On Sat, 2019-04-13 at 07:43 -0400, Nico Kadel-Garcia via samba wrote:> On Fri, Apr 12, 2019 at 7:20 AM Andreas Habel via samba > <samba at lists.samba.org> wrote: > > > > Hi, > > > > I managed to compile 4.10.0 under CentOS 7.6. I did the following: > > I'll put muney down that you did not get it working as a full domain > controller. The"--with-dc" option activates a gnutls >= 3.4.7 > requirement.At least for samba 4.8.x, you only need gnutls >= 3.4.7 if you use MIT kbr, old kbr don't need it . Anyway I did one gnutls-3.4.7 package (compat-gnutls34) for Centos 7 [1] [1] https://github.com/sergiomb2/SambaAD> > - update the yum package repository cache: sudo yum makecache > > - install yum-utils: sudo yum install yum-utils > > - add the IUS package repository: sudo yum install > > https://centos7.iuscommunity.org/ius-release.rpm > > - update the yum package repository cache again: sudo yum makecache > > - install Python 3.6 including PIP: sudo yum install -y python36u > > python36u-libs python36u-devel python36u-pip > > - check version: python3.6 -V > > Python 3.6.7 > > - Install dnspython (seems to be necessary): pip3.6 install > > dnspython > > "pip install" is not OK in any production tools. in my very strong > personal opinion. It's why I publish SRPM's for many distinct python > modules. You simply do not know which version of a module, or which > version of a module dependency, you will wind up with depending on > what has updated on pypi.org and what you already have installed. It > is an unpredictable crapshoot. I just ran into this in force when > someone casually ran "pip instlal awscli", which was already present, > and the umask was set to 077 and broke other new dependencies for > non-root users. > > pip, like CPAN, ant, maven, gradle, and rubygems, is prone to > bringing > in new and incompatible components at unpredictable times. It > shouldn't be used for production setups without great caution. That > said, I've been publishing updates to the old "py2pack" tool, used to > build SRPM's and RPM's from Python modules. The toolchain for that is > at https://github.com/nkadel/py2packrepo . > > RHEL 7 has the Python2 version of dnspython. Just for you, I just put > up https://github.com/nkadel/python-dnspython-srpm, which has hooks > to > build the python3 RPM. > > > Follow the instructions given in the wiki: > > https://wiki.samba.org/index.php/Build_Samba_from_Source > > > > Prior to running the configure command, you have to define the > > PYHTON env. variable: export PYTHON=/usr/bin/python3.6 > > I believe you meant "PYTHON", not "PYHTON ", right? > > The RPM macro "python_provide" does not work for python3 components > on > RHEL 7 or CentOS 7. That doesn't break compilation per-so, but it > does > screw up packaging the python3 modules on RHEL 7 for That makes it > very awkward to repackage and bundle for Samba the "libtdb", > "libtalloc", "libtdb", and :"libtevent" libraries used by both Samba > and other critical systems on RHEL such as gnome-shell and nfs-utils. > I'm really leery of building and publishing those outside of the > standard RHEL layout. > > Nico Kadel-Garcia >-- Sérgio M. B.
