From 093a2d5449538e7a75bd2883294cb885f83f6b9f8c307b7928bf4f885cf06024 Mon Sep 17 00:00:00 2001 From: Paulo Alcantara Date: Tue, 20 Mar 2018 16:47:44 +0000 Subject: [PATCH 1/7] Accepting request 577707 from home:avindra - update to 6.7: * mount.cifs cleanups - includes 6.6: * cleanup/overhaul of cifs.upcall krb5 credcache handling - partial cleanup with spec-cleaner OBS-URL: https://build.opensuse.org/request/show/577707 OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/cifs-utils?expand=0&rev=149 --- cifs-utils-6.5.tar.bz2 | 3 -- cifs-utils-6.5.tar.bz2.asc | 11 ------- cifs-utils-6.7.tar.bz2 | 3 ++ cifs-utils-6.7.tar.bz2.asc | 12 ++++++++ cifs-utils.changes | 8 +++-- cifs-utils.spec | 60 ++++++++++++++++---------------------- 6 files changed, 46 insertions(+), 51 deletions(-) delete mode 100644 cifs-utils-6.5.tar.bz2 delete mode 100644 cifs-utils-6.5.tar.bz2.asc create mode 100644 cifs-utils-6.7.tar.bz2 create mode 100644 cifs-utils-6.7.tar.bz2.asc diff --git a/cifs-utils-6.5.tar.bz2 b/cifs-utils-6.5.tar.bz2 deleted file mode 100644 index bc53a87..0000000 --- a/cifs-utils-6.5.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e2776578b8267c6dc0862897f5e10f87f10f8337fca9ca6a9118f5eb30cf49f7 -size 402158 diff --git a/cifs-utils-6.5.tar.bz2.asc b/cifs-utils-6.5.tar.bz2.asc deleted file mode 100644 index e526637..0000000 --- a/cifs-utils-6.5.tar.bz2.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2 - -iQEcBAABCAAGBQJWyzHeAAoJEFr9v7Jw87mBzCUIALAjddIyPDJ+zUP8GEPkCL5M -esOLPP0J9jf4t5QOqKq/druS/PmC9bs6GrZ/5gsYl3uXWtztIW61L3IIX9oGEErg -lt6lpNWl5EkUzdKZQrNKzrekyI5uoGPpPL9k1ZMn8IlSQP769CIGW5zFL0cL63YB -4wUkM7TtoCsD7LVJDtxe9ikprZ/OmbPNeavBhY4+7YuqYOjPXTgm4fl9Cqh92zO7 -ShC9IUqT/st1LZXPcDpPcncG+0hvM0cfBKcyv8WnOoqxNPyyCLrLywD8jnOcjiEC -1IoH9d4+psmmTqxkrC/JypfccWBnuTWBJ9uDGy0HfQ3NG58Hwv60fJazKYKraxE= -=RVqu ------END PGP SIGNATURE----- diff --git a/cifs-utils-6.7.tar.bz2 b/cifs-utils-6.7.tar.bz2 new file mode 100644 index 0000000..a9a789a --- /dev/null +++ b/cifs-utils-6.7.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b2f21612474ab012e75accd167aab607a0614ff67efb56ea0f36789fa785cfab +size 363647 diff --git a/cifs-utils-6.7.tar.bz2.asc b/cifs-utils-6.7.tar.bz2.asc new file mode 100644 index 0000000..61ddc49 --- /dev/null +++ b/cifs-utils-6.7.tar.bz2.asc @@ -0,0 +1,12 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2 + +iQEyBAABCAAcBQJYuE4QFRxjaWZzLXV0aWxzQHNhbWJhLm9yZwAKCRBa/b+ycPO5 +gZm4CAC0bjFRKw/CIiokpWzJSKyhw7Hw9KT77pEIIB6e7MYqq9KbhqcwPyvX4TTb +2Ghy+G2eWWC0jdOlCsGQODQ133cOwgTKWkETxcPZ8GFfHFhlrc/60ITieayV+nLz +nlc2Wg0+lp9mSVEBIHEbCtV+bWqutNCuDFIX8ETXqDuUvqzkdUWA698crkK8v/w1 +fUSCsKutd0pYslXb51vN0w38eclQOMeimbHpAfqXr0sO8ATVN3JjTkIvNSC+YKI9 +F8VxFrHU3M1fusFtOiBJDC9DIt6qqlM5HqusUiCZDHP+mZjcwGDnYpHikWuqPOoD +kz3rf4o0EZUdJ2mpkM7iDGo1CaXb +=6Ab6 +-----END PGP SIGNATURE----- diff --git a/cifs-utils.changes b/cifs-utils.changes index 7593096..a5c495d 100644 --- a/cifs-utils.changes +++ b/cifs-utils.changes @@ -1,7 +1,11 @@ ------------------------------------------------------------------- -Tue Mar 6 14:26:58 UTC 2018 - schwab@suse.de +Sun Feb 18 08:21:58 UTC 2018 - avindra@opensuse.org -- Update BuildIgnore to break build cycle samba-client <-> cifs-utils +- update to 6.7: + * mount.cifs cleanups +- includes 6.6: + * cleanup/overhaul of cifs.upcall krb5 credcache handling +- partial cleanup with spec-cleaner ------------------------------------------------------------------- Thu Apr 27 10:41:50 UTC 2017 - aaptel@suse.com diff --git a/cifs-utils.spec b/cifs-utils.spec index ad94ccb..43e5561 100644 --- a/cifs-utils.spec +++ b/cifs-utils.spec @@ -17,10 +17,10 @@ Name: cifs-utils -Version: 6.5 +Version: 6.7 Release: 0 Summary: Utilities for doing and managing mounts of the Linux CIFS filesystem -License: GPL-3.0-or-later +License: GPL-3.0+ Group: System/Filesystems Url: http://www.samba.org/linux-cifs/cifs-utils/ Source: https://ftp.samba.org/pub/linux-cifs/%{name}/%{name}-%{version}.tar.bz2 @@ -64,7 +64,7 @@ BuildRequires: libcap-ng-devel %else BuildRequires: libcap-devel %endif -#!BuildIgnore: samba-client +#!BuildIgnore: samba4-libs BuildRequires: libtalloc-devel %if 0%{?suse_version} > 1110 BuildRequires: fdupes @@ -76,18 +76,12 @@ BuildRequires: libkeyutils-devel BuildRequires: libwbclient-devel %endif BuildRequires: pam-devel -%if 0%{?suse_version} > 1020 -BuildRequires: pkg-config -%else BuildRequires: pkgconfig -%endif Requires: keyutils %if ! %{defined _rundir} %define _rundir %{_localstatedir}/run %endif -BuildRoot: %{_tmppath}/%{name}-%{version}-build - %description The cifs-utils package consist of utilities for doing and managing mounts of the Linux CIFS filesystem. @@ -122,21 +116,20 @@ cp -a ${RPM_SOURCE_DIR}/README.cifstab.migration . %patch1 -p1 %build -export CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE -fpie" +export CFLAGS="%{optflags} -D_GNU_SOURCE -fpie" export LDFLAGS="-pie" autoreconf -i -%{configure} \ +%configure \ --with-pamdir=/%{_lib}/security -%{__make} %{?_smp_mflags} +make %{?_smp_mflags} %install %if ! %{systemd} mkdir -p \ - ${RPM_BUILD_ROOT}/%{_sysconfdir}/init.d + %{buildroot}/%{_sysconfdir}/init.d %endif -%{__make} install \ - DESTDIR=${RPM_BUILD_ROOT} +%make_install %if 0%{?centos_version} > 599 || 0%{?fedora_version} > 14 || 0%{?mandriva_version} > 201100 || 0%{?rhel_version} > 599 || 0%{?suse_version} > 1020 mkdir -p %{buildroot}%{_sysconfdir}/%{name} ln -s %{_libdir}/%{name}/idmapwb.so %{buildroot}%{_sysconfdir}/%{name}/idmap-plugin @@ -146,42 +139,41 @@ install -m 644 -p contrib/request-key.d/cifs.idmap.conf %{buildroot}%{_sysconfdi install -m 644 -p contrib/request-key.d/cifs.spnego.conf %{buildroot}%{_sysconfdir}/request-key.d %if 0%{?suse_version} == 0 || 0%{?suse_version} > 1221 mkdir -p \ - ${RPM_BUILD_ROOT}/%{_sysconfdir}/sysconfig/%{NET_CFGDIR}/if-{down,up}.d \ - ${RPM_BUILD_ROOT}/%{_sysconfdir}/samba \ - ${RPM_BUILD_ROOT}/%{_sbindir} \ - ${RPM_BUILD_ROOT}/%{_rundir} + %{buildroot}/%{_sysconfdir}/sysconfig/%{NET_CFGDIR}/if-{down,up}.d \ + %{buildroot}/%{_sysconfdir}/samba \ + %{buildroot}/%{_sbindir} \ + %{buildroot}/%{_rundir} %if ! %{systemd} -install -m 0755 -p ${RPM_SOURCE_DIR}/cifs.init ${RPM_BUILD_ROOT}/%{_sysconfdir}/init.d/cifs -ln -s service ${RPM_BUILD_ROOT}/%{_sbindir}/rccifs +install -m 0755 -p ${RPM_SOURCE_DIR}/cifs.init %{buildroot}/%{_sysconfdir}/init.d/cifs +ln -s service %{buildroot}/%{_sbindir}/rccifs %endif -touch ${RPM_BUILD_ROOT}/%{_sysconfdir}/sysconfig/%{NET_CFGDIR}/if-{down,up}.d/${script} \ - ${RPM_BUILD_ROOT}%{_rundir}/cifs +touch %{buildroot}/%{_sysconfdir}/sysconfig/%{NET_CFGDIR}/if-{down,up}.d/${script} \ + %{buildroot}%{_rundir}/cifs %endif # Hardlink duplicate files %if 0%{?suse_version} > 1110 -%fdupes ${RPM_BUILD_ROOT} +%fdupes %{buildroot} %endif %files -%defattr(-,root,root) /sbin/mount.cifs %if 0%{?centos_version} > 599 || 0%{?fedora_version} > 14 || 0%{?mandriva_version} > 201100 || 0%{?rhel_version} > 599 || 0%{?suse_version} > 1020 %{_bindir}/getcifsacl %{_bindir}/setcifsacl %{_sbindir}/cifs.idmap -%{_mandir}/man1/getcifsacl.1.* -%{_mandir}/man1/setcifsacl.1.* -%{_mandir}/man8/cifs.idmap.8.* +%{_mandir}/man1/getcifsacl.1%{ext_man} +%{_mandir}/man1/setcifsacl.1%{ext_man} +%{_mandir}/man8/cifs.idmap.8%{ext_man} %endif %if 0%{?centos_version} > 499 || 0%{?fedora_version} > 14 || 0%{?mandriva_version} > 201100 || 0%{?rhel_version} > 499 || 0%{?suse_version} > 1020 %{_bindir}/cifscreds %{_sbindir}/cifs.upcall -%{_mandir}/man1/cifscreds.1.* -%{_mandir}/man8/cifs.upcall.8.* +%{_mandir}/man1/cifscreds.1%{ext_man} +%{_mandir}/man8/cifs.upcall.8%{ext_man} %endif -%{_mandir}/man8/mount.cifs.8.* +%{_mandir}/man8/mount.cifs.8%{ext_man} %dir %{_sysconfdir}/request-key.d %config(noreplace) %{_sysconfdir}/request-key.d/cifs.idmap.conf %config(noreplace) %{_sysconfdir}/request-key.d/cifs.spnego.conf @@ -190,7 +182,7 @@ touch ${RPM_BUILD_ROOT}/%{_sysconfdir}/sysconfig/%{NET_CFGDIR}/if-{down,up}.d/${ %dir %{_sysconfdir}/cifs-utils %config(noreplace) %{_sysconfdir}/cifs-utils/idmap-plugin %{_libdir}/%{name}/idmapwb.so -%{_mandir}/man8/idmapwb.8.* +%{_mandir}/man8/idmapwb.8%{ext_man} %endif %if 0%{?suse_version} == 0 || 0%{?suse_version} > 1221 %if ! %{systemd} @@ -203,12 +195,10 @@ touch ${RPM_BUILD_ROOT}/%{_sysconfdir}/sysconfig/%{NET_CFGDIR}/if-{down,up}.d/${ %doc README.cifstab.migration %files devel -%defattr(-,root,root) %{_includedir}/cifsidmap.h %files -n pam_cifscreds -%defattr(-,root,root) /%{_lib}/security/pam_cifscreds.so -%{_mandir}/man8/pam_cifscreds.8.* +%{_mandir}/man8/pam_cifscreds.8%{ext_man} %changelog From e6904fe82c7265e828c364c9e9ec7a2afaac80ae22dd22aa8b1e97964c1e67cc Mon Sep 17 00:00:00 2001 From: Paulo Alcantara Date: Tue, 20 Mar 2018 16:57:38 +0000 Subject: [PATCH 2/7] Use modern pkg-config name OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/cifs-utils?expand=0&rev=150 --- cifs-utils.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cifs-utils.spec b/cifs-utils.spec index 43e5561..1b13059 100644 --- a/cifs-utils.spec +++ b/cifs-utils.spec @@ -20,7 +20,7 @@ Name: cifs-utils Version: 6.7 Release: 0 Summary: Utilities for doing and managing mounts of the Linux CIFS filesystem -License: GPL-3.0+ +License: GPL-3.0-or-later Group: System/Filesystems Url: http://www.samba.org/linux-cifs/cifs-utils/ Source: https://ftp.samba.org/pub/linux-cifs/%{name}/%{name}-%{version}.tar.bz2 @@ -76,7 +76,7 @@ BuildRequires: libkeyutils-devel BuildRequires: libwbclient-devel %endif BuildRequires: pam-devel -BuildRequires: pkgconfig +BuildRequires: pkg-config Requires: keyutils %if ! %{defined _rundir} %define _rundir %{_localstatedir}/run From 921771b73e67dd5012df2b41e2a4436167dbf47eb0be1ce757f3c8b38fa99cf1 Mon Sep 17 00:00:00 2001 From: OBS User buildservice-autocommit Date: Tue, 20 Mar 2018 20:50:17 +0000 Subject: [PATCH 3/7] Updating link to change in openSUSE:Factory/cifs-utils revision 53.0 OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/cifs-utils?expand=0&rev=261d9211a0e7a706990f0dc3fa8c470c --- cifs-utils.changes | 5 +++++ cifs-utils.spec | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/cifs-utils.changes b/cifs-utils.changes index a5c495d..b556759 100644 --- a/cifs-utils.changes +++ b/cifs-utils.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Tue Mar 6 14:26:58 UTC 2018 - schwab@suse.de + +- Update BuildIgnore to break build cycle samba-client <-> cifs-utils + ------------------------------------------------------------------- Sun Feb 18 08:21:58 UTC 2018 - avindra@opensuse.org diff --git a/cifs-utils.spec b/cifs-utils.spec index 1b13059..0de6e66 100644 --- a/cifs-utils.spec +++ b/cifs-utils.spec @@ -64,7 +64,7 @@ BuildRequires: libcap-ng-devel %else BuildRequires: libcap-devel %endif -#!BuildIgnore: samba4-libs +#!BuildIgnore: samba-client BuildRequires: libtalloc-devel %if 0%{?suse_version} > 1110 BuildRequires: fdupes From 36eed22ce5d48a3161643f7c5005c4684c8cdb1043c0d29996cebbc31262f9f7 Mon Sep 17 00:00:00 2001 From: OBS User buildservice-autocommit Date: Tue, 20 Mar 2018 20:50:17 +0000 Subject: [PATCH 4/7] Accepting request 585781 from network:samba:STABLE baserev update by copy to link target OBS-URL: https://build.opensuse.org/request/show/585781 OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/cifs-utils?expand=0&rev=151 --- cifs-utils.changes | 5 ----- cifs-utils.spec | 2 +- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/cifs-utils.changes b/cifs-utils.changes index b556759..a5c495d 100644 --- a/cifs-utils.changes +++ b/cifs-utils.changes @@ -1,8 +1,3 @@ -------------------------------------------------------------------- -Tue Mar 6 14:26:58 UTC 2018 - schwab@suse.de - -- Update BuildIgnore to break build cycle samba-client <-> cifs-utils - ------------------------------------------------------------------- Sun Feb 18 08:21:58 UTC 2018 - avindra@opensuse.org diff --git a/cifs-utils.spec b/cifs-utils.spec index 0de6e66..1b13059 100644 --- a/cifs-utils.spec +++ b/cifs-utils.spec @@ -64,7 +64,7 @@ BuildRequires: libcap-ng-devel %else BuildRequires: libcap-devel %endif -#!BuildIgnore: samba-client +#!BuildIgnore: samba4-libs BuildRequires: libtalloc-devel %if 0%{?suse_version} > 1110 BuildRequires: fdupes From ec543cbc2b806e65f8c9767b20aff6275f7bee51314fd959c10eeb1d142f63d7 Mon Sep 17 00:00:00 2001 From: Aurelien Aptel Date: Mon, 10 Sep 2018 12:16:22 +0000 Subject: [PATCH 5/7] restore accidentally overwritten change from request 583460 - Update BuildIgnore to break build cycle samba-client <-> cifs-utils OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/cifs-utils?expand=0&rev=152 --- cifs-utils.changes | 5 +++++ cifs-utils.spec | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/cifs-utils.changes b/cifs-utils.changes index a5c495d..b556759 100644 --- a/cifs-utils.changes +++ b/cifs-utils.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Tue Mar 6 14:26:58 UTC 2018 - schwab@suse.de + +- Update BuildIgnore to break build cycle samba-client <-> cifs-utils + ------------------------------------------------------------------- Sun Feb 18 08:21:58 UTC 2018 - avindra@opensuse.org diff --git a/cifs-utils.spec b/cifs-utils.spec index 1b13059..0de6e66 100644 --- a/cifs-utils.spec +++ b/cifs-utils.spec @@ -64,7 +64,7 @@ BuildRequires: libcap-ng-devel %else BuildRequires: libcap-devel %endif -#!BuildIgnore: samba4-libs +#!BuildIgnore: samba-client BuildRequires: libtalloc-devel %if 0%{?suse_version} > 1110 BuildRequires: fdupes From 47eae704ae01711c0bd052fcec1b332683be8f8465b185c14471ef3ced77665a Mon Sep 17 00:00:00 2001 From: David Mulder Date: Tue, 11 Sep 2018 13:50:49 +0000 Subject: [PATCH 6/7] Accepting request 634977 from home:aaptel:cifs-utils-6.8 - Update to cifs-utils 6.8. + document more mount options + man pages now generated from RST files + add python-docutils build dependency + update keyring to check tarball signature - Add typo corrections, better doc and configure fixes from upstream + add 0001-docs-cleanup-rst-formating.patch + add 0002-mount.cifs.rst-document-new-no-handlecache-mount-opt.patch + add 0003-manpage-update-mount.cifs-manpage-with-info-about-rd.patch + add 0004-checkopts-add-python-script-to-cross-check-mount-opt.patch + add 0005-mount.cifs.rst-document-missing-options-correct-wron.patch + add 0006-cifs-utils-support-rst2man-3.patch + add 0007-checkopts-report-duplicated-options-in-man-page.patch + add 0008-mount.cifs.rst-more-cleanups.patch + add 0009-mount.cifs.rst-document-vers-3-mount-option.patch + add 0010-mount.cifs.rst-document-vers-3.02-mount-option.patch - Cleanup spec file * assume SUSE vendor and SLE >= 11 OBS-URL: https://build.opensuse.org/request/show/634977 OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/cifs-utils?expand=0&rev=153 --- 0001-docs-cleanup-rst-formating.patch | 1120 +++++++++++++++++ ...