From: Michal Nowak <mnowak@isc.org>
Date: Wed, 25 Jun 2025 13:35:23 +0000 (+0200)
Subject: Disable Kerberos in tumbleweed
X-Git-Tag: v9.20.11~11^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=511f609481f1344cd88d374a7afd9232898b21fb;p=thirdparty%2Fbind9.git

Disable Kerberos in tumbleweed

In the tumbleweed image, we utilize LibreSSL. Several BIND 9 libraries
are linked against LibreSSL's libcrypto.so.55, and when Kerberos is
enabled, we link against libk5crypto.so.3, which in turn links against
OpenSSL's libcrypto.so.3. This might theoretically lead to a symbol
conflict.

(cherry picked from commit 1b2c191bed4097e1095de3bc2f3854b6db894a8e)
---

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 75fb694aba9..e553988d2ca 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1217,7 +1217,7 @@ gcc:tumbleweed:amd64:
     # NOTE: This does *not* enable testing of the DNSRPS feature itself.
     # Doing that requires a DNSRPS provider library to be present on the
     # test host.
-    EXTRA_CONFIGURE: "--enable-dnsrps --enable-dnsrps-dl --with-libidn2 ${WITH_READLINE_READLINE}"
+    EXTRA_CONFIGURE: "--enable-dnsrps --enable-dnsrps-dl --with-libidn2 --without-gssapi ${WITH_READLINE_READLINE}"
     GNUMAKEFLAGS: "--shuffle=random"
   <<: *tumbleweed_latest_amd64_image
   <<: *build_job