initial

.gitlab-ci.yml

+build:bullseye:
+  image: debian:bullseye
+  script:
+    - ./make.sh
+  artifacts:
+    paths:
+      - build/*

make.sh

+#!/bin/bash
+
+set -x
+
+# Nastaveni promennych, pokud je SINVERSION zakomentovana, pokusime se odhadnout nejnovejsi
+export DEBIAN_FRONTEND=noninteractive
+
+# Nacteni promennych o bezicim systemu vcetne verzi
+. /etc/os-release
+
+# Od Debian 11 Bullseye ma debian-security trochu jinou cestu, abychom mohli pouzit heredoc, rozskocime si pres funkci
+function get_debian_security() {
+    if [ "${VERSION_ID}" -lt "11" ]; then echo "${VERSION_CODENAME}/updates"; else echo "${VERSION_CODENAME}-security"; fi
+}
+
+# Vygenerovani sources.list podle verze Debianu
+cat > /etc/apt/sources.list << EOSOURCES
+deb http://ftp.zcu.cz/pub/linux/debian ${VERSION_CODENAME} main contrib non-free
+deb http://ftp.zcu.cz/pub/linux/debian ${VERSION_CODENAME}-updates main contrib non-free
+deb http://ftp.zcu.cz/pub/linux/debian-security $(get_debian_security) main contrib non-free
+
+deb-src http://ftp.zcu.cz/pub/linux/debian ${VERSION_CODENAME} main contrib non-free
+deb-src http://ftp.zcu.cz/pub/linux/debian ${VERSION_CODENAME}-updates main contrib non-free
+deb-src http://ftp.zcu.cz/pub/linux/debian-security $(get_debian_security) main contrib non-free
+EOSOURCES
+
+# Instalace buildovacich veci a zavislosti
+apt update -qqq
+apt install -yqqq git devscripts build-essential
+
+
+apt source nfs-utils
+cd nfs-utils-1.3.4
+
+cp ../zs* debian/patches
+
+echo "zs1-local-realm-guess
+zs1-n-option-impl
+zs2-idmap-init
+zs3-keyctl-order
+zs4-nfs4mount-strtok
+zs5-multhr-hostcache
+zs6-krb-rc-param.patch
+zs7-svcgssdargs.patch" >> debian/patches/series
+
+dch --newversion "1.3.4-6+zs8" "Apply local patches"
+
+mk-build-deps --install --tool='apt-get -o Debug::pkgProblemResolver=yes --yes' debian/control
+
+# Build balicku
+dpkg-buildpackage -uc -us -b
+
+cd ..
+mkdir build
+mv *.deb build/

zs1-fnotify-race

+Index: nfs-utils-1.2.5/utils/gssd/gssd_main_loop.c
+===================================================================
+--- nfs-utils-1.2.5.orig/utils/gssd/gssd_main_loop.c	2011-09-24 13:55:15.000000000 +0200
++++ nfs-utils-1.2.5/utils/gssd/gssd_main_loop.c	2013-08-05 12:22:04.134188759 +0200
+@@ -229,7 +229,9 @@
+ 		} else if (ret == 0) {
+ 			/* timeout */
+ 		} else { /* ret > 0 */
++			sigprocmask(SIG_BLOCK, &set, NULL);
+ 			scan_poll_results(ret);
++			sigprocmask(SIG_UNBLOCK, &set, NULL);
+ 		}
+ 	}
+ 	topdirs_free_list();
+Index: nfs-utils-1.2.5/utils/idmapd/idmapd.c
+===================================================================
+--- nfs-utils-1.2.5.orig/utils/idmapd/idmapd.c	2013-08-05 12:29:36.625174503 +0200
++++ nfs-utils-1.2.5/utils/idmapd/idmapd.c	2013-08-05 12:29:54.433366222 +0200
+@@ -778,7 +778,6 @@
+ 	} else {
+ 		event_set(&ic->ic_event, ic->ic_fd, EV_READ, nfscb, ic);
+ 		event_add(&ic->ic_event, NULL);
+-		fcntl(ic->ic_dirfd, F_SETSIG, 0);
+ 		fcntl(ic->ic_dirfd, F_NOTIFY, 0);
+ 		if (verbose > 0)
+ 			xlog_warn("Opened %s", ic->ic_path);

