1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-20 14:03:59 +03:00

Compare commits

..

5 Commits

Author SHA1 Message Date
Andreas Schneider
a882e86104 gitlab-ci: Fix building debian 32bit images
Trying to pull registry-1.docker.io/i386/debian:12...
Error: creating build container: choosing an image from manifest list
docker://registry-1.docker.io/i386/debian:12: no image found in image index for
architecture "amd64", variant "", OS "linux"

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Nov 27 16:32:07 UTC 2024 on atb-devel-224
2024-11-27 16:32:07 +00:00
Andreas Schneider
475896028b gitlab-ci: Move to Fedora 41
Python 3.13 removed the `crypt` module. I can work around it on Fedora 41, but
we need to address this better sooner than later.

See also https://bugzilla.samba.org/show_bug.cgi?id=15756

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-27 15:33:35 +00:00
Andreas Schneider
be5531aaec selftest: Allow to use SHA1 with OpenSSL for selftest
This is needed for samba.tests.krb5.pkinit_tests with sha1.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-27 15:33:35 +00:00
Andreas Schneider
6c619c77c9 python: Fix length of Common Name x509 attribute
File "bin/python/samba/tests/krb5/pkinit_tests.py", line 1496, in
create_certificate
  x509.NameAttribute(NameOID.COMMON_NAME,
  ~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^
                     f'{cert_name}/emailAddress={cert_name}'),
                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib64/python3.13/site-packages/cryptography/x509/name.py",
line 152, in __init__
  raise ValueError(msg)
ValueError: Attribute's length must be >= 1 and <= 64, but it was 84

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-27 15:33:35 +00:00
Volker Lendecke
3294fb0667 autobuild: Run the samba-minimal-smbd build jobs with -j 2
samba-minimal-smbd is now always the slowest job by many
minutes. There's no timeouts to be expected, so run them with nice -n
19.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Nov 26 12:38:17 UTC 2024 on atb-devel-224
2024-11-26 12:38:17 +00:00
13 changed files with 43 additions and 29 deletions

View File

@ -47,7 +47,7 @@ variables:
# Set this to the contents of bootstrap/sha1sum.txt # Set this to the contents of bootstrap/sha1sum.txt
# which is generated by bootstrap/template.py --render # which is generated by bootstrap/template.py --render
# #
SAMBA_CI_CONTAINER_TAG: 936722ecb26bedf6ea0acd9228963ce45ed419d4 SAMBA_CI_CONTAINER_TAG: d101907857587b6421907c45676497c336d45ea7
# #
# We use the ubuntu2204 image as default as # We use the ubuntu2204 image as default as
# it matches what we have on atb-devel-224 # it matches what we have on atb-devel-224
@ -66,7 +66,7 @@ variables:
SAMBA_CI_CONTAINER_IMAGE_opensuse155: opensuse155 SAMBA_CI_CONTAINER_IMAGE_opensuse155: opensuse155
SAMBA_CI_CONTAINER_IMAGE_rocky8: rocky8 SAMBA_CI_CONTAINER_IMAGE_rocky8: rocky8
SAMBA_CI_CONTAINER_IMAGE_centos9s: centos9s SAMBA_CI_CONTAINER_IMAGE_centos9s: centos9s
SAMBA_CI_CONTAINER_IMAGE_fedora40: fedora40 SAMBA_CI_CONTAINER_IMAGE_fedora41: fedora41
include: include:
# The image creation details are specified in a separate file # The image creation details are specified in a separate file
@ -267,13 +267,13 @@ samba-def-build:
samba-mit-build: samba-mit-build:
extends: .shared_template_build_only extends: .shared_template_build_only
variables: variables:
SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_fedora40} SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_fedora41}
stage: build_first stage: build_first
.needs_samba-mit-build: .needs_samba-mit-build:
extends: .shared_template_test_only extends: .shared_template_test_only
variables: variables:
SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_fedora40} SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_fedora41}
needs: needs:
- job: samba-mit-build - job: samba-mit-build
artifacts: true artifacts: true
@ -321,7 +321,7 @@ samba:
samba-mitkrb5: samba-mitkrb5:
extends: .shared_template extends: .shared_template
variables: variables:
SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_fedora40} SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_fedora41}
samba-minimal-smbd: samba-minimal-smbd:
extends: .shared_template extends: .shared_template
@ -391,7 +391,7 @@ samba-addc-mit-4b:
samba-fips: samba-fips:
extends: .shared_template extends: .shared_template
variables: variables:
SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_fedora40} SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_fedora41}
samba-codecheck: samba-codecheck:
extends: .shared_template extends: .shared_template
@ -672,10 +672,10 @@ centos9s-samba-o3:
variables: variables:
SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_centos9s} SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_centos9s}
fedora40-samba-o3: fedora41-samba-o3:
extends: .samba-o3-template extends: .samba-o3-template
variables: variables:
SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_fedora40} SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_fedora41}
# #
# Keep the samba-o3 sections at the end ... # Keep the samba-o3 sections at the end ...

