[1/2] krb5: Move package into core system.

  On one hand, the key.dns_resolver binary is linked against libkrb5, so this
library at least is required by the base system.

On the other hand this easily allows different services on the firewall
to use kerberos for authentication (ssh etc).

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---
 config/rootfiles/{packages => common}/krb5 | 0
 lfs/cups                                   | 4 ++--
 lfs/krb5                                   | 4 ----
 lfs/netatalk                               | 4 ++--
 lfs/samba                                  | 4 ++--
 lfs/tshark                                 | 4 ++--
 6 files changed, 8 insertions(+), 12 deletions(-)
 rename config/rootfiles/{packages => common}/krb5 (100%)
  

Hello,

> On 15 May 2022, at 17:02, Stefan Schantl <stefan.schantl@ipfire.org> wrote:
> 
> On one hand, the key.dns_resolver binary is linked against libkrb5, so this
> library at least is required by the base system.
> 
> On the other hand this easily allows different services on the firewall
> to use kerberos for authentication (ssh etc).

Do we not need to enable this at compile time then?

-Michael

> 
> Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
> ---
> config/rootfiles/{packages => common}/krb5 | 0
> lfs/cups                                   | 4 ++--
> lfs/krb5                                   | 4 ----
> lfs/netatalk                               | 4 ++--
> lfs/samba                                  | 4 ++--
> lfs/tshark                                 | 4 ++--
> 6 files changed, 8 insertions(+), 12 deletions(-)
> rename config/rootfiles/{packages => common}/krb5 (100%)
> 
> diff --git a/config/rootfiles/packages/krb5 b/config/rootfiles/common/krb5
> similarity index 100%
> rename from config/rootfiles/packages/krb5
> rename to config/rootfiles/common/krb5
> diff --git a/lfs/cups b/lfs/cups
> index cd4519b63..7d4dc20c2 100644
> --- a/lfs/cups
> +++ b/lfs/cups
> @@ -33,9 +33,9 @@ DL_FROM    = $(URL_IPFIRE)
> DIR_APP    = $(DIR_SRC)/cups-$(VER)
> TARGET     = $(DIR_INFO)/$(THISAPP)
> PROG       = cups
> -PAK_VER    = 25
> +PAK_VER    = 26
> 
> -DEPS       = avahi cups-filters dbus ghostscript krb5 libtiff
> +DEPS       = avahi cups-filters dbus ghostscript libtiff
> 
> SERVICES   = cups
> 
> diff --git a/lfs/krb5 b/lfs/krb5
> index 399f9338e..e08948005 100644
> --- a/lfs/krb5
> +++ b/lfs/krb5
> @@ -33,10 +33,6 @@ DL_FILE    = $(THISAPP).tar.gz
> DL_FROM    = $(URL_IPFIRE)
> DIR_APP    = $(DIR_SRC)/$(THISAPP)/src
> TARGET     = $(DIR_INFO)/$(THISAPP)
> -PROG       = krb5
> -PAK_VER    = 7
> -
> -DEPS       =
> 
> SERVICES   =
> 
> diff --git a/lfs/netatalk b/lfs/netatalk
> index 61ba193a5..ef75c89fe 100644
> --- a/lfs/netatalk
> +++ b/lfs/netatalk
> @@ -34,9 +34,9 @@ DL_FROM    = $(URL_IPFIRE)
> DIR_APP    = $(DIR_SRC)/$(THISAPP)
> TARGET     = $(DIR_INFO)/$(THISAPP)
> PROG       = netatalk
> -PAK_VER    = 2
> +PAK_VER    = 3
> 
> -DEPS       = avahi dbus krb5
> +DEPS       = avahi dbus
> 
> SERVICES   = netatalk
> 
> diff --git a/lfs/samba b/lfs/samba
> index 97fe96918..a48a0ecb1 100644
> --- a/lfs/samba
> +++ b/lfs/samba
> @@ -33,9 +33,9 @@ DL_FROM    = $(URL_IPFIRE)
> DIR_APP    = $(DIR_SRC)/$(THISAPP)
> TARGET     = $(DIR_INFO)/$(THISAPP)
> PROG       = samba
> -PAK_VER    = 84
> +PAK_VER    = 85
> 
> -DEPS       = avahi cups libtirpc krb5 perl-Parse-Yapp perl-JSON
> +DEPS       = avahi cups libtirpc perl-Parse-Yapp perl-JSON
> 
> SERVICES   = samba
> 
> diff --git a/lfs/tshark b/lfs/tshark
> index eb89f7474..ee9c06dc4 100644
> --- a/lfs/tshark
> +++ b/lfs/tshark
> @@ -34,8 +34,8 @@ DL_FROM    = $(URL_IPFIRE)
> DIR_APP    = $(DIR_SRC)/$(THISAPP)
> TARGET     = $(DIR_INFO)/$(THISAPP)
> PROG       = tshark
> -DEPS       = krb5 c-ares
> -PAK_VER    = 12
> +DEPS       = c-ares
> +PAK_VER    = 13
> 
> SERVICES   =
> 
> -- 
> 2.30.2
>
  

