eqyiel · September 20, 2017 20:33
diff --git a/gistfile1.txt b/gistfile1.txt
 eqyiel@ayanami /etc/nixos/nixpkgs (git)-[4e5f2a4...] % echo $NIX_PATH
 nixpkgs=/etc/nixos/nixpkgs:nixos-config=/etc/nixos/configuration.nix
 eqyiel@ayanami /etc/nixos/nixpkgs (git)-[4e5f2a4...] % git show HEAD
 commit 4e5f2a4d160ac0dfdf57644e583b6f34c0ff4a38 (HEAD)
 Author: Ruben Maher <[email protected]>
 Date:   Mon Sep 18 19:12:40 2017 +0930

    nfs-utils: set /etc/krb5.keytab as default path for rpc-gssd

    Currently the `rpc-gssd.service` has a `ConditionPathExists` clause that can
    never be met, because it's looking for stateful data inside `/nix/store`.

    `auth-rpcgss-module.service` also only starts if this file exists.

    Fixes NixOS/nixpkgs#29509.

 diff --git a/nixos/modules/tasks/filesystems/nfs.nix b/nixos/modules/tasks/filesystems/nfs.nix
 index 73cf18384b..d3a558738f 100644
 --- a/nixos/modules/tasks/filesystems/nfs.nix
 +++ b/nixos/modules/tasks/filesystems/nfs.nix
 @@ -85,8 +85,14 @@ in
         enable = mkDefault false;
       };

 +    systemd.services.auth-rpcgss-module =
 +      {
 +        unitConfig.ConditionPathExists = [ "" "/etc/krb5.keytab" ];
 +      };
 +
     systemd.services.rpc-gssd =
       { restartTriggers = [ nfsConfFile ];
 +        unitConfig.ConditionPathExists = [ "" "/etc/krb5.keytab" ];
       };

     systemd.services.rpc-statd =
 diff --git a/pkgs/os-specific/linux/nfs-utils/default.nix b/pkgs/os-specific/linux/nfs-utils/default.nix
 index d28cf44bd6..294dde2a0a 100644
 --- a/pkgs/os-specific/linux/nfs-utils/default.nix
 +++ b/pkgs/os-specific/linux/nfs-utils/default.nix
 @@ -39,7 +39,7 @@ in stdenv.mkDerivation rec {
       sed -i "s,^PATH=.*,PATH=$out/bin:${statdPath}," utils/statd/start-statd

       configureFlags="--with-start-statd=$out/bin/start-statd $configureFlags"
 -
 +
       substituteInPlace systemd/nfs-utils.service \
         --replace "/bin/true" "${coreutils}/bin/true"

 eqyiel@ayanami /etc/nixos/nixpkgs (git)-[4e5f2a4...] % nixos-version
 18.03.git.4e5f2a4d16 (Impala)
 eqyiel@ayanami /etc/nixos/nixpkgs (git)-[4e5f2a4...] % sudo systemctl daemon-reload

 eqyiel@ayanami /etc/nixos/nixpkgs (git)-[4e5f2a4...] % sudo systemctl restart nfs-utils
 eqyiel@ayanami /etc/nixos/nixpkgs (git)-[4e5f2a4...] % systemctl status rpc-gssd
 ● rpc-gssd.service - RPC security service for NFS client and server
   Loaded: loaded (/nix/store/i50nrgfy858ni0lnmr2my8hfi44ybhp0-nfs-utils-2.1.1/etc/systemd/system/rpc-gssd.service; enabled; vendor preset: enabled)
  Drop-In: /nix/store/g1p37g8cwy8iw5c31f24dfya1lfqblva-system-units/rpc-gssd.service.d
           └─overrides.conf
   Active: inactive (dead) since Wed 2017-09-20 20:13:19 ACST; 9h ago
 Condition: start condition failed at Thu 2017-09-21 05:59:14 ACST; 1min 53s ago
 Main PID: 747 (code=exited, status=0/SUCCESS)

