samba - Jun 2020 - How to compile gnutls to samba-4.12.3

Hello all;
 sorry almost the offtopic.

 I want to upgrade to samba-4.12.3.tar.gz on CentOS 7 and has problem installing
gnutls.
 As said in wiki, to install samba-4.12.3 you need to install a version equal to
or greater than 3.4.7 of gnutls. This (gnutls) depends on nettle and gmp. I am
trying to install gnutls-3.6.14; I already have gmp (gmp-6.2.0) and nettle
(nettle-3.6) installed (compiled from sources), but gnutls doesn't want to
install, it tells me "Libnettle 3.4.1 was not found" when I run the
./configure

Nettle is installed in /usr/local/include/nettle (all .h) and in
/usr/local/lib64/libnettle.s0.8.0

I created a symbolic link for /usr/lib64 from /usr/local/lib64/libnettle.s0.8.0
as libnettle.so and libnettle.so.8; I ran the gnutls ./configure again, but it
keeps saying it can't find libnettle 3.4.1

How can I install gnutls?
Has anyone got CentOS 7 and samba-4.12.3 installed and fixed this situation that
explaim me how to do that?
--
Rommel Rodriguez Toirac
rommelrt at nauta.cu
-- 
Rommel Rodriguez Toirac
rommelrt at nauta.cu

On Wed, 2020-06-17 at 22:03 -0400, Rommel Rodriguez Toirac via samba
wrote:
> Hello all;
>  sorry almost the offtopic.
> 
>  I want to upgrade to samba-4.12.3.tar.gz on CentOS 7 and has problem
> installing gnutls.
>  As said in wiki, to install samba-4.12.3 you need to install a
> version equal to or greater than 3.4.7 of gnutls. This (gnutls)
> depends on nettle and gmp. I am trying to install gnutls-3.6.14; I
> already have gmp (gmp-6.2.0) and nettle (nettle-3.6) installed
> (compiled from sources), but gnutls doesn't want to install, it tells
> me "Libnettle 3.4.1 was not found" when I run the ./configure
> 
> Nettle is installed in /usr/local/include/nettle (all .h) and in
> /usr/local/lib64/libnettle.s0.8.0
> 
> I created a symbolic link for /usr/lib64 from
> /usr/local/lib64/libnettle.s0.8.0 as libnettle.so and libnettle.so.8;
> I ran the gnutls ./configure again, but it keeps saying it can't find
> libnettle 3.4.1
> 
> How can I install gnutls?
> Has anyone got CentOS 7 and samba-4.12.3 installed and fixed this
> situation that explaim me how to do that?

I made compat-gnutls34 and compat-nettle32 packages , because half of
Centos 7 depends system gnutls and you can't just upgrade it .
After install compat-gnutls34 and compat-nettle32 before run
./configure you just need run export PKG_CONFIG_PATH=/usr/lib64/compat-
gnutls34/pkgconfig:/usr/lib64/compat-nettle32/pkgconfig

Just a note you just need gnutls-3.4.7 if you will use MIT Kerberos
integration if you use Heimdal Kerberos I think gnutls of Centos 7still enough
[3] .

[1]
https://github.com/sergiomb2/SambaAD
https://copr.fedorainfracloud.org/coprs/sergiomb/SambaAD/packages/

[2]
https://github.com/sergiomb2/SambaAD/blob/master/samba/samba.spec#L810


[3]
https://github.com/sergiomb2/SambaAD/blob/master/README.md
https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC#Experimental_Feature

> --
> Rommel Rodriguez Toirac
> rommelrt at nauta.cu
> -- 
> Rommel Rodriguez Toirac
> rommelrt at nauta.cu
-- 
S?rgio M. B.

On Thu, 2020-06-18 at 03:29 +0100, S?rgio Basto via samba
wrote:
> On Wed, 2020-06-17 at 22:03 -0400, Rommel Rodriguez Toirac via samba
> wrote:
> > Hello all;
> >  sorry almost the offtopic.
> > 
> >  I want to upgrade to samba-4.12.3.tar.gz on CentOS 7 and has
> > problem
> > installing gnutls.
> > 
> > How can I install gnutls?
> > Has anyone got CentOS 7 and samba-4.12.3 installed and fixed this
> > situation that explaim me how to do that?
> 
> 
> I made compat-gnutls34 and compat-nettle32 packages , because half of
> Centos 7 depends system gnutls and you can't just upgrade it .
> After install compat-gnutls34 and compat-nettle32 before run
> ./configure you just need run export
> PKG_CONFIG_PATH=/usr/lib64/compat-
> gnutls34/pkgconfig:/usr/lib64/compat-nettle32/pkgconfig
Thank you so much for doing this.  This work enabled us to rid Samba of
a significant amount of in-tree cryptography. 
> Just a note you just need gnutls-3.4.7 if you will use MIT Kerberos
> integration if you use Heimdal Kerberos I think gnutls of Centos
> 7still enough [3] . 
Thanks to the availability of this package, and of course the
incredible efforts of Andreas and others who did the work on the
transition, we now do require a modern GnuTLS (3.4.7) even with
Heimdal, the system one on RHEL7 is no longer enough. 