View File

@ -10,6 +10,7 @@
variables: variables:
SAMBA_CI_IS_BROKEN_IMAGE: "no" SAMBA_CI_IS_BROKEN_IMAGE: "no"
SAMBA_CI_TEST_JOB: "samba-o3" SAMBA_CI_TEST_JOB: "samba-o3"
SAMBA_CI_PLATFORM: "linux/amd64"
before_script: before_script:
# install prerequisites # install prerequisites
- dnf install -qy diffutils - dnf install -qy diffutils
@ -27,7 +28,7 @@
script: | script: |
set -xueo pipefail set -xueo pipefail
ci_image_name=samba-ci-${CI_JOB_NAME} ci_image_name=samba-ci-${CI_JOB_NAME}
podman build -t ${ci_image_name} --build-arg SHA1SUM=${SAMBA_CI_CONTAINER_TAG} bootstrap/generated-dists/${CI_JOB_NAME} podman build --platform ${SAMBA_CI_PLATFORM} --tag ${ci_image_name} --build-arg SHA1SUM=${SAMBA_CI_CONTAINER_TAG} bootstrap/generated-dists/${CI_JOB_NAME}
ci_image_path="${SAMBA_CI_CONTAINER_REGISTRY}/${ci_image_name}" ci_image_path="${SAMBA_CI_CONTAINER_REGISTRY}/${ci_image_name}"
timestamp=$(date +%Y%m%d%H%M%S) timestamp=$(date +%Y%m%d%H%M%S)
container_hash=$(podman image inspect --format='{{ .Id }}' ${ci_image_name} | cut -c 1-9) container_hash=$(podman image inspect --format='{{ .Id }}' ${ci_image_name} | cut -c 1-9)
@ -98,13 +99,14 @@ debian11:
debian12: debian12:
extends: .build_image_template extends: .build_image_template
fedora40: fedora41:
extends: .build_image_template extends: .build_image_template
debian11-32bit: debian11-32bit:
extends: .build_image_template extends: .build_image_template
variables: variables:
SAMBA_CI_TEST_JOB: "samba-32bit" SAMBA_CI_TEST_JOB: "samba-32bit"
SAMBA_CI_PLATFORM: "linux/i386"
rocky8: rocky8:
extends: .build_image_template extends: .build_image_template

