s4:kdc: fix user2user tgs-requests for normal user accounts

[metze/samba/wip.git] / .gitlab-ci-main.yml

diff --git a/.gitlab-ci-main.yml b/.gitlab-ci-main.yml
index 441878df9494ed4eebf3b1b62e15f1b9617efac7..e725bfd07756818f59aff4542ce4c28411b0f03b 100644 (file)
--- a/.gitlab-ci-main.yml
+++ b/.gitlab-ci-main.yml
@@ -30,6 +30,11 @@ variables:
   #
   GIT_STRATEGY: fetch
   GIT_DEPTH: "3"
+  #
+  # Use GZip by default, it is fast and is good enough.  Other options include --xz
+
+  SAMBA_TESTBASE_TAR_OPTIONS: -z
+
   #
   # we run autobuild.py inside a samba CI docker image located on gitlab's registry
   # overwrite this variable if you want use your own image registry.
@@ -42,27 +47,25 @@ variables:
   # Set this to the contents of bootstrap/sha1sum.txt
   # which is generated by bootstrap/template.py --render
   #
-  SAMBA_CI_CONTAINER_TAG: bac18584d47ffc1acb5a697d83f2232598b6afbf
+  SAMBA_CI_CONTAINER_TAG: 790c229c42a67336099420d137fa9dc9974a133a
   #
-  # We use the ubuntu1804 image as default as
-  # it matches what we have on sn-devel-184.
+  # We use the ubuntu2204 image as default as
+  # it matches what we have on atb-devel-224
   #
-  SAMBA_CI_CONTAINER_IMAGE: ubuntu1804
+  SAMBA_CI_CONTAINER_IMAGE: ubuntu2204
   #
   # The following images are available
   # Please see the samba-o3 sections at the end of this file!
   # We should run that for each available image
   #
-  SAMBA_CI_CONTAINER_IMAGE_ubuntu1604: ubuntu1604
   SAMBA_CI_CONTAINER_IMAGE_ubuntu1804: ubuntu1804
+  SAMBA_CI_CONTAINER_IMAGE_ubuntu1804_32bit: ubuntu1804-32bit
   SAMBA_CI_CONTAINER_IMAGE_ubuntu2004: ubuntu2004
-  SAMBA_CI_CONTAINER_IMAGE_debian9: debian9
-  SAMBA_CI_CONTAINER_IMAGE_debian10: debian10
+  SAMBA_CI_CONTAINER_IMAGE_ubuntu2204: ubuntu2204
   SAMBA_CI_CONTAINER_IMAGE_debian11: debian11
-  SAMBA_CI_CONTAINER_IMAGE_opensuse151: opensuse151
-  SAMBA_CI_CONTAINER_IMAGE_opensuse152: opensuse152
-  SAMBA_CI_CONTAINER_IMAGE_fedora34: fedora34
-  SAMBA_CI_CONTAINER_IMAGE_fedora35: fedora35
+  SAMBA_CI_CONTAINER_IMAGE_opensuse154: opensuse154
+  SAMBA_CI_CONTAINER_IMAGE_fedora37: fedora37
+  SAMBA_CI_CONTAINER_IMAGE_f37mit120: f37mit120
   SAMBA_CI_CONTAINER_IMAGE_centos7: centos7
   SAMBA_CI_CONTAINER_IMAGE_centos8s: centos8s
 
