diff options
author | Nikolay Amiantov <ab@fmap.me> | 2017-02-03 20:04:25 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-02-03 20:04:25 +0300 |
commit | 230c97c944af8507128a18d58eb97e633ee561fe (patch) | |
tree | 98f2fb4498add4e03abdd60734173480cabce3b0 | |
parent | 500d48f5475fdd46773f2073cf432053602f761f (diff) | |
parent | e0e9fddf566abcaa7c71cab9c8ee698142328e6b (diff) | |
download | nixlib-230c97c944af8507128a18d58eb97e633ee561fe.tar nixlib-230c97c944af8507128a18d58eb97e633ee561fe.tar.gz nixlib-230c97c944af8507128a18d58eb97e633ee561fe.tar.bz2 nixlib-230c97c944af8507128a18d58eb97e633ee561fe.tar.lz nixlib-230c97c944af8507128a18d58eb97e633ee561fe.tar.xz nixlib-230c97c944af8507128a18d58eb97e633ee561fe.tar.zst nixlib-230c97c944af8507128a18d58eb97e633ee561fe.zip |
Merge pull request #22303 from abbradar/nfs4
NFS improvements
-rw-r--r-- | nixos/modules/misc/ids.nix | 2 | ||||
-rw-r--r-- | nixos/modules/rename.nix | 4 | ||||
-rw-r--r-- | nixos/modules/services/network-filesystems/nfsd.nix | 101 | ||||
-rw-r--r-- | nixos/modules/services/networking/rpcbind.nix | 52 | ||||
-rw-r--r-- | nixos/modules/tasks/filesystems/nfs.nix | 100 | ||||
-rw-r--r-- | pkgs/os-specific/linux/keyutils/default.nix | 23 | ||||
-rw-r--r-- | pkgs/os-specific/linux/nfs-utils/default.nix | 78 | ||||
-rw-r--r-- | pkgs/os-specific/linux/tcp-wrappers/default.nix | 41 | ||||
-rw-r--r-- | pkgs/servers/portmap/default.nix | 45 | ||||
-rw-r--r-- | pkgs/servers/portmap/reuse-socket.patch | 38 | ||||
-rw-r--r-- | pkgs/servers/rpcbind/0001-handle_reply-Don-t-use-the-xp_auth-pointer-directly.patch | 43 | ||||
-rw-r--r-- | pkgs/servers/rpcbind/default.nix | 19 | ||||
-rw-r--r-- | pkgs/top-level/all-packages.nix | 2 | ||||
-rw-r--r-- | pkgs/top-level/release-small.nix | 2 |
14 files changed, 181 insertions, 369 deletions
diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index 0ed44f9d3d15..60e00ce874a8 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -286,6 +286,7 @@ gogs = 268; pdns-recursor = 269; kresd = 270; + rpc = 271; # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! @@ -541,6 +542,7 @@ couchpotato = 267; gogs = 268; kresd = 270; + #rpc = 271; # unused # When adding a gid, make sure it doesn't match an existing # uid. Users and groups with the same name should have equal diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index 4e7f62fc8f5c..5ae3f4bd6e63 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -172,6 +172,10 @@ with lib; (mkRenamedOptionModule [ "services" "locate" "period" ] [ "services" "locate" "interval" ]) (mkRemovedOptionModule [ "services" "locate" "includeStore" ] "Use services.locate.prunePaths" ) + # nfs + (mkRenamedOptionModule [ "services" "nfs" "lockdPort" ] [ "services" "nfs" "server" "lockdPort" ]) + (mkRenamedOptionModule [ "services" "nfs" "statdPort" ] [ "services" "nfs" "server" "statdPort" ]) + # Options that are obsolete and have no replacement. (mkRemovedOptionModule [ "boot" "initrd" "luks" "enable" ] "") (mkRemovedOptionModule [ "programs" "bash" "enable" ] "") diff --git a/nixos/modules/services/network-filesystems/nfsd.nix b/nixos/modules/services/network-filesystems/nfsd.nix index ddc7258ce0b4..4fafb7a1fdbb 100644 --- a/nixos/modules/services/network-filesystems/nfsd.nix +++ b/nixos/modules/services/network-filesystems/nfsd.nix @@ -20,6 +20,7 @@ in server = { enable = mkOption { + type = types.bool; default = false; description = '' Whether to enable the kernel's NFS server. @@ -27,6 +28,7 @@ in }; exports = mkOption { + type = types.lines; default = ""; description = '' Contents of the /etc/exports file. See @@ -36,6 +38,7 @@ in }; hostName = mkOption { + type = types.nullOr types.str; default = null; description = '' Hostname or address on which NFS requests will be accepted. @@ -46,6 +49,7 @@ in }; nproc = mkOption { + type = types.int; default = 8; description = '' Number of NFS server threads. Defaults to the recommended value of 8. @@ -53,11 +57,13 @@ in }; createMountPoints = mkOption { + type = types.bool; default = false; description = "Whether to create the mount points in the exports file at startup time."; }; mountdPort = mkOption { + type = types.nullOr types.int; default = null; example = 4002; description = '' @@ -66,11 +72,26 @@ in }; lockdPort = mkOption { - default = 0; + type = types.nullOr types.int; + default = null; + example = 4001; description = '' - Fix the lockd port number. This can help setting firewall rules for NFS. + Use a fixed port for the NFS lock manager kernel module + (<literal>lockd/nlockmgr</literal>). This is useful if the + NFS server is behind a firewall. ''; }; + + statdPort = mkOption { + type = types.nullOr types.int; + default = null; + example = 4000; + description = '' + Use a fixed port for <command>rpc.statd</command>. This is + useful if the NFS server is behind a firewall. + ''; + }; + }; }; @@ -82,61 +103,42 @@ in config = mkIf cfg.enable { - services.rpcbind.enable = true; + services.nfs.extraConfig = '' + [nfsd] + threads=${toString cfg.nproc} + ${optionalString (cfg.hostName != null) "host=${cfg.hostName}"} - boot.supportedFilesystems = [ "nfs" ]; # needed for statd and idmapd + [mountd] + ${optionalString (cfg.mountdPort != null) "port=${toString cfg.mountdPort}"} - environment.systemPackages = [ pkgs.nfs-utils ]; + [statd] + ${optionalString (cfg.statdPort != null) "port=${toString cfg.statdPort}"} - environment.etc.exports.source = exports; - - boot.kernelModules = [ "nfsd" ]; - - systemd.services.nfsd = - { description = "NFS Server"; - - wantedBy = [ "multi-user.target" ]; - - requires = [ "rpcbind.service" "mountd.service" ]; - after = [ "rpcbind.service" "mountd.service" "idmapd.service" ]; - before = [ "statd.service" ]; - - path = [ pkgs.nfs-utils ]; + [lockd] + ${optionalString (cfg.lockdPort != null) '' + port=${toString cfg.lockdPort} + udp-port=${toString cfg.lockdPort} + ''} + ''; - script = - '' - # Create a state directory required by NFSv4. - mkdir -p /var/lib/nfs/v4recovery - - ${pkgs.procps}/sbin/sysctl -w fs.nfs.nlm_tcpport=${builtins.toString cfg.lockdPort} - ${pkgs.procps}/sbin/sysctl -w fs.nfs.nlm_udpport=${builtins.toString cfg.lockdPort} + services.rpcbind.enable = true; - rpc.nfsd \ - ${if cfg.hostName != null then "-H ${cfg.hostName}" else ""} \ - ${builtins.toString cfg.nproc} - ''; + boot.supportedFilesystems = [ "nfs" ]; # needed for statd and idmapd - postStop = "rpc.nfsd 