If we could get an even more modern version then we can consider
removing even more duplicate in-house cryptography. 

My only concern is that now a significant number of Samba installs will
rely on this work, so if there is a security issue in GnuTLS, depending
on how people install the packages (using copr, or via the copy of the
packages and repos at https://samba.tranquil.it/centos7/, or downloaded
and installed locally) it may take quite some effort to get the fixes
to everyone. 

What I would say to Samba users installing Samba 4.12: if at all
possible, please take this opportunity to upgrade to RHEL 8 / CentOS 8.

Andrew Bartlett

-- 
Andrew Bartlett                       https://samba.org/~abartlet/
Authentication Developer, Samba Team  https://samba.org
Samba Developer, Catalyst IT          
https://catalyst.net.nz/services/samba

El 17 de junio de 2020 22:29:33 GMT-04:00, "S?rgio Basto" <sergio
at serjux.com> escribi?:
>On Wed, 2020-06-17 at 22:03 -0400, Rommel Rodriguez Toirac via samba
>wrote:
>> Hello all;
>>  sorry almost the offtopic.
>> 
>>  I want to upgrade to samba-4.12.3.tar.gz on CentOS 7 and has problem
>> installing gnutls.
>>  As said in wiki, to install samba-4.12.3 you need to install a
>> version equal to or greater than 3.4.7 of gnutls. This (gnutls)
>> depends on nettle and gmp. I am trying to install gnutls-3.6.14; I
>> already have gmp (gmp-6.2.0) and nettle (nettle-3.6) installed
>> (compiled from sources), but gnutls doesn't want to install, it
tells
>> me "Libnettle 3.4.1 was not found" when I run the ./configure
>> 
>> Nettle is installed in /usr/local/include/nettle (all .h) and in
>> /usr/local/lib64/libnettle.s0.8.0
>> 
>> I created a symbolic link for /usr/lib64 from
>> /usr/local/lib64/libnettle.s0.8.0 as libnettle.so and libnettle.so.8;
>> I ran the gnutls ./configure again, but it keeps saying it can't
find
>> libnettle 3.4.1
>> 
>> How can I install gnutls?
>> Has anyone got CentOS 7 and samba-4.12.3 installed and fixed this
>> situation that explaim me how to do that?
>
>
>I made compat-gnutls34 and compat-nettle32 packages , because half of
>Centos 7 depends system gnutls and you can't just upgrade it .
>After install compat-gnutls34 and compat-nettle32 before run
>./configure you just need run export PKG_CONFIG_PATH=/usr/lib64/compat-
>gnutls34/pkgconfig:/usr/lib64/compat-nettle32/pkgconfig
>
>Just a note you just need gnutls-3.4.7 if you will use MIT Kerberos
>integration if you use Heimdal Kerberos I think gnutls of Centos 7still
>enough [3] . 
>
>[1]
>https://github.com/sergiomb2/SambaAD
>https://copr.fedorainfracloud.org/coprs/sergiomb/SambaAD/packages/
>
>[2]
>https://github.com/sergiomb2/SambaAD/blob/master/samba/samba.spec#L810
>
>
>[3]
>https://github.com/sergiomb2/SambaAD/blob/master/README.md
>https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC#Experimental_Feature
>
>
 Thank for write me back.

 So I have to search for compat-gnutls34 and compat-nettle3 package and install
both of then; next run:

export
PKG_CONFIG_PATH=/usr/lib64/compat-gnutls34/pkgconfig:/usr/lib64/compat-nettle32/pkgconfig

and finally run:

./configure && make && make install

from samba-4.12.3 extracted directory to install samba4

 That is it?
 

-- 
Rommel Rodriguez Toirac
rommelrt at nauta.cu