All of lore.kernel.org
 help / color / mirror / Atom feed
* [meta-networking][PATCH 0/2] samba: fixes for AD DC service
@ 2017-10-24  8:22 jackie.huang
  2017-10-24  8:22 ` [meta-networking][PATCH 1/2] samba: add missing RDEPENDS jackie.huang
  2017-10-24  8:22 ` [meta-networking][PATCH 2/2] samba: fix for AD DC service jackie.huang
  0 siblings, 2 replies; 4+ messages in thread
From: jackie.huang @ 2017-10-24  8:22 UTC (permalink / raw)
  To: openembedded-devel

From: Jackie Huang <jackie.huang@windriver.com>

--
The following changes since commit 0d220e002e4f525469f0c24e0585318d2178e7a1:

  tslib: update project homepage (2017-10-20 16:14:56 +0000)

are available in the git repository at:

  git://git.pokylinux.org/poky-contrib.git jhuang0/d_samba-ad-dc_171024_0
  http://git.pokylinux.org/cgit.cgi//log/?h=jhuang0/d_samba-ad-dc_171024_0

Jackie Huang (2):
  samba: add missing RDEPENDS
  samba: fix for AD DC service

 .../recipes-connectivity/samba/samba_4.6.7.bb      | 38 +++++++++++++++++-----
 1 file changed, 29 insertions(+), 9 deletions(-)

-- 
2.11.0



^ permalink raw reply	[flat|nested] 4+ messages in thread
* [meta-networking][PATCH 1/2] samba: add missing RDEPENDS
  2017-10-24  8:22 [meta-networking][PATCH 0/2] samba: fixes for AD DC service jackie.huang
@ 2017-10-24  8:22 ` jackie.huang
  2017-10-24  8:22 ` [meta-networking][PATCH 2/2] samba: fix for AD DC service jackie.huang
  1 sibling, 0 replies; 4+ messages in thread
From: jackie.huang @ 2017-10-24  8:22 UTC (permalink / raw)
  To: openembedded-devel

From: Jackie Huang <jackie.huang@windriver.com>

* samba-tool requires the python modules from samba-python
  or it fails with:

  Traceback (most recent call last):
    File "/usr/bin/samba-tool", line 33, in <module>
      from samba.netcmd.main import cmd_sambatool
  ImportError: No module named samba.netcmd.main

* Provisioning with samba-tool requires samba-dsdb-modules
  or it fails with:

  Setting up secrets.ldb
  ldb: unable to stat module /usr/lib64/samba/ldb : No such file or directory
  WARNING: Module [samba_secrets] not found - do you need to set LDB_MODULES_PATH?
  Unable to load modules for /var/lib/samba/private/secrets.ldb: (null)
  ERROR(ldb): uncaught exception - None

* samba-python requires pytalloc and python-tdb or it fails with:

  TypeError: pytalloc: unable to get talloc.BaseObject type
  ERROR(<type 'exceptions.ImportError'>): uncaught exception - No module named tdb

Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
---
 meta-networking/recipes-connectivity/samba/samba_4.6.7.bb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/meta-networking/recipes-connectivity/samba/samba_4.6.7.bb b/meta-networking/recipes-connectivity/samba/samba_4.6.7.bb
index 59d7425c8..2b227c95d 100644
--- a/meta-networking/recipes-connectivity/samba/samba_4.6.7.bb
+++ b/meta-networking/recipes-connectivity/samba/samba_4.6.7.bb
@@ -186,7 +186,8 @@ python samba_populate_packages() {
 
 PACKAGESPLITFUNCS_prepend = "samba_populate_packages "
 
-RDEPENDS_${PN} += "${PN}-base"
+RDEPENDS_${PN} += "${PN}-base ${PN}-python ${PN}-dsdb-modules"
+RDEPENDS_${PN}-python += "pytalloc python-tdb"
 
 FILES_${PN}-base = "${sbindir}/nmbd \
                     ${sbindir}/smbd \
-- 
2.11.0



^ permalink raw reply related	[flat|nested] 4+ messages in thread
* [meta-networking][PATCH 2/2] samba: fix for AD DC service
  2017-10-24  8:22 [meta-networking][PATCH 0/2] samba: fixes for AD DC service jackie.huang
  2017-10-24  8:22 ` [meta-networking][PATCH 1/2] samba: add missing RDEPENDS jackie.huang
@ 2017-10-24  8:22 ` jackie.huang
  2017-11-02  7:19   ` Huang, Jie (Jackie)
  1 sibling, 1 reply; 4+ messages in thread
From: jackie.huang @ 2017-10-24  8:22 UTC (permalink / raw)
  To: openembedded-devel

From: Jackie Huang <jackie.huang@windriver.com>

The AD DC service is installed by default since the commit:
"""
commit 28b8edc760d5e0664ad4861464f5de06f5fc305a
samba: install all systemd unit files
This includes samba.service, which other major distributions install, too.
"""

But lack of required executable since ad-dc feature is disabled by default.

