You are not logged in.
Hi,
ive changed (for testing purpose only of course) the gssapi_krb5.h from heimdal against: /opt/mit-krb5/include/gssapi/gssapi_krb5.h. nfs4-utils compile fine after this.
so one solution would be to change heimdal to provide kerberos and do the same with mit-krb5 from aur which would offer the user a choice and allow the usage of nfs4.
the heimdal mailing list seems to be dead anyway.
but for this solution to work some packages need to change their deps, for example on my system:
pacman -R heimdal
checking dependencies...
error: failed to prepare transaction (could not satisfy dependencies)
:: evolution-data-server: requires heimdal>=1.2
:: gnome-vfs: requires heimdal>=1.2
:: gtk2: requires heimdal>=1.2
:: imagemagick: requires heimdal>=1.2.1
:: libcups: requires heimdal>=1.2
:: neon: requires heimdal>=1.2.1
:: openssh: requires heimdal>=1.2-1
:: pam-krb5: requires heimdal>=1.2
:: smbclient: requires heimdal>=1.2-1
any other ideas?
Offline
Hi metalfan,
i'm using a nfs4-utils ver. 1.1.4 build and modified by me and i'd like to share my solution to this problem in the hope that you can find it useful. About the impossibility to build nfs-utils (and the needed package 'librpcsecgss') against heimdal it's because the implemetation of gssapi in libgssglue conflicts with heimdal.
In gentoo Bryan Jacobs has produced a patch to nfs-utils/librpcsecgss that allow these packages to compile against heimdal without the gssapi intermediate library 'libgssglue' (in this way all that is needed for gssapi is provided by heimdal).
The nfs4-utils and librpcsecgss packages in AUR are orphans and I don't know how to load my librpcsecgss.tar.gz and nfs4-utils.tar.gz in order to share them so, following in this post, I attached all the code and any reference I have about this problem but if you want I can send to you my tar.gz arch packages.
Sorry for the long post...
bye
All you have to do is first build and install the package 'librpcsecgss' with dep on 'heimdal' instead of 'libgssglue' applying the patch that you can find in http://bugs.gentoo.org/show_bug.cgi?id=231395
patch: librpcsecgss-0.18-heimdal.patch
diff -NaurwB librpcsecgss-0.18.orig/configure.in librpcsecgss-0.18/configure.in
--- librpcsecgss-0.18.orig/configure.in 2008-04-09 00:05:40.000000000 +0200
+++ librpcsecgss-0.18/configure.in 2008-06-12 19:05:51.000000000 +0200
@@ -12,10 +12,15 @@
AC_PROG_RANLIB
# Checks for libraries.
-PKG_CHECK_MODULES([GSSGLUE], [libgssglue >= 0.1], [],
+PKG_CHECK_MODULES([GSSGLUE], [libgssglue >= 0.1],
+ [echo GSSGLUE found; GSSAPI_IMPLEMENTATION=libgssglue],
+ [PKG_CHECK_MODULES([GSSGLUE], [heimdal-gssapi],
+ [echo HEIMDAL found; GSSAPI_IMPLEMENTATION=heimdal-gssapi],
[AC_MSG_ERROR([Unable to locate information required to use libgssglue.
If you have pkgconfig installed, you might try setting environment
- variable PKG_CONFIG_PATH to /usr/local/lib/pkgconfig])])
+ variable PKG_CONFIG_PATH to /usr/local/lib/pkgconfig])])])
+
+AC_SUBST([GSSAPI_IMPLEMENTATION])
# Checks for header files.
AC_HEADER_STDC
diff -NaurwB librpcsecgss-0.18.orig/librpcsecgss.pc.in librpcsecgss-0.18/librpcsecgss.pc.in
--- librpcsecgss-0.18.orig/librpcsecgss.pc.in 2007-09-06 17:39:04.000000000 +0200
+++ librpcsecgss-0.18/librpcsecgss.pc.in 2008-06-12 19:06:40.000000000 +0200
@@ -5,7 +5,7 @@
Name: librpcsecgss
Description: Library that implements rpcsec_gss interface.
-Requires: libgssglue
+Requires: @GSSAPI_IMPLEMENTATION@
Version: @PACKAGE_VERSION@
Libs: -L@libdir@ -lrpcsecgss
Cflags: -I@includedir@/rpcsecgss
The PKGBUILD I used is:
# $Id: PKGBUILD,v 1.43 2007/09/23 07:37:00 tom Exp $
# Maintainer: Andrew Krawchyk <krawch_a@denison.edu>
# Contributor: Marco Lima <cipparello@gmail.com>
pkgname=librpcsecgss
pkgver=0.18
pkgrel=2
pkgdesc="Library for RPCSECGSS support"
arch=('i686' 'x86_64')
url="http://www.citi.umich.edu/projects/nfsv4/linux/"
license=('GPL')
depends=('glibc' 'tcp_wrappers' 'libevent>=1.3d' 'heimdal>=1.2-1')
source=("http://www.citi.umich.edu/projects/nfsv4/linux/$pkgname/$pkgname-$pkgver.tar.gz"
"librpcsecgss-0.18-heimdal.patch")
md5sums=('f2c4a69c5a32f62b762a569b8d962156'
'0cfe088551d5776f5bc08c1741a34346')
build() {
cd "$srcdir/$pkgname-$pkgver"
# Patch from gentoo for heimdal compatibility Bug #231395
# http://bugs.gentoo.org/show_bug.cgi?id=231395
patch -Np1 -i ../librpcsecgss-0.18-heimdal.patch || return 1
rm -f config.guess config.sub ltmain.sh
autoreconf -i
GSSAPI_CFLAGS='-I/usr/include/gssapi' \
./configure \
--prefix=/usr \
--sysconfdir=/etc \
--mandir=/usr/share/man \
--infodir=/usr/share/info
make || return 1
make DESTDIR="$pkgdir/" install || return 1
}
Then you need to build the package 'nfs4-utils' with dep only on 'librpcsecgss' (remove 'libgssglue'... as said the gssapi is provided by heimdal); to build the package you need the patches that you can find in http://bugs.gentoo.org/show_bug.cgi?id=231396
patch: nfs-utils-1.1.2-kerberos-ac.patch
diff -NaurwB nfs-utils-1.1.2.orig/aclocal/kerberos5.m4 nfs-utils-1.1.2/aclocal/kerberos5.m4
--- nfs-utils-1.1.2.orig/aclocal/kerberos5.m4 2008-03-14 16:46:29.000000000 +0100
+++ nfs-utils-1.1.2/aclocal/kerberos5.m4 2008-06-12 17:13:51.000000000 +0200
@@ -1,112 +1,48 @@
-dnl Checks for Kerberos
-dnl NOTE: while we intend to do generic gss-api, currently we
-dnl have a requirement to get an initial Kerberos machine
-dnl credential. Thus, the requirement for Kerberos.
-dnl The Kerberos gssapi library will be dynamically loaded?
