Initial commit

.gitlab-ci.yml

+build:bookworm:
+  image: debian:bookworm
+  script:
+    - ./make.sh
+  artifacts:
+    paths:
+      - build/*

make.sh

+#!/bin/bash
+
+set -x
+
+# Nastaveni promennych, pokud je SINVERSION zakomentovana, pokusime se odhadnout nejnovejsi
+export DEBIAN_FRONTEND=noninteractive
+
+# Nacteni promennych o bezicim systemu vcetne verzi
+. /etc/os-release
+
+# Od Debian 11 Bullseye ma debian-security trochu jinou cestu, abychom mohli pouzit heredoc, rozskocime si pres funkci
+function get_debian_security() {
+    if [ "${VERSION_ID}" -lt "11" ]; then echo "${VERSION_CODENAME}/updates"; else echo "${VERSION_CODENAME}-security"; fi
+}
+
+# Vygenerovani sources.list podle verze Debianu
+cat > /etc/apt/sources.list << EOSOURCES
+deb http://ftp.zcu.cz/pub/linux/debian ${VERSION_CODENAME} main contrib non-free
+deb http://ftp.zcu.cz/pub/linux/debian ${VERSION_CODENAME}-updates main contrib non-free
+deb http://ftp.zcu.cz/pub/linux/debian-security $(get_debian_security) main contrib non-free
+
+deb-src http://ftp.zcu.cz/pub/linux/debian ${VERSION_CODENAME} main contrib non-free
+deb-src http://ftp.zcu.cz/pub/linux/debian ${VERSION_CODENAME}-updates main contrib non-free
+deb-src http://ftp.zcu.cz/pub/linux/debian-security $(get_debian_security) main contrib non-free
+EOSOURCES
+
+# Instalace buildovacich veci a zavislosti
+apt update -qqq
+apt install -yqqq git devscripts build-essential
+
+
+apt source nfs-utils
+cd nfs-utils-2.6.2
+
+cp ../zs* debian/patches
+
+echo "zs1-local-realm-guess
+zs1-n-option-impl
+zs2-idmap-init
+zs3-keyctl-order
+zs4-nfs4mount-strtok
+zs5-multhr-hostcache
+zs9-idmap-verbosity.patch" >> debian/patches/series
+
+dch --newversion "1:2.6.2-4+zs9" "Apply local patches"
+
+mk-build-deps --install --tool='apt-get -o Debug::pkgProblemResolver=yes --yes' debian/control
+
+# Build balicku
+dpkg-buildpackage -uc -us -b
+
+cd ..
+mkdir build
+mv *.deb build/

zs1-local-realm-guess

+Index: nfs-utils-2.6.2/utils/gssd/krb5_util.c
+===================================================================
+--- nfs-utils-2.6.2.orig/utils/gssd/krb5_util.c
++++ nfs-utils-2.6.2/utils/gssd/krb5_util.c
+@@ -924,7 +924,7 @@
+ 	 * single realm, but we code with the assumption that
+ 	 * someday it may actually return a list.
+ 	 */
+-	code = krb5_get_host_realm(context, targethostname, &realmnames);
++	code = krb5_get_host_realm(context, myhostname, &realmnames);
+ 	if (code) {
+ 		k5err = gssd_k5_err_msg(context, code);
+ 		printerr(0, "ERROR: %s while getting realm(s) for host '%s'\n",

zs1-n-option-impl

+Index: nfs-utils-2.6.2/utils/gssd/svcgssd.c
+===================================================================
+--- nfs-utils-2.6.2.orig/utils/gssd/svcgssd.c
++++ nfs-utils-2.6.2/utils/gssd/svcgssd.c
+@@ -221,6 +221,11 @@
+ 				break;
+ 			case 'n':
+ 				get_creds = 0;
++				/*
++				* Creds are necessary for passing enctype limits,
++				* using krb5 library hack.
++				*/
++				setenv("KRB5_IGNORE_ACCEPTOR","1",1);
+ 				break;
+ 			case 'v':
+ 				verbosity++;

zs2-idmap-init

+Index: nfs-utils-2.6.2//debian/nfs-common.init
+===================================================================
+--- nfs-utils-2.6.2/.orig/debian/nfs-common.init
++++ nfs-utils-2.6.2//debian/nfs-common.init
+@@ -156,6 +156,7 @@
+ 	then
+ 	    do_modprobe sunrpc
+ 	    do_modprobe nfs
++		do_modprobe nfsv4
+ 	    do_modprobe nfsd
+ 	    mkdir -p "$PIPEFS_MOUNTPOINT"
+ 	    if do_mount rpc_pipefs $PIPEFS_MOUNTPOINT

