search

OpenIDC / mod_auth_openidc

OpenID Certified™ OpenID Connect Relying Party implementation for Apache HTTP Server 2.x
Apache License 2.0
990 stars 327 forks source link

LoadModule on FreeBSD / Apache 2.4 fails with undefined symbol "oidc_create_dir_config" #169

Closed finnigja closed 8 years ago

finnigja commented 8 years ago

I'm trying to create a FreeBSD port for the 2.0.0rc1 release, so building from source per instructions in INSTALL. The build completes and .so is installed, but restart Apache with LoadModule directive enabled fails:

# apachectl restart
Performing sanity check on apache24 configuration:
httpd: Syntax error on line 154 of /usr/local/etc/apache24/httpd.conf: Cannot load libexec/apache24/mod_auth_openidc.so into server: /usr/local/libexec/apache24/mod_auth_openidc.so: Undefined symbol "oidc_create_dir_config"

I see other closed issues with this same error, where the resolution was to make sure the Apache installed and module built-for versions match. But I'm doing the build on the same host with apxs using the same Apache version:

# apachectl -v
Server version: Apache/2.4.23 (FreeBSD)
Server built:   unknown
# apxs -q | grep HTTPD
HTTPD_MMN=20120211
HTTPD_VERSION=2.4.23

The symbols do seem to be there:

# readelf -s /usr/local/libexec/apache24/mod_auth_openidc.so | grep oidc_create_dir_config
    19: 0000000000000000     0 NOTYPE  GLOBAL DEFAULT  UND oidc_create_dir_config

Any suggestions appreciated!

Complete output from the build & install:

# make install
===>  License APACHE20 accepted by the user
===>  Found saved configuration for ap24-mod_auth_openidc-1.8.10
===>   ap24-mod_auth_openidc-2.0.0rc1 depends on file: /usr/local/sbin/pkg - found
===> Fetching all distfiles required by ap24-mod_auth_openidc-2.0.0rc1 for building
===>  Extracting for ap24-mod_auth_openidc-2.0.0rc1
=> SHA256 Checksum OK for pingidentity-mod_auth_openidc-v2.0.0rc1_GH0.tar.gz.
===>  Patching for ap24-mod_auth_openidc-2.0.0rc1
===>   ap24-mod_auth_openidc-2.0.0rc1 depends on file: /usr/local/sbin/apxs - found
===>   ap24-mod_auth_openidc-2.0.0rc1 depends on executable: gmake - found
===>   ap24-mod_auth_openidc-2.0.0rc1 depends on executable: autoconf-2.69 - found
===>   ap24-mod_auth_openidc-2.0.0rc1 depends on executable: autoheader-2.69 - found
===>   ap24-mod_auth_openidc-2.0.0rc1 depends on executable: autoreconf-2.69 - found
===>   ap24-mod_auth_openidc-2.0.0rc1 depends on executable: aclocal-1.15 - found
===>   ap24-mod_auth_openidc-2.0.0rc1 depends on executable: automake-1.15 - found
===>   ap24-mod_auth_openidc-2.0.0rc1 depends on executable: libtoolize - found
===>   ap24-mod_auth_openidc-2.0.0rc1 depends on package: pkgconf>=0.9.10 - found
===>   ap24-mod_auth_openidc-2.0.0rc1 depends on shared library: libcjose.so - found (/usr/local/lib/libcjose.so)
===>   ap24-mod_auth_openidc-2.0.0rc1 depends on shared library: libcurl.so - found (/usr/lib/libcurl.so)
===>   ap24-mod_auth_openidc-2.0.0rc1 depends on shared library: libjansson.so - found (/usr/local/lib/libjansson.so)
===>   ap24-mod_auth_openidc-2.0.0rc1 depends on shared library: libpcre.so - found (/usr/local/lib/libpcre.so)
===>  Configuring for ap24-mod_auth_openidc-2.0.0rc1
configure: loading site script /usr/ports/Templates/config.site
checking for apxs2... no
checking for apxs... /usr/local/sbin/apxs
checking pkg-config is at least version 0.9.0... yes
checking for CURL... yes
checking for OPENSSL... yes
checking for APR... yes
checking for JANSSON... yes
checking for CJOSE... yes
checking for PCRE... yes
checking for HIREDIS... no
configure: creating ./config.status
config.status: creating Makefile
===>  Building for ap24-mod_auth_openidc-2.0.0rc1
===>  Generating apache plist
(cd /usr/ports/www/mod_auth_openidc/work/mod_auth_openidc-2.0.0rc1 && /usr/local/sbin/apxs -c  -o mod_auth_openidc.la src/mod_auth_openidc.c)
/usr/local/share/apr/build-1/libtool --silent --mode=compile cc -prefer-pic -O2 -pipe -I/usr/include -DLIBICONV_PLUG -fstack-protector -fno-strict-aliasing    -I/usr/local/include/apache24  -I/usr/local/include/apr-1   -I/usr/local/include/apr-1 -I/usr/include -I/usr/local/include -I/usr/local/include/db6  -c -o src/mod_auth_openidc.lo src/mod_auth_openidc.c && touch src/mod_auth_openidc.slo
/usr/local/share/apr/build-1/libtool --silent --mode=link cc -L/usr/lib -fstack-protector   -o mod_auth_openidc.la  -rpath /usr/local/libexec/apache24 -module -avoid-version    src/mod_auth_openidc.lo
===>  Staging for ap24-mod_auth_openidc-2.0.0rc1
===>   ap24-mod_auth_openidc-2.0.0rc1 depends on file: /usr/local/sbin/apxs - found
===>   Generating temporary packing list
/usr/local/sbin/apxs -S LIBEXECDIR=/usr/ports/www/mod_auth_openidc/work/stage/usr/local/libexec/apache24 -i -n auth_openidc /usr/ports/www/mod_auth_openidc/work/mod_auth_openidc-2.0.0rc1/mod_auth_openidc.la
/usr/local/share/apache24/build/instdso.sh SH_LIBTOOL='/usr/local/share/apr/build-1/libtool' /usr/ports/www/mod_auth_openidc/work/mod_auth_openidc-2.0.0rc1/mod_auth_openidc.la /usr/ports/www/mod_auth_openidc/work/stage/usr/local/libexec/apache24
/usr/local/share/apr/build-1/libtool --mode=install install /usr/ports/www/mod_auth_openidc/work/mod_auth_openidc-2.0.0rc1/mod_auth_openidc.la /usr/ports/www/mod_auth_openidc/work/stage/usr/local/libexec/apache24/
libtool: install: install /usr/ports/www/mod_auth_openidc/work/mod_auth_openidc-2.0.0rc1/.libs/mod_auth_openidc.so /usr/ports/www/mod_auth_openidc/work/stage/usr/local/libexec/apache24/mod_auth_openidc.so
libtool: install: install /usr/ports/www/mod_auth_openidc/work/mod_auth_openidc-2.0.0rc1/.libs/mod_auth_openidc.lai /usr/ports/www/mod_auth_openidc/work/stage/usr/local/libexec/apache24/mod_auth_openidc.la
libtool: install: install /usr/ports/www/mod_auth_openidc/work/mod_auth_openidc-2.0.0rc1/.libs/mod_auth_openidc.a /usr/ports/www/mod_auth_openidc/work/stage/usr/local/libexec/apache24/mod_auth_openidc.a
libtool: install: chmod 644 /usr/ports/www/mod_auth_openidc/work/stage/usr/local/libexec/apache24/mod_auth_openidc.a
libtool: install: ranlib /usr/ports/www/mod_auth_openidc/work/stage/usr/local/libexec/apache24/mod_auth_openidc.a
libtool: install: warning: remember to run `libtool --finish /usr/local/libexec/apache24'
chmod 755 /usr/ports/www/mod_auth_openidc/work/stage/usr/local/libexec/apache24/mod_auth_openidc.so
===> strip libexec/apache24/mod_auth_openidc.so
==========================================================