AC_DEFUN([AC_KERBEROS_V5],[
+ K5CONFIG="krb5-config"
AC_MSG_CHECKING(for Kerberos v5)
- AC_ARG_WITH(krb5,
- [AC_HELP_STRING([--with-krb5=DIR], [use Kerberos v5 installation in DIR])],
+ AC_ARG_WITH(krb5-config,
+ [AC_HELP_STRING([--with-krb5-config=PATH], [Full Path to krb5-config.])],
[ case "$withval" in
yes|no)
- krb5_with=""
+ K5CONFIG="krb5-config"
;;
*)
- krb5_with="$withval"
+ K5CONFIG="$withval"
;;
esac ]
)
- for dir in $krb5_with /usr /usr/kerberos /usr/local /usr/local/krb5 \
- /usr/krb5 /usr/heimdal /usr/local/heimdal /usr/athena ; do
- dnl This ugly hack brought on by the split installation of
- dnl MIT Kerberos on Fedora Core 1
- K5CONFIG=""
- if test -f $dir/bin/krb5-config; then
- K5CONFIG=$dir/bin/krb5-config
- elif test -f "/usr/kerberos/bin/krb5-config"; then
- K5CONFIG="/usr/kerberos/bin/krb5-config"
- elif test -f "/usr/lib/mit/bin/krb5-config"; then
- K5CONFIG="/usr/lib/mit/bin/krb5-config"
- fi
if test "$K5CONFIG" != ""; then
KRBCFLAGS=`$K5CONFIG --cflags`
KRBLIBS=`$K5CONFIG --libs gssapi`
- K5VERS=`$K5CONFIG --version | head -n 1 | awk '{split($(4),v,"."); if (v@<:@"3"@:>@ == "") v@<:@"3"@:>@ = "0"; print v@<:@"1"@:>@v@<:@"2"@:>@v@<:@"3"@:>@ }'`
- AC_DEFINE_UNQUOTED(KRB5_VERSION, $K5VERS, [Define this as the Kerberos version number])
- if test -f $dir/include/gssapi/gssapi_krb5.h -a \
- \( -f $dir/lib/libgssapi_krb5.a -o \
- -f $dir/lib64/libgssapi_krb5.a -o \
- -f $dir/lib64/libgssapi_krb5.so -o \
- -f $dir/lib/libgssapi_krb5.so \) ; then
+ if $K5CONFIG --version | grep -q -e heimdal; then
+ K5VERS=`$K5CONFIG --version | head -n 1 | cut -f2 -d ' ' | tr -d '.'`
+ AC_DEFINE(HAVE_HEIMDAL, 1, [Define this if you have Heimdal Kerberos libraries])
+ gssapi_lib=gssapi
+ KRBIMPL="heimdal"
+ elif $K5CONFIG --version | grep -q -e mit; then
+ K5VERS=`$K5CONFIG --version | head -n 1 | cut -f4 -d ' ' | tr -d '.'`
AC_DEFINE(HAVE_KRB5, 1, [Define this if you have MIT Kerberos libraries])
- KRBDIR="$dir"
- dnl If we are using MIT K5 1.3.1 and before, we *MUST* use the
- dnl private function (gss_krb5_ccache_name) to get correct
- dnl behavior of changing the ccache used by gssapi.
- dnl Starting in 1.3.2, we *DO NOT* want to use
- dnl gss_krb5_ccache_name, instead we want to set KRB5CCNAME
- dnl to get gssapi to use a different ccache
if test $K5VERS -le 131; then
AC_DEFINE(USE_GSS_KRB5_CCACHE_NAME, 1, [Define this if the private function, gss_krb5_cache_name, must be used to tell the Kerberos library which credentials cache to use. Otherwise, this is done by setting the KRB5CCNAME environment variable])
fi
gssapi_lib=gssapi_krb5
- break
- dnl The following ugly hack brought on by the split installation
- dnl of Heimdal Kerberos on SuSe
- elif test \( -f $dir/include/heim_err.h -o\
- -f $dir/include/heimdal/heim_err.h \) -a \
- -f $dir/lib/libroken.a; then
- AC_DEFINE(HAVE_HEIMDAL, 1, [Define this if you have Heimdal Kerberos libraries])
- KRBDIR="$dir"
- gssapi_lib=gssapi
- break
- fi
- fi
- done
- dnl We didn't find a usable Kerberos environment
- if test "x$KRBDIR" = "x"; then
- if test "x$krb5_with" = "x"; then
- AC_MSG_ERROR(Kerberos v5 with GSS support not found: consider --disable-gss or --with-krb5=)
+ KRBIMPL="mit-krb5"
else
- AC_MSG_ERROR(Kerberos v5 with GSS support not found at $krb5_with)
- fi
+ AC_MSG_ERROR(Unknown Kerberos 5 Implementation. Is neither heimdal or mit-krb5.)
+ KRBIMPL="unknown"
fi
- AC_MSG_RESULT($KRBDIR)
-
- dnl Check if -rpath=$(KRBDIR)/lib is needed
- echo "The current KRBDIR is $KRBDIR"
- if test "$KRBDIR/lib" = "/lib" -o "$KRBDIR/lib" = "/usr/lib" \
- -o "$KRBDIR/lib" = "//lib" -o "$KRBDIR/lib" = "/usr//lib" ; then
- KRBLDFLAGS="";
- elif /sbin/ldconfig -p | grep > /dev/null "=> $KRBDIR/lib/"; then
- KRBLDFLAGS="";
- else
- KRBLDFLAGS="-Wl,-rpath=$KRBDIR/lib"
+ AC_DEFINE_UNQUOTED(KRB5_VERSION, $K5VERS, [Define this as the Kerberos version number])
fi
+ AC_MSG_RESULT($KRBIMPL)
- dnl Now check for functions within gssapi library
- AC_CHECK_LIB($gssapi_lib, gss_krb5_export_lucid_sec_context,
- AC_DEFINE(HAVE_LUCID_CONTEXT_SUPPORT, 1, [Define this if the Kerberos GSS library supports gss_krb5_export_lucid_sec_context]), ,$KRBLIBS)
- AC_CHECK_LIB($gssapi_lib, gss_krb5_set_allowable_enctypes,
- AC_DEFINE(HAVE_SET_ALLOWABLE_ENCTYPES, 1, [Define this if the Kerberos GSS library supports gss_krb5_set_allowable_enctypes]), ,$KRBLIBS)
- AC_CHECK_LIB($gssapi_lib, gss_krb5_ccache_name,
- AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME, 1, [Define this if the Kerberos GSS library supports gss_krb5_ccache_name]), ,$KRBLIBS)
-
- dnl Check for newer error message facility
- AC_CHECK_LIB($gssapi_lib, krb5_get_error_message,
- AC_DEFINE(HAVE_KRB5_GET_ERROR_MESSAGE, 1, [Define this if the function krb5_get_error_message is available]), ,$KRBLIBS)
+ AC_CHECK_LIB($gssapi_lib, gss_krb5_export_lucid_sec_context, AC_DEFINE(HAVE_LUCID_CONTEXT_SUPPORT, 1, [Define this if the Kerberos GSS library supports gss_krb5_export_lucid_sec_context]), ,$KRBLIBS)
+ AC_CHECK_LIB($gssapi_lib, gss_krb5_set_allowable_enctypes, AC_DEFINE(HAVE_SET_ALLOWABLE_ENCTYPES, 1, [Define this if the Kerberos GSS library supports gss_krb5_set_allowable_enctypes]), ,$KRBLIBS)
+ AC_CHECK_LIB($gssapi_lib, gss_krb5_ccache_name, AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME, 1, [Define this if the Kerberos GSS library supports gss_krb5_ccache_name]), ,$KRBLIBS)
+ AC_CHECK_LIB($gssapi_lib, krb5_get_error_message, AC_DEFINE(HAVE_KRB5_GET_ERROR_MESSAGE, 1, [Define this if the function krb5_get_error_message is available]), ,$KRBLIBS)
+ AC_CHECK_LIB($gssapi_lib, krb5_get_init_creds_opt_set_addressless, AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_OPT_SET_ADDRESSLESS, 1, [Define this if the function krb5_get_init_creds_opt_set_addressless is available]), ,$KRBLIBS)
- dnl Check for function to specify addressless tickets
- AC_CHECK_LIB($gssapi_lib, krb5_get_init_creds_opt_set_addressless,
- AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_OPT_SET_ADDRESSLESS, 1, [Define this if the function krb5_get_init_creds_opt_set_addressless is available]), ,$KRBLIBS)
-
- dnl If they specified a directory and it didn't work, give them a warning
- if test "x$krb5_with" != "x" -a "$krb5_with" != "$KRBDIR"; then
- AC_MSG_WARN(Using $KRBDIR instead of requested value of $krb5_with for Kerberos!)
