[SCM] Samba Shared Repository - branch v4-16-test updated

Jule Anger janger at samba.org
Mon Mar 14 15:25:01 UTC 2022


The branch, v4-16-test has been updated
       via  1fcb5ed30f9 s4-kdc: Fix memory leak in FAST cookie handling
       via  9d819c9359f third_party/heimdal: import lorikeet-heimdal-202203101710 (commit df8d801544144949931cd742169be1207b239c3d)
       via  e6196c456c1 selftest: use 'kdc enable fast = no' for fl2000 fl2003
       via  46435367394 s4:kdc: make use of the 'kdc enable fast' option
       via  9aa78f15fd6 docs-xml: add 'kdc enable fast' option
       via  2aa95f78203 third_party/heimdal: import lorikeet-heimdal-202203101709 (commit 47863866da25cc21d292ce335a976b8b33fa1864)
      from  8ac427eed2c VERSION: Bump version up to Samba 4.16.0rc6...

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-16-test


- Log -----------------------------------------------------------------
commit 1fcb5ed30f9a2b2fd7e02be66ab6052ae960aeed
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Tue Mar 8 22:46:02 2022 +1300

    s4-kdc: Fix memory leak in FAST cookie handling
    
    The call to sdb_free_entry() was forgotten.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15000
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    
    Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
    Autobuild-Date(master): Fri Mar 11 11:05:55 UTC 2022 on sn-devel-184
    
    (cherry picked from commit b7bc1f6dddc1c5fee8a39422823f167db1f24bb2)
    
    Autobuild-User(v4-16-test): Jule Anger <janger at samba.org>
    Autobuild-Date(v4-16-test): Mon Mar 14 15:24:28 UTC 2022 on sn-devel-184

commit 9d819c9359f35758219ee78ef0ade3828a9d8135
Author: Stefan Metzmacher <metze at samba.org>
Date:   Thu Mar 10 17:49:52 2022 +0100

    third_party/heimdal: import lorikeet-heimdal-202203101710 (commit df8d801544144949931cd742169be1207b239c3d)
    
    This fixes the regressions against KDCs without FAST support.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15002
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15005
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
    
    Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
    Autobuild-Date(master): Fri Mar 11 18:06:47 UTC 2022 on sn-devel-184
    
    (cherry picked from commit 9b48e7f7eda5e368c1192d562c268885c1f68d8b)

commit e6196c456c1d9635376fcc5565b9f67e2e7cf65a
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Mar 9 12:53:18 2022 +0100

    selftest: use 'kdc enable fast = no' for fl2000 fl2003
    
    This makes sure we still run tests against KDCs without FAST support
    and it already found a few regressions.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15002
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15005
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
    (cherry picked from commit f1a71e24864367a55a30813dd642e7ef392b5ac9)

commit 4643536739464a1f1c49ca780ae34a1c8f6df360
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Mar 9 12:39:07 2022 +0100

    s4:kdc: make use of the 'kdc enable fast' option
    
    This will useful to test against a KDC without FAST support
    and find/prevent regressions.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15002
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15005
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
    (cherry picked from commit 2db7589d69abebad16b66d933114367f815d5fc3)

commit 9aa78f15fd6f4796657246d09dab883a717de6f6
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Mar 9 12:39:07 2022 +0100

    docs-xml: add 'kdc enable fast' option
    
    This will be useful to test against a KDC without FAST support
    and find/prevent regressions.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15002
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15005
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
    (cherry picked from commit 12b623088cf48cf9e4a046441810ef20e1f079b8)

commit 2aa95f782037be279b093df5b3f9cbe4f1c44ab3
Author: Stefan Metzmacher <metze at samba.org>
Date:   Thu Mar 10 16:12:43 2022 +0100

    third_party/heimdal: import lorikeet-heimdal-202203101709 (commit 47863866da25cc21d292ce335a976b8b33fa1864)
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15002
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15005
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
    (cherry picked from commit 67bdc922f9836779f1b37805575c5c4eea9ba3e6)

