[Pkg-samba-maint] Packaging Samba 4.2 in Debian
jelmer at debian.org
Sat May 9 23:52:13 UTC 2015
On Sun, Apr 26, 2015 at 11:28:06PM +1200, Andrew Bartlett wrote:
> On Sat, 2015-04-25 at 21:26 +0000, Jelmer Vernooij wrote:
> > With (almost) jessie out of the door, I've had a look at packaging
> > Samba 4.2 for Sid today.
> > There appear to be a number of issues currently preventing 4.2 from
> > being uploaded:
> > * Samba 4.2 includes ctdb, rather than supporting system versions *
> > (https://lists.samba.org/archive/samba-technical/2014-October/103189.html)
> > With Samba being the origin of the latest ctdb release, do we want to keep
> > shipping standalone ctdb packages?
> > No other packages in the archive currently depend on it, and with
> > the recent changes Samba can no longer use it.
> > * Samba 4.2 uses a patched Heimdal, with changes that are neither
> > upstream nor in the Heimdal Debian package *
> > The skew between Samba's copy of Heimdal and upstream Heimdal has been
> > frustrating me for a long time. Getting the right changes upstreamed
> > and then packaged in Debian takes up a lot of time and has caused
> > complications.
> > For example, we're currently shipping a rc of Heimdal 1.6 in Debian to
> > allow building of Samba, rather than a stable version of Heimdal. This
> > in turn has meant that we've run into several bugs that were newly
> > introduced in Heimdal 1.6. 
> > At this point, I'm inclined to just use the bundled Heimdal. We could
> > reconsider this when (if?) Samba starts supporting MIT Kerberos .
> > Thoughts?
> The required steps are to, for git master (which has better tests):
> - Ensure 'make test' passes against a system heimdal (built from
> current lorikeet-heimdal)
> - Then get 'make test' to pass against the proposed system Heimdal
> - Add in a runtime check for correct password lockout behaviour.
> I think a required part of this will actually be to finish the work to
> upgrade Heimdal in Samba. This is not a small task. I *may* be able to
> look at this before SambaXP, if not then at least around then we can
> examine the (lack of) progress so far.
Andrew and I discussed this in person today.
At least for the moment, we'd like to switch the Samba package to use the
bundled Heimdal. This is because:
* regressions tend to be subtle and we are now running an untested
Heimdal/Samba pair (not tested manually or automated)
* we've had a number of bugs because changes had not yet
landed in Debian's Heimdal package (Debian's Heimdal package follows the
1.6 branch, not master - unlike Samba's bundled copy of Heimdal)
* we've had to package an unreleased version of Heimdal,
which is also not ideal.
* the APIs in Heimdal that Samba relies on are semi-public and
in practice they've changed under us between snapshots
While compiling a copy of a Kerberos implementation into Samba is not
ideal, we think this is the only sensible option at the moment.
We can re-evaluate this and reconsider when:
* The changes to Samba's Heimdal land upstream
* The changes required for Samba end up in a Heimdal release we can
package in Debian
* We find a good way to regression test the Samba+Heimdal
combination from the Debian packages (e.g. using
Jelmer Vernooij <jelmer at samba.org> - https://jelmer.uk/
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 473 bytes
Desc: Digital signature
More information about the Pkg-samba-maint