search

apereo / mod_auth_cas

An Apache httpd module for integrating with Apereo CAS Server project.
https://www.apereo.org/projects/cas
147 stars 97 forks source link

mod_auth_cas fails to build against CentOS/RHEL 7 Apache #173

Closed Teknoenie closed 4 years ago

Teknoenie commented 5 years ago

When building against the latest git clone of mod_auth_cas the build fails as can be seen below. If I git clone -b 'v1.2' the version builds just fine.

make[2]: Entering directory `/tmp/mod_auth_cas/src' /usr/bin/apxs -c -lpcre -lcrypto -Wc," -D_LARGEFILE64_SOURCE -g -O2 -Wall -Wextra -Wdeclaration-after-statement -Wformat -Wformat-security -Wmissing-declarations -Wno-unused-parameter -Wpointer-arith -Wstrict-prototypes " -Wl," -lcurl -lpcre -lcrypto " mod_auth_cas.c cas_saml_attr.c /usr/lib64/apr-1/build/libtool --silent --mode=compile gcc -std=gnu99 -prefer-pic -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -DLINUX -D_REENTRANT -D_GNU_SOURCE -pthread -I/usr/include/httpd -I/usr/include/apr-1 -I/usr/include/apr-1 -D_LARGEFILE64_SOURCE -g -O2 -Wall -Wextra -Wdeclaration-after-statement -Wformat -Wformat-security -Wmissing-declarations -Wno-unused-parameter -Wpointer-arith -Wstrict-prototypes -c -o mod_auth_cas.lo mod_auth_cas.c && touch mod_auth_cas.slo mod_auth_cas.c:49:24: fatal error: apr_escape.h: No such file or directory

include "apr_escape.h"

                    ^

compilation terminated. apxs:Error: Command failed with rc=65536 . make[2]: Leaving directory /tmp/mod_auth_cas/src' make[2]: *** [mod_auth_cas.la] Error 1 make[1]: Leaving directory/tmp/mod_auth_cas' make[1]: [all-recursive] Error 1 make: [all] Error 2 The command '/bin/sh -c cd /tmp && git clone https://github.com/apereo/mod_auth_cas.git && cd /tmp/mod_auth_cas && autoreconf -ivf && ./configure && make && make install' returned a non-zero code: 2

Teknoenie commented 5 years ago

Here is the relevant Dockerfile that I am using to build mod_auth_cas.

FROM centos:latest AS CAS_BUILDER

RUN yum -y clean all && \ yum -y upgrade && \ yum -y install autoconf automake gcc git make httpd-devel libcurl-devel libtool openssl-devel && \ yum -y clean all

RUN cd /tmp && git clone https://github.com/apereo/mod_auth_cas.git && \ cd /tmp/mod_auth_cas && \ autoreconf -ivf && \ ./configure && \ make && make install

GitHub
apereo/mod_auth_cas
An Apache httpd module for integrating with Apereo CAS Server project. - apereo/mod_auth_cas
dhawes commented 5 years ago

Try installing the apr-devel and apr15u-devel packages.

Teknoenie commented 5 years ago

I installed apr-devel and it made no difference, however, it is 1.4.8. There is no apr15-devel as provided by the base OS. For many, this may be an issue. Have you tried compiling against CentOS 7 fully updated?

Teknoenie commented 5 years ago

After installing the IUS repo and installing the apr15u-devel, httpd24u and httpd24u-devel packages from there I was able to successfully build mod_auth_cas, so that would indicate that the newest versions of mod_auth_cas will not compile natively on CentOS 7.6.

It is unlikely that CentOS 7 will be rebased to 1.5.x and so this will likely be the requirement that

A) CentOS 7 base will no longer be supported B) CentOS 7 base with third party repositories is now a requirement for CAS C) The minimum requirement after the APR patches from 28 days ago is CentOS 8

Perhaps they will back-port the required bits in a later version of the OS?

For users of mod_auth_cas, I would advise you to stick with v1.2 which does compile and prepare for running unsupported on CentOS 7.6 because of the need to enable third party repositories for master to work.

