From 99d3e0d9fa651b08118ca786b9325feaaf824240682405e007b8cde8e58d95bd Mon Sep 17 00:00:00 2001 From: Dirk Mueller Date: Tue, 20 Aug 2024 20:22:12 +0000 Subject: [PATCH] - add 0001-gssd-revert-commit-a5f3b7ccb01c.patch, 0002-gssd-revert-commit-513630d720bd.patch, 0003-gssd-switch-to-using-rpc_gss_seccreate.patch, 0004-gssd-handle-KRB5_AP_ERR_BAD_INTEGRITY-for-machine-cr.patch, 0005-gssd-handle-KRB5_AP_ERR_BAD_INTEGRITY-for-user-crede.patch, 0006-configure-check-for-rpc_gss_seccreate.patch: fixes for libtirpc 1.3.5 - drop reenable-nfsv2.patch (poo#106679) Fix crash when rpc-gssd run with -v. - Replace references to /var/adm/fillup-templates with new options. - do not strip the binaries - mkinitrd-boot.sh: allow other mkinitrd-setup - nfs-utils-eperm-fallback.patch: mount.nfs Includes new config file: /etc/nfsmount.conf and - Kill processes on NFS mounts when unmounting bnc#442490 * fix typo in handling of "init.d/nfs status" - nfs.init: * unmount rpc_pipefs - fix sysconfig filename for changed fillup call services (gssd and idmpad have been rolled in to nfs/nfsserver). - remove svcinfo.d dir as it is provided now by filesystem - update to version 1.1.2 - uses libgssglue instead of libgssapi - add rpcbind support [fate#300607] - added gssapi to buildrequires (#116355) showmount has been removed there (#309782) - added README.NFSv4 (#182775) OBS-URL: https://build.opensuse.org/package/show/Base:System/nfs-utils?expand=0&rev=285 --- .gitattributes | 23 + .gitignore | 1 + ...warning-if-neither-subtree_check-or-.patch | 167 ++ 0001-gssd-revert-commit-a5f3b7ccb01c.patch | 99 + ...n-t-report-error-from-conf_init_file.patch | 179 ++ 0002-gssd-revert-commit-513630d720bd.patch | 51 + ...sr-etc-to-provide-any-config-files-e.patch | 188 ++ ...sd-switch-to-using-rpc_gss_seccreate.patch | 60 + ...mous-sockets-by-their-name-only-don-.patch | 115 + ..._AP_ERR_BAD_INTEGRITY-for-machine-cr.patch | 62 + ..._AP_ERR_BAD_INTEGRITY-for-user-crede.patch | 101 + ...onfigure-check-for-rpc_gss_seccreate.patch | 35 + idmapd.conf | 10 + nfs-kernel-server.tmpfiles.conf | 5 + nfs-mountd.options.conf | 4 + nfs-server.options.conf | 4 + nfs-utils-1.0.7-bind-syntax.patch | 19 + nfs-utils-2.6.4.tar.xz | 3 + nfs-utils.changes | 2337 +++++++++++++++++ nfs-utils.rpmlintrc | 2 + nfs-utils.spec | 404 +++ nfs.conf | 32 + rpc-gssd.options.conf | 4 + rpc-statd-notify.options.conf | 4 + rpc-statd.options.conf | 4 + rpc-svcgssd.options.conf | 4 + statd-user.conf | 2 + sysconfig.nfs | 253 ++ 28 files changed, 4172 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 0001-exportfs-remove-warning-if-neither-subtree_check-or-.patch create mode 100644 0001-gssd-revert-commit-a5f3b7ccb01c.patch create mode 100644 0002-conffile-don-t-report-error-from-conf_init_file.patch create mode 100644 0002-gssd-revert-commit-513630d720bd.patch create mode 100644 0003-conffile-allow-usr-etc-to-provide-any-config-files-e.patch create mode 100644 0003-gssd-switch-to-using-rpc_gss_seccreate.patch create mode 100644 0004-fsidd-call-anonymous-sockets-by-their-name-only-don-.patch create mode 100644 0004-gssd-handle-KRB5_AP_ERR_BAD_INTEGRITY-for-machine-cr.patch create mode 100644 0005-gssd-handle-KRB5_AP_ERR_BAD_INTEGRITY-for-user-crede.patch create mode 100644 0006-configure-check-for-rpc_gss_seccreate.patch create mode 100644 idmapd.conf create mode 100644 nfs-kernel-server.tmpfiles.conf create mode 100644 nfs-mountd.options.conf create mode 100644 nfs-server.options.conf create mode 100644 nfs-utils-1.0.7-bind-syntax.patch create mode 100644 nfs-utils-2.6.4.tar.xz create mode 100644 nfs-utils.changes create mode 100644 nfs-utils.rpmlintrc create mode 100644 nfs-utils.spec create mode 100644 nfs.conf create mode 100644 rpc-gssd.options.conf create mode 100644 rpc-statd-notify.options.conf create mode 100644 rpc-statd.options.conf create mode 100644 rpc-svcgssd.options.conf create mode 100644 statd-user.conf create mode 100644 sysconfig.nfs diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/0001-exportfs-remove-warning-if-neither-subtree_check-or-.patch b/0001-exportfs-remove-warning-if-neither-subtree_check-or-.patch new file mode 100644 index 0000000..69245cd --- /dev/null +++ b/0001-exportfs-remove-warning-if-neither-subtree_check-or-.patch @@ -0,0 +1,167 @@ +From 40d6d58ee6e58f50d5f1aaf8c1253b2338bd7d06 Mon Sep 17 00:00:00 2001 +From: NeilBrown +Date: Mon, 27 Nov 2023 10:12:19 -0500 +Subject: [PATCH] exportfs: remove warning if neither subtree_check or + no_subtree_check is given + +This warning was only ever intended as a transitional aid. +It doesn't serve any purpose any longer. Let's remove it. + +Also clean up some white-space issues. + +Signed-off-by: NeilBrown +Signed-off-by: Steve Dickson +--- + support/export/export.c | 2 +- + support/export/xtab.c | 2 +- + support/include/nfslib.h | 2 +- + support/nfs/exports.c | 43 +++++++++++++++++----------------------- + 4 files changed, 21 insertions(+), 28 deletions(-) + +diff --git a/support/export/export.c b/support/export/export.c +index 3e48c42def19..100912cb29c3 100644 +--- a/support/export/export.c ++++ b/support/export/export.c +@@ -119,7 +119,7 @@ export_read(char *fname, int ignore_hosts) + int reexport_found = 0; + + setexportent(fname, "r"); +- while ((eep = getexportent(0,1)) != NULL) { ++ while ((eep = getexportent(0)) != NULL) { + exp = export_lookup(eep->e_hostname, eep->e_path, ignore_hosts); + if (!exp) { + if (export_create(eep, 0)) +diff --git a/support/export/xtab.c b/support/export/xtab.c +index e210ca99d574..282f15bc79cd 100644 +--- a/support/export/xtab.c ++++ b/support/export/xtab.c +@@ -47,7 +47,7 @@ xtab_read(char *xtab, char *lockfn, int is_export) + setexportent(xtab, "r"); + if (is_export == 1) + v4root_needed = 1; +- while ((xp = getexportent(is_export==0, 0)) != NULL) { ++ while ((xp = getexportent(is_export==0)) != NULL) { + if (!(exp = export_lookup(xp->e_hostname, xp->e_path, is_export != 1)) && + !(exp = export_create(xp, is_export!=1))) { + if(xp->e_hostname) { +diff --git a/support/include/nfslib.h b/support/include/nfslib.h +index bdbde78d9ebd..eff2a486307f 100644 +--- a/support/include/nfslib.h ++++ b/support/include/nfslib.h +@@ -111,7 +111,7 @@ struct rmtabent { + * configuration file parsing + */ + void setexportent(char *fname, char *type); +-struct exportent * getexportent(int,int); ++struct exportent * getexportent(int); + void secinfo_show(FILE *fp, struct exportent *ep); + void xprtsecinfo_show(FILE *fp, struct exportent *ep); + void putexportent(struct exportent *xep); +diff --git a/support/nfs/exports.c b/support/nfs/exports.c +index 15dc574cc21a..a6816e60d62e 100644 +--- a/support/nfs/exports.c ++++ b/support/nfs/exports.c +@@ -59,7 +59,7 @@ static int *squids = NULL, nsquids = 0, + + static int getexport(char *exp, int len); + static int getpath(char *path, int len); +-static int parseopts(char *cp, struct exportent *ep, int warn, int *had_subtree_opt_ptr); ++static int parseopts(char *cp, struct exportent *ep, int *had_subtree_opt_ptr); + static int parsesquash(char *list, int **idp, int *lenp, char **ep); + static int parsenum(char **cpp); + static void freesquash(void); +@@ -109,7 +109,7 @@ static void init_exportent (struct exportent *ee, int fromkernel) + } + + struct exportent * +-getexportent(int fromkernel, int fromexports) ++getexportent(int fromkernel) + { + static struct exportent ee, def_ee; + char exp[512], *hostname; +@@ -147,7 +147,7 @@ getexportent(int fromkernel, int fromexports) + * we're not reading from the kernel. + */ + if (exp[0] == '-' && !fromkernel) { +- if (parseopts(exp + 1, &def_ee, 0, &has_default_subtree_opts) < 0) ++ if (parseopts(exp + 1, &def_ee, &has_default_subtree_opts) < 0) + return NULL; + + has_default_opts = 1; +@@ -185,20 +185,20 @@ getexportent(int fromkernel, int fromexports) + } + ee.e_hostname = xstrdup(hostname); + +- if (parseopts(opt, &ee, fromexports && !has_default_subtree_opts, NULL) < 0) { +- if(ee.e_hostname) +- { +- xfree(ee.e_hostname); +- ee.e_hostname=NULL; +- } +- if(ee.e_uuid) +- { +- xfree(ee.e_uuid); +- ee.e_uuid=NULL; +- } ++ if (parseopts(opt, &ee, NULL) < 0) { ++ if(ee.e_hostname) ++ { ++ xfree(ee.e_hostname); ++ ee.e_hostname=NULL; ++ } ++ if(ee.e_uuid) ++ { ++ xfree(ee.e_uuid); ++ ee.e_uuid=NULL; ++ } + + return NULL; +- } ++ } + /* resolve symlinks */ + if (realpath(ee.e_path, rpath) != NULL) { + rpath[sizeof (rpath) - 1] = '\0'; +@@ -433,7 +433,7 @@ mkexportent(char *hname, char *path, char *options) + } + strncpy(ee.e_path, path, sizeof (ee.e_path)); + ee.e_path[sizeof (ee.e_path) - 1] = '\0'; +- if (parseopts(options, &ee, 0, NULL) < 0) ++ if (parseopts(options, &ee, NULL) < 0) + return NULL; + return ⅇ + } +@@ -441,7 +441,7 @@ mkexportent(char *hname, char *path, char *options) + int + updateexportent(struct exportent *eep, char *options) + { +- if (parseopts(options, eep, 0, NULL) < 0) ++ if (parseopts(options, eep, NULL) < 0) + return 0; + return 1; + } +@@ -632,7 +632,7 @@ void fix_pseudoflavor_flags(struct exportent *ep) + * Parse option string pointed to by cp and set mount options accordingly. + */ + static int +-parseopts(char *cp, struct exportent *ep, int warn, int *had_subtree_opt_ptr) ++parseopts(char *cp, struct exportent *ep, int *had_subtree_opt_ptr) + { + int had_subtree_opt = 0; + char *flname = efname?efname:"command line"; +@@ -852,13 +852,6 @@ bad_option: + ep->e_nsqgids = nsqgids; + + out: +- if (warn && !had_subtree_opt) +- xlog(L_WARNING, "%s [%d]: Neither 'subtree_check' or 'no_subtree_check' specified for export \"%s:%s\".\n" +- " Assuming default behaviour ('no_subtree_check').\n" +- " NOTE: this default has changed since nfs-utils version 1.0.x\n", +- +- flname, flline, +- ep->e_hostname, ep->e_path); + if (had_subtree_opt_ptr) + *had_subtree_opt_ptr = had_subtree_opt; + +-- +2.43.0 + diff --git a/0001-gssd-revert-commit-a5f3b7ccb01c.patch b/0001-gssd-revert-commit-a5f3b7ccb01c.patch new file mode 100644 index 0000000..887bd24 --- /dev/null +++ b/0001-gssd-revert-commit-a5f3b7ccb01c.patch @@ -0,0 +1,99 @@ +From 20c0797937e9ec43a78a2f5475d4296897f8c537 Mon Sep 17 00:00:00 2001 +From: Olga Kornievskaia +Date: Mon, 11 Dec 2023 08:46:35 -0500 +Subject: [PATCH 1/6] gssd: revert commit a5f3b7ccb01c + +In preparation for using rpc_gss_seccreate() function, revert commit +a5f3b7ccb01c "gssd: handle KRB5_AP_ERR_BAD_INTEGRITY for user +credentials" + +Reviewed-by: Chuck Lever +Signed-off-by: Olga Kornievskaia +Signed-off-by: Steve Dickson +--- + utils/gssd/gssd_proc.c | 2 -- + utils/gssd/krb5_util.c | 42 ------------------------------------------ + utils/gssd/krb5_util.h | 1 - + 3 files changed, 45 deletions(-) + +diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c +index a96647df..e5cc1d98 100644 +--- a/utils/gssd/gssd_proc.c ++++ b/utils/gssd/gssd_proc.c +@@ -419,8 +419,6 @@ create_auth_rpc_client(struct clnt_info *clp, + if (cred == GSS_C_NO_CREDENTIAL) + retval = gssd_refresh_krb5_machine_credential(clp->servername, + "*", NULL, 1); +- else +- retval = gssd_k5_remove_bad_service_cred(clp->servername); + if (!retval) { + auth = authgss_create_default(rpc_clnt, tgtname, + &sec); +diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c +index 6f66ef4f..f6ce1fec 100644 +--- a/utils/gssd/krb5_util.c ++++ b/utils/gssd/krb5_util.c +@@ -1553,48 +1553,6 @@ gssd_acquire_user_cred(gss_cred_id_t *gss_cred) + return ret; + } + +-/* Removed a service ticket for nfs/ from the ticket cache +- */ +-int +-gssd_k5_remove_bad_service_cred(char *name) +-{ +- krb5_creds in_creds, out_creds; +- krb5_error_code ret; +- krb5_context context; +- krb5_ccache cache; +- krb5_principal principal; +- int retflags = KRB5_TC_MATCH_SRV_NAMEONLY; +- char srvname[1024]; +- +- ret = krb5_init_context(&context); +- if (ret) +- goto out_cred; +- ret = krb5_cc_default(context, &cache); +- if (ret) +- goto out_free_context; +- ret = krb5_cc_get_principal(context, cache, &principal); +- if (ret) +- goto out_close_cache; +- memset(&in_creds, 0, sizeof(in_creds)); +- in_creds.client = principal; +- sprintf(srvname, "nfs/%s", name); +- ret = krb5_parse_name(context, srvname, &in_creds.server); +- if (ret) +- goto out_free_principal; +- ret = krb5_cc_retrieve_cred(context, cache, retflags, &in_creds, &out_creds); +- if (ret) +- goto out_free_principal; +- ret = krb5_cc_remove_cred(context, cache, 0, &out_creds); +-out_free_principal: +- krb5_free_principal(context, principal); +-out_close_cache: +- krb5_cc_close(context, cache); +-out_free_context: +- krb5_free_context(context); +-out_cred: +- return ret; +-} +- + #ifdef HAVE_SET_ALLOWABLE_ENCTYPES + /* + * this routine obtains a credentials handle via gss_acquire_cred() +diff --git a/utils/gssd/krb5_util.h b/utils/gssd/krb5_util.h +index 7ef87018..62c91a0e 100644 +--- a/utils/gssd/krb5_util.h ++++ b/utils/gssd/krb5_util.h +@@ -22,7 +22,6 @@ char *gssd_k5_err_msg(krb5_context context, krb5_error_code code); + void gssd_k5_get_default_realm(char **def_realm); + + int gssd_acquire_user_cred(gss_cred_id_t *gss_cred); +-int gssd_k5_remove_bad_service_cred(char *srvname); + + #ifdef HAVE_SET_ALLOWABLE_ENCTYPES + extern int limit_to_legacy_enctypes; +-- +2.46.0 + diff --git a/0002-conffile-don-t-report-error-from-conf_init_file.patch b/0002-conffile-don-t-report-error-from-conf_init_file.patch new file mode 100644 index 0000000..6a49062 --- /dev/null +++ b/0002-conffile-don-t-report-error-from-conf_init_file.patch @@ -0,0 +1,179 @@ +From ed4dc834e1722b9217fae27da1adf29ab21d6a93 Mon Sep 17 00:00:00 2001 +From: NeilBrown +Date: Mon, 27 Nov 2023 10:30:43 -0500 +Subject: [PATCH] conffile: don't report error from conf_init_file() + +conf_init_file() currently reports an error if the main config file +doesn't exist - even if there are conf files in the conf.d directory. + +This is only used by nfsconfcli.c. However this is not needed. If +there is a real error, and error message is already logged. +If it is simply that the file doesn't exist, that isn't really an error. + +So remove the error messages and change conf_init_file() to not return +any status. + +Also fix up assorted nearby white-space issues. + +Signed-off-by: NeilBrown +Signed-off-by: Steve Dickson +--- + support/include/conffile.h | 2 +- + support/nfs/conffile.c | 32 ++++++++++++++------------------ + tools/nfsconf/nfsconfcli.c | 15 ++------------- + 3 files changed, 17 insertions(+), 32 deletions(-) + +diff --git a/support/include/conffile.h b/support/include/conffile.h +index c4a3ca62860e..c04cd1ec5c0c 100644 +--- a/support/include/conffile.h ++++ b/support/include/conffile.h +@@ -62,7 +62,7 @@ extern char *conf_get_str(const char *, const char *); + extern char *conf_get_str_with_def(const char *, const char *, char *); + extern char *conf_get_section(const char *, const char *, const char *); + extern char *conf_get_entry(const char *, const char *, const char *); +-extern int conf_init_file(const char *); ++extern void conf_init_file(const char *); + extern void conf_cleanup(void); + extern int conf_match_num(const char *, const char *, int); + extern int conf_remove(int, const char *, const char *); +diff --git a/support/nfs/conffile.c b/support/nfs/conffile.c +index fd4a17ad4293..6b813dd95147 100644 +--- a/support/nfs/conffile.c ++++ b/support/nfs/conffile.c +@@ -658,7 +658,7 @@ conf_load_file(const char *conf_file) + return 0; + } + +-static void ++static void + conf_init_dir(const char *conf_file) + { + struct dirent **namelist = NULL; +@@ -669,14 +669,14 @@ conf_init_dir(const char *conf_file) + dname = malloc(strlen(conf_file) + 3); + if (dname == NULL) { + xlog(L_WARNING, "conf_init_dir: malloc: %s", strerror(errno)); +- return; ++ return; + } + sprintf(dname, "%s.d", conf_file); + + n = scandir(dname, &namelist, NULL, versionsort); + if (n < 0) { + if (errno != ENOENT) { +- xlog(L_WARNING, "conf_init_dir: scandir %s: %s", ++ xlog(L_WARNING, "conf_init_dir: scandir %s: %s", + dname, strerror(errno)); + } + free(dname); +@@ -691,7 +691,7 @@ conf_init_dir(const char *conf_file) + for (i = 0; i < n; i++ ) { + struct dirent *d = namelist[i]; + +- switch (d->d_type) { ++ switch (d->d_type) { + case DT_UNKNOWN: + case DT_REG: + case DT_LNK: +@@ -701,13 +701,13 @@ conf_init_dir(const char *conf_file) + } + if (*d->d_name == '.') + continue; +- ++ + fname_len = strlen(d->d_name); + path_len = (fname_len + dname_len); + if (!fname_len || path_len > PATH_MAX) { + xlog(L_WARNING, "conf_init_dir: Too long file name: %s in %s", + d->d_name, dname); +- continue; ++ continue; + } + + /* +@@ -715,7 +715,7 @@ conf_init_dir(const char *conf_file) + * that end with CONF_FILE_EXT + */ + if (fname_len <= CONF_FILE_EXT_LEN) { +- xlog(D_GENERAL, "conf_init_dir: %s: name too short", ++ xlog(D_GENERAL, "conf_init_dir: %s: name too short", + d->d_name); + continue; + } +@@ -746,31 +746,29 @@ conf_init_dir(const char *conf_file) + free(namelist[i]); + free(namelist); + free(dname); +- ++ + return; + } + +-int ++void + conf_init_file(const char *conf_file) + { + unsigned int i; +- int ret; + + for (i = 0; i < sizeof conf_bindings / sizeof conf_bindings[0]; i++) + LIST_INIT (&conf_bindings[i]); + + TAILQ_INIT (&conf_trans_queue); + +- if (conf_file == NULL) +- conf_file=NFS_CONFFILE; ++ if (conf_file == NULL) ++ conf_file = NFS_CONFFILE; + + /* +- * First parse the give config file +- * then parse the config.conf.d directory ++ * First parse the give config file ++ * then parse the config.conf.d directory + * (if it exists) +- * + */ +- ret = conf_load_file(conf_file); ++ conf_load_file(conf_file); + + /* + * When the same variable is set in both files +@@ -779,8 +777,6 @@ conf_init_file(const char *conf_file) + * have the final say. + */ + conf_init_dir(conf_file); +- +- return ret; + } + + /* +diff --git a/tools/nfsconf/nfsconfcli.c b/tools/nfsconf/nfsconfcli.c +index b2ef96d1c600..bd9d52701aa6 100644 +--- a/tools/nfsconf/nfsconfcli.c ++++ b/tools/nfsconf/nfsconfcli.c +@@ -135,19 +135,8 @@ int main(int argc, char **argv) + return 1; + } + +- if (mode != MODE_SET && mode != MODE_UNSET) { +- if (conf_init_file(confpath)) { +- /* config file was missing or had an error, warn about it */ +- if (verbose || mode != MODE_ISSET) { +- fprintf(stderr, "Error loading config file %s\n", +- confpath); +- } +- +- /* this isnt fatal for --isset */ +- if (mode != MODE_ISSET) +- return 1; +- } +- } ++ if (mode != MODE_SET && mode != MODE_UNSET) ++ conf_init_file(confpath); + + /* --dump mode, output the current configuration */ + if (mode == MODE_DUMP) { +-- +2.43.0 + diff --git a/0002-gssd-revert-commit-513630d720bd.patch b/0002-gssd-revert-commit-513630d720bd.patch new file mode 100644 index 0000000..73814f9 --- /dev/null +++ b/0002-gssd-revert-commit-513630d720bd.patch @@ -0,0 +1,51 @@ +From f05af7d9924b5e455f4e750c1e8985c560784fce Mon Sep 17 00:00:00 2001 +From: Olga Kornievskaia +Date: Mon, 11 Dec 2023 08:50:57 -0500 +Subject: [PATCH 2/6] gssd: revert commit 513630d720bd + +In preparation