Releases, locking and ldb

Stefan Metzmacher metze at samba.org
Fri Jun 30 05:40:19 UTC 2017 

Am 28.06.2017 um 23:54 schrieb Andrew Bartlett:
> On Wed, 2017-06-28 at 21:47 +0200, Stefan Metzmacher wrote:
>> Hi Andrew,
>>
>>>> The only good news is that I have confirmed that 4.6 fails with 1.1.31
>>>> for 'make test TESTS=fsmo', and that the proposed 1.1.32 fixes this
>>>> specific test. 
>>>>
>>>> This took me the whole work day, so the lack of a clear resolution is a
>>>> little deflating, but I hope this helps.  
>>
>> Thanks for all these tests!
>>
>>> I think the best course of action is to say the supported version of
>>> ldb for 4.6 is the version it shipped with, nothing else.  There is
>>> nothing gained by including the more recent patches, only risk.  
>>>
>>> I would suggest to un-release the 1.1.30 and 1.1.31 versions from the
>>> download page to avoid packaging by distributions (replace with a note
>>> saying they are withdrawn).
>>
>> I also thought about something similar.
> 
> Good.
> 
>> I'd also try to add a maxversion and/or a blacklist
>> to CHECK_BUNDLED_SYSTEM_PKG() and put that to 4.6 and 4.5.
> 
> Thanks.

Can you verify the attached patches work on 4.5,
we should try to get them into 4.5.11 next week.

I'm currently running autobuild with it for 4.6 and 4.5.
But it would be good if you could verify the real world
setup with an incompatible version in the system.
Maybe changing 'VERSION' in lib/ldb/wscript to 1.1.10
and blacklist 1.1.27 or set max version to 1.1.26
should be able to verify the protection works.

I already did some basic checks using hacks
in CHECK_ZLIB().

>> I'll also try to see if I get something like your
>> ldb.h #ifdef _SAMBA_BUILD_
>> hack also to work.
> 
> OK.  BTW putting it in ldb_module.h was deliberate, to avoid it being
> in a header more public than strictly required.

Thanks for reminding me!

I'm currently using abartlet/ldb-safe-locking-11
(42adb5b979cfebc86fc461dd69f1a5c7ece3f109)
in order to prepare the final branch.

metze
-------------- next part --------------
From 1f8d08f5904ab86acf28805b1a72f5bb9844fb26 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Fri, 30 Jun 2017 06:21:32 +0200
Subject: [PATCH 1/2] wafsamba: add maxversion and version_blacklist to
 CHECK_BUNDLED_SYSTEM[_PKG]()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12859

Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
 buildtools/wafsamba/samba_bundled.py | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/buildtools/wafsamba/samba_bundled.py b/buildtools/wafsamba/samba_bundled.py
index ea88807..aa6199e 100644
--- a/buildtools/wafsamba/samba_bundled.py
+++ b/buildtools/wafsamba/samba_bundled.py
@@ -110,6 +110,7 @@ def LIB_MUST_BE_PRIVATE(conf, libname):
 
 @conf
 def CHECK_BUNDLED_SYSTEM_PKG(conf, libname, minversion='0.0.0',
+        maxversion=None, version_blacklist=[],
         onlyif=None, implied_deps=None, pkg=None):
     '''check if a library is available as a system library.
 
@@ -117,12 +118,15 @@ def CHECK_BUNDLED_SYSTEM_PKG(conf, libname, minversion='0.0.0',
     '''
     return conf.CHECK_BUNDLED_SYSTEM(libname,
                                      minversion=minversion,
+                                     maxversion=maxversion,
+                                     version_blacklist=version_blacklist,
                                      onlyif=onlyif,
                                      implied_deps=implied_deps,
                                      pkg=pkg)
 
 @conf
 def CHECK_BUNDLED_SYSTEM(conf, libname, minversion='0.0.0',
+                         maxversion=None, version_blacklist=[],
                          checkfunctions=None, headers=None, checkcode=None,
                          onlyif=None, implied_deps=None,
                          require_headers=True, pkg=None, set_target=True):
@@ -181,16 +185,29 @@ def CHECK_BUNDLED_SYSTEM(conf, libname, minversion='0.0.0',
     minversion = minimum_library_version(conf, libname, minversion)
 
     msg = 'Checking for system %s' % libname
+    msg_ver = []
     if minversion != '0.0.0':
-        msg += ' >= %s' % minversion
+        msg_ver.append('>=%s' % minversion)
+    if maxversion is not None:
+        msg_ver.append('<=%s' % maxversion)
+    for v in version_blacklist:
+        msg_ver.append('!=%s' % v)
+    if msg_ver != []:
+        msg += " (%s)" % (" ".join(msg_ver))
 
     uselib_store=libname.upper()
     if pkg is None:
         pkg = libname
 
+    version_checks = '%s >= %s' % (pkg, minversion)
+    if maxversion is not None:
+        version_checks += ' %s <= %s' % (pkg, maxversion)
+    for v in version_blacklist:
+        version_checks += ' %s != %s' % (pkg, v)
+
     # try pkgconfig first
     if (conf.CHECK_CFG(package=pkg,
-                      args='"%s >= %s" --cflags --libs' % (pkg, minversion),
+                      args='"%s" --cflags --libs' % (version_checks),
                       msg=msg, uselib_store=uselib_store) and
         check_functions_headers_code()):
         if set_target:
-- 
1.9.1


From 48641e580e30817b4cdab8aa6731a6dea4ce8660 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Fri, 30 Jun 2017 06:24:01 +0200
Subject: [PATCH 2/2] ldb: protect Samba < 4.7 against incompatible ldb
 versions and require ldb < 1.2.0

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12859

Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
 lib/ldb/wscript | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/lib/ldb/wscript b/lib/ldb/wscript
index 13f1d93..16487b9 100755
--- a/lib/ldb/wscript
+++ b/lib/ldb/wscript
@@ -55,11 +55,26 @@ def configure(conf):
     conf.env.standalone_ldb = conf.IN_LAUNCH_DIR()
 
     if not conf.env.standalone_ldb:
-        if conf.CHECK_BUNDLED_SYSTEM_PKG('pyldb-util', minversion=VERSION,
+        #
+        # ldb >= 1.2.0 (as well as 1.1.30 and 1.1.31) are
+        # incompatible with Samba < 4.7
+        #
+        # See https://bugzilla.samba.org/show_bug.cgi?id=12859
+        #
+        maxversion = "1.1.99"
+        version_blacklist = ["1.1.30", "1.1.31"]
+
+        if conf.CHECK_BUNDLED_SYSTEM_PKG('pyldb-util',
+                                     minversion=VERSION,
+                                     maxversion=maxversion,
+                                     version_blacklist=version_blacklist,
                                      onlyif='talloc tdb tevent',
                                      implied_deps='replace talloc tdb tevent ldb'):
             conf.define('USING_SYSTEM_PYLDB_UTIL', 1)
-            if conf.CHECK_BUNDLED_SYSTEM_PKG('ldb', minversion=VERSION,
+            if conf.CHECK_BUNDLED_SYSTEM_PKG('ldb',
+                                         minversion=VERSION,
+                                         maxversion=maxversion,
+                                         version_blacklist=version_blacklist,
                                          onlyif='talloc tdb tevent pyldb-util',
                                          implied_deps='replace talloc tdb tevent'):
                 conf.define('USING_SYSTEM_LDB', 1)
-- 
1.9.1

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170630/fcea528b/signature.sig>

More information about the samba-technical mailing list