selftest: Show that 'allow trusted domains = no' firewalls Unix User|Group
[Samba.git] / wscript
blob95ddd9ef5ba3f5fd4f6e181047eba5537ab452a5
1 #!/usr/bin/env python
3 top = '.'
4 out = 'bin'
6 APPNAME='samba'
7 VERSION=None
9 import sys, os, tempfile
10 sys.path.insert(0, top+"/buildtools/wafsamba")
11 import shutil
12 import wafsamba, samba_dist, samba_git, samba_version, samba_utils
13 from waflib import Options, Scripting, Logs, Context, Errors
14 from waflib.Tools import bison
16 samba_dist.DIST_DIRS('.')
17 samba_dist.DIST_BLACKLIST('.gitignore .bzrignore source4/selftest/provisions')
19 # install in /usr/local/samba by default
20 default_prefix = Options.default_prefix = '/usr/local/samba'
22 # This callback optionally takes a list of paths as arguments:
23 # --with-system_mitkrb5 /path/to/krb5 /another/path
24 def system_mitkrb5_callback(option, opt, value, parser):
25 setattr(parser.values, option.dest, True)
26 value = []
27 for arg in parser.rargs:
28 # stop on --foo like options
29 if arg[:2] == "--" and len(arg) > 2:
30 break
31 value.append(arg)
32 if len(value)>0:
33 del parser.rargs[:len(value)]
34 setattr(parser.values, option.dest, value)
36 def options(opt):
37 opt.BUILTIN_DEFAULT('NONE')
38 opt.PRIVATE_EXTENSION_DEFAULT('samba4')
39 opt.RECURSE('lib/replace')
40 opt.RECURSE('dynconfig')
41 opt.RECURSE('packaging')
42 opt.RECURSE('lib/ldb')
43 opt.RECURSE('selftest')
44 opt.RECURSE('source4/dsdb/samdb/ldb_modules')
45 opt.RECURSE('pidl')
46 opt.RECURSE('source3')
47 opt.RECURSE('lib/util')
48 opt.RECURSE('ctdb')
50 # Optional Libraries
51 # ------------------
53 # Most of the calls to opt.add_option() use default=True for the --with case
55 # To assist users and distributors to build Samba with the full feature
56 # set, the build system will abort if our dependent libraries and their
57 # header files are not found on the target system. This will mean for
58 # example, that xattr, acl and ldap headers must be installed for the
59 # default build to complete. The configure system will check for these
60 # headers, and the error message will indicate the option (such as
61 # --without-acl-support) that can be specified to skip this requirement.
63 # This will assist users and in particular distributors in building fully
64 # functional packages, while allowing those on systems truly without these
65 # facilities to continue to build Samba after careful consideration.
67 # It also ensures our container image generation in bootstrap/ is correct
68 # as otherwise a missing package there would just silently work
70 opt.samba_add_onoff_option('pthreadpool', with_name="enable", without_name="disable", default=True)
72 opt.add_option('--with-system-mitkrb5',
73 help='build Samba with system MIT Kerberos. ' +
74 'You may specify list of paths where Kerberos is installed (e.g. /usr/local /usr/kerberos) to search krb5-config',
75 action='callback', callback=system_mitkrb5_callback, dest='with_system_mitkrb5', default=False)
77 opt.add_option('--with-experimental-mit-ad-dc',
78 help='Enable the experimental MIT Kerberos-backed AD DC. ' +
79 'Note that security patches are not issued for this configuration',
80 action='store_true',
81 dest='with_experimental_mit_ad_dc',
82 default=False)
84 opt.add_option('--with-system-mitkdc',
85 help=('Specify the path to the krb5kdc binary from MIT Kerberos'),
86 type="string",
87 dest='with_system_mitkdc',
88 default=None)
