The branch, master has been updated
via a882e861047 gitlab-ci: Fix building debian 32bit images
via 475896028b2 gitlab-ci: Move to Fedora 41
via be5531aaec7 selftest: Allow to use SHA1 with OpenSSL for selftest
via 6c619c77c9b python: Fix length of Common Name x509 attribute
from 3294fb0667d autobuild: Run the samba-minimal-smbd build jobs with
-j 2
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit a882e8610477b5c124bf4e3ec44fd7932a138ac7
Author: Andreas Schneider <[email protected]>
Date: Tue Nov 26 19:38:40 2024 +0100
gitlab-ci: Fix building debian 32bit images
Trying to pull registry-1.docker.io/i386/debian:12...
Error: creating build container: choosing an image from manifest list
docker://registry-1.docker.io/i386/debian:12: no image found in image index
for
architecture "amd64", variant "", OS "linux"
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Stefan Metzmacher <[email protected]>
Autobuild-User(master): Andreas Schneider <[email protected]>
Autobuild-Date(master): Wed Nov 27 16:32:07 UTC 2024 on atb-devel-224
commit 475896028b292d86331f51e7aa619a98d931094d
Author: Andreas Schneider <[email protected]>
Date: Wed Nov 20 15:43:13 2024 +0100
gitlab-ci: Move to Fedora 41
Python 3.13 removed the `crypt` module. I can work around it on Fedora 41,
but
we need to address this better sooner than later.
See also https://bugzilla.samba.org/show_bug.cgi?id=15756
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Stefan Metzmacher <[email protected]>
commit be5531aaec7b2332ac288b64c86ec8f8cb6c85b6
Author: Andreas Schneider <[email protected]>
Date: Wed Nov 27 11:17:27 2024 +0100
selftest: Allow to use SHA1 with OpenSSL for selftest
This is needed for samba.tests.krb5.pkinit_tests with sha1.
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Stefan Metzmacher <[email protected]>
commit 6c619c77c9bab8b659b8bffc21c3b9303c1566f2
Author: Andreas Schneider <[email protected]>
Date: Wed Nov 27 10:15:45 2024 +0100
python: Fix length of Common Name x509 attribute
File "bin/python/samba/tests/krb5/pkinit_tests.py", line 1496, in
create_certificate
x509.NameAttribute(NameOID.COMMON_NAME,
~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^
f'{cert_name}/emailAddress={cert_name}'),
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib64/python3.13/site-packages/cryptography/x509/name.py",
line 152, in __init__
raise ValueError(msg)
ValueError: Attribute's length must be >= 1 and <= 64, but it was 84
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Stefan Metzmacher <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
.gitlab-ci-main.yml | 16 ++++++++--------
bootstrap/.gitlab-ci.yml | 6 ++++--
bootstrap/config.py | 15 +++++++++++----
bootstrap/generated-dists/Vagrantfile | 10 +++++-----
bootstrap/generated-dists/debian11-32bit/Dockerfile | 2 +-
.../generated-dists/{fedora40 => fedora41}/Dockerfile | 2 +-
.../generated-dists/{fedora40 => fedora41}/bootstrap.sh | 1 +
.../generated-dists/{fedora40 => fedora41}/locale.sh | 0
.../generated-dists/{fedora40 => fedora41}/packages.yml | 1 +
bootstrap/sha1sum.txt | 2 +-
python/samba/tests/krb5/pkinit_tests.py | 3 +--
selftest/selftest.pl | 4 ++++
12 files changed, 38 insertions(+), 24 deletions(-)
rename bootstrap/generated-dists/{fedora40 => fedora41}/Dockerfile (91%)
