Re: Auth-worker, unknown scheme ARGON2ID
On 21 Feb 2023, at 10:12 pm, James Brown <jlbrown@bordo.com.au> wrote:
I’ve spent ages on this and am getting really desperate! :-(
CPPFLAGS=-I/opt/homebrew/Cellar/openssl@3/3.0.8/include LDFLAGS=-L/opt/homebrew/opt/openssl@3/lib ./configure --with-ssl=openssl --with-mysql
... Install prefix . : /usr/local File offsets ... : 64bit I/O polling .... : kqueue I/O notifys .... : kqueue SSL ............ : yes (OpenSSL) GSSAPI ......... : no passdbs ........ : static passwd passwd-file pam checkpassword sql : -shadow -bsdauth -ldap userdbs ........ : static prefetch passwd passwd-file checkpassword sql
sudo doveadm pw -l
SHA1 SSHA512 SCRAM-SHA-256 BLF-CRYPT PLAIN HMAC-MD5 OTP SHA512 SHA DES-CRYPT CRYPT SSHA MD5-CRYPT PLAIN-MD4 PLAIN-MD5 SCRAM-SHA-1 CLEAR CLEARTEXT SSHA256 MD5 PBKDF2 SHA256 CRAM-MD5 PLAIN-TRUNC SMD5 DIGEST-MD5 LDAP-MD5
How do I get ARGON2I, ARGON2ID in that list?
Has anybody got Dovecot to work on recent macOS with these password schemes? Any hints?
Thanks, James.
Thanks Aki, that was helpful. When I add that I get:
checking for LIBSODIUM... no configure: error: Can't build with libsodium: not found
So I have to tell it where libsodium is.
Tried:
CPPFLAGS=-I/opt/homebrew/Cellar/openssl@3/3.0.8/include LDFLAGS=-L/opt/homebrew/opt/openssl@3/lib LIBSODIUM_LIBS=-L/opt/homebrew/Cellar/libsodium ./configure --with-ssl=openssl --with-mysql —with-sodium
But that gives:
configure: WARNING: Libtool does not cope well with whitespace in pwd
checking build system type... Invalid configuration —-with-sodium': machine —-with' not recognized
Location of libsodium:
% locate libsodium /opt/homebrew/Cellar/libsodium /opt/homebrew/Cellar/libsodium/1.0.18_1 /opt/homebrew/Cellar/libsodium/1.0.18_1/.brew /opt/homebrew/Cellar/libsodium/1.0.18_1/.brew/libsodium.rb /opt/homebrew/Cellar/libsodium/1.0.18_1/AUTHORS /opt/homebrew/Cellar/libsodium/1.0.18_1/ChangeLog /opt/homebrew/Cellar/libsodium/1.0.18_1/INSTALL_RECEIPT.json /opt/homebrew/Cellar/libsodium/1.0.18_1/LICENSE /opt/homebrew/Cellar/libsodium/1.0.18_1/README.markdown /opt/homebrew/Cellar/libsodium/1.0.18_1/include /opt/homebrew/Cellar/libsodium/1.0.18_1/include/sodium /opt/homebrew/Cellar/libsodium/1.0.18_1/include/sodium/core.h /opt/homebrew/Cellar/libsodium/1.0.18_1/include/sodium/crypto_aead_aes256gcm.h ... /opt/homebrew/Cellar/libsodium/1.0.18_1/include/sodium/utils.h /opt/homebrew/Cellar/libsodium/1.0.18_1/include/sodium/version.h /opt/homebrew/Cellar/libsodium/1.0.18_1/include/sodium.h /opt/homebrew/Cellar/libsodium/1.0.18_1/lib /opt/homebrew/Cellar/libsodium/1.0.18_1/lib/libsodium.23.dylib /opt/homebrew/Cellar/libsodium/1.0.18_1/lib/libsodium.a /opt/homebrew/Cellar/libsodium/1.0.18_1/lib/libsodium.dylib /opt/homebrew/Cellar/libsodium/1.0.18_1/lib/pkgconfig /opt/homebrew/Cellar/libsodium/1.0.18_1/lib/pkgconfig/libsodium.pc /opt/homebrew/lib/libsodium.23.dylib /opt/homebrew/lib/libsodium.a /opt/homebrew/lib/libsodium.dylib /opt/homebrew/lib/pkgconfig/libsodium.pc /opt/homebrew/opt/libsodium /opt/homebrew/var/homebrew/linked/libsodium
What do I need to use to stop the: Can't build with libsodium: not found
Sorry these are such stupid questions.