 Sep 20 20:04:13 ayanami.maher.fyi rpc.gssd[747]: ERROR: gssd_refresh_krb5_machine_credential: no usable keytab entry found in keytab /etc/krb5.keytab for connection with host hoshijiro.maher.fyi
 Sep 20 20:04:13 ayanami.maher.fyi rpc.gssd[747]: ERROR: No credentials found for connection to server hoshijiro.maher.fyi
 Sep 20 20:04:13 ayanami.maher.fyi rpc.gssd[747]: ERROR: gssd_refresh_krb5_machine_credential: no usable keytab entry found in keytab /etc/krb5.keytab for connection with host hoshijiro.maher.fyi
 Sep 20 20:04:13 ayanami.maher.fyi rpc.gssd[747]: ERROR: No credentials found for connection to server hoshijiro.maher.fyi
 Sep 20 20:04:13 ayanami.maher.fyi rpc.gssd[747]: ERROR: gssd_refresh_krb5_machine_credential: no usable keytab entry found in keytab /etc/krb5.keytab for connection with host hoshijiro.maher.fyi
 Sep 20 20:04:13 ayanami.maher.fyi rpc.gssd[747]: ERROR: No credentials found for connection to server hoshijiro.maher.fyi
 Sep 20 20:04:13 ayanami.maher.fyi rpc.gssd[747]: ERROR: gssd_refresh_krb5_machine_credential: no usable keytab entry found in keytab /etc/krb5.keytab for connection with host hoshijiro.maher.fyi
 Sep 20 20:04:13 ayanami.maher.fyi rpc.gssd[747]: ERROR: No credentials found for connection to server hoshijiro.maher.fyi
 Sep 20 20:13:19 ayanami.maher.fyi systemd[1]: Stopping RPC security service for NFS client and server...
 Sep 20 20:13:19 ayanami.maher.fyi systemd[1]: Stopped RPC security service for NFS client and server.
 3 eqyiel@ayanami /etc/nixos/nixpkgs (git)-[4e5f2a4...] % cat /nix/store/i50nrgfy858ni0lnmr2my8hfi44ybhp0-nfs-utils-2.1.1/etc/systemd/system/rpc-gssd.service                                                    :(
 [Unit]
 Description=RPC security service for NFS client and server
 DefaultDependencies=no
 Conflicts=umount.target
 Requires=var-lib-nfs-rpc_pipefs.mount
 After=var-lib-nfs-rpc_pipefs.mount

 ConditionPathExists=/nix/store/i50nrgfy858ni0lnmr2my8hfi44ybhp0-nfs-utils-2.1.1/etc/krb5.keytab

 PartOf=nfs-utils.service

 [Service]
 Type=forking
 ExecStart=/nix/store/i50nrgfy858ni0lnmr2my8hfi44ybhp0-nfs-utils-2.1.1/bin/rpc.gssd
 eqyiel@ayanami /etc/nixos/nixpkgs (git)-[4e5f2a4...] % cat /nix/store/g1p37g8cwy8iw5c31f24dfya1lfqblva-system-units/rpc-gssd.service.d/overrides.conf
 [Unit]
 ConditionPathExists=/etc/krb5.keytab
 X-Restart-Triggers=/nix/store/5pgzyknq6bf809003kc5v0qcxqz7gzlg-nfs.conf

 [Service]
 Environment="LOCALE_ARCHIVE=/nix/store/x36zk6cx0xi71593vkk4wski2vbg3sln-glibc-locales-2.25-49/lib/locale/locale-archive"
 Environment="PATH=/nix/store/v3mhywkcj5vycgclmf2j8zlpbayvxndk-coreutils-8.28/bin:/nix/store/simjpbiksmvvg2xa25v65g5hk2sr014n-findutils-4.6.0/bin:/nix/store/dlk67w96zmbh4gxi72vkxdh4pm8xdb7j-gnugrep-3.1/bin:/nix/store/c4halcrqi0dbjjd6i9av69z5brgav3pz-gnused-4.4/bin:/nix/store/xk66kbaqg4l72xpyxprwhm35dz8mzm1d-systemd-234/bin:/nix/store/v3mhywkcj5vycgclmf2j8zlpbayvxndk-coreutils-8.28/sbin:/nix/store/simjpbiksmvvg2xa25v65g5hk2sr014n-findutils-4.6.0/sbin:/nix/store/dlk67w96zmbh4gxi72vkxdh4pm8xdb7j-gnugrep-3.1/sbin:/nix/store/c4halcrqi0dbjjd6i9av69z5brgav3pz-gnused-4.4/sbin:/nix/store/xk66kbaqg4l72xpyxprwhm35dz8mzm1d-systemd-234/sbin"
 Environment="TZDIR=/nix/store/ghziaza6fy9x74b9pnlc4zv8bc4cy8p2-tzdata-2016j/share/zoneinfo"
	eqyiel@ayanami /etc/nixos/nixpkgs (git)-[4e5f2a4...] % echo $NIX_PATH
	nixpkgs=/etc/nixos/nixpkgs:nixos-config=/etc/nixos/configuration.nix
	eqyiel@ayanami /etc/nixos/nixpkgs (git)-[4e5f2a4...] % git show HEAD
	commit 4e5f2a4d160ac0dfdf57644e583b6f34c0ff4a38 (HEAD)
	Author: Ruben Maher <[email protected]>
	Date: Mon Sep 18 19:12:40 2017 +0930