To fix the issue:
- Add PACKAGECONFIG for ad-dc and enable by default.
- Add PACKAGECONFIG for gnutls which is required by ad-dc and
  enable by default.
- Add PACKAGECONFIG for mitkrb5 but disable by default because
  of an known issue:
  http://samba.2283325.n4.nabble.com/samba-4-6-6-Unknown-dependency-kdc-in-service-kdc-objlist-td4722096.html
- Don't install samba.service if ad-dc is disabled.
- Re-package ad-dc service and executable into a new package samba-ad-dc

Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
---
 .../recipes-connectivity/samba/samba_4.6.7.bb      | 35 +++++++++++++++++-----
 1 file changed, 27 insertions(+), 8 deletions(-)

diff --git a/meta-networking/recipes-connectivity/samba/samba_4.6.7.bb b/meta-networking/recipes-connectivity/samba/samba_4.6.7.bb
index 2b227c95d..9372ea34a 100644
--- a/meta-networking/recipes-connectivity/samba/samba_4.6.7.bb
+++ b/meta-networking/recipes-connectivity/samba/samba_4.6.7.bb
@@ -34,7 +34,7 @@ inherit systemd waf-samba cpan-base perlnative update-rc.d
 # remove default added RDEPENDS on perl
 RDEPENDS_${PN}_remove = "perl"
 
-DEPENDS += "readline virtual/libiconv zlib popt libtalloc libtdb libtevent libldb krb5 libbsd libaio libpam"
+DEPENDS += "readline virtual/libiconv zlib popt libtalloc libtdb libtevent libldb libbsd libaio libpam"
 DEPENDS_append_libc-musl = " libtirpc"
 CFLAGS_append_libc-musl = " -I${STAGING_INCDIR}/tirpc"
 LDFLAGS_append_libc-musl = " -ltirpc"
@@ -45,12 +45,18 @@ LSB_linuxstdbase = "lsb"
 INITSCRIPT_NAME = "samba"
 INITSCRIPT_PARAMS = "start 20 3 5 . stop 20 0 1 6 ."
 
-SYSTEMD_PACKAGES = "${PN}-base winbind"
+SYSTEMD_PACKAGES = "${PN}-base ${PN}-ad-dc winbind"
 SYSTEMD_SERVICE_${PN}-base = "nmb.service smb.service"
+SYSTEMD_SERVICE_${PN}-ad-dc = "samba.service"
 SYSTEMD_SERVICE_winbind = "winbind.service"
 
+# There are prerequisite settings to enable ad-dc, so disable the service by default.
+# Reference:
+# https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller
+SYSTEMD_AUTO_ENABLE_${PN}-ad-dc = "disable"
+
 PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd zeroconf', d)} \
-                   acl cups ldap \
+                   acl ad-dc cups gnutls ldap \
 "
 
 RDEPENDS_${PN}-base += "${LSB}"
@@ -68,6 +74,15 @@ PACKAGECONFIG[valgrind] = ",--without-valgrind,valgrind,"
 PACKAGECONFIG[lttng] = "--with-lttng, --without-lttng,lttng-ust"
 PACKAGECONFIG[archive] = "--with-libarchive, --without-libarchive, libarchive"
 
+# Building the AD (Active Directory) DC (Domain Controller) requires GnuTLS,
+# And ad-dc doesn't work with mitkrb5 for versions prior to 4.7.0 according to:
+# http://samba.2283325.n4.nabble.com/samba-4-6-6-Unknown-dependency-kdc-in-service-kdc-objlist-td4722096.html
+# So the working combination is:
+# 1) ad-dc: enable, gnutls: enable, mitkrb5: disable
+# 2) ad-dc: disable, gnutls: enable/disable, mitkrb5: enable
+PACKAGECONFIG[ad-dc] = ",--without-ad-dc,,"
+PACKAGECONFIG[gnutls] = "--enable-gnutls,--disable-gnutls,gnutls,"
+PACKAGECONFIG[mitkrb5] = "--with-system-mitkrb5,,krb5,"
 
