njhsi · November 28, 2022 23:47
diff --git a/nfs-sec-krb5.init b/nfs-sec-krb5.init
 #!/bin/sh /etc/rc.common
 # Copyright (C) 2009 OpenWrt.org

 START=60
 USE_PROCD=1

 start_service() {
    [ -f /etc/krb5.keytab ] || return 1
    mkdir -p /var/lib/nfs/rpc_pipefs
    mount -t rpc_pipefs rpc_pipefs /var/lib/nfs/rpc_pipefs

    procd_open_instance
    procd_set_param command /usr/sbin/rpc.gssd -f
    procd_set_param respawn
    procd_set_param stdout 1
    procd_set_param stderr 1
    procd_set_param no_new_privs 1
    procd_close_instance
 }

 stop_service() {
    sleep 1
    umount /var/lib/nfs/rpc_pipefs
 }
diff --git a/openwrt_nfs-sec-krb5_support.patch b/openwrt_nfs-sec-krb5_support.patch
 diff --git a/libs/libtirpc/Makefile b/libs/libtirpc/Makefile
 index 8104dd6a4..411b6f877 100644
 --- a/libs/libtirpc/Makefile
 +++ b/libs/libtirpc/Makefile
 @@ -23,10 +23,10 @@ define Package/libtirpc
   CATEGORY:=Libraries
   TITLE:=Library TI RPC for RPC bindings
   URL:=http://libtirpc.sourceforge.net/
 -  DEPENDS:=+libpthread
 +  DEPENDS:=+libpthread +krb5-libs
 endef
 
 -CONFIGURE_ARGS += --disable-gssapi
 +CONFIGURE_ARGS += --enable-gssapi
 HOST_CONFIGURE_ARGS += --disable-gssapi --disable-shared
 
 ifeq ($(HOST_OS),Darwin)
 diff --git a/net/nfs-kernel-server/Makefile b/net/nfs-kernel-server/Makefile
 index 01f19ba03..45efd69da 100644
 --- a/net/nfs-kernel-server/Makefile
 +++ b/net/nfs-kernel-server/Makefile
 @@ -93,6 +93,22 @@ define Package/nfs-utils-libs/description
 Libraries provided by nfs-utils
 endef
 
 +##bynj: note to "enable-gssapi" in libtirpc
 +define Package/nfs-sec-krb5/description
 +       nfs client with with support  "-o sec=krb5"
 +endef
 +
 +define Package/nfs-sec-krb5
 +       $(call Package/nfs-utils/Default)
 +       DEPENDS+= +kmod-fs-nfs-common-rpcsec +krb5-libs +libtirpc +libevent2-core
 +       TITLE:=Updated mount.nfs command - allows mounting nfs4 volumes with "-o sec=krb5"
 +endef
 +define Package/nfs-sec-krb5/install
 +       $(INSTALL_DIR) $(1)/usr/sbin $(1)/etc/init.d
 +       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/rpc.gssd $(1)/usr/sbin/
 +       $(INSTALL_BIN) ./files/nfs-sec-krb5.init $(1)/etc/init.d
 +endef
 +
 TARGET_CFLAGS += -Wno-error=implicit-function-declaration \
                 -Wno-error=strict-prototypes \
                 -Wno-error=incompatible-pointer-types \
 @@ -104,7 +120,7 @@ TARGET_LDFLAGS += -L$(STAGING_DIR)/usr/lib/libevent
 
 CONFIGURE_ARGS += \
        --disable-caps \
 -       --disable-gss \
 +       --enable-gss    --with-krb5="$(STAGING_DIR)/usr/" \
        --disable-nfsdcld \
        --disable-nfsdcltrack \
        --enable-shared \
 @@ -209,3 +225,4 @@ $(eval $(call BuildPackage,nfs-utils))
 $(eval $(call BuildPackage,nfs-utils-libs))
 $(eval $(call BuildPackage,nfs-kernel-server))
 $(eval $(call BuildPackage,nfs-kernel-server-utils))
 +$(eval $(call BuildPackage,nfs-sec-krb5))
	#!/bin/sh /etc/rc.common
	# Copyright (C) 2009 OpenWrt.org

