Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 579088 - net-fs/samba-4.x has many hard dependencies, make some optional
Summary: net-fs/samba-4.x has many hard dependencies, make some optional
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal enhancement with 6 votes (vote)
Assignee: Gentoo's SAMBA Team
Depends on: 506448 579544
  Show dependency tree
Reported: 2016-04-05 14:18 UTC by Sylvain CANOINE
Modified: 2017-06-12 20:36 UTC (History)
8 users (show)

See Also:
Package list:
Runtime testing required: ---

emerge -pvt1 samba (Ifo.txt,11.03 KB, text/plain)
2016-04-05 14:20 UTC, Sylvain CANOINE

Note You need to log in before you can comment on or make changes to this bug.
Description Sylvain CANOINE 2016-04-05 14:18:59 UTC
As the USE flags say, I don't need AD/LDAP/Kerberos/so_on, I just own a simple standalone file server. But Samba 4 "needs" openldap (via ldb, which I don't need either), krb5 librairies (heimdal or MIT), so many python modules (and, then, dev-python/pip). But... why?

Reproducible: Always

Steps to Reproduce:
1. emerge --sync
2. emerge -pvuDN world
Actual Results:  
48 mandatory, but not visibly useful, dependencies.

Expected Results:  
As few mandatory dependencies as possible.

# emerge --info
Portage 2.2.26 (python 3.4.3-final-0, default/linux/amd64/13.0, gcc-4.9.3, glibc-2.21-r2, 4.1.15-gentoo-r1 x86_64)
System uname: Linux-4.1.15-gentoo-r1-x86_64-Intel-R-_Core-TM-2_Duo_CPU_E4600_@_2.40GHz-with-gentoo-2.2
KiB Mem:     6097992 total,   1009164 free
KiB Swap:    2822628 total,   2821932 free
Timestamp of repository gentoo: Tue, 05 Apr 2016 04:45:01 +0000
sh bash 4.3_p42-r1
ld GNU ld (Gentoo 2.25.1 p1.1) 2.25.1
app-shells/bash:          4.3_p42-r1::gentoo
dev-lang/perl:            5.20.2::gentoo
dev-lang/python:          2.7.10-r1::gentoo, 3.4.3-r1::gentoo
dev-util/pkgconfig:       0.28-r2::gentoo
sys-apps/baselayout:      2.2::gentoo
sys-apps/openrc:          0.19.1::gentoo
sys-apps/sandbox:         2.10-r1::gentoo
sys-devel/autoconf:       2.69::gentoo
sys-devel/automake:       1.13.4::gentoo, 1.14.1::gentoo, 1.15::gentoo
sys-devel/binutils:       2.25.1-r1::gentoo
sys-devel/gcc:            4.9.3::gentoo
sys-devel/gcc-config:     1.7.3::gentoo
sys-devel/libtool:        2.4.6::gentoo
sys-devel/make:           4.1-r1::gentoo
sys-kernel/linux-headers: 4.3::gentoo (virtual/os-headers)
sys-libs/glibc:           2.21-r2::gentoo

    location: /usr/portage
    sync-type: rsync
    sync-uri: rsync://cerbere/portage
    priority: -1000

    location: /usr/local/portage
    masters: gentoo
    priority: 0

CFLAGS="-O2 -march=native -mtune=native -pipe -fomit-frame-pointer"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.6/ext-active/ /etc/php/cgi-php5.6/ext-active/ /etc/php/cli-php5.6/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-O2 -march=native -mtune=native -pipe -fomit-frame-pointer"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -pipe"
LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,-O1 -Wl,--enable-new-dtags -Wl,--sort-common -s"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
USE="acpi amd64 apache2 apm automount bash-completion berkdb bzip2 caps-ng chroot cli cracklib crypt cscope ctype directfb dri eds expat fbcon ftp gd gdbm glibc-omitfp gpm gudev hal hwdb iconv ithreads jpeg keymap lm_sensors logrotate lzma mbox md5sum memlimit mmx mmxext modules multilib nagios-dns nagios-ntp nagios-ping nagios-ssh ncurses netifrc nls nocd nptl nptlonly openmp openrc pam pcre perl pic png posix python readline rrdtool rule-generator samba seccomp sensord session sharedmem smp sockets spell sse sse2 ssl svg symlink sysfs syslog szip tcpd threads truetype unicode userlocales vim-syntax web xattr xml zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_core authn_dbd authn_dbm authn_default authn_file authz_core authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dbd deflate dir disk_cache dumpio env expires ext_filter file_cache filter headers ident imagemap include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif socache_shmcb speling status unique_id unixd userdir usertrack vhost_alias" APACHE2_MPMS="worker" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="mmx mmxext sse sse2 sse3 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="fr" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-5" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_4" RUBY_TARGETS="ruby20 ruby21" USERLAND="GNU" VIDEO_CARDS="fbdev glint intel mach64 mga nouveau nv r128 radeon savage sis tdfx trident vesa via vmware dummy v4l" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Comment 1 Sylvain CANOINE 2016-04-05 14:20:58 UTC
Created attachment 429678 [details]
emerge -pvt1 samba
Comment 2 Fitzcarraldo 2016-04-08 14:05:28 UTC
Kerberos is not required at all if you are not using AD, LDAP etc. and are just using NETBIOS in a Windows workgroup (like most home users). However, the Gentoo samba ebuild has the following lines, which forces the user to install Kerberos (either the MIT implementation or the Heimdal implementation):

system-mitkrb5? ( app-crypt/mit-krb5[${MULTILIB_USEDEP}] )
!system-mitkrb5? ( >=app-crypt/heimdal-1.5[-ssl,${MULTILIB_USEDEP}] )

