Skip to content

build krb5 with bazel #44326

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
dd-mergequeue merged 5 commits into from
Dec 18, 2025
Merged

build krb5 with bazel #44326

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
25ff321
omnibus: libkrb5: use openssl & disable nls
chouquette Dec 16, 2025
b2fe54b
rules_foreign_cc: expose out_data_dir as an output group
chouquette Nov 27, 2025
ec5e649
build krb5 with bazel
chouquette Dec 16, 2025
768b113
omnibus: build krb5 with bazel
chouquette Dec 17, 2025
1f90b33
drop openssl dependency from the omnibus recipe
chouquette Dec 18, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 42 additions & 0 deletions bazel/patches/rules_foreign_cc/0001-include-out_data_dirs-to-the-output-groups.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
From af72bc8c79be86e14b3b46bd1207c23365c988d7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hugo=20Beauz=C3=A9e-Luyssen?= <hugo.beauzee@datadoghq.com>
Date: Thu, 27 Nov 2025 13:57:04 +0100
Subject: [PATCH] include out_data_dirs to the output groups

---
foreign_cc/private/framework.bzl | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/foreign_cc/private/framework.bzl b/foreign_cc/private/framework.bzl
index eb7632d..fd354b7 100644
--- a/foreign_cc/private/framework.bzl
+++ b/foreign_cc/private/framework.bzl
@@ -598,7 +598,8 @@ def cc_external_rule_impl(ctx, attrs):
outputs.libraries.static_libraries +
outputs.libraries.shared_libraries +
([outputs.out_include_dir] if outputs.out_include_dir else []) +
- ([outputs.out_pc_dir] if outputs.out_pc_dir else [])
+ ([outputs.out_pc_dir] if outputs.out_pc_dir else []) +
+ (outputs.data_dirs if outputs.data_dirs else [])
)
output_groups = _declare_output_groups(installdir_copy.file, output_groups)
wrapped_files = [
@@ -849,6 +850,7 @@ _Outputs = provider(
out_binary_files = "Binary files, which will be created by the action",
libraries = "Library files, which will be created by the action",
out_pc_dir = "Directory with pkgconfig files (relative to install directory)",
+ data_dirs = "Directory containing additional files generated by the build",
declared_outputs = "All output files and directories of the action",
),
)
@@ -913,6 +915,7 @@ def _define_outputs(ctx, attrs, lib_name):
out_binary_files = out_binary_files,
libraries = libraries,
out_pc_dir = out_pc_dir,
+ data_dirs = out_data_dirs,
declared_outputs = declared_outputs,
)

--
2.43.0

141 changes: 141 additions & 0 deletions deps/krb5/krb5.BUILD.bazel
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,141 @@
load("@@//bazel/rules:so_symlink.bzl", "so_symlink")
load("@rules_license//rules:license.bzl", "license")
load("@rules_foreign_cc//foreign_cc:defs.bzl", "configure_make")
load("@rules_pkg//pkg:install.bzl", "pkg_install")
load("@rules_pkg//pkg:mappings.bzl", "pkg_files")
load("@rules_pkg//pkg:mappings.bzl", "strip_prefix")

package(default_package_metadata = [":license"])

license(
name = "license",
license_kinds = ["@rules_license//licenses/spdx:BSD-2-Clause"],
Copy link
Contributor

@aiuto aiuto Dec 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is MIT.
I just read the the file to verify it.

Copy link
Contributor Author

@chouquette chouquette Dec 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://github.com/krb5/krb5/blob/master/NOTICE looks a lot like https://opensource.org/license/bsd-2-clause though.
It's copyrighted by the MIT, but under BSD-2 as far as I can tell

license_text = "NOTICE",
visibility = ["//visibility:public"],
)

filegroup(
name = "all_srcs",
srcs = glob(["src/**/*"])
)

SHARED_LIBS = {
'krb5/plugins/tls/k5tls.so': '',
'krb5/plugins/kdb/db2.so': '',
'krb5/plugins/preauth/test.so': '',
'krb5/plugins/preauth/spake.so': '',
'krb5/plugins/preauth/pkinit.so': '',
'krb5/plugins/preauth/otp.so': '',
'libcom_err.so': '3.0',
'libgssapi_krb5.so': '2.2',
'libgssrpc.so': '4.2',
'libk5crypto.so': '3.1',
'libkadm5clnt.so': '',
'libkadm5clnt_mit.so': '12.0',
'libkadm5srv.so': '',
'libkadm5srv_mit.so': '12.0',
'libkdb5.so': '10.0',
'libkrad.so': '0.0',
'libkrb5.so': '3.3',
'libkrb5support.so': '0.1',
'libverto.so': '0.0',
}

configure_make(
name = "krb5",
args = [
"-j 16",
],
autoreconf = True,
configure_in_place = True,
configure_options = [
"--without-keyutils", # this would require additional deps/system deps, disable it
"--without-system-verto", # do not prefer libverto from the system, if installed
"--without-libedit", # we don't want to link with libraries outside of the install dir
"--disable-static",
"--with-crypto-impl=openssl",
"--with-tls-impl=openssl",
"--disable-nls",
],
lib_source = ":all_srcs",
deps = [
"@openssl//:openssl",
],
out_shared_libs = SHARED_LIBS.keys(),
out_data_dirs = ["lib/pkgconfig"],
)