- fi
-
- AC_SUBST([KRBDIR])
AC_SUBST([KRBLIBS])
AC_SUBST([KRBCFLAGS])
AC_SUBST([KRBLDFLAGS])
patch: nfs-utils-1.1.2-no_libgssapi.patch
Index: nfs-utils-1.1.0/utils/gssd/context_lucid.c
===================================================================
--- nfs-utils-1.1.0.orig/utils/gssd/context_lucid.c
+++ nfs-utils-1.1.0/utils/gssd/context_lucid.c
@@ -48,8 +48,10 @@
#include <krb5.h>
#include <gssapi/gssapi.h>
#ifndef OM_uint64
+#ifndef GSSAPI_GSSAPI_H_
typedef uint64_t OM_uint64;
#endif
+#endif
#include <gssapi/gssapi_krb5.h>
static int
@@ -171,10 +173,10 @@ serialize_krb5_ctx(gss_ctx_id_t ctx, gss
int retcode = 0;
printerr(2, "DEBUG: serialize_krb5_ctx: lucid version!\n");
- maj_stat = gss_export_lucid_sec_context(&min_stat, &ctx,
+ maj_stat = gss_krb5_export_lucid_sec_context(&min_stat, &ctx,
1, &return_ctx);
if (maj_stat != GSS_S_COMPLETE) {
- pgsserr("gss_export_lucid_sec_context",
+ pgsserr("gss_krb5_export_lucid_sec_context",
maj_stat, min_stat, &krb5oid);
goto out_err;
}
@@ -198,9 +200,9 @@ serialize_krb5_ctx(gss_ctx_id_t ctx, gss
else
retcode = prepare_krb5_rfc_cfx_buffer(lctx, buf);
- maj_stat = gss_free_lucid_sec_context(&min_stat, ctx, return_ctx);
+ maj_stat = gss_krb5_free_lucid_sec_context(&min_stat, ctx);
if (maj_stat != GSS_S_COMPLETE) {
- pgsserr("gss_export_lucid_sec_context",
+ pgsserr("gss_krb5_export_lucid_sec_context",
maj_stat, min_stat, &krb5oid);
printerr(0, "WARN: failed to free lucid sec context\n");
}
Index: nfs-utils-1.1.0/utils/gssd/krb5_util.c
===================================================================
--- nfs-utils-1.1.0.orig/utils/gssd/krb5_util.c
+++ nfs-utils-1.1.0/utils/gssd/krb5_util.c
@@ -294,10 +294,10 @@ limit_krb5_enctypes(struct rpc_gss_sec *
return -1;
}
- maj_stat = gss_set_allowable_enctypes(&min_stat, credh, &krb5oid,
+ maj_stat = gss_krb5_set_allowable_enctypes(&min_stat, credh,
num_enctypes, &enctypes);
if (maj_stat != GSS_S_COMPLETE) {
- pgsserr("gss_set_allowable_enctypes",
+ pgsserr("gss_krb5_set_allowable_enctypes",
maj_stat, min_stat, &krb5oid);
gss_release_cred(&min_stat, &credh);
return -1;
patch: nfs-utils-1.1.2-pkgconfig_ac.patch
--- configure.ac 2008-03-14 15:46:29.000000000 +0000
+++ configure.ac 2008-05-03 10:30:21.000000000 +0000
@@ -185,7 +185,7 @@
[AC_MSG_ERROR([Unable to locate information required to use librpcsecgss. If you have pkgconfig installed, you might try setting environment variable PKG_CONFIG_PATH to /usr/local/lib/pkgconfig])
]
)
- PKG_CHECK_MODULES(GSSGLUE, libgssglue >= 0.1)
+ PKG_CHECK_MODULES(GSSGLUE, libgssglue >= 0.1, , [PKG_CHECK_MODULES(GSSGLUE, heimdal-gssapi)])
fi
fi
@@ -228,9 +228,9 @@
dnl This is not done until here because we need to have KRBLIBS set
dnl ("librpcsecgss=1" is so that it doesn't get added to LIBS)
- AC_CHECK_LIB(rpcsecgss, authgss_create_default, [librpcsecgss=1], AC_MSG_ERROR([librpcsecgss needed for nfsv4 support]), -lgssglue -ldl)
+ AC_CHECK_LIB(rpcsecgss, authgss_create_default, [librpcsecgss=1], AC_MSG_ERROR([librpcsecgss needed for nfsv4 support]), $GSSGLUE_CFLAGS)
AC_CHECK_LIB(rpcsecgss, authgss_set_debug_level,
- AC_DEFINE(HAVE_AUTHGSS_SET_DEBUG_LEVEL, 1, [Define this if the rpcsec_gss library has the function authgss_set_debug_level]),, -lgssglue -ldl)
+ AC_DEFINE(HAVE_AUTHGSS_SET_DEBUG_LEVEL, 1, [Define this if the rpcsec_gss library has the function authgss_set_debug_level]),, $GSSGLUE_CFLAGS)
fi
patch: nfs-utils-1.1.4-heimdal_functions.patch
diff -Naur nfs-utils-1.1.4/utils/gssd/krb5_util.c nfs-utils-1.1.4-r1/utils/gssd/krb5_util.c
--- utils/gssd/krb5_util.c 2008-10-17 14:20:09.000000000 +0000
+++ utils/gssd/krb5_util.c 2008-11-22 13:52:42.000000000 +0000
@@ -927,9 +927,37 @@
{
krb5_error_code ret;
krb5_creds creds;
- krb5_cc_cursor cur;
int found = 0;
+#ifdef HAVE_HEIMDAL
+ krb5_creds pattern;
+ krb5_realm *client_realm;
+
+ krb5_cc_clear_mcred(&pattern);
+
+ client_realm = krb5_princ_realm (context, principal);
+
+ ret = krb5_make_principal (context, &pattern.server,
+ *client_realm, KRB5_TGS_NAME, *client_realm,
+ NULL);
+ if (ret)
+ krb5_err (context, 1, ret, "krb5_make_principal");
+ pattern.client = principal;
+
+ ret = krb5_cc_retrieve_cred (context, ccache, 0, &pattern, &creds);
+ krb5_free_principal (context, pattern.server);
+ if (ret) {
+ if (ret == KRB5_CC_END)
+ return 1;
+ krb5_err (context, 1, ret, "krb5_cc_retrieve_cred");
+ }
+
+ found = creds.times.endtime > time(NULL);
+
+ krb5_free_cred_contents (context, &creds);
+#else
+ krb5_cc_cursor cur;
+
ret = krb5_cc_start_seq_get(context, ccache, &cur);
if (ret)
return 0;
@@ -949,6 +977,7 @@
krb5_free_cred_contents(context, &creds);
}
krb5_cc_end_seq_get(context, ccache, &cur);
+#endif
return found;
}
@@ -995,6 +1024,9 @@
}
krb5_free_principal(context, principal);
err_princ:
+#ifdef HAVE_HEIMDAL
+#define KRB5_TC_OPENCLOSE 0x00000001
+#endif
krb5_cc_set_flags(context, ccache, KRB5_TC_OPENCLOSE);
krb5_cc_close(context, ccache);
err_cache:
The PKGBUILD I used is the follow. As you can see I changed the rc.d scripts to have only two scripts to do the job (client side and server side) to start the nfsd and related/needed daemons and take care to load and mount modules and filesystems needed but you can watch only at the use of the patch and reconfiguration before the configure/make step and use for the rest of the package the usual arch scripts.
