[Samba] Rebasing a 4.11 windows build to current Samba.
Andrew Bartlett
abartlet at samba.org
Fri Dec 8 00:01:07 UTC 2023
I would note an early road block will be that we now, as of Samba 4.12,
require GnuTLS. This is probably why you used 4.11.
$ git show b406b928242c95d34568a79c10e4b004779da085
commit b406b928242c95d34568a79c10e4b004779da085
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Aug 26 14:39:40 2019 +1200
WHATSNEW: Document new GnuTLS 3.4.7 requirement
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Aug 27 06:01:50 UTC 2019 on sn-devel-
184
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 9abc4538125..c3b99dbee80 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -17,6 +17,28 @@ NEW FEATURES/CHANGES
====================
+GnuTLS 3.4.7 required
+---------------------
+
+Samba is making efforts to remove in-tree cryptographic functionality,
+and to instead rely on externally maintained libraries. To this end,
+Samba has chosen GnuTLS as our standard cryptographic provider.
+
+Samba now requires GnuTLS 3.4.7 to be installed (including development
+headers at build time) for all configurations, not just the Samba AD
+DC.
+
+NOTE WELL: The use of GnuTLS means that Samba will honour the
+system-wide 'FIPS mode' (a reference to the US FIPS-140 cryptographic
+standard) and so will not operate in many still common situations if
+this system-wide parameter is in effect, as many of our protocols rely
+on outdated cryptography.
+
+A future Samba version will mitigate this to some extent where good
+cryptography effectively wraps bad cryptography, but for now that
above
+applies.
+
+
REMOVED FEATURES
================
On Thu, 2023-12-07 at 22:32 +0000, David Bean via samba wrote:
> Andrew,
>
> Thank you for responding. I originally started down that track but
> had problems building several dependencies early on. I opted to move
> it to Cygwin because it was more familiar for me and many of the
> required dependencies were buildable. With more experience now I can
> certainly see your point as far as getting a windows build for
> mainline, so I may try that again soon.
>
> There may be some value in the Cygwin work I did for ReactOS which
> was my target so I still plan to tweak it some more.
>
> Dave Bean
> ________________________________
> From: Andrew Bartlett <
> abartlet at samba.org
> >
> Sent: Thursday, December 7, 2023 4:12 PM
> To: David Bean <
> d_bean at hotmail.com
> >;
> samba at lists.samba.org
> <
> samba at lists.samba.org
> >
> Subject: Rebasing a 4.11 windows build to current Samba.
>
> On Thu, 2023-12-07 at 19:22 +0000, David Bean via samba wrote:
>
> I have a semi working 32-bit build of Samba 4.11.0 for Windows based
> on a patched Cygwin 2.5.2 build. I wondered if anyone knows where a
> set of DIF files to move it from release 4.11.0 to the latest stable
> release of 4.19.x (or through each intervening release to that point)
> could be obtained. I would like to apply changes incrementally to
> this build to avoid breaking the current work I have in place, and a
> set of DIF files seems like a good alternative.
>
>
> Dave Bean
>
> Samba is version controlled in "git" so every change is there. We
> used to publish diffs between releases, but they are really not
> useful for what you want.
>
> What I suggest is that you have a go at applying the same changes for
> your "semi working 32-bit build for Windows" to current Samba, and
> then focus on fixing what breaks. The build system and the things
> you need are not likely to have changed that much.
>
> Or, use a 'git bisect', applying your fixes after each bisection
> point, and see how ever you can come before it stops working.
>
> In the long term, I think the best hope for Windows binaries are via
> a cross-compile with mingw on Linux, because while cross-compilation
> of Samba sucks, we already use that to build the uploaded winexe
> binary, and we could possibly accept such a change upstream and have
> it run in CI, whereas a 'build on windows' approach would never be
> able to be tested.
>
> Andrew Bartlett
>
>
> --
>
> Andrew Bartlett (he/him)
> https://samba.org/~abartlet/
>
> Samba Team Member (since 2001)
> https://samba.org
>
> Samba Team Lead
> https://catalyst.net.nz/services/samba
>
> Catalyst.Net Ltd
>
> Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
> company
>
> Samba Development and Support:
> https://catalyst.net.nz/services/samba
>
>
> Catalyst IT - Expert Open Source Solutions
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead https://catalyst.net.nz/services/samba
Catalyst.Net Ltd
Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
company
Samba Development and Support: https://catalyst.net.nz/services/samba
Catalyst IT - Expert Open Source Solutions
More information about the samba
mailing list