[PATCH] Re: 4.2.0 compile error on our centos-6 and centos-7 systems (gnutls related)

Andrew Bartlett abartlet at samba.org
Thu Mar 12 18:22:17 MDT 2015 

On Thu, 2015-03-12 at 22:20 +1300, Andrew Bartlett wrote:
> On Thu, 2015-03-12 at 17:33 +1300, Andrew Bartlett wrote:
> > On Wed, 2015-03-11 at 10:46 -0400, Thomas Schulz wrote:
> > > > On Tue, 2015-03-10 at 19:35 +0100, Andreas Schneider wrote:
> > > > > On Wednesday 11 March 2015 07:20:13 Andrew Bartlett wrote:
> > > > > > On Mon, 2015-03-09 at 21:21 +0100, Andreas Schneider wrote:
> > > > > > > >From 3fa45a6301607cda2a632c0102768576db3c65a6 Mon Sep 17 00:00:00 2001
> > > > > > > 
> > > > > > > From: Andreas Schneider <asn at samba.org>
> > > > > > > 
> > > > > > > Date: Mon, 9 Mar 2015 21:14:19 +0100
> > > > > > > 
> > > > > > > Subject: [PATCH 3/3] s4-tls: Remove obsolete gcrypt support.
> > > > > > > 
> > > > > > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=11135
> > > > > > > 
> > > > > > > Since GnuTLS 3.0 nettle is used instead of gcrypt.
> > > > > > 
> > > > > > Shouldn't this be conditional on the version of GnuTLS?
> > > > > 
> > > > > We only call one function of grcypt which we do not really have to call. 
> > > > > GnuTLS should correclty initialize gcrypt if it uses it. But since quite some 
> > > > > time (2010/2011) GnuTLS dropped support for gcrypt. I don't see a reason why 
> > > > > we should still link against it.
> > > > 
> > > > Because if we don't set that flag, we had testsuites bog down as it
> > > > foolishly demanded keys from /dev/random, as I recall it.  See
> > > > b1ff79dbb246e717fc4a62c7a615ca7ce9ccc302
> > > > 
> > > > That is, to remove that linkage, please also bump the minimum version to
> > > > 3.0.
> > > > 
> > > > Thanks!
> > > > 
> > > > Andrew Bartlett
> > > 
> > > You probably should make things conditional on the version of GnuTLS.
> > > 
> > > Consider the case where the latest version of GnuTLS is obtained and
> > > installed because the original version is way too old. This can leave a
> > > very old version of libgcrypt installed. This can cause the build to fail.
> > > 
> > > I received the following error:
> > > 
> > > ../source4/lib/tls/tlscert.c", line 74: undefined symbol:
> > >    GCRYCTL_ENABLE_QUICK_RANDOM
> > 
> > Thanks.  Can you try the attached patches in this situation?
> > 
> > I've built Centos7 and Fedora 21 build boxes, but these never showed the
> > original failure, so I'm assuming it was just the --disable-gnutls some
> > folks had in their standard configure lines.
> 
> I've uploaded this patch to bug.  
> 
> Andreas,
> 
> Please review/push if you are happy, it seems to work well on the
> systems I have access to. 

These are now in master. Bug
https://bugzilla.samba.org/show_bug.cgi?id=11135 is tracking them into
4.2

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list