0"; + environment.etc.exports.source = exports; - serviceConfig.Type = "oneshot"; - serviceConfig.RemainAfterExit = true; + systemd.services.nfs-server = + { enable = true; + wantedBy = [ "multi-user.target" ]; }; - systemd.services.mountd = - { description = "NFSv3 Mount Daemon"; - - requires = [ "rpcbind.service" ]; - after = [ "rpcbind.service" "local-fs.target" ]; - - path = [ pkgs.nfs-utils pkgs.sysvtools pkgs.utillinux ]; + systemd.services.nfs-mountd = + { enable = true; + path = [ pkgs.nfs-utils ]; + restartTriggers = [ exports ]; preStart = '' - mkdir -p /var/lib/nfs - touch /var/lib/nfs/rmtab - - mountpoint -q /proc/fs/nfsd || mount -t nfsd none /proc/fs/nfsd - ${optionalString cfg.createMountPoints '' # create export directories: @@ -149,15 +151,6 @@ in exportfs -rav ''; - - restartTriggers = [ exports ]; - - serviceConfig.Type = "forking"; - serviceConfig.ExecStart = '' - @${pkgs.nfs-utils}/sbin/rpc.mountd rpc.mountd \ - ${if cfg.mountdPort != null then "-p ${toString cfg.mountdPort}" else ""} - ''; - serviceConfig.Restart = "always"; }; }; diff --git a/nixos/modules/services/networking/rpcbind.nix b/nixos/modules/services/networking/rpcbind.nix index eef1e8e8cd88..cddcb09054e0 100644 --- a/nixos/modules/services/networking/rpcbind.nix +++ b/nixos/modules/services/networking/rpcbind.nix @@ -2,35 +2,6 @@ with lib; -let - - netconfigFile = { - target = "netconfig"; - source = pkgs.writeText "netconfig" '' - # - # The network configuration file. This file is currently only used in - # conjunction with the TI-RPC code in the libtirpc library. - # - # Entries consist of: - # - # <network_id> <semantics> <flags> <protofamily> <protoname> \ - # <device> <nametoaddr_libs> - # - # The <device> and <nametoaddr_libs> fields are always empty in this - # implementation. - # - udp tpi_clts v inet udp - - - tcp tpi_cots_ord v inet tcp - - - udp6 tpi_clts v inet6 udp - - - tcp6 tpi_cots_ord v inet6 tcp - - - rawip tpi_raw - inet - - - - local tpi_cots_ord - loopback - - - - unix tpi_cots_ord - loopback - - - - ''; - }; - -in - { ###### interface @@ -58,25 +29,18 @@ in ###### implementation config = mkIf config.services.rpcbind.enable { - environment.systemPackages = [ pkgs.rpcbind ]; - environment.etc = [ netconfigFile ]; - - systemd.services.rpcbind = - { description = "ONC RPC Directory Service"; + systemd.packages = [ pkgs.rpcbind ]; - wantedBy = [ "multi-user.target" ]; - - requires = [ "basic.target" ]; - after = [ "basic.target" ]; - - unitConfig.DefaultDependencies = false; # don't stop during shutdown - - serviceConfig.Type = "forking"; - serviceConfig.ExecStart = "@${pkgs.rpcbind}/bin/rpcbind rpcbind"; - }; + systemd.services.rpcbind = { + wantedBy = [ "multi-user.target" ]; + }; + users.extraUsers.rpc = { + group = "nogroup"; + uid = config.ids.uids.rpc; + }; }; } diff --git a/nixos/modules/tasks/filesystems/nfs.nix b/nixos/modules/tasks/filesystems/nfs.nix index e9a7ccc721a9..692034c0e37b 100644 --- a/nixos/modules/tasks/filesystems/nfs.nix +++ b/nixos/modules/tasks/filesystems/nfs.nix @@ -24,6 +24,8 @@ let Method = nsswitch ''; + nfsConfFile = pkgs.writeText "nfs.conf" cfg.extraConfig; + cfg = config.services.nfs; in @@ -32,23 +34,12 @@ in ###### interface