From 511f609481f1344cd88d374a7afd9232898b21fb Mon Sep 17 00:00:00 2001
From: Michal Nowak <mnowak@isc.org>
Date: Wed, 25 Jun 2025 15:35:23 +0200
Subject: [PATCH] Disable Kerberos in tumbleweed

In the tumbleweed image, we utilize LibreSSL. Several BIND 9 libraries
are linked against LibreSSL's libcrypto.so.55, and when Kerberos is
enabled, we link against libk5crypto.so.3, which in turn links against
OpenSSL's libcrypto.so.3. This might theoretically lead to a symbol
conflict.

(cherry picked from commit 1b2c191bed4097e1095de3bc2f3854b6db894a8e)
---
 .gitlab-ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 75fb694aba..e553988d2c 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1217,7 +1217,7 @@ gcc:tumbleweed:amd64:
     # NOTE: This does *not* enable testing of the DNSRPS feature itself.
     # Doing that requires a DNSRPS provider library to be present on the
     # test host.
-    EXTRA_CONFIGURE: "--enable-dnsrps --enable-dnsrps-dl --with-libidn2 ${WITH_READLINE_READLINE}"
+    EXTRA_CONFIGURE: "--enable-dnsrps --enable-dnsrps-dl --with-libidn2 --without-gssapi ${WITH_READLINE_READLINE}"
     GNUMAKEFLAGS: "--shuffle=random"
   <<: *tumbleweed_latest_amd64_image
   <<: *build_job