From 45edc22436d6f8c514509277c6795cf3d58669ac Mon Sep 17 00:00:00 2001 From: Alex Novak Date: Thu, 21 May 2026 21:32:55 -0400 Subject: [PATCH 1/4] Enable SASL support in librdkafka build Enables the WITH_SASL flag on librdkafka compilation Signed-off-by: Alex Novak --- librdkafka.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/librdkafka.yaml b/librdkafka.yaml index 6cd687ae1a7..c31787aa530 100644 --- a/librdkafka.yaml +++ b/librdkafka.yaml @@ -42,6 +42,7 @@ pipeline: -DCMAKE_INSTALL_PREFIX=/usr \ -DCMAKE_INSTALL_LIBDIR=/usr/lib \ -DCMAKE_BUILD_TYPE=RelWithDebinfo \ + -DWITH_SASL=ON \ -DRDKAFKA_BUILD_EXAMPLES=OFF \ -DRDKAFKA_BUILD_TESTS="OFF" cmake --build build From 38e106798fa580c0577b359807d7c50d0e3568a4 Mon Sep 17 00:00:00 2001 From: Alex Novak Date: Thu, 21 May 2026 21:35:18 -0400 Subject: [PATCH 2/4] Bump epoch Signed-off-by: Alex Novak --- librdkafka.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/librdkafka.yaml b/librdkafka.yaml index c31787aa530..a0230952144 100644 --- a/librdkafka.yaml +++ b/librdkafka.yaml @@ -1,7 +1,7 @@ package: name: librdkafka version: "2.14.1" - epoch: 3 # go/wolfi-rsc/librdkafka + epoch: 4 # go/wolfi-rsc/librdkafka description: "The Apache Kafka C/C++ library" copyright: - license: BSD-2-Clause From a60d696c409e1f345640a85f1b5e2da5ba41126e Mon Sep 17 00:00:00 2001 From: Alex Novak Date: Sat, 23 May 2026 00:00:27 -0400 Subject: [PATCH 3/4] Add a test, build it the right way for a change --- librdkafka.yaml | 44 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 43 insertions(+), 1 deletion(-) diff --git a/librdkafka.yaml b/librdkafka.yaml index a0230952144..0ad9cc9e074 100644 --- a/librdkafka.yaml +++ b/librdkafka.yaml @@ -20,6 +20,7 @@ environment: - ca-certificates-bundle - cmake - curl-dev + - cyrus-sasl-dev - linux-headers - lz4-dev - openssl-hardened-dev @@ -42,7 +43,6 @@ pipeline: -DCMAKE_INSTALL_PREFIX=/usr \ -DCMAKE_INSTALL_LIBDIR=/usr/lib \ -DCMAKE_BUILD_TYPE=RelWithDebinfo \ - -DWITH_SASL=ON \ -DRDKAFKA_BUILD_EXAMPLES=OFF \ -DRDKAFKA_BUILD_TESTS="OFF" cmake --build build @@ -148,3 +148,45 @@ test: gcc $(pkg-config --cflags rdkafka) test_api.c -o test_api $(pkg-config --libs rdkafka) ./test_api + - name: Test SASL/SCRAM mechanisms are compiled in + runs: | + set -euo pipefail + + # rd_kafka_new fails fast with "No provider for SASL mechanism ..." + # if the requested mechanism wasn't compiled into the library, so it + # is a reliable check that SCRAM/PLAIN/OAUTHBEARER providers exist. + tee test_sasl.c <<'EOF' + #include + #include + #include + + static int check_mechanism(const char *mech) { + char errstr[512]; + rd_kafka_conf_t *conf = rd_kafka_conf_new(); + rd_kafka_conf_set(conf, "security.protocol", "SASL_PLAINTEXT", NULL, 0); + rd_kafka_conf_set(conf, "sasl.mechanism", mech, NULL, 0); + rd_kafka_conf_set(conf, "sasl.username", "u", NULL, 0); + rd_kafka_conf_set(conf, "sasl.password", "p", NULL, 0); + rd_kafka_conf_set(conf, "bootstrap.servers", "127.0.0.1:0", NULL, 0); + rd_kafka_t *rk = rd_kafka_new(RD_KAFKA_PRODUCER, conf, errstr, sizeof errstr); + if (!rk) { + fprintf(stderr, "FAIL: %s not supported: %s\n", mech, errstr); + return 1; + } + rd_kafka_destroy(rk); + printf("OK: %s\n", mech); + return 0; + } + + int main(void) { + int rc = 0; + rc |= check_mechanism("SCRAM-SHA-256"); + rc |= check_mechanism("SCRAM-SHA-512"); + rc |= check_mechanism("PLAIN"); + return rc; + } + EOF + + gcc $(pkg-config --cflags rdkafka) test_sasl.c -o test_sasl $(pkg-config --libs rdkafka) + ./test_sasl + From a7f2f381323103e8f0315b6f7544f2614c952127 Mon Sep 17 00:00:00 2001 From: Alex Novak Date: Tue, 26 May 2026 15:21:42 -0400 Subject: [PATCH 4/4] Ignore RC and DEV builds for udpate Signed-off-by: Alex Novak --- librdkafka.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/librdkafka.yaml b/librdkafka.yaml index 0ad9cc9e074..87c91ea234b 100644 --- a/librdkafka.yaml +++ b/librdkafka.yaml @@ -78,6 +78,8 @@ update: - ^ar_test_.* - ^test-.* - -DEV.$ + - -dev$ + - -RC\d+$ git: strip-prefix: v