-correct-typos-and-spelling-mistakes.patch | 98 -- ...cument-SMBv3.1.1-and-new-seal-option.patch | 61 - ...ocument-new-no-handlecache-mount-opt.patch | 37 + ...ount.cifs-manpage-with-info-about-rd.patch | 30 + ...thon-script-to-cross-check-mount-opt.patch | 261 ++++ ...ocument-missing-options-correct-wron.patch | 219 ++++ 0006-cifs-utils-support-rst2man-3.patch | 50 + ...eport-duplicated-options-in-man-page.patch | 67 + 0008-mount.cifs.rst-more-cleanups.patch | 159 +++ ...ifs.rst-document-vers-3-mount-option.patch | 25 + ....rst-document-vers-3.02-mount-option.patch | 25 + cifs-utils-6.7.tar.bz2 | 3 - cifs-utils-6.7.tar.bz2.asc | 12 - cifs-utils-6.8.tar.bz2 | 3 + cifs-utils-6.8.tar.bz2.asc | 17 + cifs-utils.changes | 22 + cifs-utils.keyring | 78 +- cifs-utils.spec | 69 +- 19 files changed, 2121 insertions(+), 235 deletions(-) create mode 100644 0001-docs-cleanup-rst-formating.patch delete mode 100644 0001-manpage-correct-typos-and-spelling-mistakes.patch delete mode 100644 0002-mount.cifs-document-SMBv3.1.1-and-new-seal-option.patch create mode 100644 0002-mount.cifs.rst-document-new-no-handlecache-mount-opt.patch create mode 100644 0003-manpage-update-mount.cifs-manpage-with-info-about-rd.patch create mode 100644 0004-checkopts-add-python-script-to-cross-check-mount-opt.patch create mode 100644 0005-mount.cifs.rst-document-missing-options-correct-wron.patch create mode 100644 0006-cifs-utils-support-rst2man-3.patch create mode 100644 0007-checkopts-report-duplicated-options-in-man-page.patch create mode 100644 0008-mount.cifs.rst-more-cleanups.patch create mode 100644 0009-mount.cifs.rst-document-vers-3-mount-option.patch create mode 100644 0010-mount.cifs.rst-document-vers-3.02-mount-option.patch delete mode 100644 cifs-utils-6.7.tar.bz2 delete mode 100644 cifs-utils-6.7.tar.bz2.asc create mode 100644 cifs-utils-6.8.tar.bz2 create mode 100644 cifs-utils-6.8.tar.bz2.asc diff --git a/0001-docs-cleanup-rst-formating.patch b/0001-docs-cleanup-rst-formating.patch new file mode 100644 index 0000000..689c81c --- /dev/null +++ b/0001-docs-cleanup-rst-formating.patch @@ -0,0 +1,1120 @@ +From 81dcfb24f54a5757f7c9fe08285bf527b8333506 Mon Sep 17 00:00:00 2001 +From: Aurelien Aptel +Date: Tue, 15 May 2018 10:12:32 +0200 +Subject: [PATCH 01/10] docs: cleanup rst formating + +Signed-off-by: Aurelien Aptel +Reviewed-by: Steve French +Reviewed-by: Pavel Shilovsky +--- + cifs.idmap.rst.in | 71 ++++++------------- + cifs.upcall.rst.in | 200 ++++++++++++++++++++--------------------------------- + cifscreds.rst | 92 ++++++++---------------- + getcifsacl.rst.in | 40 +++-------- + idmapwb.rst.in | 19 +++-- + mount.cifs.rst | 9 ++- + pam_cifscreds.rst | 61 +++++----------- + setcifsacl.rst.in | 143 ++++++++++---------------------------- + 8 files changed, 201 insertions(+), 434 deletions(-) + +diff --git a/cifs.idmap.rst.in b/cifs.idmap.rst.in +index 91b585e..60d7f0a 100644 +--- a/cifs.idmap.rst.in ++++ b/cifs.idmap.rst.in +@@ -11,124 +11,93 @@ Userspace helper for mapping ids for Common Internet File System (CIFS) + SYNOPSIS + ******** + +- +-cifs.idmap [--help|-h] [--timeout|-t] [--version|-v] {keyid} +- ++ cifs.idmap [--help|-h] [--timeout|-t] [--version|-v] {keyid} + + *********** + DESCRIPTION + *********** + +- + This tool is part of the cifs-utils suite. + +-\ **cifs.idmap**\ is a userspace helper program for the linux CIFS client ++``cifs.idmap`` is a userspace helper program for the linux CIFS client + filesystem. There are a number of activities that the kernel cannot + easily do itself. This program is a callout program that does these + things for the kernel and then returns the result. + +-\ **cifs.idmap**\ is generally intended to be run when the kernel calls ++``cifs.idmap`` is generally intended to be run when the kernel calls + request-key(8) for a particular key type. While it can be run + directly from the command-line, it is not generally intended to be run + that way. + +-This program is only called if a share is mounted with the \ **cifsacl**\ ++This program is only called if a share is mounted with the ``cifsacl`` + mount option. The kernel will only upcall to do this conversion if + that mount option is specified. + +-\ **cifs.idmap**\ relies on a plugin to handle the ID mapping. If it can't ++``cifs.idmap`` relies on a plugin to handle the ID mapping. If it can't + find the plugin then it will not work properly. The plugin (or a + symlink to it) must be at @pluginpath@. + +-In the case where \ **cifs.idmap**\ or the plugin are unavailable, file ++In the case where ``cifs.idmap`` or the plugin are unavailable, file + objects in a mounted share are assigned uid and gid of the credentials + of the process that mounted the share. It is strongly recomemended to + use mount options of uid and gid to specify a default uid and gid to + map owner SIDs and group SIDs in this situation. + +- + ******* + OPTIONS + ******* + ++--help|-h ++ Print the usage message and exit. + ++--timeout|-t ++ Set the expiration timer, in seconds on the key. The default is 600 ++ seconds (10 minutes). Setting this to 0 will cause the key to never ++ expire. + +-\ **--help|-h**\ +- +- Print the usage message and exit. +- +- +- +-\ **--timeout|-t**\ +- +- Set the expiration timer, in seconds on the key. The default is 600 +- seconds (10 minutes). Setting this to 0 will cause the key to never +- expire. +- +- +- +-\ **--version|-v**\ +- +- Print version number and exit. +- +- +- ++--version|-v ++ Print version number and exit. + + ************************ + CONFIGURATION FOR KEYCTL + ************************ + +- +-\ **cifs.idmap**\ is designed to be called from the kernel via the ++``cifs.idmap`` is designed to be called from the kernel via the + request-key callout program. This requires that request-key be told +-where and how to call this program. Currently \ **cifs.idmap**\ handles a +-key type of: ++where and how to call this program. Currently ``cifs.idmap`` handles a ++key type of:: + ++ cifs.idmap + +-\ **cifs.idmap**\ +- +- This keytype is for mapping a SID to either an uid or a gid +- +- ++This keytype is for mapping a SID to either an uid or a gid. + + To make this program useful for CIFS, you will need to set up entry for it in +-request-key.conf(5). Here is an example of an entry for this key type: +- +- +-.. code-block:: perl ++request-key.conf(5). Here is an example of an entry for this key type:: + + #OPERATION TYPE D C PROGRAM ARG1 ARG2... + #========= ============= = = ================================ + create cifs.idmap * * @sbindir@/cifs.idmap %k + +- + See request-key.conf(5) for more info on each field. + +- + ***** + NOTES + ***** + +- + Support for upcalls to cifs.idmap was initially introduced in the 3.0 + kernel. + +- + ******** + SEE ALSO + ******** + +- + request-key.conf(5), mount.cifs(8) + +- + ****** + AUTHOR + ****** + +- + Shirish Pargaonkar wrote the cifs.idmap program. + + The Linux CIFS Mailing list is the preferred place to ask questions + regarding these programs. +- +diff --git a/cifs.upcall.rst.in b/cifs.upcall.rst.in +index 8f4ee62..1b8df3f 100644 +--- a/cifs.upcall.rst.in ++++ b/cifs.upcall.rst.in +@@ -7,178 +7,131 @@ Userspace upcall helper for Common Internet File System (CIFS) + -------------------------------------------------------------- + :Manual section: 8 + +- + ******** + SYNOPSIS + ******** + +-.. code-block:: perl +- +- cifs.upcall [--trust-dns|-t] [--version|-v] [--legacy-uid|-l] +- [--krb5conf=/path/to/krb5.conf|-k /path/to/krb5.conf] +- [--keytab=/path/to/keytab|-K /path/to/keytab] {keyid} +- +- ++ cifs.upcall [--trust-dns|-t] [--version|-v] [--legacy-uid|-l] ++ [--krb5conf=/path/to/krb5.conf|-k /path/to/krb5.conf] ++ [--keytab=/path/to/keytab|-K /path/to/keytab] {keyid} + + *********** + DESCRIPTION + *********** + +- + This tool is part of the cifs-utils suite. + +-\ **cifs.upcall**\ is a userspace helper program for the linux CIFS client ++``cifs.upcall`` is a userspace helper program for the linux CIFS client + filesystem. There are a number of activities that the kernel cannot + easily do itself. This program is a callout program that does these + things for the kernel and then returns the result. + +-\ **cifs.upcall**\ is generally intended to be run when the kernel calls ++``cifs.upcall`` is generally intended to be run when the kernel calls + request-key(8) for a particular key type. While it can be run + directly from the command-line, it's not generally intended to be run + that way. + +- + ******* + OPTIONS + ******* + +- +- +-\ **-c**\ +- +- This option is deprecated and is currently ignored. +- +- +- +-\ **--no-env-probe|-E**\ +- +- Normally, \ **cifs.upcall**\ will probe the environment variable space of +- the process that initiated the upcall in order to fetch the value of +- \ ``$KRB5CCNAME``\ . This can assist the program with finding credential +- caches in non-default locations. If this option is set, then the +- program won't do this and will rely on finding credcaches in the +- default locations specified in \ *krb5.conf*\ . Note that this is never +- performed when the uid is 0. The default credcache location is always +- used when the uid is 0, regardless of the environment variable setting +- in the process. +- +- +- +-\ **--krb5conf|-k=/path/to/krb5.conf**\ +- +- This option allows administrators to set an alternate location for the +- \ *krb5.conf*\ file that \ **cifs.upcall**\ will use. +- +- +- +-\ **--keytab=|-K=/path/to/keytab**\ +- +- This option allows administrators to specify a keytab file to be +- used. When a user has no credential cache already established, +- \ **cifs.upcall**\ will attempt to use this keytab to acquire them. The +- default is the system-wide keytab \ */etc/krb5.keytab*\ . +- +- +- +-\ **--trust-dns|-t**\ +- +- With krb5 upcalls, the name used as the host portion of the service +- principal defaults to the hostname portion of the UNC. This option +- allows the upcall program to reverse resolve the network address of +- the server in order to get the hostname. +- +- This is less secure than not trusting DNS. When using this option, +- it's possible that an attacker could get control of DNS and trick the +- client into mounting a different server altogether. It's preferable to +- instead add server principals to the KDC for every possible hostname, +- but this option exists for cases where that isn't possible. The +- default is to not trust reverse hostname lookups in this fashion. +- +- +- +-\ **--legacy-uid|-l**\ +- +- Traditionally, the kernel has sent only a single uid= parameter to the +- upcall for the SPNEGO upcall that's used to determine what user's +- credential cache to use. This parameter is affected by the \ **uid=**\ +- mount option, which also governs the ownership of files on the mount. +- +- Newer kernels send a creduid= option as well, which contains what uid +- it thinks actually owns the credentials that it's looking for. At +- mount time, this is generally set to the real uid of the user doing +- the mount. For multisession mounts, it's set to the fsuid of the mount +- user. Set this option if you want cifs.upcall to use the older \ **uid=**\ +- parameter instead of the creduid= parameter. +- +- +- +-\ **--version|-v**\ +- +- Print version number and exit. +- +- +- ++-c ++ This option is deprecated and is currently ignored. ++ ++--no-env-probe|-E ++ Normally, ``cifs.upcall`` will probe the environment variable space of ++ the process that initiated the upcall in order to fetch the value of ++ ``$KRB5CCNAME``. This can assist the program with finding credential ++ caches in non-default locations. If this option is set, then the ++ program won't do this and will rely on finding credcaches in the ++ default locations specified in *krb5.conf*. Note that this is never ++ performed when the uid is 0. The default credcache location is always ++ used when the uid is 0, regardless of the environment variable setting ++ in the process. ++ ++--krb5conf|-k=/path/to/krb5.conf ++ This option allows administrators to set an alternate location for the ++ *krb5.conf* file that ``cifs.upcall`` will use. ++ ++--keytab=|-K=/path/to/keytab ++ This option allows administrators to specify a keytab file to be ++ used. When a user has no credential cache already established, ++ ``cifs.upcall`` will attempt to use this keytab to acquire them. The ++ default is the system-wide keytab */etc/krb5.keytab*. ++ ++--trust-dns|-t ++ With krb5 upcalls, the name used as the host portion of the service ++ principal defaults to the hostname portion of the UNC. This option ++ allows the upcall program to reverse resolve the network address of ++ the server in order to get the hostname. ++ ++ This is less secure than not trusting DNS. When using this option, ++ it's possible that an attacker could get control of DNS and trick the ++ client into mounting a different server altogether. It's preferable to ++ instead add server principals to the KDC for every possible hostname, ++ but this option exists for cases where that isn't possible. The ++ default is to not trust reverse hostname lookups in this fashion. ++ ++--legacy-uid|-l ++ Traditionally, the kernel has sent only a single uid= parameter to the ++ upcall for the SPNEGO upcall that's used to determine what user's ++ credential cache to use. This parameter is affected by the uid= ++ mount option, which also governs the ownership of files on the mount. ++ ++ Newer kernels send a creduid= option as well, which contains what uid ++ it thinks actually owns the credentials that it's looking for. At ++ mount time, this is generally set to the real uid of the user doing ++ the mount. For multisession mounts, it's set to the fsuid of the mount ++ user. Set this option if you want cifs.upcall to use the older uid= ++ parameter instead of the creduid= parameter. ++ ++--version|-v ++ Print version number and exit. + + ************************ + CONFIGURATION FOR KEYCTL + ************************ + +- +-\ **cifs.upcall**\ is designed to be called from the kernel via the ++``cifs.upcall`` is designed to be called from the kernel via the + request-key callout program. This requires that request-key be told +-where and how to call this program. The current \ **cifs.upcall**\ ++where and how to call this program. The current ``cifs.upcall`` + program handles two different key types: + ++cifs.spnego ++ This keytype is for retrieving kerberos session keys ++ ++dns_resolver ++ This key type is for resolving hostnames into IP addresses. Support ++ for this key type may eventually be deprecated (see below). ++ ++ To make this program useful for CIFS, you'll need to set up entries ++ for them in request-key.conf(5). Here's an example of an entry for ++ each key type:: + +-\ **cifs.spnego**\ +- +- This keytype is for retrieving kerberos session keys +- +- +- +-\ **dns_resolver**\ +- +- This key type is for resolving hostnames into IP addresses. Support +- for this key type may eventually be deprecated (see below). +- +- To make this program useful for CIFS, you'll need to set up entries +- for them in request-key.conf(5). Here's an example of an entry for +- each key type: +- +- +- .. code-block:: perl +- + #OPERATION TYPE D C PROGRAM ARG1 ARG2... + #========= ============= = = ================================ + create cifs.spnego * * @sbindir@/cifs.upcall %k + create dns_resolver * * @sbindir@/cifs.upcall %k +- +- +- See request-key.conf(5) for more info on each field. +- +- The keyutils package has also started including a dns_resolver +- handling program as well that is preferred over the one in +- \ **cifs.upcall.**\ If you are using a keyutils version equal to or +- greater than 1.5, you should use \ ``key.dns_resolver``\ to handle the +- \ ``dns_resolver``\ keytype instead of \ **cifs.upcall**\ . See +- key.dns_resolver(8) for more info. +- + ++ See request-key.conf(5) for more info on each field. + ++ The keyutils package has also started including a dns_resolver ++ handling program as well that is preferred over the one in ++ ``cifs.upcall``. If you are using a keyutils version equal to or ++ greater than 1.5, you should use ``key.dns_resolver`` to handle the ++ ``dns_resolver`` keytype instead of ``cifs.upcall``. See ++ key.dns_resolver(8) for more info. + + ******** + SEE ALSO + ******** + +- + request-key.conf(5), mount.cifs(8), key.dns_resolver(8) + +- + ****** + AUTHOR + ****** + +- + Igor Mammedov wrote the cifs.upcall program. + + Jeff Layton authored this manpage. +@@ -187,4 +140,3 @@ The maintainer of the Linux CIFS VFS is Steve French. + + The Linux CIFS Mailing list is the preferred place to ask questions + regarding these programs. +- +diff --git a/cifscreds.rst b/cifscreds.rst +index 5c2a195..a6676cb 100644 +--- a/cifscreds.rst ++++ b/cifscreds.rst +@@ -5,125 +5,91 @@ cifscreds + ----------------------------------------- + manage NTLM credentials in kernel keyring + ----------------------------------------- +- + :Manual section: 1 + + ******** + SYNOPSIS + ******** + +- +-cifscreds add|clear|clearall|update [-u username] [-d] host|domain +- ++ cifscreds add|clear|clearall|update [-u username] [-d] host|domain + + *********** + DESCRIPTION + *********** + +- +-The \ **cifscreds**\ program is a tool for managing credentials (username ++The ``cifscreds`` program is a tool for managing credentials (username + and password) for the purpose of establishing sessions in multiuser + mounts. + + When a cifs filesystem is mounted with the "multiuser" option, and does + not use krb5 authentication, it needs to be able to get the credentials +-for each user from somewhere. The \ **cifscreds**\ program is the tool used ++for each user from somewhere. The ``cifscreds`` program is the tool used + to provide these credentials to the kernel. + + The first non-option argument to cifscreds is a command (see the +-\ **COMMANDS**\ section below). The second non-option argument is a hostname ++`COMMANDS`_ section below). The second non-option argument is a hostname + or address, or an NT domain name. + +- + ******** + COMMANDS + ******** + ++add ++ Add credentials to the kernel to be used for connecting to the given ++ server, or servers in the given domain. + ++clear ++ Clear credentials for a particular host or domain from the kernel. + +-\ **add**\ +- +- Add credentials to the kernel to be used for connecting to the given server, or servers in the given domain. +- +- +- +-\ **clear**\ +- +- Clear credentials for a particular host or domain from the kernel. +- +- +- +-\ **clearall**\ +- +- Clear all cifs credentials from the kernel. +- +- +- +-\ **update**\ +- +- Update stored credentials in the kernel with a new username and +- password. +- +- ++clearall ++ Clear all cifs credentials from the kernel. + ++update ++ Update stored credentials in the kernel with a new username and ++ password. + + ******* + OPTIONS + ******* + ++-d, --domain ++ The provided host/domain argument is a NT domainname. + ++ Ordinarily the second argument provided to cifscreds is treated as a ++ hostname or IP address. This option causes the cifscreds program to ++ treat that argument as an NT domainname instead. + +-\ **-d**\ , \ **--domain**\ +- +- The provided host/domain argument is a NT domainname. +- +- Ordinarily the second argument provided to cifscreds is treated as a +- hostname or IP address. This option causes the cifscreds program to +- treat that argument as an NT domainname instead. +- +- If there are not host specific credentials for the mounted server, then +- the kernel will next look for a set of domain credentials equivalent to +- the domain= option provided at mount time. +- +- +- +-\ **-u**\ , \ **--username**\ +- +- Ordinarily, the username is derived from the unix username of the user +- adding the credentials. This option allows the user to substitute a +- different username. +- +- ++ If there are not host specific credentials for the mounted server, then ++ the kernel will next look for a set of domain credentials equivalent to ++ the domain= option provided at mount time. + ++-u, --username ++ Ordinarily, the username is derived from the unix username of the user ++ adding the credentials. This option allows the user to substitute a ++ different username. + + ***** + NOTES + ***** + +- + The cifscreds utility requires a kernel built with support for the +-\ **login**\ key type. That key type was added in v3.3 in mainline Linux ++``login`` key type. That key type was added in v3.3 in mainline Linux + kernels. + +-Since \ **cifscreds**\ adds keys to the session keyring, it is highly +-recommended that one use \ **pam_keyinit**\ to ensure that a session keyring ++Since ``cifscreds`` adds keys to the session keyring, it is highly ++recommended that one use ``pam_keyinit`` to ensure that a session keyring + is established at login time. + +- + ******** + SEE ALSO + ******** + +- + pam_keyinit(8) + +- + ******* + AUTHORS + ******* + +- + The cifscreds program was originally developed by Igor Druzhinin + . This manpage and a redesign of the code was done + by Jeff Layton . +- +diff --git a/getcifsacl.rst.in b/getcifsacl.rst.in +index 42af258..21a10cd 100644 +--- a/getcifsacl.rst.in ++++ b/getcifsacl.rst.in +@@ -7,80 +7,60 @@ Userspace helper to display an ACL in a security descriptor for Common Internet + -------------------------------------------------------------------------------------------------- + :Manual section: 1 + +- + ******** + SYNOPSIS + ******** + +- +-getcifsacl [-v|-r] {file system object} +- ++ getcifsacl [-v|-r] {file system object} + + *********** + DESCRIPTION + *********** + +- + This tool is part of the cifs-utils suite. + +-getcifsacl is a userspace helper program for the Linux CIFS client ++``getcifsacl`` is a userspace helper program for the Linux CIFS client + file system. It is intended to display a security descriptor including + ACL for a file system object. + + This program uses a plugin to handle the mapping of SIDs to user and +-group names. \ *@pluginpath@*\ should be a symlink that points to the ++group names. *@pluginpath@* should be a symlink that points to the + correct plugin to use. + + Fields of an ACE such as SID, type, flags, and mask are displayed +-separated by /. Numeric values of type, flags, and mask are displayed ++separated by /. Numeric values of type, flags, and mask are displayed + in hexadecimal format. + +- + ******* + OPTIONS + ******* + ++-v ++ Print version number and exit. + +- +-\ **-v**\ +- +- Print version number and exit. +- +- +- +-\ **-r**\ +- +- Display a security descriptor in raw mode. Values such as type and +- flags are displayed in hexadecimal format, a SID is not mapped to a +- name. +- +- +- ++-r ++ Display a security descriptor in raw mode. Values such as type and ++ flags are displayed in hexadecimal format, a SID is not mapped to a ++ name. + + ***** + NOTES + ***** + +- + Kernel support for getcifsacl/setcifsacl utilities was initially + introduced in the 2.6.37 kernel. + +- + ******** + SEE ALSO + ******** + +- + mount.cifs(8), setcifsacl(1) + +- + ****** + AUTHOR + ****** + +- + Shirish Pargaonkar wrote the getcifsacl program. + + The Linux CIFS Mailing list is the preferred place to ask questions + regarding these programs. +- +diff --git a/idmapwb.rst.in b/idmapwb.rst.in +index 4d7fd62..c03e4ca 100644 +--- a/idmapwb.rst.in ++++ b/idmapwb.rst.in +@@ -7,31 +7,28 @@ winbind ID mapping plugin for cifs-utils + ---------------------------------------- + :Manual section: 8 + +- + *********** + DESCRIPTION + *********** + +- + This plugin allows the utilities in cifs-utils to work in conjuction with + the winbind facility of Samba suite. It handles several functions including + mapping UID and GID to SIDs and vice versa. + + Utilities are usually configured to use the correct plugin by creating a +-symlink at @pluginpath@ that points to the correct plugin that you wish ++symlink at *@pluginpath@* that points to the correct plugin that you wish + to use. + +-This plugin requires that \ **winbindd(8)**\ be properly configured and running. ++This plugin requires that winbindd(8) be properly configured and running. + +- +-******************************************************************************* ++******** + SEE ALSO +-******************************************************************************* +-getcifsacl(1), setcifsacl(1), cifs.idmap(8), samba(7), smb.conf(5), winbindd(8) +- ++******** + ++getcifsacl(1), setcifsacl(1), cifs.idmap(8), samba(7), smb.conf(5), winbindd(8) + +-***************************************************************** ++****** + AUTHOR +-***************************************************************** ++****** ++ + idmapwb.so was written by Jeff Layton +diff --git a/mount.cifs.rst b/mount.cifs.rst +index a81c6c4..c0f0bdb 100644 +--- a/mount.cifs.rst ++++ b/mount.cifs.rst +@@ -47,7 +47,6 @@ unmounted (usually via the ``umount`` utility). + OPTIONS + ******* + +- + username=arg|user=arg + specifies the username to connect as. If this is not + given, then the environment variable USER is used. +@@ -84,9 +83,9 @@ credentials=filename|cred=filename + password=value + domain=value + +- This is preferred over having passwords in plaintext in a shared file, +- such as ``/etc/fstab`` . Be sure to protect any credentials file +- properly. ++ This is preferred over having passwords in plaintext in a shared file, ++ such as */etc/fstab* . Be sure to protect any credentials file ++ properly. + + uid=arg + sets the uid that will own all files or directories on the mounted +@@ -558,7 +557,7 @@ It's generally preferred to use forward slashes (/) as a delimiter in + service names. They are considered to be the "universal delimiter" + since they are generally not allowed to be embedded within path + components on Windows machines and the client can convert them to +-backslashes (\) unconditionally. Conversely, backslash characters are ++backslashes (\\) unconditionally. Conversely, backslash characters are + allowed by POSIX to be part of a path component, and can't be + automatically converted in the same way. + +diff --git a/pam_cifscreds.rst b/pam_cifscreds.rst +index 8e8308c..4e89bfd 100644 +--- a/pam_cifscreds.rst ++++ b/pam_cifscreds.rst +@@ -7,110 +7,83 @@ PAM module to manage NTLM credentials in kernel keyring + ------------------------------------------------------- + :Manual section: 8 + +- + ******** + SYNOPSIS + ******** + +- + Edit the PAM configuration files for the systems that you want to +-automatically register NTLM credentials for, e.g. /etc/pam.d/login, +-and modify as follows: +- +- +-.. code-block:: perl ++automatically register NTLM credentials for, e.g. */etc/pam.d/login*, ++and modify as follows:: + + ... + auth substack system-auth + +++ auth optional pam_cifscreds.so + auth include postlogin + ... +- ++ + ... + session include system-auth + +++ session optional pam_cifscreds.so domain=DOMAIN + session include postlogin + ... + +- + Change DOMAIN to the name of you Windows domain, or use host= as + described below. + +- + *********** + DESCRIPTION + *********** + +- +-The \ **pam_cifscreds**\ PAM module is a tool for automatically adding ++The ``pam_cifscreds`` PAM module is a tool for automatically adding + credentials (username and password) for the purpose of establishing + sessions