# Maintainer: abelstr <abel@pinklf.eu>
# Contributor: Marco Lima <cipparello@gmail.com>
pkgname=nfs4-utils
_realname=nfs-utils
pkgver=1.1.4
pkgrel=3
pkgdesc="Support programs for Network File Systems"
arch=('i686' 'x86_64')
url="http://nfs.sourceforge.net"
license=('GPL')
depends=('glibc' 'tcp_wrappers' 'e2fsprogs' 'portmap' 'nfsidmap' 'librpcsecgss')
replaces=('nfs-utils')
provides=('nfs-utils')
backup=(etc/{exports,gssapi_mech.conf,idmapd.conf} etc/conf.d/{nfs-common.conf,nfs-server.conf})
install="$_realname.install"
options=('docs')
source=("http://garr.dl.sourceforge.net/sourceforge/nfs/$_realname-$pkgver.tar.bz2"
nfs-common
nfs-common.conf
nfs-server
nfs-server.conf
exports
start-statd.patch
idmapd.conf
gssapi_mech.conf
nfs-utils-1.1.2-kerberos-ac.patch
nfs-utils-1.1.2-no_libgssapi.patch
nfs-utils-1.1.2-pkgconfig_ac.patch
nfs-utils-1.1.4-heimdal_functions.patch)
md5sums=('3ed5b9cb73fd1c9b358c7bfa7a6ae150'
'3fa8ad66f434e8277e7a82c7c699ce46'
'a05e6e91307af37e7bd612b356bd0b6a'
'1852b84523c74e02831b60dcc5739f7a'
'1c6c755fcfef4e5e19ee7414d3020269'
'ff585faf410a62c4333a027c50b56bae'
'11f6c229108c223dc5fe849d11aecaf3'
'64eaa20ea49e324e5a72858f104a61eb'
'234b9cca75a33af98eda3f1683756879'
'f3be115d392d9f9bb0f056e8d4341a14'
'de30683636eda26421e58937a784b123'
'd07c449358eeb254850975add54bcff2'
'959a81d86da677d42e76b597656171a2')
build() {
cd "$srcdir/$_realname-$pkgver"
# Patches from gentoo for heimdal compatibility Bug 231396
# http://bugs.gentoo.org/show_bug.cgi?id=231396
patch -Np1 -i ../nfs-utils-1.1.2-kerberos-ac.patch || return 1
patch -Np0 -i ../nfs-utils-1.1.2-pkgconfig_ac.patch || return 1
patch -Np1 -i ../nfs-utils-1.1.2-no_libgssapi.patch || return 1
patch -Np0 -i ../nfs-utils-1.1.4-heimdal_functions.patch || return 1
rm -f config.guess config.sub ltmain.sh
autoreconf -i
export GSSAPI_CFLAGS='-I/usr/include/gssapi'
export GSSAPI_LIBS='-lgssapi -ldl'
patch -Np0 -i ../start-statd.patch || return 1
./configure \
--prefix=/usr \
--sysconfdir=/etc \
--with-statedir=/var/lib/nfs \
--mandir=/usr/share/man \
--infodir=/usr/share/info \
--enable-nfsv3 \
--enable-nfsv4 \
--enable-gss \
--with-tcp-wrappers || return 1
make || return 1
make DESTDIR="$pkgdir/" install || return 1
# NFS & NFSv4 init scripts
install -D -m 755 ../nfs-common "$pkgdir/"etc/rc.d/nfs-common
install -D -m 755 ../nfs-server "$pkgdir/"etc/rc.d/nfs-server
# Configuration
install -D -m 644 ../exports "$pkgdir/"etc/exports
install -D -m 644 ../idmapd.conf "$pkgdir/"etc/idmapd.conf
install -D -m 644 ../gssapi_mech.conf "$pkgdir/"etc/gssapi_mech.conf
install -D -m 644 ../nfs-common.conf "$pkgdir/"etc/conf.d/nfs-common.conf
install -D -m 644 ../nfs-server.conf "$pkgdir/"etc/conf.d/nfs-server.conf
# directories
mkdir "$pkgdir/"var/lib/nfs/rpc_pipefs
mkdir "$pkgdir/"var/lib/nfs/v4recovery
# copy docs
install -m 755 -d "$pkgdir/"usr/share/doc/$pkgname || return 1
install -m 644 -t "$pkgdir/"usr/share/doc/$pkgname AUTHORS ChangeLog INSTALL \
NEWS README || return 1
}
idmapd.conf
[General]
Verbosity = 0
Pipefs-Directory = /var/lib/nfs/rpc_pipefs
Domain = localdomain
[Mapping]
Nobody-User = nobody
Nobody-Group = nogroup
[Translation]
Method = nsswitch
gssapi_mech.conf
# Example /etc/gssapi_mech.conf file
#
# GSSAPI Mechanism Definitions
#
# This configuration file determines which GSS-API mechanisms
# the gssd code should use
#
# NOTE:
# The initiaiization function "mechglue_internal_krb5_init"
# is used for the MIT krb5 gssapi mechanism. This special
# function name indicates that an internal function should
# be used to determine the entry points for the MIT gssapi
# mechanism funtions.
#
# library initialization function
# ================================ ==========================
# The MIT K5 gssapi library, use special function for initialization.
#/usr/lib/libgssapi_krb5.so mechglue_internal_krb5_init
/usr/lib/libgssapi.so mechglue_internal_krb5_init
#
# The SPKM3 gssapi library function. Use the function spkm3_gss_initialize.
# /usr/local/gss_mechs/spkm/spkm3/libgssapi_spkm3.so spkm3_gss_initialize
exports
# /etc/exports
#
# List of directories exported to NFS clients. See exports(5).
# Use exportfs -arv to reread.
#
# Example for NFSv2 and NFSv3:
# /srv/home hostname1(rw,sync) hostname2(ro,sync)
#
# Example for NFSv4:
# /srv/nfs4 hostname1(rw,sync,fsid=0)
# /srv/nfs4/home hostname1(rw,sync,nohide)
# Using Kerberos and integrity checking:
# /srv/nfs4 gss/krb5i(rw,sync,fsid=0,crossmnt)
# /srv/nfs4/home gss/krb5i(rw,sync,nohide)
#
start-statd.patch
--- utils/statd/start-statd 2008-10-17 16:20:09.000000000 +0200
+++ utils/statd/start-statd.new 2008-12-06 11:43:12.000000000 +0100
@@ -1,9 +1,16 @@
#!/bin/sh
+
+# Original script provided by the NFS project
+# Modified for Arch Linux by Tom Killian
+
# nfsmount calls this script when mounting a filesystem with locking
# enabled, but when statd does not seem to be running (based on
# /var/run/rpc.statd.pid).
# It should run run statd with whatever flags are apropriate for this
# site.
-PATH=/sbin:/usr/sbin
-exec rpc.statd --no-notify
+
+# source application-specific settings
+[ -f /etc/conf.d/nfs-common.conf ] && . /etc/conf.d/nfs-common.conf
+
+exec /usr/sbin/rpc.statd $STATD_OPTS
nfs-utils.install
## arg 1: the new package version
post_install() {
cat << 'EOM'
==>
==> PLEASE NOTE:
==> Extended configuration options for NFS (clients & server) are available in
==> /etc/conf.d/nfs-common.conf and in /etc/conf.d/nfs-server.conf
==>
==> Please refer to http://wiki.archlinux.org/index.php/Nfs
==> for further information on NFS; for NFSv4, refer to
==> http://wiki.archlinux.org/index.php/NFSv4
==> Also, if you plan on using NFSv4, in /etc/conf.d/nfs-common.conf set:
==> 1) NEED_IDMAPD="yes" to start rpc.idmapd - on clients & server.
==> rpc.idmapd needs to be properly configured; edit at least the
==> daemon line in /etc/idmapd.conf.
==> 2) NEED_GSSD="yes" to start rpc.gssd (GSS authentication) - only on clients.
