The branch, master has been updated via 1f724a9f9bb heimdal_build: Use lib/asn1/rfc2459.opt rather than hard-coded via d84c4f68f00 heimdal_build: Add C99 struct initializer in source4/heimdal_build/krb5-glue.c via 59eac15a4ff build: in SAMBA_BINARY use TO_LIST(cflags) via d62917d3d7e heimdal_build: Provide C defines showing which Kerberos library is in use via 7b4aef782cd gse_krb5: Provide keytab name in fill_mem_keytab_from_dedicated_keytab() error strings. via a1fa1f695f9 heimdal_build: check for secure_getenv via f810e9119f3 heimdal_build: Set up new build groups for the Heimdal hostcc components via 4be71c7a059 heimdal_build: Rework Heimdal warning handling from 7d0b6904cc4 docs: Improve wording, fix a typo
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 1f724a9f9bb5cf133bb21222cdc23eaad57eed85 Author: Andrew Bartlett <abart...@samba.org> Date: Tue Jun 15 15:24:17 2021 +1200 heimdal_build: Use lib/asn1/rfc2459.opt rather than hard-coded Based on patch by Stefan Metzmacher in his Heimdal upgrade branch lib/asn1/rfc2459.opt imported from lorikeet-heimdal-abartlet/lorikeet-heimdal-201107241840-plus-recent-changes which is the closest tree I could find, and matches the options being removed from the wscript_build file. Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> Autobuild-User(master): Andrew Bartlett <abart...@samba.org> Autobuild-Date(master): Tue Jun 15 23:25:27 UTC 2021 on sn-devel-184 commit d84c4f68f00d4f2b941531235d3d5ba6da73ca6f Author: Stefan Metzmacher <me...@samba.org> Date: Fri Nov 22 16:01:07 2019 +0100 heimdal_build: Add C99 struct initializer in source4/heimdal_build/krb5-glue.c This avoids uninitiliased structure members in this dummy structure we include to avoid including more of Heimdal. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 59eac15a4ff17cdb52b2b28b120e3fee4b085b68 Author: Stefan Metzmacher <me...@samba.org> Date: Fri Nov 22 16:11:41 2019 +0100 build: in SAMBA_BINARY use TO_LIST(cflags) This avoids unfortunate issues when the cflags is already a list, as then -fPIC becomes ['-f', 'P', 'I', 'C']. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit d62917d3d7eeb9c5782d7230a4012b5a9235154f Author: Stefan Metzmacher <me...@samba.org> Date: Thu Apr 2 07:31:33 2020 +0000 heimdal_build: Provide C defines showing which Kerberos library is in use Squashed from patches by Stefan Metzmacher as part of his Heimdal update branch Signed-off-by: Andrew Bartlett <abart...@samba.org> Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit 7b4aef782cdc8d801b91a2538a942a4e5bab4f94 Author: Andrew Bartlett <abart...@samba.org> Date: Mon Sep 25 15:18:34 2017 +1300 gse_krb5: Provide keytab name in fill_mem_keytab_from_dedicated_keytab() error strings. Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit a1fa1f695f9387880218440b5787fd98396f107d Author: Andrew Bartlett <abart...@samba.org> Date: Tue Sep 26 12:01:37 2017 +1300 heimdal_build: check for secure_getenv Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit f810e9119f3862bf238297f82940420c5bd2df4a Author: Andrew Bartlett <abart...@samba.org> Date: Tue Jun 15 13:50:48 2021 +1200 heimdal_build: Set up new build groups for the Heimdal hostcc components This is based on various patches by Stefan Metzmacher in the patch set for the Heimdal upgrade. Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit 4be71c7a0594fd54fbf6949df49973cd4f9eabe8 Author: Andrew Bartlett <abart...