Hello Michael,

thanks for your reply.

Of course we need to be sure krb5 will get built before openSSH and may 
needs some additional compile flags - I'll take care about that.

Do we want kerberos support for any additonal services?

Thanks in advance and best regards,


-Stefan

Am 16. Mai 2022 11:05:10 schrieb Michael Tremer <michael.tremer@ipfire.org>:

> Hello,
>
>> On 15 May 2022, at 17:02, Stefan Schantl <stefan.schantl@ipfire.org> wrote:
>>
>> On one hand, the key.dns_resolver binary is linked against libkrb5, so this
>> library at least is required by the base system.
>>
>> On the other hand this easily allows different services on the firewall
>> to use kerberos for authentication (ssh etc).
>
> Do we not need to enable this at compile time then?
>
> -Michael
>
>>
>> Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
>> ---
>> config/rootfiles/{packages => common}/krb5 | 0
>> lfs/cups                                   | 4 ++--
>> lfs/krb5                                   | 4 ----
>> lfs/netatalk                               | 4 ++--
>> lfs/samba                                  | 4 ++--
>> lfs/tshark                                 | 4 ++--
>> 6 files changed, 8 insertions(+), 12 deletions(-)
>> rename config/rootfiles/{packages => common}/krb5 (100%)
>>
>> diff --git a/config/rootfiles/packages/krb5 b/config/rootfiles/common/krb5
>> similarity index 100%
>> rename from config/rootfiles/packages/krb5
>> rename to config/rootfiles/common/krb5
>> diff --git a/lfs/cups b/lfs/cups
>> index cd4519b63..7d4dc20c2 100644
>> --- a/lfs/cups
>> +++ b/lfs/cups
>> @@ -33,9 +33,9 @@ DL_FROM    = $(URL_IPFIRE)
>> DIR_APP    = $(DIR_SRC)/cups-$(VER)
>> TARGET     = $(DIR_INFO)/$(THISAPP)
>> PROG       = cups
>> -PAK_VER    = 25
>> +PAK_VER    = 26
>>
>> -DEPS       = avahi cups-filters dbus ghostscript krb5 libtiff
>> +DEPS       = avahi cups-filters dbus ghostscript libtiff
>>
>> SERVICES   = cups
>>
>> diff --git a/lfs/krb5 b/lfs/krb5
>> index 399f9338e..e08948005 100644
>> --- a/lfs/krb5
>> +++ b/lfs/krb5
>> @@ -33,10 +33,6 @@ DL_FILE    = $(THISAPP).tar.gz
>> DL_FROM    = $(URL_IPFIRE)
>> DIR_APP    = $(DIR_SRC)/$(THISAPP)/src
>> TARGET     = $(DIR_INFO)/$(THISAPP)
>> -PROG       = krb5
>> -PAK_VER    = 7
>> -
>> -DEPS       =
>>
>> SERVICES   =
>>
>> diff --git a/lfs/netatalk b/lfs/netatalk
>> index 61ba193a5..ef75c89fe 100644
>> --- a/lfs/netatalk
>> +++ b/lfs/netatalk
>> @@ -34,9 +34,9 @@ DL_FROM    = $(URL_IPFIRE)
>> DIR_APP    = $(DIR_SRC)/$(THISAPP)
>> TARGET     = $(DIR_INFO)/$(THISAPP)
>> PROG       = netatalk
>> -PAK_VER    = 2
>> +PAK_VER    = 3
>>
>> -DEPS       = avahi dbus krb5
>> +DEPS       = avahi dbus
>>
>> SERVICES   = netatalk
>>
>> diff --git a/lfs/samba b/lfs/samba
>> index 97fe96918..a48a0ecb1 100644
>> --- a/lfs/samba
>> +++ b/lfs/samba
>> @@ -33,9 +33,9 @@ DL_FROM    = $(URL_IPFIRE)
>> DIR_APP    = $(DIR_SRC)/$(THISAPP)
>> TARGET     = $(DIR_INFO)/$(THISAPP)
>> PROG       = samba
>> -PAK_VER    = 84
>> +PAK_VER    = 85
>>
>> -DEPS       = avahi cups libtirpc krb5 perl-Parse-Yapp perl-JSON
>> +DEPS       = avahi cups libtirpc perl-Parse-Yapp perl-JSON
>>
>> SERVICES   = samba
>>
>> diff --git a/lfs/tshark b/lfs/tshark
>> index eb89f7474..ee9c06dc4 100644
>> --- a/lfs/tshark
>> +++ b/lfs/tshark
>> @@ -34,8 +34,8 @@ DL_FROM    = $(URL_IPFIRE)
>> DIR_APP    = $(DIR_SRC)/$(THISAPP)
>> TARGET     = $(DIR_INFO)/$(THISAPP)
>> PROG       = tshark
>> -DEPS       = krb5 c-ares
>> -PAK_VER    = 12
>> +DEPS       = c-ares
>> +PAK_VER    = 13
>>
>> SERVICES   =
>>
>> --
>> 2.30.2
>>
  