# Unversioned lib handling:
# Create a filegroup refering to configure_make's output_group
# Expose this single file filegroup as a pkg_file target with a common `lib_$foo` name
[
filegroup(
name = "_unversioned_lib_" + libname,
srcs = [":krb5"],
output_group = libname.rpartition('/')[2]
)
for (libname, libversion) in SHARED_LIBS.items() if not libversion
]

[
pkg_files(
name = "_lib_" + libname,
srcs = [":_unversioned_lib_" + libname],
prefix = "lib/" + libname.rpartition('/')[0],
)
for (libname, libversion) in SHARED_LIBS.items() if not libversion
]

# Now the same for versioned libs, except instead of an explicit pkg_file
# we leverage the one created by so_symlink
[
filegroup(
name = "_symlink_src_" + libname,
srcs = [":krb5"],
output_group = libname,
)
for (libname, libversion) in SHARED_LIBS.items() if libversion
]

[
so_symlink(
name = "_lib_" + libname,
src = "_symlink_src_" + libname,
libname = libname.removesuffix(".so"),
version = libversion,
# so_symlink already adds a lib/ folder
prefix = libname.rpartition('/')[0],
)
for (libname, libversion) in SHARED_LIBS.items() if libversion
]

filegroup(
name = "_pc_files",
srcs = [":krb5"],
output_group = "pkgconfig",
)

pkg_files(
name = "pc_files",
srcs = ["_pc_files"],
prefix = "lib/",
)

filegroup(
name = "_headers",
srcs = [":krb5"],
output_group = "include"
)

pkg_files(
name = "hdr_files",
srcs = [":_headers"],
)

pkg_install(
name = "install",
srcs = [
":hdr_files",
":pc_files",
] + [":_lib_" + libname for libname in SHARED_LIBS.keys()],
)
11 changes: 11 additions & 0 deletions deps/repos.MODULE.bazel
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,7 @@ single_version_override(
patch_strip = 1,
patches = [
"//bazel/patches:rules_foreign_cc/0000-expose-pc-files.patch",
"//bazel/patches:rules_foreign_cc/0001-include-out_data_dirs-to-the-output-groups.patch",
],
)

Expand Down Expand Up @@ -315,3 +316,13 @@ http_archive(
},
)

http_archive(
name = "krb5",
url = "https://kerberos.org/dist/krb5/1.21/krb5-1.21.3.tar.gz",
sha256 = "b7a4cd5ead67fb08b980b21abd150ff7217e85ea320c9ed0c6dadd304840ad35",
strip_prefix = "krb5-1.21.3",
files = {
"BUILD.bazel": "//deps:krb5/krb5.BUILD.bazel",
},
)

62 changes: 35 additions & 27 deletions omnibus/config/software/libkrb5.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,33 +1,41 @@
name "libkrb5"
default_version "1.21.3"

dependency "openssl3"

version "1.21.3" do
source url: "https://kerberos.org/dist/krb5/1.21/krb5-1.21.3.tar.gz"
source sha256: "b7a4cd5ead67fb08b980b21abd150ff7217e85ea320c9ed0c6dadd304840ad35"
end

relative_path "krb5-#{version}/src"

reconf_env = { "PATH" => "#{install_dir}/embedded/bin:#{ENV["PATH"]}" }

build do
license "BSD-style"
license_file "https://raw.githubusercontent.com/krb5/krb5/master/NOTICE"

configure_options = ["--without-keyutils", # this would require additional deps/system deps, disable it
"--without-system-verto", # do not prefer libverto from the system, if installed
"--without-libedit", # we don't want to link with libraries outside of the install dir
"--disable-static"
pc_files = [
'gssrpc.pc',
'kadm-client.pc',
'kadm-server.pc',
'kdb.pc',
'krb5-gssapi.pc',
'krb5.pc',
'mit-krb5-gssapi.pc',
'mit-krb5.pc',
]
env = with_standard_compiler_flags(with_embedded_path)
configure(*configure_options, :env => env)
command "make -j #{workers}", :env => { "LD_RUN_PATH" => "#{install_dir}/embedded/lib" }
command "make install", :env => { "LD_RUN_PATH" => "#{install_dir}/embedded/lib" }

# FIXME: CONDA libs appear to confuse the health checker - manually checked file
# are properly linked. Must whitelist for build to succeed.
whitelist_file "#{install_dir}/embedded/lib/krb5/plugins/tls/k5tls.so"
whitelist_file "#{install_dir}/embedded/lib/krb5/plugins/preauth/pkinit.so"
lib_files = [
'krb5/plugins/tls/k5tls.so',
'krb5/plugins/kdb/db2.so',
'krb5/plugins/preauth/test.so',
'krb5/plugins/preauth/spake.so',
'krb5/plugins/preauth/pkinit.so',
'krb5/plugins/preauth/otp.so',
'libkadm5clnt_mit.so',
'libkrad.so',
'libverto.so',
'libk5crypto.so',
'libcom_err.so',
'libkadm5srv.so',
'libkrb5support.so',
'libgssrpc.so',
'libkrb5.so',
'libkadm5srv_mit.so',
'libkdb5.so',
'libgssapi_krb5.so',
'libkadm5clnt.so',
]
command_on_repo_root "bazelisk run -- @krb5//:install --destdir='#{install_dir}/embedded'"
command_on_repo_root "bazelisk run -- //bazel/rules:replace_prefix --prefix '#{install_dir}/embedded' " \
+ lib_files.map{ |l| "#{install_dir}/embedded/lib/#{l}" }.join(' ') \
+ " " \
+ pc_files.map{ |pc| "#{install_dir}/embedded/lib/pkgconfig/#{pc}" }.join(' ')
end