Remember to uncomment the mod_auth_openidc LoadModule line in
/usr/local/etc/apache24/httpd.conf and restart Apache.

==========================================================
====> Compressing man pages (compress-man)
====> Running Q/A tests (stage-qa)
Warning: you may not need USES=ssl
===>  Installing for ap24-mod_auth_openidc-2.0.0rc1
===>  Checking if ap24-mod_auth_openidc already installed
===>   Registering installation for ap24-mod_auth_openidc-2.0.0rc1
Installing ap24-mod_auth_openidc-2.0.0rc1...
[preparing module `auth_openidc' in /usr/local/etc/apache24/httpd.conf]
gwollman commented 8 years ago

FYI, I created a port for the previous stable release(s) which is still sitting in FreeBSD bugzilla waiting for a committer to take an interest. See BZ#208127

zandbelt commented 8 years ago

@gwollman thanks for that; could you please find out if 2.0.0rc4 works for you following the same port process? I believe there aren't any differences between 1.8 and 2.0 that justify the error that @chair6 encounters so I suspect the build environment; I'd like to confirm before searching for issues in the 2.0 code.

gwollman commented 8 years ago

@zandbelt Nope. You've added a new dependency on something called "CJOSE" that doesn't exist in the Ports Collection, so it would take rather more work (which is why I haven't actually made any effort to update my package for 2.0). Packaging libraries is a lot harder than packaging a single Apache extension.

zandbelt commented 8 years ago

Can you then point @chair6 to the steps you used to build 1.8 as 2.0 builds in the same way once cjose is installed.

gwollman commented 8 years ago

The complete 1.8 port is in the bugzilla ticket linked above.

zandbelt commented 8 years ago

@chair6 looking at your build output more closely it shows that you only compile src/mod_auth_openidc.c but not the other files that are in the same directory (and cache subdirectory); that explains the error you get quite well; the distributed Makefile.in should take care of that but it looks like you're not using that one for you build

finnigja commented 8 years ago

@zandbelt Thanks! That was it .. I needed to tweak the Makefile that my port is using. I have now got a working mod_auth_openidc.so on my FreeBSD 10.3 / Apache 2.4.x box, and know more about how FreeBSD ports and apxs work than before.

@gwollman Thanks for the pointer. I had tried using your submitted port, but ran into problems with it not finding OpenSSL libraries at build time. I figured I'd try for 2.0 so got CJOSE added to the ports tree last week (https://svnweb.freebsd.org/ports/head/devel/cjose/) and have now submitted what Works For Me (TM) for mod_auth_openidc 2.0.0rc4 (https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=212434). Happy for them to be merged or whatever makes sense...

zandbelt commented 8 years ago

@chair6 the 2.0.0rc4 is a release candidate; I'm expecting to release a final 2.0.0 soon; hope you can then update the build since I'll remove the rc4 binaries

finnigja commented 8 years ago

Yes - assuming my port submission gets accepted, I'll happily update it to 2.0.0 final when you do a release. I could even withdraw the submission and wait, if you think that the final release will be sooner-than-later... (I've achieved my goal for now, my Apache-hosted app is happily talking to Auth0 with mod_auth_openidc).

zandbelt commented 8 years ago

I expect a release date between a few days and a few weeks...

finnigja commented 8 years ago

I pulled the FreeBSD submission for now - can resubmit when 2.0.0 goes final.