 SAMBA4_IDMAP_MODULES="idmap_ad,idmap_rid,idmap_adex,idmap_hash,idmap_tdb2"
 SAMBA4_PDB_MODULES="pdb_tdbsam,${@bb.utils.contains('PACKAGECONFIG', 'ldap', 'pdb_ldap,', '', d)}pdb_ads,pdb_smbpasswd,pdb_wbc_sam,pdb_samba4"
@@ -82,12 +97,9 @@ EXTRA_OECONF += "--enable-fhs \
                  --with-modulesdir=${libdir}/samba \
                  --with-lockdir=${localstatedir}/lib/samba \
                  --with-cachedir=${localstatedir}/lib/samba \
-                 --disable-gnutls \
                  --disable-rpath-install \
                  --with-shared-modules=${SAMBA4_MODULES} \
                  --bundled-libraries=${SAMBA4_LIBS} \
-                 --with-system-mitkrb5 \
-                 --without-ad-dc \
                  ${@base_conditional('TARGET_ARCH', 'x86_64', '', '--disable-glusterfs', d)} \
                  --with-cluster-support \
                  --with-profiling-data \
@@ -113,6 +125,10 @@ do_install_append() {
         -e 's,/etc/sysconfig/samba,${sysconfdir}/default/samba,' \
         -i ${D}${systemd_system_unitdir}/*.service
 
+    if [ "${@bb.utils.contains('PACKAGECONFIG', 'ad-dc', 'yes', 'no', d)}" = "no" ]; then
+        rm -f ${D}${systemd_system_unitdir}/samba.service
+    fi
+
     install -d ${D}${sysconfdir}/tmpfiles.d
     install -m644 packaging/systemd/samba.conf.tmp ${D}${sysconfdir}/tmpfiles.d/samba.conf
     echo "d ${localstatedir}/log/samba 0755 root root -" \
@@ -161,7 +177,7 @@ do_install_append() {
 PACKAGES =+ "${PN}-python ${PN}-pidl \
              ${PN}-dsdb-modules ${PN}-testsuite registry-tools \
              winbind \
-             ${PN}-common ${PN}-base ${PN}-ctdb-tests \
+             ${PN}-common ${PN}-base ${PN}-ad-dc ${PN}-ctdb-tests \
              smbclient"
 
 python samba_populate_packages() {
@@ -196,9 +212,12 @@ FILES_${PN}-base = "${sbindir}/nmbd \
                     ${localstatedir}/nmbd \
                     ${localstatedir}/spool/samba \
                     ${systemd_system_unitdir}/nmb.service \
-                    ${systemd_system_unitdir}/samba.service \
                     ${systemd_system_unitdir}/smb.service"
 
+FILES_${PN}-ad-dc = "${sbindir}/samba \
+                     ${systemd_system_unitdir}/samba.service \
+                    "
+
 FILES_${PN}-ctdb-tests = "${bindir}/ctdb_run_tests \
                           ${bindir}/ctdb_run_cluster_tests \
                           ${sysconfdir}/ctdb/nodes \
-- 
2.11.0



^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [meta-networking][PATCH 2/2] samba: fix for AD DC service
  2017-10-24  8:22 ` [meta-networking][PATCH 2/2] samba: fix for AD DC service jackie.huang
@ 2017-11-02  7:19   ` Huang, Jie (Jackie)
  0 siblings, 0 replies; 4+ messages in thread
From: Huang, Jie (Jackie) @ 2017-11-02  7:19 UTC (permalink / raw)
  To: openembedded-devel@lists.openembedded.org


Please ignore this since we found an issue after disabling mitkrb5:

Samba can be built with either:
- system_mitkrb5        (--with-system-mitkrb5)
- embedded_heimdal  
- system_heimdal

If we don't set --with-system-mitkrb5, it will find if there is system_heimdal , if not,
It will built with embedded_heimdal which seems only builds for x86 and x86-64,
and it needs libbsd on the host, it will fail when build for x86 and there is no 32bit libbsd
on the host:

tmp-glibc/work/core2-32-wrsmllib32-linux/lib32-samba/4.6.7-r0/samba-4.6.7/bin/asn1_compile: error while loading shared libraries: libbsd.so.0: cannot open shared object file: No such file or directory

So I will re-work the patch to turn back to mitkrb5, but ad-dc will need to be disabled by default since another know issue I mentioned in the comments.
And someone from WR might work on the above issue.

