Bug#846950: It is not only RPCSVCGSSDOPTS but also RPCGSSDOPTS that is not correctly propagated

[Joachim Falk <joachim.falk@gmx.de>]

Dear all,

both RPCSVCGSSDOPTS and RPCGSSDOPTS from /etc/default/nfs-common are not correctly propagated
into /run/sysconfig/nfs-utils by /usr/lib/systemd/scripts/nfs-utils_env.sh.

I have attached a patch for nfs-utils_env.sh. Note that
RPCSVCGSSDOPTS must be propagated to SVCGSSDARGS and
not to RPCSVCGSSDARGS. Simply look into /lib/systemd/system/rpc-svcgssd.service
where SVCGSSDARGS is used as argument for rpc.svcgssd.

Moreover, this still dos not allow one to override the keytab setting as /etc/krb5.keytab
is hardcoded in multiple ConditionPathExists conditions in the systemd service files.
Hence, a symlink for /etc/krb5.keytab must be used.

With kind regards,
Joachim Falk

--- nfs-utils_env.sh.orig	2016-12-23 22:43:59.816660950 +0100
+++ nfs-utils_env.sh	2016-12-23 23:27:20.266394604 +0100
@@ -12,12 +12,12 @@
 echo RPCNFSDARGS=\"$RPCNFSDOPTS ${RPCNFSDCOUNT:-8}\"
 echo RPCMOUNTDARGS=\"$RPCMOUNTDOPTS\"
 echo STATDARGS=\"$STATDOPTS\"
-echo RPCSVCGSSDARGS=\"$RPCSVCGSSDOPTS\"
+echo SVCGSSDARGS=\"$RPCSVCGSSDOPTS\"
+echo SMNOTIFYARGS=\"$SMNOTIFYARGS\"
+echo RPCIDMAPDARGS=\"$RPCIDMAPDARGS\"
+echo GSSDARGS=\"$RPCGSSDOPTS\"
 } > /run/sysconfig/nfs-utils
 
 # the following are supported by the systemd units, but not exposed in default files
-# echo SMNOTIFYARGS=\"$SMNOTIFYARGS\"
-# echo RPCIDMAPDARGS=\"$RPCIDMAPDARGS\"
-# echo RPCGSSDARGS=\"$RPCGSSDARGS\"
 # echo BLKMAPDARGS=\"$BLKMAPDARGS\"
 # echo GSS_USE_PROXY=\"$GSS_USE_PROXY\"

# To apply settings to systemd service units execute the following commands:
# systemctl restart nfs-config (this will update /run/sysconfig/nfs-utils)
# systemctl restart nfs-utils (this will apply /run/sysconfig/nfs-utils)

# The following two settings are only respected by the systemd nfs services units.
# See the !!!PATCHED!!! /usr/lib/systemd/scripts/nfs-utils_env.sh and the associated services
# /lib/systemd/system/nfs-config.service
# /lib/systemd/system/nfs-idmapd.service
# /lib/systemd/system/nfs-utils.service
# /lib/systemd/system/rpc-gssd.service
# /lib/systemd/system/rpc-svcgssd.service
# /lib/systemd/system/rpc-statd.service
# /lib/systemd/system/rpc-statd-notify.service
# /lib/systemd/system/auth-rpcgss-module.service
SMNOTIFYARGS=""
RPCIDMAPDARGS=""

# If you do not set values for the NEED_ options, they will be attempted
# autodetected; this should be sufficient for most people. Valid alternatives
# for the NEED_ options are "yes" and "no".

# Do you want to start the statd daemon? It is not needed for NFSv4.
NEED_STATD=

# Options for rpc.statd.
#   Should rpc.statd listen on a specific port? This is especially useful
#   when you have a port-based firewall. To use a fixed port, set this
#   this variable to a statd argument like: "--port 4000 --outgoing-port 4001".
#   For more information, see rpc.statd(8) or http://wiki.debian.org/SecuringNFS
STATDOPTS=

# Do you want to start the idmapd daemon? It is only needed for NFSv4.
NEED_IDMAPD=yes

# Do you want to start the gssd daemon? It is required for Kerberos mounts.
NEED_GSSD=yes

RPCGSSDOPTS="-k /etc/krb5/krb5.keytab"
#RPCGSSDOPTS="-vvv -rrr -k /etc/krb5/krb5.keytab" # comment in for debugging

Attachment: signature.asc
Description: OpenPGP digital signature