==> 3) Add "rpc_pipefs /var/lib/nfs/rpc_pipefs rpc_pipefs 0 0" to /etc/fstab.
==> If not mounted when the init script nfs-common starts it tries to mount the
==> filesystem automatically (if rpc.idmapd or rpc.gssd is needed);
==> see /etc/conf.d/nfs-common.conf for extended configuration options.
==> in /etc/conf.d/nfs-server.conf (only server) set:
==> 1) add "nfsd /proc/fs/nfsd nfsd -o rw,nodev,noexec,nosuid 0 0" to /etc/fstab.
==> If not mounted when the init script nfs-server starts it tries to mount the
==> filesystem automatically; see /etc/conf.d/nfs-server.conf for extended
==> configuration options.
==> 2) NEED_SVCGSSD="yes" to start rpc.svcgssd (GSS authentication) - on server
EOM
}
## arg 1: the new package version
## arg 2: the old package version
post_upgrade() {
post_install $1
}
nfs-server.conf
# Parameters to be passed to nfs-server init script.
#
# Options to pass to rpc.nfsd.
NFSD_OPTS=
# Number of servers to start up; the default is 8 servers.
NFSD_COUNT=
# Where to mount nfsd filesystem; the default is "/proc/fs/nfsd".
PROCNFSD_MOUNTPOINT=
# Options used to mount nfsd filesystem; the default is "rw,nodev,noexec,nosuid".
PROCNFSD_MOUNTOPTS=
# Options for rpc.mountd.
# If you have a port-based firewall, you might want to set up
# a fixed port here using the --port option. For more information,
# see rpc.mountd(8)
MOUNTD_OPTS="--no-nfs-version 1 --no-nfs-version 2"
# Do you want to start the svcgssd daemon? It is only required for Kerberos
# exports. Valid alternatives are "yes" and "no"; the default is "no".
NEED_SVCGSSD=
# Options to pass to rpc.svcgssd.
SVCGSSD_OPTS=
nfs-server
#!/bin/bash
daemon_name=nfs-server
NFSD_COUNT=
NFSD_OPTS=
NEED_SVCGSSD=
SVCGSSD_OPTS=
MOUNTD_OPTS=
PROCNFSD_MOUNTPOINT=
PROCNFSD_MOUNTOPTS=
# rpc.nfsd daemon & binary location
NFSD_PROCESS_NAME=nfsd
NFSD_DAEMON_NAME=rpc.nfsd
NFSD="/usr/sbin/rpc.nfsd"
# rpc.svcgssd daemon & binary location
SVCGSSD_DAEMON_NAME=rpc.svcgssd
SVCGSSD="/usr/sbin/rpc.svcgssd"
# rpc.idmapd daemon & binary location
IDMAPD_DAEMON_NAME=rpc.idmapd
IDMAPD="/usr/sbin/rpc.idmapd"
# rpc.mountd daemon & binary location
MOUNTD_DAEMON_NAME=rpc.mountd
MOUNTD="/usr/sbin/rpc.mountd"
# exortfs binary location
EXPORTFS="/usr/sbin/exportfs"
. /etc/rc.conf
. /etc/rc.d/functions
. /etc/conf.d/$daemon_name.conf
# Default number of nfsd servers
[ -z "$NFSD_COUNT" ] && NFSD_COUNT=8
# Default mountpoint and options for nfsd filesystem
[ -z "$PROCNFSD_MOUNTPOINT" ] && PROCNFSD_MOUNTPOINT="/proc/fs/nfsd"
[ -z "$PROCNFSD_MOUNTOPTS" ] && PROCNFSD_MOUNTOPTS="rw,nodev,noexec,nosuid"
case "$NEED_SVCGSSD" in
yes|no)
;;
*)
NEED_SVCGSSD=no
;;
esac
do_modprobe() {
if [ -x /sbin/modprobe -a -f /proc/modules ]; then
modprobe -q "$1" || true
fi
}
do_mount() {
if ! grep -E "$1\$" /proc/filesystems &> /dev/null ; then
return 1
fi
if grep -vw "$1" /proc/mounts &> /dev/null ; then
if ! mountpoint -q "$2" ; then
mount -t "$1" "$1" "$2" -o "$3"
return
fi
fi
return 0
}
do_umount() {
if mountpoint -q "$1" ; then
umount "$1"
fi
return 0
}
get_pid() {
pidof -o %PPID "$1"
}
case "$1" in
start)
rc=0
stat_busy "Mounting nfsd filesystem"
do_modprobe nfsd
do_mount nfsd "$PROCNFSD_MOUNTPOINT" "$PROCNFSD_MOUNTOPTS"
rc=$(($rc+$?))
if [ $rc -gt 0 ]; then
stat_fail
exit $rc
else
stat_done
fi
stat_busy "Exporting all directories"
$EXPORTFS -r
rc=$(($rc+$?))
if [ $rc -gt 0 ]; then
stat_fail
exit $rc
else
stat_done
fi
stat_busy "Starting $NFSD_DAEMON_NAME daemon"
PID=$(get_pid $NFSD_PROCESS_NAME)
if [ -z "$PID" ]; then
[ -f /var/run/$NFSD_DAEMON_NAME.pid ] && rm -f /var/run/$NFSD_DAEMON_NAME.pid
# RUN
$NFSD $NFSD_OPTS $NFSD_COUNT
#
rc=$(($rc+$?))
if [ $rc -gt 0 ]; then
stat_fail
exit $rc
else
echo $(get_pid $NFSD_PROCESS_NAME) > /var/run/$NFSD_DAEMON_NAME.pid
stat_done
fi
else
stat_fail
exit 1
fi
if [ "$NEED_SVCGSSD" = yes ]; then
stat_busy "Starting $SVCGSSD_DAEMON_NAME daemon"
PID=$(get_pid $SVCGSSD)
if [ -z "$PID" ]; then
[ -f /var/run/$SVCGSSD_DAEMON_NAME.pid ] && rm -f /var/run/$SVCGSSD_DAEMON_NAME.pid
# RUN
$SVCGSSD $SVCGSSD_OPTS
#
rc=$(($rc+$?))
if [ $rc -gt 0 ]; then
stat_fail
exit $rc
else
echo $(get_pid $SVCGSSD) > /var/run/$SVCGSSD_DAEMON_NAME.pid
stat_done
fi
else
stat_fail
exit 1
fi
fi
PID=$(get_pid $IDMAPD)
[ ! -z "$PID" ] && kill -SIGHUP $IDMAPD_DAEMON_NAME &> /dev/null
stat_busy "Starting $MOUNTD_DAEMON_NAME daemon"
PID=$(get_pid $MOUNTD)
if [ -z "$PID" ]; then
[ -f /var/run/$MOUNTD_DAEMON_NAME.pid ] && rm -f /var/run/$MOUNTD_DAEMON_NAME.pid
# RUN
$MOUNTD $MOUNTD_OPTS
#
rc=$(($rc+$?))
if [ $rc -gt 0 ]; then
stat_fail
exit $rc
else
echo $(get_pid $MOUNTD) > /var/run/$MOUNTD_DAEMON_NAME.pid
stat_done
fi
else
stat_fail
exit 1
fi
add_daemon $daemon_name
;;
stop)
rc=0
stat_busy "Stopping $MOUNTD_DAEMON_NAME daemon"
PID=$(get_pid $MOUNTD)
# KILL
[ ! -z "$PID" ] && kill $PID &> /dev/null
#
rc=$(($rc+$?))
if [ $rc -gt 0 ]; then
stat_fail
exit $rc
else
rm -f /var/run/$MOUNTD_DAEMON_NAME.pid &> /dev/null
stat_done
fi
if [ "$NEED_SVCGSSD" = yes ]; then
stat_busy "Stopping $SVCGSSD_DAEMON_NAME daemon"
PID=$(get_pid $SVCGSSD)
# KILL
[ ! -z "$PID" ] && kill $PID &> /dev/null
#
rc=$(($rc+$?))