zs1-local-realm-guess

+Index: nfs-utils-1.3.4/utils/gssd/krb5_util.c
+===================================================================
+--- nfs-utils-1.3.4.orig/utils/gssd/krb5_util.c
++++ nfs-utils-1.3.4/utils/gssd/krb5_util.c
+@@ -831,7 +831,7 @@ find_keytab_entry(krb5_context context,
+ 	 * single realm, but we code with the assumption that
+ 	 * someday it may actually return a list.
+ 	 */
+-	code = krb5_get_host_realm(context, targethostname, &realmnames);
++	code = krb5_get_host_realm(context, myhostname, &realmnames);
+ 	if (code) {
+ 		k5err = gssd_k5_err_msg(context, code);
+ 		printerr(0, "ERROR: %s while getting realm(s) for host '%s'\n",

zs1-n-option-impl

+Index: nfs-utils-1.3.4/utils/gssd/svcgssd.c
+===================================================================
+--- nfs-utils-1.3.4.orig/utils/gssd/svcgssd.c
++++ nfs-utils-1.3.4/utils/gssd/svcgssd.c
+@@ -108,7 +108,11 @@ main(int argc, char *argv[])
+ 				idmap_verbosity++;
+ 				break;
+ 			case 'n':
+-				get_creds = 0;
++				/*
++				* Creds are necessary for passing enctype limits,
++				* using krb5 library hack.
++				*/
++				setenv("KRB5_IGNORE_ACCEPTOR","1",1);
+ 				break;
+ 			case 'v':
+ 				verbosity++;

zs2-idmap-init

+Index: nfs-utils-1.3.4/debian/nfs-common.init
+===================================================================
+--- nfs-utils-1.3.4.orig/debian/nfs-common.init
++++ nfs-utils-1.3.4/debian/nfs-common.init
+@@ -156,6 +156,7 @@ case "$1" in
+ 	then
+ 	    do_modprobe sunrpc
+ 	    do_modprobe nfs
++	    do_modprobe nfsv4
+ 	    do_modprobe nfsd
+ 	    mkdir -p "$PIPEFS_MOUNTPOINT"
+ 	    if do_mount rpc_pipefs $PIPEFS_MOUNTPOINT

zs2-keyutils

+Index: nfs-utils-1.2.8/debian/control
+===================================================================
+--- nfs-utils-1.2.8.orig/debian/control
++++ nfs-utils-1.2.8/debian/control
+@@ -32,7 +32,7 @@ Homepage: http://nfs.sourceforge.net/
+ 
+ Package: nfs-common
+ Architecture: any
+-Depends: ${shlibs:Depends}, ${misc:Depends}, rpcbind, adduser, ucf, lsb-base (>= 1.3-9ubuntu3), initscripts (>= 2.88dsf-13.3), libtirpc1 (>= 0.2.4)
++Depends: ${shlibs:Depends}, ${misc:Depends}, rpcbind, adduser, ucf, lsb-base (>= 1.3-9ubuntu3), initscripts (>= 2.88dsf-13.3), libtirpc1 (>= 0.2.4), keyutils
+ Recommends: python
+ Suggests: open-iscsi, watchdog
+ Provides: nfs-client