options = { - services.nfs = { - statdPort = mkOption { - default = null; - example = 4000; - description = '' - Use a fixed port for <command>rpc.statd</command>. This is - useful if the NFS server is behind a firewall. - ''; - }; - lockdPort = mkOption { - default = null; - example = 4001; + extraConfig = mkOption { + type = types.lines; + default = ""; description = '' - Use a fixed port for the NFS lock manager kernel module - (<literal>lockd/nlockmgr</literal>). This is useful if the - NFS server is behind a firewall. + Extra nfs-utils configuration. ''; }; }; @@ -62,69 +53,44 @@ in system.fsPackages = [ pkgs.nfs-utils ]; - boot.extraModprobeConfig = mkIf (cfg.lockdPort != null) '' - options lockd nlm_udpport=${toString cfg.lockdPort} nlm_tcpport=${toString cfg.lockdPort} - ''; - - boot.kernelModules = [ "sunrpc" ]; - boot.initrd.kernelModules = mkIf inInitrd [ "nfs" ]; - # FIXME: should use upstream units from nfs-utils. - - systemd.services.statd = - { description = "NFSv3 Network Status Monitor"; - - path = [ pkgs.nfs-utils pkgs.sysvtools pkgs.utillinux ]; + systemd.packages = [ pkgs.nfs-utils ]; + systemd.generator-packages = [ pkgs.nfs-utils ]; - wants = [ "remote-fs-pre.target" ]; - before = [ "remote-fs-pre.target" ]; - wantedBy = [ "remote-fs.target" ]; - requires = [ "basic.target" "rpcbind.service" ]; - after = [ "basic.target" "rpcbind.service" ]; - - unitConfig.DefaultDependencies = false; # don't stop during shutdown - - preStart = - '' - mkdir -p ${nfsStateDir}/sm - mkdir -p ${nfsStateDir}/sm.bak - sm-notify -d - ''; + environment.etc = { + "idmapd.conf".source = idmapdConfFile; + "nfs.conf".source = nfsConfFile; + }; - serviceConfig.Type = "forking"; - serviceConfig.ExecStart = '' - @${pkgs.nfs-utils}/sbin/rpc.statd rpc.statd --no-notify \ - ${if cfg.statdPort != null then "-p ${toString cfg.statdPort}" else ""} - ''; - serviceConfig.Restart = "always"; + systemd.services.nfs-blkmap = + { restartTriggers = [ nfsConfFile ]; }; - systemd.services.idmapd = - { description = "NFSv4 ID Mapping Daemon"; + systemd.targets.nfs-client = + { wantedBy = [ "multi-user.target" "remote-fs.target" ]; + }; - path = [ pkgs.sysvtools pkgs.utillinux ]; + systemd.services.nfs-idmapd = + { restartTriggers = [ idmapdConfFile ]; + }; - wants = [ "remote-fs-pre.target" ]; - before = [ "remote-fs-pre.target" ]; - wantedBy = [ "remote-fs.target" ]; - requires = [ "rpcbind.service" ]; - after = [ "rpcbind.service" ]; + systemd.services.nfs-mountd = + { restartTriggers = [ nfsConfFile ]; + enable = mkDefault false; + }; - preStart = - '' - mkdir -p ${rpcMountpoint} - mount -t rpc_pipefs rpc_pipefs ${rpcMountpoint} - ''; + systemd.services.nfs-server = + { restartTriggers = [ nfsConfFile ]; + enable = mkDefault false; + }; - postStop = - '' - umount ${rpcMountpoint} - ''; + systemd.services.rpc-gssd = + { restartTriggers = [ nfsConfFile ]; + }; - serviceConfig.Type = "forking"; - serviceConfig.ExecStart = "@${pkgs.nfs-utils}/sbin/rpc.idmapd rpc.idmapd -c ${idmapdConfFile}"; - serviceConfig.Restart = "always"; + systemd.services.rpc-statd = + { restartTriggers = [ nfsConfFile ]; }; }; diff --git a/pkgs/os-specific/linux/keyutils/default.nix