Ubuntu
nfs-utils package

Merge ~sergiodj/ubuntu/+source/nfs-utils:bug1918141-service-file-adjustment-bionic into ubuntu/+source/nfs-utils:ubuntu/bionic-devel

  1. Git
  2. lp:~sergiodj/ubuntu/+source/nfs-utils
  3. bug1918141-service-file-adjustment-bionic
  4. Merge into ubuntu/bionic-devel
Proposed by Sergio Durigan Junior
Status: Approved
Approved by: Sergio Durigan Junior
Approved revision: 9ce0f6ba20eb7176371bd1ef3b9ced0dfb65a74b
Proposed branch: ~sergiodj/ubuntu/+source/nfs-utils:bug1918141-service-file-adjustment-bionic
Merge into: ubuntu/+source/nfs-utils:ubuntu/bionic-devel
Diff against target: 198 lines (+170/-0)
4 files modified
debian/changelog (+11/-0)
debian/patches/lp1918141-use-network-online-target-01.patch (+82/-0)
debian/patches/lp1918141-use-network-online-target-02.patch (+75/-0)
debian/patches/series (+2/-0)
Reviewer Review Type Date Requested Status
Utkarsh Gupta (community) Approve
Canonical Server Core Reviewers Pending
Review via email: mp+399749@code.launchpad.net

Description of the change

This is a fix for bug 1918141 on bionic.

The issue here is that nfs-utils' systemd service file doesn't properly depend on network-online.target, which can cause problems when the host(s) listed on /etc/exports need to be resolved (i.e., are hostnames, not IP addresses).

The bug is a bit tricky to reproduce, but I wrote an SRU template which contains detailed instructions on how to do that.

nfs-utils is really old on Ubuntu/Debian, but I was able to backport the proper fixes from the upstream git. You will notice that, although the changes made to the service file are simple, I opted to keep them separated in two patches. This is done to reflect the fact that the change was made in two upstream commits.

I've already uploaded the fix to hirsute:

https://code.launchpad.net/~sergiodj/ubuntu/+source/nfs-utils/+git/nfs-utils/+merge/399688

You can find a PPA with the proposed fix here:

https://launchpad.net/~sergiodj/+archive/ubuntu/nfs-utils-bug1918141/+packages

autopkgtest is still happy:

autopkgtest [17:55:05]: @@@@@@@@@@@@@@@@@@@@ summary
local-server-client PASS

To post a comment you must log in.
Revision history for this message
Utkarsh Gupta (utkarsh) wrote :

Hiya,

Same comments as for MP#399747; copying here as well.

* Changelog:
  - [✓] old content and logical tag match as expected
  - [✓] changelog entry correct version and targeted codename
  - [✓] changelog entries correct
  - [✓] update-maintainer has been run

* New Delta:
  - [✓] patches match what was proposed upstream
  - [✓] patches correctly included in debian/patches/series
  - [?] patches have correct DEP3 metadata

Minor comment here:
The first patch in the header (line 46 of the diff) has "Applied-Upstream: 2.1.2-rc2", which seems to be missing in the second patch. Whilst a trivial nitpick, but since it was there in the first patch, it looks like it wasn't included in the second one intentionally, which would mean that it wasn't applied upstream - which is not the case. So for this + consistency reasons, could you add the same line in the second patch as well?

* Build/Test:
  - [✓] build is ok
  - [✓] verified PPA package installs/uninstalls
  - [✓] autopkgtest against the PPA package passes

----------------------------------------------------

All looks good, no blocker, so I'm going to approve this.
Besides, is it a Ubuntu-specific problem? Is not not affecting Debian? If it is, do you intend to forward this upstream? If it isn't, then ignore this part! :)

review: Approve
Reply
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Thanks, I've added the header to the patch (the reply to the Debian bug question can be found in the Focal MP).

Pushed & uploaded:

$ git push pkg upload/1%1.3.4-2.1ubuntu5.4
Enumerating objects: 17, done.
Counting objects: 100% (17/17), done.
Delta compression using up to 8 threads
Compressing objects: 100% (12/12), done.
Writing objects: 100% (12/12), 3.20 KiB | 364.00 KiB/s, done.
Total 12 (delta 8), reused 0 (delta 0)
To ssh://git.launchpad.net/ubuntu/+source/nfs-utils
 * [new tag] upload/1%1.3.4-2.1ubuntu5.4 -> upload/1%1.3.4-2.1ubuntu5.4
$ dput nfs-utils_1.3.4-2.1ubuntu5.4_source.changes
Trying to upload package to ubuntu
Checking signature on .changes
gpg: /home/sergio/work/nfs-utils/nfs-utils_1.3.4-2.1ubuntu5.4_source.changes: Valid signature from 106DA1C8C3CBBF14
Checking signature on .dsc
gpg: /home/sergio/work/nfs-utils/nfs-utils_1.3.4-2.1ubuntu5.4.dsc: Valid signature from 106DA1C8C3CBBF14
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading nfs-utils_1.3.4-2.1ubuntu5.4.dsc: done.
  Uploading nfs-utils_1.3.4-2.1ubuntu5.4.debian.tar.bz2: done.
  Uploading nfs-utils_1.3.4-2.1ubuntu5.4_source.buildinfo: done.
  Uploading nfs-utils_1.3.4-2.1ubuntu5.4_source.changes: done.
Successfully uploaded packages.