@samba.org> Date: Mon Jun 14 11:14:06 2021 +1200 heimdal_build: Rework Heimdal warning handling If we have all the right -Wno-error flags then we can enable warnings more generally, otherwise just set -Wno-strict-overflow (if available) Adapted from patches by Stefan Metzmacher <me...@samba.org> in his branch to update Heimdal. Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> ----------------------------------------------------------------------- Summary of changes: buildtools/wafsamba/wafsamba.py | 14 +++--- lib/replace/wscript | 2 +- source3/librpc/crypto/gse_krb5.c | 7 ++- source4/heimdal/lib/asn1/rfc2459.opt | 6 +++ source4/heimdal_build/krb5-glue.c | 18 +------- source4/heimdal_build/wscript_build | 80 ++++++++++++++++----------------- source4/heimdal_build/wscript_configure | 13 ++++-- wscript_configure_embedded_heimdal | 1 + wscript_configure_system_heimdal | 2 + wscript_configure_system_mitkrb5 | 1 + 10 files changed, 74 insertions(+), 70 deletions(-) create mode 100644 source4/heimdal/lib/asn1/rfc2459.opt Changeset truncated at 500 lines: diff --git a/buildtools/wafsamba/wafsamba.py b/buildtools/wafsamba/wafsamba.py index 9c8aa36d61c..4fe9daf160e 100644 --- a/buildtools/wafsamba/wafsamba.py +++ b/buildtools/wafsamba/wafsamba.py @@ -408,10 +408,10 @@ def SAMBA_BINARY(bld, binname, source, subsystem_group = group # only specify PIE flags for binaries - pie_cflags = cflags + pie_cflags = TO_LIST(cflags) pie_ldflags = TO_LIST(ldflags) if bld.env['ENABLE_PIE'] is True: - pie_cflags += ' -fPIE' + pie_cflags.extend(TO_LIST('-fPIE')) pie_ldflags.extend(TO_LIST('-pie')) if bld.env['ENABLE_RELRO'] is True: pie_ldflags.extend(TO_LIST('-Wl,-z,relro,-z,now')) @@ -717,13 +717,13 @@ def SETUP_BUILD_GROUPS(bld): bld.p_ln = bld.srcnode # we do want to see all targets! bld.env['USING_BUILD_GROUPS'] = True bld.add_group('setup') - bld.add_group('build_compiler_source') + bld.add_group('generators') + bld.add_group('hostcc_base_build_source') + bld.add_group('hostcc_base_build_main') + bld.add_group('hostcc_build_source') + bld.add_group('hostcc_build_main') bld.add_group('vscripts') bld.add_group('base_libraries') - bld.add_group('generators') - bld.add_group('compiler_prototypes') - bld.add_group('compiler_libraries') - bld.add_group('build_compilers') bld.add_group('build_source') bld.add_group('prototypes') bld.add_group('headers') diff --git a/lib/replace/wscript b/lib/replace/wscript index dac3042bb65..5d6324ef619 100644 --- a/lib/replace/wscript +++ b/lib/replace/wscript @@ -870,7 +870,7 @@ def build(bld): REPLACE_HOSTCC_SOURCE, use_hostcc=True, use_global_deps=False, - group='compiler_libraries', + group='hostcc_base_build_main', deps = extra_libs ) diff --git a/source3/librpc/crypto/gse_krb5.c b/source3/librpc/crypto/gse_krb5.c index e1319fc8329..804247e784d 100644 --- a/source3/librpc/crypto/gse_krb5.c +++ b/source3/librpc/crypto/gse_krb5.c @@ -497,7 +497,8 @@ static krb5_error_code fill_mem_keytab_from_dedicated_keytab(krb5_context krbctx ret = smb_krb5_kt_open(krbctx, lp_dedicated_keytab_file(), false, &keytab); if (ret) { - DEBUG(1, ("smb_krb5_kt_open failed (%s)\n", + DEBUG(1, ("smb_krb5_kt_open of %s failed (%s)\n", + lp_dedicated_keytab_file(), error_message(ret))); return ret; } @@ -508,7 +509,9 @@ static krb5_error_code fill_mem_keytab_from_dedicated_keytab(krb5_context krbctx ret = krb5_kt_start_seq_get(krbctx, keytab, &kt_cursor); if (ret) { - DEBUG(1, (__location__ ": krb5_kt_start_seq_get failed (%s)\n", + DEBUG(1, (__location__ ": krb5_kt_start_seq_get on %s " + "failed (%s)\n", + lp_dedicated_keytab_file(), error_message(ret))); goto out; } diff --git a/source4/heimdal/lib/asn1/rfc2459.opt b/source4/heimdal/lib/asn1/rfc2459.opt new file mode 100644 index 00000000000..d3afc673943 --- /dev/null +++ b/source4/heimdal/lib/asn1/rfc2459.opt @@ -0,0 +1,6 @@ +--preserve-binary=TBSCertificate +--preserve-binary=TBSCRLCertList +--preserve-binary=Name +--sequence=GeneralNames +--sequence=Extensions +--sequence=CRLDistributionPoints diff --git a/source4/heimdal_build/krb5-glue.c b/source4/heimdal_build/krb5-glue.c index 66320dce869..4653f637dd6 100644 --- a/source4/heimdal_build/krb5-glue.c +++ b/source4/heimdal_build/krb5-glue.c @@ -22,20 +22,6 @@ #include "heimdal/lib/krb5/krb5_locl.h" const krb5_cc_ops krb5_scc_ops = { - KRB5_CC_OPS_VERSION, - "_NOTSUPPORTED_SDB", - NULL, /* scc_retrieve */ - NULL, /* scc_get_principal */ - NULL, /* scc_get_first */ - NULL, /* scc_get_next */ - NULL, /* scc_end_get */ - NULL, /* scc_remove_cred */ - NULL, /* scc_set_flags */ - NULL, - NULL, /* scc_get_cache_first */ - NULL, /* scc_get_cache_next */ - NULL, /* scc_end_cache_get */ - NULL, /* scc_move */ - NULL, /* scc_get_default_name */ - NULL /* scc_set_default */ + .version = KRB5_CC_OPS_VERSION, + .prefix = "_NOTSUPPORTED_SDB", }; diff --git a/source4/heimdal_build/wscript_build b/source4/heimdal_build/wscript_build index 3d1464b12c4..28a1fb5240d 100644 --- a/source4/heimdal_build/wscript_build +++ b/source4/heimdal_build/wscript_build @@ -146,7 +146,7 @@ def HEIMDAL_ERRTABLE(name, source): if not SET_TARGET_TYPE(bld, name, 'ET'): return - bld.set_group('build_source') + bld.set_group('hostcc_build_source') out_files = [] out_files.append('%s.c' % bname) @@ -212,7 +212,7 @@ def HEIMDAL_GENERATOR(name, rule, source='', target='', name=name) -def HEIMDAL_LIBRARY(libname, source, deps, vnum, version_script, includes=''): +def HEIMDAL_LIBRARY(libname, source, deps, vnum, version_script, includes='', cflags=[]): '''define a Heimdal library''' obj_target = libname + '.objlist' @@ -224,6 +224,7 @@ def HEIMDAL_LIBRARY(libname, source, deps, vnum, version_script, includes=''): source = source, deps = deps, includes = includes, + cflags = cflags, group = 'main') if not SET_TARGET_TYPE(bld, libname, "LIBRARY"): @@ -262,6 +263,20 @@ def HEIMDAL_LIBRARY(libname, source, deps, vnum, version_script, includes=''): version_script = heimdal_path(version_script, absolute=True), ) +def HEIMDAL_CFLAGS(use_hostcc=False, extra_cflags=[]): + cflags_unpicky=[] + + if not bld.env.enable_heimdal_warnings: + cflags_unpicky += bld.env.HEIMDAL_UNPICKY_WNO_STRICT_OVERFLOW_CFLAGS + # old compilers on centos7 or ubuntu1604 need this + + allow_warnings = bld.env.allow_heimdal_warnings + cflags_picky = bld.env.HEIMDAL_NO_ERROR_CFLAGS + extra_cflags=TO_LIST(extra_cflags) + + cflags = '' + cflags_end = cflags_picky + cflags_unpicky + extra_cflags + return (cflags, cflags_end, allow_warnings) def HEIMDAL_SUBSYSTEM(modname, source, deps='', @@ -272,37 +287,20 @@ def HEIMDAL_SUBSYSTEM(modname, source, use_global_deps=True): '''define a Heimdal subsystem''' - if not SET_TARGET_TYPE(bld, modname, 'SUBSYSTEM'): - return - + cflags, cflags_end, allow_warnings = HEIMDAL_CFLAGS(use_hostcc=use_hostcc, + extra_cflags=cflags) source = heimdal_paths(source) - bld.set_group(group) - - # If we found the -Wno-error options we need then build without - # allowing warnings, otherwise permit them - if