	nfs-utils: set /etc/krb5.keytab as default path for rpc-gssd

	Currently the `rpc-gssd.service` has a `ConditionPathExists` clause that can
	never be met, because it's looking for stateful data inside `/nix/store`.

	`auth-rpcgss-module.service` also only starts if this file exists.

	Fixes NixOS/nixpkgs#29509.

	diff --git a/nixos/modules/tasks/filesystems/nfs.nix b/nixos/modules/tasks/filesystems/nfs.nix
	index 73cf18384b..d3a558738f 100644
	--- a/nixos/modules/tasks/filesystems/nfs.nix
	+++ b/nixos/modules/tasks/filesystems/nfs.nix
	@@ -85,8 +85,14 @@ in
	enable = mkDefault false;
	};

	+ systemd.services.auth-rpcgss-module =
	+ {
	+ unitConfig.ConditionPathExists = [ "" "/etc/krb5.keytab" ];
	+ };
	+
	systemd.services.rpc-gssd =
	{ restartTriggers = [ nfsConfFile ];
	+ unitConfig.ConditionPathExists = [ "" "/etc/krb5.keytab" ];
	};

	systemd.services.rpc-statd =
	diff --git a/pkgs/os-specific/linux/nfs-utils/default.nix b/pkgs/os-specific/linux/nfs-utils/default.nix
	index d28cf44bd6..294dde2a0a 100644
	--- a/pkgs/os-specific/linux/nfs-utils/default.nix
	+++ b/pkgs/os-specific/linux/nfs-utils/default.nix
	@@ -39,7 +39,7 @@ in stdenv.mkDerivation rec {
	sed -i "s,^PATH=.*,PATH=$out/bin:${statdPath}," utils/statd/start-statd

	configureFlags="--with-start-statd=$out/bin/start-statd $configureFlags"
	-
	+
	substituteInPlace systemd/nfs-utils.service \
	--replace "/bin/true" "${coreutils}/bin/true"

	eqyiel@ayanami /etc/nixos/nixpkgs (git)-[4e5f2a4...] % nixos-version
	18.03.git.4e5f2a4d16 (Impala)
	eqyiel@ayanami /etc/nixos/nixpkgs (git)-[4e5f2a4...] % sudo systemctl daemon-reload

	eqyiel@ayanami /etc/nixos/nixpkgs (git)-[4e5f2a4...] % sudo systemctl restart nfs-utils
	eqyiel@ayanami /etc/nixos/nixpkgs (git)-[4e5f2a4...] % systemctl status rpc-gssd
	● rpc-gssd.service - RPC security service for NFS client and server
	Loaded: loaded (/nix/store/i50nrgfy858ni0lnmr2my8hfi44ybhp0-nfs-utils-2.1.1/etc/systemd/system/rpc-gssd.service; enabled; vendor preset: enabled)
	Drop-In: /nix/store/g1p37g8cwy8iw5c31f24dfya1lfqblva-system-units/rpc-gssd.service.d
	└─overrides.conf
	Active: inactive (dead) since Wed 2017-09-20 20:13:19 ACST; 9h ago
	Condition: start condition failed at Thu 2017-09-21 05:59:14 ACST; 1min 53s ago
	Main PID: 747 (code=exited, status=0/SUCCESS)