In other words, the Gentoo samba user is forced to install either mit-krb5 or heimdal, even if he/she does not need Kerberos at all because he/she is just using NETBIOS in a Windows workgroup. So, to me, the ebuild appears to be incorrect; it should offer a ternary choice, not a binary choice for Kerberos. For example, let's say USE flags 'mit-krb5' and 'heimdal':

mit-krb5? ( app-crypt/mit-krb5[${MULTILIB_USEDEP}] )
heimdal? ( >=app-crypt/heimdal-1.5[-ssl,${MULTILIB_USEDEP}] )

or, alternatively, let's say USE flags 'kerberos' and 'system-mitkrb5':

system-mitkrb5? ( app-crypt/mit-krb5[${MULTILIB_USEDEP}] )
kerberos? ( || ( app-crypt/mit-krb5[${MULTILIB_USEDEP}] >=app-crypt/heimdal-1.5[-ssl,${MULTILIB_USEDEP}] ) )

I'm no ebuild code expert, so the above syntax could well be incorrect, but hopefully you get my gist.

Samba allows the user to enable and disable different features at compile time. For example:

----- BEGIN QUOTE -----
Compiling Samba with Active Directory Support

In order to compile Samba with ADS support, you need to have installed on your system:

The MIT or Heimdal Kerberos development libraries (either install from the sources or use a package).

The OpenLDAP development libraries.

If your Kerberos libraries are in a nonstandard location, then remember to add the configure option --with-krb5=DIR.

After you run configure, make sure that the include/config.h it generates contain lines like this:

#define HAVE_KRB5 1
#define HAVE_LDAP 1

If it does not, configure did not find your KRB5 libraries or your LDAP libraries. Look in config.log to figure out why and fix it.
----- END QUOTE -----

Therefore, if a Gentoo user does not wish to have Active Directory and Kerberos support (neither of which is wanted or required if you are simply using NetBIOS in a Windows workgoup, which is the case with most home users), could the ebuild not set 'define HAVE_KRB5 0' and 'define HAVE_LDAP 0' in include/config.h if there were a USE flag such as 'kerberos' and the user were to specify USE="-ldap -kerberos" when merging the package?

Basically, the current USE flag system-krb5 is insufficient. The user needs to be able to choose any of the following:

1. Install Kerberos (MIT implementation).
2. Install Kerberos (Heimdal implementation).
3. Not install Kerberos at all.

In the 3rd option, I assume the ebuild should also modify include/config.h to have 'HAVE_KRB5 0'.

Is Kerberos essential for LDAP? If it isn't, then it could be enabled and disabled independently of the "ldap" USE flag.

As I understand it, Kerberos is essential in AD, so if a user selects the "ads" USE flag then it would have to be a mandatory dependency.
Comment 3 Joshua Kinard gentoo-dev 2016-08-29 16:22:42 UTC
I can't speak for the other dependencies (like Kerberos and such), but what drew my attention to this bug was the hard dep on openldap by sys-libs/ldb.

I dug around a little, and this site on Samba's homepage clarifies some:

LDB is the database engine used within Samba. LDB is an an embedded LDAP-Like database library, but not completely LDAP compliant. It can store its database in regular files (using TDB), or talk to a standard LDAP server. LDB is a core part of Samba4. There has been work using it for Samba3's group mapping database.

Looks like it's a required component for storing users and whatnot.  Next, I looked at ldb itself, and it looks like LDAP is now optional, at least with ldb-1.1.27.  A run of its configure script w/o openldap installed shows the check for LDAP, but it doesn't throw any errors.

I've now successfully built a modified sys-libs/ldb w/o LDAP, and then built Samba 4.x, and it appears to (so far) work fine with my older Samba3 user db on my home server.

I re-opened Bug #506448 to propose a patch to sys-libs/ldb to make LDAP the default via USE, but it is now able to be overridden by the user.  That bug will block this one.  That way, if anyone else wants to work on testing to see whatever other bits optional, they can use this bug to track the status of the overall goal to reduce required dependencies.
Comment 4 Lars Wendler (Polynomial-C) gentoo-dev 2016-09-06 09:38:32 UTC
Patches to make kerberos optional are highly welcome.


I won't turn these dependencies into automagic dependencies. Please make sure that any patch you submit here also disables kerberos support if a user has either mit-krb5 or heimdall installed. samba should not link to any kerberos implementaion at all even when some kerberos implementation is installed on the target system.
Comment 5 Dustin C. Hatch 2017-06-12 20:36:07 UTC
Similarly, why does Samba require dev-lang/perl? The commit that added it (00998d2c9[1]) just says "Add missing Perl dependency" without any explanation.

What about dev-python/subunit? Is it just for tests? If so, why is it listed as a runtime dependency?