krb5: add library version 1.19.2

recipes/krb5/all/conandata.yml

@@ -0,0 +1,16 @@
+sources:
+  "1.21.2":
+    url: "https://kerberos.org/dist/krb5/1.21/krb5-1.21.2.tar.gz"
+    sha256: "9560941a9d843c0243a71b17a7ac6fe31c7cebb5bce3983db79e52ae7e850491"
+patches:
+  "1.21.2":
+    - patch_file: "patches/0001-no-tests.patch"
+      patch_type: "conan"
+      patch_description: "Disable building tests"
+    - patch_file: "patches/0002-disable_ksu_root.patch"
+      patch_description: "No ksu install as root user"
+      patch_type: "conan"
+    - patch_file: "patches/0003-find-openssl-module.patch"
+      patch_description: "Use OpenSSL .pc module to find libraries"
+      patch_source: "https://github.com/krb5/krb5/pull/1351"
+      patch_type: "portability"

recipes/krb5/all/conanfile.py

@@ -0,0 +1,169 @@
+from conan import ConanFile
+from conan.tools.build import cross_building
+from conan.tools.env import VirtualBuildEnv, VirtualRunEnv
+from conan.errors import ConanInvalidConfiguration
+from conan.tools.files import copy, get, rmdir, export_conandata_patches, apply_conandata_patches, chdir
+from conan.tools.gnu import Autotools, AutotoolsToolchain, AutotoolsDeps, PkgConfigDeps
+from conan.tools.layout import basic_layout
+from conan.tools.microsoft import is_msvc
+import os
+
+required_conan_version = ">=1.54.0"
+
+class Krb5Conan(ConanFile):
+    name = "krb5"
+    description = "Kerberos is a network authentication protocol. It is designed to provide strong authentication " \
+                  "for client/server applications by using secret-key cryptography."
+    homepage = "https://web.mit.edu/kerberos"
+    topics = ("kerberos", "network", "authentication", "protocol", "client", "server", "cryptography")
+    license = "LicenseRef-NOTICE"
+    url = "https://github.com/conan-io/conan-center-index"
+    package_type = "shared-library"
+    options = {
+        "use_thread": [True, False],
+        "use_dns_realms": [True, False],
+        "with_tls": [False, "openssl"],
+    }
+    default_options = {
+        "use_thread": True,
+        "use_dns_realms": False,
+        "with_tls": "openssl"
+    }
+    options_description = {
+        "use_thread": "Enable thread support",
+        "use_dns_realms": "Enable DNS for realms",
+        "with_tls": "Enable TLS support with OpenSSL",
+    }
+    settings = "os", "arch", "compiler", "build_type"
+
+    def export_sources(self):
+        export_conandata_patches(self)
+
+    def configure(self):
+        self.settings.rm_safe("compiler.libcxx")
+        self.settings.rm_safe("compiler.cppstd")
+
+    def layout(self):
+        basic_layout(self, src_folder="src")
+
+    def validate(self):
+        if is_msvc(self):
+            raise ConanInvalidConfiguration(f"{self.ref} Conan recipe is not prepared for Windows yet. Contributions are welcome!")
+        if self.settings.os == "Macos":
+            raise ConanInvalidConfiguration(f"{self.ref} Conan recipe is not prepared for Macos yet. Contributions are welcome!")
+        if self.options.with_tls == "openssl" and not self.dependencies["openssl"].options.shared:
+            # k5tls does not respect linkage order, it passes krb5 and krb5support before openssl to the linker, which causes linking errors
+            # gcc -shared -fPIC -Wl,-h,k5tls.so.0 -Wl,--no-undefined -o k5tls.so openssl.so notls.so -L../../../lib -lkrb5 -lkrb5support ...
+            # /usr/bin/ld: /.../lib/libssl.a(libssl-lib-ssl_cert_comp.o): in function `OSSL_COMP_CERT_from_uncompressed_data':
+            #     ssl_cert_comp.c:(.text+0x3d1): undefined reference to `COMP_CTX_free'
+            raise ConanInvalidConfiguration(f"{self.ref} building with static OpenSSL generates linking errors. Please use '-o openssl/*:shared=True'")
+
+    def source(self):
+        get(self, **self.conan_data["sources"][self.version],
+            destination=self.source_folder, strip_root=True)
+
+    def generate(self):
+        env = VirtualBuildEnv(self)
+        env.generate()
+
+        if not cross_building(self):
+            env = VirtualRunEnv(self)
+            env.generate(scope="build")
+
+        tc = AutotoolsToolchain(self)
+        yes_no = lambda v: "yes" if v else "no"
+        tls_impl = {"openssl": "openssl",}.get(str(self.options.get_safe('with_tls')))
+        tc.configure_args.extend([
+            f"--enable-thread-support={yes_no(self.options.get_safe('use_thread'))}",
+            f"--enable-dns-for-realm={yes_no(self.options.use_dns_realms)}",