Hello,

> On 17 May 2022, at 08:29, Stefan Schantl <stefan.schantl@ipfire.org> wrote:
> 
> Hello Michael,
> 
> thanks for your reply.
> 
> Of course we need to be sure krb5 will get built before openSSH and may needs some additional compile flags - I'll take care about that.
> 
> Do we want kerberos support for any additonal services?

I can’t think of anything. SSH is just helpful because we are using Kerberos massively throughout our own infrastructure.

Best,
-Michael

> Thanks in advance and best regards,
> 
> 
> -Stefan
> 
> Am 16. Mai 2022 11:05:10 schrieb Michael Tremer <michael.tremer@ipfire.org>:
> 
>> Hello,
>> 
>>> On 15 May 2022, at 17:02, Stefan Schantl <stefan.schantl@ipfire.org> wrote:
>>> 
>>> On one hand, the key.dns_resolver binary is linked against libkrb5, so this
>>> library at least is required by the base system.
>>> 
>>> On the other hand this easily allows different services on the firewall
>>> to use kerberos for authentication (ssh etc).
>> 
>> Do we not need to enable this at compile time then?
>> 
>> -Michael
>> 
>>> 
>>> Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
>>> ---
>>> config/rootfiles/{packages => common}/krb5 | 0
>>> lfs/cups                                   | 4 ++--
>>> lfs/krb5                                   | 4 ----
>>> lfs/netatalk                               | 4 ++--
>>> lfs/samba                                  | 4 ++--
>>> lfs/tshark                                 | 4 ++--
>>> 6 files changed, 8 insertions(+), 12 deletions(-)
>>> rename config/rootfiles/{packages => common}/krb5 (100%)
>>> 
>>> diff --git a/config/rootfiles/packages/krb5 b/config/rootfiles/common/krb5
>>> similarity index 100%
>>> rename from config/rootfiles/packages/krb5
>>> rename to config/rootfiles/common/krb5
>>> diff --git a/lfs/cups b/lfs/cups
>>> index cd4519b63..7d4dc20c2 100644
>>> --- a/lfs/cups
>>> +++ b/lfs/cups
>>> @@ -33,9 +33,9 @@ DL_FROM    = $(URL_IPFIRE)
>>> DIR_APP    = $(DIR_SRC)/cups-$(VER)
>>> TARGET     = $(DIR_INFO)/$(THISAPP)
>>> PROG       = cups
>>> -PAK_VER    = 25
>>> +PAK_VER    = 26
>>> 
>>> -DEPS       = avahi cups-filters dbus ghostscript krb5 libtiff
>>> +DEPS       = avahi cups-filters dbus ghostscript libtiff
