diff --git a/bazel/patches/rules_foreign_cc/0001-include-out_data_dirs-to-the-output-groups.patch b/bazel/patches/rules_foreign_cc/0001-include-out_data_dirs-to-the-output-groups.patch deleted file mode 100644 index 9db13351915509..00000000000000 --- a/bazel/patches/rules_foreign_cc/0001-include-out_data_dirs-to-the-output-groups.patch +++ /dev/null @@ -1,42 +0,0 @@ -From af72bc8c79be86e14b3b46bd1207c23365c988d7 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Hugo=20Beauz=C3=A9e-Luyssen?= -Date: Thu, 27 Nov 2025 13:57:04 +0100 -Subject: [PATCH] include out_data_dirs to the output groups - ---- - foreign_cc/private/framework.bzl | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/foreign_cc/private/framework.bzl b/foreign_cc/private/framework.bzl -index eb7632d..fd354b7 100644 ---- a/foreign_cc/private/framework.bzl -+++ b/foreign_cc/private/framework.bzl -@@ -598,7 +598,8 @@ def cc_external_rule_impl(ctx, attrs): - outputs.libraries.static_libraries + - outputs.libraries.shared_libraries + - ([outputs.out_include_dir] if outputs.out_include_dir else []) + -- ([outputs.out_pc_dir] if outputs.out_pc_dir else []) -+ ([outputs.out_pc_dir] if outputs.out_pc_dir else []) + -+ (outputs.data_dirs if outputs.data_dirs else []) - ) - output_groups = _declare_output_groups(installdir_copy.file, output_groups) - wrapped_files = [ -@@ -849,6 +850,7 @@ _Outputs = provider( - out_binary_files = "Binary files, which will be created by the action", - libraries = "Library files, which will be created by the action", - out_pc_dir = "Directory with pkgconfig files (relative to install directory)", -+ data_dirs = "Directory containing additional files generated by the build", - declared_outputs = "All output files and directories of the action", - ), - ) -@@ -913,6 +915,7 @@ def _define_outputs(ctx, attrs, lib_name): - out_binary_files = out_binary_files, - libraries = libraries, - out_pc_dir = out_pc_dir, -+ data_dirs = out_data_dirs, - declared_outputs = declared_outputs, - ) - --- -2.43.0 - diff --git a/deps/krb5/krb5.BUILD.bazel b/deps/krb5/krb5.BUILD.bazel deleted file mode 100644 index 61604eedb6176c..00000000000000 --- a/deps/krb5/krb5.BUILD.bazel +++ /dev/null @@ -1,141 +0,0 @@ -load("@@//bazel/rules:so_symlink.bzl", "so_symlink") -load("@rules_license//rules:license.bzl", "license") -load("@rules_foreign_cc//foreign_cc:defs.bzl", "configure_make") -load("@rules_pkg//pkg:install.bzl", "pkg_install") -load("@rules_pkg//pkg:mappings.bzl", "pkg_files") -load("@rules_pkg//pkg:mappings.bzl", "strip_prefix") - -package(default_package_metadata = [":license"]) - -license( - name = "license", - license_kinds = ["@rules_license//licenses/spdx:BSD-2-Clause"], - license_text = "NOTICE", - visibility = ["//visibility:public"], -) - -filegroup( - name = "all_srcs", - srcs = glob(["src/**/*"]) -) - -SHARED_LIBS = { - 'krb5/plugins/tls/k5tls.so': '', - 'krb5/plugins/kdb/db2.so': '', - 'krb5/plugins/preauth/test.so': '', - 'krb5/plugins/preauth/spake.so': '', - 'krb5/plugins/preauth/pkinit.so': '', - 'krb5/plugins/preauth/otp.so': '', - 'libcom_err.so': '3.0', - 'libgssapi_krb5.so': '2.2', - 'libgssrpc.so': '4.2', - 'libk5crypto.so': '3.1', - 'libkadm5clnt.so': '', - 'libkadm5clnt_mit.so': '12.0', - 'libkadm5srv.so': '', - 'libkadm5srv_mit.so': '12.0', - 'libkdb5.so': '10.0', - 'libkrad.so': '0.0', - 'libkrb5.so': '3.3', - 'libkrb5support.so': '0.1', - 'libverto.so': '0.0', -} - -configure_make( - name = "krb5", - args = [ - "-j 16", - ], - autoreconf = True, - configure_in_place = True, - configure_options = [ - "--without-keyutils", # this would require additional deps/system deps, disable it - "--without-system-verto", # do not prefer libverto from the system, if installed - "--without-libedit", # we don't want to link with libraries outside of the install dir - "--disable-static", - "--with-crypto-impl=openssl", - "--with-tls-impl=openssl", - "--disable-nls", - ], - lib_source = ":all_srcs", - deps = [ - "@openssl//:openssl", - ], - out_shared_libs = SHARED_LIBS.keys(), - out_data_dirs = ["lib/pkgconfig"], -) - -# Unversioned lib handling: -# Create a filegroup refering to configure_make's output_group -# Expose this single file filegroup as a pkg_file target with a common `lib_$foo` name -[ - filegroup( - name = "_unversioned_lib_" + libname, - srcs = [":krb5"], - output_group = libname.rpartition('/')[2] - ) - for (libname, libversion) in SHARED_LIBS.items() if not libversion -] - -[ - pkg_files( - name = "_lib_" + libname, - srcs = [":_unversioned_lib_" + libname], - prefix = "lib/" + libname.rpartition('/')[0], - ) - for (libname, libversion) in SHARED_LIBS.items() if not libversion -] - -# Now the same for versioned libs, except instead of an explicit pkg_file -# we leverage the one created by so_symlink -[ - filegroup( - name = "_symlink_src_" + libname, - srcs = [":krb5"], - output_group = libname, - ) - for (libname, libversion) in SHARED_LIBS.items() if libversion -] - -[ - so_symlink( - name = "_lib_" + libname, - src = "_symlink_src_" + libname, - libname = libname.removesuffix(".so"), - version = libversion, - # so_symlink already adds a lib/ folder - prefix = libname.rpartition('/')[0], - ) - for (libname, libversion) in SHARED_LIBS.items() if libversion -] - -filegroup( - name = "_pc_files", - srcs = [":krb5"], - output_group = "pkgconfig", -) - -pkg_files( - name = "pc_files", - srcs = ["_pc_files"], - prefix = "lib/", -) - -filegroup( - name = "_headers", - srcs = [":krb5"], - output_group = "include" -) - -pkg_files( - name = "hdr_files", - srcs = [":_headers"], -) - -pkg_install( - name = "install", - srcs = [ - ":hdr_files", - ":pc_files", - ] + [":_lib_" + libname for libname in SHARED_LIBS.keys()], -) diff --git a/deps/repos.MODULE.bazel b/deps/repos.MODULE.bazel index 455c1d0959b43c..7b43fd85672e1d 100644 --- a/deps/repos.MODULE.bazel +++ b/deps/repos.MODULE.bazel @@ -57,7 +57,6 @@ single_version_override( patch_strip = 1, patches = [ "//bazel/patches:rules_foreign_cc/0000-expose-pc-files.patch", - "//bazel/patches:rules_foreign_cc/0001-include-out_data_dirs-to-the-output-groups.patch", ], ) @@ -315,13 +314,3 @@ http_archive( "license_file": "//deps:lua/license", }, ) - -http_archive( - name = "krb5", - url = "https://kerberos.org/dist/krb5/1.21/krb5-1.21.3.tar.gz", - sha256 = "b7a4cd5ead67fb08b980b21abd150ff7217e85ea320c9ed0c6dadd304840ad35", - strip_prefix = "krb5-1.21.3", - files = { - "BUILD.bazel": "//deps:krb5/krb5.BUILD.bazel", - }, -) diff --git a/omnibus/config/software/libkrb5.rb b/omnibus/config/software/libkrb5.rb index 6a7b47d5f02823..beaa90815f2964 100644 --- a/omnibus/config/software/libkrb5.rb +++ b/omnibus/config/software/libkrb5.rb @@ -1,41 +1,33 @@ name "libkrb5" default_version "1.21.3" +dependency "openssl3" + +version "1.21.3" do + source url: "https://kerberos.org/dist/krb5/1.21/krb5-1.21.3.tar.gz" + source sha256: "b7a4cd5ead67fb08b980b21abd150ff7217e85ea320c9ed0c6dadd304840ad35" +end + +relative_path "krb5-#{version}/src" + +reconf_env = { "PATH" => "#{install_dir}/embedded/bin:#{ENV["PATH"]}" } + build do - pc_files = [ - 'gssrpc.pc', - 'kadm-client.pc', - 'kadm-server.pc', - 'kdb.pc', - 'krb5-gssapi.pc', - 'krb5.pc', - 'mit-krb5-gssapi.pc', - 'mit-krb5.pc', - ] - lib_files = [ - 'krb5/plugins/tls/k5tls.so', - 'krb5/plugins/kdb/db2.so', - 'krb5/plugins/preauth/test.so', - 'krb5/plugins/preauth/spake.so', - 'krb5/plugins/preauth/pkinit.so', - 'krb5/plugins/preauth/otp.so', - 'libkadm5clnt_mit.so', - 'libkrad.so', - 'libverto.so', - 'libk5crypto.so', - 'libcom_err.so', - 'libkadm5srv.so', - 'libkrb5support.so', - 'libgssrpc.so', - 'libkrb5.so', - 'libkadm5srv_mit.so', - 'libkdb5.so', - 'libgssapi_krb5.so', - 'libkadm5clnt.so', + license "BSD-style" + license_file "https://raw.githubusercontent.com/krb5/krb5/master/NOTICE" + + configure_options = ["--without-keyutils", # this would require additional deps/system deps, disable it + "--without-system-verto", # do