commit 230c97c944af8507128a18d58eb97e633ee561fe

+2

nixos/modules/misc/ids.nix

··· 286 286 gogs = 268; 287 287 pdns-recursor = 269; 288 288 kresd = 270; 289 + rpc = 271; 289 290 290 291 # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! 291 292 ··· 541 542 couchpotato = 267; 542 543 gogs = 268; 543 544 kresd = 270; 545 + #rpc = 271; # unused 544 546 545 547 # When adding a gid, make sure it doesn't match an existing 546 548 # uid. Users and groups with the same name should have equal

+4

nixos/modules/rename.nix

··· 172 172 (mkRenamedOptionModule [ "services" "locate" "period" ] [ "services" "locate" "interval" ]) 173 173 (mkRemovedOptionModule [ "services" "locate" "includeStore" ] "Use services.locate.prunePaths" ) 174 174 175 + # nfs 176 + (mkRenamedOptionModule [ "services" "nfs" "lockdPort" ] [ "services" "nfs" "server" "lockdPort" ]) 177 + (mkRenamedOptionModule [ "services" "nfs" "statdPort" ] [ "services" "nfs" "server" "statdPort" ]) 178 + 175 179 # Options that are obsolete and have no replacement. 176 180 (mkRemovedOptionModule [ "boot" "initrd" "luks" "enable" ] "") 177 181 (mkRemovedOptionModule [ "programs" "bash" "enable" ] "")

