[Samba] Rebasing a 4.11 windows build to current Samba.

Andrew Bartlett abartlet at samba.org
Fri Dec 8 00:01:07 UTC 2023 

I would note an early road block will be that we now, as of Samba 4.12,
require GnuTLS.  This is probably why you used 4.11.

$ git show b406b928242c95d34568a79c10e4b004779da085
commit b406b928242c95d34568a79c10e4b004779da085
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Mon Aug 26 14:39:40 2019 +1200

    WHATSNEW: Document new GnuTLS 3.4.7 requirement
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
    
    Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
    Autobuild-Date(master): Tue Aug 27 06:01:50 UTC 2019 on sn-devel-
184

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 9abc4538125..c3b99dbee80 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -17,6 +17,28 @@ NEW FEATURES/CHANGES
 ====================
 
 
+GnuTLS 3.4.7 required
+---------------------
+
+Samba is making efforts to remove in-tree cryptographic functionality,
+and to instead rely on externally maintained libraries.  To this end,
+Samba has chosen GnuTLS as our standard cryptographic provider.
+
+Samba now requires GnuTLS 3.4.7 to be installed (including development
+headers at build time) for all configurations, not just the Samba AD
+DC.
+
+NOTE WELL: The use of GnuTLS means that Samba will honour the
+system-wide 'FIPS mode' (a reference to the US FIPS-140 cryptographic
+standard) and so will not operate in many still common situations if
+this system-wide parameter is in effect, as many of our protocols rely
+on outdated cryptography.
+
+A future Samba version will mitigate this to some extent where good
+cryptography effectively wraps bad cryptography, but for now that
above
+applies.
+
+
 REMOVED FEATURES
 ================
 

On Thu, 2023-12-07 at 22:32 +0000, David Bean via samba wrote:
> Andrew,
> 
> Thank you for responding. I originally started down that track but
> had problems building several dependencies early on. I opted to move
> it to Cygwin because it was more familiar for me and many of the
> required dependencies were buildable. With more experience now I can
> certainly see your point as far as getting a windows build for
> mainline, so I may try that again soon.
> 
> There may be some value in the Cygwin work I did for ReactOS which
> was my target so I still plan to tweak it some more.
> 
> Dave Bean
> ________________________________
> From: Andrew Bartlett <
> abartlet at samba.org
> >
> Sent: Thursday, December 7, 2023 4:12 PM
> To: David Bean <
> d_bean at hotmail.com
> >; 
> samba at lists.samba.org
>  <
> samba at lists.samba.org
> >
> Subject: Rebasing a 4.11 windows build to current Samba.
> 
> On Thu, 2023-12-07 at 19:22 +0000, David Bean via samba wrote:
> 
> I have a semi working 32-bit build of Samba 4.11.0 for Windows based
> on a patched Cygwin 2.5.2 build. I wondered if anyone knows where a
> set of DIF files to move it from release 4.11.0 to the latest stable
> release of 4.19.x (or through each intervening release to that point)
> could be obtained. I would like to apply changes incrementally to
> this build to avoid breaking the current work I have in place, and a
> set of DIF files seems like a good alternative.
> 
> 
> Dave Bean
> 
> Samba is version controlled in "git" so every change is there.  We
> used to publish diffs between releases, but they are really not
> useful for what you want.
> 
> What I suggest is that you have a go at applying the same changes for
> your "semi working 32-bit build for Windows" to current Samba, and
> then focus on fixing what breaks.  The build system and the things
> you need are not likely to have changed that much.
> 
> Or, use a 'git bisect', applying your fixes after each bisection
> point, and see how ever you can come before it stops working.
> 
> In the long term, I think the best hope for Windows binaries are via
> a cross-compile with mingw on Linux, because while cross-compilation
> of Samba sucks, we already use that to build the uploaded winexe
> binary, and we could possibly accept such a change upstream and have
> it run in CI, whereas a 'build on windows' approach would never be
> able to be tested.
> 
> Andrew Bartlett
> 
> 
> --
> 
> Andrew Bartlett (he/him)       
> https://samba.org/~abartlet/
> 
> Samba Team Member (since 2001) 
> https://samba.org
> 
> Samba Team Lead                
> https://catalyst.net.nz/services/samba
> 
> Catalyst.Net Ltd
> 
> Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
> company
> 
> Samba Development and Support: 
> https://catalyst.net.nz/services/samba
> 
> 
> Catalyst IT - Expert Open Source Solutions
-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead                https://catalyst.net.nz/services/samba
Catalyst.Net Ltd

Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
company

Samba Development and Support: https://catalyst.net.nz/services/samba

Catalyst IT - Expert Open Source Solutions

More information about the samba mailing list