New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
samba: 4.12.6 -> 4.13.0 #99059
samba: 4.12.6 -> 4.13.0 #99059
Conversation
Previously, `vfs_snapper` was only built if `dbus` was found. Now, `vfs_snapper` is enabled by default (on Linux) and it requires dbus to be available: ``` Checking for dbus: not found vfs_snapper is enabled but prerequisite dbus-1 package not found. Use --with-shared-modules=!vfs_snapper to disable vfs_snapper support. ``` We could pass `--with-shared-modules=!vfs_snapper` to disable it, but currently pass `--with-shared-modules=ALL`, so add dbus as a dependency instead.
I was able to successfully |
Change looks good, I can however not really test it or my customers get sad ;) Is this relevant for backporting due to security stuff? |
Nothing in https://www.samba.org/samba/history/samba-4.13.0.html looked super relevant security-wise, there appear to be a few fixes around CVE-2020-1472 but mostly in tests or for the code path where folks explicitly disable the mitigation in their config (?), so don't think it needs a backport specifically. I generally find samba to be something you always want to be running the latest version of given the many CVEs it has had, as compared to something like openssh which is much more reasonable to run a staler version of, so like to stay on top of patches. |
I don't use any of the AD bits myself FWIW, so if that's something you're interested in ensuring stays working it would definitely be nice to get added to the nixos test! |
My idea for the backport (cc @ajs124) was to have the most recent samba version available when 20.09 releases. Especially with ADs (in my case at least), I find it unwise to do Samba updates mid-release so it's probably a good idea to bump the package as far as possible before the release is done. |
The build and test in nixpkgs still pass, although that doesn't do any AD stuff, right? |
Yeah, I got the hint… Imma try to build it |
Result of 17 packages marked as broken and skipped:- almanah - atom - atom-beta - gnome-recipes - gnome3.nautilus-python - kodiPlugins.inputstream-adaptive - kodiPlugins.joystick - kodiPlugins.pvr-hdhomerun - kodiPlugins.pvr-hts - kodiPlugins.pvr-iptvsimple - kodiPlugins.steam-controller - kodiPlugins.vfs-libarchive - kodiPlugins.vfs-sftp - pympress - python27Packages.python-vlc - python37Packages.python-vlc - python38Packages.python-vlc 6 packages failed to build:- enum4linux - python27Packages.pysmbc - python37Packages.pysmbc - python38Packages.pysmbc - samba (samba4) - sambaFull (samba4Full) |
|
Thanks! Sucks that it doesn't build though, because the current release seems to build on hydra. |
Lemme check ;) |
Doesn't build on master either, maybe my mac is broken? :D
|
Weird. These are the hydra links I looked at:
cc @NixOS/darwin-maintainers |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tested and no issues found on NixOS
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Version 4.13.2 is out with several bugfixes: https://www.samba.org/samba/history/samba-4.13.2.html
@@ -42,11 +43,11 @@ with stdenv.lib; | |||
|
|||
stdenv.mkDerivation rec { | |||
pname = "samba"; | |||
version = "4.12.6"; | |||
version = "4.13.0"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
version = "4.13.0"; | |
version = "4.13.2"; |
|
||
src = fetchurl { | ||
url = "mirror://samba/pub/samba/stable/${pname}-${version}.tar.gz"; | ||
sha256 = "1v3cmw40csmi3jd8mhlx4bm7bk4m0426zkyin7kq11skwnsrna02"; | ||
sha256 = "1xp7mmy5a892g5c56n7zz3l2kbgyrqn3y50lqq5aa2nvx2p547gi"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sha256 = "1xp7mmy5a892g5c56n7zz3l2kbgyrqn3y50lqq5aa2nvx2p547gi"; | |
sha256 = "1d7j79c8aggwiv90y2q1yz63d9p5n4paq0fsbdvqpn05d8wn8r17"; |
@aneeshusa ping |
Previously,
vfs_snapper
was only built ifdbus
was found.Now,
vfs_snapper
is enabled by default (on Linux)and it requires dbus to be available:
We could pass
--with-shared-modules=!vfs_snapper
to disable it,but currently pass
--with-shared-modules=ALL
,so add dbus as a dependency instead.
Motivation for this change
https://www.samba.org/samba/history/samba-4.13.0.html
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)