+47 -54

nixos/modules/services/network-filesystems/nfsd.nix

··· 20 20 21 21 server = { 22 22 enable = mkOption { 23 + type = types.bool; 23 24 default = false; 24 25 description = '' 25 26 Whether to enable the kernel's NFS server. ··· 27 28 }; 28 29 29 30 exports = mkOption { 31 + type = types.lines; 30 32 default = ""; 31 33 description = '' 32 34 Contents of the /etc/exports file. See ··· 36 38 }; 37 39 38 40 hostName = mkOption { 41 + type = types.nullOr types.str; 39 42 default = null; 40 43 description = '' 41 44 Hostname or address on which NFS requests will be accepted. ··· 46 49 }; 47 50 48 51 nproc = mkOption { 52 + type = types.int; 49 53 default = 8; 50 54 description = '' 51 55 Number of NFS server threads. Defaults to the recommended value of 8. ··· 53 57 }; 54 58 55 59 createMountPoints = mkOption { 60 + type = types.bool; 56 61 default = false; 57 62 description = "Whether to create the mount points in the exports file at startup time."; 58 63 }; 59 64 60 65 mountdPort = mkOption { 66 + type = types.nullOr types.int; 61 67 default = null; 62 68 example = 4002; 63 69 description = '' ··· 66 72 }; 67 73 68 74 lockdPort = mkOption { 69 - default = 0; 75 + type = types.nullOr types.int; 76 + default = null; 77 + example = 4001; 70 78 description = '' 71 - Fix the lockd port number. This can help setting firewall rules for NFS. 79 + Use a fixed port for the NFS lock manager kernel module 80 + (<literal>lockd/nlockmgr</literal>). This is useful if the 81 + NFS server is behind a firewall. 72 82 ''; 73 83 }; 84 + 85 + statdPort = mkOption { 86 + type = types.nullOr types.int; 87 + default = null; 88 + example = 4000; 89 + description = '' 90 + Use a fixed port for <command>rpc.statd</command>. This is 91 + useful if the NFS server is behind a firewall. 92 + ''; 93 + }; 94 + 74 95 }; 75 96 76 97 }; ··· 82 103 83 104 config = mkIf cfg.enable { 84 105 106 + services.nfs.extraConfig = '' 107 + [nfsd] 108 + threads=${toString cfg.nproc} 109 + ${optionalString (cfg.hostName != null) "host=${cfg.hostName}"} 110 + 111 + [mountd] 112 + ${optionalString (cfg.mountdPort != null) "port=${toString cfg.mountdPort}"} 113 + 114 + [statd] 115 + ${optionalString (cfg.statdPort != null) "port=${toString cfg.statdPort}"} 116 + 117 + [lockd] 118 + ${optionalString (cfg.lockdPort != null) '' 119 + port=${toString cfg.lockdPort} 120 + udp-port=${toString cfg.lockdPort} 121 + ''} 122 + ''; 123 + 85 124 services.rpcbind.enable = true; 86 125 87 126 boot.supportedFilesystems = [ "nfs" ]; # needed for statd and idmapd 88 - 89 - environment.systemPackages = [ pkgs.nfs-utils ]; 90 127 91 128 environment.etc.exports.source = exports; 92 129 93 - boot.kernelModules = [ "nfsd" ]; 94 - 95 - systemd.services.nfsd = 96 - { description = "NFS Server"; 97 - 130 + systemd.services.nfs-server = 131 + { enable = true; 98 132 wantedBy = [ "multi-user.target" ]; 99 - 100 - requires = [ "rpcbind.service" "mountd.service" ]; 101 - after = [ "rpcbind.service" "mountd.service" "idmapd.service" ]; 102 - before = [ "statd.service" ]; 103 - 104 - path = [ pkgs.nfs-utils ]; 105 - 106 - script = 107 - '' 108 - # Create a state directory required by NFSv4. 109 - mkdir -p /var/lib/nfs/v4recovery 110 - 111 - ${pkgs.procps}/sbin/sysctl -w fs.nfs.nlm_tcpport=${builtins.toString cfg.lockdPort} 112 - ${pkgs.procps}/sbin/sysctl -w fs.nfs.nlm_udpport=${builtins.toString cfg.lockdPort} 113 - 114 - rpc.nfsd \ 115 - ${if cfg.hostName != null then "-H ${cfg.hostName}" else ""} \ 116 - ${builtins.toString cfg.nproc} 117 - ''; 118 - 119 - postStop = "rpc.nfsd 0"; 120 - 121 - serviceConfig.Type = "oneshot"; 122 - serviceConfig.RemainAfterExit = true; 123 133 }; 124 134 125 - systemd.services.mountd = 126 - { description = "NFSv3 Mount Daemon"; 127 - 128 - requires = [ "rpcbind.service" ]; 129 - after = [ "rpcbind.service" "local-fs.target" ]; 130 - 131 - path = [ pkgs.nfs-utils pkgs.sysvtools pkgs.utillinux ]; 135 + systemd.services.nfs-mountd = 136 + { enable = true; 137 + path = [ pkgs.nfs-utils ]; 138 + restartTriggers = [ exports ]; 132 139 133 140 preStart = 134 141 '' 135 - mkdir -p /var/lib/nfs 136 - touch /var/lib/nfs/rmtab 137 - 138 - mountpoint -q /proc/fs/nfsd || mount -t nfsd none /proc/fs/nfsd 139 - 140 142 ${optionalString cfg.createMountPoints 141 143 '' 142 144 # create export directories: ··· 149 151 150 152 exportfs -rav 151 153 ''; 152 - 153 - restartTriggers = [ exports ]; 154 - 155 - serviceConfig.Type = "forking"; 156 - serviceConfig.ExecStart = '' 157 - @${pkgs.nfs-utils}/sbin/rpc.mountd rpc.mountd \ 158 - ${if cfg.mountdPort != null then "-p ${toString cfg.mountdPort}" else ""} 159 - ''; 160 - serviceConfig.Restart = "always"; 161 154 }; 162 155 163 156 };