in multiuser mounts. + + When a cifs filesystem is mounted with the "multiuser" option, and does + not use krb5 authentication, it needs to be able to get the credentials +-for each user from somewhere. The \ **pam_cifscreds**\ module can be used ++for each user from somewhere. The ``pam_cifscreds`` module can be used + to provide these credentials to the kernel automatically at login. + + In the session section of the PAM configuration file, the module can + either an NT domain name or a list of hostname or addresses. + +- + ******* + OPTIONS + ******* + ++``pam_cifscreds`` supports a couple options which can be set in the PAM ++configuration files. You must have one (and only one) of ``domain=`` or ++``host=``. + +-\ **pam_cifscreds**\ supports a couple options which can be set in the PAM +-configuration files. You must have one (and only one) of domain= or +-host=. +- +- +-\ **debug**\ +- +- Turns on some extra debug logging. +- +- +- +-\ **domain**\ = +- +- Credentials will be added for the specified NT domain name. +- +- +- +-\ **host**\ =[,...] +- +- Credentials will be added for the specified hostnames or IP addresses. +- ++debug ++ Turns on some extra debug logging. + ++domain= ++ Credentials will be added for the specified NT domain name. + ++host=[,...] ++ Credentials will be added for the specified hostnames or IP addresses. + + ***** + NOTES + ***** + +- + The pam_cifscreds PAM module requires a kernel built with support for +-the \ **login**\ key type. That key type was added in v3.3 in mainline Linux ++the ``login`` key type. That key type was added in v3.3 in mainline Linux + kernels. + +-Since \ **pam_cifscreds**\ adds keys to the session keyring, it is highly +-recommended that one use \ **pam_keyinit**\ to ensure that a session keyring ++Since ``pam_cifscreds`` adds keys to the session keyring, it is highly ++recommended that one use ``pam_keyinit`` to ensure that a session keyring + is established at login time. + +- + ******** + SEE ALSO + ******** + +- + cifscreds(1), pam_keyinit(8) + +- + ****** + AUTHOR + ****** + +- + The pam_cifscreds PAM module was developed by Orion Poplawski + . +- +diff --git a/setcifsacl.rst.in b/setcifsacl.rst.in +index ea981e2..de9c758 100644 +--- a/setcifsacl.rst.in ++++ b/setcifsacl.rst.in +@@ -7,179 +7,110 @@ Userspace helper to alter an ACL in a security descriptor for Common Internet Fi + ------------------------------------------------------------------------------------------------ + :Manual section: 1 + +- + ******** + SYNOPSIS + ******** + +- +-setcifsacl [-v|-a|-D|-M|-S] "{one or more ACEs}" {file system object} +- ++ setcifsacl [-v|-a|-D|-M|-S] "{one or more ACEs}" {file system object} + + *********** + DESCRIPTION + *********** + +- + This tool is part of the cifs-utils suite. + +-\ **setcifsacl**\ is a userspace helper program for the Linux CIFS client +-file system. It is intended to alter an ACL of a security descriptor +-for a file system object. Whether a security descriptor to be set is ++``setcifsacl`` is a userspace helper program for the Linux CIFS client ++file system. It is intended to alter an ACL of a security descriptor ++for a file system object. Whether a security descriptor to be set is + applied or not is determined by the CIFS/SMB server. + + This program uses a plugin to handle the mapping of user and group +-names to SIDs. ``@pluginpath@`` should be a symlink that points to the ++names to SIDs. *@pluginpath@* should be a symlink that points to the + correct plugin to use. + +- + ******* + OPTIONS + ******* + ++-h ++ Print usage message and exit. + ++-v ++ Print version number and exit. + +-\ **-h**\ +- +- Print usage message and exit. +- +- +- +-\ **-v**\ +- +- Print version number and exit. +- ++-a ++ Add one or more ACEs to an ACL of a security descriptor. An ACE is ++ added even if the same ACE exists in the ACL. + ++-D ++ Delete one or more ACEs from an ACL of a security descriptor. Entire ++ ACE has to match in an existing ACL for the listed ACEs to be deleted. + +-\ **-a**\ +- +- Add one or more ACEs to an ACL of a security descriptor. An ACE is +- added even if the same ACE exists in the ACL. +- ++-M ++ Modify one or more ACEs from an ACL of a security descriptor. SID and ++ type are used to match for existing ACEs to be modified with the list ++ of ACEs specified. + ++-S ++ Set an ACL of security descriptor with the list of ACEs Existing ACL ++ is replaced entirely with the specified ACEs. + +-\ **-D**\ +- +- Delete one or more ACEs from an ACL of a security descriptor. Entire +- ACE has to match in an existing ACL for the listed ACEs to be deleted. +- +- +- +-\ **-M**\ +- +- Modify one or more ACEs from an ACL of a security descriptor. SID and +- type are used to match for existing ACEs to be modified with the list +- of ACEs specified. +- +- +- +-\ **-S**\ +- +- Set an ACL of security descriptor with the list of ACEs Existing ACL +- is replaced entirely with the specified ACEs. +- +- Every ACE entry starts with "ACL:" One or more ACEs are specified +- within double quotes. Multiple ACEs are separated by a comma. +- +- Following fields of an ACE can be modified with possible values: +- +- +- \ **SID**\ - Either a name or a raw SID value. +- +- +- +- \ **type**\ - ALLOWED (0x0), DENIED (0x1), OBJECT_ALLOWED (0x5), OBJECT_DENIED (0x6) +- +- +- +- \ **flags**\ - OBJECT_INHERIT_FLAG (OI or 0x1), CONTAINER_INHERIT_FLAG (CI or 0x2), NO_PROPAGATE_INHERIT_FLAG (NI or +- 0x4), INHERIT_ONLY_FLAG (IO or 0x8), INHERITED_ACE_FLAG (IA or 0x10) +- or a combination/OR of these values. +- +- +- +- \ **mask**\ - Either one of FULL, CHANGE, READ, a combination of R W X D P O, or a hex value +- +- +- ++ Every ACE entry starts with "ACL:" One or more ACEs are specified ++ within double quotes. Multiple ACEs are separated by a comma. + ++ Following fields of an ACE can be modified with possible values: + ++ - ``SID`` - Either a name or a raw SID value. ++ - ``type`` - ALLOWED (0x0), DENIED (0x1), OBJECT_ALLOWED (0x5), OBJECT_DENIED (0x6) ++ - ``flags`` - OBJECT_INHERIT_FLAG (OI or 0x1), ++ CONTAINER_INHERIT_FLAG (CI or 0x2), NO_PROPAGATE_INHERIT_FLAG (NI ++ or 0x4), INHERIT_ONLY_FLAG (IO or 0x8), INHERITED_ACE_FLAG (IA or ++ 0x10) or a combination/OR of these values. ++ - ``mask`` - Either one of FULL, CHANGE, READ, a combination of R W X D P O, or a hex value. + + ******** + EXAMPLES + ******** + +- + Add an ACE + ========== + +- +- +-.. code-block:: perl +- +- setcifsacl -a "ACL:CIFSTESTDOM\user2:DENIED/0x1/D" +- setcifsacl -a "ACL:CIFSTESTDOM\user1:ALLOWED/OI|CI|NI/D" +- +- ++ setcifsacl -a "ACL:CIFSTESTDOM\user2:DENIED/0x1/D" ++ setcifsacl -a "ACL:CIFSTESTDOM\user1:ALLOWED/OI|CI|NI/D" + + Delete an ACE + ============= + +- +- +-.. code-block:: perl +- +- setcifsacl -D "ACL:S-1-1-0:0x1/OI/0x1201ff" +- +- ++ setcifsacl -D "ACL:S-1-1-0:0x1/OI/0x1201ff" + + Modify an ACE + ============= + +- +- +-.. code-block:: perl +- +- setcifsacl -M "ACL:CIFSTESTDOM\user1:ALLOWED/0x1f/CHANGE" +- +- ++ setcifsacl -M "ACL:CIFSTESTDOM\user1:ALLOWED/0x1f/CHANGE" + + Set an ACL + ========== + +- +- +-.. code-block:: perl +- +- setcifsacl -S "ACL:CIFSTESTDOM\Administrator:0x0/0x0/FULL,ACL:CIFSTESTDOM\user2:0x0/0x0/FULL" +- +- +- ++ setcifsacl -S "ACL:CIFSTESTDOM\Administrator:0x0/0x0/FULL,ACL:CIFSTESTDOM\user2:0x0/0x0/FULL" + + ***** + NOTES + ***** + +- + Kernel support for getcifsacl/setcifsacl utilities was initially + introduced in the 2.6.37 kernel. + +- + ******** + SEE ALSO + ******** + +- + mount.cifs(8), getcifsacl(1) + +- + ****** + AUTHOR + ****** + +- + Shirish Pargaonkar wrote the setcifsacl program. + + The Linux CIFS Mailing list is the preferred place to ask questions + regarding these programs. +- +-- +2.13.7 + diff --git a/0001-manpage-correct-typos-and-spelling-mistakes.patch b/0001-manpage-correct-typos-and-spelling-mistakes.patch deleted file mode 100644 index 9145df0..0000000 --- a/0001-manpage-correct-typos-and-spelling-mistakes.patch +++ /dev/null @@ -1,98 +0,0 @@ -From 9ba078eb179f713d4f1b5e8d7e416a0e86d8053e Mon Sep 17 00:00:00 2001 -From: Aurelien Aptel -Date: Wed, 15 Feb 2017 18:10:09 +0100 -Subject: [PATCH 1/2] manpage: correct typos and spelling mistakes - -Signed-off-by: Aurelien Aptel ---- - mount.cifs.8 | 18 +++++++++--------- - 1 file changed, 9 insertions(+), 9 deletions(-) - -diff --git a/mount.cifs.8 b/mount.cifs.8 -index 01579f6..9104fae 100644 ---- a/mount.cifs.8 -+++ b/mount.cifs.8 -@@ -324,7 +324,7 @@ See section \fIACCESSING FILES WITH BACKUP INTENT\fR for more details - .PP - nocase - .RS 4 --Request case insensitive path name matching (case sensitive is the default if the server suports it)\&. -+Request case insensitive path name matching (case sensitive is the default if the server supports it)\&. - .RE - .PP - ignorecase -@@ -457,7 +457,7 @@ Enable support for Minshall+French symlinks(see http://wiki.samba.org/index.php/ - .PP - serverino - .RS 4 --Use inode numbers (unique persistent file identifiers) returned by the server instead of automatically generating temporary inode numbers on the client\&. Although server inode numbers make it easier to spot hardlinked files (as they will have the same inode numbers) and inode numbers may be persistent (which is userful for some sofware), the server does not guarantee that the inode numbers are unique if multiple server side mounts are exported under a single share (since inode numbers on the servers might not be unique if multiple filesystems are mounted under the same shared higher level directory)\&. Note that not all servers support returning server inode numbers, although those that support the CIFS Unix Extensions, and Windows 2000 and later servers typically do support this (although not necessarily on every local server filesystem)\&. Parameter has no effect if the server lacks support for returning inode numbers or equivalent\&. This behavior is enabled by default\&. -+Use inode numbers (unique persistent file identifiers) returned by the server instead of automatically generating temporary inode numbers on the client\&. Although server inode numbers make it easier to spot hardlinked files (as they will have the same inode numbers) and inode numbers may be persistent (which is useful for some software), the server does not guarantee that the inode numbers are unique if multiple server side mounts are exported under a single share (since inode numbers on the servers might not be unique if multiple filesystems are mounted under the same shared higher level directory)\&. Note that not all servers support returning server inode numbers, although those that support the CIFS Unix Extensions, and Windows 2000 and later servers typically do support this (although not necessarily on every local server filesystem)\&. Parameter has no effect if the server lacks support for returning inode numbers or equivalent\&. This behavior is enabled by default\&. - .RE - .PP - noserverino -@@ -485,7 +485,7 @@ Do not allow getfattr/setfattr to get/set xattrs, even if server would support i - .PP - rsize=\fIbytes\fR - .RS 4 --Maximum amount of data that the kernel will request in a read request in bytes. Prior to kernel 3.2.0, the default was 16k, and the maximum size was limited by the CIFSMaxBufSize module parameter. As of kernel 3.2.0, the behavior varies according to whether POSIX extensions are enabled on the mount and the server supports large POSIX reads. If they are, then the default is 1M, and the maxmimum is 16M. If they are not supported by the server, then the default is 60k and the maximum is around 127k. The reason for the 60k is because it's the maximum size read that windows servers can fill. Note that this value is a maximum, and the client may settle on a smaller size to accomodate what the server supports. In kernels prior to 3.2.0, no negotiation is performed. -+Maximum amount of data that the kernel will request in a read request in bytes. Prior to kernel 3.2.0, the default was 16k, and the maximum size was limited by the CIFSMaxBufSize module parameter. As of kernel 3.2.0, the behavior varies according to whether POSIX extensions are enabled on the mount and the server supports large POSIX reads. If they are, then the default is 1M, and the maximum is 16M. If they are not supported by the server, then the default is 60k and the maximum is around 127k. The reason for the 60k is because it's the maximum size read that windows servers can fill. Note that this value is a maximum, and the client may settle on a smaller size to accommodate what the server supports. In kernels prior to 3.2.0, no negotiation is performed. - .RE - .PP - wsize=\fIbytes\fR -@@ -506,7 +506,7 @@ multiuser - .RS 4 - Map user accesses to individual credentials when accessing the server\&. By default, CIFS mounts only use a single set of user credentials (the mount credentials) when accessing a share\&. With this option, the client instead creates a new session with the server using the user's credentials whenever a new user accesses the mount. Further accesses by that user will also use those credentials\&. Because the kernel cannot prompt for passwords, multiuser mounts are limited to mounts using sec= options that don't require passwords. - .sp --With this change, it's feasible for the server to handle permissions enforcement, so this option also implies "noperm"\&. Furthermore, when unix extensions aren't in use and the administrator has not overriden ownership using the uid= or gid= options, ownership of files is presented as the current user accessing the share\&. -+With this change, it's feasible for the server to handle permissions enforcement, so this option also implies "noperm"\&. Furthermore, when unix extensions aren't in use and the administrator has not overridden ownership using the uid= or gid= options, ownership of files is presented as the current user accessing the share\&. - .RE - .PP - actimeo=\fIarg\fR -@@ -605,7 +605,7 @@ mount \-t cifs //server/share /mnt \-\-verbose \-o user=username - .RE - .SH "SERVICE FORMATTING AND