This is an automated email from the ASF dual-hosted git repository.
morningman pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/doris.git
The following commit(s) were added to refs/heads/master by this push:
new 7624c80d83 [Feature](Kafka) Add kerberos support for kafka (#14431)
7624c80d83 is described below
commit 7624c80d839f62886a1938b49f9d1e790ec8ae63
Author: Amos Bird <[email protected]>
AuthorDate: Mon Nov 21 20:45:50 2022 +0800
[Feature](Kafka) Add kerberos support for kafka (#14431)
Compile librdkafka with Kerberos SASL GSSAPI support.
---
thirdparty/build-thirdparty.sh | 13 ++++--
thirdparty/download-thirdparty.sh | 10 +++++
thirdparty/patches/cyrus-sasl-2.1.27.patch | 64 ++++++++++++++++++++++++++++++
thirdparty/patches/librdkafka-1.8.2.patch | 28 ++++++++++++-
4 files changed, 110 insertions(+), 5 deletions(-)
diff --git a/thirdparty/build-thirdparty.sh b/thirdparty/build-thirdparty.sh
index dbaeb43ec9..73327d8d18 100755
--- a/thirdparty/build-thirdparty.sh
+++ b/thirdparty/build-thirdparty.sh
@@ -817,9 +817,10 @@ build_cyrus_sasl() {
check_if_source_exist "${CYRUS_SASL_SOURCE}"
cd "${TP_SOURCE_DIR}/${CYRUS_SASL_SOURCE}"
- CPPFLAGS="-I${TP_INCLUDE_DIR}" \
+ CFLAGS="-fPIC" \
+ CPPFLAGS="-I${TP_INCLUDE_DIR}" \
LDFLAGS="-L${TP_LIB_DIR}" \
- ./configure --prefix="${TP_INSTALL_DIR}" --enable-static
--enable-shared=no --with-openssl="${TP_INSTALL_DIR}" --with-pic
+ ./configure --prefix="${TP_INSTALL_DIR}" --enable-static
--enable-shared=no --with-openssl="${TP_INSTALL_DIR}" --with-pic
--enable-gssapi="${TP_INSTALL_DIR}" --with-gss_impl=mit --with-dblib=none
if [[ "${KERNEL}" != 'Darwin' ]]; then
make -j "${PARALLEL}"
@@ -836,6 +837,10 @@ build_librdkafka() {
cd "${TP_SOURCE_DIR}/${LIBRDKAFKA_SOURCE}"
+ # NOTE(amos): librdkafka uses a weird autoconf variant (mklove) which
doesn't allow extending PKG_CONFIG with spaces in cmd.
+ # As a result, we use a patch to hard code "--static" into PKG_CONFIG
instead.
+ # PKG_CONFIG="pkg-config --static"
+
CPPFLAGS="-I${TP_INCLUDE_DIR}" \
LDFLAGS="-L${TP_LIB_DIR} -lssl -lcrypto -lzstd -lz -lsasl2" \
./configure --prefix="${TP_INSTALL_DIR}" --enable-static --enable-sasl
--disable-c11threads
@@ -1332,7 +1337,7 @@ build_krb5() {
with_crypto_impl='--with-crypto-impl=openssl'
fi
- CFLAGS="-fcommon -I${TP_INSTALL_DIR}/include"
LDFLAGS="-L${TP_INSTALL_DIR}/lib" \
+ CFLAGS="-fcommon -fPIC -I${TP_INSTALL_DIR}/include"
LDFLAGS="-L${TP_INSTALL_DIR}/lib" \
../configure --prefix="${TP_INSTALL_DIR}" --disable-shared
--enable-static ${with_crypto_impl:+${with_crypto_impl}}
make -j "${PARALLEL}"
@@ -1545,6 +1550,7 @@ build_leveldb
build_brpc
build_jemalloc
build_rocksdb
+build_krb5 # before cyrus_sasl
build_cyrus_sasl
build_librdkafka
build_flatbuffers
@@ -1565,7 +1571,6 @@ build_js_and_css
build_lzma
build_xml2
build_idn
-build_krb5
build_gsasl
build_hdfs3
build_benchmark
diff --git a/thirdparty/download-thirdparty.sh
b/thirdparty/download-thirdparty.sh
index 78107520af..c267e748c8 100755
--- a/thirdparty/download-thirdparty.sh
+++ b/thirdparty/download-thirdparty.sh
@@ -276,6 +276,16 @@ fi
cd -
echo "Finished patching ${GSASL_SOURCE}"
+# cyrus-sasl patch to force compile gssapi plugin when static linking
+# this is for librdkafka with sasl
+cd "${TP_SOURCE_DIR}/${CYRUS_SASL_SOURCE}"
+if [[ ! -f ${PATCHED_MARK} ]]; then
+ patch -p1 <"${TP_PATCH_DIR}/cyrus-sasl-2.1.27.patch"
+ touch "${PATCHED_MARK}"
+fi
+cd -
+echo "Finished patching ${CYRUS_SASL_SOURCE}"
+
# rocksdb patch to fix compile error
if [[ "${ROCKSDB_SOURCE}" == "rocksdb-5.14.2" ]]; then
cd "${TP_SOURCE_DIR}/${ROCKSDB_SOURCE}"
diff --git a/thirdparty/patches/cyrus-sasl-2.1.27.patch
b/thirdparty/patches/cyrus-sasl-2.1.27.patch
new file mode 100644
index 0000000000..1683b44b4f