+8 -44

nixos/modules/services/networking/rpcbind.nix

··· 2 2 3 3 with lib; 4 4 5 - let 6 - 7 - netconfigFile = { 8 - target = "netconfig"; 9 - source = pkgs.writeText "netconfig" '' 10 - # 11 - # The network configuration file. This file is currently only used in 12 - # conjunction with the TI-RPC code in the libtirpc library. 13 - # 14 - # Entries consist of: 15 - # 16 - # <network_id> <semantics> <flags> <protofamily> <protoname> \ 17 - # <device> <nametoaddr_libs> 18 - # 19 - # The <device> and <nametoaddr_libs> fields are always empty in this 20 - # implementation. 21 - # 22 - udp tpi_clts v inet udp - - 23 - tcp tpi_cots_ord v inet tcp - - 24 - udp6 tpi_clts v inet6 udp - - 25 - tcp6 tpi_cots_ord v inet6 tcp - - 26 - rawip tpi_raw - inet - - - 27 - local tpi_cots_ord - loopback - - - 28 - unix tpi_cots_ord - loopback - - - 29 - ''; 30 - }; 31 - 32 - in 33 - 34 5 { 35 6 36 7 ###### interface ··· 58 29 ###### implementation 59 30 60 31 config = mkIf config.services.rpcbind.enable { 61 - 62 32 environment.systemPackages = [ pkgs.rpcbind ]; 63 33 64 - environment.etc = [ netconfigFile ]; 34 + systemd.packages = [ pkgs.rpcbind ]; 65 35 66 - systemd.services.rpcbind = 67 - { description = "ONC RPC Directory Service"; 36 + systemd.services.rpcbind = { 37 + wantedBy = [ "multi-user.target" ]; 38 + }; 68 39 69 - wantedBy = [ "multi-user.target" ]; 70 - 71 - requires = [ "basic.target" ]; 72 - after = [ "basic.target" ]; 73 - 74 - unitConfig.DefaultDependencies = false; # don't stop during shutdown 75 - 76 - serviceConfig.Type = "forking"; 77 - serviceConfig.ExecStart = "@${pkgs.rpcbind}/bin/rpcbind rpcbind"; 78 - }; 79 - 40 + users.extraUsers.rpc = { 41 + group = "nogroup"; 42 + uid = config.ids.uids.rpc; 43 + }; 80 44 }; 81 45 82 46 }

+33 -67

nixos/modules/tasks/filesystems/nfs.nix

··· 24 24 Method = nsswitch 25 25 ''; 26 26 27 + nfsConfFile = pkgs.writeText "nfs.conf" cfg.extraConfig; 28 + 27 29 cfg = config.services.nfs; 28 30 29 31 in ··· 32 34 ###### interface 33 35 34 36 options = { 35 - 36 37 services.nfs = { 37 - statdPort = mkOption { 38 - default = null; 39 - example = 4000; 38 + extraConfig = mkOption { 39 + type = types.lines; 40 + default = ""; 40 41 description = '' 41 - Use a fixed port for <command>rpc.statd</command>. This is 42 - useful if the NFS server is behind a firewall. 43 - ''; 44 - }; 45 - lockdPort = mkOption { 46 - default = null; 47 - example = 4001; 48 - description = '' 49 - Use a fixed port for the NFS lock manager kernel module 50 - (<literal>lockd/nlockmgr</literal>). This is useful if the 51 - NFS server is behind a firewall. 42 + Extra nfs-utils configuration. 52 43 ''; 53 44 }; 54 45 }; ··· 62 53 63 54 system.fsPackages = [ pkgs.nfs-utils ]; 64 55 65 - boot.extraModprobeConfig = mkIf (cfg.lockdPort != null) '' 66 - options lockd nlm_udpport=${toString cfg.lockdPort} nlm_tcpport=${toString cfg.lockdPort} 67 - ''; 68 - 69 - boot.kernelModules = [ "sunrpc" ]; 70 - 71 56 boot.initrd.kernelModules = mkIf inInitrd [ "nfs" ]; 72 57 73 - # FIXME: should use upstream units from nfs-utils. 58 + systemd.packages = [ pkgs.nfs-utils ]; 59 + systemd.generator-packages = [ pkgs.nfs-utils ]; 74 60 75 - systemd.services.statd = 76 - { description = "NFSv3 Network Status Monitor"; 77 - 78 - path = [ pkgs.nfs-utils pkgs.sysvtools pkgs.utillinux ]; 79 - 80 - wants = [ "remote-fs-pre.target" ]; 81 - before = [ "remote-fs-pre.target" ]; 82 - wantedBy = [ "remote-fs.target" ]; 83 - requires = [ "basic.target" "rpcbind.service" ]; 84 - after = [ "basic.target" "rpcbind.service" ]; 85 - 86 - unitConfig.DefaultDependencies = false; # don't stop during shutdown 87 - 88 - preStart = 89 - '' 90 - mkdir -p ${nfsStateDir}/sm 91 - mkdir -p ${nfsStateDir}/sm.bak 92 - sm-notify -d 93 - ''; 61 + environment.etc = { 62 + "idmapd.conf".source = idmapdConfFile; 63 + "nfs.conf".source = nfsConfFile; 64 + }; 94 65 95 - serviceConfig.Type = "forking"; 96 - serviceConfig.ExecStart = '' 97 - @${pkgs.nfs-utils}/sbin/rpc.statd rpc.statd --no-notify \ 98 - ${if cfg.statdPort != null then "-p ${toString cfg.statdPort}" else ""} 99 - ''; 100 - serviceConfig.Restart = "always"; 66 + systemd.services.nfs-blkmap = 67 + { restartTriggers = [ nfsConfFile ]; 101 68 }; 102 69 103 - systemd.services.idmapd = 104 - { description = "NFSv4 ID Mapping Daemon"; 70 + systemd.targets.nfs-client = 71 + { wantedBy = [ "multi-user.target" "remote-fs.target" ]; 72 + }; 105 73 106 - path = [ pkgs.sysvtools pkgs.utillinux ]; 74 + systemd.services.nfs-idmapd = 75 + { restartTriggers = [ idmapdConfFile ]; 76 + }; 107 77 108 - wants = [ "remote-fs-pre.target" ]; 109 - before = [ "remote-fs-pre.target" ]; 110 - wantedBy = [ "remote-fs.target" ]; 111 - requires = [ "rpcbind.service" ]; 112 - after = [ "rpcbind.service" ]; 78 + systemd.services.nfs-mountd = 79 + { restartTriggers = [ nfsConfFile ]; 80 + enable = mkDefault false; 81 + }; 113 82 114 - preStart = 115 - '' 116 - mkdir -p ${rpcMountpoint} 117 - mount -t rpc_pipefs rpc_pipefs ${rpcMountpoint} 118 - ''; 83 + systemd.services.nfs-server = 84 + { restartTriggers = [ nfsConfFile ]; 85 + enable = mkDefault false; 86 + }; 119 87 120 - postStop = 121 - '' 122 - umount ${rpcMountpoint} 123 - ''; 88 + systemd.services.rpc-gssd = 89 + { restartTriggers = [ nfsConfFile ]; 90 + }; 124 91 125 - serviceConfig.Type = "forking"; 126 - serviceConfig.ExecStart = "@${pkgs.nfs-utils}/sbin/rpc.idmapd rpc.idmapd -c ${idmapdConfFile}"; 127 - serviceConfig.Restart = "always"; 92 + systemd.services.rpc-statd = 93 + { restartTriggers = [ nfsConfFile ]; 128 94 }; 129 95 130 96 };

