[PATCHES] Fix build with system provided Heimdal library
Christof Schmitt
cs at samba.org
Wed Jun 27 16:36:28 UTC 2018
On Wed, Jun 27, 2018 at 11:53:03AM +1200, Andrew Bartlett wrote:
> On Tue, 2018-06-26 at 16:33 -0700, Christof Schmitt wrote:
> > On Wed, Jun 27, 2018 at 11:10:15AM +1200, Andrew Bartlett wrote:
> > > On Tue, 2018-06-26 at 15:07 -0700, Christof Schmitt via samba-technical
> > > wrote:
> > > > This was triggered by the fact that Ubuntu 18.04 provides libldap that
> > > > depends on the Heimdal kerberos library. Building a simple Samba file
> > > > server with the requirement that only one Kerberos is used, then
> > > > requires building against the system provided Heimdal library (as
> > > > libldap already has the dependency).
> > > >
> > > > The configure command which allowed this to work was:
> > > >
> > > > ./configure \
> > > > --bundled-libraries='!heimdal,!asn1,!com_err,!roken,!hx509,!wind,!gssapi,!hcrypto,!krb5,!heimbase,!asn1_compile,!compile_et,!kdc,!hdb,!heimntlm'
> > > > --without-ad-dc --disable-cups
> > > >
> > > > Note that on this system --disable-cups was required as well, as libcups
> > > > in Ubuntu 18.04 depends on MIT kerberos.
> > > >
> > > > The two attached patches are required for this build to succeed.
> > >
> > > G'Day Christof,
> > >
> > > I'm surprised this hasn't come up before. Is it your additional
> > > requirement that you only have one krb5 lib, or has something changed
> > > on the Ubuntu side? It just feels very strange at this point.
> >
> > Yes. A simple file server that only depends on one Kerberos library.
> > That has to be Heimdal due to the libldap dependency on Heimdal.
>
> Just to be clear, which is it, an additional requirement from you (or
> your use case) or is something breaking generally on Ubuntu 18.04?
It is for my usecase. From what i see, this problem cannot be easily
solved for the Ubuntu provided Samba package, as that depends on libldap
which pulls in Heimdal kerberos and also on libcups which depends on MIT
kerberos.
As a first step, it should be possible to have a simple Samba file
server build that works with a system provided Heimdal kerberos.
> > > If we are to allow that we need to bundle it up into a sensible option
> > > like the --with-system-mitkrb5, and force it to fail unless --without-
> > > ad-dc is set.
> >
> > I can look into adding that. I assume that that would be a check in the
> > top-level wscript.
>
> Thanks.
>
> > > We would also need an autobuild target and to update the docker
> > > container and sn-devel to match.
> >
> > The autobuild target should be easy, but i would need help with updating
> > the container.
>
> I can help with that.
>
> > > In the meantime can you push a branch to gitlab so we can see what this
> > > change does to the rest of the build?
> >
> > Let me sign up for gitlab first and then try pushing the branch.
>
> Let me know your username and I'll add you to the group.
https://gitlab.com/christofschmitt
Christof
More information about the samba-technical
mailing list