-----------------------------------------------------------------------

Summary of changes:
 docs-xml/smbdotconf/security/kdcenablefast.xml     |  15 +++
 lib/param/loadparm.c                               |   2 +
 selftest/target/Samba4.pm                          |   2 +
 source3/param/loadparm.c                           |   2 +
 source4/kdc/db-glue.c                              |   8 +-
 source4/kdc/hdb-samba4.c                           |   1 +
 source4/kdc/kdc-heimdal.c                          |   7 +
 source4/selftest/tests.py                          |   5 +-
 third_party/heimdal/.github/workflows/coverity.yml |  68 ++++++++++
 third_party/heimdal/.github/workflows/linux.yml    | 146 +++++++++++++++++++++
 third_party/heimdal/.github/workflows/osx.yml      | 122 +++++++++++++++++
 .../heimdal/.github/workflows/scanbuild.yml        |  67 ++++++++++
 third_party/heimdal/.github/workflows/valgrind.yml |  71 ++++++++++
 third_party/heimdal/.github/workflows/windows.yml  |  92 +++++++++++++
 third_party/heimdal/kdc/default_config.c           |   9 ++
 third_party/heimdal/kdc/fast.c                     |   3 +
 third_party/heimdal/kdc/kdc.h                      |   1 +
 third_party/heimdal/kdc/krb5tgs.c                  |   3 +
 third_party/heimdal/lib/krb5/fast.c                |  98 ++++++++++++--
 third_party/heimdal/lib/krb5/get_cred.c            |  76 +++++++----
 third_party/heimdal/lib/krb5/init_creds_pw.c       |   1 -
 third_party/heimdal/lib/krb5/krb5.conf.5           |   2 +
 third_party/heimdal/lib/krb5/pac.c                 |  12 +-
 third_party/heimdal/tests/gss/check-context.in     |   4 -
 24 files changed, 763 insertions(+), 54 deletions(-)
 create mode 100644 docs-xml/smbdotconf/security/kdcenablefast.xml
 create mode 100644 third_party/heimdal/.github/workflows/coverity.yml
 create mode 100644 third_party/heimdal/.github/workflows/linux.yml
 create mode 100644 third_party/heimdal/.github/workflows/osx.yml
 create mode 100644 third_party/heimdal/.github/workflows/scanbuild.yml
 create mode 100644 third_party/heimdal/.github/workflows/valgrind.yml
 create mode 100644 third_party/heimdal/.github/workflows/windows.yml


Changeset truncated at 500 lines:

diff --git a/docs-xml/smbdotconf/security/kdcenablefast.xml b/docs-xml/smbdotconf/security/kdcenablefast.xml
new file mode 100644
index 00000000000..e47ca3b0bd4
--- /dev/null
+++ b/docs-xml/smbdotconf/security/kdcenablefast.xml
@@ -0,0 +1,15 @@
+<samba:parameter name="kdc enable fast"
+                 type="boolean"
+                 context="G"
+                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+	<para>With the Samba 4.16 the embedded Heimdal KDC brings
+	support for RFC6113 FAST, which wasn't available in
+	older Samba versions.</para>
+
+	<para>This option is mostly for testing and currently only applies
+	if the embedded Heimdal KDC is used.</para>
+</description>
+
+<value type="default">yes</value>
+</samba:parameter>
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index cae763b44ea..d6d845391e6 100644
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -2695,6 +2695,8 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
 	lpcfg_do_global_parameter(lp_ctx, "krb5 port", "88");
 	lpcfg_do_global_parameter(lp_ctx, "kpasswd port", "464");
 
