Summary: | net-fs/samba-4.x has many hard dependencies, make some optional | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Sylvain CANOINE <canouble> |
Component: | Current packages | Assignee: | Gentoo's SAMBA Team <samba> |
Status: | RESOLVED OBSOLETE | ||
Severity: | enhancement | CC: | ahferroin7, bert, bugs.gentoo.org, duncan, fitzcarraldo1, gentoo, kumba, mvolaski |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 506448, 579544 | ||
Bug Blocks: | |||
Attachments: | emerge -pvt1 samba |
Description
Sylvain CANOINE
2016-04-05 14:18:59 UTC
Created attachment 429678 [details]
emerge -pvt1 samba
Kerberos is not required at all if you are not using AD, LDAP etc. and are just using NETBIOS in a Windows workgroup (like most home users). However, the Gentoo samba ebuild has the following lines, which forces the user to install Kerberos (either the MIT implementation or the Heimdal implementation): system-mitkrb5? ( app-crypt/mit-krb5[${MULTILIB_USEDEP}] ) !system-mitkrb5? ( >=app-crypt/heimdal-1.5[-ssl,${MULTILIB_USEDEP}] ) In other words, the Gentoo samba user is forced to install either mit-krb5 or heimdal, even if he/she does not need Kerberos at all because he/she is just using NETBIOS in a Windows workgroup. So, to me, the ebuild appears to be incorrect; it should offer a ternary choice, not a binary choice for Kerberos. For example, let's say USE flags 'mit-krb5' and 'heimdal': mit-krb5? ( app-crypt/mit-krb5[${MULTILIB_USEDEP}] ) heimdal? ( >=app-crypt/heimdal-1.5[-ssl,${MULTILIB_USEDEP}] ) or, alternatively, let's say USE flags 'kerberos' and 'system-mitkrb5': system-mitkrb5? ( app-crypt/mit-krb5[${MULTILIB_USEDEP}] ) kerberos? ( || ( app-crypt/mit-krb5[${MULTILIB_USEDEP}] >=app-crypt/heimdal-1.5[-ssl,${MULTILIB_USEDEP}] ) ) I'm no ebuild code expert, so the above syntax could well be incorrect, but hopefully you get my gist. Samba allows the user to enable and disable different features at compile time. For example: https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/compiling.html#id2687849 ----- BEGIN QUOTE ----- Compiling Samba with Active Directory Support In order to compile Samba with ADS support, you need to have installed on your system: The MIT or Heimdal Kerberos development libraries (either install from the sources or use a package). The OpenLDAP development libraries. If your Kerberos libraries are in a nonstandard location, then remember to add the configure option --with-krb5=DIR. After you run configure, make sure that the include/config.h it generates contain lines like this: #define HAVE_KRB5 1 #define HAVE_LDAP 1 If it does not, configure did not find your KRB5 libraries or your LDAP libraries. Look in config.log to figure out why and fix it. ----- END QUOTE ----- Therefore, if a Gentoo user does not wish to have Active Directory and Kerberos support (neither of which is wanted or required if you are simply using NetBIOS in a Windows workgoup, which is the case with most home users), could the ebuild not set 'define HAVE_KRB5 0' and 'define HAVE_LDAP 0' in include/config.h if there were a USE flag such as 'kerberos' and the user were to specify USE="-ldap -kerberos" when merging the package? Basically, the current USE flag system-krb5 is insufficient. The user needs to be able to choose any of the following: 1. Install Kerberos (MIT implementation). OR 2. Install Kerberos (Heimdal implementation). OR 3. Not install Kerberos at all. In the 3rd option, I assume the ebuild should also modify include/config.h to have 'HAVE_KRB5 0'. Is Kerberos essential for LDAP? If it isn't, then it could be enabled and disabled independently of the "ldap" USE flag. As I understand it, Kerberos is essential in AD, so if a user selects the "ads" USE flag then it would have to be a mandatory dependency. I can't speak for the other dependencies (like Kerberos and such), but what drew my attention to this bug was the hard dep on openldap by sys-libs/ldb. I dug around a little, and this site on Samba's homepage clarifies some: https://wiki.samba.org/index.php/LDB """ LDB is the database engine used within Samba. LDB is an an embedded LDAP-Like database library, but not completely LDAP compliant. It can store its database in regular files (using TDB), or talk to a standard LDAP server. LDB is a core part of Samba4. There has been work using it for Samba3's group mapping database. """ Looks like it's a required component for storing users and whatnot. Next, I looked at ldb itself, and it looks like LDAP is now optional, at least with ldb-1.1.27. A run of its configure script w/o openldap installed shows the check for LDAP, but it doesn't throw any errors. I've now successfully built a modified sys-libs/ldb w/o LDAP, and then built Samba 4.x, and it appears to (so far) work fine with my older Samba3 user db on my home server. I re-opened Bug #506448 to propose a patch to sys-libs/ldb to make LDAP the default via USE, but it is now able to be overridden by the user. That bug will block this one. That way, if anyone else wants to work on testing to see whatever other bits optional, they can use this bug to track the status of the overall goal to reduce required dependencies. Patches to make kerberos optional are highly welcome. BUT... I won't turn these dependencies into automagic dependencies. Please make sure that any patch you submit here also disables kerberos support if a user has either mit-krb5 or heimdall installed. samba should not link to any kerberos implementaion at all even when some kerberos implementation is installed on the target system. Similarly, why does Samba require dev-lang/perl? The commit that added it (00998d2c9[1]) just says "Add missing Perl dependency" without any explanation. What about dev-python/subunit? Is it just for tests? If so, why is it listed as a runtime dependency? |