[packages/nfs-utils] - updated to 2.8.7
qboosh
qboosh at pld-linux.org
Tue Mar 24 21:36:06 CET 2026
commit c2af6606e31cdeb77c1179d804f1576fd2d2adab
Author: Jakub Bogusz <qboosh at pld-linux.org>
Date: Tue Mar 24 21:36:18 2026 +0100
- updated to 2.8.7
nfs-utils-heimdal.patch | 144 +++++++++++++++++++++++++++++++++++++++++----
nfs-utils-krb5-cache.patch | 26 ++++----
nfs-utils.spec | 31 +++++-----
3 files changed, 158 insertions(+), 43 deletions(-)
---
diff --git a/nfs-utils.spec b/nfs-utils.spec
index 79bf356..4d1b81f 100644
--- a/nfs-utils.spec
+++ b/nfs-utils.spec
@@ -1,4 +1,5 @@
# TODO: systemd support needs cleanup (see TODOs below)
+# switch to MIT krb5, getting it build with heimdal is getting harder with each release
#
# Conditional build:
%bcond_without kerberos5 # Kerberos V (GSS) support
@@ -12,12 +13,12 @@ Summary(pt_BR.UTF-8): Os utilitários para o cliente e servidor NFS do Linux
Summary(ru.UTF-8): Утилиты для NFS и демоны поддержки для NFS-сервера ядра
Summary(uk.UTF-8): Утиліти для NFS та демони підтримки для NFS-сервера ядра
Name: nfs-utils
-Version: 2.8.4
-Release: 3
+Version: 2.8.7
+Release: 1
License: GPL v2
Group: Networking/Daemons
Source0: https://www.kernel.org/pub/linux/utils/nfs-utils/%{version}/%{name}-%{version}.tar.xz
-# Source0-md5: e5aa4f14759abd4f93b4a68e2bc086ff
+# Source0-md5: 69a6ab83132f4a82134e925ac4c7f8c8
#Source1: ftp://ftp.linuxnfs.sourceforge.org/pub/nfs/nfs.doc.tar.gz
Source1: nfs.doc.tar.gz
# Source1-md5: ae7db9c61c5ad04f83bb99e5caed73da
@@ -266,13 +267,13 @@ Statyczna biblioteka libnfsidmap.
%{__automake}
%configure \
%{__enable_disable static_libs static} \
- --enable-nfsv4 \
- --enable-nfsv41 \
+ --enable-blkmapd \
%{!?with_kerberos5:--disable-gss} \
--enable-libmount-mount \
--enable-mount \
--enable-mountconfig \
--enable-nfsdcltrack \
+ --enable-nfsv4 \
%{?with_kerberos5:--enable-svcgss} \
%if %{with tirpc}
--enable-ipv6 \
@@ -281,16 +282,16 @@ Statyczna biblioteka libnfsidmap.
--disable-ipv6 \
--disable-tirpc \
%endif
+ --without-gssglue \
+ --with-start-statd=/sbin/start-statd \
--with-statdpath=/var/lib/nfs/statd \
--with-statedir=/var/lib/nfs \
--with-statduser=rpcstatd \
- --with-start-statd=/sbin/start-statd \
- --without-gssglue \
--with-systemd=%{systemdunitdir} \
--with-tcp-wrappers
-%{__make} pkgplugindir=/%{_lib}/libnfsidmap
-# all
+%{__make} \
+ pkgplugindir=/%{_lib}/libnfsidmap
%install
rm -rf $RPM_BUILD_ROOT
@@ -667,16 +668,16 @@ fi
%files -n libnfsidmap
%defattr(644,root,root,755)