	START=60
	USE_PROCD=1

	start_service() {
	[ -f /etc/krb5.keytab ] \|\| return 1
	mkdir -p /var/lib/nfs/rpc_pipefs
	mount -t rpc_pipefs rpc_pipefs /var/lib/nfs/rpc_pipefs

	procd_open_instance
	procd_set_param command /usr/sbin/rpc.gssd -f
	procd_set_param respawn
	procd_set_param stdout 1
	procd_set_param stderr 1
	procd_set_param no_new_privs 1
	procd_close_instance
	}

	stop_service() {
	sleep 1
	umount /var/lib/nfs/rpc_pipefs
	}
	diff --git a/libs/libtirpc/Makefile b/libs/libtirpc/Makefile
	index 8104dd6a4..411b6f877 100644
	--- a/libs/libtirpc/Makefile
	+++ b/libs/libtirpc/Makefile
	@@ -23,10 +23,10 @@ define Package/libtirpc
	CATEGORY:=Libraries
	TITLE:=Library TI RPC for RPC bindings
	URL:=http://libtirpc.sourceforge.net/
	- DEPENDS:=+libpthread
	+ DEPENDS:=+libpthread +krb5-libs
	endef

	-CONFIGURE_ARGS += --disable-gssapi
	+CONFIGURE_ARGS += --enable-gssapi
	HOST_CONFIGURE_ARGS += --disable-gssapi --disable-shared

	ifeq ($(HOST_OS),Darwin)
	diff --git a/net/nfs-kernel-server/Makefile b/net/nfs-kernel-server/Makefile
	index 01f19ba03..45efd69da 100644
	--- a/net/nfs-kernel-server/Makefile
	+++ b/net/nfs-kernel-server/Makefile
	@@ -93,6 +93,22 @@ define Package/nfs-utils-libs/description
	Libraries provided by nfs-utils
	endef

	+##bynj: note to "enable-gssapi" in libtirpc
	+define Package/nfs-sec-krb5/description
	+ nfs client with with support "-o sec=krb5"
	+endef
	+
	+define Package/nfs-sec-krb5
	+ $(call Package/nfs-utils/Default)
	+ DEPENDS+= +kmod-fs-nfs-common-rpcsec +krb5-libs +libtirpc +libevent2-core
	+ TITLE:=Updated mount.nfs command - allows mounting nfs4 volumes with "-o sec=krb5"
	+endef
	+define Package/nfs-sec-krb5/install
	+ $(INSTALL_DIR) $(1)/usr/sbin $(1)/etc/init.d
	+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/rpc.gssd $(1)/usr/sbin/
	+ $(INSTALL_BIN) ./files/nfs-sec-krb5.init $(1)/etc/init.d
	+endef
	+
	TARGET_CFLAGS += -Wno-error=implicit-function-declaration \
	-Wno-error=strict-prototypes \
	-Wno-error=incompatible-pointer-types \
	@@ -104,7 +120,7 @@ TARGET_LDFLAGS += -L$(STAGING_DIR)/usr/lib/libevent

	CONFIGURE_ARGS += \
	--disable-caps \
	- --disable-gss \
	+ --enable-gss --with-krb5="$(STAGING_DIR)/usr/" \
	--disable-nfsdcld \
	--disable-nfsdcltrack \
	--enable-shared \
	@@ -209,3 +225,4 @@ $(eval $(call BuildPackage,nfs-utils))
	$(eval $(call BuildPackage,nfs-utils-libs))
	$(eval $(call BuildPackage,nfs-kernel-server))
	$(eval $(call BuildPackage,nfs-kernel-server-utils))
	+$(eval $(call BuildPackage,nfs-sec-krb5))