From: Łukasz Stelmach Date: Fri, 31 Mar 2023 17:42:13 +0000 (+0200) Subject: Configure builtin heimdal to use KEYRING ccache X-Git-Tag: talloc-2.4.1~485 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bb46379845fb2b3d4e04dca1a8493a8e2126a6fe;p=thirdparty%2Fsamba.git Configure builtin heimdal to use KEYRING ccache Signed-off-by: Łukasz Stelmach Reviewed-by: Andrew Bartlett Reviewed-by: Douglas Bagnall Reviewed-by: Stefan Metzmacher --- diff --git a/.gitlab-ci-main.yml b/.gitlab-ci-main.yml index 4208cbcc104..279c1087789 100644 --- a/.gitlab-ci-main.yml +++ b/.gitlab-ci-main.yml @@ -47,7 +47,7 @@ variables: # Set this to the contents of bootstrap/sha1sum.txt # which is generated by bootstrap/template.py --render # - SAMBA_CI_CONTAINER_TAG: cfddaa8d36c3f512827bd96fe05c30f7f8337f4b + SAMBA_CI_CONTAINER_TAG: 6f4e1c3f1eb3b3236ae793c11def2135386a0ee9 # # We use the ubuntu2204 image as default as # it matches what we have on atb-devel-224 diff --git a/bootstrap/config.py b/bootstrap/config.py index fd1753fb3e1..c67ab9184ab 100644 --- a/bootstrap/config.py +++ b/bootstrap/config.py @@ -181,7 +181,7 @@ PKGS = [ # rpm has no pkg for docbook-xml ('docbook-xml', 'docbook-dtds'), ('docbook-xsl', 'docbook-style-xsl'), - ('', 'keyutils-libs-devel'), + ('libkeyutils-dev', 'keyutils-libs-devel'), ('', 'which'), ('xz-utils', 'xz') ] diff --git a/bootstrap/generated-dists/debian11/bootstrap.sh b/bootstrap/generated-dists/debian11/bootstrap.sh index 1f9cddfe8ee..1aac852e83e 100755 --- a/bootstrap/generated-dists/debian11/bootstrap.sh +++ b/bootstrap/generated-dists/debian11/bootstrap.sh @@ -57,6 +57,7 @@ apt-get -y install \ libjansson-dev \ libjs-jquery \ libjson-perl \ + libkeyutils-dev \ libkrb5-dev \ libldap2-dev \ liblmdb-dev \ diff --git a/bootstrap/generated-dists/debian11/packages.yml b/bootstrap/generated-dists/debian11/packages.yml index e6336463721..1ff63e4b272 100644 --- a/bootstrap/generated-dists/debian11/packages.yml +++ b/bootstrap/generated-dists/debian11/packages.yml @@ -46,6 +46,7 @@ packages: - libjansson-dev - libjs-jquery - libjson-perl + - libkeyutils-dev - libkrb5-dev - libldap2-dev - liblmdb-dev diff --git a/bootstrap/generated-dists/ubuntu1804-32bit/bootstrap.sh b/bootstrap/generated-dists/ubuntu1804-32bit/bootstrap.sh index 56e7b805dfd..702f5153382 100755 --- a/bootstrap/generated-dists/ubuntu1804-32bit/bootstrap.sh +++ b/bootstrap/generated-dists/ubuntu1804-32bit/bootstrap.sh @@ -58,6 +58,7 @@ apt-get -y install \ libjansson-dev \ libjs-jquery \ libjson-perl \ + libkeyutils-dev \ libkrb5-dev \ libldap2-dev \ liblmdb-dev \ diff --git a/bootstrap/generated-dists/ubuntu1804-32bit/packages.yml b/bootstrap/generated-dists/ubuntu1804-32bit/packages.yml index b42b4d05989..78a73aec01f 100644 --- a/bootstrap/generated-dists/ubuntu1804-32bit/packages.yml +++ b/bootstrap/generated-dists/ubuntu1804-32bit/packages.yml @@ -47,6 +47,7 @@ packages: - libjansson-dev - libjs-jquery - libjson-perl + - libkeyutils-dev - libkrb5-dev - libldap2-dev - liblmdb-dev diff --git a/bootstrap/generated-dists/ubuntu1804/bootstrap.sh