+13 -10

pkgs/os-specific/linux/keyutils/default.nix

··· 1 1 { stdenv, fetchurl, gnumake, file }: 2 2 3 3 stdenv.mkDerivation rec { 4 - name = "keyutils-1.5.9"; 4 + name = "keyutils-${version}"; 5 + version = "1.5.9"; 5 6 6 7 src = fetchurl { 7 8 url = "http://people.redhat.com/dhowells/keyutils/${name}.tar.bz2"; 8 9 sha256 = "1bl3w03ygxhc0hz69klfdlwqn33jvzxl1zfl2jmnb2v85iawb8jd"; 9 10 }; 10 11 11 - buildInputs = [ file ]; 12 + outputs = [ "out" "lib" "dev" ]; 12 13 13 - patchPhase = '' 14 - sed -i -e "s, /usr/bin/make, ${gnumake}/bin/make," \ 15 - -e "s, /usr, ," \ 16 - -e "s,\$(LNS) \$(LIBDIR)/\$(SONAME),\$(LNS) \$(SONAME)," \ 17 - Makefile 18 - ''; 19 - 20 - installPhase = "make install DESTDIR=$out"; 14 + installFlags = [ 15 + "ETCDIR=$(out)/etc" 16 + "BINDIR=$(out)/bin" 17 + "SBINDIR=$(out)/sbin" 18 + "SHAREDIR=$(out)/share/keyutils" 19 + "MANDIR=$(out)/share/man" 20 + "INCLUDEDIR=$(dev)/include" 21 + "LIBDIR=$(lib)/lib" 22 + "USRLIBDIR=$(lib)/lib" 23 + ]; 21 24 22 25 meta = with stdenv.lib; { 23 26 homepage = http://people.redhat.com/dhowells/keyutils/;

