Require GnuTLS 3.4.7 for Samba 4.12 in March 2020?

Thu Aug 8 12:06:10 UTC 2019

On Thu, Aug 8, 2019 at 1:07 AM Andrew Bartlett <abartlet at samba.org> wrote:
>
> On Thu, 2019-08-01 at 08:58 +0200, Andreas Schneider wrote:
> > On Wednesday, July 31, 2019 7:37:10 AM CEST Nico Kadel-Garcia via samba-
> > technical wrote:
> > > I only repackage that, I didn't write it, Credit where it's due, and
> > >
> > > quoting from the README.md there:
> > > > > This is based on sergiomb2's work at
> > > > >
> > > > >  https://github.com/sergiomb2/SambaAD
> > >
> > > So Sergio gets credit. But I'm already using it for RHEL 7/CenbtOS 7.
> > > I've done some very limited testing with RHEL 8, but am waiting for
> > > CentOS 8 to finally be released to really test  that.
> > >
> > > > > [1] Sadly we couldn't totally remove the Samba AES code, as SMB 2.24
> > > > > requires AES-CMAC-128, but the impact would be far more constrained.
> > >
> > > Fair enough. I'd say accept the requirement of a compatibility library
> > > for older operating systems, and I'm glad Sergio did most of the work.
> >
> > Is there a copr repo with the compat-gnutls34 available somewhere?
> >
>
> Do you mean this:
>
> https://copr.fedorainfracloud.org/coprs/sergiomb/SambaAD/package/compat
> -gnutls34/
>
> Andreas,
>
> Can you take charge of getting this into to the CentOS7 image used for
> CI so we can proceed with this?
>
> Thanks,
>
> Andrew Bartlett

That's the one I use. I refactored those for my samba4repo.

https://github.com/nkadel/compat-gnutls34-3.x-srpm

You'll also need the compat-nettle32 package, which is a dependency
for compat-gnutls34.

https://github.com/nkadel/compat-nettle32-3.x-srpm

I'm not sure what you're using for CI. I really have gotten
comfortable with the "samba4repo" setup I use, where all the libraries
are in their own git repos and I use git submodules, and I use "mock"
to provide a full end-to-end build of all the packages in a local
repo. That is the setup I've mentioned before, at:

https://github.com/nkadel/samba4repo

I'm afraid that whether mock on a particular operating system handles
a local file:/// repository has been a bit of a crapshoot, to make
this work on some build hosts I've had to activate a web service to
enable http:// access to the local repo. My setup includes building
some nginx.conf.d/ files for providing just that, as well.