zs3-keyctl-order

+Index: nfs-utils-1.3.4/utils/nfsidmap/nfsidmap.c
+===================================================================
+--- nfs-utils-1.3.4.orig/utils/nfsidmap/nfsidmap.c
++++ nfs-utils-1.3.4/utils/nfsidmap/nfsidmap.c
+@@ -17,6 +17,7 @@
+ #include "conffile.h"
+ 
+ int verbose = 0;
++int timeout = 600;
+ char *usage = "Usage: %s [-vh] [-c || [-u|-g|-r key] || -d || -l || [-t timeout] key desc]";
+ 
+ #define MAX_ID_LEN   11
+@@ -209,6 +210,10 @@ static int id_lookup(char *name_at_domai
+ 		return EXIT_FAILURE;
+ 	}
+ 
++	/* Set timeout to 10 (600 seconds) minutes */
++	if (rc == EXIT_SUCCESS)
++		keyctl_set_timeout(key, timeout);
++
+ 	rc = EXIT_SUCCESS;
+ 	if (keyctl_instantiate(key, id, strlen(id) + 1, 0)) {
+ 		switch (errno) {
+@@ -266,6 +271,10 @@ static int name_lookup(char *id, key_ser
+ 		return EXIT_FAILURE;
+ 	}
+ 
++	/* Set timeout to 10 (600 seconds) minutes */
++	if (rc == EXIT_SUCCESS)
++		keyctl_set_timeout(key, timeout);
++
+ 	rc = EXIT_SUCCESS;
+ 	if (keyctl_instantiate(key, &name, strlen(name), 0)) {
+ 		rc = EXIT_FAILURE;
+@@ -356,7 +365,6 @@ int main(int argc, char **argv)
+ 	char *value;
+ 	char *type;
+ 	int rc = 1, opt;
+-	int timeout = 600;
+ 	key_serial_t key;
+ 	char *progname, *keystr = NULL;
+ 	int clearing = 0, keymask = 0, display = 0, list = 0;
+@@ -470,10 +478,6 @@ int main(int argc, char **argv)
+ 	else if (strcmp(type, "group") == 0)
+ 		rc = name_lookup(value, key, GROUP);
+ 
+-	/* Set timeout to 10 (600 seconds) minutes */
+-	if (rc == EXIT_SUCCESS)
+-		keyctl_set_timeout(key, timeout);
+-
+ 	free(arg);
+ 	return rc;
+ }

zs3-keyctl-order.older

+Index: nfs-utils-1.2.8/utils/nfsidmap/nfsidmap.c
+===================================================================
+--- nfs-utils-1.2.8.orig/utils/nfsidmap/nfsidmap.c
++++ nfs-utils-1.2.8/utils/nfsidmap/nfsidmap.c
+@@ -33,6 +33,8 @@ char *usage="Usage: %s [-v] [-c || [-u|-
+ 
+ static int keyring_clear(char *keyring);
+ 
++int timeout = 600;
++
+ #define UIDKEYS 0x1
+ #define GIDKEYS 0x2
+ 
+@@ -58,6 +60,9 @@ int id_lookup(char *name_at_domain, key_
+ 			(type == USER ? "nfs4_owner_to_uid" : "nfs4_group_owner_to_gid"));
+ 
+ 	if (rc == 0) {
++		/* Set timeout to 10 (600 seconds) minutes */
++		keyctl_set_timeout(key, timeout);
++
+ 		rc = keyctl_instantiate(key, id, strlen(id) + 1, 0);
+ 		if (rc < 0) {
+ 			switch(rc) {
+@@ -112,6 +117,9 @@ int name_lookup(char *id, key_serial_t k
+ 			(type == USER ? "nfs4_uid_to_name" : "nfs4_gid_to_name"));
+ 
+ 	if (rc == 0) {
++		/* Set timeout to 10 (600 seconds) minutes */
++		keyctl_set_timeout(key, timeout);
++
+ 		rc = keyctl_instantiate(key, &name, strlen(name), 0);
+ 		if (rc < 0)
+ 			xlog_err("name_lookup: keyctl_instantiate failed: %m");
+@@ -230,7 +238,6 @@ int main(int argc, char **argv)
+ 	char *value;
+ 	char *type;
+ 	int rc = 1, opt;
+-	int timeout = 600;
+ 	key_serial_t key;
+ 	char *progname, *keystr = NULL;
+ 	int clearing = 0, keymask = 0;
+@@ -323,10 +330,6 @@ int main(int argc, char **argv)
+ 	else if (strcmp(type, "group") == 0)
+ 		rc = name_lookup(value, key, GROUP);
+ 
+-	/* Set timeout to 10 (600 seconds) minutes */
+-	if (rc == 0)
+-		keyctl_set_timeout(key, timeout);
+-
+ 	free(arg);
+ 	return rc;
+ }