90 opt.add_option('--with-system-heimdalkrb5',
91 help=('build Samba with system Heimdal Kerberos. ' +
92 'Requires --without-ad-dc' and
93 'conflicts with --with-system-mitkrb5'),
94 action='store_true',
95 dest='with_system_heimdalkrb5',
96 default=False)
98 opt.add_option('--without-ad-dc',
99 help='disable AD DC functionality (enables only Samba FS (File Server, Winbind, NMBD) and client utilities.',
100 action='store_true', dest='without_ad_dc', default=False)
102 opt.add_option('--with-pie',
103 help=("Build Position Independent Executables " +
104 "(default if supported by compiler)"),
105 action="store_true", dest='enable_pie')
106 opt.add_option('--without-pie',
107 help=("Disable Position Independent Executable builds"),
108 action="store_false", dest='enable_pie')
110 opt.add_option('--with-relro',
111 help=("Build with full RELocation Read-Only (RELRO)" +
112 "(default if supported by compiler)"),
113 action="store_true", dest='enable_relro')
114 opt.add_option('--without-relro',
115 help=("Disable RELRO builds"),
116 action="store_false", dest='enable_relro')
118 opt.add_option('--with-kernel-keyring',
119 help=('Enable kernely keyring support for credential storage ' +
120 '(default if keyutils libraries are available)'),
121 action='store_true', dest='enable_keyring')
122 opt.add_option('--without-kernel-keyring',
123 help=('Disable kernely keyring support for credential storage'),
124 action='store_false', dest='enable_keyring')
126 gr = opt.option_group('developer options')
128 opt.load('python') # options for disabling pyc or pyo compilation
129 # enable options related to building python extensions
131 opt.add_option('--with-json',
132 action='store_true', dest='with_json',
133 help=("Build with JSON support (default=True). This "
134 "requires the jansson development headers."))
135 opt.add_option('--without-json',
136 action='store_false', dest='with_json',
137 help=("Build without JSON support."))
139 opt.samba_add_onoff_option('smb1-server',
140 dest='with_smb1server',
141 help=("Build smbd with SMB1 support (default=yes)."))
143 def configure(conf):
144 version = samba_version.load_version(env=conf.env)
146 conf.DEFINE('CONFIG_H_IS_FROM_SAMBA', 1)
147 conf.DEFINE('_SAMBA_BUILD_', version.MAJOR, add_to_cflags=True)
148 conf.DEFINE('HAVE_CONFIG_H', 1, add_to_cflags=True)
150 if Options.options.developer:
151 conf.ADD_CFLAGS('-DDEVELOPER -DDEBUG_PASSWORD')
152 conf.env.DEVELOPER = True
153 # if we are in a git tree without a pre-commit hook, install a
154 # simple default.
155 # we need git for 'waf dist'
156 githooksdir = None
157 conf.find_program('git', var='GIT')
158 if 'GIT' in conf.env:
159 githooksdir = conf.CHECK_COMMAND('%s rev-parse --git-path hooks' % conf.env.GIT[0],
160 msg='Finding githooks directory',
161 define=None,
162 on_target=False)
163 if githooksdir and os.path.isdir(githooksdir):
164 pre_commit_hook = os.path.join(githooksdir, 'pre-commit')
165 if not os.path.exists(pre_commit_hook):
166 Logs.info("Installing script/git-hooks/pre-commit-hook as %s" %
167 pre_commit_hook)
168 shutil.copy(os.path.join(Context.g_module.top, 'script/git-hooks/pre-commit-hook'),
169 pre_commit_hook)
171 conf.ADD_EXTRA_INCLUDES('#include/public #source4 #lib #source4/lib #source4/include #include #lib/replace')
173 conf.env.replace_add_global_pthread = True
174 conf.RECURSE('lib/replace')
176 conf.RECURSE('examples/fuse')
177 conf.RECURSE('examples/winexe')
