Bug 452212 (heimdal) - Review Request: heimdal - Heimdal Kerberos libraries and KDC
Summary: Review Request: heimdal - Heimdal Kerberos libraries and KDC
Status: CLOSED DUPLICATE of bug 613001
Alias: heimdal
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Rex Dieter
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2008-06-20 09:00 UTC by Andrew Bartlett
Modified: 2010-11-29 21:57 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2009-11-09 21:28:33 UTC
Type: ---

Attachments (Terms of Use)
rebased patch (1.58 KB, patch)
2008-08-22 07:48 UTC, Alexander Boström
no flags Details | Diff

Description Andrew Bartlett 2008-06-20 09:00:36 UTC
Spec URL: http://abartlet.net/heimdal-rpm/heimdal.spec
SRPM URL: http://abartlet.net/heimdal-rpm/heimdal-1.2-1.src.rpm
Description: Heimdal is a Kerberos distribution, distinct from MIT's krb5.  

Heimdal is a free implementation of Kerberos 5. The goals are to:
   - have an implementation that can be freely used by anyone
   - be protocol compatible with existing implementations and, if not in
     conflict, with RFC 1510 (and any future updated RFC)
   - be reasonably compatible with the M.I.T Kerberos V5 API
   - have support for Kerberos V5 over GSS-API (RFC1964)
   - include enough backwards compatibility with Kerberos V4
   - IPv6 support

I'm packaging it for Fedora because I would like Samba4 to depend on a system-provided krb5, rather than rely on it's internal copy of Heimdal.  (I also happen to think it's a better Kerberos package :-)

Comment 1 Alexander Boström 2008-07-02 16:42:28 UTC
The manual says it's not recommended to start kadmind from xinetd. I guess
replacing the xinetd conf with an init script would be in order.

The binaries are going to be after the MIT Kerberos binaries in the PATH. I'm
not sure if that matters much one way or the other.

Is there going to be a conflict with krb5-debuginfo regarding libkrb5.so.debug?

Comment 2 Rex Dieter 2008-07-10 12:26:31 UTC
I can help review this (and the rest of the samba4/libmapi stack as time 
permits).  I'm Cc'ing the krb5 maintainer (nalin) for comments too (on 
parallel-installability, potential gotchas, etc).

Comment 3 Rex Dieter 2008-07-10 13:07:52 UTC
A few initial (minor) comments:
1.  BuildRoot doesn't match any of those recommnded in packaging guidelines.

2. in -libs, Requires(preun,post): info, /sbin/install-info is extraneous,
Requires(...): /sbin/install-info
is sufficient 

3. -clients: Groups: Networking/Other isn't used in Fedora.  maybe use 
something like (matching krb5-workstation-clients):
Group: System Environment/Base
while you're at it, maybe also consider using a subpkg 
name -workstation-clients to match krb5 as well.

4.  Consider using %{?dist} tag in Release, something like:
Release: 1%{?dist}

Submitted a scratch build:

5.  looks like missing deps, per:
xnlock.c:18:28: error: X11/StringDefs.h: No such file or directory
xnlock.c:19:27: error: X11/Intrinsic.h: No such file or directory
xnlock.c:21:23: error: X11/Shell.h: No such file or directory
so, add 
BuildRequires: libXt-devel 

6.  build failed again with
    Installed (but unpackaged) file(s) found:
so, need to remove that in %install (or otherwise omit from packaging)

7.  shlibs.  I noticed -libs includes all shlibs, but libkdc.so.*, libhdb.so.* 
and libkadm5srv.so.* are (also) included in -server.  On purpose or oversight?

8.  -devel installs a pkgconfig file, so this subpkg should include
Requires: pkgconfig

fixed 5,6 submitted new build:

Comment 4 Rex Dieter 2008-07-10 13:25:19 UTC
build finished, rpmlint output (on x86_64 binaries):
$ rpmlint *.rpm
heimdal-devel.x86_64: E: only-non-binary-in-usr-lib
heimdal-server.x86_64: E: non-readable /var/lib/heimdal/kadmind.acl 0600
heimdal-server.x86_64: E: description-line-too-long This package contains the 
KDC, and associated services such as kpasswdd and kadmind

4 packages and 0 specfiles checked; 3 errors, 0 warnings.

Comment 5 Andrew Bartlett 2008-07-11 02:17:13 UTC
For 7, these shared libs are for the KDC, so I figured they belonged there, or
in s -server-libs (but that seemed like overkill).  Samba4 will be linking
against libkdc.

I'll look at the other issues and some other feedback I have got, and provide an
updated spec (based on what you left in koji, I hope). 

Comment 6 Andrew Bartlett 2008-07-11 06:20:05 UTC
I think I've addressed most of these concerns with a new spec file and SRPM at

Comment 7 Alexander Boström 2008-07-11 22:26:03 UTC
(This is not a formal review, Rex is doing that and besides neither me nor
Andrew is sponsored.)

$ rpmlint dl/heimdal-1.2-1.fc9.2.src.rpm 
heimdal.src: W: mixed-use-of-spaces-and-tabs (spaces: line 49, tab: line 11)

$ rpmbuild ...
+ autoreconf
configure.in:3: error: Autoconf version 2.62 or higher is required

That was on F9. Hmm, let's see if I have a rawhide machine at hand...

Comment 8 Alexander Boström 2008-07-11 22:37:14 UTC
kpasswdd.init line 24 looks wrong:


Comment 9 Andrew Bartlett 2008-07-12 02:09:22 UTC
With regard to Comment #4, I'm very much at a loss to understand what is wrong
with the /usr/lib stuff.  What I'm putting there in the devel package looks sane...

I'll fix the kpasswdd issue and upload to my website again. 

Comment 10 Andrew Bartlett 2008-07-29 01:50:37 UTC
I'll need to be sponsored for this package. 

Comment 11 Alexander Boström 2008-08-15 12:10:04 UTC
Some stuff from rpmlint:

heimdal-devel.i386: W: dangling-relative-symlink /usr/lib/windc.so windc.so.0.0.0

Maybe it would be best to remove the windc.so symlink from -devel if the library is not supposed to be used outside of the -server package? (I guess that's why the library is in -server instead of in -libs.)

heimdal-libs.i386: E: info-files-without-install-info-post{in,un} /usr/share/info/{heimdal,hx509}.info.gz

Does this matter?

Lots of unstripped-binary-or-object for /usr/{lib,bin,sbin}.

Comment 12 Andrew Bartlett 2008-08-16 00:43:04 UTC
I suppose we could move windc back to the library package, as Samba4 will use that.  (but otherwise, like libkdc, it is useless on a client, so hence why I put it in the server package).  

Adding a server-libs seemed overkill.

Comment 13 Alexander Boström 2008-08-22 07:46:42 UTC
I guess that'd be better.

The system-sqlite patch needs rebasing to make it build with --fuzz=0. I'll attach an updated version.

Comment 14 Alexander Boström 2008-08-22 07:48:10 UTC
Created attachment 314783 [details]
rebased patch

Comment 15 Rex Dieter 2009-11-09 20:11:57 UTC
Sorry for my going awol here for awhile, I can still do sponsoring if still needed, Andrew, can you chime in on the current state of affairs here, and offer something newish to continue the review (if available)?

Comment 16 Andrew Bartlett 2009-11-09 21:24:58 UTC
We have not yet made Samba4 use the external Heimdal libs, so this isn't required for now.  

I'm also no longer in the packaging game, so this will be for someone else to pick up.

Comment 17 Rex Dieter 2009-11-09 21:28:33 UTC
Fair enough then, thanks for the update.  I'll close this then.

Comment 18 Izhar Firdaus 2010-11-26 01:16:52 UTC
anybody continuing this? .. else i'll create a new review ticket .. needing it here in my deployment ..

Comment 19 Jason Tibbitts 2010-11-29 21:57:33 UTC
Asking a question in a long-dead ticket is not the best way to get an answer, but see bug 613001.

*** This bug has been marked as a duplicate of bug 613001 ***

Note You need to log in before you can comment on or make changes to this bug.