Permissions for shared libraries in Kerberos
Robbie Harwood
rharwood at redhat.com
Wed Nov 18 15:38:35 EST 2020
Robbie Harwood <rharwood at redhat.com> writes:
> Ken Hornstein <kenh at cmf.nrl.navy.mil> writes:
>
>> I have been working on packaging up our Kerberos code into a RPM (to
>> upgrade our ancient dusty old Kerberos RPMs), and I had been running
>> into a problem where shared library dependencies were not being
>> processed properly. More specifically, the executables were saying,
>> "hey, I depend on libkrb5.so(FOO)", but the RPM wouldn't ever figure
>> out the shared library PROVIDED "libkrb5.so(FOO)", so you'd get a
>> bunch of unresolved dependencies. We had this same problem with our
>> ancient old dusty Kerberos RPMs, but I wanted to fix this correctly
>> for once.
>>
>> Fast forward a distressingly large number of late-night hours later
>> digging into the guts of RPM, the reason for this is simple. The
>> automatic dependency scripts only extract symbols from shared
>> libraries if they have the execute bit set, and MIT Kerberos installs
>> all of the shared libraries as mode 644.
>
> Fedora seems to take care of this transparently - I don't have any
> special logic to mark them executable.
Gah, spoke too soon. I patch shlib.conf to make install them
executable.
Thanks,
--Robbie
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20201118/127b51be/attachment.bin
More information about the krbdev
mailing list