179 conf.SAMBA_CHECK_PERL(mandatory=True)
180 conf.find_program('xsltproc', var='XSLTPROC')
182 if conf.env.disable_python:
183 if not (Options.options.without_ad_dc):
184 raise Errors.WafError('--disable-python requires --without-ad-dc')
186 conf.SAMBA_CHECK_PYTHON()
187 conf.SAMBA_CHECK_PYTHON_HEADERS()
189 if sys.platform == 'darwin' and not conf.env['HAVE_ENVIRON_DECL']:
190 # Mac OSX needs to have this and it's also needed that the python is compiled with this
191 # otherwise you face errors about common symbols
192 if not conf.CHECK_SHLIB_W_PYTHON("Checking if -fno-common is needed"):
193 conf.ADD_CFLAGS('-fno-common')
194 if not conf.CHECK_SHLIB_W_PYTHON("Checking if -undefined dynamic_lookup is not need"):
195 conf.env.append_value('cshlib_LINKFLAGS', ['-undefined', 'dynamic_lookup'])
197 if sys.platform == 'darwin':
198 conf.ADD_LDFLAGS('-framework CoreFoundation')
200 conf.RECURSE('dynconfig')
201 conf.RECURSE('selftest')
203 conf.PROCESS_SEPARATE_RULE('system_gnutls')
205 conf.CHECK_CFG(package='zlib', minversion='1.2.3',
206 args='--cflags --libs',
207 mandatory=True)
208 conf.CHECK_FUNCS_IN('inflateInit2', 'z')
210 if Options.options.enable_keyring != False:
211 conf.env['WITH_KERNEL_KEYRING'] = 'auto'
212 if Options.options.enable_keyring == True:
213 conf.env['WITH_KERNEL_KEYRING'] = True
214 else:
215 conf.env['WITH_KERNEL_KEYRING'] = False
217 if conf.CHECK_FOR_THIRD_PARTY():
218 conf.RECURSE('third_party')
219 else:
221 if not conf.CHECK_POPT():
222 raise Errors.WafError('popt development packages have not been found.\nIf third_party is installed, check that it is in the proper place.')
223 else:
224 conf.define('USING_SYSTEM_POPT', 1)
226 if not conf.CHECK_CMOCKA():
227 raise Errors.WafError('cmocka development packages has not been found.\nIf third_party is installed, check that it is in the proper place.')
228 else:
229 conf.define('USING_SYSTEM_CMOCKA', 1)
231 if conf.CONFIG_GET('ENABLE_SELFTEST'):
232 if not conf.CHECK_SOCKET_WRAPPER():
233 raise Errors.WafError('socket_wrapper package has not been found.\nIf third_party is installed, check that it is in the proper place.')
234 else:
235 conf.define('USING_SYSTEM_SOCKET_WRAPPER', 1)
237 if not conf.CHECK_NSS_WRAPPER():
238 raise Errors.WafError('nss_wrapper package has not been found.\nIf third_party is installed, check that it is in the proper place.')
239 else:
240 conf.define('USING_SYSTEM_NSS_WRAPPER', 1)
242 if not conf.CHECK_RESOLV_WRAPPER():
243 raise Errors.WafError('resolv_wrapper package has not been found.\nIf third_party is installed, check that it is in the proper place.')
244 else:
245 conf.define('USING_SYSTEM_RESOLV_WRAPPER', 1)
247 if not conf.CHECK_UID_WRAPPER():
248 raise Errors.WafError('uid_wrapper package has not been found.\nIf third_party is installed, check that it is in the proper place.')
249 else:
250 conf.define('USING_SYSTEM_UID_WRAPPER', 1)
252 if not conf.CHECK_PAM_WRAPPER():
253 raise Errors.WafError('pam_wrapper package has not been found.\nIf third_party is installed, check that it is in the proper place.')
254 else:
255 conf.define('USING_SYSTEM_PAM_WRAPPER', 1)
257 conf.RECURSE('lib/ldb')
259 if conf.CHECK_LDFLAGS(['-Wl,--wrap=test']):
260 conf.env['HAVE_LDWRAP'] = True
261 conf.define('HAVE_LDWRAP', 1)
263 if not (Options.options.without_ad_dc):
264 conf.DEFINE('AD_DC_BUILD_IS_ENABLED', 1)
266 # Check for flex before doing the embedded heimdal checks so we can bail if we don't have it.