Teknoenie commented 5 years ago

Is it possible to revert the patches from 28 days ago and make them work using the OS native versions? Perhaps additional tests need to be in place to test for this kind of breakage or was this breakage to be expected?

dhawes commented 5 years ago

There is no apr15-devel as provided by the base OS. For many, this may be an issue.

Sorry, I didn't realize that this was a third party package. I just did a quick search to find a package with apr_escape.h and this showed up.

so that would indicate that the newest versions of mod_auth_cas will not compile natively on CentOS 7.6

I don't see any CentOS 7 packages that include APR 1.5, so it does seem to be true that you cannot compile mod_auth_cas using only packages. Of course, you can always compile APR yourself and use that. It's as simple as:

FROM centos:latest

RUN yum -y clean all && yum -y upgrade && yum -y install autoconf automake gcc git make httpd-devel libcurl-devel libtool openssl-devel apr-devel arp-util-devel wget && yum -y clean all

# Don't forget to verify the tarball!
RUN cd /tmp && wget http://www.trieuvan.com/apache/apr/apr-1.7.0.tar.gz && tar zxf apr-1.7.0.tar.gz && cd apr-1.7.0 && ./configure && make && make install

RUN cd /tmp && git clone https://github.com/apereo/mod_auth_cas.git && cd /tmp/mod_auth_cas && autoreconf -ivf && CPPFLAGS=-I/usr/local/apr/include/apr-1 LDFLAGS=-L/usr/local/apr/lib ./configure && make && make install

and setting LD_LIBRARY_PATH to the APR libraries when you run httpd.

It is unlikely that CentOS 7 will be rebased to 1.5.x

1.5.0 was tagged in 2013. I think CentOS using updated libraries is the better path forward.

Is it possible to revert the patches from 28 days ago and make them work using the OS native versions?

I don't see any need to revert because of out of date OS packages.

Perhaps additional tests need to be in place to test for this kind of breakage or was this breakage to be expected?

I'd agree that we need more tests, and we certainly need to update the dependencies in the README. I'm not sure we need to worry too much about OS packages as long as compilation from Apache sources (httpd, APR) is working.

Teknoenie commented 5 years ago

I'm totally okay with the README being updated to reflect the dropping of CentOS/RHEL 7 after version 1.2. I just figured that if this was a bug it needed to be reported. Since it doesn't seem to be a bug, but rather a deprecation of support, than I think it's safe to say that this issue can be resolved as I believe workarounds have been documented here to help others figure out how to work around the issue until such time as they are able to migrate to a newer OS with the packages available from Base.

Smy commented 5 years ago

I don't have any problem to compile the latest git clone on RHEL 7.

I'm using my own path of apr 1.6.5 and apr-util 1.6.1, used to compile Apache httpd 2.4.39.

Teknoenie commented 5 years ago

I don't have any problem to compile the latest git clone on RHEL 7.

I'm using my own path of apr 1.6.5 and apr-util 1.6.1, used to compile Apache httpd 2.4.39.

Then you are not compiling against CentOS 7 Base OS which is what was specified in the original issue. It compiles fine as long as you are willing to deviate from what the Base OS provides. This means that the documentation must now be updated to specify that mod_auth_cas will no longer compile on CentOS/RHEL 7 using Base OS components. It did prior to the APR code commits. ;)

adaugherity commented 5 years ago

At the very least, the documentation should be updated to indicated the required APR version (right now, it says 1.2.8). No idea if the apr-util version is affected...

Looks like RHEL/Centos 7 (also 6, but meh...) is the only currently-supported LTS distro with a too-old APR (since SLES 11 is now EOL). Ubuntu 14.04 LTS, SLES 12, Debian 8, and RHEL 8 all have at least APR 1.5 (let alone newer releases of those distros). It's unfortunate if they don't update, since RHEL 7 is still supported through 2024...

dhawes commented 5 years ago

I'm tempted to make a change like the following based on some quick testing with Apache 2.4.39:

-* Apache Portable Runtime - 1.2.8 or higher
-* Apache Portable Runtime Utilities - 1.2.7 or higher
+* Apache Portable Runtime - 1.5.0 or higher
+* Apache Portable Runtime Utilities - 1.3.0 or higher

More testing is needed though.