b/pkgs/os-specific/linux/keyutils/default.nix index d1eb38df6da2..2aba3ef91128 100644 --- a/pkgs/os-specific/linux/keyutils/default.nix +++ b/pkgs/os-specific/linux/keyutils/default.nix @@ -1,23 +1,26 @@ { stdenv, fetchurl, gnumake, file }: stdenv.mkDerivation rec { - name = "keyutils-1.5.9"; + name = "keyutils-${version}"; + version = "1.5.9"; src = fetchurl { url = "http://people.redhat.com/dhowells/keyutils/${name}.tar.bz2"; sha256 = "1bl3w03ygxhc0hz69klfdlwqn33jvzxl1zfl2jmnb2v85iawb8jd"; }; - buildInputs = [ file ]; + outputs = [ "out" "lib" "dev" ]; - patchPhase = '' - sed -i -e "s, /usr/bin/make, ${gnumake}/bin/make," \ - -e "s, /usr, ," \ - -e "s,\$(LNS) \$(LIBDIR)/\$(SONAME),\$(LNS) \$(SONAME)," \ - Makefile - ''; - - installPhase = "make install DESTDIR=$out"; + installFlags = [ + "ETCDIR=$(out)/etc" + "BINDIR=$(out)/bin" + "SBINDIR=$(out)/sbin" + "SHAREDIR=$(out)/share/keyutils" + "MANDIR=$(out)/share/man" + "INCLUDEDIR=$(dev)/include" + "LIBDIR=$(lib)/lib" + "USRLIBDIR=$(lib)/lib" + ]; meta = with stdenv.lib; { homepage = http://people.redhat.com/dhowells/keyutils/; diff --git a/pkgs/os-specific/linux/nfs-utils/default.nix b/pkgs/os-specific/linux/nfs-utils/default.nix index 504d3790d868..81ce7babba15 100644 --- a/pkgs/os-specific/linux/nfs-utils/default.nix +++ b/pkgs/os-specific/linux/nfs-utils/default.nix @@ -1,48 +1,69 @@ -{ fetchurl, stdenv, tcp_wrappers, utillinux, libcap, libtirpc, libevent, libnfsidmap -, lvm2, e2fsprogs, python, sqlite +{ stdenv, fetchurl, lib, pkgconfig, utillinux, libcap, libtirpc, libevent, libnfsidmap +, sqlite, kerberos, kmod, libuuid, keyutils, lvm2, systemd, coreutils, tcp_wrappers }: -stdenv.mkDerivation rec { - name = "nfs-utils-1.3.3"; +let + statdPath = lib.makeBinPath [ systemd utillinux coreutils ]; + +in stdenv.mkDerivation rec { + name = "nfs-utils-${version}"; + version = "2.1.1"; src = fetchurl { url = "mirror://sourceforge/nfs/${name}.tar.bz2"; - sha256 = "1svn27j5c873nixm46l111g7cgyaj5zd51ahfq8mx5v9m3vh93py"; + sha256 = "02dvxphndpm8vpqqnl0zvij97dq9vsq2a179pzrjcv2i91ll2a0a"; }; - buildInputs = - [ tcp_wrappers utillinux libcap libtirpc libevent libnfsidmap - lvm2 e2fsprogs python sqlite - ]; + nativeBuildInputs = [ pkgconfig ]; + + buildInputs = [ + libtirpc libcap libevent libnfsidmap sqlite lvm2 + libuuid keyutils kerberos tcp_wrappers + ]; + + enableParallelBuilding = true; - # FIXME: Add the dependencies needed for NFSv4 and TI-RPC. configureFlags = - [ "--disable-gss" + [ "--enable-gss" "--with-statedir=/var/lib/nfs" - "--with-tirpcinclude=${libtirpc}/include/tirpc" + "--with-krb5=${kerberos}" + "--with-systemd=$(out)/etc/systemd/system" + "--enable-libmount-mount" ] - ++ stdenv.lib.optional (stdenv ? glibc) "--with-rpcgen=${stdenv.glibc.bin}/bin/rpcgen"; + ++ lib.optional (stdenv ? glibc) "--with-rpcgen=${stdenv.glibc.bin}/bin/rpcgen"; - patchPhase = + postPatch = '' - for i in "tests/"*.sh - do - sed -i "$i" -e's|/bin/bash|/bin/sh|g' - chmod +x "$i" - done - sed -i s,/usr/sbin,$out/sbin, utils/statd/statd.c + patchShebangs tests + sed -i "s,/usr/sbin,$out/bin,g" utils/statd/statd.c + sed -i "s,^PATH=.