View File

@ -159,6 +159,10 @@ PKGS = [
('', 'python3-libsemanage'), ('', 'python3-libsemanage'),
('', 'python3-policycoreutils'), ('', 'python3-policycoreutils'),
# A copy of the `crypt` module that was removed in Python 3.13
# See also https://bugzilla.samba.org/show_bug.cgi?id=15756
('', 'python3-crypt-r'),
# perl # perl
('libparse-yapp-perl', 'perl-Parse-Yapp'), ('libparse-yapp-perl', 'perl-Parse-Yapp'),
('perl-modules', ''), ('perl-modules', ''),
@ -457,7 +461,7 @@ DEB_DISTS = {
} }
}, },
'debian11-32bit': { 'debian11-32bit': {
'docker_image': 'registry-1.docker.io/i386/debian:11', 'docker_image': 'debian:11', # specify the platform in .gitlab-ci.yaml
'vagrant_box': 'debian/bullseye32', 'vagrant_box': 'debian/bullseye32',
'replace': { 'replace': {
'language-pack-en': '', # included in locales 'language-pack-en': '', # included in locales
@ -534,6 +538,7 @@ RPM_DISTS = {
'ShellCheck': '', 'ShellCheck': '',
'shfmt': '', 'shfmt': '',
'codespell': '', 'codespell': '',
'python3-crypt-r': '',
} }
}, },
'centos9s': { 'centos9s': {
@ -553,11 +558,12 @@ RPM_DISTS = {
'codespell': '', 'codespell': '',
'libcephfs-devel': '', # not available anymore 'libcephfs-devel': '', # not available anymore
'curl': '', # Use installed curl-minimal 'curl': '', # Use installed curl-minimal
'python3-crypt-r': '',
} }
}, },
'fedora40': { 'fedora41': {
'docker_image': 'quay.io/fedora/fedora:40', 'docker_image': 'quay.io/fedora/fedora:41',
'vagrant_box': 'fedora/40-cloud-base', 'vagrant_box': 'fedora/41-cloud-base',
'bootstrap': DNF_BOOTSTRAP, 'bootstrap': DNF_BOOTSTRAP,
'replace': { 'replace': {
'lsb-release': 'redhat-lsb', 'lsb-release': 'redhat-lsb',
@ -581,6 +587,7 @@ RPM_DISTS = {
'keyutils-libs-devel': 'keyutils-devel', 'keyutils-libs-devel': 'keyutils-devel',
'krb5-workstation': 'krb5-client', 'krb5-workstation': 'krb5-client',
'python3-libsemanage': 'python3-semanage', 'python3-libsemanage': 'python3-semanage',
'python3-crypt-r': '',
'openldap-devel': 'openldap2-devel', 'openldap-devel': 'openldap2-devel',
'perl-Archive-Tar': 'perl-Archive-Tar-Wrapper', 'perl-Archive-Tar': 'perl-Archive-Tar-Wrapper',
'perl-JSON-Parse': 'perl-JSON-XS', 'perl-JSON-Parse': 'perl-JSON-XS',

View File

@ -45,11 +45,11 @@ Vagrant.configure("2") do |config|
v.vm.provision :shell, path: "debian12-32bit/locale.sh" v.vm.provision :shell, path: "debian12-32bit/locale.sh"
end end
config.vm.define "fedora40" do |v| config.vm.define "fedora41" do |v|
v.vm.box = "fedora/40-cloud-base" v.vm.box = "fedora/41-cloud-base"
v.vm.hostname = "fedora40" v.vm.hostname = "fedora41"
v.vm.provision :shell, path: "fedora40/bootstrap.sh" v.vm.provision :shell, path: "fedora41/bootstrap.sh"
v.vm.provision :shell, path: "fedora40/locale.sh" v.vm.provision :shell, path: "fedora41/locale.sh"
end end
config.vm.define "opensuse155" do |v| config.vm.define "opensuse155" do |v|

View File

@ -3,7 +3,7 @@
# See also bootstrap/config.py # See also bootstrap/config.py
# #
FROM registry-1.docker.io/i386/debian:11 FROM debian:11
# pass in with --build-arg while build # pass in with --build-arg while build
ARG SHA1SUM ARG SHA1SUM

View File

@ -3,7 +3,7 @@
# See also bootstrap/config.py # See also bootstrap/config.py
# #
FROM quay.io/fedora/fedora:40 FROM quay.io/fedora/fedora:41
# pass in with --build-arg while build # pass in with --build-arg while build
ARG SHA1SUM ARG SHA1SUM

