Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

samba: 4.12.6 -> 4.13.0 #99059

Closed
wants to merge 1 commit into from
Closed

Conversation

@aneeshusa
Copy link
Contributor

@aneeshusa aneeshusa commented Sep 29, 2020

Previously, vfs_snapper was only built if dbus was found.
Now, vfs_snapper is enabled by default (on Linux)
and it requires dbus to be available:

Checking for dbus: not found
vfs_snapper is enabled but prerequisite dbus-1 package not found. Use
--with-shared-modules=!vfs_snapper to disable vfs_snapper support.

We could pass --with-shared-modules=!vfs_snapper to disable it,
but currently pass --with-shared-modules=ALL,
so add dbus as a dependency instead.

Motivation for this change

https://www.samba.org/samba/history/samba-4.13.0.html

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.
Previously, `vfs_snapper` was only built if `dbus` was found.
Now, `vfs_snapper` is enabled by default (on Linux)
and it requires dbus to be available:
```
Checking for dbus: not found
vfs_snapper is enabled but prerequisite dbus-1 package not found. Use
--with-shared-modules=!vfs_snapper to disable vfs_snapper support.
```

We could pass `--with-shared-modules=!vfs_snapper` to disable it,
but currently pass `--with-shared-modules=ALL`,
so add dbus as a dependency instead.
@aneeshusa
Copy link
Contributor Author

@aneeshusa aneeshusa commented Sep 29, 2020

I was able to successfully nix-build nixos/tests/samba.nix on a Linux machine running sandboxed Nix.

@aneeshusa
Copy link
Contributor Author

@aneeshusa aneeshusa commented Oct 4, 2020

cc @dasJ if you want to try this out since I've seen you touch Samba things in #86002, #85362

@dasJ
Copy link
Member

@dasJ dasJ commented Oct 4, 2020

Change looks good, I can however not really test it or my customers get sad ;)
I might write a more extensive test in the future, but for now I'll just trust the samba team.

Is this relevant for backporting due to security stuff?

@aneeshusa
Copy link
Contributor Author

@aneeshusa aneeshusa commented Oct 4, 2020

Nothing in https://www.samba.org/samba/history/samba-4.13.0.html looked super relevant security-wise, there appear to be a few fixes around CVE-2020-1472 but mostly in tests or for the code path where folks explicitly disable the mitigation in their config (?), so don't think it needs a backport specifically. I generally find samba to be something you always want to be running the latest version of given the many CVEs it has had, as compared to something like openssh which is much more reasonable to run a staler version of, so like to stay on top of patches.

@aneeshusa
Copy link
Contributor Author

@aneeshusa aneeshusa commented Oct 4, 2020

I might write a more extensive test in the future, but for now I'll just trust the samba team.

I don't use any of the AD bits myself FWIW, so if that's something you're interested in ensuring stays working it would definitely be nice to get added to the nixos test!

@dasJ
Copy link
Member

@dasJ dasJ commented Oct 5, 2020

My idea for the backport (cc @ajs124) was to have the most recent samba version available when 20.09 releases. Especially with ADs (in my case at least), I find it unwise to do Samba updates mid-release so it's probably a good idea to bump the package as far as possible before the release is done.

@ajs124
Copy link
Member

@ajs124 ajs124 commented Oct 5, 2020

The build and test in nixpkgs still pass, although that doesn't do any AD stuff, right?
Since ofborg doesn't do any darwin things right now, I don't know if it still works on there, though…

@dasJ
Copy link
Member

@dasJ dasJ commented Oct 5, 2020

Yeah, I got the hint… Imma try to build it

@dasJ
Copy link
Member

@dasJ dasJ commented Oct 5, 2020

Result of nixpkgs-review pr 99059 1

17 packages marked as broken and skipped:
- almanah
- atom
- atom-beta
- gnome-recipes
- gnome3.nautilus-python
- kodiPlugins.inputstream-adaptive
- kodiPlugins.joystick
- kodiPlugins.pvr-hdhomerun
- kodiPlugins.pvr-hts
- kodiPlugins.pvr-iptvsimple
- kodiPlugins.steam-controller
- kodiPlugins.vfs-libarchive
- kodiPlugins.vfs-sftp
- pympress
- python27Packages.python-vlc
- python37Packages.python-vlc
- python38Packages.python-vlc
6 packages failed to build:
- enum4linux
- python27Packages.pysmbc
- python37Packages.pysmbc
- python38Packages.pysmbc
- samba (samba4)
- sambaFull (samba4Full)

@dasJ
Copy link
Member

@dasJ dasJ commented Oct 5, 2020

builder for '/nix/store/3a8hzlpnl3cw5aiqwkjmscgav7kmj9w6-samba-4.13.0.drv' failed with exit code 2; last 10 log lines:
          ~~  ^
  ../../source3/libsmb/libsmb_stat.c:116:6: error: no member named 'st_mtim' in 'struct stat'
          st->st_mtim = stex->st_ex_mtime;
          ~~  ^
  6 errors generated.

