI_FLAGS_X was introduced.
$ git tag --contains 7e6965ae33338216650384ca559d49e90312087a | head krb5-1.14-alpha1 krb5-1.14-beta1 krb5-1.14-beta2 krb5-1.14-final krb5-1.14.1-final krb5-1.14.2-final krb5-1.14.3-final krb5-1.14.4-final krb5-1.14.5-final krb5-1.15-beta1
Right, patch welcome :-)
Simo.
Simo Sorce simo@redhat.com writes:
On Fri, 2017-03-10 at 12:56 +0200, Alexander Bokovoy wrote:
On pe, 10 maalis 2017, Lukas Slebodnik wrote:
On (09/03/17 08:36), Simo Sorce wrote:
On Thu, 2017-03-09 at 13:49 +0100, Andreas Radke wrote:
Am Thu, 09 Mar 2017 07:45:28 -0500 schrieb Simo Sorce simo@redhat.com:
Andreas, what krb5 implementation/version are you building gssproxy against ?
Now looking at https://www.archlinux.org/packages I see you have an outdate 1.13.7 version that does NOT have that stuff in gssapi_krb5.h, but you also have 1.15.1 in staging, can you try to build against that version ?
Then it would be good to bump minimal version of krb5-gssapi in configure.ac. It should fail at configure time IMHO.
https://pagure.io/gssproxy/blob/master/f/proxy/configure.ac#_117
ATM there is 1.12.0. And I have no idea which is a minimal required version. Maybe 1.14.x which is in CentOS 7.3
krb5 1.14 is where GSS_KRB5_CRED_NO_CI_FLAGS_X was introduced.
Right, patch welcome :-)
Filed an issue: https://pagure.io/gssproxy/issue/169
Note that krb5 upstream considers krb5 < 1.14 EOL anyway.
On Fri, 2017-03-10 at 09:56 -0500, Robbie Harwood wrote:
Simo Sorce simo@redhat.com writes:
On Fri, 2017-03-10 at 12:56 +0200, Alexander Bokovoy wrote:
On pe, 10 maalis 2017, Lukas Slebodnik wrote:
On (09/03/17 08:36), Simo Sorce wrote:
On Thu, 2017-03-09 at 13:49 +0100, Andreas Radke wrote:
Am Thu, 09 Mar 2017 07:45:28 -0500 schrieb Simo Sorce <simo @redhat.com>:
> Andreas, what krb5 implementation/version are you > building > gssproxy against ?
Now looking at https://www.archlinux.org/packages I see you have an outdate 1.13.7 version that does NOT have that stuff in gssapi_krb5.h, but you also have 1.15.1 in staging, can you try to build against that version ?
Then it would be good to bump minimal version of krb5-gssapi in configure.ac. It should fail at configure time IMHO.
https://pagure.io/gssproxy/blob/master/f/proxy/configure.ac#_11 7
ATM there is 1.12.0. And I have no idea which is a minimal required version. Maybe 1.14.x which is in CentOS 7.3
krb5 1.14 is where GSS_KRB5_CRED_NO_CI_FLAGS_X was introduced.
Right, patch welcome :-)
Filed an issue: https://pagure.io/gssproxy/issue/169
Note that krb5 upstream considers krb5 < 1.14 EOL anyway.
Thank you.
gss-proxy@lists.fedorahosted.org