質問
I'm attempting to build squid-cache (squid-3.4.2) on Mavericks (10.9.1) with the following configure based on the SquidMan FAQ:
https://stackoverflow.com/questions/20910109
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian./configure --prefix=/usr/local/squid --disable-eui CFLAGS=-mmacosx-version-min=10.9 --enable-pf-transparent
The build fails at the kerberos helpers:
g++ -DHAVE_CONFIG_H -I../../.. -I../../../include -I../../../lib -I../../../src -I../../../include -I../../../libltdl -I../../.. -I../../../include -I../../../lib -I../../../src -I../../../include -I../../../libltdl -I. -Werror -Qunused-arguments -D_REENTRANT -g -O2 -march=native -std=c++0x -MT support_krb5.o -MD -MP -MF .deps/support_krb5.Tpo -c -o support_krb5.o support_krb5.cc
support_krb5.cc:47:13: error: 'krb5_cc_destroy' is deprecated: use GSS.framework
[-Werror,-Wdeprecated-declarations]
krb5_cc_destroy(kparam.context, kparam.cc);
^
/usr/include/krb5/krb5.h:1296:1: note: 'krb5_cc_destroy' declared here
krb5_cc_destroy (krb5_context context, krb5_ccache cache) KERBEROS_APPLE_DEPRECATED("use GSS.framework");
^
support_krb5.cc:48:9: error: 'krb5_free_context' is deprecated: use GSS.framework
[-Werror,-Wdeprecated-declarations]
krb5_free_context(kparam.context);
^
/usr/include/krb5/krb5.h:1456:20: note: 'krb5_free_context' declared here
void KRB5_CALLCONV krb5_free_context
^
support_krb5.cc:80:12: error: 'krb5_init_context' is deprecated: use GSS.framework
[-Werror,-Wdeprecated-declarations]
code = krb5_init_context(&kparam.context);
^
/usr/include/krb5/krb5.h:1452:31: note: 'krb5_init_context' declared here
krb5_error_code KRB5_CALLCONV krb5_init_context
^
support_krb5.cc:91:5: error: 'krb5_kt_default_name' is deprecated: use GSS.framework
[-Werror,-Wdeprecated-declarations]
krb5_kt_default_name(kparam.context, buf, KT_PATH_MAX);
^
/usr/include/krb5/krb5.h:1702:31: note: 'krb5_kt_default_name' declared here
krb5_error_code KRB5_CALLCONV krb5_kt_default_name
^
support_krb5.cc:98:12: error: 'krb5_kt_resolve' is deprecated: use GSS.framework
[-Werror,-Wdeprecated-declarations]
code = krb5_kt_resolve(kparam.context, keytab_name, &keytab);
^
/usr/include/krb5/krb5.h:1698:31: note: 'krb5_kt_resolve' declared here
krb5_error_code KRB5_CALLCONV krb5_kt_resolve
^
support_krb5.cc:104:12: error: 'krb5_kt_start_seq_get' is deprecated: use GSS.framework
[-Werror,-Wdeprecated-declarations]
code = krb5_kt_start_seq_get(kparam.context, keytab, &cursor);
^
/usr/include/krb5/krb5.h:1435:1: note: 'krb5_kt_start_seq_get' declared here
krb5_kt_start_seq_get(krb5_context context, krb5_keytab keytab,
^
support_krb5.cc:113:20: error: 'krb5_kt_next_entry' is deprecated: use GSS.framework
[-Werror,-Wdeprecated-declarations]
while ((code = krb5_kt_next_entry(kparam.context, keytab, &entry, &cursor)) == 0) {
^
/usr/include/krb5/krb5.h:1438:1: note: 'krb5_kt_next_entry' declared here
krb5_kt_next_entry(krb5_context context, krb5_keytab keytab,
^
support_krb5.cc:117:9: error: 'krb5_copy_principal' is deprecated: use GSS.framework
[-Werror,-Wdeprecated-declarations]
krb5_copy_principal(kparam.context, entry.principal, &principal_list[nprinc++]);
^
/usr/include/krb5/krb5.h:1633:31: note: 'krb5_copy_principal' declared here
krb5_error_code KRB5_CALLCONV krb5_copy_principal
^
support_krb5.cc:129:20: error: 'krb5_unparse_name' is deprecated: use GSS.framework
[-Werror,-Wdeprecated-declarations]
code = krb5_unparse_name(kparam.context, entry.principal, &principal_name);