if [ $rc -gt 0 ]; then
stat_fail
exit $rc
else
rm -f /var/run/$SVCGSSD_DAEMON_NAME.pid &> /dev/null
stat_done
fi
fi
stat_busy "Stopping $NFSD_DAEMON_NAME daemon"
PID=$(get_pid $NFSD_PROCESS_NAME)
# KILL (SIGINT)
[ ! -z "$PID" ] && kill -2 $PID &> /dev/null
#
rc=$(($rc+$?))
if [ $rc -gt 0 ]; then
stat_fail
exit $rc
else
sleep 1
PID=$(get_pid $NFSD_PROCESS_NAME)
# KILL (KILL) - just to be sure
[ ! -z "$PID" ] && kill -9 $PID &> /dev/null
#
rm -f /var/run/$NFSD_DAEMON_NAME.pid &> /dev/null
stat_done
fi
stat_busy "Unexporting all directories"
$EXPORTFS -au
rc=$(($rc+$?))
if [ $rc -gt 0 ]; then
stat_fail
exit $rc
else
stat_done
fi
# flush everything out of the kernels export table
if mountpoint -q "$PROCNFSD_MOUNTPOINT" ; then
$EXPORTFS -f
fi
rm_daemon $daemon_name
;;
status)
stat_busy "$daemon_name running"
if ck_daemon $daemon_name; then
stat_fail
else
stat_done
fi
stat_busy "Daemon $NFSD_DAEMON_NAME running"
PID=$(get_pid $NFSD_PROCESS_NAME)
if [ -z "$PID" ]; then
stat_fail
else
stat_done
fi
stat_busy "Daemon $MOUNTD_DAEMON_NAME running"
PID=$(get_pid $MOUNTD)
if [ -z "$PID" ]; then
stat_fail
else
stat_done
fi
if [ "$NEED_SVCGSSD" = yes ]; then
stat_busy "Daemon $SVCGSSD_DAEMON_NAME running"
PID=$(get_pid $SVCGSSD)
if [ -z "$PID" ]; then
stat_fail
else
stat_done
fi
fi
echo
;;
reload)
rc=0
stat_busy "Re-exporting all directories"
$EXPORTFS -r
rc=$(($rc+$?))
if [ $rc -gt 0 ]; then
stat_fail
exit $rc
else
stat_done
fi
;;
restart)
$0 stop
sleep 3
$0 start
;;
*)
echo "usage: $0 {start|stop|status|reload|restart}"
esac
exit 0
nfs-common.conf
# Parameters to be passed to nfs-common (nfs clients & server) init script.
#
# If you do not set values for the NEED_ options, they will be attempted
# autodetected; this should be sufficient for most people. Valid alternatives
# for the NEED_ options are "yes" and "no".
# Do you want to start the statd daemon? It is not needed for NFSv4.
NEED_STATD=
# Options to pass to rpc.statd.
# N.B. statd normally runs on both client and server, and run-time
# options should be specified accordingly. Specifically, the Arch
# NFS init scripts require the --no-notify flag on the server,
# but not on the client e.g.
# STATD_OPTS="--no-notify -p 32765 -o 32766" -> server
# STATD_OPTS="-p 32765 -o 32766" -> client
STATD_OPTS=
# Do you want to start the idmapd daemon? It is only needed for NFSv4.
NEED_IDMAPD=
# Options to pass to rpc.idmapd.
IDMAPD_OPTS=
# Do you want to start the gssd daemon? It is required for Kerberos mounts.
NEED_GSSD=
# Options to pass to rpc.gssd.
GSSD_OPTS=
# Where to mount rpc_pipefs filesystem; the default is "/var/lib/nfs/rpc_pipefs".
PIPEFS_MOUNTPOINT=
# Options used to mount rpc_pipefs filesystem; the default is "defaults".
PIPEFS_MOUNTOPTS=
nfs-common
#!/bin/bash
daemon_name=nfs-common
NEED_STATD=
STATD_OPTS=
NEED_IDMAPD=
IDMAPD_OPTS=
NEED_GSSD=
GSSD_OPTS=
PIPEFS_MOUNTPOINT=
PIPEFS_MOUNTOPTS=
# rpc.statd daemon & binary location
STATD_DAEMON_NAME=rpc.statd
STATD="/usr/sbin/rpc.statd"
# rpc.idmapd daemon & binary location
IDMAPD_DAEMON_NAME=rpc.idmapd
IDMAPD="/usr/sbin/rpc.idmapd"
# rpc.gssd daemon & binary location
GSSD_DAEMON_NAME=rpc.gssd
GSSD="/usr/sbin/rpc.gssd"
. /etc/rc.conf
. /etc/rc.d/functions
. /etc/conf.d/$daemon_name.conf
# Default mountpoint and options for rpc_pipefs filesystem
[ -z "$PIPEFS_MOUNTPOINT" ] && PIPEFS_MOUNTPOINT="/var/lib/nfs/rpc_pipefs"
[ -z "$PIPEFS_MOUNTOPTS" ] && PIPEFS_MOUNTOPTS="defaults"
# Parse the fstab file, and determine whether we need idmapd and gssd. (The
# /etc/defaults settings, if any, will override our autodetection.) This code
# is partially adapted from the mountnfs.sh script in the sysvinit package.
AUTO_NEED_IDMAPD=no
AUTO_NEED_GSSD=no
if [ -f /etc/fstab ]; then
exec 9<&0 </etc/fstab
while read DEV MTPT FSTYPE OPTS REST; do
if [ "$FSTYPE" = "nfs4" ]; then
AUTO_NEED_IDMAPD=yes
fi
case "$OPTS" in
sec=krb5|*,sec=krb5|sec=krb5,*|*,sec=krb5i,*|sec=krb5i|*,sec=krb5i|sec=krb5i,*|*,sec=krb5i,*|sec=krb5p|*,sec=krb5p|sec=krb5p,*|*,sec=krb5p,*)
AUTO_NEED_GSSD=yes
;;
esac
done
exec 0<&9 9<&-
fi
# We also need idmapd if we run an NFSv4 server. It's fairly difficult
# to autodetect whether there are NFSv4 exports or not, and idmapd is not a
# particularily heavy daemon, so we auto-enable it if we find an /etc/exports
# file. This does not mean that there are NFSv4 or other mounts active (or
# even that nfs-kernel-server is installed), but it matches what the "start"
# condition in nfs-kernel-server's init script does, which has a value in
# itself.
if [ -f /etc/exports ] && grep -q '^[[:space:]]*[^#]*/' /etc/exports; then
AUTO_NEED_IDMAPD=yes
fi
case "$NEED_STATD" in
yes|no)
;;
*)
NEED_STATD=yes
;;
esac
case "$NEED_IDMAPD" in
yes|no)
;;
*)
NEED_IDMAPD=$AUTO_NEED_IDMAPD
;;
esac
case "$NEED_GSSD" in
yes|no)
;;
*)
NEED_GSSD=$AUTO_NEED_GSSD
;;
esac
do_modprobe() {
if [ -x /sbin/modprobe -a -f /proc/modules ]; then
modprobe -q "$1" || true
fi
}
do_mount() {
if ! grep -E "$1\$" /proc/filesystems &> /dev/null ; then
return 1
fi
if grep -vw "$1" /proc/mounts &> /dev/null ; then
if ! mountpoint -q "$2" ; then
mount -t "$1" "$1" "$2" -o "$3"
return
fi
fi
return 0
}
do_umount() {
if mountpoint -q "$1" ; then
umount "$1"
fi
return 0
}
get_pid() {
pidof -o %PPID "$1"
}
case "$1" in
start)
rc=0
if [ "$NEED_STATD" = yes ]; then
stat_busy "Starting $STATD_DAEMON_NAME daemon"
PID=$(get_pid $STATD)
if [ -z "$PID" ]; then
[ -f /var/run/$STATD_DAEMON_NAME.pid ] && rm -f /var/run/$STATD_DAEMON_NAME.pid
# RUN
$STATD $STATD_OPTS
#
rc=$(($rc+$?))