>>> 
>>> SERVICES   = cups
>>> 
>>> diff --git a/lfs/krb5 b/lfs/krb5
>>> index 399f9338e..e08948005 100644
>>> --- a/lfs/krb5
>>> +++ b/lfs/krb5
>>> @@ -33,10 +33,6 @@ DL_FILE    = $(THISAPP).tar.gz
>>> DL_FROM    = $(URL_IPFIRE)
>>> DIR_APP    = $(DIR_SRC)/$(THISAPP)/src
>>> TARGET     = $(DIR_INFO)/$(THISAPP)
>>> -PROG       = krb5
>>> -PAK_VER    = 7
>>> -
>>> -DEPS       =
>>> 
>>> SERVICES   =
>>> 
>>> diff --git a/lfs/netatalk b/lfs/netatalk
>>> index 61ba193a5..ef75c89fe 100644
>>> --- a/lfs/netatalk
>>> +++ b/lfs/netatalk
>>> @@ -34,9 +34,9 @@ DL_FROM    = $(URL_IPFIRE)
>>> DIR_APP    = $(DIR_SRC)/$(THISAPP)
>>> TARGET     = $(DIR_INFO)/$(THISAPP)
>>> PROG       = netatalk
>>> -PAK_VER    = 2
>>> +PAK_VER    = 3
>>> 
>>> -DEPS       = avahi dbus krb5
>>> +DEPS       = avahi dbus
>>> 
>>> SERVICES   = netatalk
>>> 
>>> diff --git a/lfs/samba b/lfs/samba
>>> index 97fe96918..a48a0ecb1 100644
>>> --- a/lfs/samba
>>> +++ b/lfs/samba
>>> @@ -33,9 +33,9 @@ DL_FROM    = $(URL_IPFIRE)
>>> DIR_APP    = $(DIR_SRC)/$(THISAPP)
>>> TARGET     = $(DIR_INFO)/$(THISAPP)
>>> PROG       = samba
>>> -PAK_VER    = 84
>>> +PAK_VER    = 85
>>> 
>>> -DEPS       = avahi cups libtirpc krb5 perl-Parse-Yapp perl-JSON
>>> +DEPS       = avahi cups libtirpc perl-Parse-Yapp perl-JSON
>>> 
>>> SERVICES   = samba
>>> 
>>> diff --git a/lfs/tshark b/lfs/tshark
>>> index eb89f7474..ee9c06dc4 100644
>>> --- a/lfs/tshark
>>> +++ b/lfs/tshark
>>> @@ -34,8 +34,8 @@ DL_FROM    = $(URL_IPFIRE)
>>> DIR_APP    = $(DIR_SRC)/$(THISAPP)
>>> TARGET     = $(DIR_INFO)/$(THISAPP)
>>> PROG       = tshark
>>> -DEPS       = krb5 c-ares
>>> -PAK_VER    = 12
>>> +DEPS       = c-ares
>>> +PAK_VER    = 13
>>> 
>>> SERVICES   =
>>> 
>>> -- 
>>> 2.30.2
>>> 
>
  

Hello Stefan,

a very belated thanks for your patches regarding libtiff and krb5, which I just merged
for Core Update 169, to finally cure all the missing dependencies we have for some
executables.

As for Kerberos support, I do not think it is too pressing to add this to OpenSSH et al.,
and would be happy to review any eventually incoming patches, but do not feel a rush
on this end.

All the best,
Peter Müller