rename bootstrap/generated-dists/{fedora40 => fedora41}/bootstrap.sh (96%)
rename bootstrap/generated-dists/{fedora40 => fedora41}/locale.sh (100%)
rename bootstrap/generated-dists/{fedora40 => fedora41}/packages.yml (98%)
Changeset truncated at 500 lines:
diff --git a/.gitlab-ci-main.yml b/.gitlab-ci-main.yml
index 8220840d741..a4bfc48d6ba 100644
--- a/.gitlab-ci-main.yml
+++ b/.gitlab-ci-main.yml
@@ -47,7 +47,7 @@ variables:
# Set this to the contents of bootstrap/sha1sum.txt
# which is generated by bootstrap/template.py --render
#
- SAMBA_CI_CONTAINER_TAG: 936722ecb26bedf6ea0acd9228963ce45ed419d4
+ SAMBA_CI_CONTAINER_TAG: d101907857587b6421907c45676497c336d45ea7
#
# We use the ubuntu2204 image as default as
# it matches what we have on atb-devel-224
@@ -66,7 +66,7 @@ variables:
SAMBA_CI_CONTAINER_IMAGE_opensuse155: opensuse155
SAMBA_CI_CONTAINER_IMAGE_rocky8: rocky8
SAMBA_CI_CONTAINER_IMAGE_centos9s: centos9s
- SAMBA_CI_CONTAINER_IMAGE_fedora40: fedora40
+ SAMBA_CI_CONTAINER_IMAGE_fedora41: fedora41
include:
# The image creation details are specified in a separate file
@@ -267,13 +267,13 @@ samba-def-build:
samba-mit-build:
extends: .shared_template_build_only
variables:
- SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_fedora40}
+ SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_fedora41}
stage: build_first
.needs_samba-mit-build:
extends: .shared_template_test_only
variables:
- SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_fedora40}
+ SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_fedora41}
needs:
- job: samba-mit-build
artifacts: true
@@ -321,7 +321,7 @@ samba:
samba-mitkrb5:
extends: .shared_template
variables:
- SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_fedora40}
+ SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_fedora41}
samba-minimal-smbd:
extends: .shared_template
@@ -391,7 +391,7 @@ samba-addc-mit-4b:
samba-fips:
extends: .shared_template
variables:
- SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_fedora40}
+ SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_fedora41}
samba-codecheck:
extends: .shared_template
@@ -672,10 +672,10 @@ centos9s-samba-o3:
variables:
SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_centos9s}
-fedora40-samba-o3:
+fedora41-samba-o3:
extends: .samba-o3-template
variables:
- SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_fedora40}
+ SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_fedora41}
#
# Keep the samba-o3 sections at the end ...
diff --git a/bootstrap/.gitlab-ci.yml b/bootstrap/.gitlab-ci.yml
index ac2b4ebed09..0b37863d35a 100644
--- a/bootstrap/.gitlab-ci.yml
+++ b/bootstrap/.gitlab-ci.yml
@@ -10,6 +10,7 @@
variables:
SAMBA_CI_IS_BROKEN_IMAGE: "no"
SAMBA_CI_TEST_JOB: "samba-o3"
+ SAMBA_CI_PLATFORM: "linux/amd64"
before_script:
# install prerequisites
- dnf install -qy diffutils
@@ -27,7 +28,7 @@
script: |
set -xueo pipefail
ci_image_name=samba-ci-${CI_JOB_NAME}
- podman build -t ${ci_image_name} --build-arg
SHA1SUM=${SAMBA_CI_CONTAINER_TAG} bootstrap/generated-dists/${CI_JOB_NAME}
+ podman build --platform ${SAMBA_CI_PLATFORM} --tag ${ci_image_name}
--build-arg SHA1SUM=${SAMBA_CI_CONTAINER_TAG}
bootstrap/generated-dists/${CI_JOB_NAME}
ci_image_path="${SAMBA_CI_CONTAINER_REGISTRY}/${ci_image_name}"