if [ $rc -gt 0 ]; then
stat_fail
exit $rc
else
echo $(get_pid $STATD) > /var/run/$STATD_DAEMON_NAME.pid
stat_done
fi
else
stat_fail
exit 1
fi
fi
if [ "$NEED_IDMAPD" = yes ] || [ "$NEED_GSSD" = yes ]; then
do_modprobe sunrpc
do_modprobe nfs
do_mount rpc_pipefs "$PIPEFS_MOUNTPOINT" "$PIPEFS_MOUNTOPTS"
rc=$(($rc+$?))
if [ $rc -gt 0 ]; then
stat_fail
exit $rc
fi
if [ "$NEED_IDMAPD" = yes ]; then
stat_busy "Starting $IDMAPD_DAEMON_NAME daemon"
PID=$(get_pid $IDMAPD)
if [ -z "$PID" ]; then
[ -f /var/run/$IDMAPD_DAEMON_NAME.pid ] && rm -f /var/run/$IDMAPD_DAEMON_NAME.pid
# RUN
$IDMAPD $IDMAPD_OPTS
#
rc=$(($rc+$?))
if [ $rc -gt 0 ]; then
stat_fail
exit $rc
else
echo $(get_pid $IDMAPD) > /var/run/$IDMAPD_DAEMON_NAME.pid
stat_done
fi
else
stat_fail
exit 1
fi
fi
if [ "$NEED_GSSD" = yes ]; then
do_modprobe rpcsec_gss_krb5
stat_busy "Starting $GSSD_DAEMON_NAME daemon"
PID=$(get_pid $GSSD)
if [ -z "$PID" ]; then
[ -f /var/run/$GSSD_DAEMON_NAME.pid ] && rm -f /var/run/$GSSD_DAEMON_NAME.pid
# RUN
$GSSD $GSSD_OPTS
#
rc=$(($rc+$?))
if [ $rc -gt 0 ]; then
stat_fail
exit $rc
else
echo $(get_pid $GSSD) > /var/run/$GSSD_DAEMON_NAME.pid
stat_done
fi
else
stat_fail
exit 1
fi
fi
fi
add_daemon $daemon_name
;;
stop)
rc=0
if [ "$NEED_IDMAPD" = yes ] || [ "$NEED_GSSD" = yes ]; then
if [ "$NEED_GSSD" = yes ]; then
stat_busy "Stopping $GSSD_DAEMON_NAME daemon"
PID=$(get_pid $GSSD)
# KILL
[ ! -z "$PID" ] && kill $PID &> /dev/null
#
rc=$(($rc+$?))
if [ $rc -gt 0 ]; then
stat_fail
exit $rc
else
rm -f /var/run/$GSSD_DAEMON_NAME.pid &> /dev/null
stat_done
fi
fi
if [ "$NEED_IDMAPD" = yes ]; then
stat_busy "Stopping $IDMAPD_DAEMON_NAME daemon"
PID=$(get_pid $IDMAPD)
# KILL
[ ! -z "$PID" ] && kill $PID &> /dev/null
#
rc=$(($rc+$?))
if [ $rc -gt 0 ]; then
stat_fail
exit $rc
else
rm -f /var/run/$IDMAPD_DAEMON_NAME.pid &> /dev/null
stat_done
fi
fi
do_umount "$PIPEFS_MOUNTPOINT" 2>/dev/null || true
fi
if [ "$NEED_STATD" = yes ]; then
stat_busy "Stopping $STATD_DAEMON_NAME daemon"
PID=$(get_pid $STATD)
# KILL
[ ! -z "$PID" ] && kill $PID &> /dev/null
#
rc=$(($rc+$?))
if [ $rc -gt 0 ]; then
stat_fail
exit $rc
else
rm -f /var/run/$STATD_DAEMON_NAME.pid &> /dev/null
stat_done
fi
fi
rm_daemon $daemon_name
;;
status)
stat_busy "$daemon_name running"
if ck_daemon $daemon_name; then
stat_fail
else
stat_done
fi
if [ "$NEED_STATD" = yes ]; then
stat_busy "Daemon $STATD_DAEMON_NAME running"
PID=$(get_pid $STATD)
if [ -z "$PID" ]; then
stat_fail
else
stat_done
fi
fi
if [ "$NEED_GSSD" = yes ]; then
stat_busy "Daemon $GSSD_DAEMON_NAME running"
PID=$(get_pid $GSSD)
if [ -z "$PID" ]; then
stat_fail
else
stat_done
fi
fi
if [ "$NEED_IDMAPD" = yes ]; then
stat_busy "Daemon $IDMAPD_DAEMON_NAME running"
PID=$(get_pid $IDMAPD)
if [ -z "$PID" ]; then
stat_fail
else
stat_done
fi
fi
echo
;;
restart)
$0 stop
sleep 3
$0 start
;;
*)
echo "usage: $0 {start|stop|status|restart}"
esac
exit 0
Offline
Well done! The nfs4-utils package in the AUr is an orphan so it would be good if you wanted to take it over.
Offline
thx, will try it later today.
whitespaces in most of the patches are wrong, so the md5s dont match and patch cant work with them.
Last edited by metalfan (2008-12-24 18:20:55)
Offline
@cipparello Fantastic Job. This is the first time that nfs-utils with nfs4 support compiles for me and so again: Fantastic Job.
The only little thing what i recognized is that in the PKGBUILD of librpcsecgss i have to use "patch -Np0" instead of "patch -Np1" that the patch works. Could this be a type error or have i overseen something?
Offline
@cipparello Fantastic Job. This is the first time that nfs-utils with nfs4 support compiles for me and so again: Fantastic Job.
The only little thing what i recognized is that in the PKGBUILD of librpcsecgss i have to use "patch -Np0" instead of "patch -Np1" that the patch works. Could this be a type error or have i overseen something?
Hi attila, sorry for the delay... I just adopted the nfs4-utils and librpcsecgss packages and uploaded them in AUR. About the patch it is right to apply it as 'patch -Np1', try to build the package from the sources I already uploaded and let me know if you have any problem.
bye
Last edited by cipparello (2009-01-11 20:55:58)
Offline
@cipparello Strange that "'patch -Np1" works for you in the librpcsecgss PKGBUILD because this be my results:
# makepkg with "patch -Np1 -i ../librpcsecgss-0.18-heimdal.patch || return 1"
==> Beginne build()...
can't find file to patch at input line 4
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|diff -NaurwB librpcsecgss-0.18.orig/configure.in librpcsecgss-0.18/configure.in
|--- librpcsecgss-0.18.orig/configure.in 2008-04-09 00:05:40.000000000 +0200
|+++ librpcsecgss-0.18/configure.in 2008-06-12 19:05:51.000000000 +0200
--------------------------
# makepkg with "patch -Np0 -i ../librpcsecgss-0.18-heimdal.patch || return 1"
==> Beginne build()...
patching file librpcsecgss-0.18/configure.in
patching file librpcsecgss-0.18/librpcsecgss.pc.in
On my server i run opensuse which use krb5 instead of heimdal and there i have no success to mount my server nfs4 share. With archlinux i even get this:
# mount -t nfs4 -o rw,sync,proto=tcp,rsize=32768,wsize=32768,hard,intr server:/ /mnt/nfs4
mount.nfs4: mount(2): Cannot allocate memory
mount.nfs4: Cannot allocate memory
I test my nfs server configuration with a opensuse client installation in a vm and with this i can mount the nfs4 share. Not nice but still again i am thankfull for your fine work because now i know that staying with cifs is the only working solution for my enviroment at home.