On Sat, Apr 13, 2019 at 11:43 PM Sérgio Basto <sergio at serjux.com> wrote:> > On Sat, 2019-04-13 at 07:43 -0400, Nico Kadel-Garcia via samba wrote: > > On Fri, Apr 12, 2019 at 7:20 AM Andreas Habel via samba > > <samba at lists.samba.org> wrote: > > > > > > Hi, > > > > > > I managed to compile 4.10.0 under CentOS 7.6. I did the following: > > > > I'll put money down that you did not get it working as a full domain > > controller. The"--with-dc" option activates a gnutls >= 3.4.7 > > requirement. > > At least for samba 4.8.x, you only need gnutls >= 3.4.7 if you use MIT > kbr, old kbr don't need it .> Anyway I did one gnutls-3.4.7 package (compat-gnutls34) for Centos 7 > [1]> [1] > https://github.com/sergiomb2/SambaADInteresting. I'd not tried to bundle an upgraded compatibility gnutls. I think I understand how you did that, but I'm unclear on why you selected the "hobbled" tarballs and where you got the "nettle-3.2-hobbled.tar.xz" tarball to work with. Nico Kadel-Garcia
Hi Sergio & List, On Sun, 14 Apr 2019, Sérgio Basto via samba wrote:> On Sat, 2019-04-13 at 07:43 -0400, Nico Kadel-Garcia via samba wrote: >> On Fri, Apr 12, 2019 at 7:20 AM Andreas Habel via samba >> <samba at lists.samba.org> wrote: >>> >>> Hi, >>> >>> I managed to compile 4.10.0 under CentOS 7.6. I did the following: >> >> I'll put muney down that you did not get it working as a full domain >> controller. The"--with-dc" option activates a gnutls >= 3.4.7 >> requirement. > > At least for samba 4.8.x, you only need gnutls >= 3.4.7 if you use MIT > kbr, old kbr don't need it .Seems the same holds true for samba-4.9.x (and maybe for 4.10.x as well). It compiled on RHEL7.6 with gnutls-3.3.29 with a SPEC file partially based on TranquilIT's & Fedora + a few changes (mostly around python2 vs python3 stuff) [root at dc02 ~]# rpm -q gnutls gnutls-3.3.29-9.el7_6.x86_64 gnutls-3.3.29-9.el7_6.i686 [root at dc02 ~]# python -V Python 2.7.5 # 4.9.6: [root at dc02 ~]# /usr/src/redhat/BUILD/samba-4.9.6/bin/smbd -b|grep -i dc AD_DC_BUILD_IS_ENABLED STDC_HEADERS # 4.10.2: [root at dc02 ~]# /usr/src/redhat/BUILD/samba-4.10.2/bin/smbd -b|grep -i dc AD_DC_BUILD_IS_ENABLED STDC_HEADERS Also, please note my DCs are running SELinux in permissive mode, not in disabled mode and I have not had an issue with that. We could get together and discuss this as we seems to all have different answers regarding the supportability of samba 4.10 on rhel7 clones. I am not experiencing the issues you are observing (and neither is TranquilIT, who seems to be supporting very similar builds on rhel7). I would doubt that the differences between rhel7 and centos7 are sufficient to cause this behaviour but I am willing to investigate (a little). Kind regards, Vincent
On Sun, 2019-04-14 at 10:38 -0400, Nico Kadel-Garcia via samba wrote:> On Sat, Apr 13, 2019 at 11:43 PM Sérgio Basto <sergio at serjux.com> > wrote: > > > > On Sat, 2019-04-13 at 07:43 -0400, Nico Kadel-Garcia via samba > > wrote: > > > On Fri, Apr 12, 2019 at 7:20 AM Andreas Habel via samba > > > <samba at lists.samba.org> wrote: > > > > > > > > Hi, > > > > > > > > I managed to compile 4.10.0 under CentOS 7.6. I did the > > > > following: > > > > > > I'll put money down that you did not get it working as a full > > > domain > > > controller. The"--with-dc" option activates a gnutls >= 3.4.7 > > > requirement. > > > > At least for samba 4.8.x, you only need gnutls >= 3.4.7 if you use > > MIT > > kbr, old kbr don't need it . > > Anyway I did one gnutls-3.4.7 package (compat-gnutls34) for Centos > > 7 > > [1] > > [1] > > https://github.com/sergiomb2/SambaAD > > Interesting. I'd not tried to bundle an upgraded compatibility > gnutls. > I think I understand how you did that, but I'm unclear on why you > selected the "hobbled" tarballs and where you got the > "nettle-3.2-hobbled.tar.xz" tarball to work with.Hi, I just copied it from Fedora [1] and [2] , it a long story [3], some ECC algorithms have patent issues , so they are discarded on Fedora (and so do I). [1] https://src.fedoraproject.org/rpms/nettle/tree/master [2] https://src.fedoraproject.org/rpms/gnutls/tree/master [3] https://www.google.com/search?q=fedora+ecc> Nico Kadel-Garcia >-- Sérgio M. B.