Building Samba master on CentOS 7 (gnutls)

Andrew Bartlett abartlet at
Wed Sep 18 23:32:36 UTC 2019

On Tue, 2019-09-03 at 14:44 +1000, Martin Schwenke wrote:
> Hi Andrew,
> On Tue, 03 Sep 2019 15:40:29 +1200, Andrew Bartlett
> <abartlet at> wrote:
> > You correctly mentioned that discussing how to get past the new GnuTLS
> > requirements on a unrelated and now closed Merge Request[1] is not
> > really helpful.
> > We do still have a mailing list, and this more 'meta' kind of issue is
> > what it is for.
> > The background is that we, in order to avoid having significant
> > duplicated cryptographic code in the SMB2 server, we chose to
> > exclusively require GnuTLS 3.5.7 or later.  We will increase this
> > version in the future as and when the distribution landscape permits it
> > as it is no longer favoured to have cryptographic code 'in-house'.
> Sure...
> > The instructions for preparing a build environment on CentOS7 are here:
> > bootstrap/generated-dists/centos7/
> >;a=blob_plain;f=bootstrap/generated-dists/centos7/;hb=master
> > The key line is 'yum copr enable -y sergiomb/SambaAD' which enables a
> > user repository with compat-gnutls34-* in it.  This is far from ideal,
> > it would be much better if this was in EPEL, but someone would need to
> > step up and do that.
> > However this is only half of the story, as to avoid overwriting the
> > system gnutls, the package is installed in a subdirectory.
> The nutty thing is that I ended up removing the original gnutls
> package anyway because dependent packages (including the devel
> package) conflicted:
>   Transaction check error:
>     file /usr/lib64/ from install of compat-gnutls34-c++-3.4.17-4.el7.x86_64 conflicts with file from package gnutls-c++-3.3.29-9.el7_6.x86_64
>     file /usr/lib64/ from install of compat-gnutls34-dane-3.4.17-4.el7.x86_64 conflicts with file from package gnutls-dane-3.3.29-9.el7_6.x86_64
>     file /usr/lib64/ from install of compat-gnutls34-devel-3.4.17-4.el7.x86_64 conflicts with file from package gnutls-devel-3.3.29-9.el7_6.x86_64
>     file /usr/lib64/ from install of compat-gnutls34-devel-3.4.17-4.el7.x86_64 conflicts with file from package gnutls-devel-3.3.29-9.el7_6.x86_64
> Given that gnutls.pc is in the devel package, and there's a direct
> conflict between gnutls-devel and compat-gnutls34-devel, the
> subdirectory for the gnutls.pc file is completely pointless.  If only
> one devel package can be installed then it might as well be
> self-contained...  :-(

Drat.  That isn't ideal.

> > The build needs to first set as an environment variable
> > 
> > PKG_CONFIG_PATH="/usr/lib64/compat-gnutls34/pkgconfig:/usr/lib64/compat-nettle32/pkgconfig"
> > 
> > (this is in .gitlab-ci.yml).
> OK, thanks!  That's the missing step!  Unless someone decides that the
> subdirectory is pointless and fixes the packaging, then we should
> document this with a comment in
> bootstrap/generated-dists/centos7/ or a README in that
> directory.
> I'm happy to take advice and make it so...

We can't easily add comments like that to the, but a README
might work.  Only trouble is that you will need to modify
bootstrap/ to also exclude that new file from the sha1sum

Getting a better gnutls34 or later package into EPEL without the
conflicts would also be really helpful.

Sorry this didn't go as well as I had hoped and hopefully smoother
sailing with CentOS8 is on the way soon.

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team
Samba Development and Support, Catalyst IT

More information about the samba-technical mailing list