+	lpcfg_do_global_parameter(lp_ctx, "kdc enable fast", "True");
+
 	lpcfg_do_global_parameter(lp_ctx, "nt status support", "True");
 
 	lpcfg_do_global_parameter(lp_ctx, "max wins ttl", "518400"); /* 6 days */
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index da6b2de488b..4c263f55de4 100755
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -1655,6 +1655,7 @@ sub provision_fl2000dc($$)
 
 	print "PROVISIONING DC WITH FOREST LEVEL 2000...\n";
 	my $extra_conf_options = "
+	kdc enable fast = no
 	spnego:simulate_w2k=yes
 	ntlmssp_server:force_old_spnego=yes
 ";
@@ -1698,6 +1699,7 @@ sub provision_fl2003dc($$$)
 
 	print "PROVISIONING DC WITH FOREST LEVEL 2003...\n";
 	my $extra_conf_options = "allow dns updates = nonsecure and secure
+	kdc enable fast = no
 	dcesrv:header signing = no
 	dcesrv:max auth states = 0
 	dns forwarder = $ip_addr1 [$ip_addr2]:54";
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index a366870d1fe..21e061939e3 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -942,6 +942,8 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
 
 	Globals.kpasswd_port = 464;
 
+	Globals.kdc_enable_fast = true;
+
 	Globals.aio_max_threads = 100;
 
 	lpcfg_string_set(Globals.ctx,
diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
index 8d17038cfe6..bdadc1278c3 100644
--- a/source4/kdc/db-glue.c
+++ b/source4/kdc/db-glue.c
@@ -448,11 +448,15 @@ static krb5_error_code samba_kdc_message2entry_keys(krb5_context context,
 	*supported_enctypes_out = 0;
 
 	if (rid == DOMAIN_RID_KRBTGT || is_rodc) {
+		bool enable_fast;
+
 		/* KDCs (and KDCs on RODCs) use AES */
 		supported_enctypes |= ENC_HMAC_SHA1_96_AES128 | ENC_HMAC_SHA1_96_AES256;
 
-		/* KDCs support FAST */
-		supported_enctypes |= ENC_FAST_SUPPORTED;
+		enable_fast = lpcfg_kdc_enable_fast(kdc_db_ctx->lp_ctx);
+		if (enable_fast) {
+			supported_enctypes |= ENC_FAST_SUPPORTED;
+		}
 	} else if (userAccountControl & (UF_PARTIAL_SECRETS_ACCOUNT|UF_SERVER_TRUST_ACCOUNT)) {
 		/* DCs and RODCs comptuer accounts use AES */
 		supported_enctypes |= ENC_HMAC_SHA1_96_AES128 | ENC_HMAC_SHA1_96_AES256;
diff --git a/source4/kdc/hdb-samba4.c b/source4/kdc/hdb-samba4.c
index 3f573f297f8..96e88423528 100644
--- a/source4/kdc/hdb-samba4.c
+++ b/source4/kdc/hdb-samba4.c
@@ -229,6 +229,7 @@ static krb5_error_code hdb_samba4_fetch_fast_cookie(krb5_context context,
 	ret = sdb_entry_ex_to_hdb_entry_ex(context,
 					   &sdb_entry_ex,
 					   entry_ex);
+	sdb_free_entry(&sdb_entry_ex);
 	TALLOC_FREE(mem_ctx);
 
 	return ret;
diff --git a/source4/kdc/kdc-heimdal.c b/source4/kdc/kdc-heimdal.c
index ddf3b649da2..0d2a410fc3b 100644
--- a/source4/kdc/kdc-heimdal.c
+++ b/source4/kdc/kdc-heimdal.c
@@ -422,6 +422,13 @@ static void kdc_post_fork(struct task_server *task, struct process_details *pd)
 
 	kdc_config->require_pac = true;
 