James.
Yes, I think I picked that up. I think I might have typed it into the email and it changed it (I’ve run the configure command so many times.)
CPPFLAGS=-I/opt/homebrew/Cellar/openssl@3/3.0.8/include LDFLAGS=-L/opt/homebrew/opt/openssl@3/lib LIBSODIUM_LIBS=-L/opt/homebrew/Cellar/libsodium ./configure --with-ssl=openssl --with-mysql --with-sodium
Fails with:
checking for mysql_ssl_set in -lmysqlclient... yes checking for LIBSODIUM... no configure: error: Can't build with libsodium: not found
This is so frustrating, but I’ll be jumping for joy if we can get it to work.
James.
Dovecot uses pkg-config to find out about libsodium, and it seems you're missing libsodium.pc in whatever place mac uses to hide them.
Maybe the .pc file is in the homebrew directory somewhere and needs to be copied, or you can make it yourself. Make sure to change the version and paths.
prefix=/usr exec_prefix=${prefix} libdir=${prefix}/lib/x86_64-linux-gnu includedir=${prefix}/include
Name: libsodium Version: 1.0.18 Description: A modern and easy-to-use crypto library
Libs: -L${libdir} -lsodium Libs.private: -pthread Cflags: -I${includedir}
Aki
On 22 Feb 2023, at 5:53 pm, Aki Tuomi <aki.tuomi@open-xchange.com> wrote:
Getting somewhere - thanks Aki.
% locate libsodium.pc /opt/homebrew/Cellar/libsodium/1.0.18_1/lib/pkgconfig/libsodium.pc /opt/homebrew/lib/pkgconfig/libsodium.pc /usr/local/lib/pkgconfig/libsodium.pc
Looking at /opt/homebrew/lib/pkgconfig/libsodium.pc it is:
prefix=/opt/homebrew/Cellar/libsodium/1.0.18_1 exec_prefix=${prefix} libdir=${exec_prefix}/lib includedir=${prefix}/include
Name: libsodium Version: 1.0.18 Description: A modern and easy-to-use crypto library
Libs: -L${libdir} -lsodium Libs.private: -pthread Cflags: -I${includedir}
The version of libsodium I downloaded and installed from source is:
prefix=/usr/local exec_prefix=${prefix} libdir=${exec_prefix}/lib includedir=${prefix}/include
Name: libsodium Version: 1.0.18 Description: A modern and easy-to-use crypto library
Libs: -L${libdir} -lsodium Libs.private: -lpthread -pthread Cflags: -I${includedir}
Do I need to edit one of these files, or somehow tell .configure to look at /opt/homebrew/lib/ ?
James.
On 22 Feb 2023, at 6:12 pm, Aki Tuomi <aki.tuomi@open-xchange.com> wrote:
Aki was a tremendous help and got it working for me. For anyone else who wants to use Dovecot on macOS with the ARGON2I or ARGON2ID password schemes, these are the steps:
First, need to install pkg-config using Homebrew.
Then install libsodium from Homebrew.
Then:
env PKG_CONFIG_PATH=/opt/homebrew/lib/pkgconfig pkg-config --libs libsodium
CPPFLAGS=-I/opt/homebrew/Cellar/openssl@3/3.0.8/include LDFLAGS=-L/opt/homebrew/opt/openssl@3/lib ./configure --with-ssl=openssl --with-mysql --with-sodium
(Probably should have not linked to specific version of OpenSSL 3, but it works so I’m not changing it now!)
make
sudo make install
All should work, start Dovecot with
sudo /usr/local/sbin/dovecot
And test with:
% sudo doveadm pw -l
SHA1 SSHA512 SCRAM-SHA-256 BLF-CRYPT PLAIN HMAC-MD5 OTP SHA512 SHA DES-CRYPT CRYPT SSHA MD5-CRYPT PLAIN-MD4 PLAIN-MD5 SCRAM-SHA-1 CLEAR CLEARTEXT ARGON2I ARGON2ID SSHA256 MD5 PBKDF2 SHA256 CRAM-MD5 PLAIN-TRUNC SMD5 DIGEST-MD5 LDAP-MD5
Hope that saves someone some time and frustration.
Probably future me! :-)
Huge thanks to Aki for his help and patience,
James.
participants (2)
-
Aki Tuomi
-
James Brown