View File

@ -92,6 +92,7 @@ dnf install -y \
procps-ng \ procps-ng \
psmisc \ psmisc \
python3 \ python3 \
python3-crypt-r \
python3-cryptography \ python3-cryptography \
python3-dateutil \ python3-dateutil \
python3-devel \ python3-devel \

View File

@ -81,6 +81,7 @@ packages:
- procps-ng - procps-ng
- psmisc - psmisc
- python3 - python3
- python3-crypt-r
- python3-cryptography - python3-cryptography
- python3-dateutil - python3-dateutil
- python3-devel - python3-devel

View File

@ -1 +1 @@
936722ecb26bedf6ea0acd9228963ce45ed419d4 d101907857587b6421907c45676497c336d45ea7

View File

@ -1493,8 +1493,7 @@ class PkInitTests(KDCBaseTest):
x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, 'SambaState'), x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, 'SambaState'),
x509.NameAttribute(NameOID.ORGANIZATION_NAME, 'SambaSelfTesting'), x509.NameAttribute(NameOID.ORGANIZATION_NAME, 'SambaSelfTesting'),
x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, 'Users'), x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, 'Users'),
x509.NameAttribute(NameOID.COMMON_NAME, x509.NameAttribute(NameOID.COMMON_NAME, f'{cert_name}'),
f'{cert_name}/emailAddress={cert_name}'),
])) ]))
# The new certificate must be issued by the root CA. # The new certificate must be issued by the root CA.

