[PATCHES] Fix build with system provided Heimdal library
Christof Schmitt
cs at samba.org
Thu Jun 28 23:21:15 UTC 2018
On Wed, Jun 27, 2018 at 09:36:27AM -0700, Christof Schmitt wrote:
> On Wed, Jun 27, 2018 at 11:53:03AM +1200, Andrew Bartlett wrote:
> > On Tue, 2018-06-26 at 16:33 -0700, Christof Schmitt wrote:
> > > On Wed, Jun 27, 2018 at 11:10:15AM +1200, Andrew Bartlett wrote:
> > > > On Tue, 2018-06-26 at 15:07 -0700, Christof Schmitt via samba-technical
> > > > wrote:
> > > > > This was triggered by the fact that Ubuntu 18.04 provides libldap that
> > > > > depends on the Heimdal kerberos library. Building a simple Samba file
> > > > > server with the requirement that only one Kerberos is used, then
> > > > > requires building against the system provided Heimdal library (as
> > > > > libldap already has the dependency).
> > > > >
> > > > > The configure command which allowed this to work was:
> > > > >
> > > > > ./configure \
> > > > > --bundled-libraries='!heimdal,!asn1,!com_err,!roken,!hx509,!wind,!gssapi,!hcrypto,!krb5,!heimbase,!asn1_compile,!compile_et,!kdc,!hdb,!heimntlm'
> > > > > --without-ad-dc --disable-cups
> > > > >
> > > > > Note that on this system --disable-cups was required as well, as libcups
> > > > > in Ubuntu 18.04 depends on MIT kerberos.
> > > > >
> > > > > The two attached patches are required for this build to succeed.
> > > >
> > > > G'Day Christof,
> > > >
> > > > I'm surprised this hasn't come up before. Is it your additional
> > > > requirement that you only have one krb5 lib, or has something changed
> > > > on the Ubuntu side? It just feels very strange at this point.
> > >
> > > Yes. A simple file server that only depends on one Kerberos library.
> > > That has to be Heimdal due to the libldap dependency on Heimdal.
> >
> > Just to be clear, which is it, an additional requirement from you (or
> > your use case) or is something breaking generally on Ubuntu 18.04?
>
> It is for my usecase. From what i see, this problem cannot be easily
> solved for the Ubuntu provided Samba package, as that depends on libldap
> which pulls in Heimdal kerberos and also on libcups which depends on MIT
> kerberos.
>
> As a first step, it should be possible to have a simple Samba file
> server build that works with a system provided Heimdal kerberos.
>
> > > > If we are to allow that we need to bundle it up into a sensible option
> > > > like the --with-system-mitkrb5, and force it to fail unless --without-
> > > > ad-dc is set.
> > >
> > > I can look into adding that. I assume that that would be a check in the
> > > top-level wscript.
> >
> > Thanks.
> >
> > > > We would also need an autobuild target and to update the docker
> > > > container and sn-devel to match.
> > >
> > > The autobuild target should be easy, but i would need help with updating
> > > the container.
> >
> > I can help with that.
> >
> > > > In the meantime can you push a branch to gitlab so we can see what this
> > > > change does to the rest of the build?
> > >
> > > Let me sign up for gitlab first and then try pushing the branch.
> >
> > Let me know your username and I'll add you to the group.
>
> https://gitlab.com/christofschmitt
Thank you. I managed to run the CI test, but keep getting errors. I need
to find some time to go through them.
Christof
More information about the samba-technical
mailing list