%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/idmapd.conf
-%attr(755,root,root) /%{_lib}/libnfsidmap.so.*.*.*
+/%{_lib}/libnfsidmap.so.*.*.*
%ghost /%{_lib}/libnfsidmap.so.1
%dir /%{_lib}/libnfsidmap
-%attr(755,root,root) /%{_lib}/libnfsidmap/nsswitch.so
-%attr(755,root,root) /%{_lib}/libnfsidmap/regex.so
-%attr(755,root,root) /%{_lib}/libnfsidmap/static.so
+/%{_lib}/libnfsidmap/nsswitch.so
+/%{_lib}/libnfsidmap/regex.so
+/%{_lib}/libnfsidmap/static.so
# -plugin-ldap subpackage?
-%attr(755,root,root) /%{_lib}/libnfsidmap/umich_ldap.so
+/%{_lib}/libnfsidmap/umich_ldap.so
# -plugin-gums subpackage (BR: some datagrid software - VOMS?)
-#%attr(755,root,root) /%{_lib}/libnfsidmap/gums.so
+#/%{_lib}/libnfsidmap/gums.so
%{_mandir}/man5/idmapd.conf.5*
%files -n libnfsidmap-devel
diff --git a/nfs-utils-heimdal.patch b/nfs-utils-heimdal.patch
index b6deba0..6cfc452 100644
--- a/nfs-utils-heimdal.patch
+++ b/nfs-utils-heimdal.patch
@@ -13,9 +13,9 @@
AC_DEFINE(HAVE_HEIMDAL, 1, [Define this if you have Heimdal Kerberos libraries])
KRBDIR="$dir"
gssapi_lib=gssapi
---- nfs-utils-2.5.3/utils/gssd/krb5_util.c.orig 2021-02-20 18:16:52.000000000 +0100
-+++ nfs-utils-2.5.3/utils/gssd/krb5_util.c 2021-02-24 21:11:01.392926374 +0100
-@@ -891,7 +891,11 @@
+--- nfs-utils-2.8.7/utils/gssd/krb5_util.c.orig 2026-03-12 22:01:26.000000000 +0100
++++ nfs-utils-2.8.7/utils/gssd/krb5_util.c 2026-03-24 06:31:40.201476726 +0100
+@@ -876,7 +876,11 @@ find_keytab_entry(krb5_context context,
myhostad[i+1] = 0;
}
if (adhostoverride)
@@ -27,7 +27,7 @@
code = krb5_get_default_realm(context, &default_realm);
if (code) {
-@@ -1050,9 +1054,37 @@
+@@ -1035,9 +1039,37 @@ check_for_tgt(krb5_context context, krb5
{
krb5_error_code ret;
krb5_creds creds;
@@ -66,7 +66,7 @@
ret = krb5_cc_start_seq_get(context, ccache, &cur);
if (ret)
return 0;
-@@ -1072,6 +1104,7 @@
+@@ -1057,6 +1089,7 @@ check_for_tgt(krb5_context context, krb5
krb5_free_cred_contents(context, &creds);
}
krb5_cc_end_seq_get(context, ccache, &cur);
@@ -74,7 +74,7 @@
return found;
}
-@@ -1118,6 +1151,9 @@
+@@ -1109,6 +1142,9 @@ query_krb5_ccache(const char* cred_cache
}
krb5_free_principal(context, principal);
err_princ:
@@ -84,7 +84,7 @@
krb5_cc_set_flags(context, ccache, KRB5_TC_OPENCLOSE);
krb5_cc_close(context, ccache);
err_cache:
-@@ -1455,7 +1491,7 @@
+@@ -1484,11 +1520,11 @@ gssd_k5_err_msg(krb5_context context, kr
#endif
if (msg != NULL)
return msg;
@@ -93,10 +93,41 @@
return strdup(error_message(code));
#else
if (context != NULL)
-@@ -1642,6 +1642,11 @@ get_allowed_enctypes(void)
+- return strdup(krb5_get_err_text(context, code));
++ return strdup(krb5_get_error_message(context, code));
+ else
+ return strdup(error_message(code));
+ #endif
+@@ -1596,14 +1632,14 @@ out_cred:
+ }
+
+ int
+-enctypes_list_to_string(krb5_enctype *enctypes, int num_enctypes,
++enctypes_list_to_string(krb5_context ctx, krb5_enctype *enctypes, int num_enctypes,
+ char **enctype_string)
+ {
+- char tmp[100], *buf = NULL, *old = NULL;
++ char *tmp = NULL, *buf = NULL, *old = NULL;
+ int i, len, ret;
+
+ for (i = 0; i < num_enctypes; i++) {
+- ret = krb5_enctype_to_name(enctypes[i], true, tmp, sizeof(tmp));
++ ret = krb5_enctype_to_string(ctx, enctypes[i], &tmp);
+ if (ret == 0) {
+ if (buf == NULL) {
+ len = asprintf(&buf, "%s (%d)", tmp,
+@@ -1635,6 +1671,7 @@ out_err:
+ free(buf);
+
+ out:
++ free(tmp);
+ if (old != buf)
+ free(old);
+ if (ret == 0)
+@@ -1649,6 +1686,11 @@ get_allowed_enctypes(void)
+ struct conf_list *allowed_etypes = NULL;
struct conf_list_node *node;
- char *buf = NULL, *old = NULL;
- int len, ret = 0;
+ int ret = 0;
+ krb5_context ctx = NULL;
+
+ ret = krb5_init_context(&ctx);
@@ -105,7 +136,7 @@
allowed_etypes = conf_get_list("gssd", "allowed-enctypes");
if (allowed_etypes) {
-@@ -1653,7 +1658,7 @@ get_allowed_enctypes(void)
+@@ -1660,7 +1702,7 @@ get_allowed_enctypes(void)
ret = ENOMEM;
goto out_err;
}
@@ -114,11 +145,98 @@
&allowed_enctypes[num_allowed_enctypes]);
if (ret) {
printerr(0, "%s: invalid enctype %s",
-@@ -1694,6 +1699,7 @@ out:
- free(old);
+@@ -1671,7 +1713,7 @@ get_allowed_enctypes(void)
+ }
+ }
+ if (num_allowed_enctypes > 0) {
+- if (enctypes_list_to_string(allowed_enctypes, num_allowed_enctypes,
++ if (enctypes_list_to_string(ctx, allowed_enctypes, num_allowed_enctypes,
+ &allowed_enctypes_string) != 0) {
+ printerr(2, "%s: warning: enctypes_list_to_string() failed\n",
+ __func__);
+@@ -1687,6 +1729,7 @@ out_err:
+ out:
if (allowed_etypes)
conf_free_list(allowed_etypes);
+ krb5_free_context(ctx);
return ret;
}
+@@ -1721,7 +1764,7 @@ get_krb5_library_permitted_enctypes(void
+ num_lib_enctypes++;
+
+ if (num_lib_enctypes > 0) {
+- if (enctypes_list_to_string(lib_enctypes, num_lib_enctypes,
++ if (enctypes_list_to_string(context, lib_enctypes, num_lib_enctypes,
+ &lib_enctypes_string) != 0) {
+ printerr(2, "%s: warning: enctypes_list_to_string() failed\n",
+ __func__);
+@@ -1771,7 +1814,7 @@ out:
+ * according to the krb5 library's list, hence this helper function.
