Hi all, I hopefully fixed these bugs in my Debian bullseye package. Could you all test 1:1.3.4-5~RC5. This can be found for AMD64 under
deb http://www.jfalk.de homebrew-bullseye patched recompiled selfmade If you use another architecture, you have to compile from source. The source for the fixes can be found in the following git repository: git clone https://salsa.debian.org:jfalk-guest/nfs-utils.git -b jfalk Hopefully, we can convince the Debian kernel team to merge these changes into the nfs-utils Debian package in time for the Debian bullseye release. nfs-utils (1:1.3.4-5~RC5) UNRELEASED; urgency=medium [ Joachim Falk ] * debian/nfs-utils_env.sh: Correctly propagate RPCGSSDOPTS from /etc/default/nfs-common to rpc-gssd.service. Even though RPCGSSDOPTS was not documented or explicitly exposed in /etc/default/nfs-common, it’s used by the init script and there are people that have been relying on this for a while. (Closes: #846950) * Replace hardcoded keytab check in rpc-gssd.service with NEED_GSSD and auto detection of kerberized NFS mounts in /etc/fstab. Auto detection logic is in the nfs-utils_need_gssd_check.sh script. (Closes: #849608) * Fix kerberized NFS service inside Linux containers when the container host loads the auth_rpcgss kernel module to enable kerberized NFS service for its containers. * Replace hardcoded keytab check in rpc-svcgssd.service with NEED_SVCGSSD and auto detection of kerberized NFS exports in /etc/exports. Auto detection logic is in the nfs-utils_need_svcgssd_check.sh script. (Closes: #849942) * Replace hardcoded keytab check in auth-rpcgss-module.service with NEED_GSSD and auto detection of kerberized NFS mounts in /etc/fstab as well as NEED_SVCGSSD and auto detection of kerberized NFS exports in /etc/exports. Auto detection logic is in the scripts nfs-utils_need_gssd_check.sh and nfs-utils_need_svcgssd_check.sh. (Closes: #849942, #849608) * Only start the rpc-svcgssd.service when the nfs-kernel-server.service is requested. The rpc.svcgssd daemon is not needed for an NFS client, even when using Kerberos security. Moreover, starting this daemon with its default configuration will fail when no nfs/<host>@REALM principal is in the krb5.keytab. Furthermore, the nfs/<host>@REALM principal is unneeded for an NFS client configuration. Thus, resulting in a degraded system state for NFS client configurations without nfs/<host>@REALM principal in the krb5.keytab. -- Joachim Falk <joachim.f...@gmx.de> Fri, 04 Sep 2020 10:28:49 +0200 Best, Joachim
signature.asc
Description: OpenPGP digital signature