for using rpc_gss_seccreate(), revert commit 513630d720bd +"gssd: handle KRB5_AP_ERR_BAD_INTEGRITY for machine credentials" + +Reviewed-by: Chuck Lever +Signed-off-by: Olga Kornievskaia +Signed-off-by: Steve Dickson +--- + utils/gssd/gssd_proc.c | 16 +--------------- + 1 file changed, 1 insertion(+), 15 deletions(-) + +diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c +index e5cc1d98..4fb6b72d 100644 +--- a/utils/gssd/gssd_proc.c ++++ b/utils/gssd/gssd_proc.c +@@ -412,27 +412,13 @@ create_auth_rpc_client(struct clnt_info *clp, + tid, tgtname); + auth = authgss_create_default(rpc_clnt, tgtname, &sec); + if (!auth) { +- if (sec.minor_status == KRB5KRB_AP_ERR_BAD_INTEGRITY) { +- printerr(2, "WARNING: server=%s failed context " +- "creation with KRB5_AP_ERR_BAD_INTEGRITY\n", +- clp->servername); +- if (cred == GSS_C_NO_CREDENTIAL) +- retval = gssd_refresh_krb5_machine_credential(clp->servername, +- "*", NULL, 1); +- if (!retval) { +- auth = authgss_create_default(rpc_clnt, tgtname, +- &sec); +- if (auth) +- goto success; +- } +- } + /* Our caller should print appropriate message */ + printerr(2, "WARNING: Failed to create krb5 context for " + "user with uid %d for server %s\n", + uid, tgtname); + goto out_fail; + } +-success: ++ + /* Success !!! */ + rpc_clnt->cl_auth = auth; + *clnt_return = rpc_clnt; +-- +2.46.0 + diff --git a/0003-conffile-allow-usr-etc-to-provide-any-config-files-e.patch b/0003-conffile-allow-usr-etc-to-provide-any-config-files-e.patch new file mode 100644 index 0000000..59a6fc5 --- /dev/null +++ b/0003-conffile-allow-usr-etc-to-provide-any-config-files-e.patch @@ -0,0 +1,188 @@ +From 6a714409b17ad2cca99d497129fc944a808eb446 Mon Sep 17 00:00:00 2001 +From: NeilBrown +Date: Mon, 27 Nov 2023 10:35:56 -0500 +Subject: [PATCH] conffile: allow /usr/etc to provide any config files expected + in /etc + +If any config file is configured to be in /etc, also read from /usr/etc. +This followed a growing trend of moving as much as possible out of / +and into /usr. + +See https://en.opensuse.org/openSUSE:Packaging_UsrEtc + +Signed-off-by: NeilBrown +Signed-off-by: Steve Dickson +--- + support/nfs/conffile.c | 26 +++++++++++++++----------- + support/nfsidmap/idmapd.conf.5 | 15 ++++++++++++++- + systemd/nfs.conf.man | 23 ++++++++++++++--------- + systemd/nfs.systemd.man | 10 +++++++++- + utils/mount/nfsmount.conf.man | 19 ++++++++++--------- + 5 files changed, 62 insertions(+), 31 deletions(-) + +--- a/support/nfs/conffile.c ++++ b/support/nfs/conffile.c +@@ -763,19 +763,23 @@ conf_init_file(const char *conf_file) + if (conf_file == NULL) + conf_file = NFS_CONFFILE; + +- /* +- * First parse the give config file +- * then parse the config.conf.d directory +- * (if it exists) ++ /* If the config file is in /etc (normal) then check ++ * /usr/etc first. Also check config.conf.d for files ++ * names *.conf. ++ * ++ * Content or later files always over-rides earlier ++ * files. + */ +- conf_load_file(conf_file); ++ if (strncmp(conf_file, "/etc/", 5) == 0) { ++ char *usrconf = NULL; + +- /* +- * When the same variable is set in both files +- * the conf.d file will override the config file. +- * This allows automated admin systems to +- * have the final say. +- */ ++ if (asprintf(&usrconf, "/usr%s", conf_file) > 0 && usrconf) { ++ conf_load_file(usrconf); ++ conf_init_dir(usrconf); ++ free(usrconf); ++ } ++ } ++ conf_load_file(conf_file); + conf_init_dir(conf_file); + } + +--- a/support/nfsidmap/idmapd.conf.5 ++++ b/support/nfsidmap/idmapd.conf.5 +@@ -37,7 +37,7 @@ Configuration file for libnfsidmap. Use + .SH DESCRIPTION + The + .B idmapd.conf +-configuration file consists of several sections, initiated by strings of the ++configuration files consists of several sections, initiated by strings of the + form [General] and [Mapping]. Each section may contain lines of the form + .nf + variable = value +@@ -398,6 +398,19 @@ LDAP_base = dc=org,dc=domain + .\" Additional sections + .\" ------------------------------------------------------------------- + .\" ++.SH FILES ++.I /usr/etc/idmapd.conf ++.br ++.I /usr/etc/idmapd.conf.d/*.conf ++.br ++.I /etc/idmapd.conf ++.br ++.I /etc/idmapd.conf.d/*.conf ++.br ++.IP ++Files are read in the order listed. Later settings override earlier ++settings. ++ + .SH SEE ALSO + .BR idmapd (8) + .BR svcgssd (8) +--- a/systemd/nfs.conf.man ++++ b/systemd/nfs.conf.man +@@ -2,10 +2,13 @@ + .SH NAME + nfs.conf \- general configuration for NFS daemons and tools + .SH SYNOPSIS ++.I /usr/etc/nfs.conf ++.I /usr/etc/nfs.conf.d/ + .I /etc/nfs.conf ++.I /etc/nfs.conf.d/ + .SH DESCRIPTION + .PP +-This file contains site-specific configuration for various NFS daemons ++These files contain site-specific configuration for various NFS daemons + and other processes. Most configuration can also be passed to + processes via command line arguments, but it can be more convenient to + have a central file. In particular, this encourages consistent +@@ -314,15 +317,17 @@ See + for deatils. + + .SH FILES +-.TP 10n ++.I /usr/etc/nfs.conf ++.br ++.I /usr/etc/nfs.conf.d/*.conf ++.br + .I /etc/nfs.conf +-Default NFS client configuration file +-.TP 10n +-.I /etc/nfs.conf.d +-When this directory exists and files ending +-with ".conf" exist, those files will be +-used to set configuration variables. These +-files will override variables set in /etc/nfs.conf ++.br ++.I /etc/nfs.conf.d/*.conf ++.br ++.IP ++Various configuration files read in order. Later settings override ++earlier settings. + .SH SEE ALSO + .BR nfsdcltrack (8), + .BR rpc.nfsd (8), +--- a/systemd/nfs.systemd.man ++++ b/systemd/nfs.systemd.man +@@ -27,7 +27,9 @@ any command line arguments to daemons so + behavior. In many case such configuration can be performed by making + changes to + .I /etc/nfs.conf +-or other configuration files. When that is not convenient, a ++or other configuration files (see ++.BR nfs.conf (5)). ++When that is not convenient, a + distribution might provide systemd "drop-in" files which replace the + .B ExecStart= + setting to start the program with different arguments. For example a +@@ -171,6 +173,12 @@ running, it can be masked with + /etc/nfsmount.conf + .br + /etc/idmapd.conf ++.P ++Also similar files in ++.B /usr/etc ++and in related ++.I conf.d ++drop-in directories. + .SH SEE ALSO + .BR systemd.unit (5), + .BR nfs.conf (5), +--- a/utils/mount/nfsmount.conf.man ++++ b/utils/mount/nfsmount.conf.man +@@ -115,16 +115,17 @@ All mounts to the '/export/home' export + the background (i.e. done asynchronously). + .RE + .SH FILES +-.TP 10n ++.I /usr/etc/nfsmount.conf ++.br ++.I /usr/etc/nfsmount.conf.d/*.conf ++.br + .I /etc/nfsmount.conf +-Default NFS mount configuration file +-.TP 10n +-.I /etc/nfsmount.conf.d +-When this directory exists and files ending +-with ".conf" exist, those files will be +-used to set configuration variables. These +-files will override variables set +-in /etc/nfsmount.conf ++.br ++.I /etc/nfsmount.conf.d/*.conf ++.br ++.IP ++Default NFS mount configuration files, variables set in the later file ++over-ride those in the earlier file. + .PD + .SH SEE ALSO + .BR nfs (5), diff --git a/0003-gssd-switch-to-using-rpc_gss_seccreate.patch b/0003-gssd-switch-to-using-rpc_gss_seccreate.patch new file mode 100644 index 0000000..5306c46 --- /dev/null +++ b/0003-gssd-switch-to-using-rpc_gss_seccreate.patch @@ -0,0 +1,60 @@ +From 3abf6b5223af0ccf07d217d71978ee7987acce88 Mon Sep 17 00:00:00 2001 +From: Olga Kornievskaia +Date: Mon, 11 Dec 2023 08:52:47 -0500 +Subject: [PATCH 3/6] gssd: switch to using rpc_gss_seccreate() + +If available from the libtirpc library, switch to using +rpc_gss_seccreate() instead of authgss_create_default() which does not +expose gss error codes. + +Reviewed-by: Chuck Lever +Signed-off-by: Olga Kornievskaia +Signed-off-by: Steve Dickson +--- + utils/gssd/gssd_proc.c | 15 +++++++++++++++ + 1 file changed, 15 insertions(+) + +diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c +index 4fb6b72d..99761157 100644 +--- a/utils/gssd/gssd_proc.c ++++ b/utils/gssd/gssd_proc.c +@@ -70,6 +70,9 @@ + #include + #include + #include ++#ifdef HAVE_TIRPC_GSS_SECCREATE ++#include ++#endif + + #include "gssd.h" + #include "err_util.h" +@@ -330,6 +333,11 @@ create_auth_rpc_client(struct clnt_info *clp, + struct timeval timeout; + struct sockaddr *addr = (struct sockaddr *) &clp->addr; + socklen_t salen; ++#ifdef HAVE_TIRPC_GSS_SECCREATE ++ rpc_gss_options_req_t req; ++ rpc_gss_options_ret_t ret; ++ char mechanism[] = "kerberos_v5"; ++#endif + pthread_t tid = pthread_self(); + + sec.qop = GSS_C_QOP_DEFAULT; +@@ -410,7 +418,14 @@ create_auth_rpc_client(struct clnt_info *clp, + + printerr(3, "create_auth_rpc_client(0x%lx): creating context with server %s\n", + tid, tgtname); ++#ifdef HAVE_TIRPC_GSS_SECCREATE ++ memset(&req, 0, sizeof(req)); ++ req.my_cred = sec.cred; ++ auth = rpc_gss_seccreate(rpc_clnt, tgtname, mechanism, ++ rpcsec_gss_svc_none, NULL, &req, &ret); ++#else + auth = authgss_create_default(rpc_clnt, tgtname, &sec); ++#endif + if (!auth) { + /* Our caller should print appropriate message */ + printerr(2, "WARNING: Failed to create krb5 context for " +-- +2.46.0 + diff --git a/0004-fsidd-call-anonymous-sockets-by-their-name-only-don-.patch b/0004-fsidd-call-anonymous-sockets-by-their-name-only-don-.patch new file mode 100644 index 0000000..84fbed5 --- /dev/null +++ b/0004-fsidd-call-anonymous-sockets-by-their-name-only-don-.patch @@ -0,0 +1,115 @@ +From 46f91dc8f0d9aa31e18327cf3ad61c27551c4cfc Mon Sep 17 00:00:00 2001 +From: Ahelenia Ziemiaska +Date: Mon, 27 Nov 2023 10:41:04 -0500 +Subject: [PATCH] fsidd: call anonymous sockets by their name only, don't fill + with NULs to 108 bytes + +Since e00ab3c0616fe6d83ab0710d9e7d989c299088f7, ss -l looks like this: + u_seq LISTEN 0 5 @/run/fsid.sock@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 26989379 * 0 +with fsidd pushing all the addresses to 108 bytes wide, which is deeply +egregious if you don't filter it out and recolumnate. + +This is because, naturally (unix(7)), "Null bytes in the name have +no special significance": abstract addresses are binary blobs, but +paths automatically terminate at the first NUL byte, since paths +can't contain those. + +So just specify the correct address length when we're using the abstract domain: +unix(7) recommends "offsetof(struct sockaddr_un, sun_path) + strlen(sun_path) + 1" +for paths, but we don't want to include the terminating NUL, so it's just +"offsetof(struct sockaddr_un, sun_path) + strlen(sun_path)". +This brings the width back to order: +-- >8 -- +$ ss -la | grep @ +u_str ESTAB 0 0 @45208536ec96909a/bus/systemd-timesyn/bus-api-timesync 18500238 * 18501249 +u_str ESTAB 0 0 @fecc9657d2315eb7/bus/systemd-network/bus-api-network 18495452 * 18494406 +u_seq LISTEN 0 5 @/run/fsid.sock 27168796 * 0 +u_str ESTAB 0 0 @ac308f35f50797a2/bus/systemd-logind/system 19406 * 15153 +u_str ESTAB 0 0 @b6606e0dfacbae75/bus/systemd/bus-api-system 18494353 * 18495334 +u_str ESTAB 0 0 @5880653d215718a7/bus/systemd/bus-system 26930876 * 26930003 +-- >8 -- + +Fixes: e00ab3c0616fe6d83ab0710d9e7d989c299088f7 ("fsidd: provide + better default socket name.") +Reviewed-by: NeilBrown +Signed-off-by: Ahelenia Ziemia?ska +Signed-off-by: Steve Dickson +--- + support/reexport/fsidd.c | 9 ++++++--- + support/reexport/reexport.c | 8 ++++++-- + 2 files changed, 12 insertions(+), 5 deletions(-) + +diff --git a/support/reexport/fsidd.c b/support/reexport/fsidd.c +index 3e62b3fc1370..8a70b78f6362 100644 +--- a/support/reexport/fsidd.c ++++ b/support/reexport/fsidd.c +@@ -147,6 +147,7 @@ int main(void) + { + struct event *srv_ev; + struct sockaddr_un addr; ++ socklen_t addr_len; + char *sock_file; + int srv; + +@@ -161,10 +162,12 @@ int main(void) + memset(&addr, 0, sizeof(struct sockaddr_un)); + addr.sun_family = AF_UNIX; + strncpy(addr.sun_path, sock_file, sizeof(addr.sun_path) - 1); +- if (addr.sun_path[0] == '@') ++ addr_len = sizeof(struct sockaddr_un); ++ if (addr.sun_path[0] == '@') { + /* "abstract" socket namespace */ ++ addr_len = offsetof(struct sockaddr_un, sun_path) + strlen(addr.sun_path); + addr.sun_path[0] = 0; +- else ++ } else + unlink(sock_file); + + srv = socket(AF_UNIX, SOCK_SEQPACKET | SOCK_NONBLOCK, 0); +@@ -173,7 +176,7 @@ int main(void) + return 1; + } + +- if (bind(srv, (const struct sockaddr *)&addr, sizeof(struct sockaddr_un)) == -1) { ++ if (bind(srv, (const struct sockaddr *)&addr, addr_len) == -1) { + xlog(L_WARNING, "Unable to bind %s: %m\n", sock_file); + return 1; + } +diff --git a/support/reexport/reexport.c b/support/reexport/reexport.c +index 78516586b98e..0fb49a46723c 100644 +--- a/support/reexport/reexport.c ++++ b/support/reexport/reexport.c +@@ -21,6 +21,7 @@ static int fsidd_srv = -1; + static bool connect_fsid_service(void) + { + struct sockaddr_un addr; ++ socklen_t addr_len; + char *sock_file; + int ret; + int s; +@@ -33,9 +34,12 @@ static bool connect_fsid_service(void) + memset(&addr, 0, sizeof(struct sockaddr_un)); + addr.sun_family = AF_UNIX; + strncpy(addr.sun_path, sock_file, sizeof(addr.sun_path) - 1); +- if (addr.sun_path[0] == '@') ++ addr_len = sizeof(struct sockaddr_un); ++ if (addr.sun_path[0] == '@') { + /* "abstract" socket namespace */ ++ addr_len = offsetof(struct sockaddr_un, sun_path) + strlen(addr.sun_path); + addr.sun_path[0] = 0; ++ } + + s = socket(AF_UNIX, SOCK_SEQPACKET, 0); + if (s == -1) { +@@ -43,7 +47,7 @@ static bool connect_fsid_service(void) + return false; + } + +- ret = connect(s, (const struct sockaddr *)&addr, sizeof(struct sockaddr_un)); ++ ret = connect(s, (const struct sockaddr *)&addr, addr_len); + if (ret == -1) { + xlog(L_WARNING, "Unable to connect %s: %m, is fsidd running?\n", sock_file); + return false; +-- +2.43.0 + diff --git a/0004-gssd-handle-KRB5_AP_ERR_BAD_INTEGRITY-for-machine-cr.patch b/0004-gssd-handle-KRB5_AP_ERR_BAD_INTEGRITY-for-machine-cr.patch new file mode 100644 index 0000000..6bd6adb --- /dev/null +++ b/0004-gssd-handle-KRB5_AP_ERR_BAD_INTEGRITY-for-machine-cr.patch @@ -0,0 +1,62 @@ +From 2bfb59c6f50eb86c21f8e0c33bbf32ec53480fb8 Mon Sep 17 00:00:00 2001 +From: Olga Kornievskaia +Date: Mon, 11 Dec 2023 08:55:35 -0500 +Subject: [PATCH 4/6] gssd: handle KRB5_AP_ERR_BAD_INTEGRITY for machine + credentials + +During context establishment, when the client received +KRB5_AP_ERR_BAD_INTEGRITY error, it might be due to the server +updating its key material. To handle such error, get a new +service ticket and re-try the AP_REQ. + +This functionality relies on the new API in libtirpc that +exposes the gss errors. + +Reviewed-by: Chuck Lever +Signed-off-by: Olga Kornievskaia +Signed-off-by: Steve Dickson +--- + utils/gssd/gssd_proc.c | 21 ++++++++++++++++++++- + 1 file changed, 20 insertions(+), 1 deletion(-) + +diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c +index 99761157..29600a3f 100644 +--- a/utils/gssd/gssd_proc.c ++++ b/utils/gssd/gssd_proc.c +@@ -427,13 +427,32 @@ create_auth_rpc_client(struct clnt_info *clp, + auth = authgss_create_default(rpc_clnt, tgtname, &sec); + #endif + if (!auth) { ++#ifdef HAVE_TIRPC_GSS_SECCREATE ++ if (ret.minor_status == KRB5KRB_AP_ERR_BAD_INTEGRITY) { ++ printerr(2, "WARNING: server=%s failed context " ++ "creation with KRB5_AP_ERR_BAD_INTEGRITY\n", ++ clp->servername); ++ if (cred == GSS_C_NO_CREDENTIAL) ++ retval = gssd_refresh_krb5_machine_credential(clp->servername, ++ "*", NULL, 1); ++ if (!retval) { ++ auth = rpc_gss_seccreate(rpc_clnt, tgtname, ++ mechanism, rpcsec_gss_svc_none, ++ NULL, &req, &ret); ++ if (auth) ++ goto success; ++ } ++ } ++#endif + /* Our caller should print appropriate message */ + printerr(2, "WARNING: Failed to create krb5 context for " + "user with uid %d for server %s\n", + uid, tgtname); + goto out_fail; + } +- ++#ifdef HAVE_TIRPC_GSS_SECCREATE ++success: ++#endif + /* Success !!! */ + rpc_clnt->cl_auth = auth; + *clnt_return = rpc_clnt; +-- +2.46.0 + diff --git a/0005-gssd-handle-KRB5_AP_ERR_BAD_INTEGRITY-for-user-crede.patch b/0005-gssd-handle-KRB5_AP_ERR_BAD_INTEGRITY-for-user-crede.patch new file mode 100644 index 0000000..5f7d6b1 --- /dev/null +++ b/0005-gssd-handle-KRB5_AP_ERR_BAD_INTEGRITY-for-user-crede.patch @@ -0,0 +1,101 @@ +From 15cd566633b1546f0808d0694ede094b4c99752d Mon Sep 17 00:00:00 2001 +From: Olga Kornievskaia +Date: Mon, 11 Dec 2023 08:57:28 -0500 +Subject: [PATCH 5/6] gssd: handle KRB5_AP_ERR_BAD_INTEGRITY for user + credentials + +Unlike the machine credential case, we can't throw away the ticket +cache and use the keytab to renew the credentials. Instead, we +need to remove the service ticket for the server that returned +KRB5_AP_ERR_BAD_INTEGRITY and try again. + +Reviewed-by: Chuck Lever +Signed-off-by: Olga Kornievskaia +Signed-off-by: Steve Dickson +--- + utils/gssd/gssd_proc.c | 2 ++ + utils/gssd/krb5_util.c | 42 ++++++++++++++++++++++++++++++++++++++++++ + utils/gssd/krb5_util.h | 1 + + 3 files changed, 45 insertions(+) + +diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c +index 29600a3f..7629de0b 100644 +--- a/utils/gssd/gssd_proc.c ++++ b/utils/gssd/gssd_proc.c +@@ -435,6 +435,8 @@ create_auth_rpc_client(struct clnt_info *clp, + if (cred == GSS_C_NO_CREDENTIAL) + retval = gssd_refresh_krb5_machine_credential(clp->servername, + "*", NULL, 1); ++ else ++ retval = gssd_k5_remove_bad_service_cred(clp->servername); + if (!retval) { + auth = rpc_gss_seccreate(rpc_clnt, tgtname, + mechanism, rpcsec_gss_svc_none, +diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c +index f6ce1fec..6f66ef4f 100644 +--- a/utils/gssd/krb5_util.c ++++ b/utils/gssd/krb5_util.c +@@ -1553,6 +1553,48 @@ gssd_acquire_user_cred(gss_cred_id_t *gss_cred) + return ret; + } + ++/* Removed a service ticket for nfs/ from the ticket cache ++ */ ++int ++gssd_k5_remove_bad_service_cred(char *name) ++{ ++ krb5_creds in_creds, out_creds; ++ krb5_error_code ret; ++ krb5_context context; ++ krb5_ccache cache; ++ krb5_principal principal; ++ int retflags = KRB5_TC_MATCH_SRV_NAMEONLY; ++ char srvname[1024]; ++ ++ ret = krb5_init_context(&context); ++ if (ret) ++ goto out_cred; ++ ret = krb5_cc_default(context, &cache); ++ if (ret) ++ goto out_free_context; ++ ret = krb5_cc_get_principal(context, cache, &principal); ++ if (ret) ++ goto out_close_cache; ++ memset(&in_creds, 0, sizeof(in_creds)); ++ in_creds.client = principal; ++ sprintf(srvname, "nfs/%s", name); ++ ret = krb5_parse_name(context, srvname, &in_creds.server); ++ if (ret) ++ goto out_free_principal; ++ ret = krb5_cc_retrieve_cred(context, cache, retflags, &in_creds, &out_creds); ++ if (ret) ++ goto out_free_principal; ++ ret = krb5_cc_remove_cred(context, cache, 0, &out_creds); ++out_free_principal: ++ krb5_free_principal(context, principal); ++out_close_cache: ++ krb5_cc_close(context, cache); ++out_free_context: ++ krb5_free_context(context); ++out_cred: ++ return ret; ++} ++ + #ifdef HAVE_SET_ALLOWABLE_ENCTYPES + /* + * this routine obtains a