Author: baggins Date: Tue Jun 30 14:39:53 2009 GMT Module: packages Tag: HEAD ---- Log message: - rel 2 - added heimdal support and bcond
---- Files affected: packages/nfs-utils: nfs-utils.spec (1.174 -> 1.175) , nfs-utils-heimdal_functions.patch (NONE -> 1.1) (NEW), nfs-utils-kerberos-ac.patch (NONE -> 1.1) (NEW), nfs-utils-no_libgssapi.patch (NONE -> 1.1) (NEW), nfs-utils-pkgconfig_ac.patch (NONE -> 1.1) (NEW) ---- Diffs: ================================================================ Index: packages/nfs-utils/nfs-utils.spec diff -u packages/nfs-utils/nfs-utils.spec:1.174 packages/nfs-utils/nfs-utils.spec:1.175 --- packages/nfs-utils/nfs-utils.spec:1.174 Tue Jun 2 23:00:25 2009 +++ packages/nfs-utils/nfs-utils.spec Tue Jun 30 16:39:47 2009 @@ -3,6 +3,9 @@ # - should unmount /proc/fs/nfsd and /var/lib/nfs/rpc_pipefs at package # uninstall (or in service nfs stop) # +# Conditional build: +%bcond_with heimdal # build with Heimdal Kerberos instead of MIT +# Summary: Kernel NFS server Summary(pl.UTF-8): Działający na poziomie jądra serwer NFS Summary(pt_BR.UTF-8): Os utilitários para o cliente e servidor NFS do Linux @@ -10,7 +13,7 @@ Summary(uk.UTF-8): Утиліти для NFS та демони підтримки для NFS-сервера ядра Name: nfs-utils Version: 1.2.0 -Release: 1 +Release: 2 License: GPL v2 Group: Networking/Daemons Source0: http://www.kernel.org/pub/linux/utils/nfs/%{name}-%{version}.tar.bz2 @@ -32,14 +35,22 @@ Patch2: %{name}-keytab-path.patch Patch3: %{name}-subsys.patch Patch4: %{name}-union-mount.patch +Patch5: %{name}-kerberos-ac.patch +Patch6: %{name}-no_libgssapi.patch +Patch7: %{name}-pkgconfig_ac.patch +Patch8: %{name}-heimdal_functions.patch URL: http://nfs.sourceforge.net/ BuildRequires: autoconf >= 2.59 BuildRequires: automake BuildRequires: cpp +%if %{with heimdal} +BuildRequires: heimdal-devel >= 1.0 +%else BuildRequires: krb5-devel >= 1.6 +BuildRequires: libgssglue-devel >= 0.1 +%endif BuildRequires: libblkid-devel BuildRequires: libevent-devel >= 1.2 -BuildRequires: libgssglue-devel >= 0.1 BuildRequires: libnfsidmap-devel >= 0.21-3 BuildRequires: librpcsecgss-devel >= 0.16 BuildRequires: libtirpc-devel >= 1:0.1.10-4 @@ -155,9 +166,15 @@ %setup -q -a1 %patch0 -p1 %patch1 -p1 -%patch2 -p1 +%{!?with_heimdal:%patch2 -p1} %patch3 -p1 %patch4 -p1 +%if %{with heimdal} +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p0 +%endif # conflict with GNU stdio extension sed -i -e 's/dprintf/dbgprintf/' support/include/ha-callout.h utils/statd/*.[ch] @@ -179,7 +196,11 @@ --with-statduser=rpcstatd \ --with-start-statd=%{_sbindir}/start-statd \ --with-tcp-wrappers \ +%if %{with heimdal} + --with-krb5-config=%{_bindir}/krb5-config +%else --with-krb5=%{_prefix} +%endif %{__make} all @@ -389,6 +410,10 @@ All persons listed below can be reached at <cvs_login>@pld-linux.org $Log$ +Revision 1.175 2009/06/30 14:39:47 baggins +- rel 2 +- added heimdal support and bcond + Revision 1.174 2009/06/02 21:00:25 baggins - rel 1 - removed obsolete patch (merged upstream) ================================================================ Index: packages/nfs-utils/nfs-utils-heimdal_functions.patch diff -u /dev/null