+49 -29

pkgs/os-specific/linux/nfs-utils/default.nix

··· 1 - { fetchurl, stdenv, tcp_wrappers, utillinux, libcap, libtirpc, libevent, libnfsidmap 2 - , lvm2, e2fsprogs, python, sqlite 1 + { stdenv, fetchurl, lib, pkgconfig, utillinux, libcap, libtirpc, libevent, libnfsidmap 2 + , sqlite, kerberos, kmod, libuuid, keyutils, lvm2, systemd, coreutils, tcp_wrappers 3 3 }: 4 4 5 - stdenv.mkDerivation rec { 6 - name = "nfs-utils-1.3.3"; 5 + let 6 + statdPath = lib.makeBinPath [ systemd utillinux coreutils ]; 7 + 8 + in stdenv.mkDerivation rec { 9 + name = "nfs-utils-${version}"; 10 + version = "2.1.1"; 7 11 8 12 src = fetchurl { 9 13 url = "mirror://sourceforge/nfs/${name}.tar.bz2"; 10 - sha256 = "1svn27j5c873nixm46l111g7cgyaj5zd51ahfq8mx5v9m3vh93py"; 14 + sha256 = "02dvxphndpm8vpqqnl0zvij97dq9vsq2a179pzrjcv2i91ll2a0a"; 11 15 }; 12 16 13 - buildInputs = 14 - [ tcp_wrappers utillinux libcap libtirpc libevent libnfsidmap 15 - lvm2 e2fsprogs python sqlite 16 - ]; 17 + nativeBuildInputs = [ pkgconfig ]; 18 + 19 + buildInputs = [ 20 + libtirpc libcap libevent libnfsidmap sqlite lvm2 21 + libuuid keyutils kerberos tcp_wrappers 22 + ]; 17 23 18 - # FIXME: Add the dependencies needed for NFSv4 and TI-RPC. 24 + enableParallelBuilding = true; 25 + 19 26 configureFlags = 20 - [ "--disable-gss" 27 + [ "--enable-gss" 21 28 "--with-statedir=/var/lib/nfs" 22 - "--with-tirpcinclude=${libtirpc}/include/tirpc" 29 + "--with-krb5=${kerberos}" 30 + "--with-systemd=$(out)/etc/systemd/system" 31 + "--enable-libmount-mount" 23 32 ] 24 - ++ stdenv.lib.optional (stdenv ? glibc) "--with-rpcgen=${stdenv.glibc.bin}/bin/rpcgen"; 33 + ++ lib.optional (stdenv ? glibc) "--with-rpcgen=${stdenv.glibc.bin}/bin/rpcgen"; 25 34 26 - patchPhase = 35 + postPatch = 27 36 '' 28 - for i in "tests/"*.sh 29 - do 30 - sed -i "$i" -e's|/bin/bash|/bin/sh|g' 31 - chmod +x "$i" 32 - done 33 - sed -i s,/usr/sbin,$out/sbin, utils/statd/statd.c 37 + patchShebangs tests 38 + sed -i "s,/usr/sbin,$out/bin,g" utils/statd/statd.c 39 + sed -i "s,^PATH=.*,PATH=$out/bin:${statdPath}," utils/statd/start-statd 40 + 41 + configureFlags="--with-start-statd=$out/bin/start-statd $configureFlags" 34 42 ''; 35 43 36 - preBuild = 44 + makeFlags = [ 45 + "sbindir=$(out)/bin" 46 + "generator_dir=$(out)/etc/systemd/system-generators" 47 + ]; 48 + 49 + installFlags = [ 50 + "statedir=$(TMPDIR)" 51 + "statdpath=$(TMPDIR)" 52 + ]; 53 + 54 + postInstall = 37 55 '' 38 - makeFlags="sbindir=$out/sbin" 39 - installFlags="statedir=$TMPDIR statdpath=$TMPDIR" # hack to make `make install' work 56 + # Not used on NixOS 57 + sed -i \ 58 + -e "s,/sbin/modprobe,${kmod}/bin/modprobe,g" \ 59 + -e "s,/usr/sbin,$out/bin,g" \ 60 + $out/etc/systemd/system/* 40 61 ''; 41 62 42 63 # One test fails on mips. 43 64 doCheck = !stdenv.isMips; 44 65 45 - meta = { 66 + meta = with stdenv.lib; { 46 67 description = "Linux user-space NFS utilities"; 47 68 48 69 longDescription = '' ··· 51 72 daemons. 52 73 ''; 53 74 54 - homepage = http://nfs.sourceforge.net/; 55 - license = stdenv.lib.licenses.gpl2; 56 - 57 - platforms = stdenv.lib.platforms.linux; 58 - maintainers = [ ]; 75 + homepage = "https://sourceforge.net/projects/nfs/"; 76 + license = licenses.gpl2; 77 + platforms = platforms.linux; 78 + maintainers = with maintainers; [ abbradar ]; 59 79 }; 60 80 }