not prefer libverto from the system, if installed + "--without-libedit", # we don't want to link with libraries outside of the install dir + "--disable-static" ] - command_on_repo_root "bazelisk run -- @krb5//:install --destdir='#{install_dir}/embedded'" - command_on_repo_root "bazelisk run -- //bazel/rules:replace_prefix --prefix '#{install_dir}/embedded' " \ - + lib_files.map{ |l| "#{install_dir}/embedded/lib/#{l}" }.join(' ') \ - + " " \ - + pc_files.map{ |pc| "#{install_dir}/embedded/lib/pkgconfig/#{pc}" }.join(' ') + env = with_standard_compiler_flags(with_embedded_path) + configure(*configure_options, :env => env) + command "make -j #{workers}", :env => { "LD_RUN_PATH" => "#{install_dir}/embedded/lib" } + command "make install", :env => { "LD_RUN_PATH" => "#{install_dir}/embedded/lib" } + + # FIXME: CONDA libs appear to confuse the health checker - manually checked file + # are properly linked. Must whitelist for build to succeed. + whitelist_file "#{install_dir}/embedded/lib/krb5/plugins/tls/k5tls.so" + whitelist_file "#{install_dir}/embedded/lib/krb5/plugins/preauth/pkinit.so" end diff --git a/test/static/static_quality_gates.yml b/test/static/static_quality_gates.yml index 6b25c590b39e08..14bac0ad011ff3 100644 --- a/test/static/static_quality_gates.yml +++ b/test/static/static_quality_gates.yml @@ -1,9 +1,9 @@ static_quality_gate_agent_deb_amd64: - max_on_disk_size: 707.24 MiB - max_on_wire_size: 174.02 MiB + max_on_disk_size: 708.37 MiB + max_on_wire_size: 174.5 MiB static_quality_gate_agent_deb_amd64_fips: - max_on_disk_size: 702.86 MiB - max_on_wire_size: 173.5 MiB + max_on_disk_size: 703.97 MiB + max_on_wire_size: 173.77 MiB static_quality_gate_agent_heroku_amd64: max_on_disk_size: 329.53 MiB max_on_wire_size: 88.43 MiB @@ -11,41 +11,41 @@ static_quality_gate_agent_msi: max_on_disk_size: 982.08 MiB max_on_wire_size: 143.02 MiB static_quality_gate_agent_rpm_amd64: - max_on_disk_size: 707.23 MiB - max_on_wire_size: 177.24 MiB + max_on_disk_size: 708.35 MiB + max_on_wire_size: 177.66 MiB static_quality_gate_agent_rpm_amd64_fips: - max_on_disk_size: 702.85 MiB - max_on_wire_size: 176.32 MiB + max_on_disk_size: 703.96 MiB + max_on_wire_size: 176.63 MiB static_quality_gate_agent_rpm_arm64: - max_on_disk_size: 692.59 MiB - max_on_wire_size: 160.9 MiB + max_on_disk_size: 693.49 MiB + max_on_wire_size: 161.21 MiB static_quality_gate_agent_rpm_arm64_fips: - max_on_disk_size: 687.54 MiB - max_on_wire_size: 160.11 MiB + max_on_disk_size: 688.44 MiB + max_on_wire_size: 160.46 MiB static_quality_gate_agent_suse_amd64: - max_on_disk_size: 707.23 MiB - max_on_wire_size: 177.24 MiB + max_on_disk_size: 708.35 MiB + max_on_wire_size: 177.66 MiB static_quality_gate_agent_suse_amd64_fips: - max_on_disk_size: 702.85 MiB - max_on_wire_size: 176.32 MiB + max_on_disk_size: 703.96 MiB + max_on_wire_size: 176.63 MiB static_quality_gate_agent_suse_arm64: - max_on_disk_size: 692.59 MiB - max_on_wire_size: 160.9 MiB + max_on_disk_size: 693.49 MiB + max_on_wire_size: 161.21 MiB static_quality_gate_agent_suse_arm64_fips: - max_on_disk_size: 687.54 MiB - max_on_wire_size: 160.11 MiB + max_on_disk_size: 688.44 MiB + max_on_wire_size: 160.46 MiB static_quality_gate_docker_agent_amd64: - max_on_disk_size: 769.58 MiB - max_on_wire_size: 261.89 MiB + max_on_disk_size: 770.69 MiB + max_on_wire_size: 262.46 MiB static_quality_gate_docker_agent_arm64: - max_on_disk_size: 779.27 MiB - max_on_wire_size: 252.08 MiB + max_on_disk_size: 780.17 MiB + max_on_wire_size: 252.63 MiB static_quality_gate_docker_agent_jmx_amd64: - max_on_disk_size: 960.46 MiB - max_on_wire_size: 330.53 MiB + max_on_disk_size: 961.57 MiB + max_on_wire_size: 331.09 MiB static_quality_gate_docker_agent_jmx_arm64: - max_on_disk_size: 958.87 MiB - max_on_wire_size: 316.71 MiB + max_on_disk_size: 959.77 MiB + max_on_wire_size: 317.26 MiB static_quality_gate_docker_cluster_agent_amd64: max_on_disk_size: 181.08 MiB max_on_wire_size: 64.49 MiB