+ */
+ static int
+-determine_enctypes(krb5_enctype **set_enctypes, int *num_set_enctypes,
++determine_enctypes(krb5_context ctx, krb5_enctype **set_enctypes, int *num_set_enctypes,
+ char **set_enctypes_string)
+ {
+ extern int num_allowed_enctypes, num_krb5_enctypes, num_lib_enctypes;
+@@ -1840,7 +1883,7 @@ determine_enctypes(krb5_enctype **set_en
+ }
+
+ if (num_enctypes > 0) {
+- if (enctypes_list_to_string(enctypes, num_enctypes,
++ if (enctypes_list_to_string(ctx, enctypes, num_enctypes,
+ &enctypes_string) != 0) {
+ printerr(2, "%s: warning: enctypes_list_to_string() failed\n",
+ __func__);
+@@ -1889,8 +1932,16 @@ limit_krb5_enctypes(struct rpc_gss_sec *
+ }
+
+ if (set_enctypes == NULL) {
+- err = determine_enctypes(&set_enctypes, &num_set_enctypes,
++ krb5_context ctx;
++ err = krb5_init_context(&ctx);
++ if (err) {
++ printerr(2, "%s: failed to initialize context\n",
++ __func__);
++ return -1;
++ }
++ err = determine_enctypes(ctx, &set_enctypes, &num_set_enctypes,
+ &set_enctypes_string);
++ krb5_free_context(ctx);
+ if (err) {
+ printerr(2, "%s: failed to determine set_enctypes\n",
+ __func__);
+--- nfs-utils-2.8.7/utils/gssd/krb5_util.h.orig 2026-03-12 22:01:26.000000000 +0100
++++ nfs-utils-2.8.7/utils/gssd/krb5_util.h 2026-03-24 19:31:29.067999687 +0100
+@@ -24,7 +24,7 @@ void gssd_k5_get_default_realm(char **de
+ int gssd_acquire_user_cred(gss_cred_id_t *gss_cred);
+ int gssd_k5_remove_bad_service_cred(char *srvname);
+
+-int enctypes_list_to_string(krb5_enctype *enctypes, int num_enctypes,
++int enctypes_list_to_string(krb5_context ctx, krb5_enctype *enctypes, int num_enctypes,
+ char **enctype_string);
+
+ #ifdef HAVE_SET_ALLOWABLE_ENCTYPES
+--- nfs-utils-2.8.7/utils/gssd/gssd_proc.c.orig 2026-03-12 22:01:26.000000000 +0100
++++ nfs-utils-2.8.7/utils/gssd/gssd_proc.c 2026-03-24 19:47:28.539468451 +0100
+@@ -160,8 +160,17 @@ parse_enctypes(char *enctypes)
+ strcpy(cached_types, enctypes);
+
+ if (num_krb5_enctypes > 0) {
+- if (enctypes_list_to_string(krb5_enctypes, num_krb5_enctypes,
+- &krb5_enctypes_string) != 0) {
++ krb5_context ctx;
++ int err = krb5_init_context(&ctx);
++ if (err) {
++ printerr(2, "%s: failed to initialize context\n",
++ __func__);
++ goto out;
++ }
++ err = enctypes_list_to_string(ctx, krb5_enctypes, num_krb5_enctypes,
++ &krb5_enctypes_string);
++ krb5_free_context(ctx);
++ if (err != 0) {
+ printerr(2, "%s: warning: enctypes_list_to_string() failed\n",
+ __func__);
+ goto out;
diff --git a/nfs-utils-krb5-cache.patch b/nfs-utils-krb5-cache.patch
index a9ab0bd..1c4a906 100644
--- a/nfs-utils-krb5-cache.patch
+++ b/nfs-utils-krb5-cache.patch
@@ -29,9 +29,9 @@ Signed-off-by: Steve Dickson <steved at redhat.com>
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
index 201585ed..560e8be1 100644
---- a/utils/gssd/krb5_util.c
-+++ b/utils/gssd/krb5_util.c
-@@ -168,7 +168,8 @@ static int select_krb5_ccache(const struct dirent *d);
+--- nfs-utils-2.8.7/utils/gssd/krb5_util.c 2026-03-23 20:20:34.930109558 +0100