+15 -26

pkgs/os-specific/linux/tcp-wrappers/default.nix

··· 1 1 { fetchurl, stdenv }: 2 2 3 - stdenv.mkDerivation { 4 - name = "tcp-wrappers-7.6"; 3 + stdenv.mkDerivation rec { 4 + name = "tcp-wrappers-${version}"; 5 + version = "7.6.q"; 5 6 6 7 src = fetchurl { 7 - url = mirror://debian/pool/main/t/tcp-wrappers/tcp-wrappers_7.6.dbs.orig.tar.gz; 8 - sha256 = "0k68ziinx6biwar5lcb9jvv0rp6b3vmj6861n75bvrz4w1piwkdp"; 8 + url = "mirror://debian/pool/main/t/tcp-wrappers/tcp-wrappers_${version}.orig.tar.gz"; 9 + sha256 = "0p9ilj4v96q32klavx0phw9va21fjp8vpk11nbh6v2ppxnnxfhwm"; 9 10 }; 10 11 11 - patches = [ 12 - (fetchurl { 13 - url = mirror://debian/pool/main/t/tcp-wrappers/tcp-wrappers_7.6.dbs-13.diff.gz; 14 - sha256 = "071ir20rh8ckhgrc0y99wgnlbqjgkprf0qwbv84lqw5i6qajbcnh"; 15 - }) 16 - ]; 12 + debian = fetchurl { 13 + url = "mirror://debian/pool/main/t/tcp-wrappers/tcp-wrappers_${version}-24.debian.tar.xz"; 14 + sha256 = "1kgax35rwaj5q8nf8fw60aczvxj99h2jjp7iv1f82y85yz9x0ak7"; 15 + }; 17 16 18 17 prePatch = '' 19 - cd upstream/tarballs 20 - tar xzvf * 21 - cd tcp_wrappers_7.6 22 - ''; 23 - 24 - postPatch = '' 25 - for patch in debian/patches/*; do 26 - echo "applying Debian patch \`$(basename $patch)'..." 27 - patch --batch -p1 < $patch 28 - done 18 + tar -xaf $debian 19 + shopt -s extglob 20 + patches="$(echo debian/patches/!(series)) $patches" 29 21 ''; 30 22 31 - buildPhase = '' 32 - make REAL_DAEMON_DIR="$out/sbin" linux 33 - ''; 23 + makeFlags = [ "REAL_DAEMON_DIR=$(out)/bin" "linux" ]; 34 24 35 25 installPhase = '' 36 - mkdir -p "$out/sbin" 37 - cp -v safe_finger tcpd tcpdchk tcpdmatch try-from "$out/sbin" 26 + mkdir -p "$out/bin" 27 + cp -v safe_finger tcpd tcpdchk tcpdmatch try-from "$out/bin" 38 28 39 29 mkdir -p "$out/lib" 40 30 cp -v shared/lib*.so* "$out/lib" ··· 42 32 mkdir -p "$out/include" 43 33 cp -v *.h "$out/include" 44 34 45 - mkdir -p "$out/man" 46 35 for i in 3 5 8; 47 36 do 48 37 mkdir -p "$out/man/man$i"

