Bug#846950: Fixes for bugs #846950, #849942, #849608

To: 846950@bugs.debian.org, 849942@bugs.debian.org, 849608@bugs.debian.org
Cc: Joachim Falk <joachim.falk@gmx.de>
Subject: Bug#846950: Fixes for bugs #846950, #849942, #849608
From: Joachim Falk <joachim.falk@gmx.de>
Date: Mon, 21 Sep 2020 20:14:14 +0200
Message-id: <[🔎] 1ee747f0-ac1f-c4e3-29eb-1c85edbbfc79@gmx.de>
Reply-to: Joachim Falk <joachim.falk@gmx.de>, 846950@bugs.debian.org
References: <148086390413.9518.3163744770449306234.reportbug@moniac.lan.yath.de>

Hi all,

I hopefully fixed these bugs in my Debian bullseye package. Could you
all test 1:1.3.4-5~RC5. This can be found for AMD64 under

deb http://www.jfalk.de homebrew-bullseye patched recompiled selfmade

If you use another architecture, you have to compile from source.
The source for the fixes can be found in the following git repository:

git clone https://salsa.debian.org:jfalk-guest/nfs-utils.git -b jfalk

Hopefully, we can convince the Debian kernel team to merge these changes
into the nfs-utils Debian package in time for the Debian bullseye release.

nfs-utils (1:1.3.4-5~RC5) UNRELEASED; urgency=medium

  [ Joachim Falk ]
  * debian/nfs-utils_env.sh: Correctly propagate RPCGSSDOPTS from
    /etc/default/nfs-common to rpc-gssd.service. Even though RPCGSSDOPTS
    was not documented or explicitly exposed in /etc/default/nfs-common,
    it’s used by the init script and there are people that have been
    relying on this for a while. (Closes: #846950)
  * Replace hardcoded keytab check in rpc-gssd.service with NEED_GSSD and
    auto detection of kerberized NFS mounts in /etc/fstab. Auto detection
    logic is in the nfs-utils_need_gssd_check.sh script. (Closes: #849608)
  * Fix kerberized NFS service inside Linux containers when the container
    host loads the auth_rpcgss kernel module to enable kerberized NFS
    service for its containers.
  * Replace hardcoded keytab check in rpc-svcgssd.service with NEED_SVCGSSD
    and auto detection of kerberized NFS exports in /etc/exports. Auto
    detection logic is in the nfs-utils_need_svcgssd_check.sh script.
    (Closes: #849942)
  * Replace hardcoded keytab check in auth-rpcgss-module.service with
    NEED_GSSD and auto detection of kerberized NFS mounts in /etc/fstab as
    well as NEED_SVCGSSD and auto detection of kerberized NFS exports in
    /etc/exports. Auto detection logic is in the scripts
    nfs-utils_need_gssd_check.sh and nfs-utils_need_svcgssd_check.sh.
    (Closes: #849942, #849608)
  * Only start the rpc-svcgssd.service when the nfs-kernel-server.service is
    requested. The rpc.svcgssd daemon is not needed for an NFS client, even
    when using Kerberos security. Moreover, starting this daemon with its
    default configuration will fail when no nfs/<host>@REALM principal is in
    the krb5.keytab. Furthermore, the nfs/<host>@REALM principal is unneeded
    for an NFS client configuration. Thus, resulting in a degraded system
    state for NFS client configurations without nfs/<host>@REALM principal in
    the krb5.keytab.

 -- Joachim Falk <joachim.falk@gmx.de>  Fri, 04 Sep 2020 10:28:49 +0200

Best,

Joachim

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Follow-Ups:
- Bug#846950: Fixes for bugs #846950, #849942, #849608
  - From: Felix Lechner <felix.lechner@lease-up.com>

Prev by Date: [bts-link] source package src:linux
Next by Date: Bug#846950: Fixes for bugs #846950, #849942, #849608
Previous by thread: linux_5.9~rc6-1~exp1_source.changes is NEW
Next by thread: Bug#846950: Fixes for bugs #846950, #849942, #849608
Index(es):
- Date
- Thread