Building Samba master on CentOS 7 (gnutls)
Andrew Bartlett
abartlet at samba.org
Tue Sep 3 03:40:29 UTC 2019
G'Day Martin,
You correctly mentioned that discussing how to get past the new GnuTLS
requirements on a unrelated and now closed Merge Request[1] is not
really helpful.
We do still have a mailing list, and this more 'meta' kind of issue is
what it is for.
The background is that we, in order to avoid having significant
duplicated cryptographic code in the SMB2 server, we chose to
exclusively require GnuTLS 3.5.7 or later. We will increase this
version in the future as and when the distribution landscape permits it
as it is no longer favoured to have cryptographic code 'in-house'.
The instructions for preparing a build environment on CentOS7 are here:
bootstrap/generated-dists/centos7/bootstrap.sh
https://git.samba.org/?p=samba.git;a=blob_plain;f=bootstrap/generated-dists/centos7/bootstrap.sh;hb=master
The key line is 'yum copr enable -y sergiomb/SambaAD' which enables a
user repository with compat-gnutls34-* in it. This is far from ideal,
it would be much better if this was in EPEL, but someone would need to
step up and do that.
However this is only half of the story, as to avoid overwriting the
system gnutls, the package is installed in a subdirectory.
The build needs to first set as an environment variable
PKG_CONFIG_PATH="/usr/lib64/compat-gnutls34/pkgconfig:/usr/lib64/compat-nettle32/pkgconfig"
(this is in .gitlab-ci.yml).
Do let me know if you have any further trouble and I'll spin up and image and debug further for you.
Thanks,
[1] https://gitlab.com/samba-team/samba/merge_requests/745#note_211012864
--
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Development and Support, Catalyst IT
https://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list