libserf builds against base despite settings?

Hi gang,

I'm revising my LAN server a bit (odd name, I know ;)) and ran into a problem while building devel/subversion:

/usr/local/lib/ undefined reference to `__gss_c_nt_hostbased_service_oid_desc'
/usr/local/lib/ undefined reference to `__gss_spnego_mechanism_oid_desc'
cc: error: linker command failed with exit code 1 (use -v to see invocation)
*** [subversion/tests/cmdline/atomic-ra-revprop-change] Error code 1

make[2]: stopped in /usr/ports/devel/subversion/work/subversion-1.9.7
1 error
It's obvious that is having an issue here, this library is provided by www/serf. I can back up this conclusion because as soon as I disable the SERF option for Subversion everything builds cleanly.

For my encryption I rely on both security/openssl and security/heimdal, I also set ssl=openssl in /etc/make.conf to reflect on this.

Serf is configured to use security/heimdal and Heimdal is fully up to date. All ports are up to date by the way.

Yet when I check /usr/local/lib/ using ldd I noticed something very peculiar:

/usr/local/lib/ => /usr/local/lib/ (0x28217000) => /usr/local/lib/ (0x28c00000) => /usr/lib/ (0x28316000) => /usr/lib/ (0x2831f000) => /usr/lib/ (0x28387000) => /usr/lib/ (0x2838e000) => /usr/lib/ (0x283ce000) => /usr/local/lib/heimdal/ (0x28f2b000)
So instead of using /usr/local/lib/heimdal/ and it reverted back to the libraries of the base system. So yeah, obviously something isn't right here.

My question: which package would be at fault here?

See, at first I am tempted to blame www/serf. After all: I clearly enable Heimdal support and then it doesn't build against Heimdal. But it's also fair to say that several libraries (databases/db5 for example) set up symlinks in /usr/local/lib which I could imagine makes it easier for other packages to detect and use those libraries. And security/heimdal doesn't do this.

For now I'm going to disable Kerberos support entirely because I need https support in Subversion, but I think this problem also needs to be solved.
Make sure you enable HEIMDAL and not HEIMDAL_BASE (for www/serf):
42 	SCONS_ARGS+=    GSSAPI="/usr"
43 	.endif
46 	.endif
Thanks for the feedback, but I got that covered:

peter@macron:/usr/ports/www/serf# make showconfig
===> The following configuration options are available for serf-1.3.9_1:
     DOCS=on: Build and/or install documentation
====> Kerberos support: you can only select none or one of them
     MIT=off: MIT Kerberos (security/krb5)
     HEIMDAL=on: Heimdal Kerberos (security/heimdal)
     HEIMDAL_BASE=off: Heimdal Kerberos (base)
Going to prepare an e-mail to the port maintainer later on.
Yeah, it's possible the configure script from serf itself may be detecting the base Heimdal, regardless of how you configure the port. Have you tried building it against MIT? Just to see if that does pick up the correct port dependency?
Have you tried building it against MIT? Just to see if that does pick up the correct port dependency?
Good thinking! I haven't yet but I'm going to test that as well before actually sending the e-mail, that can definitely shed a little more light on this.
I have the same problem. Building Serf against MIT does solve the problem, but results in conflicts down the road.

Update: Building Serf against Heimdal Base seems to solve my issue.