Hi Sergio, You're right and I hadn't noticed because everything worked fine. Here's an exercept from samba's config.log (I just refreshed the packages for 4.8.11): --------------------------------------------------------------------------------- Checking for gnutls >= 3.4.7 /usr/bin/pkg-config "gnutls >= 3.4.7" --cflags --libs gnutls Requested 'gnutls >= 3.4.7' but version of GnuTLS is 3.3.29 You may find new versions of GnuTLS at http://www.gnutls.org/ not found --------------------------------------------------------------------------------- Checking for gnutls >= 3.0.0s /usr/bin/pkg-config "gnutls >= 3.0.0" --cflags --libs gnutls -I/usr/include/p11-kit-1 -lgnutls yes --------------------------------------------------------------------------------- Is it possible that an AD/DC builds and works fine with gnutls-3.3.x? I admit I didn't pay attention to that issue when I confirmed some of spec files settings from https://samba.tranquil.it/centos7/samba-4.8.8-srcrpm. That spec file shows: BuildRequires: gnutls-devel >= 3.3.26 RHEL7 (and most likely centos7 too) currently includes this: # rpm -q gnutls gnutls-3.3.29-9.el7_6.x86_64 gnutls-3.3.29-9.el7_6.i686
On Mon, 8 Apr 2019 10:40:11 -0400 (EDT) "Vincent S. Cojot via samba" <samba at lists.samba.org> wrote:> Hi Sergio, > > You're right and I hadn't noticed because everything worked fine. > Here's an exercept from samba's config.log (I just refreshed the > packages for 4.8.11): > > --------------------------------------------------------------------------------- > Checking for gnutls >= 3.4.7 > /usr/bin/pkg-config "gnutls >= 3.4.7" --cflags --libs gnutls > Requested 'gnutls >= 3.4.7' but version of GnuTLS is 3.3.29 > You may find new versions of GnuTLS at http://www.gnutls.org/ > not found > > --------------------------------------------------------------------------------- > Checking for gnutls >= 3.0.0s > /usr/bin/pkg-config "gnutls >= 3.0.0" --cflags --libs gnutls > -I/usr/include/p11-kit-1 -lgnutls > yes > --------------------------------------------------------------------------------- > > Is it possible that an AD/DC builds and works fine with gnutls-3.3.x?From my understanding, yes, but only as long as you use Heimdal, it is MIT that requires 3.4.7. However using MIT is still classed as experimental. If you have the Samba source, go to 'lib/crypto' and read the 'REQUIREMENTS' file for more info. Rowland
On Mon, 2019-04-08 at 16:52 +0100, Rowland Penny via samba wrote:> On Mon, 8 Apr 2019 10:40:11 -0400 (EDT) > "Vincent S. Cojot via samba" <samba at lists.samba.org> wrote: > > > Hi Sergio, > > > > You're right and I hadn't noticed because everything worked fine. > > Here's an exercept from samba's config.log (I just refreshed the > > packages for 4.8.11): > > > > ----------------------------------------------------------------- > > ---------------- > > Checking for gnutls >= 3.4.7 > > /usr/bin/pkg-config "gnutls >= 3.4.7" --cflags --libs gnutls > > Requested 'gnutls >= 3.4.7' but version of GnuTLS is 3.3.29 > > You may find new versions of GnuTLS at http://www.gnutls.org/ > > not found > > > > ----------------------------------------------------------------- > > ---------------- > > Checking for gnutls >= 3.0.0s > > /usr/bin/pkg-config "gnutls >= 3.0.0" --cflags --libs gnutls > > -I/usr/include/p11-kit-1 -lgnutls > > yes > > ----------------------------------------------------------------- > > ---------------- > > > > Is it possible that an AD/DC builds and works fine with gnutls- > > 3.3.x? > > From my understanding, yes, but only as long as you use Heimdal, it > is > MIT that requires 3.4.7. However using MIT is still classed as > experimental.aah , it is all explained , my first build was with MIT kbr , which force me use gnutls 3.4.7 and also give me a lot of problems. Just after, I changed to Heimdal kbr , seems to me is a key to put Samba DC working well ... As el7 dependents a lot on gnutls 3.3, I decided do a package with version 3.4.7 [2] that runs like compat libraries, i.e. can be install along with version 3.3 and we just need export PKG_CONFIG_PATH [1] for build find ans use the new libraries . Thanks, [1] export PKG_CONFIG_PATH=%{_libdir}/compat- gnutls34/pkgconfig:%{_libdir}/compat-nettle32/pkgconfig [2] https://github.com/sergiomb2/SambaAD> If you have the Samba source, go to 'lib/crypto' and read the > 'REQUIREMENTS' file for more info. > > Rowland > >-- Sérgio M. B.