Bug#846950: Merge request for nfs-utils to fix bugs #846950, #849942, #849608

To: Salvatore Bonaccorso <carnil@debian.org>
Cc: 849942@bugs.debian.org, 849608@bugs.debian.org, 846950@bugs.debian.org
Subject: Bug#846950: Merge request for nfs-utils to fix bugs #846950, #849942, #849608
From: Joachim Falk <joachim.falk@gmx.de>
Date: Sat, 6 Mar 2021 11:13:19 +0100
Message-id: <[🔎] 473e67cf-3b0a-a9f4-ba3f-8b3d8f655d4f@gmx.de>
Reply-to: Joachim Falk <joachim.falk@gmx.de>, 846950@bugs.debian.org
References: <148086390413.9518.3163744770449306234.reportbug@moniac.lan.yath.de>

Hi Salvatore,

I have a merge request (https://salsa.debian.org/kernel-team/nfs-utils/-/merge_requests/5) open
on nfs-utils. This merge request was marked as WIP due to possible porting to nfs-utils 2.4.1.
However, as bullseye froze softly, a switch to nfs-utils 2.4.1 seems unlikely. I CCed all the
fixed bugs asking for feedback, unfortunately there was almost no response. However, the patched
nfs-utils 1:1.3.4-5~RC5 has run on my machines for half a year now without any issues.

Hence, would you consider applying the merge request as is to fix these bugs. Explanation and
fixed issues are described below:

* debian/nfs-utils_env.sh: Correctly propagate RPCGSSDOPTS from
/etc/default/nfs-common to rpc-gssd.service. Even though RPCGSSDOPTS
was not documented or explicitly exposed in /etc/default/nfs-common,
it’s used by the init script and there are people that have been
relying on this for a while. (Closes: #846950)
* Replace hardcoded keytab check in rpc-gssd.service with NEED_GSSD and
auto detection of kerberized NFS mounts in /etc/fstab. Auto detection
logic is in the nfs-utils_need_gssd_check.sh script. (Closes: #849608)
* Fix kerberized NFS service inside Linux containers when the container
host loads the auth_rpcgss kernel module to enable kerberized NFS
service for its containers.
* Replace hardcoded keytab check in rpc-svcgssd.service with NEED_SVCGSSD
and auto detection of kerberized NFS exports in /etc/exports. Auto
detection logic is in the nfs-utils_need_svcgssd_check.sh script.
(Closes: #849942)
* Replace hardcoded keytab check in auth-rpcgss-module.service with
NEED_GSSD and auto detection of kerberized NFS mounts in /etc/fstab as
well as NEED_SVCGSSD and auto detection of kerberized NFS exports in
/etc/exports. Auto detection logic is in the scripts
nfs-utils_need_gssd_check.sh and nfs-utils_need_svcgssd_check.sh.
(Closes: #849942, #849608)
* Only start the rpc-svcgssd.service when the nfs-kernel-server.service is
requested. The rpc.svcgssd daemon is not needed for an NFS client, even
when using Kerberos security. Moreover, starting this daemon with its
default configuration will fail when no nfs/<host>@REALM principal is in
the krb5.keytab. Furthermore, the nfs/<host>@REALM principal is unneeded
for an NFS client configuration. Thus, resulting in a degraded system
state for NFS client configurations without nfs/<host>@REALM principal in
the krb5.keytab.

With kind Regards,

Joachim Falk

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

Reply to:

Follow-Ups:
- Bug#846950: Merge request for nfs-utils to fix bugs #846950, #849942, #849608
  - From: Felix Lechner <felix.lechner@lease-up.com>

Prev by Date: Bug#983934: linux-image-5.3.0-3-amd64: guest kernel fails inside qemu VM with qxl displays (BUG: unable to handle page fault)
Next by Date: Bug#984650: update-initramfs fails when /etc/systemd/network/99-default.link is symlink to /dev/null
Previous by thread: linux-latest_105+deb10u10_source.changes ACCEPTED into proposed-updates->stable-new
Next by thread: Bug#846950: Merge request for nfs-utils to fix bugs #846950, #849942, #849608
Index(es):
- Date
- Thread