The Samba-Bugzilla – Attachment 10833 Details for
Bug 11135
700 testsuites are failing since backupkey changed to gnutls
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for master v2
gnutls2.patch (text/plain), 7.57 KB, created by
Andreas Schneider
on 2015-03-09 20:22:04 UTC
(
hide
)
Description:
patch for master v2
Filename:
MIME Type:
Creator:
Andreas Schneider
Created:
2015-03-09 20:22:04 UTC
Size:
7.57 KB
patch
obsolete
>From 8eda48756017db6202fe4ec8a27df0a28a403052 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Mon, 9 Mar 2015 21:08:44 +0100 >Subject: [PATCH 1/3] s4-backupkey: This has been migrated to GnuTLS. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11135 > >Signed-off-by: Andreas Schneider <asn@samba.org> >--- > source4/rpc_server/wscript_build | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/source4/rpc_server/wscript_build b/source4/rpc_server/wscript_build >index c79c1827..b8679bb 100755 >--- a/source4/rpc_server/wscript_build >+++ b/source4/rpc_server/wscript_build >@@ -115,7 +115,7 @@ bld.SAMBA_MODULE('dcerpc_backupkey', > autoproto='backupkey/proto.h', > subsystem='dcerpc_server', > init_function='dcerpc_server_backupkey_init', >- deps='samdb DCERPC_COMMON NDR_BACKUPKEY RPC_NDR_BACKUPKEY krb5 hx509 hcrypto' >+ deps='samdb DCERPC_COMMON NDR_BACKUPKEY RPC_NDR_BACKUPKEY krb5 gnutls' > ) > > >-- >2.3.2 > > >From 56cf638ac0d575854ea84c6db23fc4e321ab95b8 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Mon, 9 Mar 2015 21:08:04 +0100 >Subject: [PATCH 2/3] s4-tls: Always require gnutls. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11135 > >Signed-off-by: Andreas Schneider <asn@samba.org> >--- > source4/lib/tls/tlscert.c | 5 ----- > source4/lib/tls/wscript | 23 ----------------------- > wscript | 1 - > 3 files changed, 29 deletions(-) > >diff --git a/source4/lib/tls/tlscert.c b/source4/lib/tls/tlscert.c >index 8a19e0a..21c12bf 100644 >--- a/source4/lib/tls/tlscert.c >+++ b/source4/lib/tls/tlscert.c >@@ -21,7 +21,6 @@ > > #include "includes.h" > >-#if ENABLE_GNUTLS > #include <gnutls/gnutls.h> > #include <gnutls/x509.h> > #if HAVE_GCRYPT_H >@@ -169,7 +168,3 @@ void tls_cert_generate(TALLOC_CTX *mem_ctx, > failed: > DEBUG(0,("TLS certificate generation failed\n")); > } >- >-#else >-void tls_cert_dummy(void) {} >-#endif >diff --git a/source4/lib/tls/wscript b/source4/lib/tls/wscript >index ae96395..5a8679f 100644 >--- a/source4/lib/tls/wscript >+++ b/source4/lib/tls/wscript >@@ -3,32 +3,11 @@ > import Options > from optparse import SUPPRESS_HELP > >-def set_options(opt): >- # allow users to disable gnutls >- opt.add_option('--enable-gnutls', >- help=("Enable use of gnutls"), >- action="store_true", dest='enable_gnutls', default=True) >- opt.add_option('--disable-gnutls', help=SUPPRESS_HELP, action="store_false", dest='enable_gnutls') >- >- > def configure(conf): >- conf.env.enable_gnutls = Options.options.enable_gnutls >- if not conf.env.enable_gnutls: >- conf.SET_TARGET_TYPE('gnutls', 'DISABLED') >- conf.SET_TARGET_TYPE('gcrypt', 'DISABLED') >- conf.SET_TARGET_TYPE('gpg-error', 'DISABLED') >- return >- > conf.check_cfg(package='gnutls', > args='"gnutls >= 1.4.0 gnutls != 2.2.4 gnutls != 2.8.0 gnutls != 2.8.1" --cflags --libs', > msg='Checking for gnutls >= 1.4.0 and broken versions', mandatory=False) > >- if 'HAVE_GNUTLS' in conf.env: >- conf.DEFINE('ENABLE_GNUTLS', 1) >- else: >- if 'AD_DC_BUILD_IS_ENABLED' in conf.env: >- conf.fatal("Building the AD DC requires GnuTLS (eg libgnutls-dev, gnutls-devel) for ldaps:// support and for the BackupKey protocol") >- > conf.CHECK_FUNCS_IN('gnutls_global_init', 'gnutls', > headers='gnutls/gnutls.h') > >@@ -46,8 +25,6 @@ def configure(conf): > headers='gnutls/gnutls.h', lib='gnutls') > > conf.CHECK_FUNCS_IN('gcry_control', 'gcrypt', headers='gcrypt.h') >- conf.CHECK_FUNCS_IN('gpg_err_code_from_errno', 'gpg-error') >- > > def build(bld): > bld.SAMBA_SUBSYSTEM('LIBTLS', >diff --git a/wscript b/wscript >index f1d2e97..b0ea7f4 100644 >--- a/wscript >+++ b/wscript >@@ -39,7 +39,6 @@ def set_options(opt): > opt.RECURSE('lib/ldb') > opt.RECURSE('lib/ntdb') > opt.RECURSE('selftest') >- opt.RECURSE('source4/lib/tls') > opt.RECURSE('pidl') > opt.RECURSE('source3') > opt.RECURSE('lib/util') >-- >2.3.2 > > >From 83a7fa33334c3034c7952e32114e0d95f61e43c3 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Mon, 9 Mar 2015 21:14:19 +0100 >Subject: [PATCH 3/3] s4-tls: Remove obsolete gcrypt support. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11135 > >Since GnuTLS 3.0 nettle is used instead of gcrypt. > >Signed-off-by: Andreas Schneider <asn@samba.org> >--- > lib/replace/wscript | 2 +- > source4/lib/tls/tlscert.c | 8 -------- > source4/lib/tls/wscript | 4 +--- > source4/rpc_server/backupkey/dcesrv_backupkey.c | 9 +-------- > 4 files changed, 3 insertions(+), 20 deletions(-) > >diff --git a/lib/replace/wscript b/lib/replace/wscript >index f8a0179..1949448 100644 >--- a/lib/replace/wscript >+++ b/lib/replace/wscript >@@ -53,7 +53,7 @@ def configure(conf): > conf.CHECK_HEADERS('sys/uio.h ifaddrs.h direct.h dirent.h') > conf.CHECK_HEADERS('windows.h winsock2.h ws2tcpip.h') > conf.CHECK_HEADERS('errno.h') >- conf.CHECK_HEADERS('gcrypt.h getopt.h iconv.h') >+ conf.CHECK_HEADERS('getopt.h iconv.h') > conf.CHECK_HEADERS('memory.h nss.h sasl/sasl.h') > > conf.CHECK_FUNCS_IN('inotify_init', 'inotify', checklibc=True, >diff --git a/source4/lib/tls/tlscert.c b/source4/lib/tls/tlscert.c >index 21c12bf..453be2f 100644 >--- a/source4/lib/tls/tlscert.c >+++ b/source4/lib/tls/tlscert.c >@@ -23,9 +23,6 @@ > > #include <gnutls/gnutls.h> > #include <gnutls/x509.h> >-#if HAVE_GCRYPT_H >-#include <gcrypt.h> >-#endif > > #define ORGANISATION_NAME "Samba Administration" > #define UNIT_NAME "Samba - temporary autogenerated certificate" >@@ -67,11 +64,6 @@ void tls_cert_generate(TALLOC_CTX *mem_ctx, > > DEBUG(0,("Attempting to autogenerate TLS self-signed keys for https for hostname '%s'\n", > hostname)); >- >-#ifdef HAVE_GCRYPT_H >- DEBUG(3,("Enabling QUICK mode in gcrypt\n")); >- gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0); >-#endif > > DEBUG(3,("Generating private key\n")); > TLSCHECK(gnutls_x509_privkey_init(&key)); >diff --git a/source4/lib/tls/wscript b/source4/lib/tls/wscript >index 5a8679f..840ed64 100644 >--- a/source4/lib/tls/wscript >+++ b/source4/lib/tls/wscript >@@ -24,11 +24,9 @@ def configure(conf): > conf.CHECK_TYPES('gnutls_datum gnutls_datum_t', > headers='gnutls/gnutls.h', lib='gnutls') > >- conf.CHECK_FUNCS_IN('gcry_control', 'gcrypt', headers='gcrypt.h') >- > def build(bld): > bld.SAMBA_SUBSYSTEM('LIBTLS', > source='tls.c tlscert.c tls_tstream.c', > allow_warnings=True, >- public_deps='talloc gnutls gcrypt samba-hostconfig samba_socket LIBTSOCKET tevent tevent-util' >+ public_deps='talloc gnutls samba-hostconfig samba_socket LIBTSOCKET tevent tevent-util' > ) >diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey.c b/source4/rpc_server/backupkey/dcesrv_backupkey.c >index 04308bc..8fd4737 100644 >--- a/source4/rpc_server/backupkey/dcesrv_backupkey.c >+++ b/source4/rpc_server/backupkey/dcesrv_backupkey.c >@@ -43,10 +43,6 @@ > #include "lib/crypto/arcfour.h" > #include <gnutls/gnutls.h> > #include <gnutls/x509.h> >-#if HAVE_GCRYPT_H >-#include <gcrypt.h> >-#endif >- > > static const unsigned rsa_with_var_num[] = { 1, 2, 840, 113549, 1, 1, 1 }; > /* Equivalent to asn1_oid_id_pkcs1_rsaEncryption*/ >@@ -809,10 +805,7 @@ static WERROR create_heimdal_rsa_key(TALLOC_CTX *ctx, hx509_context *hctx, > *rsa = NULL; > > gnutls_global_init(); >-#ifdef HAVE_GCRYPT_H >- DEBUG(3,("Enabling QUICK mode in gcrypt\n")); >- gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0); >-#endif >+ > ret = gnutls_x509_privkey_init(>ls_key); > if (ret != 0) { > gnutls_global_deinit(); >-- >2.3.2 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=10833">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 11135
:
10820
|
10832
|
10833
|
10865
|
10866
|
10867
|
10871