credentials handle via gss_acquire_cred() +diff --git a/utils/gssd/krb5_util.h b/utils/gssd/krb5_util.h +index 62c91a0e..7ef87018 100644 +--- a/utils/gssd/krb5_util.h ++++ b/utils/gssd/krb5_util.h +@@ -22,6 +22,7 @@ char *gssd_k5_err_msg(krb5_context context, krb5_error_code code); + void gssd_k5_get_default_realm(char **def_realm); + + int gssd_acquire_user_cred(gss_cred_id_t *gss_cred); ++int gssd_k5_remove_bad_service_cred(char *srvname); + + #ifdef HAVE_SET_ALLOWABLE_ENCTYPES + extern int limit_to_legacy_enctypes; +-- +2.46.0 + diff --git a/0006-configure-check-for-rpc_gss_seccreate.patch b/0006-configure-check-for-rpc_gss_seccreate.patch new file mode 100644 index 0000000..8bf31e7 --- /dev/null +++ b/0006-configure-check-for-rpc_gss_seccreate.patch @@ -0,0 +1,35 @@ +From 49567e7d03a5605c590be2135a24d4de8345fa3c Mon Sep 17 00:00:00 2001 +From: Olga Kornievskaia +Date: Mon, 11 Dec 2023 08:59:43 -0500 +Subject: [PATCH 6/6] configure: check for rpc_gss_seccreate + +If we have rpc_gss_sccreate in tirpc library define +HAVE_TIRPC_GSS_SECCREATE, which would allow us to handle bad_integrity +errors. + +Reviewed-by: Chuck Lever +Signed-off-by: Olga Kornievskaia +Signed-off-by: Steve Dickson +--- + aclocal/libtirpc.m4 | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/aclocal/libtirpc.m4 b/aclocal/libtirpc.m4 +index bddae022..ef48a2ae 100644 +--- a/aclocal/libtirpc.m4 ++++ b/aclocal/libtirpc.m4 +@@ -26,6 +26,11 @@ AC_DEFUN([AC_LIBTIRPC], [ + [Define to 1 if your tirpc library provides libtirpc_set_debug])],, + [${LIBS}])]) + ++ AS_IF([test -n "${LIBTIRPC}"], ++ [AC_CHECK_LIB([tirpc], [rpc_gss_seccreate], ++ [AC_DEFINE([HAVE_TIRPC_GSS_SECCREATE], [1], ++ [Define to 1 if your tirpc library provides rpc_gss_seccreate])],, ++ [${LIBS}])]) + AC_SUBST([AM_CPPFLAGS]) + AC_SUBST(LIBTIRPC) + +-- +2.46.0 + diff --git a/idmapd.conf b/idmapd.conf new file mode 100644 index 0000000..bfcb177 --- /dev/null +++ b/idmapd.conf @@ -0,0 +1,10 @@ +[General] + +Verbosity = 0 +Pipefs-Directory = /var/lib/nfs/rpc_pipefs +Domain = localdomain + +[Mapping] + +Nobody-User = nobody +Nobody-Group = nobody diff --git a/nfs-kernel-server.tmpfiles.conf b/nfs-kernel-server.tmpfiles.conf new file mode 100644 index 0000000..275351b --- /dev/null +++ b/nfs-kernel-server.tmpfiles.conf @@ -0,0 +1,5 @@ +# See tmpfiles.d(5) for details +#Type Path Mode UID GID Age Argument +d /var/lib/nfs +f /var/lib/nfs/etab +f /var/lib/nfs/rmtab diff --git a/nfs-mountd.options.conf b/nfs-mountd.options.conf new file mode 100644 index 0000000..0857a40 --- /dev/null +++ b/nfs-mountd.options.conf @@ -0,0 +1,4 @@ +[Service] +EnvironmentFile=-/etc/sysconfig/nfs +ExecStart= +ExecStart=-/usr/sbin/rpc.mountd $MOUNTD_OPTIONS diff --git a/nfs-server.options.conf b/nfs-server.options.conf new file mode 100644 index 0000000..54a855c --- /dev/null +++ b/nfs-server.options.conf @@ -0,0 +1,4 @@ +[Service] +EnvironmentFile=-/etc/sysconfig/nfs +ExecStart= +ExecStart=-/usr/sbin/rpc.nfsd $NFSD_OPTIONS diff --git a/nfs-utils-1.0.7-bind-syntax.patch b/nfs-utils-1.0.7-bind-syntax.patch new file mode 100644 index 0000000..f6e1523 --- /dev/null +++ b/nfs-utils-1.0.7-bind-syntax.patch @@ -0,0 +1,19 @@ + support/export/export.c | 2 + support/include/misc.h | 3 + support/include/nfslib.h | 1 +================================================================================ +--- + support/nfs/exports.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/support/nfs/exports.c ++++ b/support/nfs/exports.c +@@ -684,6 +684,8 @@ bad_option: + } else if (strncmp(opt, "replicas=", 9) == 0) { + ep->e_fslocmethod = FSLOC_REPLICA; + ep->e_fslocdata = strdup(opt+9); ++ } else if (strncmp(opt, "bind=/", 6) == 0) { ++ /* ignore this for now */ + } else if (strncmp(opt, "sec=", 4) == 0) { + active = parse_flavors(opt+4, ep); + if (!active) diff --git a/nfs-utils-2.6.4.tar.xz b/nfs-utils-2.6.4.tar.xz new file mode 100644 index 0000000..4fb2c0b --- /dev/null +++ b/nfs-utils-2.6.4.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:01b3b0fb9c7d0bbabf5114c736542030748c788ec2fd9734744201e9b0a1119d +size 728280 diff --git a/nfs-utils.changes b/nfs-utils.changes new file mode 100644 index 0000000..8836319 --- /dev/null +++ b/nfs-utils.changes @@ -0,0 +1,2337 @@ +------------------------------------------------------------------- +Tue Aug 20 20:21:14 UTC 2024 - Dirk Müller + +- add 0001-gssd-revert-commit-a5f3b7ccb01c.patch, + 0002-gssd-revert-commit-513630d720bd.patch, + 0003-gssd-switch-to-using-rpc_gss_seccreate.patch, + 0004-gssd-handle-KRB5_AP_ERR_BAD_INTEGRITY-for-machine-cr.patch, + 0005-gssd-handle-KRB5_AP_ERR_BAD_INTEGRITY-for-user-crede.patch, + 0006-configure-check-for-rpc_gss_seccreate.patch: fixes for + libtirpc 1.3.5 + +------------------------------------------------------------------- +Mon Apr 22 02:56:13 UTC 2024 - Neil Brown + +- nfs-utils.spec: Provide nfsidmap as well as obsoleting it. + (bsc#1222947) + +------------------------------------------------------------------- +Tue Dec 5 01:19:38 UTC 2023 - Neil Brown + +- Update to version 2.6.4 + - https://kernel.org/pub/linux/utils/nfs-utils/2.6.4/2.6.4-Changelog + - includes fixes for bsc#1210997 +- Removed patchs from this release + - 0001-export-fix-handling-of-error-from-match_fsid.patch +- Added some upstream patches + - 0001-exportfs-remove-warning-if-neither-subtree_check-or-.patch + - 0002-conffile-don-t-report-error-from-conf_init_file.patch + - 0003-conffile-allow-usr-etc-to-provide-any-config-files-e.patch + - 0004-fsidd-call-anonymous-sockets-by-their-name-only-don-.patch + These fix minor bugs and allow config files to be in /usr/etc. + So also move config files to /usr/etc and create directories + foo.conf.d for each config file, so other config file can easily + be addded. + (boo#1216740) + +------------------------------------------------------------------- +Wed Nov 15 00:03:44 UTC 2023 - Neil Brown + +- Build with --enable-junction so that nfsref is built + https://lore.kernel.org/linux-nfs/DFBBA6DD-7F22-4A38-BAA2-DBD40EB81BB9@oracle.com/ + +------------------------------------------------------------------- +Mon Oct 16 00:43:42 UTC 2023 - Neil Brown + +- 0001-export-fix-handling-of-error-from-match_fsid.patch + Errors from match_fsid() shouldn't be fatal. + (bsc#1214540) + +------------------------------------------------------------------- +Thu Apr 20 10:10:14 UTC 2023 - Petr Vorel + +- Update to version 2.6.3 + - https://kernel.org/pub/linux/utils/nfs-utils/2.6.3/2.6.3-Changelog +- Remove patches from this release: + - 0006-nfsd-allow-server-scope-to-be-set-with-config-or-com.patch + - 0007-mount.nfs-always-include-mountpoint-or-spec-if-error.patch + - 0008-nfsd.man-fix-typo-in-section-on-scope.patch +- Remove systemd/50-nfs.conf (was removed in upstream in d8d29f85) + and the realted patch (bsc#1200710). + 0005-modprobe-avoid-error-messages-if-sbin-sysctl-fail.patch. +- New file /usr/lib/udev/rules.d/60-nfs.rules (which replaced in upstream + systemd/50-nfs.conf in 9466df03). +- Add fsidd: + - /usr/lib/systemd/system/fsidd.service + - /usr/lib/udev/rules.d/60-nfs.rules + - /usr/sbin/fsidd + +------------------------------------------------------------------- +Tue Mar 28 22:37:58 UTC 2023 - Neil Brown + +- Add 0007-mount.nfs-always-include-mountpoint-or-spec-if-error.patch + boo#1157881 +- Add 0008-nfsd.man-fix-typo-in-section-on-scope.patch + bsc#1209859 +- Allow scope to be sed in sysconfig: NFSD_SCOPE + +------------------------------------------------------------------- +Mon Mar 27 10:16:10 UTC 2023 - Dominique Leuenberger + +- Add explicit pkgconfig(libkeyutils) BuildRequires: nfs-utils + requires this for nfsv4 and we should not rely on the devel + package being brought in by other deps. + +------------------------------------------------------------------- +Mon Feb 6 00:23:05 UTC 2023 - Neil Brown + +- Rename all drop-in options.conf files as 10-options.conf + This makes it easier for other packages to over-ride + with a drop-in with a later sequence number. + resource-agents does this. + (bsc#1207843) + +------------------------------------------------------------------- +Tue Nov 22 00:27:06 UTC 2022 - Neil Brown + +- Add 0006-nfsd-allow-server-scope-to-be-set-with-config-or-com.patch + Allow server scope to be set - removes the need to run nfsd + inside a private UTS namespace for fail-over applications + (bsc#1203746) + +------------------------------------------------------------------- +Fri Aug 26 05:56:08 UTC 2022 - Neil Brown + +- sysconfig.nfs, nfs.conf: allow NFSv4 grace time to be set + via sysconfig. + SLE12 allowed this, SLE15 lost the ability. Add it back + with the name NFSV4GRACETIME. Also improve description + for NFSV4LEASETIME. + (bsc#1202592) + +------------------------------------------------------------------- +Fri Aug 12 08:33:37 UTC 2022 - Petr Vorel + +- Update to version 2.6.2 + - https://kernel.org/pub/linux/utils/nfs-utils/2.6.2/2.6.2-Changelog +- Remove patches from this release: + - gcc12-fix.patch + - 0001-systemd-Apply-all-sysctl-settings-when-NFS-related-m.patch + - 0002-Update-autoconfig-files-to-work-with-v2.71.patch + - 0003-autoconf-change-tirpc-to-check-for-a-file-not-for-an.patch + - 0004-modprobe-protect-against-sysctl-errors.patch +- Refresh nfs-utils-1.0.7-bind-syntax.patch +- Added files: + - /usr/lib/udev/rules.d/99-nfs.rules + - /usr/libexec/nfsrahead + - /usr/sbin/rpcctl + - /usr/share/man/man5/nfsrahead.5.gz + - /usr/share/man/man8/rpcctl.8.gz +- Sort man page entries in %files section + +------------------------------------------------------------------- +Mon Jul 11 03:31:08 UTC 2022 - Neil Brown + +- 0004-modprobe-protect-against-sysctl-errors.patch + 0005-modprobe-avoid-error-messages-if-sbin-sysctl-fail.patch + Suppress any errors from /sbin/sysctl, if for example, it isn't + installed + (bsc#1200710) + +------------------------------------------------------------------- +Thu Jun 9 06:49:11 UTC 2022 - Neil Brown + +- 0001-systemd-Apply-all-sysctl-settings-when-NFS-related-m.patch + Ensure sysctl setting work (bsc#1199856) +- 0002-Update-autoconfig-files-to-work-with-v2.71.patch +- 0003-autoconf-change-tirpc-to-check-for-a-file-not-for-an.patch + Update for latest autoconf + +------------------------------------------------------------------- +Sat May 7 12:17:24 UTC 2022 - Marcus Meissner + +- switch to https urls + +------------------------------------------------------------------- +Mon Mar 21 14:50:21 UTC 2022 - Dirk Müller + +- drop reenable-nfsv2.patch (poo#106679) + +------------------------------------------------------------------- +Tue Mar 8 20:58:54 UTC 2022 - Dirk Müller + +- add reenable-nfsv2.patch for reverting nfsv2 deprecation until + test coverage is fixed (poo#106679) + +------------------------------------------------------------------- +Thu Mar 3 10:08:47 UTC 2022 - Martin Liška + +- Add gcc12-fix.patch upstream fix for GCC 12 compiler. + +------------------------------------------------------------------- +Mon Jan 31 07:24:41 UTC 2022 - Petr Vorel + +- Update to version 2.6.1 + - https://kernel.org/pub/linux/utils/nfs-utils/2.6.1/2.6.1-Changelog +- remove patches from this release: + - 0001-gssd-fix-crash-in-debug-message.patch, + - Add-disable-sbin-override-for-when-sbin-is-a-symlink.patch + +------------------------------------------------------------------- +Thu Oct 28 12:51:31 UTC 2021 - Callum Farmer + +- Add CONFIG parameter to %sysusers_generate_pre +- Remove unneeded group line (user implies group) +- Add Shell parameter to statd-user.conf + +------------------------------------------------------------------- +Mon Oct 25 23:53:37 UTC 2021 - Neil Brown + +- add Add-disable-sbin-override-for-when-sbin-is-a-symlink.patch + and use it to move last few binaries from /sbin to /usr/sbin + (bsc#1191082) +- Move nfsdclddb and nfsdclnts from nfs-client to + nfs-kernel-server and fix their permissions. + +------------------------------------------------------------------- +Thu Sep 9 23:35:04 UTC 2021 - Neil Brown + +- Add 0001-gssd-fix-crash-in-debug-message.patch + Fix crash when rpc-gssd run with -v. + (boo#1190144) + +------------------------------------------------------------------- +Tue Aug 10 05:08:18 UTC 2021 - Neil Brown + +- Remove dependency on fedfs-utils-devel. + + fedfs-utils was only ever a "technology preview" and is now + considered "end of life". + nfs-utils is not even built to use it as --enable-junction + isn't being passed to confgure + and fedfs-utils doesn't build wth glibc 2.34. + So remove the unnecessary dependency on fedfs-utils. + (bsc#1189085) + +------------------------------------------------------------------- +Tue Jul 13 06:32:47 UTC 2021 - Petr Vorel + +- Update to version 2.5.4 + https://mirrors.edge.kernel.org/pub/linux/utils/nfs-utils/2.5.4/2.5.4-Changelog + Notable changes: + * Handle failures in gssd better + * handle 'sloppy' option to mount better + * minor documentation improvements + +- Drop 2.5.4-rc4 patches: nfs-utils-2-5-4-rc1.patch, nfs-utils-2-5-4-rc2.patch, + nfs-utils-2-5-4-rc3.patch, nfs-utils-2-5-4-rc4.patch. + +------------------------------------------------------------------- +Mon May 24 14:34:19 UTC 2021 - Petr Vorel + +- Update to version 2.5.4-rc4 to get all recent fixes: + - nfs-utils-2-5-4-rc4.patch + e4ce810a Move declaration of etab and rmtab into libraries + 7a4e2d1d Remove 'force' arg from cache_flush() + c5528f40 Fix NFSv4 export of tmpfs filesystems + ed83085f gssd: use mutex to protect decrement of refcount + - nfs-utils-2-5-4-rc3.patch + 972dba0f nfs-utils: Enable the retrieval of raw config settings without expansion + 964f4861 nfs-utils: Factor out common structure cleanup calls + 8219bdb0 Replace all /var/run with /run + 81727afe Fix `statx()` emulation breaking exports + a41afe9e mountd/exports: Fix typo in the man page + - nfs-utils-2-5-4-rc2.patch + 2f669b6f NFS server should enable RDMA by default + d77ece22 mountd/exportd: only log confirmed clients, and poll for updates + ac266e2e exportfs: fix unexporting of '/' + - nfs-utils-2-5-4-rc1.patch + 7abd15e3 nfsdclnts: Ignore SIGPIPE signal + edeb3815 mountd: add logging of NFSv4 clients attaching and detaching. + f8e2c8d4 mountd: make default ttl settable by option + cc150093 mountd: add --cache-use-ipaddr option to force use_ipaddr + c7a954ae mountd: add logging for authentication results for accesses. + 1a8156f8 mountd/exports: update man page + fec7347e mountd: Don't proactively add export info when fh info is requested. + a72c151f mountd: reject unknown client IP when !use_ipaddr. + 05bacfed gssd: Add options to rpc.gssd to allow for the use of $HOME/.k5identity files + 7e559dbd exportd: server-side gid management + +- 0001-Replace-all-var-run-with-run.patch is now part of nfs-utils-2-5-4-rc3.patch + +------------------------------------------------------------------- +Tue May 4 01:09:57 UTC 2021 - Neil Brown + +- Add 0001-Replace-all-var-run-with-run.patch + Use /run instead of /var/run + (bsc#1185170) + +------------------------------------------------------------------- +Thu Mar 11 09:45:07 UTC 2021 - Guilherme Moro + +- Include nfsd kernel module Requires (bsc#1089118) + +------------------------------------------------------------------- +Tue Mar 2 16:06:40 UTC 2021 - Petr Vorel + +- Update to version 2.5.3 + https://mirrors.edge.kernel.org/pub/linux/utils/nfs-utils/2.5.3/2.5.3-Changelog + +------------------------------------------------------------------- +Wed Nov 11 13:31:48 UTC 2020 - Jan Engelhardt + +- Add missing ldconfig calls for libnfsidmap1. +- Throw out some remaining old rpm constructs. + +------------------------------------------------------------------- +Thu Oct 29 15:21:57 UTC 2020 - Petr Vorel + +- Update to version 2.5.2 + - fixed a couple memory leaks and other bug fixes, + - a lot of clean up +- Refresh nfs-utils-1.0.7-bind-syntax.patch +- Use %autosetup -p1 + +------------------------------------------------------------------- +Wed Sep 30 06:24:22 UTC 2020 - Neil Brown + +- Remove nfs-doc package. The documentation is 20 years old + and barely relevant. + (bsc#1171448) + +------------------------------------------------------------------- +Tue Jul 14 16:05:08 UTC 2020 - Petr Vorel + +- Update to version 2.5.1 + Dropped patch accepted upstream: + 0001-conffile-Don-t-give-warning-for-optional-config-file.patch + + - improvements for 64bit time + - improvements for SASL referrals + - Rename clddb-tool to nfsdclddb + - New tools nfsdclnts + - Better python3 support + - many bug-fixes + +------------------------------------------------------------------- +Fri Jun 5 10:02:18 UTC 2020 - Thorsten Kukuk + +- Use group statd instead of nogroup, nogroup would invalidate + the extra statd user. + +------------------------------------------------------------------- +Tue May 26 04:43:19 UTC 2020 - Neil Brown + +- Remove README.NFSv4. It is out dated and not useful. All + the configation described is now done automatically. + (bsc#1171448) + +------------------------------------------------------------------- +Fri Apr 3 11:04:11 UTC 2020 - Thorsten Kukuk + +- Remove obsolete useradd call + +------------------------------------------------------------------- +Fri Mar 27 05:29:36 UTC 2020 - Neil Brown + +- Improve the hack to avoid python dependencies. + A new python script had been added since that hack was written. + (boo#1166067) + +------------------------------------------------------------------- +Fri Mar 27 05:06:12 UTC 2020 - Neil Brown + +- 0001-conffile-Don-t-give-warning-for-optional-config-file.patch + Support optional include files correctly + (boo#1164619) + +------------------------------------------------------------------- +Tue Mar 24 10:13:53 UTC 2020 - Petr Vorel + +- Update nfs.conf + - change value: udp=n (disabled in 2.2.1.) + - update name: manage-gids + - new: verbosity=0, rpc-verbosity=0, use-gss-proxy=0, rdma-port=20049, + no-notify=0, force=0, lift-grace=y + +------------------------------------------------------------------- +Mon Mar 9 10:04:10 UTC 2020 - Thorsten Kukuk + +- statd-user.conf: create user via sysusers.d template +- Use ordering for systemd instead of hard requires + +------------------------------------------------------------------- +Mon Feb 10 18:58:59 UTC 2020 - Petr Vorel + +- Update to version 2.4.3 + Dropped patches (accepted upstream): + - 0001-nfs.conf-allow-empty-assignments.patch + - 0002-Let-systemd-know-when-rpc.statd-is-needed.patch + - 0003-systemd-run-statd-notify-even-when-nfs-client-isn-t-.patch + - 0004-nfsidmap-honour-with-pluginpath-for-instalation.patch + - 0005-nfs.conf-fail-to-disable-major-NFS-version-4-using-v.patch + - 0006-conffile-allow-optional-include-files.patch + - 0007-statd-user-from-sm + - 0008-mountd-Initialize-logging-early.patch + + Dropped patches (upstream used different solution): + - 0009-Allow-compilation-to-succeed-with-fno-common.patch (btw this used + Patch0: instead of