@@ -137,6 +140,8 @@ include:
     - export CXX="ccache c++"
     - ccache -z -M 500M
     - ccache -s
+      # We are already running .gitlab-ci directives from this repo, remove additional checks that break our CI
+    - git config --global --add safe.directory `pwd`
   after_script:
     - mount
     - df -h
@@ -195,7 +200,7 @@ others:
       - "*.stderr"
       - "*.info"
       - system-info.txt
-      - samba-testbase.tar.gz
+      - samba-testbase.tar
   script:
     # gitlab predefines CI_JOB_NAME for each job. The gitlab job usually matches the
     # autobuild name, which means we can define a default template that runs most autobuild jobs
@@ -212,9 +217,9 @@ others:
     - pushd /tmp && getfacl -R samba-testbase > samba-testbase.acl.dump && popd
     - chmod -R +w /tmp/samba-testbase
     - mv /tmp/samba-testbase.acl.dump /tmp/samba-testbase/
-    - tar cfz samba-testbase.tar.gz /tmp/samba-testbase
-    - ls -la samba-testbase.tar.gz
-    - sha1sum samba-testbase.tar.gz
+    - tar $SAMBA_TESTBASE_TAR_OPTIONS -cf samba-testbase.tar /tmp/samba-testbase
+    - ls -la samba-testbase.tar
+    - sha1sum samba-testbase.tar
 
 .shared_template_test_only:
   extends:
@@ -222,11 +227,15 @@ others:
     - .shared_runner_test
   stage: test_only
   script:
+    # Print the Kerberos version to check we ended up with the right one
+    # in the runner. We do not have configure output to recognize it
+    # otherwise.
+    - if [ -x "$(command -v krb5-config)" ]; then krb5-config --version; fi
     # We unpack the artifacts file created by the .shared_template_build_only
     # run we depend on
-    - ls -la samba-testbase.tar.gz
-    - sha1sum samba-testbase.tar.gz
-    - tar xfz samba-testbase.tar.gz -C /
+    - ls -la samba-testbase.tar
+    - sha1sum samba-testbase.tar
+    - tar $SAMBA_TESTBASE_TAR_OPTIONS -xf samba-testbase.tar -C /
     - diff -u /tmp/samba-testbase/image-sha1sum.txt /sha1sum.txt
     - diff -u /tmp/samba-testbase/commit.txt /tmp/commit.txt
     - mv /tmp/samba-testbase/samba-testbase.acl.dump /tmp/samba-testbase.acl.dump
@@ -249,20 +258,37 @@ samba-def-build:
   needs:
     - job: samba-def-build
       artifacts: true
+    - job: samba-shellcheck
 
 samba-mit-build:
   extends: .shared_template_build_only
   variables:
-    SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_fedora35}
+    SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_fedora37}
+  stage: build_first
+
+samba-mit120-build:
+  extends: .shared_template_build_only
+  variables:
+    AUTOBUILD_JOB_NAME: samba-mit-build
+    SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_f37mit120}
   stage: build_first
 
 .needs_samba-mit-build:
   extends: .shared_template_test_only
   variables:
-    SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_fedora35}
+    SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_fedora37}
   needs:
     - job: samba-mit-build
       artifacts: true
+    - job: samba-shellcheck
+
+.needs_samba-mit120-build:
+  extends: .shared_template_test_only
+  variables:
+    SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_f37mit120}
+  needs:
+    - job: samba-mit120-build
+      artifacts: true
 
 samba-h5l-build:
   extends: .shared_template_build_only
@@ -273,6 +299,15 @@ samba-h5l-build:
     - job: samba-h5l-build
       artifacts: true
 
+samba-without-smb1-build:
+  extends: .shared_template_build_only
+
+.needs_samba-without-smb1-build:
+  extends: .shared_template_test_only
+  needs:
+    - job: samba-without-smb1-build
+      artifacts: true
+
 samba-nt4-build:
   extends: .shared_template_build_only
 
@@ -297,7 +332,7 @@ samba:
 samba-mitkrb5:
   extends: .shared_template
   variables:
-    SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_fedora35}
+    SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_fedora37}
 
 samba-minimal-smbd:
   extends: .shared_template
@@ -341,6 +376,7 @@ samba-libs:
 samba-fuzz:
   extends: .shared_template
   variables:
+    # We match what Google is running over at oss-fuzz
     SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_ubuntu2004}
 
 ctdb:
@@ -366,7 +402,14 @@ samba-addc-mit-4b:
 samba-fips:
   extends: .shared_template
   variables:
-    SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_fedora35}
+    SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_fedora37}
+
+samba-shellcheck:
+  extends: .shared_template
+  needs:
+  variables:
+    SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_fedora37}
+  stage: build_first
 