Offline
About the patch strip parameter it's strange Attila; this is a partial extract of my result (built on x64_86 and i686) applying the patch as written on PKGBUILD:
patching file configure.in
patching file librpcsecgss.pc.in
libtoolize: putting auxiliary files in `.'.
libtoolize: copying file `./ltmain.sh'
libtoolize: Consider adding `AC_CONFIG_MACRO_DIR([m4])' to configure.in and
libtoolize: rerunning libtoolize, to keep the correct libtool macros in-tree.
libtoolize: Consider adding `-I m4' to ACLOCAL_AMFLAGS in Makefile.am.
libtoolize: `AC_PROG_RANLIB' is rendered obsolete by `LT_INIT'
configure.in:8: installing `./config.guess'
configure.in:8: installing `./config.sub'
About your problem to mount on client the exported fs, may you post the /ect/exportfs on the server and the /etc/conf.d/nfs-common.conf on client side?
The error that you receive ('Cannot allocate memory') usually is related to kerberos and problem to mount exported fs with sec=krb5; have you tried to export an nfs resource with the classical address/netmask?
Offline
About the patch strip parameter it's strange Attila; this is a partial extract of my result (built on x64_86 and i686) applying the patch as written on PKGBUILD:
I believe you and i think we should enjoy that it works, not even in the same way but it works. Okay to my server:
/etc/fstab:
/share/public /NFS4exports/public none bind 0 0
/share/work /NFS4exports/work none bind 0 0
/usr/share/doc /NFS4exports/doc none bind 0 0
mount -a -t none && start portmap && start nfssserver
Info: I'm running bind on my server and all clients use it. I create the user nfsnobody (ID=5001) and the group nfsnogroup (ID=5001) because i want to have the same ID's everywhere for this (I don't know why archlinux use ID=99 for nobody because this is other than every example what i have seen about nobody user and group).
/etc/exports:
/NFS4exports *.mydomain(rw,insecure,sync,wdelay,no_subtree_check,no_root_squash,anonuid=5001,anongid=5001,fsid=0)
/NFS4exports/doc *.mydomain(ro,insecure,sync,wdelay,no_subtree_check,no_root_squash,anonuid=5001,anongid=5001,nohide)
/NFS4exports/public *.mydomain(rw,insecure,sync,wdelay,no_subtree_check,no_root_squash,anonuid=5001,anongid=5001,nohide)
/NFS4exports/work *.mydomain(rw,insecure,sync,wdelay,no_subtree_check,no_root_squash,anonuid=5001,anongid=5001,nohide)
In the nfs-common.conf i start with no change and from step to step i put a "yes" for NEED_STATD, NEED_IDMAPD and NEED_GSSD; no other changes. In the idmapd.conf i change Domain (mydomain), Nobody-User (nfsnobody) and Nobody-Group (nfsnogroup) on the server and the client.
I google also for my error output and see this hints about "sec=" too. I play around with them (none,sys,krb5,kbr5p) but nothing works. Some says that a missing "fsid=0" could produce this error too but last not least: I do the same in my vm with a running opensuse as nfs client and there i can mount the server volume without an error. For me personally this was the stop sign because still again i suspect that mixing heimdal and krb5-mit is not a good idea for using nfs4 and the reason for the problem.
Offline
Yes... as long as it patch the code for you and for me it's ok (anyway i'd like to understand why for you doesn't work... :-)
About your mount problem, it's not due to fsid. Since you don't use (at this point) the kerberos facility and use the nfs4 have you tried to start the nfs-common with
NEED_STATD="no"
NEED_IDMAPD="yes"
NEED_GSSD="no"
and before started the portmap daemon of course?
Offline
@cipparello Sorry i forgot to say that i even start portmap before nfs-common and than try to mount the share.
Thanks for the hints about nfs-common.conf but i got the same result as before. I post you at the end the result of rpcinfo about my server.
Still again i suspect that heimdal don't likes a krb5 server because i was not lazy during the time and install a minimal debian 4.0 which use libkrb5-17-heimdal (0.7.2.dfsg.1-10) and libkrb53 (1.4.4-7etch6). With this i can mount the share without an error ... sorry.
And still again thanks for your work because i think it is time that archlinux supports nfs4 out of the box. Perhaps it would be a better idea to go the same way as opensuse or debian and use krb5-mit instead of heimdal but there i don't know what is better or what was the reason to prefer heimdal.
# rpcinfo -p server
Program Vers Proto Port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100005 1 udp 21593 mountd
100005 1 tcp 6484 mountd
100005 2 udp 21593 mountd
100005 2 tcp 6484 mountd
100005 3 udp 21593 mountd
100005 3 tcp 6484 mountd
100024 1 udp 19427 status
100024 1 tcp 21153 status
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100021 1 udp 18097 nlockmgr
100021 3 udp 18097 nlockmgr
100021 4 udp 18097 nlockmgr
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100021 1 tcp 19144 nlockmgr
100021 3 tcp 19144 nlockmgr
100021 4 tcp 19144 nlockmgr
Offline
Attila, if I'm not wrong, your configuration is: NFS SERVER opensuse and NFS CLIENT archlinux with the package nfs4-utils, right? My configuration is archlinux on both side but I've tried before with a debian 4.0 (updated at the latest stable package version) as server and arch as client and no problem at all (at least without the sec=krb5 and not loading the gssd daemons on both side):
Debian NFS SERVER:
nfs-common: NEED_IDMAP=yes and NEED_GSSD=no
nfs-kernel-server: NEED_SVCGSSD=no
/etc/exports:
/mnt/nfs4exports <my network>(rw,fsid=0,insecure,no_subtree_check,no_root_squash,anonuid=65534,anongid=65534,async)
/mnt/nfs4exports/subdir <my network>(rw,nohide,insecure,no_subtree_check,no_root_squash,anonuid=65534,anongid=65534,async)
# rpcinfo -p
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 1024 status
100024 1 tcp 1622 status
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100021 1 udp 1026 nlockmgr
100021 3 udp 1026 nlockmgr
100021 4 udp 1026 nlockmgr
100021 1 tcp 4656 nlockmgr
100021 3 tcp 4656 nlockmgr
100021 4 tcp 4656 nlockmgr
100005 1 udp 856 mountd
100005 1 tcp 859 mountd
100005 2 udp 856 mountd
100005 2 tcp 859 mountd
100005 3 udp 856 mountd
100005 3 tcp 859 mountd
Archlinux CLIENT: NEED_STATD="no" NEED_IDMAPD="yes" NEED_GSSD="no"
# mount -t nfs4 <debian server>:/ /mnt/test/ -o rw,hard,intr,proto=tcp,rsize=32768,wsize=32768,timeo=14
The configuration with archlinux on both side is quite the same with few differences not important in this situation.
Offline
Cipparello, you be right with that i run opensuse on the server and archlinux (and opensuse and debian in vm's) as client for this tests.
Opensuse has another way to define parameters in the start scripts so i have to search where i can deactivate GGSD on the server. I will try your suggestions later or tomorrow and post the result.
One thing seems now to be clear for me. If a debian server, which use krb5-mit too, works for you than the reason must be anywhere inside of the configurations on my opensuse server. This is a good result because for a little moment i think about replacing heimdal on my archlinux and now i'm happy that this work is not necessary.:)
EDIT 2009-01-15: I must correct myself because still again it is something in archlinux that i can't do it. It is not only my opensuse server which i can't mount, i set up the same configuration as you in my vm with the debian server and can't mount it too. At the moment i don't know what i can change more and so i make a break with this. The result at the moment is for me that there must a be a mistake of mine ... but where?
Last edited by attila (2009-01-15 21:20:09)
Offline