- Update from version 1.2.7 to 1.2.8
- Update of rootfile not required
- Changelog
1.2.8
rpcinfo: Removed a number of "old-style function definition" warnings
rpcbind: Add -v flag to print version and config
This helps to see compiled time options, e.g. remote calls enablement.
$ ./rpcbind -v
rpcbind 1.2.7
debug: no, libset debug: no, libwrap: no, nss modules: files,
remote calls: no, statedir: /run/rpcbind, systemd: yes,
user: root, warm start: no
man/rpcbind: Update list of options
-L was removed in
718ab7e, -w added in
9b1aaa6, -f added in
eb36cf1.
Fixes: 718ab7e ("Removed the documentation about the non-existent '-L' flag")
Fixes: 9b1aaa6 ("Allow the warms start code to be enabled at compile
time...")
Fixes: eb36cf1 ("rpcbind: add no-fork mode")
Comment out ListenStream=@/run/rpcbind.sock
[nfs/nfs-utils/rpcbind] rpcbind: avoid dereferencing NULL from realloc()
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2173869
Move rpbind's default configuration to /run verses /var/run
Move rpcbind.lock to /run
Most of the distros have /var/run as symlink to /run.
Because /var may be a separate partition, and could even be mounted via
NFS, having to look directly to /run help to avoid issues rpcbind
startup early in boot when /var might not be available.
systemd/rpcbind.service.in: Want/After systemd-tmpfiles-setup
Add Want/After systemd-tmpfiles-setup.service. This is taken from Fedora
rpcbind-0.2.4-5.fc25 patch [1] which tried to handle bug #
1401561 [2]
where /var/run/rpcbind.lock cannot be created due missing /var/run/
directory. But the suggestion to add RequiresMountFor=... was
implemented in
ee569be ("Fix boot dependency in systemd service file").
But even with RequiresMountsFor=/run/rpcbind in rpcbind.service and
/run/rpcbind.lock there is error on openSUSE Tumbleweed with rpcbind
1.2.6:
rpcbind.service: Failed at step NAMESPACE spawning /usr/sbin/rpcbind:
Read-only file system
Adding systemd-tmpfiles-setup.service fixes it.
NOTE: Debian uses for this purpose remote-fs-pre.target (also works, but
systemd-tmpfiles-setup.service looks to me more specific).
openSUSE uses only After=sysinit.target as a result of #
1117217 [3]
(also works).
[1] https://src.fedoraproject.org/rpms/rpcbind/blob/rawhide/f/rpcbind-0.2.4-systemd-service.patch
[2] https://bugzilla.redhat.com/show_bug.cgi?id=
1401561
[3] https://bugzilla.suse.com/show_bug.cgi?id=
1117217
systemd/rpcbind.service.in: Add various hardenings options
We've been running rpcbind 1.2.6 with it in openSUSE since 2021.
NOTE: In systemd < 244 (released Nov 2019) some of these options are
unknown and will produce warnings, see
https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
man/rpcbind: Add Files section to manpage
Previous commit added 3 non-default files, mention them in man page.
systemd/rpcbind.service.in: Add few default EnvironmentFile
Add some defaults so that distros can drop patches to configure it.
* openSUSE and Fedora use /etc/sysconfig/rpcbind
https://build.opensuse.org/projects/network/packages/rpcbind/files/0001-systemd-unit-files.patch?expand=1
https://src.fedoraproject.org/rpms/rpcbind/blob/f41/f/rpcbind-0.2.3-systemd-envfile.patch
* Debian uses /etc/rpcbind.conf and /etc/default/rpcbind
https://salsa.debian.org/debian/rpcbind/-/blob/buster/debian/rpcbind.service?ref_type=heads
Add all these 3 in order:
* /etc/rpcbind.conf
* /etc/default/rpcbind
* /etc/sysconfig/rpcbind
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
projects / ipfire-2.x.git / commitdiff
