On Thu, 24 Oct 2019, Nico Kadel-Garcia wrote:> You do realize I've been publishing .spec files and build tools for > all of this for a while now, with hooks to build for CentOS 7, 8, and > Fedora 30 with full AD features enabled for a few years now? My source > repo is over at https://github.com/nkadel/samba4repo .Yes, I am aware of your efforts. Your project is much more elaborate/extensive in scope than mine: I barely seek to provide samba AD/DC rpms for people to use on RHEL/Centos. Now that RHEL7 has python3 in extras, I guess it would be easier to join forces. Right now, I'm focused on adapting the "upstream" Fedora spec file to RHEL to minimize changes for it to work properly. I'm in touch with Gunther (one of the maintainers) to try> I'm curious if you left the "--with-experimental-mit-ad-dc" features > enabled, because I turned those off as "not yet ready for prime time".In what SPEC file did you see that? It's not in any of my SPEC files.. Regards, Vincent
On Thu, Oct 24, 2019 at 9:38 PM <vincent at cojot.name> wrote:> > > On Thu, 24 Oct 2019, Nico Kadel-Garcia wrote: > > > You do realize I've been publishing .spec files and build tools for > > all of this for a while now, with hooks to build for CentOS 7, 8, and > > Fedora 30 with full AD features enabled for a few years now? My source > > repo is over at https://github.com/nkadel/samba4repo . > > Yes, I am aware of your efforts. Your project is much more > elaborate/extensive in scope than mine: I barely seek to provide samba > AD/DC rpms for people to use on RHEL/Centos. > > Now that RHEL7 has python3 in extras, I guess it would > be easier to join forces. Right now, I'm focused on adapting the > "upstream" Fedora spec file to RHEL to minimize changes for it to work > properly. I'm in touch with Gunther (one of the maintainers) to try > > > I'm curious if you left the "--with-experimental-mit-ad-dc" features > > enabled, because I turned those off as "not yet ready for prime time". > > In what SPEC file did you see that? It's not in any of my SPEC files.. > > Regards, > > VincentIt's a "configure" option in at least the 4.11 releases, and it's in the Fedora rawhide .spec file to enable the domain congroller features without compiling the Heimdal Kerberos.
On Thu, 2019-10-24 at 21:38 -0400, Vincent S. Cojot via samba wrote:> On Thu, 24 Oct 2019, Nico Kadel-Garcia wrote: > > > You do realize I've been publishing .spec files and build tools for > > all of this for a while now, with hooks to build for CentOS 7, 8, > > and > > Fedora 30 with full AD features enabled for a few years now? My > > source > > repo is over at https://github.com/nkadel/samba4repo . > > Yes, I am aware of your efforts. Your project is much more > elaborate/extensive in scope than mine: I barely seek to provide > samba > AD/DC rpms for people to use on RHEL/Centos. > > Now that RHEL7 has python3 in extras, I guess it would > be easier to join forces. Right now, I'm focused on adapting the > "upstream" Fedora spec file to RHEL to minimize changes for it to > work > properly. I'm in touch with Gunther (one of the maintainers) to try > > > I'm curious if you left the "--with-experimental-mit-ad-dc" > > features > > enabled, because I turned those off as "not yet ready for prime > > time". > > In what SPEC file did you see that? It's not in any of my SPEC > files..I think we are talking about disabling MIT Kerberos integration and enabling optional Heimdal Kerberos with Domain Controller functionality Hello, count with me, "my" project [1] , I have sync my spec from Nico repo, I think the biggest difference is I'm using all internal libraries ... BTW @Nico do you accept pull request ? , I have lots of simplifications on samba.spc ( you may see my latest commits) Thanks, [1] https://github.com/sergiomb2/sambaad The first patch is for disabling MIT Kerberos integration and enabling optional Heimdal Kerberos with Domain Controller functionality in the Redhat/Fedora package i.e. with MIT Kerberos we not have a fully functional PDC.> Regards, > > Vincent >-- S?rgio M. B.