Patch10:) (boo#1160405) + + Add nfsdcld - NFSv4 Client Tracking Daemon, add nfsdcld.service and enable it + for nfs-kernel-server, add man page + Add clddb-tool - tool for downgrading the nfsdcld sqlite database schema, + add man page + Removed osd_login (dropped in upstream in 2.3.4 rc1) + +------------------------------------------------------------------- +Wed Feb 5 22:13:28 UTC 2020 - Neil Brown + +- 0009-Allow-compilation-to-succeed-with-fno-common.patch + Allow compilation to success with -fno-common + (boo#1160405) + +------------------------------------------------------------------- +Wed Nov 20 23:55:31 UTC 2019 - Neil Brown + +- nfs-utils.spec - don't chown when not needed. + Only chown directories in /var/lib/nfs to statd + if they are currently owned by root. + The chown is needed for some upgrades, but if the + dirs are already owned by statd, an vulnerability in + statd could be escalated to root. + (bsc#1157321) + +------------------------------------------------------------------- +Mon Sep 23 01:52:29 UTC 2019 - Neil Brown + +- Delete 0006-nfs.conf-silence-include-error.patch + replaced with better version +- 0006-conffile-allow-optional-include-files.patch + Avoid error if /etc/nfs.conf.local doesn't exist + (bsc#1151044 bsc#1150807) +- 0008-mountd-Initialize-logging-early.patch + Don't close the loging socket - it causes problems. + (bsc#1151044 bsc#1150807) + +------------------------------------------------------------------- +Mon Sep 16 23:43:37 UTC 2019 - Neil Brown + +- Don't make /var/lib/nfs owned by statd. + Only sm and sm.bak need to be accessible by + statd or sm-notify after they drop privs. + Providing they get created, the parent + directory can be root-owned. +- 0007-statd-user-from-sm + Change rpc.statd and sm-notify to take uid from the sm + directory. + (bsc#1150733 CVE-2019-3689) + +------------------------------------------------------------------- +Mon Sep 16 05:56:12 UTC 2019 - Neil Brown + +- 0006-nfs.conf-silence-include-error.patch + Avoid an unhelpful warning (bsc#1150807) + +------------------------------------------------------------------- +Mon Sep 2 05:25:07 UTC 2019 - Neil Brown + +- 0005-nfs.conf-fail-to-disable-major-NFS-version-4-using-v.patch + Fix a bug that cause NFSv4 service to always be enabled, if + the server was enabled at all. + +------------------------------------------------------------------- +Wed Jul 24 13:07:41 UTC 2019 - matthias.gerstner@suse.com + +- removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by + firewalld, see [1]. + + [1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html + +------------------------------------------------------------------- +Wed Jan 30 00:10:03 UTC 2019 - Neil Brown + +- remove libnfsidmap1 dependency for nfs-client. + It isn't needed. + +------------------------------------------------------------------- +Tue Jan 29 22:50:04 UTC 2019 - Neil Brown + +- Remove service aliases - these files are deleted. + nfs.service + nfsserver.service + nfs-server.nfsserver.conf + nfs-client.nfs.conf + + Now the upstream standard service names "nfs-client" and "nfs-server" + must be used. + +------------------------------------------------------------------- +Tue Dec 4 00:03:00 UTC 2018 - Neil Brown + +- 0004-nfsidmap-honour-with-pluginpath-for-instalation.patch + Allow plugins to be installed properly +- nfs-utils.spec + Package shared library correctly + +------------------------------------------------------------------- +Mon Dec 3 02:49:13 UTC 2018 - Neil Brown + +- 0001-nfs.conf-allow-empty-assignments.patch + Fix regression due to unnecessary "error" messages from nfs.conf + +- 0002-Let-systemd-know-when-rpc.statd-is-needed.patch + 0003-systemd-run-statd-notify-even-when-nfs-client-isn-t-.patch + Fixes for systemd integration + (bsc#1116221) + +------------------------------------------------------------------- +Thu Oct 25 05:32:30 UTC 2018 - Neil Brown + +- New version: nfs-utils-2.3.3 + The nfsidmap library source has been merged into + nfs-utils, so this source package now makes + nfsidmap and nfsidmap-devel packages. + New program "nfsconf" improves access to nfs config files. + Delete patches that have been included upstream: + 0001-conffile-ignore-empty-environment-variables.patch + 0002-mount-call-setgroups-before-setuid.patch + 0003-nfs-server-generator-handle-noauto-mounts-correctly.patch + nsm-headers.patch + sysmacros.patch + +------------------------------------------------------------------- +Mon Aug 6 07:29:37 UTC 2018 - schwab@suse.de + +- sysmacros.patch: include for major + +------------------------------------------------------------------- +Thu Aug 2 01:31:30 UTC 2018 - sflees@suse.de + +- use packageand for nfs documentation rather then always + installing nfs-doc as part of the documentation pattern. + +------------------------------------------------------------------- +Thu Jul 26 23:05:27 UTC 2018 - nfbrown@suse.com + +- nfs.conf: spell NFSV4LEASETIME correctly. + (bsc#1098532) + +------------------------------------------------------------------- +Fri Jul 6 15:02:49 CEST 2018 - kukuk@suse.de + +- Create files in /var/lib/nfs via tmpfiles.d [bsc#1100404], + [FATE#325524] + +------------------------------------------------------------------- +Thu Nov 23 13:40:51 UTC 2017 - rbrown@suse.com + +- Replace references to /var/adm/fillup-templates with new + %_fillupdir macro (boo#1069468) + +------------------------------------------------------------------- +Fri Oct 6 04:23:19 UTC 2017 - nfbrown@suse.com + +- fix incorrect dependency in + /usr/lib/systemd/system/nfs-client.target.d/nfs.conf + When yast restarts "nfs" it should propagate to nfs-client, + but doesn't. + (boo#1053691) + +------------------------------------------------------------------- +Wed Jul 5 11:02:51 UTC 2017 - schwab@suse.de + +- nsm-headers.patch: add missing + +------------------------------------------------------------------- +Tue May 2 13:51:27 CEST 2017 - kukuk@suse.de + +- Prerequire needed group "nogroup" + +------------------------------------------------------------------- +Wed Feb 8 02:32:37 UTC 2017 - nfbrown@suse.com + +- update upstream version from 1.3.4 to 2.1.1 + The significant update is that configuration can + now be read from a central /etc/nfs.conf file, and + it can include other files such as /etc/sysconfig/nfs + This means that the old nfs-config.service systemd + unit is no longer needed. +- /etc/nfs.conf file created to import all sysconfig + settings except *_OPTIONS directly into running code. +- dropins created to pass *_OPTIONS sysconfig setting to + the various daemons. +- various specfile improvements, such as using "-D" in + "install" commands, and adding "verify_permissions". +- "xtab" has not been needed for years and has now been remove. +- sysconfig.nfs updated, particular the ServiceRestart + declarations have been tuned for systemd units. +- 0003-nfs-server-generator-handle-noauto-mounts-correctly.patch + Fix the nfs-server-generator so that mounts marked "noauto" + are not automatically mounted when NFS exported. + (bsc#1019211) +- 0001-conffile-ignore-empty-environment-variables.patch + 0002-mount-call-setgroups-before-setuid.patch + Other minor fixes found during testing. +- REMOVED 0001-Make-location-of-nfs-utils_env.sh-configurable.patch + now included upstream + +------------------------------------------------------------------- +Thu Jan 19 10:17:03 UTC 2017 - jengelh@inai.de + +- Check for existence of "statd" user before creating it, + and do not suppress errors about it. +- Ensure units passed to %service_* are full filenames. +- Pass all units (non-templated) to %service_*. + +------------------------------------------------------------------- +Mon Nov 14 14:51:30 UTC 2016 - dimstar@opensuse.org + +- Also ignore errors on the first chown call: this can happen + especially in the build system when shadow is not present and + the user has not been generated in the %pre phase. + +------------------------------------------------------------------- +Fri Oct 21 00:09:04 UTC 2016 - nfbrown@suse.com + +- move rpc.svcgssd and corresponding man page from + nfs-client package to nfs-kernel-server. + For NFSv4.0 this is needed on client as well as + the server to support the back-channel. + (bsc#1005609) + +------------------------------------------------------------------- +Sun Aug 21 06:16:27 UTC 2016 - nfbrown@suse.com + +- 0001-Make-location-of-nfs-utils_env.sh-configurable.patch + 1.3.4 moved the config script location to somewhere + that doesn't exist on openSUSE. Move it somewhere + better and install it there. + (bsc#990356) + +------------------------------------------------------------------- +Wed Aug 10 02:57:57 UTC 2016 - nfbrown@suse.com + +- nfs-utils-1.3.4.tar.xz + New upstream release. Lots of bugfixes, no significant + functionality changes + +- delete 0001-Fix-protocol-minor-version-fall-back.patch + delete 0001-close-the-syslog-fd-in-daemon_init.patch + delete 0001-mount-run-START_STATD-fully-as-root.patch + delete 0001-mount.nfs-hide-EBUSY-errors.patch + delete 0001-mount.nfs-trust-the-exit-status-of-start_statd.patch + delete 0001-systemd-Decouple-the-starting-and-stopping-of-rpcbin.patch + delete 0002-systemd-unit-files-fix-up-dependencies-on-rpcbind.patch + delete nfs-utils-no-svcgss.service + delete nfs-utils-uninit-mem.patch + All patches are included in 1.3.4 + + +------------------------------------------------------------------- +Tue Aug 9 23:32:10 UTC 2016 - nfbrown@suse.com + +- nfs-utils_env.sh + Fix some problems with version_params. + Various misspellings and remove the possiblity + that V4 is both disabled and enabled. + (bsc#990356) + +------------------------------------------------------------------- +Mon Aug 8 08:39:54 UTC 2016 - tchvatal@suse.com + +- Drop OMC svcinfo file, nowdays useless + +------------------------------------------------------------------- +Mon Aug 8 08:38:16 UTC 2016 - tchvatal@suse.com + +- Sort a bit with spec-cleaner to get uptodate spec +- Convert deps from regular devels to pkgconfig style + +------------------------------------------------------------------- +Tue May 24 22:27:14 UTC 2016 - nfbrown@suse.com + +- 0001-systemd-Decouple-the-starting-and-stopping-of-rpcbin.patch + 0002-systemd-unit-files-fix-up-dependencies-on-rpcbind.patch + Fix systemd dependencies to ensure rpcbind is started when needed. + (bsc#975265) + +------------------------------------------------------------------- +Thu Apr 21 23:40:59 UTC 2016 - neilb@suse.com + +- 0001-close-the-syslog-fd-in-daemon_init.patch + Without this, tracing doesn't work +- 0001-mount.nfs-trust-the-exit-status-of-start_statd.patch + (bsc#945937) +- 0001-mount-run-START_STATD-fully-as-root.patch + (bsc#969152) + +------------------------------------------------------------------- +Mon Apr 4 13:56:38 CEST 2016 - kukuk@suse.de + +- Drop unused BuildRequires for libgssglue, not used with tirpc + +------------------------------------------------------------------- +Mon Apr 4 10:16:32 CEST 2016 - kukuk@suse.de + +- Drop unused BuildRequires for librpcsecgss, tirpc version is used + +------------------------------------------------------------------- +Wed Mar 2 03:53:26 UTC 2016 - neilb@suse.com + +- 0001-mount.nfs-hide-EBUSY-errors.patch + Stop "mount -a -t nfs" from complaining if filesystem + already mounted (bsc#950340) + +------------------------------------------------------------------- +Thu Feb 18 06:04:05 UTC 2016 - neilb@suse.com + +- 0001-Fix-protocol-minor-version-fall-back.patch + (bnc#959211) + +------------------------------------------------------------------- +Wed Feb 17 03:20:55 UTC 2016 - neilb@suse.com + +- nfs.service: don't mount/unmount nfs filesystems. + systemd does this automatically. Trying to do it here too + causes timing races (boo#963616) + +------------------------------------------------------------------- +Thu Nov 26 16:17:42 UTC 2015 - schwab@suse.de + +- nfs-utils-uninit-mem.patch: fix use of uninitialized memory (bsc#956743) + +------------------------------------------------------------------- +Mon Nov 9 23:53:43 UTC 2015 - p.drouand@gmail.com + +- Remove sysvinit related macros; the package doesn't contain any + sysvinit script +- Replace systemd with systemd-rpm-macros; increase dependencies + weight +- Use %configure macro +- Remove depreciated %clean section + +------------------------------------------------------------------- +Tue Oct 27 13:24:31 UTC 2015 - jeffm@suse.com + +- Use proper annotations for service restart (bsc#952055). + +------------------------------------------------------------------- +Thu Oct 22 06:35:02 UTC 2015 - nfbrown@suse.com + +- update upstream version from 1.3.1 to 1.3.3. + This contains lots of bugfixes but not significant new features. +- delete 0001-nfs-client.target-Removed-a-ordering-cycle-with-nfs-.patch + delete 0002-Centralize-dependencies-on-the-auth-unit.patch + both included upstream +- nfs-utils-no-svcgss.service + fix minor make-install issue (has since been accepted upstream) +- use "make install" to install systemd files instead of hand-code. +- retain rpc-svcgssd for now until gss-proxy is packaged. + +------------------------------------------------------------------- +Thu Oct 15 03:32:53 UTC 2015 - nfbrown@suse.com + +- nfs-utils_env.sh: honour RPC_PIPEFS_DIR setting. + It is currently ignored due to a logic error. + (bsc#947852) + +------------------------------------------------------------------- +Thu Sep 24 02:29:36 UTC 2015 - nfbrown@suse.com + +- nfsserver.service. Provide ExecReload directive. + This allows "systemctl reload nfsserver" to work. + PropagatesReloadTo but itself is not enough if this + unit doesn't have it's own Reload handler. + (bsc#97296) + +------------------------------------------------------------------- +Thu Aug 13 02:36:16 UTC 2015 - nfbrown@suse.com + +- sysconfig.nfs: add STATD_PORT, STATD_HOSTNAME, + LOCKD_TCPPORT, LOCKD_UDPPORT +- nfs-utils-env.sh: handle STATD_PORT, STATD_HOSTNAME, + LOCKD_TCPPORT, LOCKD_UDPPORT + Also handle NFSV4LEASETIME, which was missing. + + (bsc#941645) + +------------------------------------------------------------------- +Mon Aug 10 04:28:42 UTC 2015 - nfbrown@suse.com + +- nfs.service: improve back-compatibility with /etc/init.d/nfs + + mount and unmount nfs filesystems on start/stop. + + keep status as "good" when everything is running. + (bnc#911986) + +------------------------------------------------------------------- +Sun Nov 09 19:34:00 UTC 2014 - Led + +- fix bashisms in pre/post scripts + +------------------------------------------------------------------- +Wed Nov 5 00:48:09 UTC 2014 - nfbrown@suse.com + +- new upstream nfs-utils-1.3.1 + This brings numerous fixes, particularly to gssd and + nfsdcltrack. It incorporates all the upstreamable + patches we had: +- Delete nfsdcltrack.sbin.patch +- Delete start-statd.patch +- 0001-nfs-client.target-Removed-a-ordering-cycle-with-nfs-.patch + 0002-Centralize-dependencies-on-the-auth-unit.patch + Patches from 1.3.2-rc, which look useful + +- Convert from /etc/init.d startup scripts to full + systemd integration. + The upstream standard names are "nfs-client" and "nfs-server" + rather than "nfs" and "nfsserver", so local "nfs" "nfsserver" + aliases are created and "rcXXX" links are provided for all 4. + +------------------------------------------------------------------- +Thu Sep 4 02:55:22 UTC 2014 - nfbrown@suse.com + +- nfsserver.init: allow $NFSD_V4_GRACE to set the lease + time if NFSV4LEASETIME is not set, as some documentation + suggests this. + Also set NFSv4 and NLM grace time to make the NFSv4 lease time + as having them different at boot time doesn't make sense. + (bnc#892809) + +------------------------------------------------------------------- +Mon Jul 7 01:57:26 UTC 2014 - nfbrown@suse.com + +- Remove mkintird scripts again. "libguestfs" now includes + them so nfs-utils doesn't need to. + (bnc#883876) + +------------------------------------------------------------------- +Thu Jun 26 02:35:31 UTC 2014 - nfbrown@suse.com + +- add mkinitrd scripts back in. They are needed by + "guestfs" See bnc#883873 + (bnc#883876) + +------------------------------------------------------------------- +Tue Jun 10 07:19:06 UTC 2014 - nfbrown@suse.com + +- Use start-statd and rpc-statd.service from upstream for running statd. + Our start-statd doesn't work in a systemd environment (bnc#852984) +- start-statd.patch - needed to make upstream start-statd work properly. +- use .xz from upstream, that is what kernel.org prefers and it is smaller + +------------------------------------------------------------------- +Wed Jun 4 01:59:27 UTC 2014 - nfbrown@suse.com + +- Remove 0001-nfsidmap-Keys-need-to-be-invalidated-instead-of-revo.patch + Now that keyutils has been updated in Factory, this patch + is no longer needed. + +------------------------------------------------------------------- +Tue Jun 3 12:55:16 UTC 2014 - werner@suse.de + +- Check if systemd is listen on local socket 111 to trigger the + start of the rpcbind.service on demand (bnc#860246) +- There exists only nfs-utils-1.3.0.tar.gz at + http://kernel.org/pub/linux/utils/nfs-utils/1.3.0/ + +------------------------------------------------------------------- +Wed May 14 02:40:01 UTC 2014 - nfbrown@suse.com + +- New upstream version 1.3.0. + Includes all our bugfix patches except 1. + Adds assorted other bugfixes and improvements including + initial support for NFSv4.2 + Prepares the way for better systemd integration. + Discards useless programs gss_clnt_send_err and gss_destroy_creds + +- Removes: 0001-mountd-Fix-is_subdirectory-again.patch +- Removes: 0002-gssd-Fix-recent-fix-to-Avoid-DNS-reverse-resolution-.patch +- Removes: 0003-Fix-handling-of-preferred-realm-command-line-option.patch +- Removes: 0004-nfsiostat-restore-output-format.patch +- Removes: 0005-gssd-don-t-give-up-on-machine-credential-if-hostname.patch +- Removes: 0006-gssd-fixed-typo-in-machine-cred-name.patch +- Removes: skip-on-ENOENT.patch +- Removes: mountd-fix-bug-affecting-exports-of-dirs-with-64bit-.patch +- Removes: exportfs-exit-with-error-code-if-there-was-any-error.patch +- Removes: exportfs-report-failure-if-asked-to-unexport-somethi.patch +- Removes: gssd-mount-hang-fix.patch +- Removes: udp-fallback-fix.patch +- Removes: fedfs-lib-name.patch + +- 0001-nfsidmap-Keys-need-to-be-invalidated-instead-of-revo.patch + This upstream patch is currently reverted until we get a newer version + of keyutils. + +------------------------------------------------------------------- +Tue May 6 00:51:39 UTC 2014 - nfbrown@suse.com + +- nfsdcltrack_sbin.patch + The kernel expects nfsdcltrack to be in /sbin, + so we must put it there. + +------------------------------------------------------------------- +Wed Apr 16 15:24:27 UTC 2014 - trenn@suse.de + +- Remove mkinitrd bits -> we use dracut now which already has + nfs