	Sep 20 20:04:13 ayanami.maher.fyi rpc.gssd[747]: ERROR: gssd_refresh_krb5_machine_credential: no usable keytab entry found in keytab /etc/krb5.keytab for connection with host hoshijiro.maher.fyi
	Sep 20 20:04:13 ayanami.maher.fyi rpc.gssd[747]: ERROR: No credentials found for connection to server hoshijiro.maher.fyi
	Sep 20 20:04:13 ayanami.maher.fyi rpc.gssd[747]: ERROR: gssd_refresh_krb5_machine_credential: no usable keytab entry found in keytab /etc/krb5.keytab for connection with host hoshijiro.maher.fyi
	Sep 20 20:04:13 ayanami.maher.fyi rpc.gssd[747]: ERROR: No credentials found for connection to server hoshijiro.maher.fyi
	Sep 20 20:04:13 ayanami.maher.fyi rpc.gssd[747]: ERROR: gssd_refresh_krb5_machine_credential: no usable keytab entry found in keytab /etc/krb5.keytab for connection with host hoshijiro.maher.fyi
	Sep 20 20:04:13 ayanami.maher.fyi rpc.gssd[747]: ERROR: No credentials found for connection to server hoshijiro.maher.fyi
	Sep 20 20:04:13 ayanami.maher.fyi rpc.gssd[747]: ERROR: gssd_refresh_krb5_machine_credential: no usable keytab entry found in keytab /etc/krb5.keytab for connection with host hoshijiro.maher.fyi
	Sep 20 20:04:13 ayanami.maher.fyi rpc.gssd[747]: ERROR: No credentials found for connection to server hoshijiro.maher.fyi
	Sep 20 20:13:19 ayanami.maher.fyi systemd[1]: Stopping RPC security service for NFS client and server...
	Sep 20 20:13:19 ayanami.maher.fyi systemd[1]: Stopped RPC security service for NFS client and server.
	3 eqyiel@ayanami /etc/nixos/nixpkgs (git)-[4e5f2a4...] % cat /nix/store/i50nrgfy858ni0lnmr2my8hfi44ybhp0-nfs-utils-2.1.1/etc/systemd/system/rpc-gssd.service :(
	[Unit]
	Description=RPC security service for NFS client and server
	DefaultDependencies=no
	Conflicts=umount.target
	Requires=var-lib-nfs-rpc_pipefs.mount
	After=var-lib-nfs-rpc_pipefs.mount

	ConditionPathExists=/nix/store/i50nrgfy858ni0lnmr2my8hfi44ybhp0-nfs-utils-2.1.1/etc/krb5.keytab

	PartOf=nfs-utils.service

	[Service]
	Type=forking
	ExecStart=/nix/store/i50nrgfy858ni0lnmr2my8hfi44ybhp0-nfs-utils-2.1.1/bin/rpc.gssd
	eqyiel@ayanami /etc/nixos/nixpkgs (git)-[4e5f2a4...] % cat /nix/store/g1p37g8cwy8iw5c31f24dfya1lfqblva-system-units/rpc-gssd.service.d/overrides.conf
	[Unit]
	ConditionPathExists=/etc/krb5.keytab
	X-Restart-Triggers=/nix/store/5pgzyknq6bf809003kc5v0qcxqz7gzlg-nfs.conf

	[Service]
	Environment="LOCALE_ARCHIVE=/nix/store/x36zk6cx0xi71593vkk4wski2vbg3sln-glibc-locales-2.25-49/lib/locale/locale-archive"
	Environment="PATH=/nix/store/v3mhywkcj5vycgclmf2j8zlpbayvxndk-coreutils-8.28/bin:/nix/store/simjpbiksmvvg2xa25v65g5hk2sr014n-findutils-4.6.0/bin:/nix/store/dlk67w96zmbh4gxi72vkxdh4pm8xdb7j-gnugrep-3.1/bin:/nix/store/c4halcrqi0dbjjd6i9av69z5brgav3pz-gnused-4.4/bin:/nix/store/xk66kbaqg4l72xpyxprwhm35dz8mzm1d-systemd-234/bin:/nix/store/v3mhywkcj5vycgclmf2j8zlpbayvxndk-coreutils-8.28/sbin:/nix/store/simjpbiksmvvg2xa25v65g5hk2sr014n-findutils-4.6.0/sbin:/nix/store/dlk67w96zmbh4gxi72vkxdh4pm8xdb7j-gnugrep-3.1/sbin:/nix/store/c4halcrqi0dbjjd6i9av69z5brgav3pz-gnused-4.4/sbin:/nix/store/xk66kbaqg4l72xpyxprwhm35dz8mzm1d-systemd-234/sbin"
	Environment="TZDIR=/nix/store/ghziaza6fy9x74b9pnlc4zv8bc4cy8p2-tzdata-2016j/share/zoneinfo"