267 Logs.info("Checking for flex")
268 conf.find_program('flex', var='FLEX')
269 if conf.env['FLEX']:
270 conf.CHECK_COMMAND('%s --version' % conf.env.FLEX[0],
271 msg='Using flex version',
272 define=None,
273 on_target=False)
274 conf.env.FLEXFLAGS = ['-t']
276 # #line statements in these generated files cause issues for lcov
277 conf.env.FLEXFLAGS += ["--noline"]
279 Logs.info("Checking for bison")
280 bison.configure(conf)
281 if conf.env['BISON']:
282 conf.CHECK_COMMAND('%s --version | head -n1' % conf.env.BISON[0],
283 msg='Using bison version',
284 define=None,
285 on_target=False)
287 # #line statements in these generated files cause issues for lcov
288 conf.env.BISONFLAGS += ["--no-line"]
290 if Options.options.with_system_mitkrb5:
291 if not Options.options.with_experimental_mit_ad_dc and \
292 not Options.options.without_ad_dc:
293 raise Errors.WafError('The MIT Kerberos build of Samba as an AD DC ' +
294 'is experimental. Therefore '
295 '--with-system-mitkrb5 requires either ' +
296 '--with-experimental-mit-ad-dc or ' +
297 '--without-ad-dc')
299 conf.PROCESS_SEPARATE_RULE('system_mitkrb5')
301 if not (Options.options.without_ad_dc or Options.options.with_system_mitkrb5):
302 conf.DEFINE('AD_DC_BUILD_IS_ENABLED', 1)
304 if Options.options.with_system_heimdalkrb5:
305 if Options.options.with_system_mitkrb5:
306 raise Errors.WafError('--with-system-heimdalkrb5 conflicts with ' +
307 '--with-system-mitkrb5')
308 if not Options.options.without_ad_dc:
309 raise Errors.WafError('--with-system-heimdalkrb5 requires ' +
310 '--without-ad-dc')
311 conf.env.SYSTEM_LIBS += ('heimdal', 'asn1', 'com_err', 'roken',
312 'hx509', 'wind', 'gssapi', 'hcrypto',
313 'krb5', 'heimbase', 'asn1_compile',
314 'compile_et', 'kdc', 'hdb', 'heimntlm')
315 conf.PROCESS_SEPARATE_RULE('system_heimdal')
317 if not conf.CONFIG_GET('KRB5_VENDOR'):
318 conf.PROCESS_SEPARATE_RULE('embedded_heimdal')
320 conf.RECURSE('source4/dsdb/samdb/ldb_modules')
321 conf.RECURSE('source4/ntvfs/sysdep')
322 conf.RECURSE('lib/util')
323 conf.RECURSE('lib/util/charset')
324 conf.RECURSE('source4/auth')
325 conf.RECURSE('nsswitch')
326 conf.RECURSE('libcli/smbreadline')
327 conf.RECURSE('pidl')
328 if conf.CONFIG_GET('ENABLE_SELFTEST'):
329 if not (Options.options.without_ad_dc):
330 conf.DEFINE('WITH_NTVFS_FILESERVER', 1)
331 conf.RECURSE('testsuite/unittests')
333 if Options.options.with_pthreadpool:
334 if conf.CONFIG_SET('HAVE_PTHREAD'):
335 conf.DEFINE('WITH_PTHREADPOOL', '1')
336 else:
337 Logs.warn("pthreadpool support cannot be enabled when pthread support was not found")
338 conf.undefine('WITH_PTHREADPOOL')
340 conf.SET_TARGET_TYPE('jansson', 'EMPTY')
342 if Options.options.with_json != False:
343 if conf.CHECK_CFG(package='jansson', args='--cflags --libs',
344 msg='Checking for jansson'):
345 conf.CHECK_FUNCS_IN('json_object', 'jansson')
347 if not conf.CONFIG_GET('HAVE_JSON_OBJECT'):
348 if Options.options.with_json != False:
349 conf.fatal("Jansson JSON support not found. "
350 "Try installing libjansson-dev or jansson-devel. "
351 "Otherwise, use --without-json to build without "
352 "JSON support. "
353 "JSON support is required for the JSON "
354 "formatted audit log feature, the AD DC, and "
355 "the JSON printers of the net utility")
356 if not Options.options.without_ad_dc:
357 raise Errors.WafError('--without-json requires --without-ad-dc. '
358 'Jansson JSON library is required for '
359 'building the AD DC')
360 Logs.info("Building without Jansson JSON log support")
362 conf.RECURSE('source3')
363 conf.RECURSE('lib/texpect')
364 conf.RECURSE('lib/tsocket')
365 conf.RECURSE('python')
366 if conf.env.with_ctdb:
367 conf.RECURSE('ctdb')
368 conf.RECURSE('lib/socket')
369 conf.RECURSE('lib/mscat')
370 conf.RECURSE('packaging')
371 conf.RECURSE('lib/krb5_wrap')
373 conf.SAMBA_CHECK_UNDEFINED_SYMBOL_FLAGS()
375 # gentoo always adds this. We want our normal build to be as
376 # strict as the strictest OS we support, so adding this here
377 # allows us to find problems on our development hosts faster.