+	/*
+	 * By default we enable RFC6113/FAST support,
+	 * but we have an option to disable in order to
+	 * test against a KDC with FAST support.
+	 */
+	kdc_config->enable_fast = lpcfg_kdc_enable_fast(task->lp_ctx);
+
 	/*
 	 * Match Windows and RFC6113 and Windows but break older
 	 * Heimdal clients.
diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index 829eda82979..a7572b53cad 100755
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -1666,12 +1666,15 @@ plansmbtorture4testsuite('krb5.kdc', env, ['ncacn_np:$SERVER_IP', "-k", "yes", '
                                            '--option=torture:krb5-service=http'],
                          "samba4.krb5.kdc with account having identical UPN and SPN")
 for env in ["fl2008r2dc", "fl2003dc"]:
+    fast_support = have_fast_support
+    if env in ["fl2003dc"]:
+        fast_support = 0
     planoldpythontestsuite(env, "samba.tests.krb5.as_req_tests",
                            environ={
                                'ADMIN_USERNAME': '$USERNAME',
                                'ADMIN_PASSWORD': '$PASSWORD',
                                'STRICT_CHECKING': '0',
-                               'FAST_SUPPORT': have_fast_support,
+                               'FAST_SUPPORT': fast_support,
                                'TKT_SIG_SUPPORT': tkt_sig_support,
                                'EXPECT_PAC': expect_pac,
                                'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers,
diff --git a/third_party/heimdal/.github/workflows/coverity.yml b/third_party/heimdal/.github/workflows/coverity.yml
new file mode 100644
index 00000000000..5a175f52a8c
--- /dev/null
+++ b/third_party/heimdal/.github/workflows/coverity.yml
@@ -0,0 +1,68 @@
+name: Linux Coverity Build
+
+on:
+    push:
+      # Pushes to this branch get the scan-build treatment
+      branches:
+         - 'coverity*'
+
+jobs:
+    linux:
+        if: secrets.COVERITY_SCAN_TOKEN != ''
+        runs-on: ${{ matrix.os }}
+        strategy:
+            fail-fast: false
+            matrix:
+                name: [linux-clang]
+                include:
+                    - name: linux-clang
+                      os: ubuntu-18.04
+                      compiler: clang
+        steps:
+            - name: Clone repository
+              uses: actions/checkout at v1
+            - name: Install packages
+              if: startsWith(matrix.os, 'ubuntu')
+              run: |
+                sudo apt-get update -qq
+                sudo apt-get install -y bison comerr-dev flex libcap-ng-dev libdb-dev libedit-dev libjson-perl libldap2-dev libncurses5-dev libperl4-corelibs-perl libsqlite3-dev libkeyutils-dev pkg-config python ss-dev texinfo unzip netbase keyutils ldap-utils gdb apport curl libmicrohttpd-dev clang-tools clang-format jq valgrind
+                # Temporary workaround for:
+                # https://github.com/actions/virtual-environments/issues/3185
+                sudo hostname localhost
+            - name: Download Coverity Build Tool
+              env:
+                  TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
+              run: |
+                  wget -q https://scan.coverity.com/download/cxx/linux64 --post-data "token=$TOKEN&project=ruby" -O cov-analysis-linux64.tar.gz
+                  mkdir cov-analysis-linux64
+                  tar xzf cov-analysis-linux64.tar.gz --strip 1 -C cov-analysis-linux64
+            - name: Build
+              env:
+                CC: ${{ matrix.compiler }}
+                MAKEVARS: ${{ matrix.makevars }}
+                CONFIGURE_OPTS:  ${{ matrix.configureopts }}
+              run: |
+                /bin/sh ./autogen.sh
+                mkdir build
+                cd build
+                ../configure --srcdir=`dirname "$PWD"` --enable-maintainer-mode --enable-developer --with-ldap $CONFIGURE_OPTS --prefix=$HOME/inst CFLAGS="-Wno-error=shadow -Wno-error=bad-function-cast -Wno-error=unused-function -Wno-error=unused-result -Wno-error=deprecated-declarations"