stuff provided in its package in: + /usr/lib/dracut/modules.d/95nfs/ + Remove sources: + - mkinitrd-boot.sh + - mkinitrd-setup.sh + +------------------------------------------------------------------- +Tue Mar 11 00:11:18 UTC 2014 - sleep_walker@suse.cz + +- properly rename patches: + udp-fallback.fix -> udp-fallback-fix.patch + fedfs-lib-name -> fedfs-lib-name.patch + gssd-mount-hang-fix -> gssd-mount-hang-fix.patch + +------------------------------------------------------------------- +Sun Mar 9 23:00:19 UTC 2014 - nfbrown@suse.com + +- Remove "Start-Before: autofs" from nfs.init. This turns + out not to be needed, and is out of place. If anything, + autofs should declare a dependency on nfs. (bnc#861489) +- fedfs-lib-name, nfs-utils.spec + Build with fedfs support so that if fedfs-utils is also + installed, federated-filesystems can be exported. + (FATE#313522) + +------------------------------------------------------------------- +Mon Feb 17 04:40:41 UTC 2014 - nfbrown@suse.com + +- udp-fallback.fix: Fix fallback from tcp to udp + (bnc#863749) + +------------------------------------------------------------------- +Tue Feb 4 05:18:48 UTC 2014 - nfbrown@suse.com + +- nfs-utils.spec: Require keyutils for proper + idmap lookup. +- nfs.init, nfsserver.init: mkdir /run/nfs before + trying to create a file in there (bnc#859221) +- nfs.init, nfsserver.init: add + X-Systemd-RemainAfterExit: true + to ensure services aren't shutdown if sm-notify + reports an error + (bnc#849387) + +------------------------------------------------------------------- +Wed Nov 27 09:00:36 UTC 2013 - nfbrown@suse.com + +- nfsserver.init: fix that typo properly. + Somehow I only fixed part of the problem + (bnc#849476) + +------------------------------------------------------------------- +Tue Nov 26 13:05:11 UTC 2013 - werner@suse.de + +- If nfs-utils and autofs are both installed make sure that the nfs + client boot service will be started before autofs as otherwise + systemd dependency chain is waiting on nfs client services at + shutdown if nfs client is enabled. + +------------------------------------------------------------------- +Mon Nov 18 03:35:45 UTC 2013 - nfbrown@suse.com + +- nfsserver.init: fix typo in "--nfs-version 4". + (bnc#849476) + +------------------------------------------------------------------- +Sun Nov 17 23:06:16 UTC 2013 - nfbrown@suse.com + +- gssd-mount-hang-fix: An nfs mount will hang + indefinitely if mounted by IP address and there + is no reverse mapping available. This is + caused by a bug in gssd. + (bnc#833543) + +------------------------------------------------------------------- +Wed Nov 6 02:06:45 UTC 2013 - nfbrown@suse.com + +- nfs-utils.spec: add various systemd macros to make + sure init scripts are registered properly + bnc#845475 +- nfs.int, nfsserver.init: run gssd on server as well + as on client. This is needed for NFSv4.0 callbacks. + bnc#845269 +- exportfs-exit-with-error-code-if-there-was-any-error.patch +- exportfs-report-failure-if-asked-to-unexport-somethi.patch + Return good error code from exportfs. + bnc#846064 + +------------------------------------------------------------------- +Tue Oct 22 04:45:13 UTC 2013 - nfbrown@suse.com + +- mountd-fix-bug-affecting-exports-of-dirs-with-64bit-.patch + allow NFS export to work for XFS filesystems with INODE64 + (bnc#841971) + +------------------------------------------------------------------- +Tue Oct 15 01:13:01 UTC 2013 - nfbrown@suse.com + +- nfs.init: run ldconfig directly rather than calling + boot.ldconfig. + boot.ldconfig had some "optimisations" which are + unimportant and inconvenient for NFS, and doesn't + exist any more anyway. + (bnc#834164). + +------------------------------------------------------------------- +Thu Sep 5 05:05:13 UTC 2013 - nfbrown@suse.com + +- nfs.init: always start gssd. + Recent kernel change means that if gssd isn't running + and NFSv4 mount will wait 15 seconds before timing out + even if gss security wasn't requested. + So just start gssd alway - there is no significant cost + in this. + (bnc#837262) + +------------------------------------------------------------------- +Mon Sep 2 05:13:25 UTC 2013 - nfbrown@suse.com + +- skip-on-ENOENT.patch - suppress error message + that isn't really an error (bnc#800414) + +------------------------------------------------------------------- +Mon Aug 5 15:41:31 CEST 2013 - ohering@suse.de + +- Include also nfsv2,nfsv3,nfsv4.ko in initrd (bnc#815738) +- Remove usage of absolute paths in mkinitrd script +- Include also mount.nfs4 + +------------------------------------------------------------------- +Mon Jul 22 06:47:57 UTC 2013 - nfbrown@suse.com + +- New sysconfig variables + NFS4_SERVER_MINOR_VERSION, GSSD_OPTIONS, + NFS_GSSD_AVOID_DNS + to enable various configurations. +- bug fixes to init scripts to avoid unmounting everything(!) + and to avoid corrupting /run/nfs/bind.mounts + +------------------------------------------------------------------- +Mon Jul 22 06:12:53 UTC 2013 - nfbrown@suse.com + +- New upstream release 1.2.8 - mostly bugfixes, many to gssd. + No important new functionality +- Changes to ./configure command to remove warnings +- 8 more patches from upstream 'git' to fix non-trivial bugs + including on CVE. + +------------------------------------------------------------------- +Mon May 13 15:32:55 UTC 2013 - coolo@suse.com + +- remove sysvinit requires - they are rather harmful these days + +------------------------------------------------------------------- +Wed Mar 6 20:04:55 UTC 2013 - darin@darins.net + +- nfsserver.init,sysconfig.nfs - Add support for setting rpc.mountd + options. + +------------------------------------------------------------------- +Wed Nov 28 00:08:55 UTC 2012 - nfbrown@suse.com + +- New upstream release 1.2.7. Adds FedFD support + to mounted and replaces nfsdcld with + nfsdcltrack. This is used to manage client state + on NFSv4 servers. + Incorporates more local patches. + +- Replace "/var/run" with "/run" in various scripts. + +- nfsserver.init: Generate message that "bind=" is deprecated + if it is used. + +------------------------------------------------------------------- +Wed Oct 17 23:55:27 UTC 2012 - nfbrown@suse.com + +- Add dependency on "netcfg" to ensure /etc/services + is present (bnc#779851) + +------------------------------------------------------------------- +Thu Sep 27 02:10:53 UTC 2012 - nfbrown@suse.com + +- nfs4-no-umount: does send MOUNT_UMNT rpcs + when unmounting an 'nfs4' filesystem. They + are only required for nfs2,3. (bnc#772534) + +------------------------------------------------------------------- +Thu Jul 19 06:26:10 UTC 2012 - nfbrown@suse.com + +- mount-exit-code.fix: Correct exit code from + unmount when fs is busy - allows autofs to work + correctly. (bnc#770962) + +------------------------------------------------------------------- +Thu May 17 07:04:58 UTC 2012 - nfbrown@suse.com + +- nfs upstream version 1.2.5. Lots of bug fixes + and improved support for pNFS. + Adds nfsdcld daemon on osd_login script. + Removed some very out-of-date documentation. + +------------------------------------------------------------------- +Wed May 2 01:42:23 UTC 2012 - nfbrown@suse.com + +- nfsserver.init: remove VERSION_LIST. This is + unnecessary duplication of VERSION_PARAMS + +------------------------------------------------------------------- +Wed May 2 01:34:51 UTC 2012 - nfbrown@suse.com + +- nfsserver.init: Don't depend on "mount" preserving + unknown options - it doesn't any more. This can + confuse nfsd_unbind_mounts (bnc#754805) + +------------------------------------------------------------------- +Sun Nov 20 06:47:14 UTC 2011 - coolo@suse.com + +- add libtool as buildrequire to avoid implicit dependency + +------------------------------------------------------------------- +Sun Nov 6 11:43:39 UTC 2011 - puzel@suse.com + +- do not strip the binaries + +------------------------------------------------------------------- +Wed Oct 12 05:18:17 UTC 2011 - nfbrown@suse.com + +- nfs.init: handle case where kernel adds trailing + slash to name in /proc/mounts. + (bnc#722431 bnc#720376) + +------------------------------------------------------------------- +Sat Oct 1 15:24:33 UTC 2011 - crrodriguez@opensuse.org + +- Fix build in arm, portability bug, applications MUST + use sysconf(_SC_PAGESIZE) instead of constant PAGE_SIZE + +------------------------------------------------------------------- +Sun Sep 25 08:28:53 UTC 2011 - nfbrown@suse.com + +- New upstream version 1.2.5 - This adds a new binary + blkmapd with man page, This is part of PNFS support. + +------------------------------------------------------------------- +Thu Aug 18 07:48:27 UTC 2011 - nfbrown@novell.com + +- New upstream version 1.2.4 - plus a few important + patches from git. This adds a new binary nfsidmap, + with man page. Also: build with libmount enabled + to correctly handle /etc/mtab being linked to + /proc/self/mounts. (bnc#681106) + +------------------------------------------------------------------- +Thu Jun 23 05:41:25 UTC 2011 - nfbrown@novell.com + +- nfs.init,nfsserver.init,sysconfig.nfs - Add support + for configuring NFS for a fail-over configuration + with shared state. (bnc#689622) +- rpc.mountd-segfault-fix; fix possible segfault caused + by "showmount -e" usage. (bnc#693189) +- do-not-error-when-address-family-not-supported - + suppress socket error when IPv6 is not loaded + (bnc#670449) +- addmntent.fix - error check writes to /etc/mtab and + cope accordingly. (bnc#689799) +- mount-catch-signals - don't abort on SIGXSFZ or other + signals while mtab is locked (bnc#689799) +- mountd-auth-fix - fix bug that could give away incorrect + access to NFS exported filesystems. (bnc#701702) + +------------------------------------------------------------------- +Fri Jun 17 14:12:19 UTC 2011 - aj@suse.de + +- Fix URLs. + +------------------------------------------------------------------- +Thu Jun 2 06:48:03 UTC 2011 - nfbrown@novell.com + +- nfsserver.init, sysconfig.nfs: add NFSV4LEASETIME + parameter to allow lease time to be set. + bnc#681510 + +------------------------------------------------------------------- +Tue May 31 11:43:41 UTC 2011 - lnussel@suse.de + +- use /var/run/nfs instead of /var/lock/subsys + +------------------------------------------------------------------- +Tue May 31 01:41:58 UTC 2011 - nfbrown@novell.com + +- sysconfig.nfs: now that 'nfs' is not enabled + by default, set NFS_START_SERVICES=yes by default + and document that 'chkconfig nfs on' is needed. + +------------------------------------------------------------------- +Wed Apr 27 00:41:10 UTC 2011 - nfbrown@novell.com + +- Make /var/lib/nfs world executable. + Otherwise 'df' complains about /var/lib/nfs/rpc_pipefs + bnc#675385 + +------------------------------------------------------------------- +Sat Mar 19 14:10:18 UTC 2011 - jengelh@medozas.de + +- Must up the loopback device, otherwise trying to contact the + portmapper (even if it does not actually run) will hang forever- + the TCP RST is crucial for mount.nfs + +------------------------------------------------------------------- +Wed Feb 16 23:55:22 UTC 2011 - nfbrown@novell.com + +- nfs.init: improve handling of paths with spaces. + If a path name has a space, it will appear as \040 + in fstab and in /proc/mounts. Using 'grep -E' to search + for this is problematic as it will interpret the + '\'. So use 'grep -F' instead - we know there is + only a single space in /proc/mounts. Also use + "read -r" so 'read' doesn't interpret the '/'. + (bnc#666128) + +------------------------------------------------------------------- +Wed Feb 16 23:49:40 UTC 2011 - nfbrown@novell.com + +- nfsserver.init: make sure sm-notify runs on restart. + If we stop nfsd, that might also stop lockd which would + drop locks. So make sure lockd really does drop lock + for consistency, and ensure that sm-notify is run when + nfsserver is restarted. (bnc#668280) + +------------------------------------------------------------------- +Mon Jan 31 07:49:03 UTC 2011 - lnussel@suse.de + +- don't run SuSEfirewall2 from start-statd script. If SuSEfirewall2 + is installed and enabled it will be called at the end of the boot + process anyways (bnc#668181). + +------------------------------------------------------------------- +Fri Jan 28 14:03:14 UTC 2011 - lnussel@suse.de + +- avoid python depdency to avoid bloating the minimal installation +- use %set_permissions instead of %run_permissions + +------------------------------------------------------------------- +Tue Jan 25 09:01:37 UTC 2011 - lnussel@suse.de + +- give user a hint if portmap isn't running as statd can't be started in that + case. + +------------------------------------------------------------------- +Wed Jan 12 12:15:31 UTC 2011 - lnussel@suse.de + +- don't enable nfs init script by default. The yast nfs module + makes sure the script gets enabled when adding mounts +- print a message to tell when file systems are mounted as that + could take a while + +------------------------------------------------------------------- +Tue Dec 7 11:18:24 UTC 2010 - coolo@novell.com + +- add sysvinit prereqs to make sure the scripts are there before + installation (also for building) + +------------------------------------------------------------------- +Mon Oct 11 06:17:55 UTC 2010 - nfbrown@novell.com + +- new upstream version 1.2.3, plus some upstream fix-up patches. +- new user 'statd' owns /var/lib/nfs so rpc.statd runs as non-root. +- New commands 'mountstats' and 'nfsiostat' +- ipv6 support enabled as it is believed to be complete. + +------------------------------------------------------------------- +Wed Aug 11 04:35:05 UTC 2010 - nfbrown@novell.com + +- Change "Requires: portmap" to "Requires: rpcbind". + Current nfs-utils does not work properly with portmap + due to IPv6 being enabled, so we really need rpcbind. + So be explcit about that, else upgrading an old + installation will leave portmap in place which + won't work. + bnc#620346 + +------------------------------------------------------------------- +Sun Jul 25 07:01:59 UTC 2010 - aj@suse.de + +- Add rpmlintrc since /var/lib/nfs/sm.bak is valid. + +------------------------------------------------------------------- +Sun May 9 23:07:24 UTC 2010 - nfbrown@novell.com + +- nfsserver.init / sysconfig.nfs: allow NFSv3 service + to be disabled so only NFSv4 can be used. bnc#598671 +- nfs-v2-disable.patch: mountd support for above +- nfs.init: unmount bind mounts with '-l' to ensure they + really unmount. bnc#598681 + +------------------------------------------------------------------- +Mon Apr 19 23:43:45 UTC 2010 - nfbrown@novell.com + +- mkinitrd-boot.sh: allow other mkinitrd-setup + scripts to request the inclusion of nfs support + by setting need_nfs to 1. (bnc#572207) + +------------------------------------------------------------------- +Mon Apr 19 04:54:50 UTC 2010 - nfbrown@novell.com + +- sysconfig.nfs, nfsserver.init, start-start: handle + STATD_OPTIONS so that sysadmin can easily set options + like port number. (bnc#595379) + +------------------------------------------------------------------- +Fri Mar 26 15:39:05 CET 2010 - mmarek@suse.cz + +- mkinitrd-boot.sh: Do not do anything over if iscsi should be used + (bnc#590135). + +------------------------------------------------------------------- +Tue Mar 9 21:18:22 UTC 2010 - nfbrown@novell.com + +- init.nfs: also call 'udevadm settle' when mounting things + other than /usr and /opt. bnc#571540 + +------------------------------------------------------------------- +Tue Feb 23 22:15:18 UTC 2010 - nfbrown@novell.com + +- init.nfs: if mounting /usr fails, call "udevadm settle" + and try again incase network interfaces are still + appearing. bnc#571540 + +------------------------------------------------------------------- +Sun Nov 29 22:03:26 UTC 2009 - nfbrown@novell.com + +- nfs-utils-eperm-fallback.patch: mount.nfs + tries a v3 mount after a v4 mount fails with ENOENT. + Older linux nfsd servers return EPERM, so fall + back in that case too. bnc#557138 + +------------------------------------------------------------------- +Thu Nov 5 03:16:22 UTC 2009 - nfbrown@novell.com + +- New upsteam release - 1.2.1 + Includes new config file: /etc/nfsmount.conf and + man page. +- nfs.init + * implement try-restart in a more gentle fashion + so that active mounts are not lost. Also allow + for the fact that binary has changed when finding + and killing running daemons. (bnc#543911) +- start-statd + * try-restart the firewall after starting statd + as the firewall might need to update to reflect + a new port number. +- Start nfs services if any nfs related sysctl + is set in /etc/sysctl.conf + +------------------------------------------------------------------- +Fri Oct 30 05:43:32 CET 2009 - nfbrown@suse.de + +- Kill processes on NFS mounts when unmounting + for shutdown. This allows any 'sync' to happen + before we turn off the network. + (bnc#503640) + +------------------------------------------------------------------- +Tue Oct 6 14:14:24 CEST 2009 - werner@suse.de + +- Work around broken sysconfig file (bnc#529961) + +------------------------------------------------------------------- +Fri Mar 20 04:51:23 CET 2009 - nfbrown@suse.de + +- sysconfig.nfs + * add 'NFS_START_SERVICE' option for people who + need gssd or idmapd but mount using automount, not + fstab. bnc#472438 + +------------------------------------------------------------------- +Thu Dec 18 00:35:09 CET 2008 - nfbrown@suse.de + +- nfs.init + * 'stop' should stop servies based on what is + running, not what is configured to be run. + bnc#459021 + * force-start added to start NFS services even + if nothing is in /etc/fstab. + +------------------------------------------------------------------- +Mon Dec 08 15:37:13 CET 2008 - bwalle@suse.de + +- initrd: Giving the DHCP provided root path a higher priority + compared to the fallback from fstab. Command line can still + overwrite the DHCP provided root path. (bnc #440192). + +------------------------------------------------------------------- +Sun Dec 7 22:20:05 CET 2008 - nfbrown@suse.de + +- gssd-mem-leak + * set better expiry date for cached auth info + so kernel does not run out of memory + bnc#442490 + +------------------------------------------------------------------- +Fri Dec 5 02:43:20 CET 2008 - nfbrown@suse.de + +- nfs.init + * Don't signal an error if asked to stop 'nfs' + when there is nothing to stop. Signalling an + error here causes "rpm -e nfs-client" to fail. + (bnc#450940) + +------------------------------------------------------------------- +Tue Dec 2 03:15:50 CET 2008 - nfbrown@suse.de + +- warn-nfs-udp.patch + * Add warnings to nfs.man about usage of UDP + and print message pointing to this warning + when udp is used. + This comes from util-linux-warn-nfsudp.diff in + previous