Reply

Unmerged commits

9ce0f6b... by Sergio Durigan Junior

changelog for 1:1.3.4-2.1ubuntu5.4

5e432b8... by Sergio Durigan Junior

  * Depend on network-online.target when starting services. (LP: #1918141)
    - d/p/lp1918141-use-network-online-target-01.patch: Declare a
      Wants=network-online.target on all NFS server services.
    - d/p/lp1918141-use-network-online-target-02.patch: Declare a
      After=network-online.target on all NFS server services.
    Thanks to Niklas Edmundsson for helping with the reproducer.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/changelog b/debian/changelog
index b235caf..79aa04a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,14 @@
1nfs-utils (1:1.3.4-2.1ubuntu5.4) bionic; urgency=medium
2
3 * Depend on network-online.target when starting services. (LP: #1918141)
4 - d/p/lp1918141-use-network-online-target-01.patch: Declare a
5 Wants=network-online.target on all NFS server services.
6 - d/p/lp1918141-use-network-online-target-02.patch: Declare a
7 After=network-online.target on all NFS server services.
8 Thanks to Niklas Edmundsson for helping with the reproducer.
9
10 -- Sergio Durigan Junior <sergio.durigan@canonical.com> Tue, 16 Mar 2021 17:14:22 -0400
11
1nfs-utils (1:1.3.4-2.1ubuntu5.3) bionic-security; urgency=medium12nfs-utils (1:1.3.4-2.1ubuntu5.3) bionic-security; urgency=medium
213
3 * SECURITY UPDATE: privilege escalation via directory permissions14 * SECURITY UPDATE: privilege escalation via directory permissions
diff --git a/debian/patches/lp1918141-use-network-online-target-01.patch b/debian/patches/lp1918141-use-network-online-target-01.patch
4new file mode 10064415new file mode 100644
index 0000000..680bb2f
--- /dev/null
+++ b/debian/patches/lp1918141-use-network-online-target-01.patch
@@ -0,0 +1,82 @@
1From: Steve Dickson <steved@redhat.com>
2Date: Mon, 10 Apr 2017 07:16:58 -0400
3Subject: systemd: NFS server services should use network-online
4
5There has been an number startup problems where parts of
6the NFS server fails to start due to DNS and other
7parts of the network not be up.
8
9Reading the systemd.special it seems network.target is
10a passive unit which does not wait for the entire
11network to come up and network-online.target is an
12active unit which does wait.
13
14So this adds Wants=network-online.target to all of
15the NFS server services
16
17Signed-off-by: Steve Dickson <steved@redhat.com>
18
19Origin: backport, http://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commit;h=9d4fc3fb
20Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1918141
21Applied-Upstream: 2.1.2-rc2
22---
23 systemd/nfs-mountd.service | 2 +-
24 systemd/nfs-server.service | 2 +-
25 systemd/rpc-statd-notify.service | 2 +-
26 systemd/rpc-statd.service | 3 ++-
27 4 files changed, 5 insertions(+), 4 deletions(-)
28
29diff --git a/systemd/nfs-mountd.service b/systemd/nfs-mountd.service
30index 5f5f0a9..e4ac50d 100644
31--- a/systemd/nfs-mountd.service
32+++ b/systemd/nfs-mountd.service
33@@ -2,8 +2,8 @@
34 Description=NFS Mount Daemon
35 DefaultDependencies=no
36 Requires=proc-fs-nfsd.mount
37+Wants=network-online.target
38 After=proc-fs-nfsd.mount
39-After=network.target local-fs.target
40 After=rpcbind.socket
41 BindsTo=nfs-server.service
42
43diff --git a/systemd/nfs-server.service b/systemd/nfs-server.service
44index 23e67f8..bbcd967 100644
45--- a/systemd/nfs-server.service
46+++ b/systemd/nfs-server.service
47@@ -3,7 +3,7 @@ Description=NFS server and services
48 DefaultDependencies=no
49 Requires=network.target proc-fs-nfsd.mount
50 Requires=nfs-mountd.service
51-Wants=rpcbind.socket
52+Wants=rpcbind.socket network-online.target
53 Wants=nfs-idmapd.service
54
55 After=local-fs.target
56diff --git a/systemd/rpc-statd-notify.service b/systemd/rpc-statd-notify.service
57index 05c54ef..29a4821 100644
58--- a/systemd/rpc-statd-notify.service
59+++ b/systemd/rpc-statd-notify.service
60@@ -1,7 +1,7 @@
61 [Unit]
62 Description=Notify NFS peers of a restart
63 DefaultDependencies=no
64-Requires=network.target
65+Wants=network-online.target
66 After=local-fs.target network.target nss-lookup.target
67
68 # if we run an nfs server, it needs to be running before we