timestamp=$(date +%Y%m%d%H%M%S)
container_hash=$(podman image inspect --format='{{ .Id }}'
${ci_image_name} | cut -c 1-9)
@@ -98,13 +99,14 @@ debian11:
debian12:
extends: .build_image_template
-fedora40:
+fedora41:
extends: .build_image_template
debian11-32bit:
extends: .build_image_template
variables:
SAMBA_CI_TEST_JOB: "samba-32bit"
+ SAMBA_CI_PLATFORM: "linux/i386"
rocky8:
extends: .build_image_template
diff --git a/bootstrap/config.py b/bootstrap/config.py
index 8b2672f9ddd..e7c0a0deb51 100644
--- a/bootstrap/config.py
+++ b/bootstrap/config.py
@@ -159,6 +159,10 @@ PKGS = [
('', 'python3-libsemanage'),
('', 'python3-policycoreutils'),
+ # A copy of the `crypt` module that was removed in Python 3.13
+ # See also https://bugzilla.samba.org/show_bug.cgi?id=15756
+ ('', 'python3-crypt-r'),
+
# perl
('libparse-yapp-perl', 'perl-Parse-Yapp'),
('perl-modules', ''),
@@ -457,7 +461,7 @@ DEB_DISTS = {
}
},
'debian11-32bit': {
- 'docker_image': 'registry-1.docker.io/i386/debian:11',
+ 'docker_image': 'debian:11', # specify the platform in .gitlab-ci.yaml
'vagrant_box': 'debian/bullseye32',
'replace': {
'language-pack-en': '', # included in locales
@@ -534,6 +538,7 @@ RPM_DISTS = {
'ShellCheck': '',
'shfmt': '',
'codespell': '',
+ 'python3-crypt-r': '',
}
},
'centos9s': {
@@ -553,11 +558,12 @@ RPM_DISTS = {
'codespell': '',
'libcephfs-devel': '', # not available anymore
'curl': '', # Use installed curl-minimal
+ 'python3-crypt-r': '',
}
},
- 'fedora40': {
- 'docker_image': 'quay.io/fedora/fedora:40',
- 'vagrant_box': 'fedora/40-cloud-base',
+ 'fedora41': {
+ 'docker_image': 'quay.io/fedora/fedora:41',
+ 'vagrant_box': 'fedora/41-cloud-base',
'bootstrap': DNF_BOOTSTRAP,
'replace': {
'lsb-release': 'redhat-lsb',
@@ -581,6 +587,7 @@ RPM_DISTS = {
'keyutils-libs-devel': 'keyutils-devel',
'krb5-workstation': 'krb5-client',
'python3-libsemanage': 'python3-semanage',
+ 'python3-crypt-r': '',
'openldap-devel': 'openldap2-devel',
'perl-Archive-Tar': 'perl-Archive-Tar-Wrapper',
'perl-JSON-Parse': 'perl-JSON-XS',
diff --git a/bootstrap/generated-dists/Vagrantfile
b/bootstrap/generated-dists/Vagrantfile
index c1809cfe6b8..d4d3c29580c 100644
--- a/bootstrap/generated-dists/Vagrantfile
+++ b/bootstrap/generated-dists/Vagrantfile
@@ -45,11 +45,11 @@ Vagrant.configure("2") do |config|
v.vm.provision :shell, path: "debian12-32bit/locale.sh"
end
- config.vm.define "fedora40" do |v|
- v.vm.box = "fedora/40-cloud-base"
- v.vm.hostname = "fedora40"
- v.vm.provision :shell, path: "fedora40/bootstrap.sh"
- v.vm.provision :shell, path: "fedora40/locale.sh"
+ config.vm.define "fedora41" do |v|
+ v.vm.box = "fedora/41-cloud-base"
+ v.vm.hostname = "fedora41"
+ v.vm.provision :shell, path: "fedora41/bootstrap.sh"
+ v.vm.provision :shell, path: "fedora41/locale.sh"
end
config.vm.define "opensuse155" do |v|
diff --git a/bootstrap/generated-dists/debian11-32bit/Dockerfile
b/bootstrap/generated-dists/debian11-32bit/Dockerfile
index d0133bd41c6..90a961f5345 100644
--- a/bootstrap/generated-dists/debian11-32bit/Dockerfile
+++ b/bootstrap/generated-dists/debian11-32bit/Dockerfile
@@ -3,7 +3,7 @@
# See also bootstrap/config.py
#
-FROM registry-1.docker.io/i386/debian:11
+FROM debian:11
# pass in with --build-arg while build
ARG SHA1SUM
diff --git a/bootstrap/generated-dists/fedora40/Dockerfile