bld.env.enable_heimdal_warnings: - samba_cflags = CURRENT_CFLAGS(bld, modname, cflags) + \ - bld.env.HEIMDAL_PICKY_CFLAGS - else: - samba_cflags = CURRENT_CFLAGS(bld, modname, cflags, - allow_warnings=True) + \ - bld.env.HEIMDAL_UNPICKY_WNO_STRICT_OVERFLOW_CFLAGS - - return bld( - features = 'c', - source = source, - target = modname, - samba_cflags = samba_cflags, - depends_on = '', - samba_deps = TO_LIST(deps), - samba_includes = includes, - local_include = True, - local_include_first = True, - samba_use_hostcc = use_hostcc, - samba_use_global_deps = use_global_deps - ) - + bld.SAMBA_SUBSYSTEM(modname, + source = source, + deps = deps, + includes = includes, + cflags = cflags, + cflags_end = cflags_end, + allow_warnings = allow_warnings, + group = group, + use_hostcc = use_hostcc, + use_global_deps= use_global_deps) def HEIMDAL_BINARY(binname, source, deps='', @@ -316,6 +314,7 @@ def HEIMDAL_BINARY(binname, source, install_path=None): '''define a Samba binary''' + cflags, cflags_end, allow_warnings = HEIMDAL_CFLAGS(use_hostcc=use_hostcc) source = heimdal_paths(source) obj_target = binname + '.heimdal.objlist' @@ -334,6 +333,8 @@ def HEIMDAL_BINARY(binname, source, deps = obj_target, includes = includes, cflags = cflags, + cflags_end = cflags_end, + allow_warnings = allow_warnings, group = group, use_hostcc = use_hostcc, use_global_deps= use_global_deps, @@ -353,7 +354,7 @@ if not bld.CONFIG_SET('USING_SYSTEM_ROKEN'): if not bld.CONFIG_SET('HAVE_ERR_H'): HEIMDAL_GENERATOR( - group='build_compiler_source', + group='hostcc_base_build_source', name="HEIMDAL_ERR_H", rule="rm -f ${TGT} && ln ${SRC} ${TGT}", source = '../heimdal/lib/roken/err.hin', @@ -415,7 +416,7 @@ if not bld.CONFIG_SET('USING_SYSTEM_ROKEN'): use_hostcc=True, use_global_deps=False, includes='../heimdal/lib/roken ../heimdal/include ../heimdal_build/include', - group='compiler_libraries', + group='hostcc_base_build_main', deps='LIBREPLACE_HOSTCC', ) @@ -679,13 +680,13 @@ if not bld.CONFIG_SET("USING_SYSTEM_ASN1"): HEIMDAL_AUTOPROTO('lib/asn1/der-protos.h', HEIMDAL_HEIM_ASN1_DER_SOURCE, - group = 'compiler_prototypes', + group='hostcc_build_source', options="-q -P comment -o") HEIMDAL_AUTOPROTO('lib/asn1/der-private.h', HEIMDAL_HEIM_ASN1_DER_SOURCE, - group = 'compiler_prototypes', + group='hostcc_build_source', options="-q -P comment -p") HEIMDAL_ERRTABLE('HEIMDAL_ASN1_ERR_ET', 'lib/asn1/asn1_err.et') @@ -703,7 +704,7 @@ if not bld.CONFIG_SET("USING_SYSTEM_ASN1"): HEIMDAL_ASN1('HEIMDAL_RFC2459_ASN1', 'lib/asn1/rfc2459.asn1', - options='--preserve-binary=TBSCertificate --preserve-binary=TBSCRLCertList --preserve-binary=Name --sequence=GeneralNames --sequence=Extensions --sequence=CRLDistributionPoints', + option_file='lib/asn1/rfc2459.opt', directory='lib/asn1' ) @@ -893,14 +894,13 @@ if not bld.CONFIG_SET('USING_SYSTEM_COM_ERR'): HEIMDAL_SUBSYSTEM('HEIMDAL_VERS_HOSTCC', 'lib/vers/print_version.c ../heimdal_build/version.c', - group='build_compilers', + group='hostcc_base_build_main', deps='LIBREPLACE_HOSTCC ROKEN_HOSTCC', use_global_deps=False, use_hostcc=True) HEIMDAL_SUBSYSTEM('HEIMDAL_VERS', 'lib/vers/print_version.c ../heimdal_build/version.c', - group='build_compilers', deps='roken replace') @@ -915,7 +915,7 @@ if not bld.CONFIG_SET('USING_SYSTEM_ASN1_COMPILE'): use_hostcc=True, use_global_deps=False, includes='../heimdal/lib/asn1', - group='build_compilers', + group='hostcc_build_main', deps='ROKEN_HOSTCC LIBREPLACE_HOSTCC