Bug#846950: Merge request for nfs-utils to fix bugs #846950, #849942, #849608
Control: unmerge 846950 Control: severity 846950 grave Hi Salvatore, On Sat, Mar 6, 2021 at 11:40 PM Salvatore Bonaccorso wrote: > > Can you check which ones the release team accepts I prepared a minimal merge request [1] for the typo in debian/nfs-utils_env.sh. Among the many issues addressed in Joachim's MR [2], that one is the hardest part to track down. My MR corrects only the typo and, being two lines, should be fixed in bullseye. The release team would not discuss the matter on IRC and asked for a bug. I therefore unmerged the bug that addressed the typo and, assuming your consent, raised the severity to 'grave'. The bug was at that level before an administrative downgrade. Thanks for looking into this! Kind regards Felix Lechner [1] https://salsa.debian.org/kernel-team/nfs-utils/-/merge_requests/6 [2] https://salsa.debian.org/kernel-team/nfs-utils/-/merge_requests/5
Bug#846950: Merge request for nfs-utils to fix bugs #846950, #849942, #849608
Hi Felix, On Sat, Mar 06, 2021 at 11:26:36PM -0800, Felix Lechner wrote: > Hi Salvatore, > > On Sat, Mar 6, 2021 at 2:15 AM Joachim Falk wrote: > > > > I have a merge request open on nfs-utils. > > I would like to second this request, please. I filed (or patched) some > of these bugs, but someone downgraded them from the RC level. They are > on my list of open items for bullseye: I plan to potentially upgrade > the severities again, after consulting with the release team. Your > input would be much appreciated. Thanks! > > Thank you, Joachim, for advancing these grave issues in a helpful way! Can you check which ones the release team accepts as potentially to be be fixed at this stage of the release, and then we really can aim to take those. nfs-utils is very in a bad shape in Debian, and the aim is now to quickly after the bullseye release try to catch up finally with upstream (once this is done the task is more easy, but the amount of divergence now made it impossible to fnish up https://salsa.debian.org/kernel-team/nfs-utils/-/merge_requests/3). And the more Debian specific changes we apply the harder it becomes. The latter really needs to be done, we have already too much breakage, but it is not possibe for bullseye. As it is maintainer under Debian kernel-team maintenance I really would like to see that happen. Salvatore
Bug#849608: Bug#846950: Merge request for nfs-utils to fix bugs #846950, #849942, #849608
Hi Salvatore, On Sat, Mar 6, 2021 at 2:15 AM Joachim Falk wrote: > > I have a merge request open on nfs-utils. I would like to second this request, please. I filed (or patched) some of these bugs, but someone downgraded them from the RC level. They are on my list of open items for bullseye: I plan to potentially upgrade the severities again, after consulting with the release team. Your input would be much appreciated. Thanks! Thank you, Joachim, for advancing these grave issues in a helpful way! Kind regards Felix Lechner
Bug#846950: Merge request for nfs-utils to fix bugs #846950, #849942, #849608
Hi Salvatore, I have a merge request (https://salsa.debian.org/kernel-team/nfs-utils/-/merge_requests/5) open on nfs-utils. This merge request was marked as WIP due to possible porting to nfs-utils 2.4.1. However, as bullseye froze softly, a switch to nfs-utils 2.4.1 seems unlikely. I CCed all the fixed bugs asking for feedback, unfortunately there was almost no response. However, the patched nfs-utils 1:1.3.4-5~RC5 has run on my machines for half a year now without any issues. Hence, would you consider applying the merge request as is to fix these bugs. Explanation and fixed issues are described below: * debian/nfs-utils_env.sh: Correctly propagate RPCGSSDOPTS from /etc/default/nfs-common to rpc-gssd.service. Even though RPCGSSDOPTS was not documented or explicitly exposed in /etc/default/nfs-common, it’s used by the init script and there are people that have been relying on this for a while. (Closes: #846950) * Replace hardcoded keytab check in rpc-gssd.service with NEED_GSSD and auto detection of kerberized NFS mounts in /etc/fstab. Auto detection logic is in the nfs-utils_need_gssd_check.sh script. (Closes: #849608) * Fix kerberized NFS service inside Linux containers when the container host loads the auth_rpcgss kernel module to enable kerberized NFS service for its containers. * Replace hardcoded keytab check in rpc-svcgssd.service with NEED_SVCGSSD and auto detection of kerberized NFS exports in /etc/exports. Auto detection logic is in the nfs-utils_need_svcgssd_check.sh script. (Closes: #849942) * Replace hardcoded keytab check in auth-rpcgss-module.service with NEED_GSSD and auto detection of kerberized NFS mounts in /etc/fstab as well as NEED_SVCGSSD and auto detection of kerberized NFS exports in /etc/exports. Auto detection logic is in the scripts nfs-utils_need_gssd_check.sh and nfs-utils_need_svcgssd_check.sh. (Closes: #849942, #849608) * Only start the rpc-svcgssd.service when the nfs-kernel-server.service is requested. The rpc.svcgssd daemon is not needed for an NFS client, even when using Kerberos security. Moreover, starting this daemon with its default configuration will fail when no nfs/@REALM principal is in the krb5.keytab. Furthermore, the nfs/@REALM principal is unneeded for an NFS client configuration. Thus, resulting in a degraded system state for NFS client configurations without nfs/@REALM principal in the krb5.keytab. With kind Regards, Joachim Falk OpenPGP_signature Description: OpenPGP digital signature