zs3-keyctl-order

+Index: nfs-utils-2.6.2/utils/nfsidmap/nfsidmap.c
+===================================================================
+--- nfs-utils-2.6.2.orig/utils/nfsidmap/nfsidmap.c
++++ nfs-utils-2.6.2/utils/nfsidmap/nfsidmap.c
+@@ -18,6 +18,7 @@
+ #include "xcommon.h"
+ 
+ int verbose = 0;
++int timeout = 600;
+ #define USAGE "Usage: %s [-vh] [-c || [-u|-g|-r key] || -d || -l || [-t timeout] key desc]"
+ 
+ #define MAX_ID_LEN   11
+@@ -211,6 +212,10 @@
+ 		return EXIT_FAILURE;
+ 	}
+ 
++	/* Set timeout to 10 (600 seconds) minutes */
++	if (rc == EXIT_SUCCESS)
++		keyctl_set_timeout(key, timeout);
++
+ 	rc = EXIT_SUCCESS;
+ 	if (keyctl_instantiate(key, id, strlen(id) + 1, 0)) {
+ 		switch (errno) {
+@@ -269,6 +274,10 @@
+ 		return EXIT_FAILURE;
+ 	}
+ 
++	/* Set timeout to 10 (600 seconds) minutes */
++	if (rc == EXIT_SUCCESS)
++		keyctl_set_timeout(key, timeout);
++
+ 	rc = EXIT_SUCCESS;
+ 	if (keyctl_instantiate(key, &name, strlen(name), 0)) {
+ 		rc = EXIT_FAILURE;
+@@ -359,7 +368,6 @@
+ 	char *value;
+ 	char *type;
+ 	int rc = 1, opt;
+-	int timeout = 600;
+ 	key_serial_t key;
+ 	char *progname, *keystr = NULL;
+ 	int clearing = 0, keymask = 0, display = 0, list = 0;
+@@ -469,10 +477,6 @@
+ 	else if (strcmp(type, "group") == 0)
+ 		rc = name_lookup(value, key, GROUP);
+ 
+-	/* Set timeout to 10 (600 seconds) minutes */
+-	if (rc == EXIT_SUCCESS)
+-		keyctl_set_timeout(key, timeout);
+-
+ 	free(arg);
+ 	return rc;
+ }

zs4-nfs4mount-strtok

+Index: nfs-utils-2.6.2/utils/mount/nfs4mount.c
+===================================================================
+--- nfs-utils-2.6.2.orig/utils/mount/nfs4mount.c
++++ nfs-utils-2.6.2/utils/mount/nfs4mount.c
+@@ -87,8 +87,9 @@
+ static int parse_sec(char *sec, int *pseudoflavour)
+ {
+ 	int i, num_flavour = 0;
++	char *lasts;
+ 
+-	for (sec = strtok(sec, ":"); sec; sec = strtok(NULL, ":")) {
++	for (sec = strtok_r(sec, ":", &lasts); sec; sec = strtok_r(NULL, ":",&lasts)) {
+ 		if (num_flavour >= MAX_USER_FLAVOUR) {
+ 			nfs_error(_("%s: maximum number of security flavors "
+ 				  "exceeded"), progname);

zs5-multhr-hostcache

+Index: nfs-utils-2.6.2/utils/gssd/gssd_proc.c
+===================================================================
+--- nfs-utils-2.6.2.orig/utils/gssd/gssd_proc.c
++++ nfs-utils-2.6.2/utils/gssd/gssd_proc.c
+@@ -99,6 +99,7 @@
+ 	CLIENT		**rpc_clnt;
+ };
+ 
++static pthread_rwlock_t machine_credential_rwlock = PTHREAD_RWLOCK_INITIALIZER;
+ /*
+  * Parse the supported encryption type information
+  */
+@@ -570,6 +571,7 @@
+ 		tid, uid, tgtname);
+ 
+ 	do {
++		pthread_rwlock_wrlock(&machine_credential_rwlock);
+ 		gssd_refresh_krb5_machine_credential(clp->servername,
+ 						     service, srchost);
+ 	/*
+@@ -582,6 +584,8 @@
+ 				clp->servername);
+ 			goto out;
+ 		}
++		pthread_rwlock_unlock(&machine_credential_rwlock);
++		pthread_rwlock_rdlock(&machine_credential_rwlock);
+ 		for (ccname = credlist; ccname && *ccname; ccname++) {
+ 			u_int min_stat;
+ 
+@@ -620,9 +624,12 @@
+ 				goto out;
+ 			}
+ 		}
++		pthread_rwlock_unlock(&machine_credential_rwlock);
+ 	} while(!success);
++	return auth;
+ 
+ out:
++	pthread_rwlock_unlock(&machine_credential_rwlock);
+ 	return auth;
+ }
+ 

zs9-idmap-verbosity.patch

+Index: nfs-utils-2.6.2/utils/nfsidmap/nfsidmap.c
+===================================================================
+--- nfs-utils-2.6.2.orig/utils/nfsidmap/nfsidmap.c
++++ nfs-utils-2.6.2/utils/nfsidmap/nfsidmap.c
+@@ -413,12 +413,15 @@
+ 		return EXIT_FAILURE;
+ 	}
+ 
++	if (!verbose)
++		verbose = conf_get_num("General", "Verbosity", 0);
++	if (verbose)
++		nfs4_set_debug(verbose, NULL);
++
+ 	if ((rc = nfs4_init_name_mapping(PATH_IDMAPDCONF)))  {
+ 		xlog_errno(rc, "Unable to create name to user id mappings.");
+ 		return EXIT_FAILURE;
+ 	}
+-	if (!verbose)
+-		verbose = conf_get_num("General", "Verbosity", 0);
+ 
+ 	if (display)
+ 		return display_default_domain();
+@@ -439,9 +442,6 @@
+ 		return EXIT_FAILURE;
+ 	}
+ 
+-	if (verbose)
+-		nfs4_set_debug(verbose, NULL);
+-
+ 	key = strtol(argv[optind++], NULL, 10);
+ 
+ 	arg = xstrdup(argv[optind]);