b/bootstrap/generated-dists/fedora41/Dockerfile
similarity index 91%
rename from bootstrap/generated-dists/fedora40/Dockerfile
rename to bootstrap/generated-dists/fedora41/Dockerfile
index 40f4981db12..b45f8243f32 100644
--- a/bootstrap/generated-dists/fedora40/Dockerfile
+++ b/bootstrap/generated-dists/fedora41/Dockerfile
@@ -3,7 +3,7 @@
# See also bootstrap/config.py
#
-FROM quay.io/fedora/fedora:40
+FROM quay.io/fedora/fedora:41
# pass in with --build-arg while build
ARG SHA1SUM
diff --git a/bootstrap/generated-dists/fedora40/bootstrap.sh
b/bootstrap/generated-dists/fedora41/bootstrap.sh
similarity index 96%
rename from bootstrap/generated-dists/fedora40/bootstrap.sh
rename to bootstrap/generated-dists/fedora41/bootstrap.sh
index 22d2fa89745..941f7b32185 100755
--- a/bootstrap/generated-dists/fedora40/bootstrap.sh
+++ b/bootstrap/generated-dists/fedora41/bootstrap.sh
@@ -92,6 +92,7 @@ dnf install -y \
procps-ng \
psmisc \
python3 \
+ python3-crypt-r \
python3-cryptography \
python3-dateutil \
python3-devel \
diff --git a/bootstrap/generated-dists/fedora40/locale.sh
b/bootstrap/generated-dists/fedora41/locale.sh
similarity index 100%
rename from bootstrap/generated-dists/fedora40/locale.sh
rename to bootstrap/generated-dists/fedora41/locale.sh
diff --git a/bootstrap/generated-dists/fedora40/packages.yml
b/bootstrap/generated-dists/fedora41/packages.yml
similarity index 98%
rename from bootstrap/generated-dists/fedora40/packages.yml
rename to bootstrap/generated-dists/fedora41/packages.yml
index 532ac877fdd..f00bacbd988 100644
--- a/bootstrap/generated-dists/fedora40/packages.yml
+++ b/bootstrap/generated-dists/fedora41/packages.yml
@@ -81,6 +81,7 @@ packages:
- procps-ng
- psmisc
- python3
+ - python3-crypt-r
- python3-cryptography
- python3-dateutil
- python3-devel
diff --git a/bootstrap/sha1sum.txt b/bootstrap/sha1sum.txt
index 25a8e482d2c..401c5fda44b 100644
--- a/bootstrap/sha1sum.txt
+++ b/bootstrap/sha1sum.txt
@@ -1 +1 @@
-936722ecb26bedf6ea0acd9228963ce45ed419d4
+d101907857587b6421907c45676497c336d45ea7
diff --git a/python/samba/tests/krb5/pkinit_tests.py
b/python/samba/tests/krb5/pkinit_tests.py
index dbd158b2dc2..5278d4945cf 100755
--- a/python/samba/tests/krb5/pkinit_tests.py
+++ b/python/samba/tests/krb5/pkinit_tests.py
@@ -1493,8 +1493,7 @@ class PkInitTests(KDCBaseTest):
x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, 'SambaState'),
x509.NameAttribute(NameOID.ORGANIZATION_NAME, 'SambaSelfTesting'),
x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, 'Users'),
- x509.NameAttribute(NameOID.COMMON_NAME,
- f'{cert_name}/emailAddress={cert_name}'),
+ x509.NameAttribute(NameOID.COMMON_NAME, f'{cert_name}'),
]))
# The new certificate must be issued by the root CA.
diff --git a/selftest/selftest.pl b/selftest/selftest.pl
index a0c4ec80f59..2455b75a36e 100755
--- a/selftest/selftest.pl
+++ b/selftest/selftest.pl
@@ -455,6 +455,10 @@ if ($opt_mitkrb5 == 1) {
$ENV{KRB5RCACHETYPE} = "none";
}
+# Enable support for SHA1 in OpenSSL
+# This is required e.g. for pkinit sha1 tests
+$ENV{OPENSSL_ENABLE_SHA1_SIGNATURES} = 1;
+
# After this many seconds, the server will self-terminate. All tests
# must terminate in this time, and testenv will only stay alive this
# long
--
Samba Shared Repository