--- /dev/null
+++ b/thirdparty/patches/cyrus-sasl-2.1.27.patch
@@ -0,0 +1,64 @@
+--- a/configure 2022-11-19 23:27:17.324633792 +0800
++++ b/configure 2022-11-19 23:26:58.612602601 +0800
+@@ -17099,7 +17099,7 @@
+ $as_echo_n "(cached) " >&6
+ else
+ ac_check_lib_save_LIBS=$LIBS
+-LIBS="-lgssapi_krb5 ${GSSAPIBASE_LIBS} -lgssapi_krb5 -lkrb5 -lk5crypto
-lcom_err ${LIB_SOCKET} $LIBS"
++LIBS="-lgssapi_krb5 ${GSSAPIBASE_LIBS} -lgssapi_krb5 -lkrb5 -lk5crypto
-lcom_err -lkrb5support -ldl -lresolv ${LIB_SOCKET} $LIBS"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+ /* end confdefs.h. */
+
+@@ -17306,8 +17306,8 @@
+ fi
+
+ if test "$gss_impl" = "mit"; then
+- GSSAPIBASE_LIBS="$GSSAPIBASE_LIBS -lgssapi_krb5 -lkrb5 -lk5crypto
-lcom_err"
+- GSSAPIBASE_STATIC_LIBS="$GSSAPIBASE_LIBS $gssapi_dir/libgssapi_krb5.a
$gssapi_dir/libkrb5.a $gssapi_dir/libk5crypto.a $gssapi_dir/libcom_err.a"
++ GSSAPIBASE_LIBS="$GSSAPIBASE_LIBS -lgssapi_krb5 -lkrb5 -lk5crypto
-lcom_err -lkrb5support -ldl -lresolv"
++ GSSAPIBASE_STATIC_LIBS="$GSSAPIBASE_LIBS $gssapi_dir/libgssapi_krb5.a
$gssapi_dir/libkrb5.a $gssapi_dir/libk5crypto.a $gssapi_dir/libcom_err.a
$gssapi_dir/libkrb5support.a"
+ elif test "$gss_impl" = "heimdal"; then
+ CPPFLAGS="$CPPFLAGS"
+ GSSAPIBASE_LIBS="$GSSAPIBASE_LIBS -lgssapi -lkrb5 -lasn1 -lroken
${LIB_CRYPT} ${LIB_DES} -lcom_err"
+
+--- a/lib/dlopen.c 2022-11-21 02:42:16.590169904 +0800
++++ b/lib/dlopen.c 2022-11-21 02:42:51.202224311 +0800
+@@ -56,10 +56,8 @@
+ #include <sasl.h>
+ #include "saslint.h"
+
+-#ifndef PIC
+ #include <saslplug.h>
+ #include "staticopen.h"
+-#endif
+
+ #ifdef DO_DLOPEN
+ #if HAVE_DIRENT_H
+@@ -414,11 +412,9 @@
+ DIR *dp;
+ struct dirent *dir;
+ #endif
+-#ifndef PIC
+ add_plugin_t *add_plugin;
+ _sasl_plug_type type;
+ _sasl_plug_rec *p;
+-#endif
+
+ if (! entrypoints
+ || ! getpath_cb
+@@ -429,7 +425,6 @@
+ || ! verifyfile_cb->proc)
+ return SASL_BADPARAM;
+
+-#ifndef PIC
+ /* do all the static plugins first */
+
+ for(cur_ep = entrypoints; cur_ep->entryname; cur_ep++) {
+@@ -456,7 +451,6 @@
+ result = add_plugin(p->name, p->plug);
+ }
+ }
+-#endif /* !PIC */
+
+ /* only do the following if:
+ *
diff --git a/thirdparty/patches/librdkafka-1.8.2.patch
b/thirdparty/patches/librdkafka-1.8.2.patch
index 6b27ec067f..a7d4542a5f 100644
--- a/thirdparty/patches/librdkafka-1.8.2.patch
+++ b/thirdparty/patches/librdkafka-1.8.2.patch
@@ -10,4 +10,30 @@
+ // rd_assert(thrd_is_current(rkb->rkb_thread));
rd_assert(TAILQ_EMPTY(&rkb->rkb_monitors));
rd_assert(TAILQ_EMPTY(&rkb->rkb_outbufs.rkbq_bufs));
- rd_assert(TAILQ_EMPTY(&rkb->rkb_waitresps.rkbq_bufs));
\ No newline at end of file
+ rd_assert(TAILQ_EMPTY(&rkb->rkb_waitresps.rkbq_bufs));
+
+--- mklove/modules/configure.base 2022-11-21 03:47:14.072094876 +0800
++++ mklove/modules/configure.base 2022-11-21 03:47:01.360075164 +0800
+@@ -1716,7 +1716,7 @@
+ mkl_check_begin "$cname" "$2" "no-cache" "$1 (by pkg-config)" && return $?
+
+ local cflags=
+- local cmd="${PKG_CONFIG} --short-errors --cflags $libname"
++ local cmd="${PKG_CONFIG} --static --short-errors --cflags $libname"
+ mkl_dbg "pkg-config check $libname for CFLAGS ($2): $cmd"
+
+ cflags=$($cmd 2>&1)
+@@ -1738,11 +1738,11 @@
+ fi
+
+ local libs=
+- cmd="${PKG_CONFIG} --short-errors --libs $libname"
++ cmd="${PKG_CONFIG} --static --short-errors --libs $libname"
+ mkl_dbg "pkg-config check $libname for LIBS ($2): $cmd"
+ libs=$($cmd 2>&1)
+ if [[ $? != 0 ]]; then
+- mkl_dbg "${PKG_CONFIG} --libs $libname failed: $libs"
++ mkl_dbg "${PKG_CONFIG} --static --libs $libname failed: $libs"
+ # Clear define name ($2): caller may have additional checks
+ mkl_check_failed "$cname" "" "$3" "pkg-config --libs failed"
+ return 1
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
