Building Samba master on CentOS 7 (gnutls)

Martin Schwenke martin at meltin.net
Tue Sep 3 04:44:45 UTC 2019 

Hi Andrew,

On Tue, 03 Sep 2019 15:40:29 +1200, Andrew Bartlett
<abartlet at samba.org> wrote:

> You correctly mentioned that discussing how to get past the new GnuTLS
> requirements on a unrelated and now closed Merge Request[1] is not
> really helpful.

> We do still have a mailing list, and this more 'meta' kind of issue is
> what it is for.

> The background is that we, in order to avoid having significant
> duplicated cryptographic code in the SMB2 server, we chose to
> exclusively require GnuTLS 3.5.7 or later.  We will increase this
> version in the future as and when the distribution landscape permits it
> as it is no longer favoured to have cryptographic code 'in-house'.

Sure...

> The instructions for preparing a build environment on CentOS7 are here:

> bootstrap/generated-dists/centos7/bootstrap.sh
> https://git.samba.org/?p=samba.git;a=blob_plain;f=bootstrap/generated-dists/centos7/bootstrap.sh;hb=master

> The key line is 'yum copr enable -y sergiomb/SambaAD' which enables a
> user repository with compat-gnutls34-* in it.  This is far from ideal,
> it would be much better if this was in EPEL, but someone would need to
> step up and do that.
> However this is only half of the story, as to avoid overwriting the
> system gnutls, the package is installed in a subdirectory.

The nutty thing is that I ended up removing the original gnutls
package anyway because dependent packages (including the devel
package) conflicted:

  Transaction check error:
    file /usr/lib64/libgnutlsxx.so.28.1.0 from install of compat-gnutls34-c++-3.4.17-4.el7.x86_64 conflicts with file from package gnutls-c++-3.3.29-9.el7_6.x86_64
    file /usr/lib64/libgnutls-dane.so.0 from install of compat-gnutls34-dane-3.4.17-4.el7.x86_64 conflicts with file from package gnutls-dane-3.3.29-9.el7_6.x86_64
    file /usr/lib64/libgnutls-dane.so from install of compat-gnutls34-devel-3.4.17-4.el7.x86_64 conflicts with file from package gnutls-devel-3.3.29-9.el7_6.x86_64
    file /usr/lib64/libgnutls.so from install of compat-gnutls34-devel-3.4.17-4.el7.x86_64 conflicts with file from package gnutls-devel-3.3.29-9.el7_6.x86_64

Given that gnutls.pc is in the devel package, and there's a direct
conflict between gnutls-devel and compat-gnutls34-devel, the
subdirectory for the gnutls.pc file is completely pointless.  If only
one devel package can be installed then it might as well be
self-contained...  :-(

> The build needs to first set as an environment variable
>
> PKG_CONFIG_PATH="/usr/lib64/compat-gnutls34/pkgconfig:/usr/lib64/compat-nettle32/pkgconfig"
>
> (this is in .gitlab-ci.yml).

OK, thanks!  That's the missing step!  Unless someone decides that the
subdirectory is pointless and fixes the packaging, then we should
document this with a comment in
bootstrap/generated-dists/centos7/bootstrap.sh or a README in that
directory.

I'm happy to take advice and make it so...

Thanks again!

peace & happiness,
martin

More information about the samba-technical mailing list