[arch-dev-public] Heimdal changes

Jan de Groot jan at jgc.homeip.net
Wed Jan 7 18:08:04 EST 2009

Tonight I've been working on heimdal. I found out some things about this

1. It includes libeditline, a BSD port of libreadline. Nothing in the
package uses this library, as heimdal is compiled with readline. The
installed libreadline.* files are actually broken libraries, because
they're missing the strlcopy symbols, which are only available on *BSD
platforms, not in glibc.

2. We've been using patches from gentoo for a long while. The patches we
included were introduced in some 0.7 version, and never reviewed in
later versions. In the meanwhile, some don't apply or were replaced by
newer patches.

3. Heimdal uses an internal snapshot of sqlite and links this one static
inside the krb5 libraries. While this reduces dependencies, it has two
- security fixes in sqlite have to be tracked inside heimdal
- static linking is evil because applications utilizing sqlite will end
up with two copies of the sqlite library in memory

I changed the PKGBUILD, added patches, added a dependency to sqlite3 and
pushed it to testing. I also added -Wl,--as-needed to LDFLAGS to reduce
link dependencies on sqlite3, as each and every binary links to it
without these flags, while it's only used in the client libraries for
the credentials cache.

I would like to have some review on this, as it's a core package. This
will also mean that sqlite3 has to be pulled from extra into core (or
ssh and heimdal move to extra, as ssh is the only core package using
heimdal, though I assume that's not a reasonable option).

More information about the arch-dev-public mailing list