378 # It also results in faster load time.
380 if (not Options.options.address_sanitizer
381 and conf.CHECK_LDFLAGS('-Wl,--as-needed')):
382 conf.env.append_unique('LINKFLAGS', '-Wl,--as-needed')
384 if not conf.CHECK_NEED_LC("-lc not needed"):
385 conf.ADD_LDFLAGS('-lc', testflags=False)
387 if not conf.CHECK_CODE('#include "tests/summary.c"',
388 define='SUMMARY_PASSES',
389 addmain=False,
390 msg='Checking configure summary'):
391 raise Errors.WafError('configure summary failed')
393 if Options.options.enable_pie != False:
394 if Options.options.enable_pie == True:
395 need_pie = True
396 else:
397 # not specified, only build PIEs if supported by compiler
398 need_pie = False
399 if conf.check_cc(cflags='-fPIE', ldflags='-pie', mandatory=need_pie,
400 msg="Checking compiler for PIE support"):
401 conf.env['ENABLE_PIE'] = True
403 if Options.options.enable_relro != False:
404 if Options.options.enable_relro == True:
405 need_relro = True
406 else:
407 # not specified, only build RELROs if supported by compiler
408 need_relro = False
409 if conf.check_cc(cflags='', ldflags='-Wl,-z,relro,-z,now', mandatory=need_relro,
410 msg="Checking compiler for full RELRO support"):
411 conf.env['ENABLE_RELRO'] = True
413 if conf.CONFIG_GET('ENABLE_SELFTEST') and \
414 Options.options.with_smb1server == False and \
415 Options.options.without_ad_dc != True:
416 conf.fatal('--without-smb1-server cannot be specified with '
417 '--enable-selftest/--enable-developer if '
418 '--without-ad-dc is NOT set!')
420 if Options.options.with_smb1server != False:
421 conf.DEFINE('WITH_SMB1SERVER', '1')
424 # FreeBSD is broken. It doesn't include 'extern char **environ'
425 # in any shared library, but statically inside crt0.o.
427 # If we're running on a FreeBSD with the GNU linker ld we
428 # can get around this by explicitly telling the linker to
429 # ignore 'environ' as an unresolved symbol in a shared library.
431 # However, the clang linker ld.lld-XX is broken in that it
432 # doesn't have that option.
434 # First try to see if have '-Wl,--ignore-unresolved-symbol,environ'
435 # and just use that if so.
437 # If not, we have to use '-Wl,--allow-shlib-undefined' instead
438 # and remove all instances of '-Wl,-no-undefined'.
440 if sys.platform.startswith('freebsd'):
441 # Do we have Wl,--ignore-unresolved-symbol,environ ?
442 flag_added = conf.ADD_LDFLAGS('-Wl,--ignore-unresolved-symbol,environ', testflags=True)
443 if not flag_added:
444 # No, fall back to -Wl,--allow-shlib-undefined.