b/bootstrap/generated-dists/ubuntu1804/bootstrap.sh index 56e7b805dfd..702f5153382 100755 --- a/bootstrap/generated-dists/ubuntu1804/bootstrap.sh +++ b/bootstrap/generated-dists/ubuntu1804/bootstrap.sh @@ -58,6 +58,7 @@ apt-get -y install \ libjansson-dev \ libjs-jquery \ libjson-perl \ + libkeyutils-dev \ libkrb5-dev \ libldap2-dev \ liblmdb-dev \ diff --git a/bootstrap/generated-dists/ubuntu1804/packages.yml b/bootstrap/generated-dists/ubuntu1804/packages.yml index b42b4d05989..78a73aec01f 100644 --- a/bootstrap/generated-dists/ubuntu1804/packages.yml +++ b/bootstrap/generated-dists/ubuntu1804/packages.yml @@ -47,6 +47,7 @@ packages: - libjansson-dev - libjs-jquery - libjson-perl + - libkeyutils-dev - libkrb5-dev - libldap2-dev - liblmdb-dev diff --git a/bootstrap/generated-dists/ubuntu2004/bootstrap.sh b/bootstrap/generated-dists/ubuntu2004/bootstrap.sh index 56e7b805dfd..702f5153382 100755 --- a/bootstrap/generated-dists/ubuntu2004/bootstrap.sh +++ b/bootstrap/generated-dists/ubuntu2004/bootstrap.sh @@ -58,6 +58,7 @@ apt-get -y install \ libjansson-dev \ libjs-jquery \ libjson-perl \ + libkeyutils-dev \ libkrb5-dev \ libldap2-dev \ liblmdb-dev \ diff --git a/bootstrap/generated-dists/ubuntu2004/packages.yml b/bootstrap/generated-dists/ubuntu2004/packages.yml index b42b4d05989..78a73aec01f 100644 --- a/bootstrap/generated-dists/ubuntu2004/packages.yml +++ b/bootstrap/generated-dists/ubuntu2004/packages.yml @@ -47,6 +47,7 @@ packages: - libjansson-dev - libjs-jquery - libjson-perl + - libkeyutils-dev - libkrb5-dev - libldap2-dev - liblmdb-dev diff --git a/bootstrap/generated-dists/ubuntu2204/bootstrap.sh b/bootstrap/generated-dists/ubuntu2204/bootstrap.sh index 481d46c186c..83012cda983 100755 --- a/bootstrap/generated-dists/ubuntu2204/bootstrap.sh +++ b/bootstrap/generated-dists/ubuntu2204/bootstrap.sh @@ -58,6 +58,7 @@ apt-get -y install \ libjansson-dev \ libjs-jquery \ libjson-perl \ + libkeyutils-dev \ libkrb5-dev \ libldap2-dev \ liblmdb-dev \ diff --git a/bootstrap/generated-dists/ubuntu2204/packages.yml b/bootstrap/generated-dists/ubuntu2204/packages.yml index 91e48034a05..7d9f66e7f1f 100644 --- a/bootstrap/generated-dists/ubuntu2204/packages.yml +++ b/bootstrap/generated-dists/ubuntu2204/packages.yml @@ -47,6 +47,7 @@ packages: - libjansson-dev - libjs-jquery - libjson-perl + - libkeyutils-dev - libkrb5-dev - libldap2-dev - liblmdb-dev diff --git a/bootstrap/sha1sum.txt b/bootstrap/sha1sum.txt index 3a6671d4fb8..77937ea6800 100644 --- a/bootstrap/sha1sum.txt +++ b/bootstrap/sha1sum.txt @@ -1 +1 @@ -cfddaa8d36c3f512827bd96fe05c30f7f8337f4b +6f4e1c3f1eb3b3236ae793c11def2135386a0ee9 diff --git a/third_party/heimdal_build/wscript_build b/third_party/heimdal_build/wscript_build index 1518afe9ef4..8aea52b55f5 100644 --- a/third_party/heimdal_build/wscript_build +++ b/third_party/heimdal_build/wscript_build @@ -710,7 +710,7 @@ if not bld.CONFIG_SET("USING_SYSTEM_KRB5"): get_port.c init_creds.c init_creds_pw.c kcm.c keyblock.c keytab.c keytab_any.c keytab_file.c keytab_memory.c - keytab_keyfile.c krbhst.c log.c + keytab_keyfile.c krbhst.c