4.2.0 compile error on our centos-6 and centos-7 systems (gnutls related)
Andrew Bartlett
abartlet at samba.org
Wed Mar 11 22:33:27 MDT 2015
On Wed, 2015-03-11 at 10:46 -0400, Thomas Schulz wrote:
> > On Tue, 2015-03-10 at 19:35 +0100, Andreas Schneider wrote:
> > > On Wednesday 11 March 2015 07:20:13 Andrew Bartlett wrote:
> > > > On Mon, 2015-03-09 at 21:21 +0100, Andreas Schneider wrote:
> > > > > >From 3fa45a6301607cda2a632c0102768576db3c65a6 Mon Sep 17 00:00:00 2001
> > > > >
> > > > > From: Andreas Schneider <asn at samba.org>
> > > > >
> > > > > Date: Mon, 9 Mar 2015 21:14:19 +0100
> > > > >
> > > > > Subject: [PATCH 3/3] s4-tls: Remove obsolete gcrypt support.
> > > > >
> > > > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=11135
> > > > >
> > > > > Since GnuTLS 3.0 nettle is used instead of gcrypt.
> > > >
> > > > Shouldn't this be conditional on the version of GnuTLS?
> > >
> > > We only call one function of grcypt which we do not really have to call.
> > > GnuTLS should correclty initialize gcrypt if it uses it. But since quite some
> > > time (2010/2011) GnuTLS dropped support for gcrypt. I don't see a reason why
> > > we should still link against it.
> >
> > Because if we don't set that flag, we had testsuites bog down as it
> > foolishly demanded keys from /dev/random, as I recall it. See
> > b1ff79dbb246e717fc4a62c7a615ca7ce9ccc302
> >
> > That is, to remove that linkage, please also bump the minimum version to
> > 3.0.
> >
> > Thanks!
> >
> > Andrew Bartlett
>
> You probably should make things conditional on the version of GnuTLS.
>
> Consider the case where the latest version of GnuTLS is obtained and
> installed because the original version is way too old. This can leave a
> very old version of libgcrypt installed. This can cause the build to fail.
>
> I received the following error:
>
> ../source4/lib/tls/tlscert.c", line 74: undefined symbol:
> GCRYCTL_ENABLE_QUICK_RANDOM
Thanks. Can you try the attached patches in this situation?
I've built Centos7 and Fedora 21 build boxes, but these never showed the
original failure, so I'm assuming it was just the --disable-gnutls some
folks had in their standard configure lines.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-backupkey-Explicitly-link-to-gnutls-and-gcrypt.patch
Type: text/x-patch
Size: 968 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150312/0a0e4d45/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-backupkey-Explicitly-link-to-gnutls-and-gcrypt.patch
Type: text/x-patch
Size: 972 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150312/0a0e4d45/attachment-0001.bin>
More information about the samba-technical
mailing list