getting centos7 into bootstrap and gitlab CI

Andreas Schneider asn at samba.org
Tue Apr 30 13:25:18 UTC 2019 

On Tuesday, April 30, 2019 2:12:57 PM CEST Nico Kadel-Garcia via samba-
technical wrote:
> On Tue, Apr 30, 2019 at 3:58 AM Andrew Bartlett <abartlet at samba.org> wrote:
> > On Tue, 2019-04-30 at 08:38 +0200, Andreas Schneider via samba-
> > 
> > technical wrote:
> > > On Tuesday, April 30, 2019 6:30:06 AM CEST Andrew Bartlett wrote:
> > > > On Tue, 2019-04-30 at 06:21 +0200, Ralph Böhme wrote:
> > > > > > > Also, could you please look into adding CentOS 7 as a
> > > > > > > supported
> > > > > > > platform via our bootstrap system so we don't regress here in
> > > > > > > the
> > > > > > > future?  There is partial support already, but it wasn't
> > > > > > > finished
> > > > > > > (mostly to avoid chasing two rabbits at once).
> > > > > > 
> > > > > > That is a new area to me. I see that CentOS is listed under
> > > > > > bootstrap/generated-dists/centos7/. Would the only missing
> > > > > > piece be the
> > > > > > centos7 entries in .gitlab-ci.yml, or am i missing something? I
> > > > > > can give
> > > > > > that a try tomorrow.
> > > > > 
> > > > > that would be much appreciated and I can help with that, but it's
> > > > > certainly not a requirement to get your patch for the missing-
> > > > > field-
> > > > > initializers in. I'll review later on.
> > > > 
> > > > Thanks Ralph for offering to help.  It has been really cool to see
> > > > so
> > > > many folks stepping in to maintain and extend our package list.  It
> > > > is
> > > > lovely to have this task, but even more so the knowlege of how to
> > > > do it
> > > > practically, distributed around the team!
> > > > 
> > > > I totally agree this is not a pre-requisite, thanks for making that
> > > > clear!
> > > 
> > > Here we go. Should be fine as GnuTLS and KRB5 are not that old as on
> > > Ubuntu
> > > 14.04 :-)
> > > 
> > > https://gitlab.com/samba-team/samba/merge_requests/399
> > 
> > I've CC'ed Sérgio and Nico who recently had a thread about building
> > modern Samba on CentOS7.  They may be able to help here.
> > 
> > Their work is online at:
> > https://github.com/sergiomb2/SambaAD
> > https://github.com/nkadel/samba4repo
> > 
> > Thanks to everyone working to show Samba master can be built and
> > developed on CentOS7, much better to confirm this now than find out at
> > RC4 ;-)
> 
> I'm concerned that the necessary building tools for "compat-nettle32"
> and "compat-gnutls" from Sergio are not apparent in that merge
> request. I found those necessary because I disabled the "experimenta"
> MIT KRB options, and gnutls is not recent enough on RHEL 7. Sergio
> For my work, I also have a full build structure and a set of git
> submodules with all the libtdb, libtalloc, libtevent, and libldb
> libraries to build up for a full deployment: sergio used the "build
> the libraries internally in Samba" option.

The MIT Kerberos build needs to build backupkey with GnuTLS, the relevant 
symbol has been backported to RHEL7!

https://bugzilla.redhat.com/show_bug.cgi?id=1378373

However we don't have a correct configure check for that in Samba. This is in 
a branch waiting to be reviewed:

https://gitlab.com/samba-team/samba/merge_requests/393/diffs?
commit_id=5ae3d095a9d2c222a4efe018193a099c756154db

I've never tested it but with that we could probably lower the required GnuTLS 
version in a Samba AD build with MIT Kerberos to 3.2 using a patch for the 
spec file. I wouldn't do that on Samba upstream.
 
> I'm not sure how to merge the work into the existing bootstrap
> procedure, since they'd also expect these other modules to be built
> and available in the bootstrap and yum deployment. Do these bootstrap
> environment ssupport the use of "mock" ? I've also just noted that
> mock, on RHEL 7, does not support "file://$PWD" syntax for finding the
> local repository that my setup drops generated RPM's in. Works great
> on Fedora, not on RHEL 7 or CentOS 7. That means the build environment
> needs a web-based access to the built repository, which I'm doing with
> "nginx", on RHEL 7. That.... makes it more awkward for an individual
> software builder to be access their local working repositories. It can
> be done stably, but it needs to be really locked down for a safe build
> environment.

The issue is that we need at least python34-crypto, python34-dns and those are 
not available in EPEL7!

I'm sure your packages still use python2 :-)


	Andreas


-- 
Andreas Schneider                      asn at samba.org
Samba Team                             www.samba.org
GPG-ID:     8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D

More information about the samba-technical mailing list