445 conf.ADD_LDFLAGS('-Wl,--allow-shlib-undefined', testflags=True)
446 # Remove any uses of '-Wl,-no-undefined'
447 conf.env['EXTRA_LDFLAGS'] = list(filter(('-Wl,-no-undefined').__ne__, conf.env['EXTRA_LDFLAGS']))
448 # And make sure we don't try and remove it again when 'allow_undefined_symbols=true'
449 conf.env.undefined_ldflags = []
451 conf.SAMBA_CONFIG_H('include/config.h')
453 def etags(ctx):
454 '''build TAGS file using etags'''
455 from waflib import Utils
456 source_root = os.path.dirname(Context.g_module.root_path)
457 cmd = r'rm -f %s/TAGS && (find %s -name "*.[ch]" | egrep -v \.inst\. | xargs -n 100 etags -a)' % (source_root, source_root)
458 print("Running: %s" % cmd)
459 status = os.system(cmd)
460 if os.WEXITSTATUS(status):
461 raise Errors.WafError('etags failed')
463 def ctags(ctx):
464 "build 'tags' file using ctags"
465 from waflib import Utils
466 source_root = os.path.dirname(Context.g_module.root_path)
467 cmd = r'ctags --python-kinds=-i $(find %s -name "*.[ch]" | grep -v "*_proto\.h" | egrep -v \.inst\.) $(find %s -name "*.py")' % (source_root, source_root)
468 print("Running: %s" % cmd)
469 status = os.system(cmd)
470 if os.WEXITSTATUS(status):
471 raise Errors.WafError('ctags failed')
474 # putting this here enabled build in the list
475 # of commands in --help
476 def build(bld):
477 '''build all targets'''
478 samba_version.load_version(env=bld.env, is_install=bld.is_install)
481 def pep8(ctx):
482 '''run pep8 validator'''
483 cmd='PYTHONPATH=bin/python pep8 -r bin/python/samba'
484 print("Running: %s" % cmd)
485 status = os.system(cmd)
486 if os.WEXITSTATUS(status):
487 raise Errors.WafError('pep8 failed')
490 def dist():
491 '''makes a tarball for distribution'''
492 sambaversion = samba_version.load_version(env=None)
494 os.system("make -C ctdb manpages")
495 samba_dist.DIST_FILES('ctdb/doc:ctdb/doc', extend=True)
497 os.system("DOC_VERSION='" + sambaversion.STRING + "' " + Context.g_module.top + "/release-scripts/build-manpages-nogit")
498 samba_dist.DIST_FILES('bin/docs:docs', extend=True)
500 if sambaversion.IS_SNAPSHOT:
501 # write .distversion file and add to tar
502 if not os.path.isdir(Context.g_module.out):
503 os.makedirs(Context.g_module.out)
504 distversionf = tempfile.NamedTemporaryFile(mode='w', prefix='.distversion',dir=Context.g_module.out)
505 for field in sambaversion.vcs_fields:
506 distveroption = field + '=' + str(sambaversion.vcs_fields[field])
507 distversionf.write(distveroption + '\n')
508 distversionf.flush()
509 samba_dist.DIST_FILES('%s:.distversion' % distversionf.name, extend=True)
511 samba_dist.dist()
512 distversionf.close()
513 else:
514 samba_dist.dist()
517 def distcheck():
518 '''test that distribution tarball builds and installs'''
519 samba_version.load_version(env=None)
521 def wildcard_cmd(cmd):
522 '''called on a unknown command'''
523 from samba_wildcard import run_named_build_task
524 run_named_build_task(cmd)
526 def main():
527 from samba_wildcard import wildcard_main
529 wildcard_main(wildcard_cmd)
530 Scripting.main = main
532 def reconfigure(ctx):
533 '''reconfigure if config scripts have changed'''
534 import samba_utils
535 samba_utils.reconfigure(ctx)
538 if os.path.isdir(os.path.join(top, ".git")):
539 # Check if there are submodules that are checked out but out of date.
540 for submodule, status in samba_git.read_submodule_status(top):
541 if status == "out-of-date":
542 raise Errors.WafError("some submodules are out of date. Please run 'git submodule update'")