+            f"--enable-pkinit={yes_no(self.options.get_safe('with_tls'))}",
+            f"--with-crypto-impl={(tls_impl or 'builtin')}",
+            f"--with-spake-openssl={yes_no(self.options.get_safe('with_tls') == 'openssl')}",
+            f"--with-tls-impl={(tls_impl or 'no')}",
+            "--disable-nls",
+            "--disable-rpath",
+            "--without-libedit",
+            "--without-readline",
+            "--with-system-verto",
+            "--enable-dns-for-realm",
+            f"--with-keyutils={self.package_folder}",
+            f"--with-tcl={(self.dependencies['tcl'].package_folder if self.options.get_safe('with_tcl') else 'no')}",
+            ])
+        tc.generate()
+
+        pkg = AutotoolsDeps(self)
+        pkg.generate()
+        pkg = PkgConfigDeps(self)
+        pkg.generate()
+
+    def requirements(self):
+        self.requires("libverto/0.3.2")
+        if self.options.get_safe("with_tls") == "openssl":
+            self.requires("openssl/[>=1.1 <4]")
+        if self.options.get_safe("with_tcl"):
+            self.requires("tcl/8.6.11")
+
+    def build_requirements(self):
+        if not self.conf.get("tools.gnu:pkg_config", check_type=str):
+            self.tool_requires("pkgconf/1.9.3")
+        self.build_requires("automake/1.16.5")
+        self.build_requires("bison/3.8.2")
+
+    def build(self):
+        apply_conandata_patches(self)
+        with chdir(self, os.path.join(self.source_folder, "src")):
+            self.run("autoreconf -vif")
+        autotools = Autotools(self)
+        autotools.configure(build_script_folder=os.path.join(self.source_folder, "src"))
+        autotools.make()
+
+    def package(self):
+        copy(self, "NOTICE", src=self.source_folder, dst=os.path.join(self.package_folder, "licenses"))
+        autotools = Autotools(self)
+        autotools.install()
+        rmdir(self, os.path.join(self.package_folder, "lib", "pkgconfig"))
+        rmdir(self, os.path.join(self.package_folder, "share"))
+        rmdir(self, os.path.join(self.package_folder, "var"))
+
+    def package_info(self):
+        self.cpp_info.components["mit-krb5"].libs = ["krb5", "k5crypto", "com_err"]
+        if self.options.get_safe('with_tls') == "openssl":
+            self.cpp_info.components["mit-krb5"].requires = ["openssl::crypto"]
+        self.cpp_info.components["mit-krb5"].names["pkg_config"] = "mit-krb5"
+        if self.settings.os == "Linux":
+            self.cpp_info.components["mit-krb5"].system_libs = ["resolv"]
+
+        self.cpp_info.components["libkrb5"].libs = []
+        self.cpp_info.components["libkrb5"].requires = ["mit-krb5"]
+        self.cpp_info.components["libkrb5"].names["pkg_config"] = "krb5"
+
+        self.cpp_info.components["mit-krb5-gssapi"].libs = ["gssapi_krb5"]
+        self.cpp_info.components["mit-krb5-gssapi"].requires = ["mit-krb5"]
+        self.cpp_info.components["mit-krb5-gssapi"].names["pkg_config"] = "mit-krb5-gssapi"
+
+        self.cpp_info.components["krb5-gssapi"].libs = []
+        self.cpp_info.components["krb5-gssapi"].requires = ["mit-krb5-gssapi"]
+        self.cpp_info.components["krb5-gssapi"].names["pkg_config"] = "krb5-gssapi"
+
+        self.cpp_info.components["gssrpc"].libs = ["gssrpc"]
+        self.cpp_info.components["gssrpc"].requires = ["mit-krb5-gssapi"]
+        self.cpp_info.components["gssrpc"].names["pkg_config"] = "gssrpc"
+
+        self.cpp_info.components["kadm-client"].libs = ["kadm5clnt_mit"]
+        self.cpp_info.components["kadm-client"].requires = ["mit-krb5-gssapi", "gssrpc"]
+        self.cpp_info.components["kadm-client"].names["pkg_config"] = "kadm-client"
+
+        self.cpp_info.components["kdb"].libs = ["kdb5"]
+        self.cpp_info.components["kdb"].requires = ["mit-krb5-gssapi", "mit-krb5", "gssrpc"]
+        self.cpp_info.components["kdb"].names["pkg_config"] = "kdb-client"
+
+        self.cpp_info.components["kadm-server"].libs = ["kadm5srv_mit"]
+        self.cpp_info.components["kadm-server"].requires = ["kdb", "mit-krb5-gssapi"]
+        self.cpp_info.components["kadm-server"].names["pkg_config"] = "kadm-server"
+
+        self.cpp_info.components["krad"].libs = ["krad"]
+        self.cpp_info.components["krad"].requires = ["libkrb5", "libverto::libverto"]
+
+        krb5_config = os.path.join(self.package_folder, "bin", "krb5-config").replace("\\", "/")
+        self.output.info("Appending KRB5_CONFIG environment variable: {}".format(krb5_config))
+        self.runenv_info.define_path("KRB5_CONFIG", krb5_config)