  Waf: Leaving directory `/private/var/folders/w6/lfmbqhj93sz3vsx1zxtktjj0000111/T/nix-build-samba-4.13.0.drv-0/samba-4.13.0/bin/default'
  Build failed
   -> task in 'smbclient.objlist' failed with exit status 1 (run with -v to display more information)
  make: *** [Makefile:7: all] Error 1
cannot build derivation '/nix/store/kwxdiq6zl9n2bvd0nsw9fg1rqcvhav41-enum4linux-0.8.9.drv': 1 dependencies couldn't be built
cannot build derivation '/nix/store/5gfcl990chx6m6y94dc2vsrqq50ajwc0-python2.7-pysmbc-1.0.21.drv': 1 dependencies couldn't be built
cannot build derivation '/nix/store/31q5i5iirnv5fhmy0jbdadg12rmpfxkn-python3.7-pysmbc-1.0.21.drv': 1 dependencies couldn't be built
cannot build derivation '/nix/store/8pg83k9ad8f3v8fsdx77615fj5rpwz96-python3.8-pysmbc-1.0.21.drv': 1 dependencies couldn't be built
builder for '/nix/store/56h7kgw14388d9awr6kh9hm26gnr3x2p-samba-4.13.0.drv' failed with exit code 2; last 10 log lines:
          ~~  ^
  ../../source3/libsmb/libsmb_stat.c:116:6: error: no member named 'st_mtim' in 'struct stat'
          st->st_mtim = stex->st_ex_mtime;
          ~~  ^
  6 errors generated.

  Waf: Leaving directory `/private/var/folders/w6/lfmbqhj93sz3vsx1zxtktjj0000111/T/nix-build-samba-4.13.0.drv-0/samba-4.13.0/bin/default'
  Build failed
   -> task in 'smbclient.objlist' failed with exit status 1 (run with -v to display more information)
  make: *** [Makefile:7: all] Error 1
cannot build derivation '/nix/store/x3mxr3kv4183na4kqjgi979nf76szzhp-env.drv': 6 dependencies couldn't be built
[1 built (2 failed), 205 copied (1044.2 MiB), 201.2 MiB DL]
error: build of '/nix/store/x3mxr3kv4183na4kqjgi979nf76szzhp-env.drv' failed

@ajs124
Copy link
Member

@ajs124 ajs124 commented Oct 5, 2020

Thanks! Sucks that it doesn't build though, because the current release seems to build on hydra.

@dasJ
Copy link
Member

@dasJ dasJ commented Oct 5, 2020

Lemme check ;)

@dasJ
Copy link
Member

@dasJ dasJ commented Oct 5, 2020

Doesn't build on master either, maybe my mac is broken? :D

../../lib/util/util_paths.c:71:11: error: use of undeclared identifier 'NSS_BUFLEN_PASSWD'
        char buf[NSS_BUFLEN_PASSWD] = {0};
                 ^
../../lib/util/util_paths.c:74:39: error: use of undeclared identifier 'NSS_BUFLEN_PASSWD'
        rc = getpwuid_r(getuid(), &pwd, buf, NSS_BUFLEN_PASSWD, &pwdbuf);
                                             ^
2 errors generated.

Waf: Leaving directory `/private/var/folders/w6/lfmbqhj93sz3vsx1zxtktjj0000111/T/nix-build-samba-4.12.5.drv-0/samba-4.12.5/bin/default'
Build failed
 -> task in 'samba-util.objlist' failed with exit status 1 (run with -v to display more information)
make: *** [Makefile:7: all] Error 1
builder for '/nix/store/r6iyqq24d1a2vca8mnrslvxw053yp1z8-samba-4.12.5.drv' failed with exit code 2
error: build of '/nix/store/r6iyqq24d1a2vca8mnrslvxw053yp1z8-samba-4.12.5.drv' failed

@ajs124
Copy link
Member

@ajs124 ajs124 commented Oct 5, 2020

bachp
bachp approved these changes Oct 14, 2020
Copy link
Member

@bachp bachp left a comment

Tested and no issues found on NixOS

Copy link
Member

@bachp bachp left a comment

Version 4.13.2 is out with several bugfixes: https://www.samba.org/samba/history/samba-4.13.2.html

@@ -42,11 +43,11 @@ with stdenv.lib;

stdenv.mkDerivation rec {
pname = "samba";
version = "4.12.6";
version = "4.13.0";
Copy link
Member

@bachp bachp Nov 17, 2020

Suggested change
version = "4.13.0";
version = "4.13.2";


src = fetchurl {
url = "mirror://samba/pub/samba/stable/${pname}-${version}.tar.gz";
sha256 = "1v3cmw40csmi3jd8mhlx4bm7bk4m0426zkyin7kq11skwnsrna02";
sha256 = "1xp7mmy5a892g5c56n7zz3l2kbgyrqn3y50lqq5aa2nvx2p547gi";
Copy link
Member

@bachp bachp Nov 17, 2020

Suggested change
sha256 = "1xp7mmy5a892g5c56n7zz3l2kbgyrqn3y50lqq5aa2nvx2p547gi";
sha256 = "1d7j79c8aggwiv90y2q1yz63d9p5n4paq0fsbdvqpn05d8wn8r17";

@SuperSandro2000
Copy link
Member

@SuperSandro2000 SuperSandro2000 commented Nov 23, 2020

@aneeshusa ping

@bachp bachp mentioned this pull request Nov 30, 2020
10 tasks
@aneeshusa
Copy link
Contributor Author

@aneeshusa aneeshusa commented Dec 12, 2020

Closing in favor of #105486, thanks @bachp.

@aneeshusa aneeshusa closed this Dec 12, 2020
@aneeshusa aneeshusa deleted the update-samba-to-4.13.0 branch Dec 12, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

5 participants