-45

pkgs/servers/portmap/default.nix

··· 1 - { fetchurl, stdenv, lib, tcp_wrappers 2 - , daemonUser ? false, daemonUID ? false, daemonGID ? false }: 3 - 4 - assert daemonUser -> (!daemonUID && !daemonGID); 5 - 6 - stdenv.mkDerivation rec { 7 - name = "portmap-6.0"; 8 - 9 - src = fetchurl { 10 - url = "http://neil.brown.name/portmap/${name}.tgz"; 11 - sha256 = "1pj13ll4mbfwjwpn3fbg03qq9im6v2i8fcpa3ffp4viykz9j1j02"; 12 - }; 13 - 14 - patches = [ ./reuse-socket.patch ]; 15 - 16 - postPatch = '' 17 - substituteInPlace "Makefile" --replace "/usr/share" "" \ 18 - --replace "install -o root -g root" "install" 19 - ''; 20 - 21 - makeFlags = 22 - lib.optional (daemonUser != false) "RPCUSER=\"${daemonUser}\"" 23 - ++ lib.optional (daemonUID != false) "DAEMON_UID=${toString daemonUID}" 24 - ++ lib.optional (daemonGID != false) "DAEMON_GID=${toString daemonGID}"; 25 - 26 - buildInputs = [ tcp_wrappers ]; 27 - 28 - installPhase = '' 29 - mkdir -p "$out/sbin" "$out/man/man8" 30 - make install BASEDIR=$out 31 - ''; 32 - 33 - meta = { 34 - description = "ONC RPC portmapper"; 35 - longDescription = '' 36 - Portmap is part of the ONC RPC software collection implementing 37 - remote procedure calls (RPCs) between computer programs. It is 38 - widely used by NFS and NIS, among others. 39 - ''; 40 - 41 - homepage = http://neil.brown.name/portmap/; 42 - license = "BSD"; 43 - platforms = stdenv.lib.platforms.linux; 44 - }; 45 - }

-38

pkgs/servers/portmap/reuse-socket.patch

··· 1 - Set SO_REUSEADDR to ensure that portmap can restart properly. 2 - 3 - https://bugs.launchpad.net/ubuntu/+source/portmap/+bug/688550 4 - 5 - =================================================================== 6 - --- portmap-6.0.0.orig/portmap.c 2011-03-16 20:43:26.000000000 +0100 7 - +++ portmap-6.0.0/portmap.c 2011-03-17 07:30:17.000000000 +0100 8 - @@ -142,9 +142,9 @@ 9 - * loopback interface address. 10 - */ 11 - 12 - +static int on = 1; 13 - #ifdef LOOPBACK_SETUNSET 14 - static SVCXPRT *ludpxprt, *ltcpxprt; 15 - -static int on = 1; 16 - #ifndef INADDR_LOOPBACK 17 - #define INADDR_LOOPBACK ntohl(inet_addr("127.0.0.1")) 18 - #endif 19 - @@ -399,9 +399,7 @@ 20 - syslog(LOG_ERR, "cannot create udp socket: %m"); 21 - exit(1); 22 - } 23 - -#ifdef LOOPBACK_SETUNSET 24 - setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &on, sizeof on); 25 - -#endif 26 - 27 - memset((char *) &addr, 0, sizeof(addr)); 28 - addr.sin_addr.s_addr = 0; 29 - @@ -434,9 +432,7 @@ 30 - syslog(LOG_ERR, "cannot create tcp socket: %m"); 31 - exit(1); 32 - } 33 - -#ifdef LOOPBACK_SETUNSET 34 - setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &on, sizeof on); 35 - -#endif 36 - if (bind(sock, (struct sockaddr *)&addr, len) != 0) { 37 - syslog(LOG_ERR, "cannot bind tcp: %m"); 38 - exit(1);

-43

pkgs/servers/rpcbind/0001-handle_reply-Don-t-use-the-xp_auth-pointer-directly.patch