*,PATH=$out/bin:${statdPath}," utils/statd/start-statd + + configureFlags="--with-start-statd=$out/bin/start-statd $configureFlags" ''; - preBuild = + makeFlags = [ + "sbindir=$(out)/bin" + "generator_dir=$(out)/etc/systemd/system-generators" + ]; + + installFlags = [ + "statedir=$(TMPDIR)" + "statdpath=$(TMPDIR)" + ]; + + postInstall = '' - makeFlags="sbindir=$out/sbin" - installFlags="statedir=$TMPDIR statdpath=$TMPDIR" # hack to make `make install' work + # Not used on NixOS + sed -i \ + -e "s,/sbin/modprobe,${kmod}/bin/modprobe,g" \ + -e "s,/usr/sbin,$out/bin,g" \ + $out/etc/systemd/system/* ''; # One test fails on mips. doCheck = !stdenv.isMips; - meta = { + meta = with stdenv.lib; { description = "Linux user-space NFS utilities"; longDescription = '' @@ -51,10 +72,9 @@ stdenv.mkDerivation rec { daemons. ''; - homepage = http://nfs.sourceforge.net/; - license = stdenv.lib.licenses.gpl2; - - platforms = stdenv.lib.platforms.linux; - maintainers = [ ]; + homepage = "https://sourceforge.net/projects/nfs/"; + license = licenses.gpl2; + platforms = platforms.linux; + maintainers = with maintainers; [ abbradar ]; }; } diff --git a/pkgs/os-specific/linux/tcp-wrappers/default.nix b/pkgs/os-specific/linux/tcp-wrappers/default.nix index eb50fc0abce9..105a4cacd826 100644 --- a/pkgs/os-specific/linux/tcp-wrappers/default.nix +++ b/pkgs/os-specific/linux/tcp-wrappers/default.nix @@ -1,40 +1,30 @@ { fetchurl, stdenv }: -stdenv.mkDerivation { - name = "tcp-wrappers-7.6"; +stdenv.mkDerivation rec { + name = "tcp-wrappers-${version}"; + version = "7.6.q"; src = fetchurl { - url = mirror://debian/pool/main/t/tcp-wrappers/tcp-wrappers_7.6.dbs.orig.tar.gz; - sha256 = "0k68ziinx6biwar5lcb9jvv0rp6b3vmj6861n75bvrz4w1piwkdp"; + url = "mirror://debian/pool/main/t/tcp-wrappers/tcp-wrappers_${version}.orig.tar.gz"; + sha256 = "0p9ilj4v96q32klavx0phw9va21fjp8vpk11nbh6v2ppxnnxfhwm"; }; - patches = [ - (fetchurl { - url = mirror://debian/pool/main/t/tcp-wrappers/tcp-wrappers_7.6.dbs-13.diff.gz; - sha256 = "071ir20rh8ckhgrc0y99wgnlbqjgkprf0qwbv84lqw5i6qajbcnh"; - }) - ]; + debian = fetchurl { + url = "mirror://debian/pool/main/t/tcp-wrappers/tcp-wrappers_${version}-24.debian.tar.xz"; + sha256 = "1kgax35rwaj5q8nf8fw60aczvxj99h2jjp7iv1f82y85yz9x0ak7"; + }; prePatch = '' - cd upstream/tarballs - tar xzvf * - cd tcp_wrappers_7.6 + tar -xaf $debian + shopt -s extglob + patches="$(echo debian/patches/!(series)) $patches" ''; - postPatch = '' - for patch in debian/patches/*; do - echo "applying Debian patch \`$(basename $patch)'..." - patch --batch -p1 < $patch - done - ''; - - buildPhase = '' - make REAL_DAEMON_DIR="$out/sbin" linux - ''; + makeFlags = [ "REAL_DAEMON_DIR=$(out)/bin" "linux" ]; installPhase = '' - mkdir -p "$out/sbin" - cp -v safe_finger tcpd tcpdchk tcpdmatch try-from "$out/sbin" + mkdir -p "$out/bin" + cp -v safe_finger tcpd tcpdchk tcpdmatch try-from "$out/bin" mkdir -p "$out/lib" cp -v shared/lib*.so* "$out/lib" @@ -42,7 +32,6 @@ stdenv.mkDerivation { mkdir -p "$out/include" cp -v *.h "$out/include" - mkdir -p "$out/man" for i in 3 5 8; do mkdir -p "$out/man/man$i" diff --git a/pkgs/servers/portmap/default.nix b/pkgs/servers/portmap/default.nix deleted file mode 100644 index e53690ebc113..000000000000 --- a/pkgs/servers/portmap/default.