DELIMITERS" - .PP --It\'s generally preferred to use forward slashes (/) as a delimiter in service names\&. They are considered to be the "universal delimiter" since they are generally not allowed to be embedded within path components on Windows machines and the client can convert them to blackslashes (\e) unconditionally\&. Conversely, backslash characters are allowed by POSIX to be part of a path component, and can\'t be automatically converted in the same way\&. -+It\'s generally preferred to use forward slashes (/) as a delimiter in service names\&. They are considered to be the "universal delimiter" since they are generally not allowed to be embedded within path components on Windows machines and the client can convert them to backslashes (\e) unconditionally\&. Conversely, backslash characters are allowed by POSIX to be part of a path component, and can\'t be automatically converted in the same way\&. - .PP - mount\&.cifs will attempt to convert backslashes to forward slashes where it\'s able to do so, but it cannot do so in any path component following the sharename\&. - .SH "INODE NUMBERS" -@@ -753,7 +753,7 @@ If either upcall to cifs.idmap is not setup correctly or winbind is not configur - .RE - .SH "ACCESSING FILES WITH BACKUP INTENT" - .PP --For an user on the server, desired access to a file is determined by the permissions and rights associated with that file. This is typically accomplished using owenrship and ACL. For a user who does not have access rights to a file, it is still possible to access that file for a specific or a targeted purpose by granting special rights. One of the specific purposes is to access a file with the intent to either backup or restore i.e. backup intent. The right to access a file with the backup intent can typically be granted by making that user a part of the built-in group Backup Operators. Thus, when this user attempts to open a file with the backup intent, open request is sent by setting the bit FILE_OPEN_FOR_BACKUP_INTENT as one of the CreateOptions. -+For an user on the server, desired access to a file is determined by the permissions and rights associated with that file. This is typically accomplished using ownership and ACL. For a user who does not have access rights to a file, it is still possible to access that file for a specific or a targeted purpose by granting special rights. One of the specific purposes is to access a file with the intent to either backup or restore i.e. backup intent. The right to access a file with the backup intent can typically be granted by making that user a part of the built-in group Backup Operators. Thus, when this user attempts to open a file with the backup intent, open request is sent by setting the bit FILE_OPEN_FOR_BACKUP_INTENT as one of the CreateOptions. - - As an example, on a Windows server, a user named testuser, cannot open this file with such a security descriptor. - .PP -@@ -772,7 +772,7 @@ But the user testuser, if it becomes part of the group Backup Operators, can ope - Any user on the client side who can authenticate as such a user on the server, - can access the files with the backup intent. But it is desirable and preferable for security reasons amongst many, to restrict this special right. - --The mount option backupuid is used to restrict this special right to a user which is specified by either a name or an id. The mount option backupgid is used to restrict this special right to the users in a group which is specified by either a name or an id. Only users maching either backupuid or backupgid shall attempt to access files with backup intent. These two mount options can be used together. -+The mount option backupuid is used to restrict this special right to a user which is specified by either a name or an id. The mount option backupgid is used to restrict this special right to the users in a group which is specified by either a name or an id. Only users matching either backupuid or backupgid shall attempt to access files with backup intent. These two mount options can be used together. - .SH "FILE AND DIRECTORY OWNERSHIP AND PERMISSIONS" - .PP - The core CIFS protocol does not provide unix ownership information or mode for files and directories\&. Because of this, files and directories will generally appear to be owned by whatever values the uid= or gid= options are set, and will have permissions set to the default file_mode and dir_mode for the mount\&. Attempting to change these values via chmod/chown will return success but have no effect\&. -@@ -783,7 +783,7 @@ If the uid\'s and gid\'s being used do not match on the client and server, the f - .PP - When unix extensions are not negotiated, it\'s also possible to emulate them locally on the server using the "dynperm" mount option\&. When this mount option is in effect, newly created files and directories will receive what appear to be proper permissions\&. These permissions are not stored on the server however and can disappear at any time in the future (subject to the whims of the kernel flushing out the inode cache)\&. In general, this mount option is discouraged\&. - .PP --It\'s also possible to override permission checking on the client altogether via the noperm option\&. Server\-side permission checks cannot be overriden\&. The permission checks done by the server will always correspond to the credentials used to mount the share, and not necessarily to the user who is accessing the share\&. -+It\'s also possible to override permission checking on the client altogether via the noperm option\&. Server\-side permission checks cannot be overridden\&. The permission checks done by the server will always correspond to the credentials used to mount the share, and not necessarily to the user who is accessing the share\&. - .SH "ENVIRONMENT VARIABLES" - .PP - The variable -@@ -799,7 +799,7 @@ The variable - may contain the pathname of a file to read the password from\&. A single line of input is read and used as the password\&. - .SH "NOTES" - .PP --This command may be used only by root, unless installed setuid, in which case the noeexec and nosuid mount flags are enabled\&. When installed as a setuid program, the program follows the conventions set forth by the mount program for user mounts, with the added restriction that users must be able to chdir() into the -+This command may be used only by root, unless installed setuid, in which case the noexec and nosuid mount flags are enabled\&. When installed as a setuid program, the program follows the conventions set forth by the mount program for user mounts, with the added restriction that users must be able to chdir() into the - mountpoint prior to the mount in order to be able to mount onto it. - .PP - Some samba client tools like smbclient(8) honour client\-side configuration parameters present in smb\&.conf\&. Unlike those client tools, --- -2.12.0 - diff --git a/0002-mount.cifs-document-SMBv3.1.1-and-new-seal-option.patch b/0002-mount.cifs-document-SMBv3.1.1-and-new-seal-option.patch deleted file mode 100644 index 32d988f..0000000 --- a/0002-mount.cifs-document-SMBv3.1.1-and-new-seal-option.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 5513fa5aa37602b8716b7d28b1ca5cf99d446efd Mon Sep 17 00:00:00 2001 -From: Aurelien Aptel -Date: Fri, 21 Apr 2017 16:59:50 +0200 -Subject: [PATCH 2/2] mount.cifs: document SMBv3.1.1 and new seal option - -Signed-off-by: Aurelien Aptel ---- - mount.cifs.8 | 16 ++++++++++++++++ - mount.cifs.c | 2 +- - 2 files changed, 17 insertions(+), 1 deletion(-) - -diff --git a/mount.cifs.8 b/mount.cifs.8 -index 9104fae..ab35448 100644 ---- a/mount.cifs.8 -+++ b/mount.cifs.8 -@@ -440,6 +440,11 @@ The default in mainline kernel versions prior to v3.8 was sec=ntlm. In v3.8, the - If the server requires signing during protocol negotiation, then it may be enabled automatically. Packet signing may also be enabled automatically if it's enabled in /proc/fs/cifs/SecurityFlags. - .RE - .PP -+seal -+.RS 4 -+Request encryption at the SMB layer. Encryption is only supported in SMBv3 and above. The encryption algorithm used is AES-128-CCM. -+.RE -+.PP - nobrl - .RS 4 - Do not send byte range lock requests to the server\&. This is necessary for certain applications that break with cifs style mandatory byte range locks (and most cifs servers do not yet support requesting advisory byte range locks)\&. -@@ -593,6 +598,17 @@ SMB protocol version. Allowed values are: - .\} - 3.0 - The SMBv3.0 protocol that was introduced in Microsoft Windows 8 and Windows Server 2012. - .RE -+.sp -+.RS 4 -+.ie n \{\ -+\h'-04'\(bu\h'+03'\c -+.\} -+.el \{\ -+.sp -1 -+.IP \(bu 2.3 -+.\} -+3.1.1 or 3.11 - The SMBv3.1.1 protocol that was introduced in Microsoft Windows Server 2016. -+.RE - .PP - Note too that while this option governs the protocol version used, not all features of each version are available. - .RE -diff --git a/mount.cifs.c b/mount.cifs.c -index 2612feb..8ca848d 100644 ---- a/mount.cifs.c -+++ b/mount.cifs.c -@@ -269,7 +269,7 @@ static int mount_usage(FILE * stream) - fprintf(stream, - "\n\tmapchars,nomapchars,nolock,servernetbiosname="); - fprintf(stream, -- "\n\tdirectio,nounix,cifsacl,sec=,sign,fsc"); -+ "\n\tdirectio,nounix,cifsacl,sec=,sign,seal,fsc"); - fprintf(stream, - "\n\nOptions not needed for servers supporting CIFS Unix extensions"); - fprintf(stream, --- -2.12.0 - diff --git a/0002-mount.cifs.rst-document-new-no-handlecache-mount-opt.patch b/0002-mount.cifs.rst-document-new-no-handlecache-mount-opt.patch new file mode 100644 index 0000000..51f9488 --- /dev/null +++ b/0002-mount.cifs.rst-document-new-no-handlecache-mount-opt.patch @@ -0,0 +1,37 @@ +From bfcbfaa27a6bcfea3d463e793feff5a983f344a5 Mon Sep 17 00:00:00 2001 +From: Aurelien Aptel +Date: Tue, 15 May 2018 10:40:48 +0200 +Subject: [PATCH 02/10] mount.cifs.rst: document new (no)handlecache mount + option + +Signed-off-by: Aurelien Aptel +Reviewed-by: Steve French +Reviewed-by: Pavel Shilovsky +--- + mount.cifs.rst | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/mount.cifs.rst b/mount.cifs.rst +index c0f0bdb..405c459 100644 +--- a/mount.cifs.rst ++++ b/mount.cifs.rst +@@ -237,6 +237,16 @@ cache=arg + The default in kernels prior to 3.7 was ``loose``. As of kernel 3.7 the + default is ``strict``. + ++handlecache ++ (default) In SMB2 and above, the client often has to open the root ++ of the share (empty path) in various places during mount, path ++ revalidation and the statfs(2) system call. This option cuts ++ redundant round trip traffic (opens and closes) by simply keeping ++ the directory handle for the root around once opened. ++ ++nohandlecache ++ Disable caching of the share root directory handle. ++ + directio + Do not do inode data caching on files opened on this mount. This + precludes mmaping files on this mount. In some cases with fast +-- +2.13.7 + diff --git a/0003-manpage-update-mount.cifs-manpage-with-info-about-rd.patch b/0003-manpage-update-mount.cifs-manpage-with-info-about-rd.patch new file mode 100644 index 0000000..fef9496 --- /dev/null +++ b/0003-manpage-update-mount.cifs-manpage-with-info-about-rd.patch @@ -0,0 +1,30 @@ +From 03a3296c79f8195f94c43a3b4feb09df75d9b90e Mon Sep 17 00:00:00 2001 +From: Kenneth Dsouza +Date: Fri, 13 Jul 2018 23:49:59 +0530 +Subject: [PATCH 03/10] manpage: update mount.cifs manpage with info about rdma + option + +Signed-off-by: Kenneth Dsouza +--- + mount.cifs.rst | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/mount.cifs.rst b/mount.cifs.rst +index 405c459..56c1bf9 100644 +--- a/mount.cifs.rst ++++ b/mount.cifs.rst +@@ -403,6 +403,11 @@ echo_interval=n + If this option is not given then the default value of 60 seconds is used. + The minimum tunable value is 1 second and maximum can go up to 600 seconds. + ++rdma ++ Use to connect to SMB Direct, only applicable when specified with ++ vers=3 or vers=3.x. ++ Here 3.x can be 3.0, 3.02 or 3.1.1. ++ + serverino + Use inode numbers (unique persistent file identifiers) returned by the + server instead of automatically generating temporary inode numbers on +-- +2.13.7 + diff --git a/0004-checkopts-add-python-script-to-cross-check-mount-opt.patch b/0004-checkopts-add-python-script-to-cross-check-mount-opt.patch new file mode 100644 index 0000000..3bbe7f2 --- /dev/null +++ b/0004-checkopts-add-python-script-to-cross-check-mount-opt.patch @@ -0,0 +1,261 @@ +From 97209a56d13b8736579a58cccf00d2da4e4a0e5a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Aur=C3=A9lien=20Aptel?= +Date: Tue, 10 Jul 2018 17:50:42 +0200 +Subject: [PATCH 04/10] checkopts: add python script to cross check mount + options + +Signed-off-by: Aurelien Aptel +--- + checkopts | 240 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 240 insertions(+) + create mode 100755 checkopts + +diff --git a/checkopts b/checkopts +new file mode 100755 +index 0000000..26ca271 +--- /dev/null ++++ b/checkopts +@@ -0,0 +1,240 @@ ++#!/usr/bin/env python3 ++# ++# Script to check for inconsistencies between documented mount options ++# and implemented kernel options. ++# Copyright (C) 2018 Aurelien Aptel (aaptel@suse.com) ++# ++# This program is free software; you can redistribute it and/or modify ++# it under the terms of the GNU General Public License as published by ++# the Free Software Foundation; either version 3 of the License, or ++# (at your option) any later version. ++# ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program. If not, see . ++ ++import os ++import sys ++import re ++import subprocess ++import argparse ++from pprint import pprint as P ++ ++def extract_canonical_opts(s): ++ """ ++ Return list of option names present in s. ++ e.g "opt1=a|opt2=d" => ["opt1", "opt2"]) ++ """ ++ opts = s.split("|") ++ res = [] ++ for o in opts: ++ x = o.split("=") ++ res.append(x[0]) ++ return res ++ ++def extract_kernel_opts(fn): ++ STATE_BASE = 0 ++ STATE_DEF = 1 ++ STATE_USE = 2 ++ STATE_EXIT = 3 ++ ++ state = STATE_BASE ++ fmt2enum = {} ++ enum2code = {} ++ code = '' ++ current_opt = '' ++ rx = RX() ++ ++ def code_add(s): ++ if current_opt != '': ++ if current_opt not in enum2code: ++ enum2code[current_opt] = '' ++ enum2code[current_opt] += s ++ ++ with open(fn) as f: ++ for s in f.readlines(): ++ if state == STATE_EXIT: ++ break ++ ++ elif state == STATE_BASE: ++ if rx.search(r'cifs_mount_option_tokens.