+                ulimit -c unlimited
+                # We don't want to scan-build libedit nor SQLite3 because ETOOSLOW
+                (cd lib/libedit && make -j4)
+                (cd lib/sqlite && make -j4)
+                export PATH=`pwd`/cov-analysis-linux64/bin:$PATH
+                cov-build --dir cov-int make -j4
+            - name: Submit the result to Coverity Scan
+              env:
+                  TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
+                  EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }}
+                  PROJECT: ${{ secrets.COVERITY_SCAN_PROJECT }}
+              run: |
+                  tar czvf heimdal.tgz cov-int
+                  curl \
+                  --form project=ruby \
+                  --form token=$TOKEN \
+                  --form email=$EMAIL \
+                  --form file=@heimdal.tgz \
+                  --form version=trunk \
+                  --form description="`./ruby -v`" "https://scan.coverity.com/builds?project=$PROJECT"
diff --git a/third_party/heimdal/.github/workflows/linux.yml b/third_party/heimdal/.github/workflows/linux.yml
new file mode 100644
index 00000000000..48e4c80dc3c
--- /dev/null
+++ b/third_party/heimdal/.github/workflows/linux.yml
@@ -0,0 +1,146 @@
+name: Linux Build
+
+on:
+    push:
+      branches:
+         - 'master'
+         - 'heimdal-7-1-branch'
+      paths:
+         - '!docs/**'
+         - '!**.md'
+         - '!**.[1-9]'
+         - '**.[chly]'
+         - '**.hin'
+         - '**.in'
+         - '**.am'
+         - '**.m4'
+         - '**.ac'
+         - '**.pl'
+         - '**.py'
+         - '**.asn1'
+         - '**.opt'
+         - '**/COPYING'
+         - '**/INSTALL'
+         - '**/README*'
+         - '.github/workflows/linux.yml'
+         - '!appveyor.yml'
+         - '!.travis.yml'
+
+    pull_request:
+      paths:
+         - '!docs/**'
+         - '!**.md'
+         - '!**.[1-9]'
+         - '**.[chly]'
+         - '**.hin'
+         - '**.in'
+         - '**.am'
+         - '**.m4'
+         - '**.ac'
+         - '**.pl'
+         - '**.py'
+         - '**.asn1'
+         - '**.opt'
+         - '**/COPYING'
+         - '**/INSTALL'
+         - '**/README*'
+         - '.github/workflows/linux.yml'
+         - '!appveyor.yml'
+         - '!.travis.yml'
+
+jobs:
+    unix:
+        runs-on: ${{ matrix.os }}
+        strategy:
+            fail-fast: false
+            matrix:
+                name: [linux-clang, linux-gcc]
+                include:
+                    - name: linux-clang
+                      os: ubuntu-18.04
+                      compiler: clang
+                      cflags: ''
+                    - name: linux-gcc
+                      os: ubuntu-18.04
+                      compiler: gcc
+                      cflags: '-Wnonnull'
+        steps:
+            - name: Clone repository
+              uses: actions/checkout at v1
+            - name: Install packages
+              if: startsWith(matrix.os, 'ubuntu')
+              run: |
+                sudo apt-get update -qq
+                sudo apt-get install -y bison comerr-dev flex doxygen
+                sudo apt-get install -y libcap-ng-dev libdb-dev libedit-dev libjson-perl
+                sudo apt-get install -y libldap2-dev libncurses5-dev libperl4-corelibs-perl
+                sudo apt-get install -y libsqlite3-dev libkeyutils-dev pkg-config python
+                sudo apt-get install -y ss-dev texinfo unzip netbase keyutils ldap-utils
+                sudo apt-get install -y gdb apport curl libmicrohttpd-dev jq valgrind
+                # Temporary workaround for:
+                # https://github.com/actions/virtual-environments/issues/3185
+                sudo hostname localhost