packages/nfs-utils/nfs-utils-heimdal_functions.patch:1.1 --- /dev/null Tue Jun 30 16:39:53 2009 +++ packages/nfs-utils/nfs-utils-heimdal_functions.patch Tue Jun 30 16:39:47 2009 @@ -0,0 +1,59 @@ +--- utils/gssd/krb5_util.c 2008-10-17 14:20:09.000000000 +0000 ++++ utils/gssd/krb5_util.c 2008-11-22 13:52:42.000000000 +0000 +@@ -927,9 +927,37 @@ + { + krb5_error_code ret; + krb5_creds creds; +- krb5_cc_cursor cur; + int found = 0; + ++#ifdef HAVE_HEIMDAL ++ krb5_creds pattern; ++ krb5_realm *client_realm; ++ ++ krb5_cc_clear_mcred(&pattern); ++ ++ client_realm = krb5_princ_realm (context, principal); ++ ++ ret = krb5_make_principal (context, &pattern.server, ++ *client_realm, KRB5_TGS_NAME, *client_realm, ++ NULL); ++ if (ret) ++ krb5_err (context, 1, ret, "krb5_make_principal"); ++ pattern.client = principal; ++ ++ ret = krb5_cc_retrieve_cred (context, ccache, 0, &pattern, &creds); ++ krb5_free_principal (context, pattern.server); ++ if (ret) { ++ if (ret == KRB5_CC_END) ++ return 1; ++ krb5_err (context, 1, ret, "krb5_cc_retrieve_cred"); ++ } ++ ++ found = creds.times.endtime > time(NULL); ++ ++ krb5_free_cred_contents (context, &creds); ++#else ++ krb5_cc_cursor cur; ++ + ret = krb5_cc_start_seq_get(context, ccache, &cur); + if (ret) + return 0; +@@ -949,6 +977,7 @@ + krb5_free_cred_contents(context, &creds); + } + krb5_cc_end_seq_get(context, ccache, &cur); ++#endif + + return found; + } +@@ -995,6 +1024,9 @@ + } + krb5_free_principal(context, principal); + err_princ: ++#ifdef HAVE_HEIMDAL ++#define KRB5_TC_OPENCLOSE 0x00000001 ++#endif + krb5_cc_set_flags(context, ccache, KRB5_TC_OPENCLOSE); + krb5_cc_close(context, ccache); + err_cache: ================================================================ Index: packages/nfs-utils/nfs-utils-kerberos-ac.patch diff -u /dev/null packages/nfs-utils/nfs-utils-kerberos-ac.patch:1.1 --- /dev/null Tue Jun 30 16:39:53 2009 +++ packages/nfs-utils/nfs-utils-kerberos-ac.patch Tue Jun 30 16:39:47 2009 @@ -0,0 +1,138 @@ +diff -NaurwB nfs-utils-1.1.2.orig/aclocal/kerberos5.m4 nfs-utils-1.1.2/aclocal/kerberos5.m4 +--- nfs-utils-1.1.2.orig/aclocal/kerberos5.m4 2008-03-14 16:46:29.000000000 +0100 ++++ nfs-utils-1.1.2/aclocal/kerberos5.m4 2008-06-12 17:13:51.000000000 +0200 +@@ -1,112 +1,48 @@ +-dnl Checks for Kerberos +-dnl NOTE: while we intend to do generic gss-api, currently we +-dnl have a requirement to get an initial Kerberos machine +-dnl credential. Thus, the requirement for Kerberos. +-dnl The Kerberos gssapi library will be dynamically loaded? + AC_DEFUN([AC_KERBEROS_V5],[ ++ K5CONFIG="krb5-config" + AC_MSG_CHECKING(for Kerberos v5) +- AC_ARG_WITH(krb5, +- [AC_HELP_STRING([--with-krb5=DIR], [use Kerberos v5 installation in DIR])], ++ AC_ARG_WITH(krb5-config, ++ [AC_HELP_STRING([--with-krb5-config=PATH], [Full Path to krb5-config.])], + [ case "$withval" in + yes|no) +- krb5_with="" ++ K5CONFIG="krb5-config" + ;; + *) +- krb5_with="$withval" ++ K5CONFIG="$withval" + ;; + esac ] + ) + +- for dir in $krb5_with /usr /usr/kerberos /usr/local /usr/local/krb5 \ +- /usr/krb5 /usr/heimdal /usr/local/heimdal /usr/athena ; do +- dnl This ugly hack brought on by the split installation of +- dnl MIT Kerberos on Fedora Core 1 +- K5CONFIG="" +- if test -f $dir/bin/krb5-config; then +- K5CONFIG=$dir/bin/krb5-config +- elif test -f "/usr/kerberos/bin/krb5-config"; then +- K5CONFIG="/usr/kerberos/bin/krb5-config" +- elif test -f "/usr/lib/mit/bin/krb5-config"; then +- K5CONFIG="/usr/lib/mit/bin/krb5-config" +- fi + if test "$K5CONFIG" != ""; then + KRBCFLAGS=`$K5CONFIG --cflags` + KRBLIBS=`$K5CONFIG --libs gssapi` +- K5VERS=`$K5CONFIG --version | head -n 1 | awk '{split($(4),v,"."); if (v@<:@"3"@:>@ == "") v@<:@"3"@:>@ = "0"; print v@<:@"1"@:>@v@<:@"2"@:>@v@<:@"3"@:>@ }'` +- AC_DEFINE_UNQUOTED(KRB5_VERSION, $K5VERS, [Define this as the Kerberos version number]) +- if test -f $dir/include/gssapi/gssapi_krb5.h -a \ +- \( -f $dir/lib/libgssapi_krb5.a -o \ +- -f $dir/lib64/libgssapi_krb5.a -o \ +- -f $dir/lib64/libgssapi_krb5.so -o \ +- -f $dir/lib/libgssapi_krb5.so \) ; then ++ if $K5CONFIG --version | grep -q -e heimdal; then ++ K5VERS=`$K5CONFIG --version | head -n 1 | cut -f2 -d ' ' | tr -d '.'` ++ AC_DEFINE(HAVE_HEIMDAL, 1, [Define this if you have Heimdal Kerberos libraries]) ++ gssapi_lib=gssapi ++ KRBIMPL="heimdal" ++ elif $K5CONFIG --version | grep -q -e mit; then ++ K5VERS=`$K5CONFIG --version | head -n 1 | cut -f4 -d ' ' | tr -d '.'` + AC_DEFINE(HAVE_KRB5, 1, [Define this if you have MIT Kerberos libraries]) +- KRBDIR="$dir" +- dnl If we are using MIT K5 1.3.1 and before, we *MUST* use the +- dnl private function (gss_krb5_ccache_name) to get correct +- dnl behavior of changing the ccache used by gssapi. +- dnl Starting in 1.3.2, we *DO NOT* want to use +- dnl gss_krb5_ccache_name, instead we want to set KRB5CCNAME +- dnl to get gssapi to use a different ccache + if test $K5VERS -le 131; then + AC_DEFINE(USE_GSS_KRB5_CCACHE_NAME, 1, [Define this if the private function, gss_krb5_cache_name, must be used to tell the Kerberos library which credentials cache to use. Otherwise, this is done by setting the KRB5CCNAME environment variable]) + fi + gssapi_lib=gssapi_krb5 +- break +- dnl The following ugly hack brought on by the split installation +- dnl of Heimdal Kerberos on SuSe +- elif test \( -f $dir/include/heim_err.h -o\ +- -f $dir/include/heimdal/heim_err.h \) -a \ +- -f $dir/lib/libroken.a; then +- AC_DEFINE(HAVE_HEIMDAL, 1, [Define this if you have Heimdal Kerberos libraries]) +- KRBDIR="$dir" +- gssapi_lib=gssapi +- break +- fi +- fi +- done +- dnl We didn't find a usable Kerberos environment +- if test "x$KRBDIR" = "x"; then +- if test "x$krb5_with" = "x"; then +- AC_MSG_ERROR(Kerberos v5 with GSS support not found: consider --disable-gss or --with-krb5=) ++ KRBIMPL="mit-krb5" + else +- AC_MSG_ERROR(Kerberos v5 with GSS support not found at $krb5_with) +- fi ++ AC_MSG_ERROR(Unknown Kerberos 5 Implementation. Is neither heimdal or mit-krb5.) ++ KRBIMPL="unknown" + fi +- AC_MSG_RESULT($KRBDIR) +- +- dnl Check if -rpath=$(KRBDIR)/lib is needed +- echo "The current KRBDIR is $KRBDIR" +- if test "$KRBDIR/lib" = "/lib" -o "$KRBDIR/lib" = "/usr/lib" \ +- -o "$KRBDIR/lib" = "//lib" -o "$KRBDIR/lib" = "/usr//lib" ; then +- KRBLDFLAGS=""; +- elif /sbin/ldconfig -p | grep > /dev/null "=> $KRBDIR/lib/"; then +- KRBLDFLAGS=""; +- else +- KRBLDFLAGS="-Wl,-rpath=$KRBDIR/lib" ++ AC_DEFINE_UNQUOTED(KRB5_VERSION, $K5VERS, [Define this as the Kerberos version number]) + fi ++ AC_MSG_RESULT($KRBIMPL) + +- dnl Now check for functions within gssapi library +- AC_CHECK_LIB($gssapi_lib, gss_krb5_export_lucid_sec_context, +- AC_DEFINE(HAVE_LUCID_CONTEXT_SUPPORT, 1, [Define this if the Kerberos GSS library supports gss_krb5_export_lucid_sec_context]), ,$KRBLIBS) +- AC_CHECK_LIB($gssapi_lib, gss_krb5_set_allowable_enctypes, +- AC_DEFINE(HAVE_SET_ALLOWABLE_ENCTYPES, 1, [Define this if the Kerberos GSS library supports gss_krb5_set_allowable_enctypes]), ,$KRBLIBS) +- AC_CHECK_LIB($gssapi_lib, gss_krb5_ccache_name, +- AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME, 1, [Define this if the Kerberos GSS library supports gss_krb5_ccache_name]), ,$KRBLIBS) +- +- dnl Check for newer error message facility +- AC_CHECK_LIB($gssapi_lib, krb5_get_error_message, +- AC_DEFINE(HAVE_KRB5_GET_ERROR_MESSAGE, 1, [Define this if the function krb5_get_error_message is available]), ,$KRBLIBS) ++ AC_CHECK_LIB($gssapi_lib, gss_krb5_export_lucid_sec_context, AC_DEFINE(HAVE_LUCID_CONTEXT_SUPPORT, 1, [Define this if the Kerberos GSS library supports gss_krb5_export_lucid_sec_context]), ,$KRBLIBS) ++ AC_CHECK_LIB($gssapi_lib, gss_krb5_set_allowable_enctypes, AC_DEFINE(HAVE_SET_ALLOWABLE_ENCTYPES, 1, [Define this if the Kerberos GSS library supports gss_krb5_set_allowable_enctypes]), ,$KRBLIBS) ++ AC_CHECK_LIB($gssapi_lib, gss_krb5_ccache_name, AC_DEFINE(HAVE_GSS_KRB5_CCACHE_NAME, 1, [Define this if the Kerberos GSS library supports gss_krb5_ccache_name]), ,$KRBLIBS) ++ AC_CHECK_LIB($gssapi_lib, krb5_get_error_message, AC_DEFINE(HAVE_KRB5_GET_ERROR_MESSAGE, 1, [Define this if the function krb5_get_error_message is available]), ,$KRBLIBS) ++ AC_CHECK_LIB($gssapi_lib, krb5_get_init_creds_opt_set_addressless, AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_OPT_SET_ADDRESSLESS, 1, [Define this if the function krb5_get_init_creds_opt_set_addressless is available]), ,$KRBLIBS) + +- dnl Check for function to specify addressless tickets +- AC_CHECK_LIB($gssapi_lib, krb5_get_init_creds_opt_set_addressless, +- AC_DEFINE(HAVE_KRB5_GET_INIT_CREDS_OPT_SET_ADDRESSLESS, 1, [Define this if the function krb5_get_init_creds_opt_set_addressless is available]), ,$KRBLIBS) +- +- dnl If they specified a directory and it didn't work, give them a warning +- if test "x$krb5_with" != "x" -a "$krb5_with" != "$KRBDIR"; then +- AC_MSG_WARN(Using $KRBDIR instead of requested value of $krb5_with for Kerberos!) +- fi +- +- AC_SUBST([KRBDIR]) + AC_SUBST([KRBLIBS]) + AC_SUBST([KRBCFLAGS]) + AC_SUBST([KRBLDFLAGS]) ================================================================ Index: packages/nfs-utils/nfs-utils-no_libgssapi.patch diff -u /dev/null packages/nfs-utils/nfs-utils-no_libgssapi.patch:1.1 --- /dev/null Tue Jun 30 16:39:53 2009 +++ packages/nfs-utils/nfs-utils-no_libgssapi.patch Tue Jun 30 16:39:47 2009 @@ -0,0 +1,57 @@ +Index: nfs-utils-1.1.0/utils/gssd/context_lucid.c +=================================================================== +--- nfs-utils-1.1.0.orig/utils/gssd/context_lucid.c ++++ nfs-utils-1.1.0/utils/gssd/context_lucid.c +@@ -48,8 +48,10 @@ + #include "context.h" + + #ifndef OM_uint64 ++#ifndef GSSAPI_GSSAPI_H_ + typedef uint64_t OM_uint64; + #endif ++#endif + + static int + write_lucid_keyblock(char **p, char *end, gss_krb5_lucid_key_t *key) +@@ -171,10 +173,10 @@ serialize_krb5_ctx(gss_ctx_id_t ctx, gss + int retcode = 0; + + printerr(2, "DEBUG: serialize_krb5_ctx: lucid version!