From patchwork Tue Aug 26 18:49:01 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 9011 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4cBGtY4b73z3wkP for ; Tue, 26 Aug 2025 18:49:57 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail02.haj.ipfire.org", Issuer "E6" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4cBGtY2Y5Mz5V0 for ; Tue, 26 Aug 2025 18:49:57 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [IPv6:::1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4cBGt63fLZz32cp for ; Tue, 26 Aug 2025 18:49:34 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [IPv6:2001:678:b28::25]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4cBGt10wPSz36XP for ; Tue, 26 Aug 2025 18:49:29 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4cBGsy5zCDz4Yc; Tue, 26 Aug 2025 18:49:26 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1756234167; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=pcRCD9IsyYHo94SS4NeOe1BXMCRbVvftpU/bOmtmxZM=; b=Jr8qWKZcP1y1B6/7453iHF/0NVOruhe0X0KX1RCLW0+WUDhuX3aRFHQ2jIRmKev3B7+Vvl ji11M2kzZ573FKAg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1756234167; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=pcRCD9IsyYHo94SS4NeOe1BXMCRbVvftpU/bOmtmxZM=; b=NYhcke61SMYzXDcVGi/ACcsVnwpkKwFZPxuB7jwR1WCK6Qt2Khsvoh+x3jO5uAf4SplX8s Q7JS+0DTi6QXxwub3Gc5fKGpWa6OAUH+InVglI9t34w1Aomln1Yu/hTqz+27FFjUki1X/4 qQ9sRINi1/Ur07zCXNgSK+e4xnJ3D0K025PXKWT23ffaunDv/YUZmGkivPfYxHsrpNYWi/ TyMFd4cEjrEX5OSzdeMBbMvLUGtd871Y4zwSIVQLbSUMRsef3D7GhHoV9JDMqLNiaQRCw+ fsUcs/RJxlT7E1K9E0M5RiurodVmfCLUXZE2ETbtJeUxyhVMpDGUd9hVX5mL1A== From: Adolf Belka To: development@lists.ipfire.org Cc: Adolf Belka Subject: [PATCH] rpcbind: Update to version 1.2.8 Date: Tue, 26 Aug 2025 20:49:01 +0200 Message-ID: <20250826184904.6229-20-adolf.belka@ipfire.org> In-Reply-To: <20250826184904.6229-1-adolf.belka@ipfire.org> References: <20250826184904.6229-1-adolf.belka@ipfire.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 - Update from version 1.2.7 to 1.2.8 - Update of rootfile not required - Changelog 1.2.8 rpcinfo: Removed a number of "old-style function definition" warnings rpcbind: Add -v flag to print version and config This helps to see compiled time options, e.g. remote calls enablement. $ ./rpcbind -v rpcbind 1.2.7 debug: no, libset debug: no, libwrap: no, nss modules: files, remote calls: no, statedir: /run/rpcbind, systemd: yes, user: root, warm start: no man/rpcbind: Update list of options -L was removed in 718ab7e, -w added in 9b1aaa6, -f added in eb36cf1. Fixes: 718ab7e ("Removed the documentation about the non-existent '-L' flag") Fixes: 9b1aaa6 ("Allow the warms start code to be enabled at compile time...") Fixes: eb36cf1 ("rpcbind: add no-fork mode") Comment out ListenStream=@/run/rpcbind.sock [nfs/nfs-utils/rpcbind] rpcbind: avoid dereferencing NULL from realloc() Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2173869 Move rpbind's default configuration to /run verses /var/run Move rpcbind.lock to /run Most of the distros have /var/run as symlink to /run. Because /var may be a separate partition, and could even be mounted via NFS, having to look directly to /run help to avoid issues rpcbind startup early in boot when /var might not be available. systemd/rpcbind.service.in: Want/After systemd-tmpfiles-setup Add Want/After systemd-tmpfiles-setup.service. This is taken from Fedora rpcbind-0.2.4-5.fc25 patch [1] which tried to handle bug #1401561 [2] where /var/run/rpcbind.lock cannot be created due missing /var/run/ directory. But the suggestion to add RequiresMountFor=... was implemented in ee569be ("Fix boot dependency in systemd service file"). But even with RequiresMountsFor=/run/rpcbind in rpcbind.service and /run/rpcbind.lock there is error on openSUSE Tumbleweed with rpcbind 1.2.6: rpcbind.service: Failed at step NAMESPACE spawning /usr/sbin/rpcbind: Read-only file system Adding systemd-tmpfiles-setup.service fixes it. NOTE: Debian uses for this purpose remote-fs-pre.target (also works, but systemd-tmpfiles-setup.service looks to me more specific). openSUSE uses only After=sysinit.target as a result of #1117217 [3] (also works). [1] https://src.fedoraproject.org/rpms/rpcbind/blob/rawhide/f/rpcbind-0.2.4-systemd-service.patch [2] https://bugzilla.redhat.com/show_bug.cgi?id=1401561 [3] https://bugzilla.suse.com/show_bug.cgi?id=1117217 systemd/rpcbind.service.in: Add various hardenings options We've been running rpcbind 1.2.6 with it in openSUSE since 2021. NOTE: In systemd < 244 (released Nov 2019) some of these options are unknown and will produce warnings, see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort man/rpcbind: Add Files section to manpage Previous commit added 3 non-default files, mention them in man page. systemd/rpcbind.service.in: Add few default EnvironmentFile Add some defaults so that distros can drop patches to configure it. * openSUSE and Fedora use /etc/sysconfig/rpcbind https://build.opensuse.org/projects/network/packages/rpcbind/files/0001-systemd-unit-files.patch?expand=1 https://src.fedoraproject.org/rpms/rpcbind/blob/f41/f/rpcbind-0.2.3-systemd-envfile.patch * Debian uses /etc/rpcbind.conf and /etc/default/rpcbind https://salsa.debian.org/debian/rpcbind/-/blob/buster/debian/rpcbind.service?ref_type=heads Add all these 3 in order: * /etc/rpcbind.conf * /etc/default/rpcbind * /etc/sysconfig/rpcbind Signed-off-by: Adolf Belka --- lfs/rpcbind | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/lfs/rpcbind b/lfs/rpcbind index a707d9c05..196089af6 100644 --- a/lfs/rpcbind +++ b/lfs/rpcbind @@ -26,7 +26,7 @@ include Config SUMMARY = Transport independent RPC portmapper -VER = 1.2.7 +VER = 1.2.8 THISAPP = rpcbind-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = rpcbind -PAK_VER = 8 +PAK_VER = 9 DEPS = @@ -48,7 +48,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = f1e79b304ce5fe06c1c256d3512d999daffca782d956440f612b8a957ad7ddb35356b47aa4f4105d5b24d820daab32ec3a0f4a3b8ac76bb7adf5c3ed22d2ef01 +$(DL_FILE)_BLAKE2 = 70bef658aafc4b1b626a7e9ff312b34748e0142a0a93d058c28d6599545281464f27a5546abe287f0dd369e5264cb38940f85e5e6c128cb0e0f7aaa4b841ab77 install : $(TARGET) @@ -83,11 +83,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && sed -i "/servname/s:rpcbind:sunrpc:" src/rpcbind.c cd $(DIR_APP) && ./configure \ - --prefix=/usr \ - --bindir=/sbin \ - --with-rpcuser=root \ - --without-systemdsystemunitdir - + --prefix=/usr \ + --bindir=/sbin \ + --with-rpcuser=root \ + --without-systemdsystemunitdir cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) cd $(DIR_APP) && make install #install initscripts