+            - name: Build
+              env:
+                CC: ${{ matrix.compiler }}
+                MAKEVARS: ${{ matrix.makevars }}
+              run: |
+                /bin/sh ./autogen.sh
+                mkdir build
+                cd build
+                ../configure --srcdir=`dirname "$PWD"` --enable-maintainer-mode --enable-developer --with-ldap $CONFIGURE_OPTS --prefix=$HOME/inst CFLAGS="${{ matrix.cflags }} -Wno-error=shadow -Wno-error=bad-function-cast -Wno-error=unused-function -Wno-error=unused-result -Wno-error=deprecated-declarations"
+                make -j4
+            - name: Test
+              env:
+                CC: ${{ matrix.compiler }}
+                MAKEVARS: ${{ matrix.makevars }}
+              run: |
+                cd build
+                ulimit -c unlimited
+                make check
+            - name: Make Install
+              env:
+                CC: ${{ matrix.compiler }}
+                MAKEVARS: ${{ matrix.makevars }}
+              run: |
+                cd build || true
+                make DESTDIR=/tmp/h5l install
+                cd /tmp/h5l
+                tar czf $HOME/heimdal-install-linux-${{ matrix.compiler }}.tgz .
+            - name: Core dump stacks
+              run: |
+                echo "thread apply all bt" > /tmp/x
+                find . -name core -print | while read core; do gdb -batch -x x `file "$core"|sed -e "s/^[^']*'//" -e "s/[ '].*$//"` "$core"; done
+                if [ "$(find . -name core -print | wc -l)" -gt 0 ]; then false; fi
+            - name: Test logs
+              run: |
+                find build -depth -name \*.trs | xargs grep -lw FAIL | sed -e 's/trs$/log/' | tar -czf $HOME/logs-linux-${{ matrix.compiler }}.tgz --verbatim-files-from --files-from -
+                find build -name \*.trs | xargs grep -lw FAIL | sed -e 's/trs$/log/' | xargs cat
+            - name: Failed Test logs
+              if: ${{ failure() }}
+              run: |
+                find build -name \*.trs | xargs grep -lw FAIL | sed -e 's/trs$/log/' | xargs cat
+            - name: Make Dist
+              run: |
+                cd build
+                make dist
+                make distclean
+                if [ "$(git ls-files -o|grep -v ^build/ | wc -l)" -ne 0 ]; then
+                  echo "Files not removed by make distclean:"
+                  git ls-files -o|grep -v ^build/
+                fi
+            - name: Upload Install Tarball
+              uses: actions/upload-artifact at v2
+              with:
+                name: Install Tarball
+                path: '~/heimdal-install-linux-${{ matrix.compiler }}.tgz'
+            - name: Upload Dist Tarball
+              uses: actions/upload-artifact at v2
+              with:
+                name: Dist Tarball
+                path: 'build/heimdal-*.tar.gz'
+            - name: Upload Logs Tarball
+              uses: actions/upload-artifact at v2
+              with:
+                name: Test Logs
+                path: '~/logs-linux-${{ matrix.compiler }}.tgz'
diff --git a/third_party/heimdal/.github/workflows/osx.yml b/third_party/heimdal/.github/workflows/osx.yml
new file mode 100644
index 00000000000..342f850f1c7
--- /dev/null
+++ b/third_party/heimdal/.github/workflows/osx.yml
@@ -0,0 +1,122 @@
+name: OS X Build
+
+on:
+    push:
+      branches:
+         - 'master'
+         - 'osx-build'
+         - 'heimdal-7-1-branch'
+      paths:
+         - '!docs/**'
+         - '!**.md'
+         - '!**.[1-9]'
+         - '**.[chly]'
+         - '**.hin'
+         - '**.in'
+         - '**.am'
+         - '**.m4'
+         - '**.ac'
+         - '**.pl'
+         - '**.py'
+         - '**.asn1'
+         - '**.opt'
+         - '**/COPYING'
+         - '**/INSTALL'
+         - '**/README*'
+         - '.github/workflows/osx.yml'
+         - '!appveyor.yml'
