On Wed, Jun 02, 2021 at 07:55:31AM +0200, Ignacio Coterillo wrote: > I'm trying to debug and fix issues with Kerberos based authentication on both > Icecat and > qutebrowser and got a few questions: > > Via strace I found that icecat tries load `libgssapi.so` which doesn't exist. > > Trivially creating the file as a symbolic link to the `libgssapi_krb5.so` > provided > by the `mit-krb5` package and exposing via LD_LIBRARY_PATH solves the issue > and > fixes Kerberos based authentication. > > - Question 1: Should this be fixed in the mit-krb5 package or in the icecat > package?
If the mit-krb5 authors aim to provide libgssapi.so, then we should adjust our package to achieve that. Otherwise, I'd guess it's a problem in icecat / firefox. Do you know what other distros do? > - Question 2: What would be the best way of creating this link in a package? > > I've played with creating a modified `mit-krb5` (i.e. `my-mit-krb5`) with > the > following additional build phase: > > (modify-phases %standard-phases > (add-after 'install 'create-link > (lambda _ > (let* ((libpath (getenv "out")) > (origin (format #f "~a/lib/libgssapi_krb5.so" libpath)) > (target (format #f "~a/lib/libgssapi.so" libpath))) > (symlink origin target)) > #t)) That would work, but like I said above, the mit-krb5 build scripts should have a way to do this, or it's likely a change to be made in the icecat package. > This works, but creates the link with full path target instead of relative > like the rest of links > created naturally by the original build process: > > ❯ ls -l > /gnu/store/irhvqdpc4zvyj9in514lv859mjkyi7p3-my-mit-krb5-1.18/lib/libgssapi* > lrwxrwxrwx 3 root root 21 Jan 1 1970 > /gnu/store/irhvqdpc4zvyj9in514lv859mjkyi7p3-my-mit-krb5-1.18/lib/libgssapi_krb5.so > -> libgssapi_krb5.so.2.2 > lrwxrwxrwx 3 root root 21 Jan 1 1970 > /gnu/store/irhvqdpc4zvyj9in514lv859mjkyi7p3-my-mit-krb5-1.18/lib/libgssapi_krb5.so.2 > -> libgssapi_krb5.so.2.2 > -r--r--r-- 2 root root 380520 Jan 1 1970 > /gnu/store/irhvqdpc4zvyj9in514lv859mjkyi7p3-my-mit-krb5-1.18/lib/libgssapi_krb5.so.2.2 > lrwxrwxrwx 7 root root 82 Jan 1 1970 > /gnu/store/irhvqdpc4zvyj9in514lv859mjkyi7p3-my-mit-krb5-1.18/lib/libgssapi.so > -> > /gnu/store/irhvqdpc4zvyj9in514lv859mjkyi7p3-my-mit-krb5-1.18/lib/libgssapi_krb5.so > > Should I try to `chdir` to the path before creating the link, or is there a > cleaner > way of doing something like this? Not sure, but I agree that it should be a relative link, if adjusting mit-krb5 is the solution we choose. > qutebrowser Kerberos support comes from `qtwebengine`. The only change needed > would > be to add `mit-krb5` as input and add the "--webengine-kerberos=yes" qmake > option in its > `configure` build phase. Sounds good. > My question here is about whether there is any policy requiring formal > justification to > increase the number of dependencies of a certain package or this would be > considered a valid > request/patch. There's no policy. In general, we aim to provide fully-featured packages, but that is an informal habit rather than a strict guideline.