++++ nfs-utils-2.8.7/utils/gssd/krb5_util.c.orig 2026-03-23 20:10:48.709952052 +0100
+@@ -182,7 +182,8 @@ static int select_krb5_ccache(const stru
static int gssd_find_existing_krb5_ccache(uid_t uid, char *dirname,
const char **cctype, struct dirent **d);
static int gssd_get_single_krb5_cred(krb5_context context,
@@ -41,7 +41,7 @@ index 201585ed..560e8be1 100644
static int query_krb5_ccache(const char* cred_cache, char **ret_princname,
char **ret_realm);
-@@ -395,16 +396,14 @@ static int
+@@ -409,16 +410,14 @@ static int
gssd_get_single_krb5_cred(krb5_context context,
krb5_keytab kt,
struct gssd_k5_kt_princ *ple,
@@ -60,22 +60,23 @@ index 201585ed..560e8be1 100644
char *pname = NULL;
char *k5err = NULL;
int nocache = 0;
-@@ -457,6 +456,14 @@ gssd_get_single_krb5_cred(krb5_context context,
- krb5_get_init_creds_opt_set_tkt_life(opts, 5*60);
+@@ -472,6 +471,15 @@ gssd_get_single_krb5_cred(krb5_context c
#endif
+ pthread_mutex_lock(&ple_lock);
+ if ((code = krb5_get_init_creds_opt_set_out_ccache(context, opts,
+ ccache))) {
+ k5err = gssd_k5_err_msg(context, code);
+ printerr(1, "WARNING: %s while initializing ccache for "
+ "principal '%s' using keytab '%s'\n", k5err,
+ pname ? pname : "<unparsable>", kt_name);
++ pthread_mutex_unlock(&ple_lock);
+ goto out;
+ }
if ((code = krb5_get_init_creds_keytab(context, &my_creds, ple->princ,
kt, 0, NULL, opts))) {
k5err = gssd_k5_err_msg(context, code);
-@@ -466,61 +473,18 @@ gssd_get_single_krb5_cred(krb5_context context,
+@@ -482,60 +490,17 @@ gssd_get_single_krb5_cred(krb5_context c
goto out;
}
@@ -83,7 +84,6 @@ index 201585ed..560e8be1 100644
- * Initialize cache file which we're going to be using
- */
-
- pthread_mutex_lock(&ple_lock);
- if (use_memcache)
- cache_type = "MEMORY";
- else
@@ -125,9 +125,8 @@ index 201585ed..560e8be1 100644
- }
code = 0;
-- printerr(2, "%s(0x%lx): principal '%s' ccache:'%s'\n",
+ printerr(2, "%s(0x%lx): principal '%s' ccache:'%s'\n",
- __func__, tid, pname, cc_name);
-+ printerr(2, "%s(0x%lx): principal '%s' ccache:'%s'\n",
+ __func__, tid, pname, ple->ccname);
out:
if (opts)
@@ -139,7 +138,7 @@ index 201585ed..560e8be1 100644
krb5_free_cred_contents(context, &my_creds);
free(k5err);
return (code);
-@@ -1147,10 +1111,12 @@ gssd_refresh_krb5_machine_credential_internal(char *hostname,
+@@ -1199,10 +1164,12 @@ gssd_refresh_krb5_machine_credential_int
{
krb5_error_code code = 0;
krb5_context context;
@@ -154,7 +153,7 @@ index 201585ed..560e8be1 100644
/*
* If a specific service name was specified, use it.
-@@ -1209,7 +1175,38 @@ gssd_refresh_krb5_machine_credential_internal(char *hostname,
+@@ -1261,7 +1228,38 @@ gssd_refresh_krb5_machine_credential_int
goto out_free_kt;
}
}
@@ -194,6 +193,3 @@ index 201585ed..560e8be1 100644
out_free_kt:
krb5_kt_close(context, kt);
out_free_context:
---
-GitLab
-
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/nfs-utils.git/commitdiff/c2af6606e31cdeb77c1179d804f1576fd2d2adab
More information about the pld-cvs-commit
mailing list