+         - '!.travis.yml'
+
+    pull_request:
+      paths:
+         - '!docs/**'
+         - '!**.md'
+         - '!**.[1-9]'
+         - '**.[chly]'
+         - '**.hin'
+         - '**.in'
+         - '**.am'
+         - '**.m4'
+         - '**.ac'
+         - '**.pl'
+         - '**.py'
+         - '**.asn1'
+         - '**.opt'
+         - '**/COPYING'
+         - '**/INSTALL'
+         - '**/README*'
+         - '.github/workflows/osx.yml'
+         - '!appveyor.yml'
+         - '!.travis.yml'
+
+jobs:
+    osx:
+        runs-on: ${{ matrix.os }}
+        strategy:
+            fail-fast: false
+            matrix:
+                name: [osx-clang]
+                include:
+                    - name: osx-clang
+                      os: macos-latest
+                      compiler: clang
+        steps:
+            - name: Install packages
+              run: |
+                echo "bison, flex, ncurses, texinfo, and unzip are in the base OS."
+                echo "berkeley-db, perl, python, curl, and jq are installed in the"
+                echo "base image already."
+                brew install autoconf automake libtool cpanm
+                sudo cpanm install JSON
+            - name: Clone repository
+              uses: actions/checkout at v1
+            - name: Build
+              env:
+                CC: ${{ matrix.compiler }}
+                MAKEVARS: ${{ matrix.makevars }}
+                CONFIGURE_OPTS:  ${{ matrix.configureopts }}
+              run: |
+                /bin/sh ./autogen.sh
+                mkdir build
+                cd build
+                ../configure --srcdir=`dirname "$PWD"` --disable-afs-support --enable-maintainer-mode --enable-developer $CONFIGURE_OPTS --prefix=$HOME/inst CFLAGS="-Wno-error=shadow -Wno-error=bad-function-cast -Wno-error=unused-function -Wno-error=unused-result -Wno-error=deprecated-declarations" CFLAGS="-O0 -g -ggdb3"
+                ulimit -c unlimited
+                make -j4
+            #- name: Setup upterm session
+            #  uses: lhotari/action-upterm at v1
+            #  with:
+            #      limit-access-to-actor: true
+            - name: Test
+              env:
+                CC: ${{ matrix.compiler }}
+                MAKEVARS: ${{ matrix.makevars }}
+                CONFIGURE_OPTS:  ${{ matrix.configureopts }}
+              run: |
+                set -vx
+                sudo lsof -nP -i:49188 || true
+                cd build
+                make check
+            - name: Install
+              run: |
+                cd build || true
+                make DESTDIR=/tmp/h5l install
+                cd /tmp/h5l
+                tar czf $HOME/heimdal-install-osx.tgz .
+            - name: Test logs
+              run: |
+                find build -depth -name \*.trs|xargs grep -lw FAIL|sed -e 's/trs$/log/' | cpio -o > $HOME/logs-osx.cpio
+                find build -name \*.trs|xargs grep -lw FAIL|sed -e 's/trs$/log/'|xargs cat
+            - name: Failed Test logs
+              if: ${{ failure() }}
+              run: |
+                find build -name \*.trs|xargs grep -lw FAIL|sed -e 's/trs$/log/'|xargs cat
+            - name: Upload Install Tarball
+              uses: actions/upload-artifact at v2
+              with:
+                name: Install Tarball
+                path: '~/heimdal-install-osx.tgz'
+            - name: Upload Artifacts
+              uses: actions/upload-artifact at v2
+              with:
+                name: Upload Test Logs
+                path: '~/logs-osx.cpio'
diff --git a/third_party/heimdal/.github/workflows/scanbuild.yml b/third_party/heimdal/.github/workflows/scanbuild.yml
new file mode 100644
index 00000000000..678ccfd8046
--- /dev/null
+++ b/third_party/heimdal/.github/workflows/scanbuild.yml
@@ -0,0 +1,67 @@


-- 
Samba Shared Repository



More information about the samba-cvs mailing list