Thanks,
Jackie


> -----Original Message-----
> From: openembedded-devel-bounces@lists.openembedded.org
> [mailto:openembedded-devel-bounces@lists.openembedded.org] On Behalf Of
> jackie.huang@windriver.com
> Sent: Tuesday, October 24, 2017 16:23
> To: openembedded-devel@lists.openembedded.org
> Subject: [oe] [meta-networking][PATCH 2/2] samba: fix for AD DC service
> 
> From: Jackie Huang <jackie.huang@windriver.com>
> 
> The AD DC service is installed by default since the commit:
> """
> commit 28b8edc760d5e0664ad4861464f5de06f5fc305a
> samba: install all systemd unit files
> This includes samba.service, which other major distributions install, too.
> """
> 
> But lack of required executable since ad-dc feature is disabled by default.
> 
> To fix the issue:
> - Add PACKAGECONFIG for ad-dc and enable by default.
> - Add PACKAGECONFIG for gnutls which is required by ad-dc and
>   enable by default.
> - Add PACKAGECONFIG for mitkrb5 but disable by default because
>   of an known issue:
>   http://samba.2283325.n4.nabble.com/samba-4-6-6-Unknown-dependency-
> kdc-in-service-kdc-objlist-td4722096.html
> - Don't install samba.service if ad-dc is disabled.
> - Re-package ad-dc service and executable into a new package samba-ad-dc
> 
> Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
> ---
>  .../recipes-connectivity/samba/samba_4.6.7.bb      | 35 +++++++++++++++++----
> -
>  1 file changed, 27 insertions(+), 8 deletions(-)
> 
> diff --git a/meta-networking/recipes-connectivity/samba/samba_4.6.7.bb
> b/meta-networking/recipes-connectivity/samba/samba_4.6.7.bb
> index 2b227c95d..9372ea34a 100644
> --- a/meta-networking/recipes-connectivity/samba/samba_4.6.7.bb
> +++ b/meta-networking/recipes-connectivity/samba/samba_4.6.7.bb
> @@ -34,7 +34,7 @@ inherit systemd waf-samba cpan-base perlnative update-
> rc.d
>  # remove default added RDEPENDS on perl
>  RDEPENDS_${PN}_remove = "perl"
> 
> -DEPENDS += "readline virtual/libiconv zlib popt libtalloc libtdb libtevent libldb
> krb5 libbsd libaio libpam"
> +DEPENDS += "readline virtual/libiconv zlib popt libtalloc libtdb libtevent libldb
> libbsd libaio libpam"
>  DEPENDS_append_libc-musl = " libtirpc"
>  CFLAGS_append_libc-musl = " -I${STAGING_INCDIR}/tirpc"
>  LDFLAGS_append_libc-musl = " -ltirpc"
> @@ -45,12 +45,18 @@ LSB_linuxstdbase = "lsb"
>  INITSCRIPT_NAME = "samba"
>  INITSCRIPT_PARAMS = "start 20 3 5 . stop 20 0 1 6 ."
> 
> -SYSTEMD_PACKAGES = "${PN}-base winbind"
> +SYSTEMD_PACKAGES = "${PN}-base ${PN}-ad-dc winbind"
>  SYSTEMD_SERVICE_${PN}-base = "nmb.service smb.service"
> +SYSTEMD_SERVICE_${PN}-ad-dc = "samba.service"
>  SYSTEMD_SERVICE_winbind = "winbind.service"
> 
> +# There are prerequisite settings to enable ad-dc, so disable the service by
> default.
> +# Reference:
> +#
> https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_
> Domain_Controller
> +SYSTEMD_AUTO_ENABLE_${PN}-ad-dc = "disable"
> +
>  PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd
> zeroconf', d)} \
> -                   acl cups ldap \
> +                   acl ad-dc cups gnutls ldap \
>  "
> 
>  RDEPENDS_${PN}-base += "${LSB}"
> @@ -68,6 +74,15 @@ PACKAGECONFIG[valgrind] = ",--without-
> valgrind,valgrind,"
>  PACKAGECONFIG[lttng] = "--with-lttng, --without-lttng,lttng-ust"
>  PACKAGECONFIG[archive] = "--with-libarchive, --without-libarchive, libarchive"
> 
> +# Building the AD (Active Directory) DC (Domain Controller) requires GnuTLS,
> +# And ad-dc doesn't work with mitkrb5 for versions prior to 4.7.0 according to:
> +# http://samba.2283325.n4.nabble.com/samba-4-6-6-Unknown-dependency-