*\{', s): ++ state = STATE_DEF ++ elif rx.search(r'^cifs_parse_mount_options', s): ++ state = STATE_USE ++ ++ elif state == STATE_DEF: ++ if rx.search(r'(Opt_[a-zA-Z0-9_]+)\s*,\s*"([^"]+)"', s): ++ fmt = rx.group(2) ++ opts = extract_canonical_opts(fmt) ++ assert(len(opts) == 1) ++ name = opts[0] ++ fmt2enum[name] = {'enum':rx.group(1), 'fmt':fmt} ++ elif rx.search(r'^};', s): ++ state = STATE_BASE ++ ++ elif state == STATE_USE: ++ if rx.search(r'^\s*case (Opt_[a-zA-Z0-9_]+)', s): ++ current_opt = rx.group(1) ++ elif current_opt != '' and rx.search(r'^\s*default:', s): ++ state = STATE_EXIT ++ else: ++ code_add(s) ++ return fmt2enum, enum2code ++ ++def chomp(s): ++ if s[-1] == '\n': ++ return s[:-1] ++ return s ++ ++def extract_man_opts(fn): ++ STATE_EXIT = 0 ++ STATE_BASE = 1 ++ STATE_OPT = 2 ++ ++ state = STATE_BASE ++ rx = RX() ++ opts = {} ++ ++ with open(fn) as f: ++ for s in f.readlines(): ++ if state == STATE_EXIT: ++ break ++ ++ elif state == STATE_BASE: ++ if rx.search(r'^OPTION', s): ++ state = STATE_OPT ++ ++ elif state == STATE_OPT: ++ if rx.search('^[a-z]', s) and len(s) < 50: ++ s = chomp(s) ++ names = extract_canonical_opts(s) ++ for name in names: ++ opts[name] = s ++ elif rx.search(r'^[A-Z]+', s): ++ state = STATE_EXIT ++ return opts ++ ++def format_code(s): ++ # remove common indent in the block ++ min_indent = None ++ for ln in s.split("\n"): ++ indent = 0 ++ for c in ln: ++ if c == '\t': indent += 1 ++ else: break ++ if min_indent is None: ++ min_indent = indent ++ elif indent > 0: ++ min_indent = min(indent, min_indent) ++ out = '' ++ lines = s.split("\n") ++ if lines[-1].strip() == '': ++ lines.pop() ++ for ln in lines: ++ out += "| %s\n" % ln[min_indent:] ++ return out ++ ++def sortedset(s): ++ return sorted(list(s), key=lambda x: re.sub('^no', '', x)) ++ ++def opt_neg(opt): ++ if opt.startswith("no"): ++ return opt[2:] ++ else: ++ return "no"+opt ++ ++def main(): ++ ap = argparse.ArgumentParser(description="Cross-check mount options from cifs.ko/man page") ++ ap.add_argument("cfile", help="path to connect.c") ++ ap.add_argument("rstfile", help="path to mount.cifs.rst") ++ args = ap.parse_args() ++ ++ fmt2enum, enum2code = extract_kernel_opts(args.cfile) ++ manopts = extract_man_opts(args.rstfile) ++ ++ kernel_opts_set = set(fmt2enum.keys()) ++ man_opts_set = set(manopts.keys()) ++ ++ def opt_alias_is_doc(o): ++ enum = fmt2enum[o]['enum'] ++ aliases = [] ++ for k,v in fmt2enum.items(): ++ if k != o and v['enum'] == enum: ++ if opt_is_doc(k): ++ return k ++ return None ++ ++ def opt_exists(o): ++ return o in fmt2enum ++ ++ def opt_is_doc(o): ++ return o in manopts ++ ++ ++ print('UNDOCUMENTED OPTIONS') ++ print('====================') ++ ++ undoc_opts = kernel_opts_set - man_opts_set ++ # group opts and their negations together ++ for opt in sortedset(undoc_opts): ++ fmt = fmt2enum[opt]['fmt'] ++ enum = fmt2enum[opt]['enum'] ++ code = format_code(enum2code[enum]) ++ neg = opt_neg(opt) ++ ++ if enum == 'Opt_ignore': ++ print("# skipping %s (Opt_ignore)\n"%opt) ++ continue ++ ++ if opt_exists(neg) and opt_is_doc(neg): ++ print("# skipping %s (%s is documented)\n"%(opt, neg)) ++ continue ++ ++ alias = opt_alias_is_doc(opt) ++ if alias: ++ print("# skipping %s (alias %s is documented)\n"%(opt, alias)) ++ continue ++ ++ print('OPTION %s ("%s" -> %s):\n%s'%(opt, fmt, enum, code)) ++ ++ print('') ++ print('DOCUMENTED BUT NON-EXISTING OPTIONS') ++ print('===================================') ++ ++ unex_opts = man_opts_set - kernel_opts_set ++ # group opts and their negations together ++ for opt in sortedset(unex_opts): ++ fmt = manopts[opt] ++ print('OPTION %s ("%s")' % (opt, fmt)) ++ ++ ++ print('') ++ print('NEGATIVE OPTIONS WITHOUT POSITIVE') ++ print('=================================') ++ ++ for opt in sortedset(kernel_opts_set): ++ if not opt.startswith('no'): ++ continue ++ ++ neg = opt[2:] ++ if not opt_exists(neg): ++ print("OPTION %s exists but not %s"%(opt,neg)) ++ ++# little helper to test AND store result at the same time so you can ++# do if/elsif easily instead of nesting them when you need to do ++# captures ++class RX: ++ def __init__(self): ++ pass ++ def search(self, rx, s, flags=0): ++ self.r = re.search(rx, s, flags) ++ return self.r ++ def group(self, n): ++ return self.r.group(n) ++ ++if __name__ == '__main__': ++ main() +-- +2.13.7 + diff --git a/0005-mount.cifs.rst-document-missing-options-correct-wron.patch b/0005-mount.cifs.rst-document-missing-options-correct-wron.patch new file mode 100644 index 0000000..44a713d --- /dev/null +++ b/0005-mount.cifs.rst-document-missing-options-correct-wron.patch @@ -0,0 +1,219 @@ +From 7325a01abc529d68756bae90cf23233392626939 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Aur=C3=A9lien=20Aptel?= +Date: Tue, 10 Jul 2018 17:50:43 +0200 +Subject: [PATCH 05/10] mount.cifs.rst: document missing options, correct wrong + ones + +Signed-off-by: Aurelien Aptel +--- + mount.cifs.rst | 111 ++++++++++++++++++++++++++++++++++++++++----------------- + 1 file changed, 79 insertions(+), 32 deletions(-) + +diff --git a/mount.cifs.rst b/mount.cifs.rst +index 56c1bf9..13b3a1e 100644 +--- a/mount.cifs.rst ++++ b/mount.cifs.rst +@@ -123,6 +123,11 @@ forcegid + of the gid= option. See the section on `FILE AND DIRECTORY OWNERSHIP + AND PERMISSIONS`_ below for more information. + ++idsfromsid ++ Extract uid/gid from special SID instead of mapping it. See the ++ section on `FILE AND DIRECTORY OWNERSHIP AND PERMISSIONS`_ below for ++ more information. ++ + port=arg + sets the port number on which the client will attempt to contact the + CIFS server. If this value is specified, look for an existing +@@ -133,8 +138,9 @@ port=arg + try to connect on port 445 first and then port 139 if that + fails. Return an error if both fail. + +-servernetbiosname=arg +- Specify the server netbios name (RFC1001 name) to use when attempting ++ ++netbiosname=arg ++ Specify the client netbios name (RFC1001 name) to use when attempting + to setup a session to the server. Although rarely needed for mounting + to newer servers, this option is needed for mounting to some older + servers (such as OS/2 or Windows 98 and Windows ME) since when +@@ -143,7 +149,8 @@ servernetbiosname=arg + characters long and is usually uppercased. + + servern=arg +- Synonym for ``servernetbiosname`` ++ Similarl to ``netbiosname`` except it specifies the netbios name of ++ the server instead of the client. + + netbiosname=arg + When mounting to servers via port 139, specifies the RFC1001 source +@@ -166,6 +173,10 @@ ip=arg|addr=arg + domain=arg|dom=arg|workgroup=arg + sets the domain (workgroup) of the user. + ++domainauto ++ When using NTLMv2 authentification and not providing a domain via ++ ``domain``, guess the domain from the server NTLM challenge. ++ + guest + don't prompt for a password. + +@@ -237,6 +248,9 @@ cache=arg + The default in kernels prior to 3.7 was ``loose``. As of kernel 3.7 the + default is ``strict``. + ++nostrictsync ++ Do not flush to the server on fsync(). ++ + handlecache + (default) In SMB2 and above, the client often has to open the root + of the share (empty path) in various places during mount, path +@@ -247,32 +261,6 @@ handlecache + nohandlecache + Disable caching of the share root directory handle. + +-directio +- Do not do inode data caching on files opened on this mount. This +- precludes mmaping files on this mount. In some cases with fast +- networks and little or no caching benefits on the client (e.g. when +- the application is doing large sequential reads bigger than page size +- without rereading the same data) this can provide better performance +- than the default behavior which caches reads (readahead) and writes +- (writebehind) through the local Linux client pagecache if oplock +- (caching token) is granted and held. Note that direct allows write +- operations larger than page size to be sent to the server. On some +- kernels this requires the cifs.ko module to be built with the +- ``CIFS_EXPERIMENTAL`` configure option. +- +- This option is will be deprecated in 3.7. Users should use +- ``cache=none`` instead on more recent kernels. +- +-strictcache +- Use for switching on strict cache mode. In this mode the client reads +- from the cache all the time it has *Oplock Level II* , otherwise - +- read from the server. As for write - the client stores a data in the +- cache in *Exclusive Oplock* case, otherwise - write directly to the +- server. +- +- This option is will be deprecated in 3.7. Users should use +- ``cache=strict`` instead on more recent kernels. +- + rwpidforward + Forward pid of a process who opened a file to any read or write + operation on that file. This prevent applications like wine(1) from +@@ -283,7 +271,7 @@ mapchars + including the colon, question mark, pipe, asterik, greater than and + less than characters) to the remap range (above 0xF000), which also + allows the CIFS client to recognize files created with such characters +- by Windows's POSIX emulation. This can also be useful when mounting to ++ by Windows's Services for Mac. This can also be useful when mounting to + most versions of Samba (which also forbids creating and opening files + whose names contain any of these seven characters). This has no effect + if the server does not support Unicode on the wire. Please note that +@@ -293,6 +281,10 @@ mapchars + nomapchars + (default) Do not translate any of these seven characters. + ++mapposix ++ Translate reserved characters similarly to ``mapchars`` but use the ++ mapping from Microsoft "Services For Unix". ++ + intr + currently unimplemented. + +@@ -370,12 +362,42 @@ seal + Request encryption at the SMB layer. Encryption is only supported in + SMBv3 and above. The encryption algorithm used is AES-128-CCM. + ++rdma ++ Connect directly to the server using SMB Direct via a RDMA adapter. ++ ++resilienthandles ++ Enable resilient handles. If the server supports it, keep opened ++ files across reconenctions. Requires SMB2.1. ++ ++noresilienthandles ++ (default) Disable resilient handles. ++ ++persistenthandles ++ Enable persistent handles. If the server supports it, keep opened ++ files across reconnections. Persistent handles are also valid across ++ servers in a cluser and have stronger guarantees than resilient ++ handles. Requires SMB3 or above. ++ ++nopersistenthandles ++ (default) Disable persistent handles. ++ ++snapshot=time ++ Mount a specific snapshot of the remote share. ``time`` must be a ++ positive integer identifying the snapshot requested. ++ + nobrl + Do not send byte range lock requests to the server. This is necessary + for certain applications that break with cifs style mandatory byte + range locks (and most cifs servers do not yet support requesting + advisory byte range locks). + ++forcemandatorylock ++ Do not use POSIX locks even when available via unix ++ extensions. Always use cifs style mandatory locks. ++ ++locallease ++ Check cache leases locally instead of querying the server. ++ + sfu + When the CIFS Unix Extensions are not negotiated, attempt to create + device files and fifos in a format compatible with Services for Unix +@@ -431,8 +453,12 @@ noserverino + + See section `INODE NUMBERS`_ for more information. + +-nounix +- Disable the CIFS Unix Extensions for this mount. This can be useful in ++unix|linux ++ (default) Enable Unix Extensions for this mount. Requires CIFS ++ (vers=1.0) or SMB3.1.1 (vers=3.1.1) and a server supporting them. ++ ++nounix|nolinux ++ Disable the Unix Extensions for this mount. This can be useful in + order to turn off multiple settings at once. This includes POSIX acls, + POSIX locks, POSIX paths, symlink support and retrieving + uids/gids/mode from the server. This can also be useful to work around +@@ -444,6 +470,23 @@ nouser_xattr + Do not allow getfattr/setfattr to get/set xattrs, even if server would + support it otherwise. The default is for xattr support to be enabled. + ++nodfs ++ Do not follow Distributed FileSystem referals. IO on a file not ++ stored on the server will fail instead of connecting to the target ++ server transparently. ++ ++noautotune ++ Use fixed size for kernel recv/send socket buffers. ++ ++nosharesock ++ Do not try to reuse sockets if the system is already connected to ++ the server via an existing mount point. This will make the client ++ always make a new connection to the server no matter what he is ++ already connected to. ++ ++noblocksend ++ Send data on the socket using non blocking operations (MSG_DONTWAIT flag). ++ + rsize=bytes + Maximum amount of data that the kernel will request in a read request + in bytes. Prior to kernel 3.2.0, the default was 16k, and the maximum +@@ -472,6 +515,10 @@ wsize=bytes + this value isn't specified or it's greater or equal than the existing + one. + ++max_credits=n ++ Maximum credits the SMB2 client can have. Default is 32000. Must be ++ set to a number between 20 and 60000. ++ + fsc + Enable local disk caching using FS-Cache for CIFS. This option could + be useful to improve performance on a slow link, heavily loaded server +-- +2.13.7 + diff --git a/0006-cifs-utils-support-rst2man-3.patch b/0006-cifs-utils-support-rst2man-3.patch new file mode 100644 index 0000000..400e157 --- /dev/null +++ b/0006-cifs-utils-support-rst2man-3.patch @@ -0,0 +1,50 @@ +From a389756f51916995d27819ea1807ab03f36d8dd7 Mon Sep 17 00:00:00 2001 +From: Alexander Bokovoy +Date: Tue, 17 Jul 2018 13:12:44 +0300 +Subject: [PATCH 06/10] cifs-utils: support rst2man-3 + +Python3 version of rst2man is called rst2man-3 + +Signed-off-by: Alexander Bokovoy +Reviewed-by: Aurelien Aptel +--- + Makefile.am | 2 +- + configure.ac | 6 +++--- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/Makefile.am