krcache.c log.c mcache.c misc.c mk_error.c mk_priv.c mk_rep.c mk_req.c mk_req_ext.c mit_glue.c net_read.c net_write.c n-fold.c padata.c pkinit.c pkinit-ec.c @@ -726,10 +726,14 @@ if not bld.CONFIG_SET("USING_SYSTEM_KRB5"): mk_cred.c kx509_err.c k524_err.c krb_err.c k5e1_err.c''')] + ["../heimdal_build/krb5-glue.c"] + krb5_keyutils_dep = '' + if bld.CONFIG_SET('HAVE_KEYCTL_GET_PERSISTENT'): + krb5_keyutils_dep = ' keyutils' + HEIMDAL_LIBRARY('krb5', KRB5_SOURCE, version_script='lib/krb5/version-script.map', includes='../heimdal/lib/krb5 ../heimdal/lib/asn1 ../heimdal/include', - deps='roken wind asn1 hx509 HEIMDAL_KX509_ASN1 hcrypto com_err HEIMDAL_CONFIG heimbase execinfo samba_intl HEIMDAL_IPC_CLIENT KRB5_CRYPTO', + deps='roken wind asn1 hx509 HEIMDAL_KX509_ASN1 hcrypto com_err HEIMDAL_CONFIG heimbase execinfo samba_intl HEIMDAL_IPC_CLIENT KRB5_CRYPTO' + krb5_keyutils_dep, cflags=['-DLOCALSTATEDIR="/2"'] + bld.dynconfig_cflags(), ) KRB5_PROTO_SOURCE = KRB5_SOURCE + ['lib/krb5/expand_path.c', 'lib/krb5/plugin.c', 'lib/krb5/context.c', 'lib/krb5/crypto.c'] diff --git a/third_party/heimdal_build/wscript_configure b/third_party/heimdal_build/wscript_configure index a97a1b9baa8..645ce3a3468 100644 --- a/third_party/heimdal_build/wscript_configure +++ b/third_party/heimdal_build/wscript_configure @@ -66,6 +66,16 @@ conf.CHECK_FUNCS('dirfd', headers='dirent.h') conf.CHECK_DECLS('dirfd', reverse=True, headers='dirent.h') conf.CHECK_STRUCTURE_MEMBER('DIR', 'dd_fd', define='HAVE_DIR_DD_FD', headers='dirent.h') +if conf.env['WITH_KERNEL_KEYRING'] != False: + require_keyutils = False + if conf.env['WITH_KERNEL_KEYRING'] == True: + require_keyutils = True + conf.CHECK_FUNCS_IN('add_key keyctl_get_persistent', + 'keyutils', headers='keyutils.h', + mandatory=require_keyutils) + conf.CHECK_SIZEOF('key_serial_t', headers='keyutils.h', + critical=require_keyutils) + heimdal_no_error_flags = ['-Wno-error=discarded-qualifiers', '-Wno-error=cast-qual', '-Wno-error=missing-field-initializers', diff --git a/wscript b/wscript index b219297f0e0..681e669d019 100644 --- a/wscript +++ b/wscript @@ -116,6 +116,14 @@ def options(opt): help=("Disable RELRO builds"), action="store_false", dest='enable_relro') + opt.add_option('--with-kernel-keyring', + help=('Enable kernely keyring support for credential storage ' + + '(default if keyutils libraries are available)'), + action='store_true', dest='enable_keyring') + opt.add_option('--without-kernel-keyring', + help=('Disable kernely keyring support for credential storage'), + action='store_false', dest='enable_keyring') + gr = opt.option_group('developer options') opt.load('python') # options for disabling pyc or pyo compilation @@ -200,6 +208,13 @@ def configure(conf): mandatory=True) conf.CHECK_FUNCS_IN('inflateInit2', 'z') + if Options.options.enable_keyring != False: + conf.env['WITH_KERNEL_KEYRING'] = 'auto' + if Options.options.enable_keyring == True: + conf.env['WITH_KERNEL_KEYRING'] = True + else: + conf.env['WITH_KERNEL_KEYRING'] = False + if conf.CHECK_FOR_THIRD_PARTY(): conf.RECURSE('third_party') else: