py-gssapi: Add kerberos5 variant, to allow use of MIT Kerberos #27644
Conversation
|
Notifying maintainers: |
macportsbot
added
type: enhancement
maintainer: open
|
This is a harmless enough change, but I think a better one might be to have this always use kerberos5. Would require some minor edits to setup.py. Thoughts? |
|
@akkornel Thoughts on my previous comment? You mentioned interoperability (or lack thereof) between MIT Kerberos and Apple's GSS stack. So I'm wondering which would be more convenient. |
|
Hello! I've been thinking on your question, and I wonder: Can I explore the possibility of making "Use Does that sound like a good path to explore? |
|
That seems reasonable. Variant to build against kerberos5, and make that the default variant for older versions of macOS. Will require a bit of creative patching. |
This change updates the port's long_description to specify which GSSAPI implementation it is using. py-gssapi needs a GSSAPI/Kerberos library to build against. On Mac OS X 10.8 and earlier, py-gssapi uses the `kerberos5` port. On Mac OS X 10.9 and later, py-gssapi uses the OS-provided GSS Framework. The specific GSSAPI implementation is useful to know, because a Kerberos credential that is kinit-ed from MIT Kerberos might not be visible to a program that is using macOS' GSS Framework.
Today, the python-gssapi software builds against macOS' built-in GSSAPI/Kerberos Frameworks. This adds a variant to build against MacPorts' MIT Kerberos package, `kerberos5`. kerberos5 is added as a variant because, if someone already has the package installed, we don't want to suddenly switch them to MIT Kerberos during an upgrade. Instead of patching `setup.py`, we build python-gssapi by setting environment variables, as instructed in pythongssapi/python-gssapi#347. The long description is also updated to reflect which GSSAPI/Kerberos installation is being used. Finally, a change is made to the options available on Mac OS X below 10.9: The kerberos5 variant is made the default; if the user attempts to remove this variant, their install errors out.
Previously, two changes were made to python-gssapi's setup.py: * Instead of using macOS' GSS.Framework on Mac OS X 10.7+, the minimum is raised to 10.9+. * When not using GSS.Framework (that is, on Mac OS X below 10.9), instead of looking for a lib*.so file, look for a lib*.dylib file. With the addition of the `kerberos5` variant, the above changes are no longer needed: * We force `kerberos5` use on Mac OS X below 10.9, so we don't need to change the minimum version in setup.py. * When using the `kerberos5` variant, we short-circuit much of setup.py's detection logic by setting environment variables, so we don't need to change the code in setup.py.
akkornel
changed the title
|
Updated the title and description to reflect the change in purpose of the PR: Instead of just modifying the long description, this is now the addition of a new variant.
Happily, pythongssapi/python-gssapi#347 describes a way to build against MIT Kerberos, without needing to patch Updated port passes Unfortunately, I do not have an older Mac OS X system on which to test those changes to the Portfile. Is there a place I can go to test? |
|
Thanks for finding that PR and updating the change! I don't know of an easy way to test on old systems. The patching for pre-10.9 was done in response to https://trac.macports.org/ticket/60729 - @ryandesign are you able to try this change? It seems like it should work... |
Description
Today, the python-gssapi software builds against macOS' built-in GSSAPI/Kerberos Frameworks. This adds a variant to build against MacPorts' MIT Kerberos package,
kerberos5.kerberos5 is added as a variant because, if someone already has the package installed, we don't want to suddenly switch them to MIT Kerberos during an upgrade.
The long description is also updated to reflect which GSSAPI/Kerberos installation is being used.
Finally, a change is made to the options available on Mac OS X below 10.9: The kerberos5 variant is made the default; if the user attempts to remove this variant, their install errors out.
Type(s)
Tested on
macOS 15.3 24D60 arm64
Command Line Tools 16.2.0.0.1.1733547573
Verification
Have you
port lint?sudo port test?sudo port -vs install? --sudo port -vst installfails with exit code 9 when un-tarring the software.