^
/usr/include/krb5/krb5.h:1561:31: note: 'krb5_unparse_name' declared here
krb5_error_code KRB5_CALLCONV krb5_unparse_name
^
support_krb5.cc:140:16: error: 'krb5_free_keytab_entry_contents' is deprecated: use GSS.framework
[-Werror,-Wdeprecated-declarations]
code = krb5_free_keytab_entry_contents(kparam.context, &entry);
^
/usr/include/krb5/krb5.h:1709:31: note: 'krb5_free_keytab_entry_contents' declared here
krb5_error_code KRB5_CALLCONV krb5_free_keytab_entry_contents
^
support_krb5.cc:156:12: error: 'krb5_kt_end_seq_get' is deprecated: use GSS.framework
[-Werror,-Wdeprecated-declarations]
code = krb5_kt_end_seq_get(kparam.context, keytab, &cursor);
^
/usr/include/krb5/krb5.h:1441:1: note: 'krb5_kt_end_seq_get' declared here
krb5_kt_end_seq_get(krb5_context context, krb5_keytab keytab,
^
support_krb5.cc:175:12: error: 'krb5_cc_resolve' is deprecated: use GSS.framework
[-Werror,-Wdeprecated-declarations]
code = krb5_cc_resolve(kparam.context, mem_cache, &kparam.cc);
^
/usr/include/krb5/krb5.h:1728:31: note: 'krb5_cc_resolve' declared here
krb5_error_code KRB5_CALLCONV krb5_cc_resolve
^
support_krb5.cc:196:20: error: 'krb5_unparse_name' is deprecated: use GSS.framework
[-Werror,-Wdeprecated-declarations]
code = krb5_unparse_name(kparam.context, principal_list[i], &principal_name);
^
/usr/include/krb5/krb5.h:1561:31: note: 'krb5_unparse_name' declared here
krb5_error_code KRB5_CALLCONV krb5_unparse_name
^
support_krb5.cc:204:20: error: 'krb5_get_init_creds_keytab' is deprecated: use GSS.framework
[-Werror,-Wdeprecated-declarations]
code = krb5_get_init_creds_keytab(kparam.context, creds, principal_list[i], keytab, 0, NULL, NULL);
^
/usr/include/krb5/krb5.h:2337:1: note: 'krb5_get_init_creds_keytab' declared here
krb5_get_init_creds_keytab
^
support_krb5.cc:217:20: error: 'krb5_cc_initialize' is deprecated: use GSS.framework
[-Werror,-Wdeprecated-declarations]
code = krb5_cc_initialize(kparam.context, kparam.cc, principal_list[i]);
^
/usr/include/krb5/krb5.h:1292:1: note: 'krb5_cc_initialize' declared here
krb5_cc_initialize(krb5_context context, krb5_ccache cache,
^
support_krb5.cc:222:20: error: 'krb5_cc_store_cred' is deprecated: use GSS.framework
[-Werror,-Wdeprecated-declarations]
code = krb5_cc_store_cred(kparam.context, kparam.cc, creds);
^
/usr/include/krb5/krb5.h:1302:1: note: 'krb5_cc_store_cred' declared here
krb5_cc_store_cred (krb5_context context, krb5_ccache cache,
^
support_krb5.cc:228:17: error: 'krb5_free_principal' is deprecated: use GSS.framework
[-Werror,-Wdeprecated-declarations]
krb5_free_principal(kparam.context, creds->server);
^
/usr/include/krb5/krb5.h:1760:20: note: 'krb5_free_principal' declared here
void KRB5_CALLCONV krb5_free_principal
^
support_krb5.cc:236:20: error: 'krb5_parse_name' is deprecated: use GSS.framework
[-Werror,-Wdeprecated-declarations]
code = krb5_parse_name(kparam.context, service, &creds->server);
^
/usr/include/krb5/krb5.h:1549:31: note: 'krb5_parse_name' declared here
krb5_error_code KRB5_CALLCONV krb5_parse_name
^
support_krb5.cc:242:20: error: 'krb5_get_credentials' is deprecated: use GSS.framework
[-Werror,-Wdeprecated-declarations]
code = krb5_get_credentials(kparam.context, 0, kparam.cc, creds, &tgt_creds);
^
/usr/include/krb5/krb5.h:1486:31: note: 'krb5_get_credentials' declared here
krb5_error_code KRB5_CALLCONV krb5_get_credentials
^
fatal error: too many errors emitted, stopping now [-ferror-limit=]
20 errors generated.