b/Makefile.am +index 30658e3..f37c9ae 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -16,7 +16,7 @@ man_MANS= + + SUFFIXES = .rst .1 .8 + +-RST2MAN = rst2man --syntax-highlight=none $< $@ ++RST2MAN = $(have_rst2man) --syntax-highlight=none $< $@ + + .rst.1: + $(RST2MAN) +diff --git a/configure.ac b/configure.ac +index b0bc2b9..8e3d6ce 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -252,12 +252,12 @@ fi + + # if docs are not disabled, check if rst2man is available + if test $enable_man != "no"; then +- AC_CHECK_PROG(have_rst2man, rst2man, yes, no) ++ AC_CHECK_PROGS(have_rst2man, rst2man-3.6 rst2man-3.4 rst2man-3 rst2man, no) + if test $have_rst2man = "no"; then + if test $enable_man = "yes"; then +- AC_MSG_ERROR([rst2man not found: cannot generate man pages, consider installing perl.]) ++ AC_MSG_ERROR([rst2man not found: cannot generate man pages, consider installing python{2,3}-docutils.]) + else +- AC_MSG_WARN([rst2man not found: cannot generate man pages, consider installing perl. Disabling man page generation.]) ++ AC_MSG_WARN([rst2man not found: cannot generate man pages, consider installing python{2,3}-docutils. Disabling man page generation.]) + enable_man="no" + fi + else +-- +2.13.7 + diff --git a/0007-checkopts-report-duplicated-options-in-man-page.patch b/0007-checkopts-report-duplicated-options-in-man-page.patch new file mode 100644 index 0000000..668bb56 --- /dev/null +++ b/0007-checkopts-report-duplicated-options-in-man-page.patch @@ -0,0 +1,67 @@ +From 77b028c11fee787d1235a08fd06c8b60d20eb9c0 Mon Sep 17 00:00:00 2001 +From: Aurelien Aptel +Date: Wed, 8 Aug 2018 11:38:15 +0200 +Subject: [PATCH 07/10] checkopts: report duplicated options in man page + +Signed-off-by: Aurelien Aptel +--- + checkopts | 19 ++++++++++++++++--- + 1 file changed, 16 insertions(+), 3 deletions(-) + +diff --git a/checkopts b/checkopts +index 26ca271..88e70b1 100755 +--- a/checkopts ++++ b/checkopts +@@ -98,9 +98,12 @@ def extract_man_opts(fn): + state = STATE_BASE + rx = RX() + opts = {} ++ ln = 0 + + with open(fn) as f: + for s in f.readlines(): ++ ln += 1 ++ + if state == STATE_EXIT: + break + +@@ -113,7 +116,9 @@ def extract_man_opts(fn): + s = chomp(s) + names = extract_canonical_opts(s) + for name in names: +- opts[name] = s ++ if name not in opts: ++ opts[name] = [] ++ opts[name].append({'ln':ln, 'fmt':s}) + elif rx.search(r'^[A-Z]+', s): + state = STATE_EXIT + return opts +@@ -174,6 +179,14 @@ def main(): + def opt_is_doc(o): + return o in manopts + ++ print('DUPLICATED DOC OPTIONS') ++ print('======================') ++ ++ for opt in sortedset(man_opts_set): ++ if len(manopts[opt]) > 1: ++ lines = ", ".join([str(x['ln']) for x in manopts[opt]]) ++ print("OPTION %-20.20s (lines %s)"%(opt, lines)) ++ print() + + print('UNDOCUMENTED OPTIONS') + print('====================') +@@ -208,8 +221,8 @@ def main(): + unex_opts = man_opts_set - kernel_opts_set + # group opts and their negations together + for opt in sortedset(unex_opts): +- fmt = manopts[opt] +- print('OPTION %s ("%s")' % (opt, fmt)) ++ man = manopts[opt][0] ++ print('OPTION %s ("%s") line %d' % (opt, man['fmt'], man['ln'])) + + + print('') +-- +2.13.7 + diff --git a/0008-mount.cifs.rst-more-cleanups.patch b/0008-mount.cifs.rst-more-cleanups.patch new file mode 100644 index 0000000..9f80bae --- /dev/null +++ b/0008-mount.cifs.rst-more-cleanups.patch @@ -0,0 +1,159 @@ +From 06503ef4490a3dde4e8297cf1c5cb336ba43aafa Mon Sep 17 00:00:00 2001 +From: Aurelien Aptel +Date: Wed, 8 Aug 2018 11:38:16 +0200 +Subject: [PATCH 08/10] mount.cifs.rst: more cleanups + +* remove duplicates (netbiosname, rdma) +* remove snapshot +* document nostrictsync, domain, domainauto better +* point to vers= when talking about version requirements +* typos + +Signed-off-by: Aurelien Aptel +--- + mount.cifs.rst | 61 ++++++++++++++++++++++++++++------------------------------ + 1 file changed, 29 insertions(+), 32 deletions(-) + +diff --git a/mount.cifs.rst b/mount.cifs.rst +index 13b3a1e..3504477 100644 +--- a/mount.cifs.rst ++++ b/mount.cifs.rst +@@ -138,25 +138,20 @@ port=arg + try to connect on port 445 first and then port 139 if that + fails. Return an error if both fail. + +- + netbiosname=arg +- Specify the client netbios name (RFC1001 name) to use when attempting +- to setup a session to the server. Although rarely needed for mounting ++ When mounting to servers via port 139, specifies the RFC1001 source ++ name to use to represent the client netbios machine during the netbios ++ session initialization. ++ ++servern=arg ++ Similar to ``netbiosname`` except it specifies the netbios name of ++ the server instead of the client. Although rarely needed for mounting + to newer servers, this option is needed for mounting to some older + servers (such as OS/2 or Windows 98 and Windows ME) since when + connecting over port 139 they, unlike most newer servers, do not + support a default server name. A server name can be up to 15 + characters long and is usually uppercased. + +-servern=arg +- Similarl to ``netbiosname`` except it specifies the netbios name of +- the server instead of the client. +- +-netbiosname=arg +- When mounting to servers via port 139, specifies the RFC1001 source +- name to use to represent the client netbios machine name when doing +- the RFC1001 netbios session initialize. +- + file_mode=arg + If the server does not support the CIFS Unix extensions this overrides + the default file mode. +@@ -171,11 +166,14 @@ ip=arg|addr=arg + rarely needs to be specified by the user. + + domain=arg|dom=arg|workgroup=arg +- sets the domain (workgroup) of the user. ++ Sets the domain (workgroup) of the user. If no domains are given, ++ the empty domain will be used. Use ``domainauto`` to automatically ++ guess the domain of the server you are connecting to. + + domainauto +- When using NTLMv2 authentification and not providing a domain via ++ When using NTLM authentication and not providing a domain via + ``domain``, guess the domain from the server NTLM challenge. ++ This behavior used to be the default on kernels older than 2.6.36. + + guest + don't prompt for a password. +@@ -249,7 +247,14 @@ cache=arg + default is ``strict``. + + nostrictsync +- Do not flush to the server on fsync(). ++ Do not ask the server to flush on fsync(). ++ Some servers perform non-buffered writes by default in which case ++ flushing is redundant. In workloads where a client is performing a ++ lot of small write + fsync combinations and where network latency is ++ much higher than the server latency, this brings a 2x performance ++ improvement. ++ This option is also a good candidate in scenarios where we want ++ performance over consistency. + + handlecache + (default) In SMB2 and above, the client often has to open the root +@@ -359,15 +364,16 @@ sec=arg + automatically if it's enabled in */proc/fs/cifs/SecurityFlags*. + + seal +- Request encryption at the SMB layer. Encryption is only supported in +- SMBv3 and above. The encryption algorithm used is AES-128-CCM. ++ Request encryption at the SMB layer. The encryption algorithm used ++ is AES-128-CCM. Requires SMB3 or above (see ``vers``). + + rdma +- Connect directly to the server using SMB Direct via a RDMA adapter. ++ Connect directly to the server using SMB Direct via a RDMA ++ adapter. Requires SMB3 or above (see ``vers``). + + resilienthandles + Enable resilient handles. If the server supports it, keep opened +- files across reconenctions. Requires SMB2.1. ++ files across reconnections. Requires SMB2.1 (see ``vers``). + + noresilienthandles + (default) Disable resilient handles. +@@ -375,16 +381,12 @@ noresilienthandles + persistenthandles + Enable persistent handles. If the server supports it, keep opened + files across reconnections. Persistent handles are also valid across +- servers in a cluser and have stronger guarantees than resilient +- handles. Requires SMB3 or above. ++ servers in a cluster and have stronger guarantees than resilient ++ handles. Requires SMB3 or above (see ``vers``). + + nopersistenthandles + (default) Disable persistent handles. + +-snapshot=time +- Mount a specific snapshot of the remote share. ``time`` must be a +- positive integer identifying the snapshot requested. +- + nobrl + Do not send byte range lock requests to the server. This is necessary + for certain applications that break with cifs style mandatory byte +@@ -396,7 +398,7 @@ forcemandatorylock + extensions. Always use cifs style mandatory locks. + + locallease +- Check cache leases locally instead of querying the server. ++ Check cached leases locally instead of querying the server. + + sfu + When the CIFS Unix Extensions are not negotiated, attempt to create +@@ -425,11 +427,6 @@ echo_interval=n + If this option is not given then the default value of 60 seconds is used. + The minimum tunable value is 1 second and maximum can go up to 600 seconds. + +-rdma +- Use to connect to SMB Direct, only applicable when specified with +- vers=3 or vers=3.x. +- Here 3.x can be 3.0, 3.02 or 3.1.1. +- + serverino + Use inode numbers (unique persistent file identifiers) returned by the + server instead of automatically generating temporary inode numbers on +@@ -471,7 +468,7 @@ nouser_xattr + support it otherwise. The default is for xattr support to be enabled. + + nodfs +- Do not follow Distributed FileSystem referals. IO on a file not ++ Do not follow Distributed FileSystem referrals. IO on a file not + stored on the server will fail instead of connecting to the target + server transparently. + +-- +2.13.7 + diff --git a/0009-mount.cifs.rst-document-vers-3-mount-option.patch b/0009-mount.cifs.rst-document-vers-3-mount-option.patch new file mode 100644 index 0000000..2cee173 --- /dev/null +++ b/0009-mount.cifs.rst-document-vers-3-mount-option.patch @@ -0,0 +1,25 @@ +From 439cd76f72a2dd3c65fd7d30ece460cde6b9675d Mon Sep 17 00:00:00 2001 +From: Pavel Shilovsky +Date: Fri, 17 Aug 2018 11:08:58 -0700 +Subject: [PATCH 09/10] mount.cifs.rst: document vers=3 mount option + +Signed-off-by: Pavel Shilovsky +--- + mount.cifs.rst | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/mount.cifs.rst b/mount.cifs.rst +index 3504477..6587e16 100644 +--- a/mount.cifs.rst ++++ b/mount.cifs.rst +@@ -592,6 +592,7 @@ vers=arg + - 2.1 - The SMBv2.1 protocol that was introduced in Microsoft Windows 7 and Windows Server 2008R2. + - 3.0 - The SMBv3.0 protocol that was introduced in Microsoft Windows 8 and Windows Server 2012. + - 3.1.1 or 3.11 - The SMBv3.1.1 protocol that was introduced in Microsoft Windows Server 2016. ++ - 3 - The SMBv3.0 protocol version and above. + + Note too that while this option governs the protocol version used, not + all features of each version are available. +-- +2.13.7 + diff --git a/0010-mount.cifs.rst-document-vers-3.02-mount-option.patch b/0010-mount.cifs.rst-document-vers-3.02-mount-option.patch new file mode 100644 index 0000000..e433bd8 --- /dev/null +++ b/0010-mount.cifs.rst-document-vers-3.02-mount-option.patch @@ -0,0 +1,25 @@ +From 3c7e8c3663f50c2d2df6158cc4d22c4fccdc8ae8 Mon Sep 17 00:00:00 2001 +From: Pavel Shilovsky +Date: Fri, 17 Aug 2018 11:13:45 -0700 +Subject: [PATCH 10/10] mount.cifs.rst: document vers=3.02 mount option + +Signed-off-by: Pavel Shilovsky +--- + mount.cifs.rst | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/mount.cifs.rst b/mount.cifs.rst +index 6587e16..a0faf7f 100644 +--- a/mount.cifs.rst ++++ b/mount.cifs.rst +@@ -591,6 +591,7 @@ vers=arg + different dialect (2.000) that is not supported. + - 2.1 - The SMBv2.1 protocol that was introduced in Microsoft Windows 7 and Windows Server 2008R2. + - 3.0 - The SMBv3.0 protocol that was introduced in Microsoft Windows 8 and Windows Server 2012. ++ - 3.02 - The SMBv3.0.2 protocol that was introduced in Microsoft Windows 8.1 and Windows Server 2012R2. + - 3.1.1 or 3.11 - The SMBv3.1.1 protocol that was introduced in Microsoft Windows Server 2016. + - 3 - The SMBv3.0 protocol version and above. + +-- +2.13.7 + diff --git a/cifs-utils-6.7.tar.bz2 b/cifs-utils-6.7.tar.bz2 deleted file mode 100644 index a9a789a..0000000 --- a/cifs-utils-6.7.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:b2f21612474ab012e75accd167aab607a0614ff67efb56ea0f36789fa785cfab -size 363647 diff --git a/cifs-utils-6.7.tar.bz2.asc b/cifs-utils-6.7.tar.bz2.asc deleted file mode 100644 index 61ddc49..0000000 --- a/cifs-utils-6.7.tar.bz2.asc +++ /dev/null @@ -1,12 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2 - -iQEyBAABCAAcBQJYuE4QFRxjaWZzLXV0aWxzQHNhbWJhLm9yZwAKCRBa/b+ycPO5 -gZm4CAC0bjFRKw/CIiokpWzJSKyhw7Hw9KT77pEIIB6e7MYqq9KbhqcwPyvX4TTb -2Ghy+G2eWWC0jdOlCsGQODQ133cOwgTKWkETxcPZ8GFfHFhlrc/60ITieayV+nLz -nlc2Wg0+lp9mSVEBIHEbCtV+bWqutNCuDFIX8ETXqDuUvqzkdUWA698crkK8v/w1 -fUSCsKutd0pYslXb51vN0w38eclQOMeimbHpAfqXr0sO8ATVN3JjTkIvNSC+YKI9 -F8VxFrHU3M1fusFtOiBJDC9DIt6qqlM5HqusUiCZDHP+mZjcwGDnYpHikWuqPOoD -kz3rf4o0EZUdJ2mpkM7iDGo1CaXb -=6Ab6 ------END PGP SIGNATURE----- diff --git a/cifs-utils-6.8.tar.bz2 b/cifs-utils-6.8.tar.bz2 new file mode 100644 index 0000000..b3af532 --- /dev/null +++ b/cifs-utils-6.8.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e7d1f6050c43f21f82cd77e288eb756755effd22f0c310fc2c525df9d41dff79 +size 384426 diff --git a/cifs-utils-6.8.tar.bz2.asc b/cifs-utils-6.8.tar.bz2.asc new file mode 100644 index 0000000..4ecc087 --- /dev/null +++ b/cifs-utils-6.8.tar.bz2.