> kdc-in-service-kdc-objlist-td4722096.html
> +# So the working combination is:
> +# 1) ad-dc: enable, gnutls: enable, mitkrb5: disable
> +# 2) ad-dc: disable, gnutls: enable/disable, mitkrb5: enable
> +PACKAGECONFIG[ad-dc] = ",--without-ad-dc,,"
> +PACKAGECONFIG[gnutls] = "--enable-gnutls,--disable-gnutls,gnutls,"
> +PACKAGECONFIG[mitkrb5] = "--with-system-mitkrb5,,krb5,"
> 
> 
> SAMBA4_IDMAP_MODULES="idmap_ad,idmap_rid,idmap_adex,idmap_hash,id
> map_tdb2"
> 
> SAMBA4_PDB_MODULES="pdb_tdbsam,${@bb.utils.contains('PACKAGECONFIG',
> 'ldap', 'pdb_ldap,', '', d)}pdb_ads,pdb_smbpasswd,pdb_wbc_sam,pdb_samba4"
> @@ -82,12 +97,9 @@ EXTRA_OECONF += "--enable-fhs \
>                   --with-modulesdir=${libdir}/samba \
>                   --with-lockdir=${localstatedir}/lib/samba \
>                   --with-cachedir=${localstatedir}/lib/samba \
> -                 --disable-gnutls \
>                   --disable-rpath-install \
>                   --with-shared-modules=${SAMBA4_MODULES} \
>                   --bundled-libraries=${SAMBA4_LIBS} \
> -                 --with-system-mitkrb5 \
> -                 --without-ad-dc \
>                   ${@base_conditional('TARGET_ARCH', 'x86_64', '', '--disable-glusterfs',
> d)} \
>                   --with-cluster-support \
>                   --with-profiling-data \
> @@ -113,6 +125,10 @@ do_install_append() {
>          -e 's,/etc/sysconfig/samba,${sysconfdir}/default/samba,' \
>          -i ${D}${systemd_system_unitdir}/*.service
> 
> +    if [ "${@bb.utils.contains('PACKAGECONFIG', 'ad-dc', 'yes', 'no', d)}" = "no" ];
> then
> +        rm -f ${D}${systemd_system_unitdir}/samba.service
> +    fi
> +
>      install -d ${D}${sysconfdir}/tmpfiles.d
>      install -m644 packaging/systemd/samba.conf.tmp
> ${D}${sysconfdir}/tmpfiles.d/samba.conf
>      echo "d ${localstatedir}/log/samba 0755 root root -" \
> @@ -161,7 +177,7 @@ do_install_append() {
>  PACKAGES =+ "${PN}-python ${PN}-pidl \
>               ${PN}-dsdb-modules ${PN}-testsuite registry-tools \
>               winbind \
> -             ${PN}-common ${PN}-base ${PN}-ctdb-tests \
> +             ${PN}-common ${PN}-base ${PN}-ad-dc ${PN}-ctdb-tests \
>               smbclient"
> 
>  python samba_populate_packages() {
> @@ -196,9 +212,12 @@ FILES_${PN}-base = "${sbindir}/nmbd \
>                      ${localstatedir}/nmbd \
>                      ${localstatedir}/spool/samba \
>                      ${systemd_system_unitdir}/nmb.service \
> -                    ${systemd_system_unitdir}/samba.service \
>                      ${systemd_system_unitdir}/smb.service"
> 
> +FILES_${PN}-ad-dc = "${sbindir}/samba \
> +                     ${systemd_system_unitdir}/samba.service \
> +                    "
> +
>  FILES_${PN}-ctdb-tests = "${bindir}/ctdb_run_tests \
>                            ${bindir}/ctdb_run_cluster_tests \
>                            ${sysconfdir}/ctdb/nodes \
> --
> 2.11.0
> 
> --
> _______________________________________________
> Openembedded-devel mailing list
> Openembedded-devel@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-devel


^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-11-02  7:19 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-10-24  8:22 [meta-networking][PATCH 0/2] samba: fixes for AD DC service jackie.huang
2017-10-24  8:22 ` [meta-networking][PATCH 1/2] samba: add missing RDEPENDS jackie.huang
2017-10-24  8:22 ` [meta-networking][PATCH 2/2] samba: fix for AD DC service jackie.huang
2017-11-02  7:19   ` Huang, Jie (Jackie)

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.