··· 1 - From 9194122389f2a56b1cd1f935e64307e2e963c2da Mon Sep 17 00:00:00 2001 2 - From: Steve Dickson <steved@redhat.com> 3 - Date: Mon, 2 Nov 2015 17:05:18 -0500 4 - Subject: [PATCH] handle_reply: Don't use the xp_auth pointer directly 5 - 6 - In the latest libtirpc version to access the xp_auth 7 - one must use the SVC_XP_AUTH macro. To be backwards 8 - compatible a couple ifdefs were added to use the 9 - macro when it exists. 10 - 11 - Upstream-Status: Backport 12 - 13 - Signed-off-by: Steve Dickson <steved@redhat.com> 14 - Signed-off-by: Maxin B. John <maxin.john@intel.com> 15 - --- 16 - src/rpcb_svc_com.c | 7 +++++++ 17 - 1 file changed, 7 insertions(+) 18 - 19 - diff --git a/src/rpcb_svc_com.c b/src/rpcb_svc_com.c 20 - index 4ae93f1..22d6c84 100644 21 - --- a/src/rpcb_svc_com.c 22 - +++ b/src/rpcb_svc_com.c 23 - @@ -1295,10 +1295,17 @@ handle_reply(int fd, SVCXPRT *xprt) 24 - a.rmt_localvers = fi->versnum; 25 - 26 - xprt_set_caller(xprt, fi); 27 - +#if defined(SVC_XP_AUTH) 28 - + SVC_XP_AUTH(xprt) = svc_auth_none; 29 - +#else 30 - xprt->xp_auth = &svc_auth_none; 31 - +#endif 32 - svc_sendreply(xprt, (xdrproc_t) xdr_rmtcall_result, (char *) &a); 33 - +#if !defined(SVC_XP_AUTH) 34 - SVCAUTH_DESTROY(xprt->xp_auth); 35 - xprt->xp_auth = NULL; 36 - +#endif 37 - + 38 - done: 39 - if (buffer) 40 - free(buffer); 41 - -- 42 - 2.4.0 43 -

+9 -10

pkgs/servers/rpcbind/default.nix

··· 1 - { fetchurl, fetchpatch, stdenv, pkgconfig, libtirpc 1 + { fetchurl, stdenv, pkgconfig, libtirpc 2 2 , useSystemd ? true, systemd }: 3 3 4 - let version = "0.2.3"; 5 - in stdenv.mkDerivation rec { 4 + stdenv.mkDerivation rec { 6 5 name = "rpcbind-${version}"; 6 + version = "0.2.4"; 7 7 8 8 src = fetchurl { 9 9 url = "mirror://sourceforge/rpcbind/${version}/${name}.tar.bz2"; 10 - sha256 = "0yyjzv4161rqxrgjcijkrawnk55rb96ha0pav48s03l2klx855wq"; 10 + sha256 = "0rjc867mdacag4yqvs827wqhkh27135rp9asj06ixhf71m9rljh7"; 11 11 }; 12 12 13 13 patches = [ 14 14 ./sunrpc.patch 15 - ./0001-handle_reply-Don-t-use-the-xp_auth-pointer-directly.patch 16 - (fetchpatch { 17 - url = "https://sources.debian.net/data/main/r/rpcbind/0.2.3-0.5/debian/patches/CVE-2015-7236.patch"; 18 - sha256 = "1wsv5j8f5djzxr11n4027x107cam1avmx9w34g6l5d9s61j763wq"; 19 - }) 20 15 ]; 21 16 22 17 buildInputs = [ libtirpc ] 23 18 ++ stdenv.lib.optional useSystemd systemd; 24 19 25 - configureFlags = stdenv.lib.optional (!useSystemd) "--with-systemdsystemunitdir=no"; 20 + configureFlags = [ 21 + "--with-systemdsystemunitdir=${if useSystemd then "$(out)/etc/systemd/system" else "no"}" 22 + "--enable-warmstarts" 23 + "--with-rpcuser=rpc" 24 + ]; 26 25 27 26 nativeBuildInputs = [ pkgconfig ]; 28 27

-2

pkgs/top-level/all-packages.nix

··· 10482 10482 10483 10483 pies = callPackage ../servers/pies { }; 10484 10484 10485 - portmap = callPackage ../servers/portmap { }; 10486 - 10487 10485 rpcbind = callPackage ../servers/rpcbind { }; 10488 10486 10489 10487 mariadb = callPackage ../servers/sql/mariadb {

+1 -1

pkgs/top-level/release-small.nix

··· 127 127 perl = all; 128 128 pkgconfig = all; 129 129 pmccabe = linux; 130 - portmap = linux; 131 130 procps = linux; 132 131 python = allBut cygwin; 133 132 readline = all; 134 133 rlwrap = all; 135 134 rpm = linux; 135 + rpcbind = linux; 136 136 rsync = linux; 137 137 screen = linux ++ darwin; 138 138 scrot = linux;