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2 + +iQIcBAABCAAGBQJaozrEAAoJEN9bqdMGQtWgo20P/R1mqzgHoAfD1PrIGDHAbHmf +P5cvhZgsd+NnaYEFGm8HnYrY7cPWNgVB+PnBaUgfTXJ3NHiMT8dmtFaic4AWOxxN +o+8RPut+UYaEvG2aZr+mDK0Ig5zXU8GIxTxrCwrrzg2ZGBVW2x9J3wrOyomuPwIq +4UPlAX94fcOhKtcwtEqqG5BOXB9atNSw8fSmaxktgr0qAOc5wECZpmLimZjyX2qx +ASVFkTRmW4jl9YAOqAJ/CQti7MTEBFop5XuBgF8mbQgFTc0oMjcpUVUDC5a9tQEi +Tv8+GL0y0a8S6I7AH364pJFiZrHDbX3y8F3QTN/u4c1Fy8mkbcp3VLAwvrgFhzx4 +e+X4Wezgu24zxIa/rmUySVpy3pjpshxuPR549lQHtZBLTlgLSO/MIB/E9V/0uC4g +vcPMS5zve603s3y/pEHkTHjv+WYMLVbI2Jc01rhDQGLB2wox5MyheFgfvSe12Gwa +LLYDT8O4B2mgXcXocsn2YOq369t8ZGIWhi2xpt7XQVL5wrmRAzM03/MBU5oJr0pl +NOG5RBZ8TJeBwJe7PAYB76B65e84uBn12hZCyeaYiQtHHiSYH9q1th12fXuySNxF +1C2XAcO327cTQtG5gI9m5DHPut8xjjBiIsdZJYIL8XhOrISy7AqpWu7C6rbt6VvZ +10JbR5QQcpNXPPW8209H +=Cn5o +-----END PGP SIGNATURE----- diff --git a/cifs-utils.changes b/cifs-utils.changes index b556759..1b423bd 100644 --- a/cifs-utils.changes +++ b/cifs-utils.changes @@ -1,3 +1,25 @@ +------------------------------------------------------------------- +Mon Sep 10 12:29:37 UTC 2018 - aaptel@suse.com + +- Update to cifs-utils 6.8. + + document more mount options + + man pages now generated from RST files + + add python-docutils build dependency + + update keyring to check tarball signature +- Add typo corrections, better doc and configure fixes from upstream + + add 0001-docs-cleanup-rst-formating.patch + + add 0002-mount.cifs.rst-document-new-no-handlecache-mount-opt.patch + + add 0003-manpage-update-mount.cifs-manpage-with-info-about-rd.patch + + add 0004-checkopts-add-python-script-to-cross-check-mount-opt.patch + + add 0005-mount.cifs.rst-document-missing-options-correct-wron.patch + + add 0006-cifs-utils-support-rst2man-3.patch + + add 0007-checkopts-report-duplicated-options-in-man-page.patch + + add 0008-mount.cifs.rst-more-cleanups.patch + + add 0009-mount.cifs.rst-document-vers-3-mount-option.patch + + add 0010-mount.cifs.rst-document-vers-3.02-mount-option.patch +- Cleanup spec file + * assume SUSE vendor and SLE >= 11 + ------------------------------------------------------------------- Tue Mar 6 14:26:58 UTC 2018 - schwab@suse.de diff --git a/cifs-utils.keyring b/cifs-utils.keyring index 930c1d5..4275e22 100644 --- a/cifs-utils.keyring +++ b/cifs-utils.keyring @@ -1,32 +1,52 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v2.0.14 (GNU/Linux) +Version: GnuPG v2 -mQENBEuqp6ABCADf+tS1rZDdQaUfp7yUWTW+H8OqOXCjuCohHUZFoYF6K/pxhtsY -YUXt5NcXNTioOgJ18S9AL80KS2LTEyr8Z0mfGw1Rld4MClGnnIVNjKUKFaSeEOZG -eSIgjY/gYSP361mwo4PCcieeEO5V0g0agIrYOjkEUSSWb503Ma/NSLwlc3HjvL7i -woosfBpdGyr8dUjb9Tz0HtVw+2wqWl4zMNMYilgoZV0sGO0HssrU40yR/DjuXX5u -Yj+JpffKltKD9iKQ2c29yDXcVoYgAmKu7lNTEGafJHqSWWf2Cvuc+VGTLKrCKxCB -jlN4FKZO3pKFMLX3a0pMEn/ee645wH4mccMJABEBAAG0P2NpZnMtdXRpbHMgRGlz -dHJpYnV0aW9uIFZlcmlmaWNhdGlvbiBLZXkgPGNpZnMtdXRpbHNAc2FtYmEub3Jn -PokBOAQTAQIAIgUCS6qnoAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQ -Wv2/snDzuYFT3wgAo3mjI7HpDd6oywObMF+NDJC55lmMOZE3r0YuLg59aPeOI+PG -hhjx1UcCMWtx4Bu2j3I96bgwwoe+/ZxYjJZIqa8ClF6JulMDksI06eITSLOXaJVV -1OP8Rtq5aUyN9DsBrLhnpC1QkyBtiIKWDr9H/HSm8uYd3xOjcbhg3hYSBzCSEcTA -lVnk575rZRZ7kgwm6R5aCy/QNtmfbLWvI7ZA50q+zrE3/cDQ2ZLjktueOXufCQLg -cTivreji4aiU3p3dxRvZ+GFWnRyFu6o88DYZlT8M2mHdro5EW7S31ccs0tKdFrcw -vpkPi0TdWPp072UOeDogxuGdozpWuDB62n9TX4hGBBARAgAGBQJLqq6pAAoJEMj9 -IMUDHcyA1wkAnj4i4n33+JHh42fMDJojYGPxpnFnAJ9SXLONLJoFwQkaOjLNGYtQ -YH67ALkBDQRLqqegAQgA9Hco9TDoYOu3s7FePHqXxKClrHMswjfmD6WQ0k26j3lq -RS1KpSbGSiF8zXrKGKC0yO/INQ+WJGqDuVTwELE8hYcJeY0M5scSY6qAc+iCcTRn -B4Mf6Esnz/a6J0YebiojFrAgChGGUk/cZdwu8UOV//MbFSKCC49PcjNEjv2OXp5F -h/5gl/dSElHzSI9HykqhCECvcWSBdUXsIogIXJoQ0XX7WyPNKt0FeD0hGdYtDlzg -ZGjqhj/l8XHbFtNdJ/YOue8gBJ//4c2q7yrFMWf7lsJv/qaBDJECR1pV/O2juFZn -CxJ05WWnyqMbS30dVGM+VDf6HAfownc6NLX6KgANkQARAQABiQEfBBgBAgAJBQJL -qqegAhsMAAoJEFr9v7Jw87mBEZ8H/jxs/oyggM4VE0LSrZ3mmCJeNpAkk+rQlCRv -lqkIpn8xwllSCFVm7yET+Eo6G07J1vsGX7+hrtxC1UxB7UYwU3OMMciWpQyz32Zi -DO+eZwrWLg74Jy0Y6rvBlqhTQoRBeWhMzeMxfjtsBkBX3d3RWtuLGiA14pIw73+h -6NE0EbxIuXC5elEWdzm1A9LDH1B6XU9O5e/h5M/7KeKVW+wfydy0PGN/cQ7CLG/x -Rznvy631YcU03NN0PTO9aimbu67H27UIbj+ONoteeqklxmzVkriuYhJoSYkZloIz -ZuM2e2o9RtZwfOLOVR2fMspSGyvKq9NqOSOfz/2VFJI/7LYuJRM= -=hbsp +mQINBFqjC5IBEAC3B4MkmRj4X5Mee747zLbuNdggBctPsWe/sGlYtsF6SimssI5g +eypWuOOjq5CyPIg9K8lfYhdQTaHcR6OWRDrJEtn5Er6qaf6aziAkD8CPFx+9cxI9 +/3uhYKQY+haaRfOylgAHdeZW1sEN6GOzdELFSNU2ofjUEnywPOuKpPIfvQeiM0oZ +KCrL6+02gpSSlTBwe+NZtIbZArCmSRgekqh5gbdcGWWdSg2UNrfGH4dR61cTa0bX +PZ798du2NwjiAYVGqh/uPhbvDEJbu4sOvuUQroeXyAZ33JhLRLbUJ1seVXM8u597 +/hk2Nnm5kgCnCiI2EAPMmoL6bVdJu48M8T20cxwSVb6Qn4uOGXfw4tYA9ZqbA6q/ +rYc43lDI3Qmg56FZ0EJWOfMM08RDvSFCbqYHdhFKVza5yqPKL/VnvIUESOtBcSy8 +es9tEyZhnZ067BWfWtt81uHoMzl0MlEgm6hBthzuJZ9Lcy+LJJ5aAQnk3N+m013q +Pn2bsnAmgE4jT8RsD0P7QY5qM9aoIRfPsUkjz3OJP4QNbjQoEDF78F1FQWh2yMjo +omqoESdrDpSeIK94s7KIOn0CHOpXCK8GRqEYR/YOI/MCHK60agT1xJVQJszStQbP +InOtg3BIqtDBtEpRTvpYfBZkHIefh54JVz8H0ML70mjehz5+JGD6NUyskwARAQAB +tD9jaWZzLXV0aWxzIERpc3RyaWJ1dGlvbiBWZXJpZmljYXRpb24gS2V5IDxjaWZz +LXV0aWxzQHNhbWJhLm9yZz6JAjgEEwECACIFAlqjC5ICGwMGCwkIBwMCBhUIAgkK +CwQWAgMBAh4BAheAAAoJEN9bqdMGQtWgKuYP/R4p2X8dr2b2n6PQuuuA9RD5VreL +/FRbqyxl1Elxj07rbQG4r8m/YCZUebmojPVnpzLHKSkBi0ePcpaiZLT+v6kPd3Hu +T/6GjbIYh5WPC8N12l9e2Gc/kaIa8zMboAUx1A57x4e0eSJ62PWbzBOdT+n9Qwc8 +at8YRKvJrM6w+/c6mf1gkN7DINqAWgyXoCbAeq6heIp4cnVzEQkjfgmw5zai/g1O +7UebVh0L6b1KLghDUBsJ40hi5fSvLPOF3FRV+JWx2YUymFHJN6oyVytZ0ghJgH7a +rbcV8H5CZ/JhHvPl3vE2XTMoJ+DH4tOr7VR40LQrTG7/IMh5HKJ1a+zXgZliPaSm +7BfyTL1DxSBeCN2zbYUCuAOKhBZpSW+D4mPNW2DeAYSwCcrb1SGyTFGz0N+zIcqI +s32g5MhWvwMPoc+YaJMqW45sbff887kbVOMZwXXmCn5qgRxNTkHXKf4JrU29i4N6 +SlpwLuv6OhRV9jlVF9+fpVfQ0dbQXaSxU/IlVUpLKC7WxroTHA3FQP7RZdkR3ePe +ZVSEUNOLxFDkoLxYtrxrBOPqpPwPa7BAjClQZh2+nQfU3dxBnTyh9jNPT1ruteka +nrJVgdwZZuan08UTbhae35jLHCxpw9TYhKOpbAmZ2jLn7zk5D+Ffpss3minXurlI +nvolG4P/z9DiIiwLuQINBFqjC5IBEADVaLoHLmT9trPaTxGDpz8ZnbfJ1SPHcf8F +/mL31FWxRxotxNoLHuK25heTju6siE/SEPgZ2NIo/1pUgDVXTZbQO25qMcBxmoNH +ZJhEOruK10ZkJf6+f555v3One9uLoIMAMuVrnLFsdjqzeV4SswHgr/TjCAYZe9aA +hKF/TEE6c7ZwnWYAlRrm4eIrR3U7gzlen8z1DPzYcsaWLE7BXiQaPCbD3mrQQPlR +2sPrwO+qOq09Xm2Kgu6V6e604Q/LYB+RgRXQ3rXKX0hXeI/2Z7tcepeTCdyCjVG8 +pRADCe8ED189adGru5s79hQmDVY4Fsa8s9atibuoo1fg0VDqf2GEblpxG6DTJ7IE +36Jx10CjvAcenE/2IWRmb1TL7wUXcbGb+jdYSbow5XKesjItXWcLyZJKmwdH2BQL +zFkeCyWdw9gVrWYuYmW8BdUjJK59nCO3wdNCJFHSKP/8m1m1NM96MmoaU1Wq8pop +tm54nqO9pb15mAJQQw9KazgNeCgximBayrfR1K0+KyTjE145sn+RZrNSLXrXx87C +p7fHKpqBZrM/nxtdXW8CrwwgydCLjDuTngEuLq+Jr92Bz+Z71YiJKTKF4c21fQD8 +7+wyEpu7H793yXft9+Ku0c2b0R3SiYyA8P/yBbN73HDsH2ya+L90pjGglS3zClkP +ZyU95vhWVQARAQABiQIfBBgBAgAJBQJaowuSAhsMAAoJEN9bqdMGQtWgCCcP/3pW +eayAOG060ASE/0C6s306HAiJKePHkWRV2rZHbO3eIfTYOFv7sjW/GCFaVfWSArAn +dtxQO8udqzzHEeAx3Wp3i3kiGjs6VH0qtWEMNgxKjNMc5tFrdYl70Vvnva4Bp7RV +V8c6VIxyW4rd+OYZ3vxK+xo5+TwXoT9wKUIeHDmVHB5mVGJzvQDA2YJJeBnWkBnl +ovJ9kHLU7oPAA4XYqAl8TWc3731Ag19teaA1AGqbSEWlOGVIkWVGfl3BynbHgfqN +XbUSmmOOGqp/A9mMDIimdOWtUPQq05YvO8xmeQPNHaOEVzbPp6U0kMnz9K9X+PDS +6VK+xTekF8QTS4fsWneq5DQpKBHtiUTbSz3I52xO3vWCM6q9I7DI7ZGYaJKPwN5d +2u6yrGuq1wGMRsr36GIaRzN/7SKwWInItxFu4eH9BF3lcwv1v76nHp1mX4ObycAo +STJS5m4NGJIwuE/yPvUVy43i8jrTSOnqv0cjEr7AcoAQIUybZG09igeBHTGJ5FnL +SEJ4Cm9aJQ7ry+pclSFqzrS8iEIEES4GmYmLp6onvi+TV7YlC9w0GDikWg0Uk3xf +cwEFFZGeCvgM4bqdIHCEq37ZPDNbZ4I3P6kWblYgrnIhPfKfVkKY5mybRA+uiNkq +kwcfWNBaJWVaFFiM+ol3YE0wiTy/lyL6oHQ/iZLz +=+QS8 -----END PGP PUBLIC KEY BLOCK----- diff --git a/cifs-utils.spec b/cifs-utils.spec index 0de6e66..6a96d11 100644 --- a/cifs-utils.spec +++ b/cifs-utils.spec @@ -17,27 +17,40 @@ Name: cifs-utils -Version: 6.7 +Version: 6.8 Release: 0 Summary: Utilities for doing and managing mounts of the Linux CIFS filesystem License: GPL-3.0-or-later Group: System/Filesystems Url: http://www.samba.org/linux-cifs/cifs-utils/ +# origin git://git.samba.org/cifs-utils.git +# for-next https://github.com/piastry/cifs-utils.git Source: https://ftp.samba.org/pub/linux-cifs/%{name}/%{name}-%{version}.tar.bz2 Source5: https://ftp.samba.org/pub/linux-cifs/%{name}/%{name}-%{version}.tar.bz2.asc # http://ftp.samba.org/pub/linux-cifs/cifs-utils/cifs-utils-pubkey_70F3B981.asc Source6: cifs-utils.keyring Source100: README.cifstab.migration -%if "%{_vendor}" == "suse" -%define NET_CFGDIR network -%else -%define NET_CFGDIR network-scripts -%endif Source1: cifs.init -# fate#322075 -Patch0: 0001-manpage-correct-typos-and-spelling-mistakes.patch -Patch1: 0002-mount.cifs-document-SMBv3.1.1-and-new-seal-option.patch +Patch0: 0001-docs-cleanup-rst-formating.patch +Patch1: 0002-mount.cifs.rst-document-new-no-handlecache-mount-opt.patch +Patch2: 0003-manpage-update-mount.cifs-manpage-with-info-about-rd.patch +Patch3: 0004-checkopts-add-python-script-to-cross-check-mount-opt.patch +Patch4: 0005-mount.cifs.rst-document-missing-options-correct-wron.patch +Patch5: 0006-cifs-utils-support-rst2man-3.patch +Patch6: 0007-checkopts-report-duplicated-options-in-man-page.patch +Patch7: 0008-mount.cifs.rst-more-cleanups.patch +Patch8: 0009-mount.cifs.rst-document-vers-3-mount-option.patch +Patch9: 0010-mount.cifs.rst-document-vers-3.02-mount-option.patch + +# cifs-utils 6.8 switched to python for man page generation +# we need to require either py2 or py3 package +# some products do not have a py2/py3 versions +%if 0%{?suse_version} > 1500 || 0%{?sle_version} >= 150000 +BuildRequires: python3-docutils +%else +BuildRequires: python-docutils +%endif %if 0%{?suse_version} >= 1221 %define systemd 1 @@ -45,19 +58,17 @@ Patch1: 0002-mount.cifs-document-SMBv3.1.1-and-new-seal-option.patch %define systemd 0 %endif -%if 0%{?suse_version} && 0%{?suse_version} < 1221 +%if 0%{?suse_version} < 1221 PreReq: insserv %{?fillup_prereq} %endif %define initdir %{_sysconfdir}/init.d Provides: cifs-mount = %{version} Obsoletes: cifs-mount < %{version} -%if 0%{?suse_version} == 0 || 0%{?suse_version} > 1140 +%if 0%{?suse_version} > 1140 BuildRequires: autoconf %endif BuildRequires: automake -%if 0%{?suse_version} > 1020 BuildRequires: keyutils-devel -%endif BuildRequires: krb5-devel %if 0%{?suse_version} > 1120 BuildRequires: libcap-ng-devel @@ -69,12 +80,7 @@ BuildRequires: libtalloc-devel %if 0%{?suse_version} > 1110 BuildRequires: fdupes %endif -%if 0%{?mandriva_version} -BuildRequires: libkeyutils-devel -%endif -%if 0%{?centos_version} > 599 || 0%{?fedora_version} > 14 || 0%{?rhel_version} > 599 || 0%{?suse_version} > 1020 BuildRequires: libwbclient-devel -%endif BuildRequires: pam-devel BuildRequires: pkg-config Requires: keyutils @@ -114,6 +120,14 @@ provide these credentials to the kernel automatically at login. cp -a ${RPM_SOURCE_DIR}/README.cifstab.migration . %patch0 -p1 %patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 %build export CFLAGS="%{optflags} -D_GNU_SOURCE -fpie" @@ -125,21 +139,18 @@ make %{?_smp_mflags} %install %if ! %{systemd} -mkdir -p \ - %{buildroot}/%{_sysconfdir}/init.d +mkdir -p %{buildroot}/%{_sysconfdir}/init.d %endif %make_install -%if 0%{?centos_version} > 599 || 0%{?fedora_version} > 14 || 0%{?mandriva_version} > 201100 || 0%{?rhel_version} > 599 || 0%{?suse_version} > 1020 mkdir -p %{buildroot}%{_sysconfdir}/%{name} ln -s %{_libdir}/%{name}/idmapwb.so %{buildroot}%{_sysconfdir}/%{name}/idmap-plugin -%endif mkdir -p %{buildroot}%{_sysconfdir}/request-key.d install -m 644 -p contrib/request-key.d/cifs.idmap.conf %{buildroot}%{_sysconfdir}/request-key.d install -m 644 -p contrib/request-key.d/cifs.spnego.conf %{buildroot}%{_sysconfdir}/request-key.d -%if 0%{?suse_version} == 0 || 0%{?suse_version} > 1221 +%if 0%{?suse_version} > 1221 mkdir -p \ - %{buildroot}/%{_sysconfdir}/sysconfig/%{NET_CFGDIR}/if-{down,up}.d \ + %{buildroot}/%{_sysconfdir}/sysconfig/network/if-{down,up}.d \ %{buildroot}/%{_sysconfdir}/samba \ %{buildroot}/%{_sbindir} \ %{buildroot}/%{_rundir} @@ -149,7 +160,7 @@ install -m 0755 -p ${RPM_SOURCE_DIR}/cifs.init %{buildroot}/%{_sysconfdir}/init. ln -s service %{buildroot}/%{_sbindir}/rccifs %endif -touch %{buildroot}/%{_sysconfdir}/sysconfig/%{NET_CFGDIR}/if-{down,up}.d/${script} \ +touch %{buildroot}/%{_sysconfdir}/sysconfig/network/if-{down,up}.d/${script} \ %{buildroot}%{_rundir}/cifs %endif # Hardlink duplicate files @@ -159,32 +170,26 @@ touch %{buildroot}/%{_sysconfdir}/sysconfig/%{NET_CFGDIR}/if-{down,up}.d/${scrip %files /sbin/mount.cifs -%if 0%{?centos_version} > 599 || 0%{?fedora_version} > 14 || 0%{?mandriva_version} > 201100 || 0%{?rhel_version} > 599 || 0%{?suse_version} > 1020 %{_bindir}/getcifsacl %{_bindir}/setcifsacl %{_sbindir}/cifs.idmap %{_mandir}/man1/getcifsacl.1%{ext_man} %{_mandir}/man1/setcifsacl.1%{ext_man} %{_mandir}/man8/cifs.idmap.8%{ext_man} -%endif -%if 0%{?centos_version} > 499 || 0%{?fedora_version} > 14 || 0%{?mandriva_version} > 201100 || 0%{?rhel_version} > 499 || 0%{?suse_version} > 1020 %{_bindir}/cifscreds %{_sbindir}/cifs.upcall %{_mandir}/man1/cifscreds.1%{ext_man} %{_mandir}/man8/cifs.upcall.8%{ext_man} -%endif %{_mandir}/man8/mount.cifs.8%{ext_man} %dir %{_sysconfdir}/request-key.d %config(noreplace) %{_sysconfdir}/request-key.d/cifs.idmap.conf %config(noreplace) %{_sysconfdir}/request-key.d/cifs.spnego.conf -%if 0%{?centos_version} > 599 || 0%{?fedora_version} > 14 || 0%{?mandriva_version} > 201100 || 0%{?rhel_version} > 599 || 0%{?suse_version} > 1020 %dir %{_libdir}/cifs-utils %dir %{_sysconfdir}/cifs-utils %config(noreplace) %{_sysconfdir}/cifs-utils/idmap-plugin %{_libdir}/%{name}/idmapwb.so %{_mandir}/man8/idmapwb.8%{ext_man} -%endif -%if 0%{?suse_version} == 0 || 0%{?suse_version} > 1221 +%if 0%{?suse_version} > 1221 %if ! %{systemd} %attr(0754,root,root) %config %{_sysconfdir}/init.d/cifs %{_sbindir}/rccifs From cbe7cfb4cd104bdd0ec4262f966136423b31c4be43588b8f4f1306a55d257893 Mon Sep 17 00:00:00 2001 From: Aurelien Aptel Date: Tue, 27 Nov 2018 15:46:05 +0000 Subject: [PATCH 7/7] mentionned removed patched in changelog + remove 0001-manpage-correct-typos-and-spelling-mistakes.patch + remove 0002-mount.cifs-document-SMBv3.1.1-and-new-seal-option.patch OBS-URL: https://build.opensuse.org/package/show/network:samba:STABLE/cifs-utils?expand=0&rev=154 --- cifs-utils.changes | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cifs-utils.changes b/cifs-utils.changes index 1b423bd..fc39475 100644 --- a/cifs-utils.changes +++ b/cifs-utils.changes @@ -6,6 +6,8 @@ Mon Sep 10 12:29:37 UTC 2018 - aaptel@suse.com + man pages now generated from RST files + add python-docutils build dependency + update keyring to check tarball signature + + remove 0001-manpage-correct-typos-and-spelling-mistakes.patch + + remove 0002-mount.cifs-document-SMBv3.1.1-and-new-seal-option.patch - Add typo corrections, better doc and configure fixes from upstream + add 0001-docs-cleanup-rst-formating.patch + add 0002-mount.cifs.rst-document-new-no-handlecache-mount-opt.patch