HEIMDAL_VERS_HOSTCC', install=False ) @@ -928,7 +928,7 @@ if not bld.CONFIG_SET('USING_SYSTEM_COMPILE_ET'): use_hostcc=True, use_global_deps=False, includes='../heimdal/lib/com_err', - group='build_compilers', + group='hostcc_base_build_main', deps='ROKEN_HOSTCC LIBREPLACE_HOSTCC HEIMDAL_VERS_HOSTCC', install=False ) diff --git a/source4/heimdal_build/wscript_configure b/source4/heimdal_build/wscript_configure index 049ea27b5d5..3978d38c1a3 100644 --- a/source4/heimdal_build/wscript_configure +++ b/source4/heimdal_build/wscript_configure @@ -25,7 +25,8 @@ conf.CHECK_HEADERS('''crypt.h errno.h inttypes.h netdb.h signal.h sys/bswap.h conf.CHECK_HEADERS('curses.h term.h termcap.h', together=True) conf.CHECK_FUNCS('''atexit cgetent getprogname setprogname gethostname - putenv rcmd readv sendmsg setitimer strlwr strncasecmp + putenv rcmd readv secure_getenv + sendmsg setitimer strlwr strncasecmp strptime strsep strsep_copy strtok_r strupr swab umask uname unsetenv closefrom err warn errx warnx flock writev''') @@ -76,18 +77,22 @@ heimdal_no_error_flags = ['-Wno-error=discarded-qualifiers', '-Wno-error=unused-variable', '-Wno-error=unused-result'] for flag in heimdal_no_error_flags: - conf.ADD_NAMED_CFLAGS('HEIMDAL_PICKY_CFLAGS', + conf.ADD_NAMED_CFLAGS('HEIMDAL_NO_ERROR_CFLAGS', flag, testflags=True) -if len(bld.env.HEIMDAL_PICKY_CFLAGS) == len(heimdal_no_error_flags): - conf.env.enable_heimdal_warnings = True +if len(bld.env.HEIMDAL_NO_ERROR_CFLAGS) == len(heimdal_no_error_flags): + Logs.info("Most warnings in Heimdal code will " + "error due to -Werror (good)") else: + conf.env.allow_heimdal_warnings = True # Needed on CentOS 7 and Ubuntu 16.04 only for Bison generated # files when we are not doing strict warnings -> errors conf.ADD_NAMED_CFLAGS('HEIMDAL_UNPICKY_WNO_STRICT_OVERFLOW_CFLAGS', '-Wno-strict-overflow', testflags=True) + Logs.info("Allowing warnings in Heimdal code as this compiler does " + "not support enough -Wno-error flags (bad)") conf.DEFINE('SAMBA4_USES_HEIMDAL', 1) diff --git a/wscript_configure_embedded_heimdal b/wscript_configure_embedded_heimdal index 81cfd856c59..1c7801f705e 100644 --- a/wscript_configure_embedded_heimdal +++ b/wscript_configure_embedded_heimdal @@ -4,4 +4,5 @@ if not conf.env['FLEX']: if not conf.env['BISON']: conf.fatal("Embedded Heimdal build requires bison but it was not found. Install bison or use --with-system-mitkrb5 or --with-system-heimdalkrb5") +conf.define('USING_EMBEDDED_HEIMDAL', 1) conf.RECURSE('source4/heimdal_build') diff --git a/wscript_configure_system_heimdal b/wscript_configure_system_heimdal index 235fa1912b7..67d8804d0ff 100644 --- a/wscript_configure_system_heimdal +++ b/wscript_configure_system_heimdal @@ -99,4 +99,6 @@ finally: check_system_heimdal_binary("compile_et") check_system_heimdal_binary("asn1_compile") +conf.env.KRB5_VENDOR = 'heimdal' conf.define('USING_SYSTEM_KRB5', 1) +conf.define('USING_SYSTEM_HEIMDAL', 1) diff --git a/wscript_configure_system_mitkrb5 b/wscript_configure_system_mitkrb5 index b0bf2a8b40d..f971194c2cd 100644 --- a/wscript_configure_system_mitkrb5 +++ b/wscript_configure_system_mitkrb5 @@ -79,6 +79,7 @@ if conf.env.KRB5_CONFIG: if parse_version(krb5_version) < parse_version('1.18'): conf.DEFINE('HAVE_MIT_KRB5_PRE_1_18', 1) + conf.define('USING_SYSTEM_MITKRB5', '"%s"' % krb5_version) conf.CHECK_CFG(args="--cflags --libs", package="com_err", uselib_store="com_err") conf.CHECK_FUNCS_IN('_et_list', 'com_err') -- Samba Shared Repository