Skip to content
Snippets Groups Projects
Commit f9edb8a1 authored by Pavel Vondruska's avatar Pavel Vondruska
Browse files

Initial commit

parents
No related branches found
No related tags found
No related merge requests found
Pipeline #5086 passed
build:bookworm:
image: debian:bookworm
script:
- ./make.sh
artifacts:
paths:
- build/*
make.sh 0 → 100755
#!/bin/bash
set -x
# Nastaveni promennych, pokud je SINVERSION zakomentovana, pokusime se odhadnout nejnovejsi
export DEBIAN_FRONTEND=noninteractive
# Nacteni promennych o bezicim systemu vcetne verzi
. /etc/os-release
# Od Debian 11 Bullseye ma debian-security trochu jinou cestu, abychom mohli pouzit heredoc, rozskocime si pres funkci
function get_debian_security() {
if [ "${VERSION_ID}" -lt "11" ]; then echo "${VERSION_CODENAME}/updates"; else echo "${VERSION_CODENAME}-security"; fi
}
# Vygenerovani sources.list podle verze Debianu
cat > /etc/apt/sources.list << EOSOURCES
deb http://ftp.zcu.cz/pub/linux/debian ${VERSION_CODENAME} main contrib non-free
deb http://ftp.zcu.cz/pub/linux/debian ${VERSION_CODENAME}-updates main contrib non-free
deb http://ftp.zcu.cz/pub/linux/debian-security $(get_debian_security) main contrib non-free
deb-src http://ftp.zcu.cz/pub/linux/debian ${VERSION_CODENAME} main contrib non-free
deb-src http://ftp.zcu.cz/pub/linux/debian ${VERSION_CODENAME}-updates main contrib non-free
deb-src http://ftp.zcu.cz/pub/linux/debian-security $(get_debian_security) main contrib non-free
EOSOURCES
# Instalace buildovacich veci a zavislosti
apt update -qqq
apt install -yqqq git devscripts build-essential
apt source nfs-utils
cd nfs-utils-2.6.2
cp ../zs* debian/patches
echo "zs1-local-realm-guess
zs1-n-option-impl
zs2-idmap-init
zs3-keyctl-order
zs4-nfs4mount-strtok
zs5-multhr-hostcache
zs9-idmap-verbosity.patch" >> debian/patches/series
dch --newversion "1:2.6.2-4+zs9" "Apply local patches"
mk-build-deps --install --tool='apt-get -o Debug::pkgProblemResolver=yes --yes' debian/control
# Build balicku
dpkg-buildpackage -uc -us -b
cd ..
mkdir build
mv *.deb build/
Index: nfs-utils-2.6.2/utils/gssd/krb5_util.c
===================================================================
--- nfs-utils-2.6.2.orig/utils/gssd/krb5_util.c
+++ nfs-utils-2.6.2/utils/gssd/krb5_util.c
@@ -924,7 +924,7 @@
* single realm, but we code with the assumption that
* someday it may actually return a list.
*/
- code = krb5_get_host_realm(context, targethostname, &realmnames);
+ code = krb5_get_host_realm(context, myhostname, &realmnames);
if (code) {
k5err = gssd_k5_err_msg(context, code);
printerr(0, "ERROR: %s while getting realm(s) for host '%s'\n",
Index: nfs-utils-2.6.2/utils/gssd/svcgssd.c
===================================================================
--- nfs-utils-2.6.2.orig/utils/gssd/svcgssd.c
+++ nfs-utils-2.6.2/utils/gssd/svcgssd.c
@@ -221,6 +221,11 @@
break;
case 'n':
get_creds = 0;
+ /*
+ * Creds are necessary for passing enctype limits,
+ * using krb5 library hack.
