getting centos7 into bootstrap and gitlab CI

Tue Apr 30 14:10:23 UTC 2019

On Tuesday, April 30, 2019 3:58:45 PM CEST Rowland Penny wrote:
> On Tue, 30 Apr 2019 15:25:18 +0200
> Andreas Schneider via samba-technical <samba-technical at lists.samba.org>
> 
> wrote:
> > On Tuesday, April 30, 2019 2:12:57 PM CEST Nico Kadel-Garcia via
> > 
> > samba- technical wrote:
> > > On Tue, Apr 30, 2019 at 3:58 AM Andrew Bartlett
> > > 
> > > <abartlet at samba.org> wrote:
> > > > On Tue, 2019-04-30 at 08:38 +0200, Andreas Schneider via samba-
> > > > 
> > > > technical wrote:
> > > > > On Tuesday, April 30, 2019 6:30:06 AM CEST Andrew Bartlett
> > > > > 
> > > > > wrote:
> > > > > > On Tue, 2019-04-30 at 06:21 +0200, Ralph Böhme wrote:
> > > > > > > > > Also, could you please look into adding CentOS 7 as a
> > > > > > > > > supported
> > > > > > > > > platform via our bootstrap system so we don't regress
> > > > > > > > > here in the
> > > > > > > > > future?  There is partial support already, but it wasn't
> > > > > > > > > finished
> > > > > > > > > (mostly to avoid chasing two rabbits at once).
> > > > > > > > 
> > > > > > > > That is a new area to me. I see that CentOS is listed
> > > > > > > > under bootstrap/generated-dists/centos7/. Would the only
> > > > > > > > missing piece be the
> > > > > > > > centos7 entries in .gitlab-ci.yml, or am i missing
> > > > > > > > something? I can give
> > > > > > > > that a try tomorrow.
> > > > > > > 
> > > > > > > that would be much appreciated and I can help with that,
> > > > > > > but it's certainly not a requirement to get your patch for
> > > > > > > the missing- field-
> > > > > > > initializers in. I'll review later on.
> > > > > > 
> > > > > > Thanks Ralph for offering to help.  It has been really cool
> > > > > > to see so
> > > > > > many folks stepping in to maintain and extend our package
> > > > > > list.  It is
> > > > > > lovely to have this task, but even more so the knowlege of
> > > > > > how to do it
> > > > > > practically, distributed around the team!
> > > > > > 
> > > > > > I totally agree this is not a pre-requisite, thanks for
> > > > > > making that clear!
> > > > > 
> > > > > Here we go. Should be fine as GnuTLS and KRB5 are not that old
> > > > > as on Ubuntu
> > > > > 14.04 :-)
> > > > > 
> > > > > https://gitlab.com/samba-team/samba/merge_requests/399
> > > > 
> > > > I've CC'ed Sérgio and Nico who recently had a thread about
> > > > building modern Samba on CentOS7.  They may be able to help here.
> > > > 
> > > > Their work is online at:
> > > > https://github.com/sergiomb2/SambaAD
> > > > https://github.com/nkadel/samba4repo
> > > > 
> > > > Thanks to everyone working to show Samba master can be built and
> > > > developed on CentOS7, much better to confirm this now than find
> > > > out at RC4 ;-)
> > > 
> > > I'm concerned that the necessary building tools for
> > > "compat-nettle32" and "compat-gnutls" from Sergio are not apparent
> > > in that merge request. I found those necessary because I disabled
> > > the "experimenta" MIT KRB options, and gnutls is not recent enough
> > > on RHEL 7. Sergio For my work, I also have a full build structure
> > > and a set of git submodules with all the libtdb, libtalloc,
> > > libtevent, and libldb libraries to build up for a full deployment:
> > > sergio used the "build the libraries internally in Samba" option.
> > 
> > The MIT Kerberos build needs to build backupkey with GnuTLS, the
> > relevant symbol has been backported to RHEL7!
> > 
> > https://bugzilla.redhat.com/show_bug.cgi?id=1378373
> > 
> > However we don't have a correct configure check for that in Samba.
> > This is in a branch waiting to be reviewed:
> > 
> > https://gitlab.com/samba-team/samba/merge_requests/393/diffs?
> > commit_id=5ae3d095a9d2c222a4efe018193a099c756154db
> > 
> > I've never tested it but with that we could probably lower the
> > required GnuTLS version in a Samba AD build with MIT Kerberos to 3.2
> > using a patch for the spec file. I wouldn't do that on Samba upstream.
> > 
> > > I'm not sure how to merge the work into the existing bootstrap
> > > procedure, since they'd also expect these other modules to be built
> > > and available in the bootstrap and yum deployment. Do these
> > > bootstrap environment ssupport the use of "mock" ? I've also just
> > > noted that mock, on RHEL 7, does not support "file://$PWD" syntax
> > > for finding the local repository that my setup drops generated
> > > RPM's in. Works great on Fedora, not on RHEL 7 or CentOS 7. That
> > > means the build environment needs a web-based access to the built
> > > repository, which I'm doing with "nginx", on RHEL 7. That.... makes
> > > it more awkward for an individual software builder to be access
> > > their local working repositories. It can be done stably, but it
> > > needs to be really locked down for a safe build environment.
> > 
> > The issue is that we need at least python34-crypto, python34-dns and
> > those are not available in EPEL7!
> > 
> > I'm sure your packages still use python2 :-)
> > 
> > 	Andreas
> 
> Quite right EPEL doesn't have python34-crypto or python34-dns, but it
> does have these:
> 
> https://www.mirrorservice.org/sites/dl.fedoraproject.org/pub/epel/7/x86_64/P
> ackages/p/python36-crypto-2.6.1-16.el7.x86_64.rpm
> https://www.mirrorservice.org/sites/dl.fedoraproject.org/pub/epel/7/x86_64/
> Packages/p/python36-dns-1.15.0-8.el7.noarch.rpm

I think we are more lucky once RHEL 7.7 is out :-)

-- 
Andreas Schneider                      asn at samba.org
Samba Team                             www.samba.org
GPG-ID:     8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D