The Samba-Bugzilla – Attachment 10871 Details for
Bug 11135
700 testsuites are failing since backupkey changed to gnutls
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
4.2 patch cherry-picked from master
gnutls-build.4.2.patch (text/plain), 6.68 KB, created by
Andrew Bartlett
on 2015-03-13 00:20:38 UTC
(
hide
)
Description:
4.2 patch cherry-picked from master
Filename:
MIME Type:
Creator:
Andrew Bartlett
Created:
2015-03-13 00:20:38 UTC
Size:
6.68 KB
patch
obsolete
>From 86861a4a1e996a337b700e0267d838d6f791620a Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Thu, 12 Mar 2015 17:01:05 +1300 >Subject: [PATCH 1/3] lib/tls: Fix behaviour of --disable-gnutls and remove > link to gcrypt > >We no longer link against gcrypt if gnutls > 3.0.0 is found, as these >versions use libnettle. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11135 > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >(cherry picked from commit 61d962bdfdb9ca13e5f31e726ae84823c6f68fc6) >--- > source4/lib/tls/tlscert.c | 4 ++-- > source4/lib/tls/wscript | 22 +++++++++++++++++----- > source4/rpc_server/backupkey/dcesrv_backupkey.c | 4 ++-- > 3 files changed, 21 insertions(+), 9 deletions(-) > >diff --git a/source4/lib/tls/tlscert.c b/source4/lib/tls/tlscert.c >index 8a19e0a..b44d46b 100644 >--- a/source4/lib/tls/tlscert.c >+++ b/source4/lib/tls/tlscert.c >@@ -24,7 +24,7 @@ > #if ENABLE_GNUTLS > #include <gnutls/gnutls.h> > #include <gnutls/x509.h> >-#if HAVE_GCRYPT_H >+#if defined(HAVE_GCRYPT_H) && !defined(HAVE_GNUTLS3) > #include <gcrypt.h> > #endif > >@@ -69,7 +69,7 @@ void tls_cert_generate(TALLOC_CTX *mem_ctx, > DEBUG(0,("Attempting to autogenerate TLS self-signed keys for https for hostname '%s'\n", > hostname)); > >-#ifdef HAVE_GCRYPT_H >+#if defined(HAVE_GCRYPT_H) && !defined(HAVE_GNUTLS3) > DEBUG(3,("Enabling QUICK mode in gcrypt\n")); > gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0); > #endif >diff --git a/source4/lib/tls/wscript b/source4/lib/tls/wscript >index ae96395..cbba87d 100644 >--- a/source4/lib/tls/wscript >+++ b/source4/lib/tls/wscript >@@ -17,11 +17,18 @@ def configure(conf): > conf.SET_TARGET_TYPE('gnutls', 'DISABLED') > conf.SET_TARGET_TYPE('gcrypt', 'DISABLED') > conf.SET_TARGET_TYPE('gpg-error', 'DISABLED') >+ if 'AD_DC_BUILD_IS_ENABLED' in conf.env: >+ conf.fatal("--disable-gnutls given: Building the AD DC requires GnuTLS (eg libgnutls-dev, gnutls-devel) for ldaps:// support and for the BackupKey protocol") > return > >- conf.check_cfg(package='gnutls', >- args='"gnutls >= 1.4.0 gnutls != 2.2.4 gnutls != 2.8.0 gnutls != 2.8.1" --cflags --libs', >- msg='Checking for gnutls >= 1.4.0 and broken versions', mandatory=False) >+ if conf.check_cfg(package='gnutls', >+ args='"gnutls >= 3.0.0" --cflags --libs', >+ msg='Checking for gnutls >= 3.0.0s', mandatory=False): >+ conf.DEFINE('HAVE_GNUTLS3', 1) >+ else: >+ conf.check_cfg(package='gnutls', >+ args='"gnutls >= 1.4.0 gnutls != 2.2.4 gnutls != 2.8.0 gnutls != 2.8.1" --cflags --libs', >+ msg='Checking for gnutls >= 1.4.0 and broken versions', mandatory=False) > > if 'HAVE_GNUTLS' in conf.env: > conf.DEFINE('ENABLE_GNUTLS', 1) >@@ -45,8 +52,13 @@ def configure(conf): > conf.CHECK_TYPES('gnutls_datum gnutls_datum_t', > headers='gnutls/gnutls.h', lib='gnutls') > >- conf.CHECK_FUNCS_IN('gcry_control', 'gcrypt', headers='gcrypt.h') >- conf.CHECK_FUNCS_IN('gpg_err_code_from_errno', 'gpg-error') >+ # GnuTLS3 moved to libnettle, so only do this in the < 3.0 case >+ if not 'HAVE_GNUTLS3' in conf.env: >+ conf.CHECK_FUNCS_IN('gcry_control', 'gcrypt', headers='gcrypt.h') >+ conf.CHECK_FUNCS_IN('gpg_err_code_from_errno', 'gpg-error') >+ else: >+ conf.SET_TARGET_TYPE('gcrypt', 'DISABLED') >+ conf.SET_TARGET_TYPE('gpg-error', 'DISABLED') > > > def build(bld): >diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey.c b/source4/rpc_server/backupkey/dcesrv_backupkey.c >index bef4c93..5270360 100644 >--- a/source4/rpc_server/backupkey/dcesrv_backupkey.c >+++ b/source4/rpc_server/backupkey/dcesrv_backupkey.c >@@ -43,7 +43,7 @@ > #include "lib/crypto/arcfour.h" > #include <gnutls/gnutls.h> > #include <gnutls/x509.h> >-#if HAVE_GCRYPT_H >+#if defined(HAVE_GCRYPT_H) && !defined(HAVE_GNUTLS3) > #include <gcrypt.h> > #endif > >@@ -806,7 +806,7 @@ static WERROR create_heimdal_rsa_key(TALLOC_CTX *ctx, hx509_context *hctx, > *rsa = NULL; > > gnutls_global_init(); >-#ifdef HAVE_GCRYPT_H >+#if defined(HAVE_GCRYPT_H) && !defined(HAVE_GNUTLS3) > DEBUG(3,("Enabling QUICK mode in gcrypt\n")); > gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0); > #endif >-- >2.1.4 > > >From e9f73e2168372ad43930df85bd89dedbd1ec26cf Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Thu, 12 Mar 2015 17:05:50 +1300 >Subject: [PATCH 2/3] backupkey: Explicitly link to gnutls and gcrypt > >The gcrypt link will be disabled if gnutls is > 3.0.0 > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11135 > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >(cherry picked from commit 733435f8582adf7925ea0c93e2cdf411fb89624b) >--- > source4/rpc_server/wscript_build | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/source4/rpc_server/wscript_build b/source4/rpc_server/wscript_build >index 2866257..1a581b1 100755 >--- a/source4/rpc_server/wscript_build >+++ b/source4/rpc_server/wscript_build >@@ -116,7 +116,7 @@ bld.SAMBA_MODULE('dcerpc_backupkey', > autoproto='backupkey/proto.h', > subsystem='dcerpc_server', > init_function='dcerpc_server_backupkey_init', >- deps='samdb DCERPC_COMMON NDR_BACKUPKEY RPC_NDR_BACKUPKEY krb5 hx509 hcrypto' >+ deps='samdb DCERPC_COMMON NDR_BACKUPKEY RPC_NDR_BACKUPKEY krb5 hx509 hcrypto gnutls gcrypt' > ) > > >-- >2.1.4 > > >From b74e2c8fc3b86c3b94e4ad5be92488f178012878 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Thu, 12 Mar 2015 22:12:43 +0100 >Subject: [PATCH 3/3] replace: Remove superfluous check for gcrypt header. > >We only need to check for the header if we need gnutls with gcrypt >support. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=11135 > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> > >Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> >Autobuild-Date(master): Fri Mar 13 01:00:27 CET 2015 on sn-devel-104 > >(cherry picked from commit 07330d248bd3feb3c9748174dac407fca592638e) >--- > lib/replace/wscript | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/lib/replace/wscript b/lib/replace/wscript >index f8a0179..1949448 100644 >--- a/lib/replace/wscript >+++ b/lib/replace/wscript >@@ -53,7 +53,7 @@ def configure(conf): > conf.CHECK_HEADERS('sys/uio.h ifaddrs.h direct.h dirent.h') > conf.CHECK_HEADERS('windows.h winsock2.h ws2tcpip.h') > conf.CHECK_HEADERS('errno.h') >- conf.CHECK_HEADERS('gcrypt.h getopt.h iconv.h') >+ conf.CHECK_HEADERS('getopt.h iconv.h') > conf.CHECK_HEADERS('memory.h nss.h sasl/sasl.h') > > conf.CHECK_FUNCS_IN('inotify_init', 'inotify', checklibc=True, >-- >2.1.4 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
asn
:
review+
Actions:
View
Attachments on
bug 11135
:
10820
|
10832
|
10833
|
10865
|
10866
|
10867
| 10871