+ */
+ setenv("KRB5_IGNORE_ACCEPTOR","1",1);
break;
case 'v':
verbosity++;
Index: nfs-utils-2.6.2//debian/nfs-common.init
===================================================================
--- nfs-utils-2.6.2/.orig/debian/nfs-common.init
+++ nfs-utils-2.6.2//debian/nfs-common.init
@@ -156,6 +156,7 @@
then
do_modprobe sunrpc
do_modprobe nfs
+ do_modprobe nfsv4
do_modprobe nfsd
mkdir -p "$PIPEFS_MOUNTPOINT"
if do_mount rpc_pipefs $PIPEFS_MOUNTPOINT
Index: nfs-utils-2.6.2/utils/nfsidmap/nfsidmap.c
===================================================================
--- nfs-utils-2.6.2.orig/utils/nfsidmap/nfsidmap.c
+++ nfs-utils-2.6.2/utils/nfsidmap/nfsidmap.c
@@ -18,6 +18,7 @@
#include "xcommon.h"
int verbose = 0;
+int timeout = 600;
#define USAGE "Usage: %s [-vh] [-c || [-u|-g|-r key] || -d || -l || [-t timeout] key desc]"
#define MAX_ID_LEN 11
@@ -211,6 +212,10 @@
return EXIT_FAILURE;
}
+ /* Set timeout to 10 (600 seconds) minutes */
+ if (rc == EXIT_SUCCESS)
+ keyctl_set_timeout(key, timeout);
+
rc = EXIT_SUCCESS;
if (keyctl_instantiate(key, id, strlen(id) + 1, 0)) {
switch (errno) {
@@ -269,6 +274,10 @@
return EXIT_FAILURE;
}
+ /* Set timeout to 10 (600 seconds) minutes */
+ if (rc == EXIT_SUCCESS)
+ keyctl_set_timeout(key, timeout);
+
rc = EXIT_SUCCESS;
if (keyctl_instantiate(key, &name, strlen(name), 0)) {
rc = EXIT_FAILURE;
@@ -359,7 +368,6 @@
char *value;
char *type;
int rc = 1, opt;
- int timeout = 600;
key_serial_t key;
char *progname, *keystr = NULL;
int clearing = 0, keymask = 0, display = 0, list = 0;
@@ -469,10 +477,6 @@
else if (strcmp(type, "group") == 0)
rc = name_lookup(value, key, GROUP);
- /* Set timeout to 10 (600 seconds) minutes */
- if (rc == EXIT_SUCCESS)
- keyctl_set_timeout(key, timeout);
-
free(arg);
return rc;
}
Index: nfs-utils-2.6.2/utils/mount/nfs4mount.c
===================================================================
--- nfs-utils-2.6.2.orig/utils/mount/nfs4mount.c
+++ nfs-utils-2.6.2/utils/mount/nfs4mount.c
@@ -87,8 +87,9 @@
static int parse_sec(char *sec, int *pseudoflavour)
{
int i, num_flavour = 0;
+ char *lasts;
- for (sec = strtok(sec, ":"); sec; sec = strtok(NULL, ":")) {
+ for (sec = strtok_r(sec, ":", &lasts); sec; sec = strtok_r(NULL, ":",&lasts)) {
if (num_flavour >= MAX_USER_FLAVOUR) {
nfs_error(_("%s: maximum number of security flavors "
"exceeded"), progname);
Index: nfs-utils-2.6.2/utils/gssd/gssd_proc.c
===================================================================
--- nfs-utils-2.6.2.orig/utils/gssd/gssd_proc.c
+++ nfs-utils-2.6.2/utils/gssd/gssd_proc.c
@@ -99,6 +99,7 @@
CLIENT **rpc_clnt;
};
+static pthread_rwlock_t machine_credential_rwlock = PTHREAD_RWLOCK_INITIALIZER;
/*
* Parse the supported encryption type information
*/
@@ -570,6 +571,7 @@
tid, uid, tgtname);
do {
+ pthread_rwlock_wrlock(&machine_credential_rwlock);
gssd_refresh_krb5_machine_credential(clp->servername,
service, srchost);
/*
@@ -582,6 +584,8 @@
clp->servername);
goto out;
}
+ pthread_rwlock_unlock(&machine_credential_rwlock);
+ pthread_rwlock_rdlock(&machine_credential_rwlock);
for (ccname = credlist; ccname && *ccname; ccname++) {
u_int min_stat;
@@ -620,9 +624,12 @@
goto out;
}
}
+ pthread_rwlock_unlock(&machine_credential_rwlock);
} while(!success);
+ return auth;
out:
+ pthread_rwlock_unlock(&machine_credential_rwlock);
return auth;
}
Index: nfs-utils-2.6.2/utils/nfsidmap/nfsidmap.c
===================================================================
--- nfs-utils-2.6.2.orig/utils/nfsidmap/nfsidmap.c
+++ nfs-utils-2.6.2/utils/nfsidmap/nfsidmap.c
@@ -413,12 +413,15 @@
return EXIT_FAILURE;
}
+ if (!verbose)
+ verbose = conf_get_num("General", "Verbosity", 0);
+ if (verbose)
+ nfs4_set_debug(verbose, NULL);
+
if ((rc = nfs4_init_name_mapping(PATH_IDMAPDCONF))) {
xlog_errno(rc, "Unable to create name to user id mappings.");
return EXIT_FAILURE;
}
- if (!verbose)
- verbose = conf_get_num("General", "Verbosity", 0);
if (display)
return display_default_domain();
@@ -439,9 +442,6 @@
return EXIT_FAILURE;
}
- if (verbose)
- nfs4_set_debug(verbose, NULL);
-
key = strtol(argv[optind++], NULL, 10);
arg = xstrdup(argv[optind]);
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment