gssd: add support for an "allowed-enctypes" option in nfs.conf (RHEL-31858)

Update: Typos and documentation fixes (RHEL-22654)
Signed-off-by: Steve Dickson <steved@redhat.com> Resolves: RHEL-22654
2024-05-01 03:26:11 +00:00 · 2024-02-18 09:54:42 -05:00
5 changed files with 469 additions and 7 deletions
--- a/.nfs-utils.metadata
+++ b/.nfs-utils.metadata
@ -0,0 +1 @@
+1b097d511c85f95671619f51b37abd75d56ea777 nfs-utils-2.5.4.tar.xz
--- a/nfs-utils-2.3.3-nfsconf-usegssproxy.patch
+++ b/nfs-utils-2.3.3-nfsconf-usegssproxy.patch
@ -1,7 +1,7 @@
-diff -up nfs-utils-2.3.4/nfs.conf.orig nfs-utils-2.3.4/nfs.conf
--- nfs-utils-2.3.4/nfs.conf.orig	2019-05-10 14:49:49.000000000 -0400
-+++ nfs-utils-2.3.4/nfs.conf	2019-05-10 14:58:20.198714920 -0400
-@@ -13,7 +13,7 @@
+diff -up nfs-utils-2.5.4/nfs.conf.orig nfs-utils-2.5.4/nfs.conf
+--- nfs-utils-2.5.4/nfs.conf.orig	2024-04-30 14:42:44.551812808 -0400
+++ nfs-utils-2.5.4/nfs.conf	2024-04-30 14:43:29.985032677 -0400
+@@ -20,7 +20,7 @@
 # rpc-verbosity=0
 # use-memcache=0
 # use-machine-creds=1
@ -9,8 +9,8 @@ diff -up nfs-utils-2.3.4/nfs.conf.orig nfs-utils-2.3.4/nfs.conf
 +use-gss-proxy=1
 # avoid-dns=1
 # limit-to-legacy-enctypes=0
- # context-timeout=0
-@@ -77,6 +77,5 @@
+ # allowed-enctypes=aes256-cts-hmac-sha384-192,aes128-cts-hmac-sha256-128,camellia256-cts-cmac,camellia128-cts-cmac,aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
+@@ -97,6 +97,5 @@ rdma-port=20049
 # outgoing-port=
 # outgoing-addr=
 # lift-grace=y
--- a/nfs-utils-2.5.4-fix-typos-in-messages.patch
+++ b/nfs-utils-2.5.4-fix-typos-in-messages.patch
@ -0,0 +1,199 @@
+diff --git a/support/export/v4root.c b/support/export/v4root.c
+index c12a7d85..826cc219 100644
+--- a/support/export/v4root.c
+++ b/support/export/v4root.c
+@@ -135,7 +135,7 @@ v4root_support(void)
+ 	if (!warned) {
+ 		xlog(L_WARNING, "Kernel does not have pseudo root support.");
+ 		xlog(L_WARNING, "NFS v4 mounts will be disabled unless fsid=0");
+-		xlog(L_WARNING, "is specfied in /etc/exports file.");
+		xlog(L_WARNING, "is specified in /etc/exports file.");
+ 		warned++;
+ 	}
+ 	return 0;
+diff --git a/systemd/nfs-blkmap.service b/systemd/nfs-blkmap.service
+index 6aa45ba1..57181632 100644
+--- a/systemd/nfs-blkmap.service
+++ b/systemd/nfs-blkmap.service
+@@ -1,5 +1,6 @@
+ [Unit]
+ Description=pNFS block layout mapping daemon
+Documentation=man:blkmapd(8)
+ DefaultDependencies=no
+ Conflicts=umount.target
+ After=rpc_pipefs.target
+diff --git a/systemd/nfs-idmapd.service b/systemd/nfs-idmapd.service
+index f38fe527..bf6f4ded 100644
+--- a/systemd/nfs-idmapd.service
+++ b/systemd/nfs-idmapd.service
+@@ -1,5 +1,6 @@
+ [Unit]
+ Description=NFSv4 ID-name mapping service
+Documentation=man:idmapd(8)
+ DefaultDependencies=no
+ Requires=rpc_pipefs.target
+ After=rpc_pipefs.target local-fs.target
+diff --git a/systemd/nfs-mountd.service b/systemd/nfs-mountd.service
+index e8ece533..4618fab1 100644
+--- a/systemd/nfs-mountd.service
+++ b/systemd/nfs-mountd.service
+@@ -1,5 +1,6 @@
+ [Unit]
+ Description=NFS Mount Daemon
+Documentation=man:rpc.mountd(8)
+ DefaultDependencies=no
+ Requires=proc-fs-nfsd.mount
+ Wants=network-online.target
+diff --git a/systemd/nfs-server.service b/systemd/nfs-server.service
+index 41479169..58bc0917 100644
+--- a/systemd/nfs-server.service
+++ b/systemd/nfs-server.service
+@@ -1,5 +1,6 @@
+ [Unit]
+ Description=NFS server and services
+Documentation=man:rpc.nfsd(8) man:exportfs(8)
+ DefaultDependencies=no
+ Requires=network.target proc-fs-nfsd.mount
+ Requires=nfs-mountd.service
+diff --git a/systemd/nfsdcld.service b/systemd/nfsdcld.service
+index a32d2430..3ced5658 100644
+--- a/systemd/nfsdcld.service
+++ b/systemd/nfsdcld.service
+@@ -1,5 +1,6 @@
+ [Unit]
+ Description=NFSv4 Client Tracking Daemon
+Documentation=man:nfsdcld(8)
+ DefaultDependencies=no
+ Conflicts=umount.target
+ Requires=rpc_pipefs.target proc-fs-nfsd.mount
+diff --git a/systemd/rpc-gssd.service.in b/systemd/rpc-gssd.service.in
+index 6807db35..38382ed3 100644
+--- a/systemd/rpc-gssd.service.in
+++ b/systemd/rpc-gssd.service.in
+@@ -1,5 +1,6 @@
+ [Unit]
+ Description=RPC security service for NFS client and server
+Documentation=man:rpc.gssd(8)
+ DefaultDependencies=no
+ Conflicts=umount.target
+ Requires=rpc_pipefs.target
+diff --git a/systemd/rpc-statd-notify.service b/systemd/rpc-statd-notify.service
+index aad4c0d2..962f18b2 100644
+--- a/systemd/rpc-statd-notify.service
+++ b/systemd/rpc-statd-notify.service
+@@ -1,5 +1,6 @@
+ [Unit]
+ Description=Notify NFS peers of a restart
+Documentation=man:sm-notify(8) man:rpc.statd(8)
+ DefaultDependencies=no
+ Wants=network-online.target
+ After=local-fs.target network-online.target nss-lookup.target
+diff --git a/systemd/rpc-statd.service b/systemd/rpc-statd.service
+index 392750da..660ed861 100644
+--- a/systemd/rpc-statd.service
+++ b/systemd/rpc-statd.service
+@@ -1,5 +1,6 @@
+ [Unit]
+ Description=NFS status monitor for NFSv2/3 locking.
+Documentation=man:rpc.statd(8)
+ DefaultDependencies=no
+ Conflicts=umount.target
+ Requires=nss-lookup.target rpcbind.socket
+diff --git a/systemd/rpc-svcgssd.service b/systemd/rpc-svcgssd.service
+index cb2bcd4f..401fba11 100644
+--- a/systemd/rpc-svcgssd.service
+++ b/systemd/rpc-svcgssd.service
+@@ -1,5 +1,6 @@
+ [Unit]
+ Description=RPC security service for NFS server
+Documentation=man:rpc.svcgssd(8)
+ DefaultDependencies=no
+ After=local-fs.target
+ PartOf=nfs-server.service
+diff --git a/utils/exportfs/exports.man b/utils/exportfs/exports.man
+index 83dd6807..e5fb10f5 100644
+--- a/utils/exportfs/exports.man
+++ b/utils/exportfs/exports.man
+@@ -298,7 +298,7 @@ set.
+ 
+ The
+ .I nocrossmnt
+-option can explictly disable
+option can explicitly disable
+ .I crossmnt
+ if it was previously set.  This is rarely useful.
+ .TP
+diff --git a/utils/mount/mount_libmount.c b/utils/mount/mount_libmount.c
+index aa4ac5c3..fd6cb2cb 100644
+--- a/utils/mount/mount_libmount.c
+++ b/utils/mount/mount_libmount.c
+@@ -442,7 +442,7 @@ int main(int argc, char *argv[])
+ 	mnt_init_debug(0);
+ 	cxt = mnt_new_context();
+ 	if (!cxt) {
+-		nfs_error(_("Can't initilize libmount: %s"),
+		nfs_error(_("Can't initialize libmount: %s"),
+ 					strerror(errno));
+ 		rc = EX_FAIL;
+ 		goto done;
+diff --git a/utils/mount/nfs.man b/utils/mount/nfs.man
+index dfc31a5d..fe1ad354 100644
+--- a/utils/mount/nfs.man
+++ b/utils/mount/nfs.man
+@@ -967,7 +967,7 @@ Some server features misbehave in the face of a migration-compatible
+ identification string.
+ The
+ .B nomigration
+-option retains the use of a traditional client indentification string
+option retains the use of a traditional client identification string
+ which is compatible with legacy NFS servers.
+ This is also the behavior if neither option is specified.
+ A client's open and lock state cannot be migrated transparently
+@@ -1810,7 +1810,7 @@ auxiliary services such as the NLM service can choose
+ any unused port number at random.
+ .P
+ Common firewall configurations block the well-known rpcbind port.
+-In the absense of an rpcbind service,
+In the absence of an rpcbind service,
+ the server administrator fixes the port number
+ of NFS-related services so that the firewall
+ can allow access to specific NFS service ports.
+diff --git a/utils/mount/nfsmount.conf.man b/utils/mount/nfsmount.conf.man
+index 73c3e118..7d4a33c9 100644
+--- a/utils/mount/nfsmount.conf.man
+++ b/utils/mount/nfsmount.conf.man
+@@ -43,7 +43,7 @@ and will be shifted to lower case before being passed to the filesystem.
+ .PP
+ Boolean mount options which do not need an equals sign must be given as
+ .RI \[dq] option =True".
+-Instead of preceeding such an option with
+Instead of preceding such an option with
+ .RB \[dq] no \[dq]
+ its negation must be given as
+ .RI \[dq] option =False".
+diff --git a/utils/nfsdcld/nfsdcld.man b/utils/nfsdcld/nfsdcld.man
+index 861f1c49..ee6e9dcf 100644
+--- a/utils/nfsdcld/nfsdcld.man
+++ b/utils/nfsdcld/nfsdcld.man
+@@ -198,7 +198,7 @@ initialize client tracking in the following order:  First, the \fBnfsdcld\fR upc
+ the \fBnfsdcltrack\fR usermodehelper upcall.  Finally, the legacy client tracking.
+ .PP
+ This daemon should be run as root, as the pipe that it uses to communicate
+-with the kernel is only accessable by root. The daemon however does drop all
+with the kernel is only accessible by root. The daemon however does drop all
+ superuser capabilities after starting. Because of this, the \fIstoragedir\fR
+ should be owned by root, and be readable and writable by owner.
+ .PP
+diff --git a/utils/nfsdcltrack/nfsdcltrack.man b/utils/nfsdcltrack/nfsdcltrack.man
+index cc24b7a2..3905ba46 100644
+--- a/utils/nfsdcltrack/nfsdcltrack.man
+++ b/utils/nfsdcltrack/nfsdcltrack.man
+@@ -80,7 +80,7 @@ section.  For example:
+ .br
+   storagedir = /shared/nfs/nfsdcltrack
+ .in -5
+-Debuging to syslog can also be enabled by setting "debug = 1" in this file.
+Debugging to syslog can also be enabled by setting "debug = 1" in this file.
+ .SH "LEGACY TRANSITION MECHANISM"
+ .IX Header "LEGACY TRANSITION MECHANISM"
+ The Linux kernel NFSv4 server has historically tracked this information
--- a/nfs-utils-2.5.4-gssd-allowed-enctypes.patch
+++ b/nfs-utils-2.5.4-gssd-allowed-enctypes.patch
@ -0,0 +1,251 @@
+commit 9b1f860a3457328a08395651d029a454e0303454
+Author: Scott Mayhew <smayhew@redhat.com>
+Date:   Fri Mar 15 06:34:52 2024 -0400
+
+    gssd: add support for an "allowed-enctypes" option in nfs.conf
+    
+    Newer kernels have support for newer krb5 encryption types, AES with
+    SHA2 and Camellia.  An NFS client with an "old" kernel can talk to
+    and NFS server with a "new" kernel and it just works.   An NFS client
+    with a "new" kernel can talk to an NFS server with an "old" kernel, but
+    that requires some additional configuration (particularly if the NFS
+    server does have support for the newer encryption types in its userspace
+    krb5 libraries) that may be unclear and/or burdensome to the admin.
+    
+    1) If the NFS server has support for the newer encryption types in the
+       userspace krb5 libraries, but not in the kernel's RPCSEC_GSS code,
+       then its possible that it also already has "nfs" keys using those
+       newer encryption types in its keytab.  In that case, it's necessary
+       to regenerate the "nfs" keys without the newer encryption types.
+       The reason this is necessary is because if the NFS client requests
+       an "nfs" service ticket from the KDC, and the list of enctypes in
+       in that TGS-REQ contains a newer encryption type, and the KDC had
+       previously generated a key for the NFS server using the newer
+       encryption type, then the resulting service ticket in the TGS-REP
+       will be using the newer encryption type and the NFS server will not
+       be able to decrypt it.
+    
+    2) It is necessary to either modify the permitted_enctypes field of the
+       krb5.conf or create a custom crypto-policy module (if the
+       crypto-policies package is being used) on the NFS *client* so that it
+       does not include the newer encryption types.  The reason this is
+       necessary is because it affects the list of encryption types that
+       will be present in the RPCSEC_GSS_INIT request that the NFS client
+       sends to the NFS server.  The kernel on the NFS server cannot not
+       process the request on its own; it has to upcall to gssproxy to do
+       that... and again if the userspace krb5 libraries on the NFS server
+       have support for the newer encryption types, then it will select one
+       of those and the kernel will not be able to import the context when
+       it gets the downcall.  Also note that modifying the permitted_enctypes
+       field and/or crypto policy has the side effect of impacting everything
+       krb5 related, not just just NFS.
+    
+    So add support for an "allowed-enctypes" field in nfs.conf.  This allows
+    the admin to restrict gssd to using a subset of the encryption types
+    that are supported by the kernel and krb5 libraries.  This will remove
+    the need for steps 1 & 2 above, and will only affect NFS rather than
+    krb5 as a whole.
+    
+    For example, for a "new" NFS client talking to an "old" NFS server, the
+    admin will probably want this in the client's nfs.conf:
+    
+    allowed-enctypes=aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
+    
+    Signed-off-by: Scott Mayhew <smayhew@redhat.com>
+    Signed-off-by: Steve Dickson <steved@redhat.com>
+
+diff --git a/nfs.conf b/nfs.conf
+index 323f072..23b5f7d 100644
+--- a/nfs.conf
+++ b/nfs.conf
+@@ -23,6 +23,7 @@
+ # use-gss-proxy=0
+ # avoid-dns=1
+ # limit-to-legacy-enctypes=0
+# allowed-enctypes=aes256-cts-hmac-sha384-192,aes128-cts-hmac-sha256-128,camellia256-cts-cmac,camellia128-cts-cmac,aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
+ # context-timeout=0
+ # rpc-timeout=5
+ # keytab-file=/etc/krb5.keytab
+diff --git a/utils/gssd/gssd.c b/utils/gssd/gssd.c
+index ca9b326..10c731a 100644
+--- a/utils/gssd/gssd.c
+++ b/utils/gssd/gssd.c
+@@ -1232,6 +1232,12 @@ main(int argc, char *argv[])
+ 
+ 	daemon_init(fg);
+ 
+#ifdef HAVE_SET_ALLOWABLE_ENCTYPES
+	rc = get_allowed_enctypes();
+	if (rc)
+		exit(EXIT_FAILURE);
+#endif
+
+ 	if (gssd_check_mechs() != 0)
+ 		errx(1, "Problem with gssapi library");
+ 
+diff --git a/utils/gssd/gssd.man b/utils/gssd/gssd.man
+index 2a5384d..c735eff 100644
+--- a/utils/gssd/gssd.man
+++ b/utils/gssd/gssd.man
+@@ -346,6 +346,15 @@ flag.
+ Equivalent to
+ .BR -l .
+ .TP
+.B allowed-enctypes
+Allows you to restrict
+.B rpc.gssd
+to using a subset of the encryption types permitted by the kernel and the krb5
+libraries.  This is useful if you need to interoperate with an NFS server that
+does not have support for the newer SHA2 and Camellia encryption types, for
+example.  This configuration file option does not have an equivalent
+command-line option.
+.TP
+ .B context-timeout
+ Equivalent to
+ .BR -t .
+diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
+index 6f66ef4..57b3cf8 100644
+--- a/utils/gssd/krb5_util.c
+++ b/utils/gssd/krb5_util.c
+@@ -129,6 +129,7 @@
+ #include "err_util.h"
+ #include "gss_util.h"
+ #include "krb5_util.h"
+#include "conffile.h"
+ 
+ /*
+  * List of principals from our keytab that we
+@@ -155,6 +156,8 @@ static pthread_mutex_t ple_lock = PTHREAD_MUTEX_INITIALIZER;
+ 
+ #ifdef HAVE_SET_ALLOWABLE_ENCTYPES
+ int limit_to_legacy_enctypes = 0;
+krb5_enctype *allowed_enctypes = NULL;
+int num_allowed_enctypes = 0;
+ #endif
+ 
+ /*==========================*/
+@@ -1596,6 +1599,68 @@ out_cred:
+ }
+ 
+ #ifdef HAVE_SET_ALLOWABLE_ENCTYPES
+int
+get_allowed_enctypes(void)
+{
+	struct conf_list *allowed_etypes = NULL;
+	struct conf_list_node *node;
+	char *buf = NULL, *old = NULL;
+	int len, ret = 0;
+
+	allowed_etypes = conf_get_list("gssd", "allowed-enctypes");
+	if (allowed_etypes) {
+		TAILQ_FOREACH(node, &(allowed_etypes->fields), link) {
+			allowed_enctypes = realloc(allowed_enctypes,
+						   (num_allowed_enctypes + 1) *
+						   sizeof(*allowed_enctypes));
+			if (allowed_enctypes == NULL) {
+				ret = ENOMEM;
+				goto out_err;
+			}
+			ret = krb5_string_to_enctype(node->field,
+						     &allowed_enctypes[num_allowed_enctypes]);
+			if (ret) {
+				printerr(0, "%s: invalid enctype %s",
+					 __func__, node->field);
+				goto out_err;
+			}
+			if (get_verbosity() > 1) {
+				if (buf == NULL) {
+					len = asprintf(&buf, "%s(%d)", node->field,
+						       allowed_enctypes[num_allowed_enctypes]);
+					if (len < 0) {
+						ret = ENOMEM;
+						goto out_err;
+					}
+				} else {
+					old = buf;
+					len = asprintf(&buf, "%s,%s(%d)", old, node->field,
+						       allowed_enctypes[num_allowed_enctypes]);
+					if (len < 0) {
+						ret = ENOMEM;
+						goto out_err;
+					}
+					free(old);
+					old = NULL;
+				}
+			}
+			num_allowed_enctypes++;
+		}
+		printerr(2, "%s: allowed_enctypes = %s", __func__, buf);
+	}
+	goto out;
+out_err:
+	num_allowed_enctypes = 0;
+	free(allowed_enctypes);
+out:
+	free(buf);
+	if (old != buf)
+		free(old);
+	if (allowed_etypes)
+		conf_free_list(allowed_etypes);
+	return ret;
+}
+
+ /*
+  * this routine obtains a credentials handle via gss_acquire_cred()
+  * then calls gss_krb5_set_allowable_enctypes() to limit the encryption
+@@ -1619,6 +1684,10 @@ limit_krb5_enctypes(struct rpc_gss_sec *sec)
+ 	int num_enctypes = sizeof(enctypes) / sizeof(enctypes[0]);
+ 	extern int num_krb5_enctypes;
+ 	extern krb5_enctype *krb5_enctypes;
+	extern int num_allowed_enctypes;
+	extern krb5_enctype *allowed_enctypes;
+	int num_set_enctypes;
+	krb5_enctype *set_enctypes;
+ 	int err = -1;
+ 
+ 	if (sec->cred == GSS_C_NO_CREDENTIAL) {
+@@ -1631,12 +1700,26 @@ limit_krb5_enctypes(struct rpc_gss_sec *sec)
+ 	 * If we failed for any reason to produce global
+ 	 * list of supported enctypes, use local default here.
