[PATCH] Re: 4.2.0 compile error on our centos-6 and centos-7 systems (gnutls related)

Andrew Bartlett abartlet at samba.org
Thu Mar 12 03:20:54 MDT 2015


On Thu, 2015-03-12 at 17:33 +1300, Andrew Bartlett wrote:
> On Wed, 2015-03-11 at 10:46 -0400, Thomas Schulz wrote:
> > > On Tue, 2015-03-10 at 19:35 +0100, Andreas Schneider wrote:
> > > > On Wednesday 11 March 2015 07:20:13 Andrew Bartlett wrote:
> > > > > On Mon, 2015-03-09 at 21:21 +0100, Andreas Schneider wrote:
> > > > > > >From 3fa45a6301607cda2a632c0102768576db3c65a6 Mon Sep 17 00:00:00 2001
> > > > > > 
> > > > > > From: Andreas Schneider <asn at samba.org>
> > > > > > 
> > > > > > Date: Mon, 9 Mar 2015 21:14:19 +0100
> > > > > > 
> > > > > > Subject: [PATCH 3/3] s4-tls: Remove obsolete gcrypt support.
> > > > > > 
> > > > > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=11135
> > > > > > 
> > > > > > Since GnuTLS 3.0 nettle is used instead of gcrypt.
> > > > > 
> > > > > Shouldn't this be conditional on the version of GnuTLS?
> > > > 
> > > > We only call one function of grcypt which we do not really have to call. 
> > > > GnuTLS should correclty initialize gcrypt if it uses it. But since quite some 
> > > > time (2010/2011) GnuTLS dropped support for gcrypt. I don't see a reason why 
> > > > we should still link against it.
> > > 
> > > Because if we don't set that flag, we had testsuites bog down as it
> > > foolishly demanded keys from /dev/random, as I recall it.  See
> > > b1ff79dbb246e717fc4a62c7a615ca7ce9ccc302
> > > 
> > > That is, to remove that linkage, please also bump the minimum version to
> > > 3.0.
> > > 
> > > Thanks!
> > > 
> > > Andrew Bartlett
> > 
> > You probably should make things conditional on the version of GnuTLS.
> > 
> > Consider the case where the latest version of GnuTLS is obtained and
> > installed because the original version is way too old. This can leave a
> > very old version of libgcrypt installed. This can cause the build to fail.
> > 
> > I received the following error:
> > 
> > ../source4/lib/tls/tlscert.c", line 74: undefined symbol:
> >    GCRYCTL_ENABLE_QUICK_RANDOM
> 
> Thanks.  Can you try the attached patches in this situation?
> 
> I've built Centos7 and Fedora 21 build boxes, but these never showed the
> original failure, so I'm assuming it was just the --disable-gnutls some
> folks had in their standard configure lines.

I've uploaded this patch to bug.  

Andreas,

Please review/push if you are happy, it seems to work well on the
systems I have access to. 

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

-------------- next part --------------
A non-text attachment was scrubbed...
Name: fix-gnutls.patch
Type: text/x-patch
Size: 5306 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150312/447f4bc2/attachment.bin>


More information about the samba-technical mailing list