zs4-nfs4mount-strtok

+Index: nfs-utils-1.2.8/utils/mount/nfs4mount.c
+===================================================================
+--- nfs-utils-1.2.8.orig/utils/mount/nfs4mount.c
++++ nfs-utils-1.2.8/utils/mount/nfs4mount.c
+@@ -87,8 +87,9 @@ char *GSSDLCK = DEFAULT_DIR "/rpcgssd";
+ static int parse_sec(char *sec, int *pseudoflavour)
+ {
+ 	int i, num_flavour = 0;
++	char *lasts;
+ 
+-	for (sec = strtok(sec, ":"); sec; sec = strtok(NULL, ":")) {
++	for (sec = strtok_r(sec, ":", &lasts); sec; sec = strtok_r(NULL, ":",&lasts)) {
+ 		if (num_flavour >= MAX_USER_FLAVOUR) {
+ 			nfs_error(_("%s: maximum number of security flavors "
+ 				  "exceeded"), progname);

zs5-multhr-hostcache

+Index: nfs-utils-1.3.4/utils/gssd/gssd_proc.c
+===================================================================
+--- nfs-utils-1.3.4.orig/utils/gssd/gssd_proc.c
++++ nfs-utils-1.3.4/utils/gssd/gssd_proc.c
+@@ -84,6 +84,7 @@
+ int num_krb5_enctypes = 0;
+ krb5_enctype *krb5_enctypes = NULL;
+ 
++static pthread_rwlock_t machine_credential_rwlock = PTHREAD_RWLOCK_INITIALIZER;
+ /*
+  * Parse the supported encryption type information
+  */
+@@ -533,6 +534,7 @@ krb5_use_machine_creds(struct clnt_info
+ 		uid, tgtname);
+ 
+ 	do {
++		pthread_rwlock_wrlock(&machine_credential_rwlock);
+ 		gssd_refresh_krb5_machine_credential(clp->servername, NULL,
+ 						service);
+ 	/*
+@@ -545,6 +547,8 @@ krb5_use_machine_creds(struct clnt_info
+ 				clp->servername);
+ 			goto out;
+ 		}
++		pthread_rwlock_unlock(&machine_credential_rwlock);
++		pthread_rwlock_rdlock(&machine_credential_rwlock);
+ 		for (ccname = credlist; ccname && *ccname; ccname++) {
+ 			u_int min_stat;
+ 
+@@ -583,9 +587,12 @@ krb5_use_machine_creds(struct clnt_info
+ 				goto out;
+ 			}
+ 		}
++		pthread_rwlock_unlock(&machine_credential_rwlock);
+ 	} while(!success);
++	return auth;
+ 
+ out:
++	pthread_rwlock_unlock(&machine_credential_rwlock);
+ 	return auth;
+ }
+ 