View File

@ -1059,7 +1059,7 @@ tasks = {
# build with all modules static # build with all modules static
("allstatic-configure", "./configure.developer " + samba_configure_params + " --with-static-modules=ALL"), ("allstatic-configure", "./configure.developer " + samba_configure_params + " --with-static-modules=ALL"),
("allstatic-make", "make -j"), ("allstatic-make", "nice -n 19 make -j 2"),
("allstatic-test", make_test(TESTS="samba3.smb2.create.*nt4_dc")), ("allstatic-test", make_test(TESTS="samba3.smb2.create.*nt4_dc")),
("allstatic-lcov", LCOV_CMD), ("allstatic-lcov", LCOV_CMD),
("allstatic-def-check-clean-tree", CLEAN_SOURCE_TREE_CMD), ("allstatic-def-check-clean-tree", CLEAN_SOURCE_TREE_CMD),
@ -1068,7 +1068,7 @@ tasks = {
# force all libraries as private # force all libraries as private
("allprivate-def-distclean", "make distclean"), ("allprivate-def-distclean", "make distclean"),
("allprivate-def-configure", "./configure.developer " + samba_configure_params + " --private-libraries=ALL"), ("allprivate-def-configure", "./configure.developer " + samba_configure_params + " --private-libraries=ALL"),
("allprivate-def-make", "make -j"), ("allprivate-def-make", "nice -n 19 make -j 2"),
# note wrapper libraries need to be public # note wrapper libraries need to be public
("allprivate-def-no-public", "ls ./bin/shared | egrep -v '^private$|lib[nprsu][saeoi][smscd].*-wrapper.so$|pam_set_items.so|pam_matrix.so' | wc -l | grep -q '^0'"), ("allprivate-def-no-public", "ls ./bin/shared | egrep -v '^private$|lib[nprsu][saeoi][smscd].*-wrapper.so$|pam_set_items.so|pam_matrix.so' | wc -l | grep -q '^0'"),
("allprivate-def-only-private-ext", "ls ./bin/shared/private | egrep 'private-samba' | wc -l | grep -q '^0' && exit 1; exit 0"), ("allprivate-def-only-private-ext", "ls ./bin/shared/private | egrep 'private-samba' | wc -l | grep -q '^0' && exit 1; exit 0"),
@ -1082,7 +1082,7 @@ tasks = {
# extension and 2 exceptions # extension and 2 exceptions
("allprivate-ext-distclean", "make distclean"), ("allprivate-ext-distclean", "make distclean"),
("allprivate-ext-configure", "./configure.developer " + samba_configure_params + " --private-libraries=ALL --private-library-extension=private-library --private-extension-exception=pac,ndr"), ("allprivate-ext-configure", "./configure.developer " + samba_configure_params + " --private-libraries=ALL --private-library-extension=private-library --private-extension-exception=pac,ndr"),
("allprivate-ext-make", "make -j"), ("allprivate-ext-make", "nice -n 19 make -j 2"),
# note wrapper libraries need to be public # note wrapper libraries need to be public
("allprivate-ext-no-public", "ls ./bin/shared | egrep -v '^private$|lib[nprsu][saeoi][smscd].*-wrapper.so$|pam_set_items.so|pam_matrix.so' | wc -l | grep -q '^0'"), ("allprivate-ext-no-public", "ls ./bin/shared | egrep -v '^private$|lib[nprsu][saeoi][smscd].*-wrapper.so$|pam_set_items.so|pam_matrix.so' | wc -l | grep -q '^0'"),
("allprivate-ext-no-private-default-ext", "ls ./bin/shared/private | grep 'private-samba' | wc -l | grep -q '^0'"), ("allprivate-ext-no-private-default-ext", "ls ./bin/shared/private | grep 'private-samba' | wc -l | grep -q '^0'"),
@ -1097,7 +1097,7 @@ tasks = {
# retry with nonshared smbd and smbtorture # retry with nonshared smbd and smbtorture
("nonshared-distclean", "make distclean"), ("nonshared-distclean", "make distclean"),
("nonshared-configure", "./configure.developer " + samba_configure_params + " --bundled-libraries=ALL --with-static-modules=ALL --nonshared-binary=smbtorture,smbd/smbd"), ("nonshared-configure", "./configure.developer " + samba_configure_params + " --bundled-libraries=ALL --with-static-modules=ALL --nonshared-binary=smbtorture,smbd/smbd"),
("nonshared-make", "make -j"), ("nonshared-make", "nice -n 19 make -j 2"),
("nonshared-test", make_test(TESTS="samba3.smb2.create.*nt4_dc")), ("nonshared-test", make_test(TESTS="samba3.smb2.create.*nt4_dc")),
("nonshared-lcov", LCOV_CMD), ("nonshared-lcov", LCOV_CMD),
("nonshared-check-clean-tree", CLEAN_SOURCE_TREE_CMD), ("nonshared-check-clean-tree", CLEAN_SOURCE_TREE_CMD),
@ -1106,7 +1106,7 @@ tasks = {
# retry without winbindd # retry without winbindd
("nonwinbind-distclean", "make distclean"), ("nonwinbind-distclean", "make distclean"),
("nonwinbind-configure", "./configure.developer " + samba_configure_params + " --bundled-libraries=ALL --with-static-modules=ALL --without-winbind"), ("nonwinbind-configure", "./configure.developer " + samba_configure_params + " --bundled-libraries=ALL --with-static-modules=ALL --without-winbind"),
("nonwinbind-make", "make -j"), ("nonwinbind-make", "nice -n 19 make -j 2"),
("nonwinbind-test", make_test(TESTS="samba3.smb2.*.simpleserver")), ("nonwinbind-test", make_test(TESTS="samba3.smb2.*.simpleserver")),
("nonwinbind-lcov", LCOV_CMD), ("nonwinbind-lcov", LCOV_CMD),
("nonwinbind-check-clean-tree", CLEAN_SOURCE_TREE_CMD), ("nonwinbind-check-clean-tree", CLEAN_SOURCE_TREE_CMD),

View File

@ -455,6 +455,10 @@ if ($opt_mitkrb5 == 1) {
$ENV{KRB5RCACHETYPE} = "none"; $ENV{KRB5RCACHETYPE} = "none";
} }
# Enable support for SHA1 in OpenSSL
# This is required e.g. for pkinit sha1 tests
$ENV{OPENSSL_ENABLE_SHA1_SIGNATURES} = 1;
# After this many seconds, the server will self-terminate. All tests # After this many seconds, the server will self-terminate. All tests
# must terminate in this time, and testenv will only stay alive this # must terminate in this time, and testenv will only stay alive this
# long # long