On Thu, Oct 24, 2019 at 10:52 PM S?rgio Basto <sergio at serjux.com> wrote:> > On Thu, 2019-10-24 at 21:38 -0400, Vincent S. Cojot via samba wrote: > > On Thu, 24 Oct 2019, Nico Kadel-Garcia wrote: > > > > > You do realize I've been publishing .spec files and build tools for > > > all of this for a while now, with hooks to build for CentOS 7, 8, > > > and > > > Fedora 30 with full AD features enabled for a few years now? My > > > source > > > repo is over at https://github.com/nkadel/samba4repo . > > > > Yes, I am aware of your efforts. Your project is much more > > elaborate/extensive in scope than mine: I barely seek to provide > > samba > > AD/DC rpms for people to use on RHEL/Centos. > > > > Now that RHEL7 has python3 in extras, I guess it would > > be easier to join forces. Right now, I'm focused on adapting the > > "upstream" Fedora spec file to RHEL to minimize changes for it to > > work > > properly. I'm in touch with Gunther (one of the maintainers) to tryEPEL has had python 3.6 built in for a while. If we use "%python3_package" options judiciously, we can use the EPEL python tools, and now that it's built into RHEL 7 and CentOS 7 we can use use pretty painfully. It's why I've been switching "python3-" tp "pyton%{python3_package}" options.> > > I'm curious if you left the "--with-experimental-mit-ad-dc" > > > features > > > enabled, because I turned those off as "not yet ready for prime > > > time". > > > > In what SPEC file did you see that? It's not in any of my SPEC > > files.. > > I think we are talking about disabling MIT Kerberos integration and > enabling optional Heimdal Kerberos with Domain Controller functionalityYeah, it's available in the latest configure options, and it's used in the current Fedora rawhide.> Hello, count with me, "my" project [1] , I have sync my spec from Nico > repo, I think the biggest difference is I'm using all internal > libraries ...> BTW @Nico do you accept pull request ? , I have lots of simplifications > on samba.spc ( you may see my latest commits)Certainly! It's a good reason to use github. A pull request would take making a fork of whatever one of my submodules needs the patch. I'd also review a submitted patch.> Thanks, > > [1] > https://github.com/sergiomb2/sambaad > The first patch is for disabling MIT Kerberos integration and enabling > optional Heimdal Kerberos with Domain Controller functionality in the > Redhat/Fedora package i.e. with MIT Kerberos we not have a fully > functional PDC.I think I already did this to enable the full domain controller with Heimdal Kerberos? Th is is how it used to enable domain controllers for CentOS 7.> > > Regards, > > > > Vincent > > > -- > S?rgio M. B. >
On Fri, 25 Oct 2019, S?rgio Basto wrote:> Hello, count with me, "my" project [1] , I have sync my spec from Nico > repo, I think the biggest difference is I'm using all internal > libraries ...Hi Sergio and Nico, I revisited nico's SPEC main samba 4.11 SPEC file last night to see if I had missed much and found huge similarities (we must have have forked Fedora's spec file at some point in the past - Mine was also mostly inspired by TranquilIT's SPEC file). The main difference is that the Nico rpms don't use the RHEL system libraries (gnutls, nettle..) e.g: Our SPEC file: %if 0%{?rhel} == 7 BuildRequires: gnutls-devel >= 3.3.26 %else BuildRequires: gnutls-devel >= 3.4.7 %endif Nico's file: %if 0%{?rhel} && 0%{?rhel} < 8 BuildRequires: compat-gnutls34-devel >= 3.4.7 BuildRequires: compat-nettle32-devel %else BuildRequires: gnutls-devel >= 3.4.7 %endif # rhel < 8 This was something we discussed on the list some time ago and it was deemed that the lower gnutls requirement was fine on RHEL7/Centos7 due to the backports included therein. We've made different choices and until samba's code requires a higher version I see no reason to push a newer gnutls requirement onto the users. I do like Nico's idea of using git sub-modules, his repo is much cleaner than what I've been using but I'm mostly focused on providing rpms for people to consume without having to rebuild them. We should definitely join forces and see what we can learn from one another. Kind regards, Vincent