waf: Add mandatory requirement for GnuTLS >= 3.2.0

We plan to move to GnuTLS for crypto in Samba, this is the first step to
make it mandatory and to require a version which is in LTS
distributions.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/wscript b/wscript
index 47fc2ba24605ac4053744a35c0e2434bf621de88..558b7754c28661b1b8930963b38de785664b7dac 100644 (file)
--- a/wscript
+++ b/wscript
@@ -251,6 +251,8 @@ def configure(conf):
     if not conf.CONFIG_GET('KRB5_VENDOR'):
         conf.PROCESS_SEPARATE_RULE('embedded_heimdal')
 
     if not conf.CONFIG_GET('KRB5_VENDOR'):
         conf.PROCESS_SEPARATE_RULE('embedded_heimdal')
 

+    conf.PROCESS_SEPARATE_RULE('system_gnutls')
+

     conf.RECURSE('source4/lib/tls')
     conf.RECURSE('source4/dsdb/samdb/ldb_modules')
     conf.RECURSE('source4/ntvfs/sysdep')
     conf.RECURSE('source4/lib/tls')
     conf.RECURSE('source4/dsdb/samdb/ldb_modules')
     conf.RECURSE('source4/ntvfs/sysdep')

diff --git a/wscript_configure_system_gnutls b/wscript_configure_system_gnutls
new file mode 100644 (file)
index 0000000..90b0f8f
--- /dev/null
+++ b/wscript_configure_system_gnutls
@@ -0,0 +1,24 @@
+from waflib import Options
+
+gnutls_min_required_version = "3.2.0"
+
+gnutls_required_version = gnutls_min_required_version
+
+#
+# If we build with MIT Kerberos we need at least GnuTLS 3.4.7 for the backupkey
+# protocol.
+#
+if Options.options.with_system_mitkrb5 and conf.env.AD_DC_BUILD_IS_ENABLED:
+    gnutls_required_version = "3.4.7"
+    conf.DEFINE('HAVE_GNUTLS_3_4_7', 1)
+
+conf.CHECK_CFG(package='gnutls',
+               args=('"gnutls >= %s" --cflags --libs' % gnutls_required_version),
+                     msg='Checking for GnuTLS >= %s' % gnutls_required_version,
+                     mandatory=True)
+
+# Define gnutls as a system library
+conf.SET_TARGET_TYPE('gnutls', 'SYSLIB')
+
+conf.DEFINE('HAVE_GNUTLS3', 1)
+conf.DEFINE('ENABLE_GNUTLS', 1)