zs5-thrsafe-strtok.patch

+Index: nfs-utils-1.3.4/utils/gssd/gssd_proc.c
+===================================================================
+--- nfs-utils-1.3.4.orig/utils/gssd/gssd_proc.c
++++ nfs-utils-1.3.4/utils/gssd/gssd_proc.c
+@@ -736,10 +736,18 @@ handle_gssd_upcall(struct clnt_upcall_in
+ 	char			*target = NULL;
+ 	char			*service = NULL;
+ 	char			*enctypes = NULL;
++	char			*upcall_str;
++	char			*pbuf = info->lbuf;
+ 
+ 	printerr(2, "\n%s: '%s' (%s)\n", __func__, info->lbuf, clp->relpath);
+ 
+-	for (p = strtok(info->lbuf, " "); p; p = strtok(NULL, " ")) {
++	upcall_str = strdup(info->lbuf);
++	if (upcall_str == NULL) {
++		printerr(0, "ERROR: malloc failure\n");
++		goto out_nomem;
++	}
++
++	while ((p = strsep(&pbuf, " "))) {
+ 		if (!strncmp(p, "mech=", strlen("mech=")))
+ 			mech = p + strlen("mech=");
+ 		else if (!strncmp(p, "uid=", strlen("uid=")))
+@@ -755,7 +763,7 @@ handle_gssd_upcall(struct clnt_upcall_in
+ 	if (!mech || strlen(mech) < 1) {
+ 		printerr(0, "WARNING: handle_gssd_upcall: "
+ 			    "failed to find gss mechanism name "
+-			    "in upcall string '%s'\n", info->lbuf);
++			    "in upcall string '%s'\n", upcall_str);
+ 		goto out;
+ 	}
+ 
+@@ -768,7 +776,7 @@ handle_gssd_upcall(struct clnt_upcall_in
+ 	if (!uidstr) {
+ 		printerr(0, "WARNING: handle_gssd_upcall: "
+ 			    "failed to find uid "
+-			    "in upcall string '%s'\n", info->lbuf);
++			    "in upcall string '%s'\n", upcall_str);
+ 		goto out;
+ 	}
+ 
+@@ -781,7 +789,7 @@ handle_gssd_upcall(struct clnt_upcall_in
+ 	if (target && strlen(target) < 1) {
+ 		printerr(0, "WARNING: handle_gssd_upcall: "
+ 			 "failed to parse target name "
+-			 "in upcall string '%s'\n", info->lbuf);
++			 "in upcall string '%s'\n", upcall_str);
+ 		goto out;
+ 	}
+ 
+@@ -796,7 +804,7 @@ handle_gssd_upcall(struct clnt_upcall_in
+ 	if (service && strlen(service) < 1) {
+ 		printerr(0, "WARNING: handle_gssd_upcall: "
+ 			 "failed to parse service type "
+-			 "in upcall string '%s'\n", info->lbuf);
++			 "in upcall string '%s'\n", upcall_str);
+ 		goto out;
+ 	}
+ 
+@@ -809,6 +817,8 @@ handle_gssd_upcall(struct clnt_upcall_in
+ 		do_error_downcall(clp->gssd_fd, uid, -EACCES);
+ 	}
+ out:
++	free(upcall_str);
++out_nomem:
+ 	free(info);
+ 	return;
+ }

zs6-krb-rc-param.patch

+Index: nfs-utils-1.3.4/debian/nfs-utils_env.sh
+===================================================================
+--- nfs-utils-1.3.4.orig/debian/nfs-utils_env.sh
++++ nfs-utils-1.3.4/debian/nfs-utils_env.sh
+@@ -15,6 +15,7 @@ echo STATDARGS=\"$STATDOPTS\"
+ echo RPCSVCGSSDARGS=\"$RPCSVCGSSDOPTS\"
+ echo RPCIDMAPDARGS=\"$RPCIDMAPDARGS\"
+ echo RPCGSSDARGS=\"$RPCGSSDARGS\"
++echo KRB5RCACHEDIR=\"$KRB5RCACHEDIR\"
+ } > /run/sysconfig/nfs-utils
+ 
+ # the following are supported by the systemd units, but not exposed in default files

zs7-svcgssdargs.patch

+Index: nfs-utils-1.3.4/debian/nfs-utils_env.sh
+===================================================================
+--- nfs-utils-1.3.4.orig/debian/nfs-utils_env.sh
++++ nfs-utils-1.3.4/debian/nfs-utils_env.sh
+@@ -13,12 +13,14 @@ echo RPCNFSDARGS=\"$RPCNFSDOPTS ${RPCNFS
+ echo RPCMOUNTDARGS=\"$RPCMOUNTDOPTS\"
+ echo STATDARGS=\"$STATDOPTS\"
+ echo RPCSVCGSSDARGS=\"$RPCSVCGSSDOPTS\"
++echo SVCGSSDARGS=\"$RPCSVCGSSDOPTS\"
+ echo RPCIDMAPDARGS=\"$RPCIDMAPDARGS\"
+ echo RPCGSSDARGS=\"$RPCGSSDARGS\"
++echo GSSDARGS=\"$RPCGSSDARGS\"
+ echo KRB5RCACHEDIR=\"$KRB5RCACHEDIR\"
++echo SMNOTIFYARGS=\"$SMNOTIFYARGS\"
++echo BLKMAPDARGS=\"$BLKMAPDARGS\"
+ } > /run/sysconfig/nfs-utils
+ 
+ # the following are supported by the systemd units, but not exposed in default files
+-# echo SMNOTIFYARGS=\"$SMNOTIFYARGS\"
+-# echo BLKMAPDARGS=\"$BLKMAPDARGS\"
+ # echo GSS_USE_PROXY=\"$GSS_USE_PROXY\"