releases. + +- nfs.init + * load nfs modules then apply any sysctl setting + before mounting any filesystems + (bnc#431306, bnc#443118) +- nfsserver.init + * set lockd sysctls before starting lockd. + (bnc#443118) + + +------------------------------------------------------------------- +Tue Nov 25 06:10:31 CET 2008 - nfbrown@suse.de + +- nfs.init + * Don't 'stop' if root is on NFS. + If we stop NFS if root is on NFS, then + reboot will hang - bnc#439974 + +------------------------------------------------------------------- +Mon Nov 24 00:01:51 CET 2008 - nfbrown@suse.de + +- nfs.init + * Don't try to kill processes with fuser. + it hangs when netowrk is down, and isn't + needed as we use lazy unmount + bnc#445908 + * Don't kill statd if nfsd is still running. +- fork-start-statd.patch + * Don't use 'system' to run start-statd + as this looses our setuid bit. + bnc#447812 + +------------------------------------------------------------------- +Fri Nov 21 11:45:58 CET 2008 - hare@suse.de + +- export ROOTFS_FSCK=0 to skip fsck for root on NFS (bnc#441234) + +------------------------------------------------------------------- +Thu Nov 20 03:10:20 CET 2008 - nfbrown@suse.de + +- rpc.gssd-catch-signal.patch + * new patch (not yet upstream) to make sure + rpc.gssd gets signals from dnotify. + bnc#406832 + +------------------------------------------------------------------- +Wed Nov 19 23:42:23 CET 2008 - nfbrown@suse.de + +- sm-notify-no-sync.patch + * new upstream patch to avoid sync() in common + case of no peers to notify. + Important for speeding boot of SLED + +------------------------------------------------------------------- +Tue Nov 18 21:43:59 CET 2008 - nfbrown@suse.de + +- nfs-utils.spec: typo in command to install + modprobe.d/nfs-utils + +------------------------------------------------------------------- +Fri Nov 14 03:19:34 CET 2008 - nfbrown@suse.de + +- nfsserver.init + * don't set version if nfsd already running. + doing that causes unhelpful error when trying + to start nfsserver when it is already running. + (bnc#427330) +- modprobe.nfs-utils + * arrange that when various nfs modules are loaded + the relevant values from /etc/sysctl.conf are set + (bnc#431306, bnc#443118) + +------------------------------------------------------------------- +Fri Nov 7 04:32:51 CET 2008 - nfbrown@suse.de + +- nfs.init + * fix typo in handling of "init.d/nfs status" + $status should have been $state + +------------------------------------------------------------------- +Mon Oct 13 17:58:34 CEST 2008 - mkoenig@suse.de + +- nfs.init: + * ensure all daemons get killed on stop (including rpc.statd) + * unmount rpc_pipefs + * let close_usr do the work before the NFS filesystems get unmounted + +------------------------------------------------------------------- +Mon Oct 13 10:35:13 CEST 2008 - ro@suse.de + +- fix sysconfig filename for changed fillup call + +------------------------------------------------------------------- +Mon Oct 6 14:37:33 CEST 2008 - kukuk@suse.de + +- Disable IPv6, completly broken [bnc#431542] + +------------------------------------------------------------------- +Mon Sep 29 15:42:26 CEST 2008 - kukuk@suse.de + +- Enable IPv6 [bnc#429853] + +------------------------------------------------------------------- +Fri Sep 26 04:01:46 CEST 2008 - nfbrown@suse.de + +- Fix nfs.init to check for portmap or rpcbind properly. + Either or both can be installed, but as long as one is + running, neither 'start' or 'status' will complain. + bnc#428436 + +------------------------------------------------------------------- +Mon Sep 22 04:20:30 CEST 2008 - nfbrown@suse.de + +- Change nfs.init to do nothing if NFS is not mentioend in /etc/fstab, + and sure it is always enabled. bnc#331667 + +------------------------------------------------------------------- +Mon Sep 22 02:50:41 CEST 2008 - nfbrown@suse.de + +- Improve Description fields in fw-server and fs-client. + bnc#424432 bnc#424433 + +------------------------------------------------------------------- +Tue Sep 16 18:24:18 CEST 2008 - mrueckert@suse.de + +- require libevent-devel on 11.1 or newer + +------------------------------------------------------------------- +Wed Sep 3 11:09:34 CEST 2008 - hare@suse.de + +- Call mkinitrd_setup during %post and %postun (bnc#413709) + +------------------------------------------------------------------- +Mon Aug 18 18:09:11 CEST 2008 - mrueckert@suse.de + +- remove outdated options in the fillup_and_insserv call + +------------------------------------------------------------------- +Fri Aug 15 03:11:30 CEST 2008 - nfbrown@suse.de + +- upgrade to nfs-utils-1.1.3 + - assorted bugfixes including some that we have fixed in our 1.1.2 + release + - some work towards client-side IPv6 support +- Remove included patches. +- Add patches that are still not upstream + They relate to mounting from server which does not listen + to UDP for portmap + +------------------------------------------------------------------- +Wed Aug 13 13:19:33 CEST 2008 - werner@suse.de + +- Fix boot script and use correct Stop tags +- The nfs boot script uses lazy umount and terminates process + on shutdown in case of causing busy mounts +- The nfs boot script may parse /etc/fstab only once + +------------------------------------------------------------------- +Wed Jul 23 16:42:58 CEST 2008 - hare@suse.de + +- Include mkinitrd scriptlets. +- Do not install Makefiles for nfs-doc. + +------------------------------------------------------------------- +Tue Jul 15 08:33:13 CEST 2008 - nfbrown@suse.de + +- nfs.init - parse /etc/fstab correctly. The first two fields + are "what where", not "where what" (bnc#364513) + +------------------------------------------------------------------- +Fri Jun 27 17:48:35 CEST 2008 - schwab@suse.de + +- Use autoreconf. + +------------------------------------------------------------------- +Fri Jun 6 08:00:21 CEST 2008 - nfbrown@suse.de + +- nfs-utils-1.1.2-start-statd.patch - fix so that statd isn't + required with "-o remount" (that causes a problem with + nfs-root (bnc#397417)) and isn't required for nfsv4. + +------------------------------------------------------------------- +Mon Jun 2 13:20:17 CEST 2008 - lnussel@suse.de + +- fix permissions handling of mount.nfs (bnc#304318) +- fix prereqs + +------------------------------------------------------------------- +Wed May 14 23:22:32 CEST 2008 - schwab@suse.de + +- Fix some lost exit status in init scripts. + +------------------------------------------------------------------- +Tue May 6 08:00:18 CEST 2008 - nfbrown@suse.de + +- nfs-utils-1.1.2-start-statd.patch - statd needs to be started + when using 'string' options to kernel was well as when using + binary options. + +------------------------------------------------------------------- +Fri May 2 05:22:19 CEST 2008 - nfbrown@suse.de + +- Added SM_NOTIFY_OPTIONS sysconfig - (bnc #379806) +- Removed needless rc_status/rc_exit games in nfsserver.init (bnc #380156) +- Fixed some sysconfig entries that asked to restart non-existent + services (gssd and idmpad have been rolled in to nfs/nfsserver). + +------------------------------------------------------------------- +Fri Apr 11 12:08:38 CEST 2008 - jsrain@suse.cz + +- fixed more bugs in port information for SuSEfirewall2 (bnc #373969) + +------------------------------------------------------------------- +Wed Apr 9 12:06:23 CEST 2008 - jsrain@suse.cz + +- fixed typo in port information for SuSEfirewall2 (bnc #373969) + +------------------------------------------------------------------- +Tue Apr 1 16:12:22 CEST 2008 - mkoenig@suse.de + +- fix path srvinfo.d -> svcinfo.d +- remove svcinfo.d dir as it is provided now by filesystem + +------------------------------------------------------------------- +Thu Mar 27 13:53:20 CET 2008 - mkoenig@suse.de + +- update to version 1.1.2 +- uses libgssglue instead of libgssapi +- remove patch + nfs-utils-o_create-mode + +------------------------------------------------------------------- +Wed Mar 26 17:11:33 CET 2008 - mkoenig@suse.de + +- add rpcbind support [fate#300607] + +------------------------------------------------------------------- +Thu Feb 28 18:42:52 CET 2008 - ro@suse.de + +- added gssapi to buildrequires + +------------------------------------------------------------------- +Wed Feb 13 21:04:46 CET 2008 - jeffm@suse.com + +- Cleaned up open(O_CREAT) without file permissions. + +------------------------------------------------------------------- +Mon Dec 17 23:19:36 CET 2007 - nfbrown@suse.de + +- Fix sed script used to create bind mounts for NFSv4 export + (#279665) +- Fail nfs.init if portmap is not running. Normally it will be, + but if it isn't nfs can fail strangely. (#325763) + +------------------------------------------------------------------- +Mon Dec 17 02:29:08 CET 2007 - nfbrown@suse.de + +- Add SuSEfirewall2 config files for nfs-client and nfs-kernel-server + (#247354) + +------------------------------------------------------------------- +Mon Nov 12 12:58:01 CET 2007 - ro@suse.de + +- use navigation icons from latex2html in nfs-utils-doc package + (#116355) + +------------------------------------------------------------------- +Fri Sep 14 12:22:08 CEST 2007 - ro@suse.de + +- use "--no-nfs-version 4" for nfsd and mountd if + NFS4_SUPPORT is set to "no" (#308661) + +------------------------------------------------------------------- +Wed Sep 12 15:36:34 CEST 2007 - ro@suse.de + +- drop conflicts with nfs-server (userspace) in nfs-client package + showmount has been removed there (#309782) + +------------------------------------------------------------------- +Thu Jul 19 16:40:38 CEST 2007 - ro@suse.de + +- added README.NFSv4 (#182775) + +------------------------------------------------------------------- +Tue Jul 17 13:32:25 CEST 2007 - meissner@suse.de + +- buildrequire nfsidmap-devel + +------------------------------------------------------------------- +Fri Jun 22 15:58:17 CEST 2007 - ro@suse.de + +- added split-provides for nfs-client to get nfs-client installed + on update from older versions where this was in aaa_base (#286743) + +------------------------------------------------------------------- +Mon Jun 11 11:41:39 CEST 2007 - mkoenig@suse.de + +- add Obsoletes + +------------------------------------------------------------------- +Tue Jun 5 16:15:58 CEST 2007 - mkoenig@suse.de + +- update to version 1.1.0: +- package mount.nfs, umount.nfs to replace dropped nfs code + from util-linux mount. +- removed patches: + nfs-utils-noroot.patch + nfs-utils-gssd-select-ccache.patch + nfs-utils-krb5.patch +- Package split: nfs-common, nfs-server and nfs-doc +- adjust init scripts +- remove old Obsoletes/Provides: + nfsutils (last used 2001) + knfsd (last used 2000) + linuxnfs (last used 1999) + +------------------------------------------------------------------- +Tue Feb 27 08:52:29 CET 2007 - ro@suse.de + +- update to 1.0.12 + - Fix -n option to mountd + - Document sensitive gids +- upstreamed patches deleted: + nfs-utils-anon-uid32.patch +- added e2fsprogs-devel (for libblkid) +- nhfsXXX binaries and manpages have been removed upstream + +------------------------------------------------------------------- +Thu Jan 11 12:25:25 CET 2007 - ro@suse.de + +- moved omc xml file to /usr/share/omc and removed config tag + +------------------------------------------------------------------- +Mon Jan 8 18:23:44 CET 2007 - ro@suse.de + +- move srvinfo.d to svcinfo.d (typo in fate entry) +- Added handling for NFSv4 bind mounts in init script (#229583) + +------------------------------------------------------------------- +Mon Dec 18 18:40:03 CET 2006 - ro@suse.de + +- added nfsserver.xml to /etc/omc/srvinfo.d (fate#301835) + +------------------------------------------------------------------- +Tue Aug 8 17:49:47 CEST 2006 - ro@suse.de + +- update to 1.0.10 + remove upstreamed patches: + - nfs-utils-1.0.6-anon-exports.patch + - export-acl.diff + - nfs-utils-1.0.6-dep.patch + - nfs-utils-1.0.6-doc.patch + - nfs-utils-1.0.7-CITI_NFS4_ALL-2.dif + - nfs-utils-1.0.7-destdir.patch + - nfs-utils-1.0.7-gssapi.patch + - nfs-utils-1.0.7-headtail.patch + - nfs-utils-1.0.7-mount_type3.patch + - nfs-utils-1.0.7-no_sync_warn_ro.patch + - nfs-utils-1.0.7-rpcgen.patch + - nfs-utils-1.0.7-strip.patch + - nfs-utils-64bigendian.patch + - nfs-utils-1.0.6-quota.patch (upstream different) + + partly upstreamed patches: + - nfs-utils-1.0.6-anon-uid32.patch + - nfs-utils-1.0.7-gssd-select-ccache.patch + + redone patches: + - nfs-utils-noroot.patch (was: norootforbuild.diff) + - pass -fPIE to configure instead of patch + +------------------------------------------------------------------- +Thu Jul 13 14:33:24 CEST 2006 - aj@suse.de + +- Fix off-by-one error in rpcgen. + +------------------------------------------------------------------- +Fri Jun 23 15:20:54 CEST 2006 - ro@suse.de + +- find kerberos ticket files even if /tmp on reiser (#187775) + +------------------------------------------------------------------- +Wed Jun 21 12:13:00 CEST 2006 - ro@suse.de + +- fix /etc/gssapi_mech.conf for lib64 platforms (#186954) + +------------------------------------------------------------------- +Mon Jun 12 15:26:54 CEST 2006 - ro@suse.de + +- added support for type 3 filehandles to mountd (#182552) + +------------------------------------------------------------------- +Fri Jun 2 12:39:10 CEST 2006 - ro@suse.de + +- disable v4 support in rcnfsserver if NFS4_SUPPORT is + not set to "yes" (#178633) + +------------------------------------------------------------------- +Fri Jun 2 12:17:25 CEST 2006 - ro@suse.de + +- added fix for 64bit bigendian platforms in gssd (#172605) + +------------------------------------------------------------------- +Tue May 2 09:39:42 CEST 2006 - okir@suse.de + +- gracefully handle repeated "rcidmapd stop" calls (#169087) + +------------------------------------------------------------------- +Mon Apr 24 14:05:16 CEST 2006 - ro@suse.de + +- nfs-server rc-script: make force-reload do as reload does + (#167152) +- nfs-server rc-script: reload idmapd if NFSV4 is on (#167016) + +------------------------------------------------------------------- +Thu Mar 23 12:10:20 CET 2006 - okir@suse.de + +- Make gssd and svcgssd scripts mount rpc_pipefs if not there + (#158000) and added "Should-start: krb5kdc" to make sure + the KDC is started first if running on the same server (#159980) + +------------------------------------------------------------------- +Tue Jan 31 11:25:35 CET 2006 - okir@suse.de + +- Load RPCSEC_GSS kernel modules in rcgssd/rcsvcgssd init + scripts (#142352) +- Enable NFSv4 by default + +------------------------------------------------------------------- +Fri Jan 27 02:14:16 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Wed Jan 25 16:20:23 CET 2006 - ro@suse.de + +- nfsserver rcscript: only mount nfsdfs if not mounted already + +------------------------------------------------------------------- +Tue Jan 17 00:32:02 CET 2006 - schwab@suse.de + +- Don't strip binaries. + +------------------------------------------------------------------- +Mon Dec 19 14:56:53 CET 2005 - mmj@suse.de + +- fix filelist + +------------------------------------------------------------------- +Mon Nov 28 16:29:12 CET 2005 - ro@suse.de + +- fix init scripts: in the stop case, a not running service + is not an error (#134904) + +------------------------------------------------------------------- +Mon Nov 14 13:11:15 CET 2005 - ro@suse.de + +- packaging /var/lib/nfs/v4recovery directory (#133502) + +------------------------------------------------------------------- +Thu Sep 1 11:09:56 CEST 2005 - okir@suse.de + +- packaging /var/lib/nfs/rpc_pipefs directory (#114103) + +------------------------------------------------------------------- +Thu Aug 25 15:11:35 CEST 2005 - ro@suse.de + +- modify nfs-server script to support uml case (#86624) + +------------------------------------------------------------------- +Fri Aug 19 14:23:23 CEST 2005 - okir@suse.de + +- added NFS4_SUPPORT and NFS_SECURITY_GSS to sysconfig.nfs +- updated the idmapd script so it honors NFS4_SUPPORT +- updated gssd script so it honors NFS_SECURITY_GSS +- added svcgssd script + +------------------------------------------------------------------- +Mon Jun 20 15:48:17 CEST 2005 - ro@suse.de + +- fix in init-script (do not try unmount if not mounted) (#91460) + +------------------------------------------------------------------- +Mon Jun 6 17:28:03 CEST 2005 - schwab@suse.de + +- Install correct init script. + +------------------------------------------------------------------- +Fri Jun 3 10:30:01 CEST 2005 - kukuk@suse.de + +- Compile with -fpie/-pie + +------------------------------------------------------------------- +Tue May 31 13:16:12 CEST 2005 - okir@suse.de + +- Enabled NFSv4 and RPCSEC_GSS support + +------------------------------------------------------------------- +Tue Apr 19 14:25:48 CEST 2005 - ro@suse.de + +- do not warn about sync/async for readonly exports (#78369) + +------------------------------------------------------------------- +Mon Apr 4 01:57:06 CEST 2005 - ro@suse.de + +- make it build with gcc4 + +------------------------------------------------------------------- +Sat Feb 5 12:54:14 CET 2005 - schwab@suse.de + +- Update to nfs-utils 1.0.7. +- Make non-anonymous exports work again. +- Use BuildRoot. + +------------------------------------------------------------------- +Mon Dec 13 14:00:35 CET 2004 - ro@suse.de + +- update to 1.0.7-pre2 (use 1.0.6.2 as package version) +- disable gss and nfsv4 for now + +------------------------------------------------------------------- +Thu Dec 9 13:10:20 CET 2004 - okir@suse.de + +- make anonymous exports work again (#46918) + +------------------------------------------------------------------- +Mon Aug 30 12:39:23 CEST 2004 - ro@suse.de + +- added sysconfig variable to allow running mountd on a + defined port + +------------------------------------------------------------------- +Mon Aug 30 10:30:06 CEST 2004 - okir@suse.de + +- Fix to prevent mountd from crashing on kernel upcalls + +------------------------------------------------------------------- +Fri Aug 27 09:48:10 CEST 2004 - okir@suse.de + +- Fix a permission problem after using exportfs -u + +------------------------------------------------------------------- +Tue Aug 24 16:03:14 CEST 2004 - ro@suse.de + +- remove "exportfs -au" from rcnfsserver stop + (kernel zaps table on last server exit anyway) (#44049) + +------------------------------------------------------------------- +Thu Jun 24 12:58:14 CEST 2004 - ro@suse.de + +- added patch from okir to use nobody:nogroup again by default + for anonymous (#42288) + +------------------------------------------------------------------- +Tue Jun 22 14:23:11 CEST 2004 - ro@suse.de + +- remove nfslock start script +- remove nfslock dependency + +------------------------------------------------------------------- +Thu Jun 17 23:11:31 CEST 2004 - ro@suse.de + +- mount nfsd filesystem if possible (#41955) + +------------------------------------------------------------------- +Wed Mar 31 16:49:06 CEST 2004 - mmj@suse.de + +- Remove unpackaged files + +------------------------------------------------------------------- +Wed Mar 31 12:00:01 CEST 2004 - mmj@suse.de + +- Move sm-notify to util-linux [#36737] + +------------------------------------------------------------------- +Fri Mar 26 02:07:21 CET 2004 - ro@suse.de + +- remove rpc.statd completely +- add sm-notify and call it first in nfslock script (#36737) + +------------------------------------------------------------------- +Tue Feb 3 12:53:25 CET 2004 - ro@suse.de + +- disable rquotad already in configure + (no need to compile it, if we only remove it later) + +------------------------------------------------------------------- +Tue Jan 20 11:59:52 CET 2004 - okir@suse.de + +- Include patch that allows Sun boxes to mount large files + +------------------------------------------------------------------- +Mon Sep 15 09:12:00 CEST 2003 - ro@suse.de + +- update to version 1.0.6 to fix a possible segfault in statd +- support for 2.6 kernels + +------------------------------------------------------------------- +Fri Aug 29 18:47:29 CEST 2003 - ro@suse.de + +- fix hed/tail calling syntax (#29644) + +------------------------------------------------------------------- +Mon Aug 25 11:41:31 CEST 2003 - ro@suse.de + +- add restart_on_update/stop_on_removal macros + +------------------------------------------------------------------- +Fri Aug 15 15:04:43 CEST 2003 - ro@suse.de + +- added sysconfig metadata (#28908) + +------------------------------------------------------------------- +Tue Aug 5 01:38:42 CEST 2003 - ro@suse.de + +- fix compile for rquotad (unused anyway + +------------------------------------------------------------------- +Thu Jul 31 14:15:43 CEST 2003 - ro@suse.de + +- add support for STATD_HOSTNAME (#28201) + +------------------------------------------------------------------- +Mon Jul 28 14:20:00 CEST 2003 - ro@suse.de + +- update to 1.0.5 and adapt patches +- overflow patch already included +- part of acl patch already included + +------------------------------------------------------------------- +Mon Jul 21 17:04:00 CEST 2003 - agruen@suse.de + +- Switch to officially reserved bit flag for `no_acl' export + option: the previous bit was already allocated. + +------------------------------------------------------------------- +Tue Jul 8 16:00:01 CEST 2003 - agruen@suse.de + +- Add `no_acl' export option, replaces the nfs_permission_mode + nfsd module parameter. + +------------------------------------------------------------------- +Tue Jul 8 14:33:57 CEST 2003 - okir@suse.de + +- Fixed off-by-one overflow (#27744) + +------------------------------------------------------------------- +Thu Jun 12 07:19:59 CEST 2003 - kukuk@suse.de + +- Add /var/lib/nfs to filelist + +------------------------------------------------------------------- +Tue May 13 00:34:35 CEST 2003 - ro@suse.de + +- fix file list + +------------------------------------------------------------------- +Fri Mar 28 01:42:47 CET 2003 - ro@suse.de + +- update to 1.0.3 + +------------------------------------------------------------------- +Wed Jan 8 12:56:27 CET 2003 - ro@suse.de + +- added sysconfig metadata (#22663) + +------------------------------------------------------------------- +Fri Sep 6 15:07:56 CEST 2002 - ro@suse.de + +- rcnfsserver: moved ypbind to should-start (#18952) +- rcnfslock: fixed typo killing daemons on "status" (#19046) + +------------------------------------------------------------------- +Tue Sep 3 15:05:54 CEST 2002 - ro@suse.de + +- changed nfslock from should-start to required-start in + nfsserver rc script (is in the same package anyway) + +------------------------------------------------------------------- +Mon Aug 26 11:47:10 CEST 2002 - okir@suse.de + +- Fixed minor manpage issue (#18326) + +------------------------------------------------------------------- +Thu Aug 22 11:18:32 CEST 2002 - ro@suse.de + +- fixed symlink rcnfslock (#18171) + +------------------------------------------------------------------- +Wed Aug 7 17:14:21 CEST 2002 - ro@suse.de + +- move statd and lockd to their own startscript (#17425) + +------------------------------------------------------------------- +Thu Aug 1 16:47:34 CEST 2002 - ro@suse.de + +- update to 1.0.1 +- added prereqs + +------------------------------------------------------------------- +Thu Jul 25 10:16:28 CEST 2002 - okir@suse.de + +- Help users who do not configure a domain name: when + sending out NSM_NOTIFY strip off .local suffix if + present. + +------------------------------------------------------------------- +Mon Jul 22 07:54:12 PDT 2002 - okir@suse.de + +- partial fix for http://bugzilla.suse.de/show_bug.cgi?id=16957 + (missing NSM_NOTIFY call when rebooting). + +------------------------------------------------------------------- +Tue Jul 16 18:41:22 CEST 2002 - kukuk@suse.de + +- Don't source rc.config (#17025) + +------------------------------------------------------------------- +Fri Jun 14 01:55:23 CEST 2002 - ro@suse.de + +- run suse_update_config + +------------------------------------------------------------------- +Tue Feb 26 17:06:41 CET 2002 - ro@suse.de + +- fixed wrong quotes in init-script (#13939) + +------------------------------------------------------------------- +Wed Feb 6 14:07:06 CET 2002 - ro@suse.de + +- ignore returncodes from killing statd and lockd (#13072) + +------------------------------------------------------------------- +Wed Feb 6 13:33:08 CET 2002 - ro@suse.de + +- sysconfig/nfs-server -> sysconfig/nfs + +------------------------------------------------------------------- +Wed Jan 9 11:44:08 CET 2002 - ro@suse.de + +- removed variable NFS_SERVER (#12742) +- moved USE_KERNEL_NFSD_NUMBER to /etc/sysconfig/nfs-server + +------------------------------------------------------------------- +Wed Sep 26 15:36:25 CEST 2001 - ro@suse.de + +- up to 0.3.3 + many fixes to canonicalize hostnames in exports + +------------------------------------------------------------------- +Fri Aug 24 15:31:29 CEST 2001 - ro@suse.de + +- removed nfs-version 3 detection in start-script, all kernels + that have kernel nfsd support usually do have nfsd-v3 support + and detection would require at least a 5 sec wait in the script + +------------------------------------------------------------------- +Tue Jul 31 09:53:20 CEST 2001 - kukuk@suse.de + +- Fix path to init script in description [Bug #9494] +- Fix comment in runlevel section [Bug #9561] +- Make init script LSB conform [Bug #9073] + +------------------------------------------------------------------- +Wed Apr 11 18:39:20 CEST 2001 - ro@suse.de + +- lockd only started for 2.2 kernels instead of ignoring error +- completed rpc.statd to /sbin move in startscript + +------------------------------------------------------------------- +Mon Mar 12 16:30:48 CET 2001 - ro@suse.de + +- move rpc.lockd, rpc.statd to /sbin + +------------------------------------------------------------------- +Mon Mar 12 01:39:10 CET 2001 - ro@suse.de + +- update to 0.3.1 +- ignore lockd error messages +- dump filedescriptors before starting kernel threads + +------------------------------------------------------------------- +Tue Feb 6 12:33:46 CET 2001 - ro@suse.de + +- renamed package to nfs-utils +- Obsoletes and Provides nfsutils + +------------------------------------------------------------------- +Fri Jan 12 01:47:05 CET 2001 - ro@suse.de + +- fixed conflicts: nfs-server (#5548) + +------------------------------------------------------------------- +Thu Jan 11 23:09:27 CET 2001 - ro@suse.de + +- don't fail if lockd can't be started + +------------------------------------------------------------------- +Wed Dec 6 00:44:49 PST 2000 - bk@suse.de + +- fix broken symlinks for %{_mandir}/rpc.{nfs,mount,stat}d.8.gz + +------------------------------------------------------------------- +Tue Nov 28 10:30:00 CET 2000 - kukuk@suse.de + +- Move new initscript to /etc/init.d + +------------------------------------------------------------------- +Thu Oct 12 18:13:48 CEST 2000 - ro@suse.de + +- exports.4 should be exports.5 +- removed k-prefix + +------------------------------------------------------------------- +Thu Oct 12 15:43:43 CEST 2000 - ro@suse.de + +- added exports.4 man-page +- up to 0.2.1 + +------------------------------------------------------------------- +Wed Sep 27 11:44:11 CEST 2000 - ro@suse.de + +- update to 0.2 +- fix for nfsserver.init (check for v3) + +------------------------------------------------------------------- +Thu Aug 17 15:04:11 CEST 2000 - ro@suse.de + +- ugraded from knfsd to successor package nfs-utils (v.0.1.9.1) + +------------------------------------------------------------------- +Fri Jul 28 18:31:24 CEST 2000 - bjacke@suse.de + +- fixed checkproc call in init script + +------------------------------------------------------------------- +Fri Jul 21 12:05:23 CEST 2000 - kukuk@suse.de + +- Fix missing format string in syslog call (next rpc.statd security + problem) + +------------------------------------------------------------------- +Wed Jul 19 12:03:48 CEST 2000 - kukuk@suse.de + +- Fix problem with NULL h_alias field (rpc.statd security problem) + +------------------------------------------------------------------- +Thu Jun 22 15:27:47 CEST 2000 - kukuk@suse.de + +- Change conflict from itself to nfsserv + +------------------------------------------------------------------- +Tue Apr 18 10:34:13 CEST 2000 - kukuk@suse.de + +- Fix rcnfsserver link + +------------------------------------------------------------------- +Sat Apr 15 16:22:26 CEST 2000 - kukuk@suse.de + +- Add rc.config variables and init script from aaa_base + +------------------------------------------------------------------- +Wed Feb 16 17:31:37 CET 2000 - kukuk@suse.de + +- Fill out Copyright and Group field +- Remove rquotad from file list, it is already in the quota + package [Bug 1571] + +------------------------------------------------------------------- +Tue Jan 25 15:11:24 CET 2000 - ro@suse.de + +- manpages to /usr/share using macro + +------------------------------------------------------------------- +Thu Oct 21 00:26:42 CEST 1999 - ro@suse.de + +- renamed package from linuxnfs to knfsd + +------------------------------------------------------------------- +Tue Oct 12 17:56:24 CEST 1999 - garloff@suse.de + +- Fixed filelist (%ghost) + +------------------------------------------------------------------- +Tue Oct 12 17:27:50 CEST 1999 - garloff@suse.de + +- upgraded to knsfd-1.5.2. Added klockd to file list. + Ditto for new /dev/nfsd_netlink. + +------------------------------------------------------------------- +Mon Sep 13 17:23:57 CEST 1999 - bs@suse.de + +- ran old prepare_spec on spec file to switch to new prepare_spec. + +------------------------------------------------------------------- +Tue Aug 24 19:09:12 MEST 1999 - uli@suse.de + +- added -fsigned-char to CFLAGS (PPC) + +------------------------------------------------------------------- +Sat Jul 17 19:00:48 MEST 1999 - ro@suse.de + +- update to 1.4.6 + +------------------------------------------------------------------- +Mon Jun 14 10:27:36 MEST 1999 - kukuk@suse.de + +- update to version 1.4 + +------------------------------------------------------------------- +Sun Jun 6 15:51:15 MEST 1999 - kukuk@suse.de + +- update to version 1.3.3b + +------------------------------------------------------------------- +Tue Mar 16 13:14:54 MET 1999 - ro@suse.de + +- update to version 1.2 + +------------------------------------------------------------------- +Thu Nov 26 11:10:31 MET 1998 - ro@suse.de + +- update to 981122 + +------------------------------------------------------------------- +Thu Nov 12 18:35:03 MET 1998 - ro@suse.de + +- use lx_hack + +------------------------------------------------------------------- +Wed Oct 21 10:30:07 MEST 1998 - ro@suse.de + +- added bugfix for statd (by HJL) + +------------------------------------------------------------------- +Tue Oct 20 11:16:06 MEST 1998 - ro@suse.de + +- update to knfsd-981014 + +------------------------------------------------------------------- +Mon Sep 28 11:55:32 MEST 1998 - ro@suse.de + +- initial package / for use a 2.1 kernel with knfsd support is needed diff --git a/nfs-utils.rpmlintrc b/nfs-utils.rpmlintrc new file mode 100644 index 0000000..fafb7dd --- /dev/null +++ b/nfs-utils.rpmlintrc @@ -0,0 +1,2 @@ +# /var/lib/nfs/sm.bak is a valid directory needed by sm-notify +addFilter("suse-filelist-forbidden-backup-file.*sm.bak") diff --git a/nfs-utils.spec b/nfs-utils.spec new file mode 100644 index 0000000..2f5933c --- /dev/null +++ b/nfs-utils.spec @@ -0,0 +1,404 @@ +# +# spec file for package nfs-utils +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +#Compat macro for new _fillupdir macro introduced in Nov 2017 +%if ! %{defined _fillupdir} + %define _fillupdir /var/adm/fillup-templates +%endif + +Name: nfs-utils +Version: 2.6.4 +Release: 0 +Summary: Support Utilities for Kernel nfsd +License: GPL-2.0-or-later +Group: Productivity/Networking/NFS +URL: https://kernel.org/pub/linux/utils/nfs-utils/ +Source0: https://kernel.org/pub/linux/utils/nfs-utils/%{version}/nfs-utils-%{version}.tar.xz +Source4: sysconfig.nfs +Source11: idmapd.conf +Source12: statd-user.conf +Source13: nfs-utils.rpmlintrc +Source20: nfs-mountd.options.conf +Source21: nfs-server.options.conf +Source22: rpc-gssd.options.conf +Source23: rpc-statd.options.conf +Source24: rpc-statd-notify.options.conf +Source25: rpc-svcgssd.options.conf +Source26: nfs.conf +Source27: nfs-kernel-server.tmpfiles.conf +Patch0: nfs-utils-1.0.7-bind-syntax.patch +Patch1: 0001-exportfs-remove-warning-if-neither-subtree_check-or-.patch +Patch2: 0002-conffile-don-t-report-error-from-conf_init_file.patch +Patch3: 0003-conffile-allow-usr-etc-to-provide-any-config-files-e.patch +Patch4: 0004-fsidd-call-anonymous-sockets-by-their-name-only-don-.patch +# PATCH-FIX-UPSTREAM: fix build against libtirpc 1.3.5 +Patch5: 0001-gssd-revert-commit-a5f3b7ccb01c.patch +Patch6: 0002-gssd-revert-commit-513630d720bd.patch +Patch7: 0003-gssd-switch-to-using-rpc_gss_seccreate.patch +Patch8: 0004-gssd-handle-KRB5_AP_ERR_BAD_INTEGRITY-for-machine-cr.patch +Patch9: 0005-gssd-handle-KRB5_AP_ERR_BAD_INTEGRITY-for-user-crede.patch +Patch10: 0006-configure-check-for-rpc_gss_seccreate.patch +BuildRequires: e2fsprogs-devel +BuildRequires: gcc-c++ +BuildRequires: libtool +BuildRequires: pkgconfig +BuildRequires: rpcgen +BuildRequires: sysuser-tools +BuildRequires: tcpd-devel +BuildRequires: pkgconfig(devmapper) +BuildRequires: pkgconfig(kdb) +BuildRequires: pkgconfig(krb5) +BuildRequires: pkgconfig(libcap) +BuildRequires: pkgconfig(libevent) +BuildRequires: pkgconfig(libkeyutils) +BuildRequires: pkgconfig(libtirpc) +BuildRequires: pkgconfig(libxml-2.0) +BuildRequires: pkgconfig(mount) +BuildRequires: pkgconfig(sqlite3) +Suggests: python-base +%{?systemd_ordering} + +%description +This package contains the NFS utilities. You can tune the number of +server threads via the sysconfig variable USE_KERNEL_NFSD_NUMBER. For +quota over NFS support, install the quota package. + +%package -n nfs-client +Summary: Support Utilities for NFS +Group: Productivity/Networking/NFS +Requires: keyutils +Requires: netcfg +Requires: rpcbind +Requires(post): %fillup_prereq +Requires(pre): permissions +Obsoletes: nfs-utils < 1.1.0 +%sysusers_requires + +%description -n nfs-client +This package contains common NFS utilities which are needed for client +and kernel based server. + +%package -n nfs-kernel-server +Summary: Support Utilities for Kernel nfsd +Group: Productivity/Networking/NFS +Requires: netcfg +Requires: nfs-client = %{version} +Requires: rpcbind +Requires: (kmod(nfsd.ko) if kernel) +Conflicts: nfs-server +Provides: nfs-utils = %{version} +Obsoletes: nfs-utils < 1.1.0 +PreReq: permissions + +%description -n nfs-kernel-server +This package contains support for the kernel based NFS server. You can +tune the number of server threads via the sysconfig variable +USE_KERNEL_NFSD_NUMBER. For quota over NFS support, install the quota +package. + +%package -n libnfsidmap1 +Summary: NFSv4 ID Mapping Library +Group: Productivity/Networking/NFS +Version: 1.0 +Release: 0 +Obsoletes: nfsidmap < 1.0 +Provides: nfsidmap = 1.0 + +%package -n nfsidmap-devel +Summary: NFSv4 ID Mapping Library development libraries +Group: Development/Libraries/C and C++ +Version: 1.0 +Release: 0 +Requires: libnfsidmap1 = %{version} + +%description -n libnfsidmap1 +In NFSv4, identities of users are conveyed by names rather than user ID +and group ID. Both the NFS server and client code in the kernel need to +translate these to numeric IDs. + +%description -n nfsidmap-devel +In NFSv4, identities of users are conveyed by names rather than user ID +and group ID. Both the NFS server and client code in the kernel need to +translate these to numeric IDs. + +%prep +%autosetup -p1 + +%build +autoreconf -fvi +export CFLAGS="%{optflags} -fPIE" +export LDFLAGS="-pie" +%configure \ + --with-systemd \ + --enable-nfsv4 \ + --enable-gss \ + --enable-svcgss \ + --enable-ipv6 \ + --enable-nfsdcltrack \ + --enable-mount \ + --enable-libmount-mount \ + --enable-junction \ + --disable-static \ + --disable-sbin-override \ + --with-pluginpath=%{_libdir}/libnfsidmap-1.0.0 \ + --enable-mountconfig +make %{?_smp_mflags} +%sysusers_generate_pre %{SOURCE12} statd statd-user.conf + +%install +make %{?_smp_mflags} DESTDIR=%{buildroot} install +find %{buildroot} -type f -name '*.la' -delete -print +install -D -m 644 %{SOURCE20} %{buildroot}%{_unitdir}/nfs-mountd.service.d/10-options.conf +install -D -m 644 %{SOURCE21} %{buildroot}%{_unitdir}/nfs-server.service.d/10-options.conf +install -D -m 644 %{SOURCE22} %{buildroot}%{_unitdir}/rpc-gssd.service.d/10-options.conf +install -D -m 644 %{SOURCE23} %{buildroot}%{_unitdir}/rpc-statd.service.d/10-options.conf +install -D -m 644 %{SOURCE24} %{buildroot}%{_unitdir}/rpc-statd-notify.service.d/10-options.conf +install -D -m 644 %{SOURCE25} %{buildroot}%{_unitdir}/rpc-svcgssd.service.d/10-options.conf +install -D -m 644 %{SOURCE26} %{buildroot}%{_prefix}%{_sysconfdir}/nfs.conf +mkdir -p -m 755 %{buildroot}%{_prefix}%{_sysconfdir}/nfs.conf.d +mkdir -p -m 755 %{buildroot}%{_sysconfdir}/nfs.conf.d +install -D -m 644 %{SOURCE27} %{buildroot}%{_prefix}/lib/tmpfiles.d/nfs-kernel-server.conf +ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rcnfs-server +ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rcnfs-client +# sysconfig-data +mkdir -p %{buildroot}%{_fillupdir} +install -m 644 %{SOURCE4} %{buildroot}%{_fillupdir} +# idmapd setup +install -D -m 644 %{SOURCE11} %{buildroot}%{_prefix}%{_sysconfdir}/idmapd.conf +mkdir -p -m 755 %{buildroot}%{_prefix}%{_sysconfdir}/idmapd.conf.d +mkdir -p -m 755 %{buildroot}%{_sysconfdir}/idmapd.conf.d +mkdir -p -m 755 %{buildroot}%{_localstatedir}/lib/nfs/rpc_pipefs +mkdir -p -m 755 %{buildroot}%{_localstatedir}/lib/nfs/v4recovery +# sm-notify state +mkdir -p -m 755 %{buildroot}%{_localstatedir}/lib/nfs/sm +mkdir -p -m 755 %{buildroot}%{_localstatedir}/lib/nfs/sm.bak +touch %{buildroot}%{_localstatedir}/lib/nfs/state +mkdir -p %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services +mkdir -p -m 755 %{buildroot}%{_prefix}%{_sysconfdir}/nfsmount.conf.d +mkdir -p -m 755 %{buildroot}%{_sysconfdir}/nfsmount.conf.d +# +# hack to avoid automatic python dependency +chmod 644 `grep -l -r '^#!