add disallowedReferences to prevent future regressions
buildPackages.python3Packages.python.intepreter will be python3.10 while
the one in shebang is python3
had to move the substituting to after wrapPythonPrograms because the
wrapper contained build python so something weird is going on
continuation of #109595
pkgconfig was aliased in 2018, however, it remained in
all-packages.nix due to its wide usage. This cleans
up the remaining references to pkgs.pkgsconfig and
moves the entry to aliases.nix.
python3Packages.pkgconfig remained unchanged because
it's the canonical name of the upstream package
on pypi.
smbclient does not properly link and when trying to run it it fails with
messages like:
dyld: Library not loaded: /private/tmp/nix-build-samba-4.7.12.drv-0/samba-4.7.12/bin/default/source3/libpopt-samba3-samba4.dylib
Referenced from: result/bin/smbclient
Reason: image not found
Previously, `vfs_snapper` was only built if `dbus` was found.
Now, `vfs_snapper` is enabled by default (on Linux)
and it requires dbus to be available:
```
Checking for dbus: not found
vfs_snapper is enabled but prerequisite dbus-1 package not found. Use
--with-shared-modules=!vfs_snapper to disable vfs_snapper support.
```
We could pass `--with-shared-modules=!vfs_snapper` to disable it,
but currently pass `--with-shared-modules=ALL`,
so add dbus as a dependency instead.
When not building with the experimental (!!) system MIT Kerberos, Samba
will use the builtin Heimdal Kerberos. For this reason, enableKerberos =
true will still include a krb5 implementation, built right into Samba.
There is no benefit in using MIT krb5, however it has some downsides
like not being able to assign computer GPOs [1].
The ArchWiki [2] also mentions this in their installation section.
[1]: https://lists.samba.org/archive/samba/2018-July/216779.html
[2]: https://wiki.archlinux.org/index.php/Samba/Active_Directory_domain_controller
This is a security release in order to address the following defects:
- CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD Directory not automatic.
- CVE-2019-14907: Crash after failed character conversion at log level 3 or above.
- CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD DC.
Samba 3 has been discontinued since Q1/2015. So I think it's time
to just wipe it from the pkgs. FuseSMB is pretty much abandoned,
upstream does not exist and it's also not as useful as it used to
be anyways.