 .private_test_only:
   extends: .private_runner_test
@@ -392,11 +435,21 @@ samba-fips:
     - .needs_samba-mit-build
     - .private_test_only
 
+.needs_samba-mit120-build-private:
+  extends:
+    - .needs_samba-mit120-build
+    - .private_test_only
+
 .needs_samba-h5l-build-private:
   extends:
     - .needs_samba-h5l-build
     - .private_test_only
 
+.needs_samba-without-smb1-build-private:
+  extends:
+    - .needs_samba-without-smb1-build
+    - .private_test_only
+
 .needs_samba-nt4-build-private:
   extends:
     - .needs_samba-nt4-build
@@ -410,6 +463,9 @@ samba-fips:
 samba-fileserver:
   extends: .needs_samba-h5l-build-private
 
+samba-fileserver-without-smb1:
+  extends: .needs_samba-without-smb1-build-private
+
 # This is a full build without the AD DC so we test the build with MIT
 # Kerberos from the default system (Ubuntu 18.04 at this stage).
 # Runtime behaviour checked via the ktest (static ccache and keytab)
@@ -426,6 +482,11 @@ samba-nt4:
 samba-addc-mit-1:
   extends: .needs_samba-mit-build-private
 
+samba-addc-mit120:
+  extends: .needs_samba-mit120-build-private
+  variables:
+    AUTOBUILD_JOB_NAME: samba-addc-mit-1
+
 samba-no-opath1:
   extends: .needs_samba-no-opath-build-private
 
@@ -460,6 +521,7 @@ pages:
     - samba-ad-back1
     - samba-ad-back2
     - samba-fileserver
+    - samba-fileserver-without-smb1
     - samba-ad-dc-1
     - samba-nt4
     - samba-schemaupgrade
@@ -488,7 +550,7 @@ pages:
 coverity:
   extends: .shared_runner_build_image
   variables:
-    SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_fedora34}
+    SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_opensuse154}
   stage: build
   script:
     - wget https://scan.coverity.com/download/linux64 --post-data "token=$COVERITY_SCAN_TOKEN&project=$COVERITY_SCAN_PROJECT_NAME" -O /tmp/coverity_tool.tgz
@@ -517,6 +579,12 @@ coverity:
     paths:
       - cov-int/*.txt
 
+ubuntu1804-samba-32bit:
+  extends: .shared_template
+  variables:
+    AUTOBUILD_JOB_NAME: samba-32bit
+    SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_ubuntu1804_32bit}
+
 #
 # We build samba-o3 on all supported distributions
 #
@@ -565,25 +633,20 @@ ubuntu2004-samba-o3:
   variables:
     SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_ubuntu2004}
 
-debian10-samba-o3:
+ubuntu2204-samba-o3:
   extends: .samba-o3-template
   variables:
-    SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_debian10}
+    SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_ubuntu2204}
 
 debian11-samba-o3:
   extends: .samba-o3-template
   variables:
     SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_debian11}
 
-opensuse151-samba-o3:
-  extends: .samba-o3-template
-  variables:
-    SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_opensuse151}
-
-opensuse152-samba-o3:
+opensuse154-samba-o3:
   extends: .samba-o3-template
   variables:
-    SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_opensuse152}
+    SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_opensuse154}
 
 centos7-samba-o3:
   extends: .samba-o3-template
@@ -599,15 +662,10 @@ centos8s-samba-o3:
   variables:
     SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_centos8s}
 
-fedora34-samba-o3:
-  extends: .samba-o3-template
-  variables:
-    SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_fedora34}
-
-fedora35-samba-o3:
+fedora37-samba-o3:
   extends: .samba-o3-template
   variables:
-    SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_fedora35}
+    SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_fedora37}
 
 #
 # Keep the samba-o3 sections at the end ...