recipes/krb5/all/patches/0001-no-tests.patch

@@ -0,0 +1,13 @@
+diff --git a/src/Makefile.in b/src/Makefile.in
+index 8f14e9bf2..dfb6843c9 100644
+--- a/src/Makefile.in
++++ b/src/Makefile.in
+@@ -30,7 +30,7 @@ SUBDIRS=util include lib \
+ 	plugins/preauth/spake \
+ 	plugins/preauth/test \
+ 	plugins/tls/k5tls \
+-	kdc kadmin kprop clients appl tests \
++	kdc kadmin kprop clients appl \
+ 	config-files build-tools man doc @po@
+ WINSUBDIRS=include util lib ccapi windows clients appl plugins\preauth\spake
+ BUILDTOP=$(REL).

recipes/krb5/all/patches/0002-disable_ksu_root.patch

@@ -0,0 +1,13 @@
+diff --git a/src/config/pre.in b/src/config/pre.in
+index 3752174..98dbe0f 100644
+--- a/src/config/pre.in
++++ b/src/config/pre.in
+@@ -184,7 +184,7 @@ INSTALL_PROGRAM=@INSTALL_PROGRAM@ $(INSTALL_STRIP)
+ INSTALL_SCRIPT=@INSTALL_PROGRAM@
+ INSTALL_DATA=@INSTALL_DATA@
+ INSTALL_SHLIB=@INSTALL_SHLIB@
+-INSTALL_SETUID=$(INSTALL) $(INSTALL_STRIP) -m 4755 -o root
++INSTALL_SETUID=$(INSTALL) $(INSTALL_STRIP) -m 755
+ ## This is needed because autoconf will sometimes define @exec_prefix@ to be
+ ## ${prefix}.
+ prefix=@prefix@

recipes/krb5/all/patches/0003-find-openssl-module.patch

@@ -0,0 +1,20 @@
+diff --git a/src/configure.ac b/src/configure.ac
+index 77be7a2..577da79 100644
+--- a/src/configure.ac
++++ b/src/configure.ac
+@@ -295,13 +295,10 @@ AC_ARG_WITH([tls-impl],
+   [TLS_IMPL=$withval], [TLS_IMPL=auto])
+ case "$TLS_IMPL" in
+ openssl|auto)
+-  AC_CHECK_LIB(ssl,SSL_CTX_new,[have_lib_ssl=true],[have_lib_ssl=false],
+-               -lcrypto)
+-  AC_MSG_CHECKING([for OpenSSL])
++  PKG_CHECK_MODULES([OPENSSL], [openssl >= 1.1.0], [have_lib_ssl=true], [have_lib_ssl=false])
+   if test x$have_lib_ssl = xtrue ; then
+     AC_DEFINE(TLS_IMPL_OPENSSL,1,[Define if TLS implementation is OpenSSL])
+-    AC_MSG_RESULT([yes])
+-    TLS_IMPL_LIBS="-lssl -lcrypto"
++    TLS_IMPL_LIBS=$OPENSSL_LIBS
+     TLS_IMPL=openssl
+     AC_MSG_NOTICE([TLS module will use OpenSSL])
+   else

recipes/krb5/all/test_package/CMakeLists.txt

@@ -0,0 +1,7 @@
+cmake_minimum_required(VERSION 3.1)
+project(test_package C)
+
+find_package(krb5 REQUIRED CONFIG)
+
+add_executable(${PROJECT_NAME} test_package.c)
+target_link_libraries(${PROJECT_NAME} PRIVATE krb5::krb5)

recipes/krb5/all/test_package/conanfile.py

@@ -0,0 +1,27 @@
+from conan import ConanFile
+from conan.tools.build import can_run
+from conan.tools.cmake import CMake, cmake_layout
+import os
+
+
+class TestPackageConan(ConanFile):
+    settings = "os", "compiler", "build_type", "arch"
+    generators = "CMakeToolchain", "CMakeDeps", "VirtualRunEnv"
+    test_type = "explicit"
+
+    def layout(self):
+        cmake_layout(self)
+
+    def requirements(self):
+        self.requires(self.tested_reference_str)
+
+    def build(self):
+        cmake = CMake(self)
+        cmake.configure()
+        cmake.build()
+
+    def test(self):
+        if can_run(self):
+            bin_path = os.path.join(self.cpp.build.bindirs[0], "test_package")
+            self.run(bin_path, env="conanrun")
+

recipes/krb5/all/test_package/test_package.c

@@ -0,0 +1,16 @@
+#include "krb5.h"
+
+#include <stdio.h>
+
+int
+main(int argc, char **argv)
+{
+    krb5_context context;
+    int ret = krb5_init_context(&context);
+    if (ret != 0) {
+        fprintf(stderr, "krb5_init_context failed\n");
+        return 1;
+    }
+    krb5_free_context(context);
+    return 0;
+}

recipes/krb5/config.yml

@@ -0,0 +1,3 @@
+versions:
+  "1.21.2":
+    folder: "all"