69diff --git a/systemd/rpc-statd.service b/systemd/rpc-statd.service
70index 2138f74..ee6e05c 100644
71--- a/systemd/rpc-statd.service
72+++ b/systemd/rpc-statd.service
73@@ -3,7 +3,8 @@ Description=NFS status monitor for NFSv2/3 locking.
74 DefaultDependencies=no
75 Conflicts=umount.target
76 Requires=nss-lookup.target rpcbind.socket
77-After=network.target nss-lookup.target rpcbind.socket
78+Wants=network-online.target
79+After=nss-lookup.target rpcbind.socket
80
81 PartOf=nfs-utils.service
82
diff --git a/debian/patches/lp1918141-use-network-online-target-02.patch b/debian/patches/lp1918141-use-network-online-target-02.patch
0new file mode 10064483new file mode 100644
index 0000000..52715e3
--- /dev/null
+++ b/debian/patches/lp1918141-use-network-online-target-02.patch
@@ -0,0 +1,75 @@
1From: Steve Dickson <steved@redhat.com>
2Date: Mon, 24 Apr 2017 11:25:39 -0400
3Subject: systemd: Afters are also needed for the Wants=network-online.target
4
5Commit 9d4fc3fb added Wants=network-online.target which
6is not enough to ensure the network is completely up
7before the NFS server is started. After=network-online.target
8is also needed.
9
10Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1419351
11
12Signed-off-by: Steve Dickson <steved@redhat.com>
13
14Origin: backport, http://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commit;h=09e5c6c2a3f8eac91d5353e6d4ff6aee7757ab08
15Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1918141
16---
17 systemd/nfs-mountd.service | 1 +
18 systemd/nfs-server.service | 4 ++--
19 systemd/rpc-statd-notify.service | 2 +-
20 systemd/rpc-statd.service | 2 +-
21 4 files changed, 5 insertions(+), 4 deletions(-)
22
23diff --git a/systemd/nfs-mountd.service b/systemd/nfs-mountd.service
24index e4ac50d..ed357a2 100644
25--- a/systemd/nfs-mountd.service
26+++ b/systemd/nfs-mountd.service
27@@ -4,6 +4,7 @@ DefaultDependencies=no
28 Requires=proc-fs-nfsd.mount
29 Wants=network-online.target
30 After=proc-fs-nfsd.mount
31+After=network-online.target local-fs.target
32 After=rpcbind.socket
33 BindsTo=nfs-server.service
34
35diff --git a/systemd/nfs-server.service b/systemd/nfs-server.service
36index bbcd967..6cc7a77 100644
37--- a/systemd/nfs-server.service
38+++ b/systemd/nfs-server.service
39@@ -6,8 +6,8 @@ Requires=nfs-mountd.service
40 Wants=rpcbind.socket network-online.target
41 Wants=nfs-idmapd.service
42
43-After=local-fs.target
44-After=network.target proc-fs-nfsd.mount rpcbind.socket nfs-mountd.service
45+After=network-online.target local-fs.target
46+After=proc-fs-nfsd.mount rpcbind.socket nfs-mountd.service
47 After=nfs-idmapd.service rpc-statd.service
48 Before=rpc-statd-notify.service
49
50diff --git a/systemd/rpc-statd-notify.service b/systemd/rpc-statd-notify.service
51index 29a4821..c1cf45c 100644
52--- a/systemd/rpc-statd-notify.service
53+++ b/systemd/rpc-statd-notify.service
54@@ -2,7 +2,7 @@
55 Description=Notify NFS peers of a restart
56 DefaultDependencies=no
57 Wants=network-online.target
58-After=local-fs.target network.target nss-lookup.target
59+After=local-fs.target network-online.target nss-lookup.target
60
61 # if we run an nfs server, it needs to be running before we
62 # tell clients that it has restarted.
63diff --git a/systemd/rpc-statd.service b/systemd/rpc-statd.service
64index ee6e05c..8961f64 100644
65--- a/systemd/rpc-statd.service
66+++ b/systemd/rpc-statd.service
67@@ -4,7 +4,7 @@ DefaultDependencies=no
68 Conflicts=umount.target
69 Requires=nss-lookup.target rpcbind.socket
70 Wants=network-online.target
71-After=nss-lookup.target rpcbind.socket
72+After=network-online.target nss-lookup.target rpcbind.socket
73
74 PartOf=nfs-utils.service
75
diff --git a/debian/patches/series b/debian/patches/series
index 4d44f03..2646f18 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -18,3 +18,5 @@ uint16-max.diff
18fix-whitespaces-in-nfs-server.service.patch18fix-whitespaces-in-nfs-server.service.patch
19nfsiostat-replace-list-reserved-word.patch19nfsiostat-replace-list-reserved-word.patch
20CVE-2019-3689.patch20CVE-2019-3689.patch
21lp1918141-use-network-online-target-01.patch
22lp1918141-use-network-online-target-02.patch

Subscribers

People subscribed via source and target branches