make[4]: *** [support_krb5.o] Error 1
make[3]: *** [all-recursive] Error 1
make[2]: *** [all-recursive] Error 1
make[1]: *** [all-recursive] Error 1
make: *** [all-recursive] Error 1
I'm not quite sure how to resolve this issue.
My initial use of squid does not need kerberos, so after some configuration mining I found that this flag will turn off that part of the build:
--with-krb5-config=no
But then I end up with errors during the ldap helper build. (which I also don't need)...and then manually editing Makefiles becomes a deep rabbit hole which still results in build errors.
I would like to get this to build correctly "as-is" without substantial build changes. There seems to be very little knowledge online to help with this.
Does anyone have experience building this on os-x Mavericks? and, if-so, what are the changes I need?
解決
Successfully compiled with :
--prefix=/usr/local
--disable-auth
--with-krb5-config=no
--disable-external-acl-helpers
--disable-eui
tested : ok
My hardware:
他のヒント
On OSX 10.9.3, the following worked for me
./configure CPPFLAGS='-Wno-error=deprecated-declarations' LDFLAGS='-lresolv'
Not sure, if this helps, because I'm still on MAC OS 10.7 (Lion). make does not complain about kerberos, but also stops with some errors regarding LDAP. After removing the lines
#define HAVE_LDAP_H 1
BUILD_HELPER="kerberos_ldap_group"
#define HAVE_MOZLDAP_LDAP_H 1
$as_echo "#define HAVE_LDAP 1" >>confdefs.h
$as_echo "#define HAVE_OPENLDAP 1" >>confdefs.h
$as_echo "#define HAVE_SUN_LDAP_SDK 1" >>confdefs.h
$as_echo "#define HAVE_MOZILLA_LDAP_SDK 1" >>confdefs.h
$as_echo "#define HAVE_LDAP_REBINDPROC_CALLBACK 1" >>confdefs.h
$as_echo "#define HAVE_LDAP_REBIND_PROC 1" >>confdefs.h
$as_echo "#define HAVE_LDAP_REBIND_FUNCTION 1" >>confdefs.h
$as_echo "#define HAVE_LDAP_SCOPE_DEFAULT 1" >>confdefs.h
$as_echo "#define HAVE_LDAP_URL_LUD_SCHEME 1" >>confdefs.h
$as_echo "#define HAVE_LDAPSSL_CLIENT_INIT 1" >>confdefs.h
$as_echo "#define HAVE_LDAP_URL_DESC2STR 1" >>confdefs.h
$as_echo "#define HAVE_LDAP_URL_PARSE 1" >>confdefs.h
$as_echo "#define HAVE_LDAP_START_TLS_S 1" >>confdefs.h
from the configure script and running it without any command line options, squid-3.4.2 compiled. It worked for me, but it's still a hack. I guess the proper way to solve the problem is to use the --enable-auth-basic, --enable-auth-digest and --enable-external-acl-helpers options for configure and list all helpers except LDAP (or at least all you need).
Apparently the kerberos is being used if you plan for domain level authentication (e.g. AD / LDAP). You can disable the helper and authentication method with the following options disable-auth --disable-external-acl-helper
This is an open known bug in Squid right now:
http://bugs.squid-cache.org/show_bug.cgi?id=4023
I tried the following work around to bypass these external ACL modules as follows.
./configure --prefix=/opt/squid --with-krb5-config=no
--disable-external-acl-helpers
I still ran into other issues: http://bugs.squid-cache.org/show_bug.cgi?id=4043