+ 	 */
+-	if (krb5_enctypes == NULL || limit_to_legacy_enctypes)
+-		maj_stat = gss_set_allowable_enctypes(&min_stat, sec->cred,
+-					&krb5oid, num_enctypes, enctypes);
+-	else
+-		maj_stat = gss_set_allowable_enctypes(&min_stat, sec->cred,
+-					&krb5oid, num_krb5_enctypes, krb5_enctypes);
+	if (krb5_enctypes == NULL || limit_to_legacy_enctypes ||
+			allowed_enctypes) {
+		if (allowed_enctypes) {
+			printerr(2, "%s: using allowed enctypes from config\n",
+				 __func__);
+			num_set_enctypes = num_allowed_enctypes;
+			set_enctypes = allowed_enctypes;
+		} else {
+			printerr(2, "%s: using legacy enctypes\n", __func__);
+			num_set_enctypes = num_enctypes;
+			set_enctypes = enctypes;
+		}
+	} else {
+		printerr(2, "%s: using enctypes from the kernel\n", __func__);
+		num_set_enctypes = num_krb5_enctypes;
+		set_enctypes = krb5_enctypes;
+	}
+
+	maj_stat = gss_set_allowable_enctypes(&min_stat, sec->cred,
+				&krb5oid, num_set_enctypes, set_enctypes);
+ 
+ 	if (maj_stat != GSS_S_COMPLETE) {
+ 		pgsserr("gss_set_allowable_enctypes",
+diff --git a/utils/gssd/krb5_util.h b/utils/gssd/krb5_util.h
+index 7ef8701..40ad323 100644
+--- a/utils/gssd/krb5_util.h
+++ b/utils/gssd/krb5_util.h
+@@ -27,6 +27,7 @@ int gssd_k5_remove_bad_service_cred(char *srvname);
+ #ifdef HAVE_SET_ALLOWABLE_ENCTYPES
+ extern int limit_to_legacy_enctypes;
+ int limit_krb5_enctypes(struct rpc_gss_sec *sec);
+int get_allowed_enctypes(void);
+ #endif
+ 
+ /*
--- a/nfs-utils.spec
+++ b/nfs-utils.spec
@ -2,7 +2,7 @@ Summary: NFS utilities and supporting clients and daemons for the kernel NFS ser
 Name: nfs-utils
 URL: http://linux-nfs.org/
 Version: 2.5.4
-Release: 24%{?dist}
+Release: 26%{?dist}
 Epoch: 1

 # group all 32bit related archs
@ -59,6 +59,11 @@ Patch023: nfs-utils-2.5.4-fix-typos-in-messages.patch
 Patch024: nfs-utils-2.5.4-blkmapd-double-free.patch
 Patch025: nfs-utils-2.5.4-rpcdebug-check-read-return.patch

+#
+# RHEL9.5
+#
+Patch026: nfs-utils-2.5.4-gssd-allowed-enctypes.patch
+
 Patch100: nfs-utils-1.2.1-statdpath-man.patch
 Patch101: nfs-utils-1.2.1-exp-subtree-warn-off.patch
 Patch102: nfs-utils-1.2.5-idmap-errmsg.patch
@ -499,6 +504,12 @@ fi
 %{_mandir}/*/nfsiostat.8.gz

 %changelog
+* Tue Apr 30 2024 Steve Dickson <steved@redhat.com> 2.5.4-26
+- gssd: add support for an "allowed-enctypes" option in nfs.conf (RHEL-31858)
+
+* Sun Feb 18 2024 Steve Dickson <steved@redhat.com> 2.5.4-25
+- Update: Typos and documentation fixes (RHEL-22654)
+
 * Fri Feb 16 2024 Pavel Reichl <preichl@redhat.com> - 2.5.4-24
 - Fix gating (RHEL-25837)
Author	SHA1	Message	Date
Steve Dickson	006e48e5eb	gssd: add support for an "allowed-enctypes" option in nfs.conf (RHEL-31858)	2024-05-01 03:26:11 +00:00
Steve Dickson	99fc7257e6	Update: Typos and documentation fixes (RHEL-22654) Signed-off-by: Steve Dickson <steved@redhat.com> Resolves: RHEL-22654	2024-02-18 09:54:42 -05:00
				`@ -0,0 +1 @@`
				`1b097d511c85f95671619f51b37abd75d56ea777 nfs-utils-2.5.4.tar.xz`