\n"); +- maj_stat = gss_export_lucid_sec_context(&min_stat, &ctx, ++ maj_stat = gss_krb5_export_lucid_sec_context(&min_stat, &ctx, + 1, &return_ctx); + if (maj_stat != GSS_S_COMPLETE) { +- pgsserr("gss_export_lucid_sec_context", ++ pgsserr("gss_krb5_export_lucid_sec_context", + maj_stat, min_stat, &krb5oid); + goto out_err; + } +@@ -198,9 +200,9 @@ serialize_krb5_ctx(gss_ctx_id_t ctx, gss + else + retcode = prepare_krb5_rfc_cfx_buffer(lctx, buf); + +- maj_stat = gss_free_lucid_sec_context(&min_stat, ctx, return_ctx); ++ maj_stat = gss_krb5_free_lucid_sec_context(&min_stat, ctx); + if (maj_stat != GSS_S_COMPLETE) { +- pgsserr("gss_export_lucid_sec_context", ++ pgsserr("gss_krb5_export_lucid_sec_context", + maj_stat, min_stat, &krb5oid); + printerr(0, "WARN: failed to free lucid sec context\n"); + } +Index: nfs-utils-1.1.0/utils/gssd/krb5_util.c +=================================================================== +--- nfs-utils-1.1.0.orig/utils/gssd/krb5_util.c ++++ nfs-utils-1.1.0/utils/gssd/krb5_util.c +@@ -294,10 +294,10 @@ limit_krb5_enctypes(struct rpc_gss_sec * + return -1; + } + +- maj_stat = gss_set_allowable_enctypes(&min_stat, credh, &krb5oid, ++ maj_stat = gss_krb5_set_allowable_enctypes(&min_stat, credh, + num_enctypes, &enctypes); + if (maj_stat != GSS_S_COMPLETE) { +- pgsserr("gss_set_allowable_enctypes", ++ pgsserr("gss_krb5_set_allowable_enctypes", + maj_stat, min_stat, &krb5oid); + gss_release_cred(&min_stat, &credh); + return -1; ================================================================ Index: packages/nfs-utils/nfs-utils-pkgconfig_ac.patch diff -u /dev/null packages/nfs-utils/nfs-utils-pkgconfig_ac.patch:1.1 --- /dev/null Tue Jun 30 16:39:53 2009 +++ packages/nfs-utils/nfs-utils-pkgconfig_ac.patch Tue Jun 30 16:39:47 2009 @@ -0,0 +1,12 @@ +diff -ur nfs-utils-1.2.0/aclocal/rpcsec_vers.m4 nfs-utils-1.2.0-pkg/aclocal/rpcsec_vers.m4 +--- nfs-utils-1.2.0/aclocal/rpcsec_vers.m4 2009-06-02 16:43:05.000000000 +0200 ++++ nfs-utils-1.2.0-pkg/aclocal/rpcsec_vers.m4 2009-06-30 15:48:36.603210573 +0200 +@@ -1,7 +1,7 @@ + dnl Checks librpcsec version + AC_DEFUN([AC_RPCSEC_VERSION], [ + +- PKG_CHECK_MODULES([GSSGLUE], [libgssglue >= 0.1]) ++ PKG_CHECK_MODULES([GSSGLUE], [libgssglue >= 0.1], , [PKG_CHECK_MODULES([GSSGLUE], [heimdal-gssapi])]) + + dnl TI-RPC replaces librpcsecgss + if test "$enable_tirpc" = no; then ================================================================ ---- CVS-web: http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/nfs-utils/nfs-utils.spec?r1=1.174&r2=1.175&f=u _______________________________________________ pld-cvs-commit mailing list pld-cvs-commit@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
