enterprise-support team mailing list archive
-
enterprise-support team
-
Mailing list archive
-
Message #08286
[Bug 1895694] Re: FFe: disable NIS basic auth helper, doesn't build with glibc 2.32
Added release-notes task in case the FFe is approved as-is, by dropping
the NIS basic auth module.
** Also affects: ubuntu-release-notes
Importance: Undecided
Status: New
** Description changed:
Disable the NIS basic authentication helper.
TL;DR I think it's less risky to disable NIS than to try to port this
basic auth helper to use tirpc. Both approaches will require an FFe.
A diff can be seen in the linked MP.
+ Please let me know if you prefer the tirpc approach, it would take
+ longer though.
Longer explanation follows
The NIS basic auth helper needs rpc.h which is no longer provided by glibc 2.32[1]. An alternative is to use libtirpc, and I tried that in another branch[2], but here are the reasons for not doing that:
- the patch is a bit more complicated
- I don't really fancy testing NIS
- who still uses NIS?
- I have no idea if tirpc is a drop-in replacement like that (goes back to testing this, listed above)
Fedora dropped this helper in 2018[3] exactly because of the rpc deprecation in glibc:
* Wed Jan 17 2018 Luboš Uhliarik <luhliari@xxxxxxxxxx> - 7:4.0.22-1
- new version 4.0.22
- Removed NIS helper (#1531540)
I tried to use libtirpc in [2], and it builds and the executable runs, but the remarks I made above about NIS remains. Plus, there are some unknowns in this attempt of mine:
- dpkg-shlibdeps didn't flag libtirpc as a needed dependency
- ldd shows libtirpc, but objdump -x ... | grep NEEDED doesn't. Looks like dpkg-shlibdeps only goes over the NEEDED deps shown by objdump -x
- I think ldd, being recursive, found libtirpc via libnsl, which is one of the NEEDED deps in objdump
- adding -ltirpc to the linking phase of that helper means changing an autoconf file, and calling autoreconf. That introduced (or revealed?) a bug where mime.conf was no longer instaled in /usr/share/squid, but in /etc/squid. So I had to fix that too
- the helper builds even without -ltirpc in the linking phase, which would simplify the branch a bit as I wouldn't have to regenerate the Makefile, but I wonder why it builds...
If I can be sure not having to use -ltirpc is correct, and not that it
worked by just pure chance, then maybe the libtirpc approach has some
merit, but it would still need testing, and find out why the new
dependency wasn't added automatically by shlibs. Adding it manually to
depends is icky.
Anyway, that is the story :)
PPA with NIS disabled: https://launchpad.net/~ahasenack/+archive/ubuntu/squid-ftbfs-nis
PPA with NIS using libtirpc, with the above caveats not addressed: https://launchpad.net/~ahasenack/+archive/ubuntu/squid-ftbfs-nis-using-tirpc (forgive the messy changelog, it came straight out of WIP commits)
1. https://sourceware.org/pipermail/libc-announce/2020/000029.html
2. https://code.launchpad.net/~ahasenack/ubuntu/+source/squid/+git/squid/+ref/groovy-squid-use-tirpc
3. https://bugzilla.redhat.com/show_bug.cgi?id=1531540
[Original Description]
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac
/autopkgtest-groovy/groovy/amd64/s/squid/20200911_180749_36a1a@/log.gz
...
checking for sys/types.h... yes
checking for rpc/rpc.h... no
checking for rpcsvc/ypclnt.h... yes
checking for rpcsvc/yp_prot.h... no
checking for crypt.h... (cached) yes
autopkgtest [17:59:58]: test upstream-test-suite: -----------------------]
upstream-test-suite FAIL non-zero exit status 2
Glibc 2.32 stopped shipping rpc/rpc.h and other RPC development files. Software projects are recommended to switch to TI-RPC.
https://sourceware.org/pipermail/libc-announce/2020/000029.html
--
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to squid in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1895694
Title:
FFe: disable NIS basic auth helper, doesn't build with glibc 2.32
To manage notifications about this bug go to:
https://bugs.launchpad.net/squid/+bug/1895694/+subscriptions
References