/usr/bin/python' %{buildroot}%{_sbindir}` +# Install sysusers.d template +mkdir -p %{buildroot}%{_sysusersdir} +install -m 644 %{SOURCE12} %{buildroot}%{_sysusersdir}/ + +%pre -n nfs-client -f statd.pre +%service_add_pre auth-rpcgss-module.service nfs-idmapd.service nfs-blkmap.service rpc-statd-notify.service rpc-gssd.service rpc-statd.service rpc-svcgssd.service + +%post -n nfs-client +# lib/nfs must be root-owned. +# sm and sm.back and contents should be statd:statd, +# but only chown if the dirs are currently root-owned. +# This is needed for some upgraded, but chown is best avoided +# when not necessary +chown root:root %{_localstatedir}/lib/nfs > /dev/null 2>&1 || : +for i in sm sm.bak; do + p=%{_localstatedir}/lib/nfs/$i + if [ -d "$b" -a -n "`chown 2> /dev/null -c --from root statd:statd $p`" ]; then + chown -R statd:statd $p > /dev/null 2>&1 || : + fi +done +### migrate from /var/lock/subsys +[ -d /run/nfs ] || mkdir /run/nfs +if [ -f %{_localstatedir}/lock/subsys/nfs-rpc.idmapd ]; then + mv %{_localstatedir}/lock/subsys/nfs-rpc.idmapd /run/nfs +fi +if [ -f %{_localstatedir}/lock/subsys/nfsserver-rpc.idmapd ]; then + mv %{_localstatedir}/lock/subsys/nfsserver-rpc.idmapd /run/nfs +fi +### +%{fillup_only -n nfs nfs} +# +%set_permissions %{_sbindir}/mount.nfs +/sbin/ldconfig +%service_add_post auth-rpcgss-module.service nfs-idmapd.service nfs-blkmap.service rpc-statd-notify.service rpc-gssd.service rpc-statd.service rpc-svcgssd.service + +%preun -n nfs-client +%service_del_preun auth-rpcgss-module.service nfs-idmapd.service nfs-blkmap.service rpc-statd-notify.service rpc-gssd.service rpc-statd.service rpc-svcgssd.service + +%postun -n nfs-client +/sbin/ldconfig +%service_del_postun auth-rpcgss-module.service nfs-idmapd.service nfs-blkmap.service rpc-statd-notify.service rpc-gssd.service rpc-statd.service rpc-svcgssd.service + +%verifyscript -n nfs-client +%verify_permissions -e %{_sbindir}/mount.nfs + +%pre -n nfs-kernel-server +%service_add_pre nfs-svcgssd.service nfs-mountd.service nfs-server.service + +%preun -n nfs-kernel-server +%service_del_preun nfs-svcgssd.service nfs-mountd.service nfs-server.service + +%post -n nfs-kernel-server +### migrate from /var/lock/subsys +[ -d /run/nfs ] || mkdir /run/nfs +if [ -f %{_localstatedir}/lock/subsys/nfs-rpc.idmapd ]; then + mv %{_localstatedir}/lock/subsys/nfs-rpc.idmapd /run/nfs +fi +if [ -f %{_localstatedir}/lock/subsys/nfsserver-rpc.idmapd ]; then + mv %{_localstatedir}/lock/subsys/nfsserver-rpc.idmapd /run/nfs +fi +### +%service_add_post nfs-mountd.service nfs-server.service nfsdcld.service +%tmpfiles_create nfs-kernel-server.conf +%set_permissions /var/lib/nfs/rmtab + +%postun -n nfs-kernel-server +%service_del_postun nfs-mountd.service nfs-server.service nfsdcld.service + +%post -n libnfsidmap1 -p /sbin/ldconfig +%postun -n libnfsidmap1 -p /sbin/ldconfig + +%verifyscript -n nfs-kernel-server +%verify_permissions -e /var/lib/nfs/rmtab + +%files -n nfs-client +%license COPYING +%{_prefix}%{_sysconfdir}/idmapd.conf +%dir %{_prefix}%{_sysconfdir}/idmapd.conf.d +%dir %{_sysconfdir}/idmapd.conf.d +%dir %{_prefix}%{_sysconfdir}/nfsmount.conf.d +%dir %{_sysconfdir}/nfsmount.conf.d +%doc utils/mount/nfsmount.conf +%{_prefix}%{_sysconfdir}/nfs.conf +%dir %{_prefix}%{_sysconfdir}/nfs.conf.d +%dir %{_sysconfdir}/nfs.conf.d +%verify(not mode) %attr(0755,root,root) %{_sbindir}/mount.nfs +%{_sbindir}/mount.nfs4 +%{_sbindir}/umount.nfs +%{_sbindir}/umount.nfs4 +%attr(0755,root,root) %{_sbindir}/mountstats +%attr(0755,root,root) %{_sbindir}/nfsiostat +%{_sbindir}/nfsdcld +%{_sbindir}/nfsidmap +%{_sbindir}/nfsstat +%{_sbindir}/rcnfs-client +%{_sbindir}/rpc.gssd +%{_sbindir}/rpc.idmapd +%{_sbindir}/rpc.statd +%{_sbindir}/rpcctl +%{_sbindir}/rpcdebug +%{_sbindir}/showmount +%{_sbindir}/sm-notify +%{_sbindir}/start-statd +%{_sbindir}/blkmapd +%{_sbindir}/rpc.svcgssd +%{_sbindir}/nfsconf +%{_udevrulesdir}/60-nfs.rules +%{_udevrulesdir}/99-nfs.rules +%{_unitdir}/auth-rpcgss-module.service +%{_unitdir}/fsidd.service +%{_unitdir}/nfs-blkmap.service +%{_unitdir}/nfs-client.target +%{_unitdir}/nfs-idmapd.service +%{_unitdir}/nfs-utils.service +%{_unitdir}/nfsdcld.service +%{_unitdir}/rpc-gssd.service +%{_unitdir}/rpc-gssd.service.d +%{_unitdir}/rpc_pipefs.target +%{_unitdir}/rpc-statd-notify.service +%{_unitdir}/rpc-statd-notify.service.d +%{_unitdir}/rpc-statd.service +%{_unitdir}/rpc-statd.service.d +%{_unitdir}/rpc-svcgssd.service +%{_unitdir}/rpc-svcgssd.service.d +%{_unitdir}/var-lib-nfs-rpc_pipefs.mount +%dir %{_systemdgeneratordir} +%{_systemdgeneratordir}/nfs-server-generator +%{_systemdgeneratordir}/rpc-pipefs-generator +%{_mandir}/man5/idmapd.conf.5%{ext_man} +%{_mandir}/man5/nfs.5%{ext_man} +%{_mandir}/man5/nfs.conf.5%{ext_man} +%{_mandir}/man5/nfsmount.conf.5%{ext_man} +%{_mandir}/man5/nfsrahead.5%{ext_man} +%{_mandir}/man7/nfs.systemd.7%{ext_man} +%{_mandir}/man8/blkmapd.8%{ext_man} +%{_mandir}/man8/gssd.8%{ext_man} +%{_mandir}/man8/idmapd.8%{ext_man} +%{_mandir}/man8/mount.nfs.8%{ext_man} +%{_mandir}/man8/mountstats.8%{ext_man} +%{_mandir}/man8/nfsconf.8%{ext_man} +%{_mandir}/man8/nfsdcld.8%{ext_man} +%{_mandir}/man8/nfsdclddb.8%{ext_man} +%{_mandir}/man8/nfsdclnts.8%{ext_man} +%{_mandir}/man8/nfsidmap.8%{ext_man} +%{_mandir}/man8/nfsiostat.8%{ext_man} +%{_mandir}/man8/nfsstat.8%{ext_man} +%{_mandir}/man8/rpc.gssd.8%{ext_man} +%{_mandir}/man8/rpc.idmapd.8%{ext_man} +%{_mandir}/man8/rpc.sm-notify.8%{ext_man} +%{_mandir}/man8/rpc.statd.8%{ext_man} +%{_mandir}/man8/rpc.svcgssd.8%{ext_man} +%{_mandir}/man8/rpcctl.8%{ext_man} +%{_mandir}/man8/rpcdebug.8%{ext_man} +%{_mandir}/man8/showmount.8%{ext_man} +%{_mandir}/man8/sm-notify.8%{ext_man} +%{_mandir}/man8/statd.8%{ext_man} +%{_mandir}/man8/svcgssd.8%{ext_man} +%{_mandir}/man8/umount.nfs.8%{ext_man} +%{_fillupdir}/sysconfig.nfs +%{_sysusersdir}/statd-user.conf +%dir %{_localstatedir}/lib/nfs +%dir %{_localstatedir}/lib/nfs/rpc_pipefs +%dir %{_localstatedir}/lib/nfs/v4recovery +%attr(0700,statd,statd) %dir %{_localstatedir}/lib/nfs/sm +%attr(0700,statd,statd) %dir %{_localstatedir}/lib/nfs/sm.bak +%ghost %{_localstatedir}/lib/nfs/state +%{_libexecdir}/nfsrahead + +%files -n nfs-kernel-server +%{_unitdir}/nfs-mountd.service +%{_unitdir}/nfs-mountd.service.d +%{_unitdir}/nfs-server.service +%{_unitdir}/nfs-server.service.d +%{_unitdir}/proc-fs-nfsd.mount +%{_prefix}/lib/tmpfiles.d/nfs-kernel-server.conf +%{_sbindir}/exportfs +%{_sbindir}/fsidd +%{_sbindir}/rcnfs-server +%{_sbindir}/rpc.mountd +%{_sbindir}/rpc.nfsd +%{_sbindir}/nfsdcltrack +%{_sbindir}/nfsref +%attr(0755,root,root) %{_sbindir}/nfsdclddb +%attr(0755,root,root) %{_sbindir}/nfsdclnts +%{_mandir}/man5/exports.5%{ext_man} +%{_mandir}/man7/nfsd.7%{ext_man} +%{_mandir}/man8/exportfs.8%{ext_man} +%{_mandir}/man8/mountd.8%{ext_man} +%{_mandir}/man8/nfsd.8%{ext_man} +%{_mandir}/man8/nfsref.8%{ext_man} +%{_mandir}/man8/rpc.mountd.8%{ext_man} +%{_mandir}/man8/rpc.nfsd.8%{ext_man} +%{_mandir}/man8/nfsdcltrack.8%{ext_man} +%config(noreplace) %{_localstatedir}/lib/nfs/etab +%config(noreplace) %{_localstatedir}/lib/nfs/rmtab + +%files -n libnfsidmap1 +%{_libdir}/libnfsidmap-1.0.0/ +%{_libdir}/libnfsidmap.so.1* + +%files -n nfsidmap-devel +%{_libdir}/libnfsidmap.so +%{_includedir}/*.h +%{_libdir}/pkgconfig/libnfsidmap.pc +%{_mandir}/man3/* +%doc support/nfsidmap/README + +%changelog diff --git a/nfs.conf b/nfs.conf new file mode 100644 index 0000000..3e4f265 --- /dev/null +++ b/nfs.conf @@ -0,0 +1,32 @@ +# +# This is a general configuration for the +# NFS daemons and tools +# DO NOT MAKE CHANGES TO THIS FILE as they will +# be lost on the next software update. Make changes +# to /etc/sysconfig/nfs, /usr/src/nfs.conf./*.conf or +# /etc/nfs.conf.d/*.conf instead. +# The .conf file can include multiple sections, just +# like this file. + +[environment] +include = /etc/sysconfig/nfs +include = -/etc/nfs.conf.local +[general] + pipefs-directory=$RPC_PIPEFS_DIR +[gssd] + avoid-dns=$NFS_GSSD_AVOID_DNS +[lockd] + port=$LOCKD_TCPPORT + udp-port=$LOCKD_UDPPORT +[mountd] + port= $MOUNTD_PORT +[nfsd] + threads= $USE_KERNEL_NFSD_NUMBER + grace-time=$NFSV4GRACETIME + lease-time=$NFSV4LEASETIME + vers3=$NFS3_SERVER_SUPPORT + vers4=$NFS4_SUPPORT + scope=$NFSD_SCOPE +[statd] + port=$STATD_PORT + name=$STATD_HOSTNAME diff --git a/rpc-gssd.options.conf b/rpc-gssd.options.conf new file mode 100644 index 0000000..4c14f35 --- /dev/null +++ b/rpc-gssd.options.conf @@ -0,0 +1,4 @@ +[Service] +EnvironmentFile=-/etc/sysconfig/nfs +ExecStart= +ExecStart=-/usr/sbin/rpc.gssd $GSSD_OPTIONS diff --git a/rpc-statd-notify.options.conf b/rpc-statd-notify.options.conf new file mode 100644 index 0000000..d0ac8f5 --- /dev/null +++ b/rpc-statd-notify.options.conf @@ -0,0 +1,4 @@ +[Service] +ExecStart= +EnvironmentFile=-/etc/sysconfig/nfs +ExecStart=-/usr/sbin/sm-notify $SM_NOTIFY_OPTIONS diff --git a/rpc-statd.options.conf b/rpc-statd.options.conf new file mode 100644 index 0000000..6c04660 --- /dev/null +++ b/rpc-statd.options.conf @@ -0,0 +1,4 @@ +[Service] +EnvironmentFile=-/etc/sysconfig/nfs +ExecStart= +ExecStart=-/usr/sbin/rpc.statd $STATD_OPTIONS diff --git a/rpc-svcgssd.options.conf b/rpc-svcgssd.options.conf new file mode 100644 index 0000000..b9819b3 --- /dev/null +++ b/rpc-svcgssd.options.conf @@ -0,0 +1,4 @@ +[Service] +EnvironmentFile=-/etc/sysconfig/nfs +ExecStart= +ExecStart=-/usr/sbin/rpc.svcgssd $SVCGSSD_OPTIONS diff --git a/statd-user.conf b/statd-user.conf new file mode 100644 index 0000000..dc5c1ca --- /dev/null +++ b/statd-user.conf @@ -0,0 +1,2 @@ +# Type Name ID GECOS [HOME] Shell +u statd - "NFS statd daemon" /var/lib/nfs - diff --git a/sysconfig.nfs b/sysconfig.nfs new file mode 100644 index 0000000..13f10f4 --- /dev/null +++ b/sysconfig.nfs @@ -0,0 +1,253 @@ +## Path: Network/File systems/NFS server +## Description: number of threads for kernel nfs server +## Type: integer +## Default: 4 +## ServiceRestart: nfs-server +# +# the kernel nfs-server supports multiple server threads +# +USE_KERNEL_NFSD_NUMBER="4" + +## Path: Network/File systems/NFS server +## Description: use fixed port number for mountd +## Type: integer +## Default: "" +## ServiceRestart: nfs-mountd +# +# Only set this if you want to start mountd on a fixed +# port instead of the port assigned by rpc. Only for use +# to export nfs-filesystems through firewalls. +# +MOUNTD_PORT="" + +## Path: Network/File systems/NFS server +## Description: NFSv3 server support +## Type: yesno +## Default: yes +## ServiceRestart: nfs-server +# +# Enable NFSv3 server support (yes/no) +# This causes the NFS server to respond to +# NFSv2 and NFSv3 requests. Only disable this +# if you want to ensure only NFSv4 is used. +# +NFS3_SERVER_SUPPORT="yes" + +## Path: Network/File systems/NFS server +## Description: NFSv4 protocol support +## Type: yesno +## Default: yes +## ServiceRestart: nfs-server +# +# Enable NFSv4 support (server and/or client) (yes/no) +# +NFS4_SUPPORT="yes" + +## Path: Network/File systems/NFS server +## Description: Network Status Monitor options +## Type: string +## Default: "" +# +# If a fixed port should be used to send reboot notification +# messages to other systems, that port should be given +# here as "-p portnumber". +# +SM_NOTIFY_OPTIONS="" + +## Path: Network/File systems/NFS server +## Description: Port rpc.statd should listen on +## Type: integer +## Default: "" +## ServiceRestart: rpc-statd +# +# Statd will normally choose a random port to listen on and +# SuSE-Firewall is able to detect which port and allow for it. +# If you have another firewall, you may want to set a fixed +# port number which can then be opened in that firewall. +STATD_PORT="" + +## Path: Network/File systems/NFS server +## Description: Hostname used by rpc.statd +## Type: string +## Default: "" +## ServiceRestart: rpc-statd +# +# statd will normally use the system hostname in status +# monitoring conversations with other hosts. If a different +# host name should be used, as can be useful with fail-over +# configurations, that name should be given here. +# +STATD_HOSTNAME="" + +## Path: Network/File systems/NFS server +## Description: TCP Port that lockd should listen on +## Type: integer +## Default: "" +## ServiceRestart: nfs-server +# +# Lockd will normally choose a random port to listen on and +# SuSE-Firewall is able to detect which port and allow for it. +# If you have another firewall, you may want to set a fixed +# port number which can then be opened in that firewall. +# lockd opens a UDP and a TCP port. This setting only affect +# the TCP port. +LOCKD_TCPPORT="" + +## Path: Network/File systems/NFS server +## Description: UDP Port that lockd should listen on +## Type: integer +## Default: "" +## ServiceRestart: nfs-server +# +# Lockd will normally choose a random port to listen on and +# SuSE-Firewall is able to detect which port and allow for it. +# If you have another firewall, you may want to set a fixed +# port number which can then be opened in that firewall. +# lockd opens a UDP and a TCP port. This setting only affect +# the UDP port. +LOCKD_UDPPORT="" + +## Path: Network/File systems/NFS server +## Description: Command line parameters for rpc.statd +## Type: string +## Default: "" +## ServiceRestart: rpc-statd +# +# Custom parameters for rpc.statd daemon. Typically this will +# be used to set the port number (-p). +# +STATD_OPTIONS="" + +## Path: Network/File systems/NFS server +## Description: Lease time for NFSv4 leases +## Type: integer +## Default: "90" +# +# Set the lease time for the NFSv4 server. When a client +# crashes or is separated from the server by a network problem, +# this indicates how long the server will continue to honor +# locks it held and when it will allow other clients to take +# conflicting locks. A shorter time means network problems are +# more likely to hurt filesystem functionality, but genuine +# client crash are detected more quickly. +# The NFSV4GRACETIME setting must be not less than the lease +# time, so another benefit of short lease times is that server +# reboots will disrupt filesystem traffic for a shorter period +# of time. +# This choice is primarily a trade-off between surviving +# transient network problems, and expediting completion of +# server reboot or fail-over. +# The default is 90 second. A practical minimum is about 15 +# seconds. +# +NFSV4LEASETIME="90" + +## Path: Network/File systems/NFS server +## Description: Grace time for NFSv4 server restart +## Type: integer +## Default: "90" +# +# Set the NFSv4 server grace time. When the server restarts it +# waits this long for pre-existing clients to re-establish any +# locks that they held before the restart. During this time +# new locks cannot be granted and new file opens cannot be +# allowed. +# A shorter time allows fast restart or fail-over completion, +# but requires the NFSV4LEASETIME to be shorter which may +# increase the impact of temporary network problems. +# The default is 90 seconds. The value must not be less than +# NFSV4LEASETIME. +# When NFSv4.1 or later is in use, and when all clients report +# when they finish reclaiming locks, the grace time can finish +# early and so a large value has little cost. The +# NFSV4LEASETIME is then most significant in managing restart +# timing. +# +NFSV4GRACETIME="90" + +## Path: Network/File systems/NFS server +## Description: Alternate mount point for rpc_pipefs filesystem +## Type: string +## Default: "" +## ServiceRestart: nfs-utils +# +# In a high-availabilty configuration it is possible that /var/lib/nfs +# is redirected so some shared storage and so it is not convenient to +# mount the rpc_pipefs filesystem at /var/lib/nfs/rpc_pipefs. In that +# case an alternate mount point can be given here. +RPC_PIPEFS_DIR="" + +## Path: Network/File systems/NFS server +## Description: Options for svcgssd +## Type: string +## Default: "" +## ServiceRestart: rpc-svcgssd +# +# Normally svcgssd does not require any option. However in a +# high-availabilty configuration it can be useful to pass "-n" +# to guide the choice of default credential. To allow for that +# case or any other requiring options ot svcgssd, they can +# be specified here. +SVCGSSD_OPTIONS="" + +## Path: Network/File systems/NFS server +## Description: Extra options for nfsd +## Type: string +## Default: "" +## ServiceRestart nfs-server +# +# This setting allows extra options to be specified for NFSD, such as +# -H in a high-availability configuration. +NFSD_OPTIONS="" + +## Path: Network/File systems/NFS server +## Description: Extra options for gssd +## Type: string +## Default: "" +## ServiceRestart: rpc-gssd +# +# Normally gssd does not require any options. In some circumstances, +# -n, -l or other options might be useful. See "man 8 rpc.gssd" for +# details. Those options can be set here. +GSSD_OPTIONS="" + +## Path: Network/File systems/NFS server +## Description: Extra options for mountd +## Type: string +## Default: "" +## ServiceRestart nfs-mountd +# +# Normally mountd does not require any options. In some circumstances, +# -n, -t, -g or other options might be useful. See "man 8 rpc.mountd" for +# details. Those options can be set here. +# -p or -N should be set using MOUNTD_PORT or NFS4_SUPPORT rather than +# this option. +MOUNTD_OPTIONS="" + +## Path: Network/File systems/NFS server +## Description: Avoid DNS lookups for kerberos principal +## Type: yesno +## Default: no +## ServiceRestart: rpc-gssd +# +# Avoid DNS lookups when determining kerberos identity +# of NFS server (yes/no) +# "yes" is safest, but "no" might be needed to preserve +# correct behaviour at sites that don't use +# Fully Qualified Domain Names when mounting NFS Shares. +# +NFS_GSSD_AVOID_DNS="no" + +## Path: Network/File systems/NFS server +## Description: Set v4.1+ scope reported by server +## Type: string +## Default: "" +## ServiceRestart: nfs-server +# +# Set the scope reported by the NFS server. When nothing +# is given the kernel uses the configured hostname as +# a default. When NFS is used in a fail-over configuration +# it is important that all hosts which server the same resource +# report the same scope. +# +NFSD_SCOPE=""