acl-2.2.51 fails to apply patch acl-2.2.42-CITI_NFS4_ALL-2.dif during src_prepare Reproducible: Always Steps to Reproduce: 1. emerge =sys-apps/acl-2.2.51 2. 3. Actual Results: Patch fails, emerge aborts Expected Results: Patch succeeds, emerge completes.
Created attachment 283909 [details] emerge --info =sys-apps/acl-2.2.51
Created attachment 283911 [details] build.log
Created attachment 283913 [details] patch output
I'm having the same issue. Build log and patch output are the same, as is the version of acl (2.2.51).
Created attachment 311751 [details] emerge --info =sys-apps/acl-2.2.51
Ditto :( ACL's is kind of a major feature of NFS4,... not being able to use them on Gentoo hurts!
Created attachment 322858 [details] emerge --info =sys-apps/acl-2.2.51
I guess the obvious cause is that the patch is really for acl version 2.2.42 and not for 2.2.51 - fixed with reverting back to the older version. emerge =sys-apps/acl-2.2.49 I masked the newer version in /etc/portage/package.mask The problem is that upstream has not provided a patch to include nfs support in 2.2.51 yet ( http://www.citi.umich.edu/projects/nfsv4/linux/ ) The 2.2.51 ebuild however shouldn't even attempt to apply the wrong patch, or attempt nfs support at all, even if a user force-unmasks the nfs use flag for acl-2.2.51 - which is what the real bug is... The upstream website notes: "Note: Recent linux distributions have included NFSv4/rpcsec_gss support, which may be sufficient for your purposes; Building the following from source should only be necessary if you want to check for bugfixes or need new features in our very latest experimental code.)" Which might explain the lack of updates on their end. At this point I'm not sure what needs to be done to make rpcsec_gss work with nfs on Gentoo (maybe the kereberos use flag adds it?)
This looks very interesting and relevant: http://comments.gmane.org/gmane.linux.file-systems.acl.devel/311 "In general, POSIX and NFSv4 ACLs do not interact very well. The NFSv4 patches against libacl which make getfacl and setfacl emulate NFSv4 ACLs are not in the upstream version, and never will be. Instead, we'll likely have tools that can manipulate NFSv4 ACLs directly. Apparently Gentoo still took the CITI libacl patches." Long story short, as far as I understand, nfs support for posix acl should not exist, and the patch should simply not even be in the ebuild. But there also do not seem to be any full-featured alternative. Wonderful. :(
Aaand to demonstrate how buggy ACL's are with NFS4 when you DO use acl-2.2.51 with the nfs use flag enabled: # happy little nfs4 mount here: > pwd /mnt/test > mount | grep /mnt/test 192.168.56.100:/vol/webpages on /mnt/test type nfs4 (rw,addr=192.168.56.100,clientaddr=192.168.56.33) # Now lets make a folder and give it a default acl > mkdir foobar > setfacl -d u:apache:rx foobar # Lets see what that looks like > getfacl foobar # file: foobar # owner: root # group: root user::rwx group::r-x other::r-x default:user::rwx default:user:apache:r-x default:group::r-x default:mask::r-x default:other::r-x # Great, default acl is set, now lets try to remove it: > setfacl -k foobar # No output, so it worked, right? > getfacl foobar # file: foobar # owner: root # group: root user::rwx group::r-x other::r-x default:user::rwx default:user:apache:r-x default:group::r-x default:mask::r-x default:other::r-x # NOPE! default acl is still there! What the heck is going on here? > strace setfacl -k foobar 2>&1 | tail -n2 removexattr("foobar", "system.posix_acl_default") = -1 EOPNOTSUPP (Operation not supported) exit_group(0) = ? +++ exited with 0 +++ # Nice, posix returns Operation not supported, yet the program exits with 0 anyway! Great job guys,... But wait! there's another acl userland tool we can use to remove acl's,... lets see what happens if we use it.... > chacl -B foobar chacl: error removing default acl on "foobar": Operation not supported # Well, at least chacl returns the proper error,... # Lets see, how many bugs can you count here?
The nfs USE flag should be removed, because nfs4 has its own ACL tools. To work with nfs4 ACLs: 1. disable the nfs USE flag for sys-apps/acl 2. emerge net-fs/nfs4-acl-tools You will get the tools nfs4_getfacl and nfs4_setfacl to manage ACLs for nfs4 mounts.
> The nfs USE flag should be removed, because nfs4 has its own ACL tools. Agreed. It would be nice though if the nfs4 tools could be unmasked and any open bugs on it given priority, though. It just pushes people more towards sys-apps/acl causing more confusion. According to the changelog it's been in the tree since 2007, I think 6 years of ~arch is enough? :)
should be all set now in the tree; thanks for the report! Commit message: Punt the USE=nfs flag as upstream has not updated the patch in years and it no longer applies http://sources.gentoo.org/sys-apps/acl/acl-2.2.52.ebuild?r1=1.1&r2=1.2