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ fetchurl, stdenv, lib, tcp_wrappers -, daemonUser ? false, daemonUID ? false, daemonGID ? false }: - -assert daemonUser -> (!daemonUID && !daemonGID); - -stdenv.mkDerivation rec { - name = "portmap-6.0"; - - src = fetchurl { - url = "http://neil.brown.name/portmap/${name}.tgz"; - sha256 = "1pj13ll4mbfwjwpn3fbg03qq9im6v2i8fcpa3ffp4viykz9j1j02"; - }; - - patches = [ ./reuse-socket.patch ]; - - postPatch = '' - substituteInPlace "Makefile" --replace "/usr/share" "" \ - --replace "install -o root -g root" "install" - ''; - - makeFlags = - lib.optional (daemonUser != false) "RPCUSER=\"${daemonUser}\"" - ++ lib.optional (daemonUID != false) "DAEMON_UID=${toString daemonUID}" - ++ lib.optional (daemonGID != false) "DAEMON_GID=${toString daemonGID}"; - - buildInputs = [ tcp_wrappers ]; - - installPhase = '' - mkdir -p "$out/sbin" "$out/man/man8" - make install BASEDIR=$out - ''; - - meta = { - description = "ONC RPC portmapper"; - longDescription = '' - Portmap is part of the ONC RPC software collection implementing - remote procedure calls (RPCs) between computer programs. It is - widely used by NFS and NIS, among others. - ''; - - homepage = http://neil.brown.name/portmap/; - license = "BSD"; - platforms = stdenv.lib.platforms.linux; - }; -} diff --git a/pkgs/servers/portmap/reuse-socket.patch b/pkgs/servers/portmap/reuse-socket.patch deleted file mode 100644 index 7d1a0ca09524..000000000000 --- a/pkgs/servers/portmap/reuse-socket.patch +++ /dev/null @@ -1,38 +0,0 @@ -Set SO_REUSEADDR to ensure that portmap can restart properly. - -https://bugs.launchpad.net/ubuntu/+source/portmap/+bug/688550 - -=================================================================== ---- portmap-6.0.0.orig/portmap.c 2011-03-16 20:43:26.000000000 +0100 -+++ portmap-6.0.0/portmap.c 2011-03-17 07:30:17.000000000 +0100 -@@ -142,9 +142,9 @@ - * loopback interface address. - */ - -+static int on = 1; - #ifdef LOOPBACK_SETUNSET - static SVCXPRT *ludpxprt, *ltcpxprt; --static int on = 1; - #ifndef INADDR_LOOPBACK - #define INADDR_LOOPBACK ntohl(inet_addr("127.0.0.1")) - #endif -@@ -399,9 +399,7 @@ - syslog(LOG_ERR, "cannot create udp socket: %m"); - exit(1); - } --#ifdef LOOPBACK_SETUNSET - setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &on, sizeof on); --#endif - - memset((char *) &addr, 0, sizeof(addr)); - addr.sin_addr.s_addr = 0; -@@ -434,9 +432,7 @@ - syslog(LOG_ERR, "cannot create tcp socket: %m"); - exit(1); - } --#ifdef LOOPBACK_SETUNSET - setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &on, sizeof on); --#endif - if (bind(sock, (struct sockaddr *)&addr, len) != 0) { - syslog(LOG_ERR, "cannot bind tcp: %m"); - exit(1); diff --git a/pkgs/servers/rpcbind/0001-handle_reply-Don-t-use-the-xp_auth-pointer-directly.patch b/pkgs/servers/rpcbind/0001-handle_reply-Don-t-use-the-xp_auth-pointer-directly.patch deleted file mode 100644 index 16b763ef0dec..000000000000 --- a/pkgs/servers/rpcbind/0001-handle_reply-Don-t-use-the-xp_auth-pointer-directly.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 9194122389f2a56b1cd1f935e64307e2e963c2da Mon Sep 17 00:00:00 2001 -From: Steve Dickson <steved@redhat.com> -Date: Mon, 2 Nov 2015 17:05:18 -0500 -Subject: [PATCH] handle_reply: Don't use the xp_auth pointer directly - -In the latest libtirpc version to access the xp_auth -one must use the SVC_XP_AUTH macro. To be backwards -compatible a couple ifdefs were added to use the -macro when it exists. - -Upstream-Status: Backport - -Signed-off-by: Steve Dickson <steved@redhat.com> -Signed-off-by: Maxin B. John <maxin.john@intel.com> ---- - src/rpcb_svc_com.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c -index 4ae93f1..22d6c84 100644 ---- a/src/rpcb_svc_com.c -+++ b/src/rpcb_svc_com.c -@@ -1295,10 +1295,17 @@ handle_reply(int fd, SVCXPRT *xprt) - a.rmt_localvers = fi->versnum; - - xprt_set_caller(xprt, fi); -+#if defined(SVC_XP_AUTH) -+ SVC_XP_AUTH(xprt) = svc_auth_none; -+#else - xprt->xp_auth = &svc_auth_none; -+#endif - svc_sendreply(xprt, (xdrproc_t) xdr_rmtcall_result, (char *) &a); -+#if !defined(SVC_XP_AUTH) - SVCAUTH_DESTROY(xprt->xp_auth); - xprt->xp_auth = NULL; -+#endif -+ - done: - if (buffer) - free(buffer); --- -2.4.0 - diff --git a/pkgs/servers/rpcbind/default.nix b/pkgs/servers/rpcbind/default.nix index 744763c43f11..cc5d7795e050 100644 --- a/pkgs/servers/rpcbind/default.nix +++ b/pkgs/servers/rpcbind/default.nix @@ -1,28 +1,27 @@ -{ fetchurl, fetchpatch, stdenv, pkgconfig, libtirpc +{ fetchurl, stdenv, pkgconfig, libtirpc , useSystemd ? true, systemd }: -let version = "0.2.3"; -in stdenv.mkDerivation rec { +stdenv.mkDerivation rec { name = "rpcbind-${version}"; + version = "0.2.4"; src = fetchurl { url = "mirror://sourceforge/rpcbind/${version}/${name}.tar.bz2"; - sha256 = "0yyjzv4161rqxrgjcijkrawnk55rb96ha0pav48s03l2klx855wq"; + sha256 = "0rjc867mdacag4yqvs827wqhkh27135rp9asj06ixhf71m9rljh7"; }; patches = [ ./sunrpc.patch - ./0001-handle_reply-Don-t-use-the-xp_auth-pointer-directly.patch - (fetchpatch { - url = "https://sources.debian.net/data/main/r/rpcbind/0.2.3-0.5/debian/patches/CVE-2015-7236.patch"; - sha256 = "1wsv5j8f5djzxr11n4027x107cam1avmx9w34g6l5d9s61j763wq"; - }) ]; buildInputs = [ libtirpc ] ++ stdenv.lib.optional useSystemd systemd; - configureFlags = stdenv.lib.optional (!useSystemd) "--with-systemdsystemunitdir=no"; + configureFlags = [ + "--with-systemdsystemunitdir=${if useSystemd then "$(out)/etc/systemd/system" else "no"}" + "--enable-warmstarts" + "--with-rpcuser=rpc" + ]; nativeBuildInputs = [ pkgconfig ]; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index b0ae2343e23a..387d2b232c44 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -10482,8 +10482,6 @@ with pkgs; pies = callPackage ../servers/pies { }; - portmap = callPackage ../servers/portmap { }; - rpcbind = callPackage ../servers/rpcbind { }; mariadb = callPackage ../servers/sql/mariadb { diff --git a/pkgs/top-level/release-small.nix b/pkgs/top-level/release-small.nix index 8ab27bc171d9..86fbb0bf1b81 100644 --- a/pkgs/top-level/release-small.nix +++ b/pkgs/top-level/release-small.nix @@ -127,12 +127,12 @@ with import ./release-lib.nix { inherit supportedSystems; }; perl = all; pkgconfig = all; pmccabe = linux; - portmap = linux; procps = linux; python = allBut cygwin; readline = all; rlwrap = all; rpm = linux; + rpcbind = linux; rsync = linux; screen = linux ++ darwin; scrot = linux; |