Building Samba master on CentOS 7 (gnutls)

[Andrew Bartlett]

G'Day Martin,

You correctly mentioned that discussing how to get past the new GnuTLS
requirements on a unrelated and now closed Merge Request[1] is not
really helpful.

We do still have a mailing list, and this more 'meta' kind of issue is
what it is for.

The background is that we, in order to avoid having significant
duplicated cryptographic code in the SMB2 server, we chose to
exclusively require GnuTLS 3.5.7 or later.  We will increase this
version in the future as and when the distribution landscape permits it
as it is no longer favoured to have cryptographic code 'in-house'.

The instructions for preparing a build environment on CentOS7 are here:

bootstrap/generated-dists/centos7/bootstrap.sh
https://git.samba.org/?p=samba.git;a=blob_plain;f=bootstrap/generated-dists/centos7/bootstrap.sh;hb=master

The key line is 'yum copr enable -y sergiomb/SambaAD' which enables a
user repository with compat-gnutls34-* in it.  This is far from ideal,
it would be much better if this was in EPEL, but someone would need to
step up and do that.

However this is only half of the story, as to avoid overwriting the
system gnutls, the package is installed in a subdirectory.

The build needs to first set as an environment variable

PKG_CONFIG_PATH="/usr/lib64/compat-gnutls34/pkgconfig:/usr/lib64/compat-nettle32/pkgconfig"

(this is in .gitlab-ci.yml). 

Do let me know if you have any further trouble and I'll spin up and image and debug further for you. 

Thanks,

[1] https://gitlab.com/samba-team/samba/merge_requests/745#note_211012864
-- 
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team         https://samba.org
Samba Development and Support, Catalyst IT   
https://catalyst.net.nz/services/samba