Mail Archives: cygwin/2024/05/28/16:16:42
DKIM-Filter: | OpenDKIM Filter v2.11.0 delorie.com 44SKGgWp1359317
|
Authentication-Results: | delorie.com;
|
| dkim=pass (1024-bit key, unprotected) header.d=cygwin.com header.i=@cygwin.com header.a=rsa-sha256 header.s=default header.b=DVhmQyfL
|
X-Recipient: | archive-cygwin AT delorie DOT com
|
DKIM-Filter: | OpenDKIM Filter v2.11.0 sourceware.org 85E283845142
|
DKIM-Signature: | v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
|
| s=default; t=1716927400;
|
| bh=WaNWG7Ou5h5z2WBUFKI9HmA+y7CMysNVqXJD3xzlCxY=;
|
| h=References:In-Reply-To:Date:Subject:To:List-Id:List-Unsubscribe:
|
| List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:
|
| From;
|
| b=DVhmQyfLvqUWZgTPv1SmIZmcRqtXEQsi3178+m66dPhGXzc3E3Dfayxj+B7rBtL05
|
| qscGFAupRSiw8T+8G2n1KN8cHjMx+ukimGch9b4oiRn670NbtE6xJfh6RL7vm+3w70
|
| zgFUlpPm8ZGmwAsXujxHi4BvLeIczTpOo1+54o2Q=
|
X-Original-To: | cygwin AT cygwin DOT com
|
Delivered-To: | cygwin AT cygwin DOT com
|
DMARC-Filter: | OpenDMARC Filter v1.4.2 sourceware.org 56CBA384AB71
|
ARC-Filter: | OpenARC Filter v1.0.0 sourceware.org 56CBA384AB71
|
ARC-Seal: | i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1716927336; cv=none;
|
| b=LbSdFgeRV4d1W3SyE5VY5FZ195qooXhBw4C5iL1+/QLSkvVOzRd0FZ8GxQD82jK6f0pWwQ1z3GJy4HAGhTp22Ku8qrbsIQ6IUCIri7fsu+AJ6xYBPxC0Yfo+mRnxK7puKJktJExTPSW6NuqAyitp1Zw7bDKW1EbluQf2mGHjsDA=
|
ARC-Message-Signature: | i=1; a=rsa-sha256; d=sourceware.org; s=key;
|
| t=1716927336; c=relaxed/simple;
|
| bh=QSpFMUxrXgiew0Sf+5794CeL6ZaCqhISTYJq6+7klUw=;
|
| h=DKIM-Signature:MIME-Version:From:Date:Message-ID:Subject:To;
|
| b=pmBW+PVJSUzH3WoaZMjRQr/ETT7p/k9/kB4og+KQRCJ065jRbMTn03fjsrsj5Ndd30RC81seRQCSAHfrlQJguZtztudHOHXaPLLpFG6xVZf8abfc+LchvkTikPOL+ho7UXXYzNtUfBfIYTeqDERyKevSOipqR+X0XwxyPBLBbGs=
|
ARC-Authentication-Results: | i=1; server2.sourceware.org
|
X-Google-DKIM-Signature: | v=1; a=rsa-sha256; c=relaxed/relaxed;
|
| d=1e100.net; s=20230601; t=1716927329; x=1717532129;
|
| h=to:subject:message-id:date:from:in-reply-to:references:mime-version
|
| :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
|
| bh=am/LasmI0EPG4fvVr121tn8X4DJTV4BTOyCHyfVXqQo=;
|
| b=m/5giEKg5H8qAHLGsmzuet/AFypk3EX38YsDPRugTUkJYkT3ehHHPj1tvAoDd+j9h8
|
| Ps2E9EuLCBkBS5lfY0nRAbrSTS6hquO7pYVQ45vtIlK3hfrMMgMn1R6SNiB4CKCe4uyH
|
| bMNSZPF37jrGesirZhRsemhKV0b03vwDAAi/a2ZrdE0WTSxOL4G36BUPcYoPmVouM1QA
|
| 6yLOvsngs8D6IrlGLF3qK6XTI7rLfdMnBDG3oobC8cLTp/csTpCFYpigG559ygcIQ1zu
|
| 9iRBl2dS0sC5HtEpHsFpKKk+rIrpdT/bZMv2NdB0S2nYD33hyozUnLvsKef9wMpwh31f
|
| qKSg==
|
X-Gm-Message-State: | AOJu0Yxp4wzqOT6nLo77qPx2OawbH0Wl1xiJegAKqlo6y25CBI2rEfTL
|
| DHXJRrAa9B/YQ8qxZy29Ua3bgPCxpw5Wl5Q3ehWqUlOrxfdOqIQFqD8LBp//5s/7XEbuhSCXIZb
|
| PgUu8XrXyZUc/juO5BWhM5XYJIv6pomsJ
|
X-Google-Smtp-Source: | AGHT+IHnPQAPZ2S2HCpp6EtI6EYUy/+UoqbsCa3LSnbjYFjEUZXPNZ/2Oc1Y7M2rq5sd59BtUjCKAjytSKRiWpadxmw=
|
X-Received: | by 2002:a2e:8e8d:0:b0:2e0:da20:2502 with SMTP id
|
| 38308e7fff4ca-2e95b27b0b1mr96090181fa.49.1716927329038; Tue, 28 May 2024
|
| 13:15:29 -0700 (PDT)
|
MIME-Version: | 1.0
|
References: | <CAKAoaQm2yrdyvd-U1Q4GztqFuEVpit4epsSpBZRJxR92nn+Fug AT mail DOT gmail DOT com>
|
In-Reply-To: | <CAKAoaQm2yrdyvd-U1Q4GztqFuEVpit4epsSpBZRJxR92nn+Fug@mail.gmail.com>
|
Date: | Tue, 28 May 2024 22:14:52 +0200
|
Message-ID: | <CALXu0UfJ1fhXACJiOf5b59kLRR725OSnHU8hO-+fKqpcAcVYGQ@mail.gmail.com>
|
Subject: | Fwd: [Ms-nfs41-client-devel] ANN: NFSv4.1 filesystem client Windows
|
| driver binaries for Windows 10/11 for testing, 2024-05-28 ...
|
To: | cygwin AT cygwin DOT com
|
X-Spam-Status: | No, score=0.0 required=5.0 tests=BAYES_00, DKIM_SIGNED,
|
| DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, KAM_EXEURI,
|
| RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP,
|
| T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6
|
X-Spam-Checker-Version: | SpamAssassin 3.4.6 (2021-04-09) on
|
| server2.sourceware.org
|
X-BeenThere: | cygwin AT cygwin DOT com
|
X-Mailman-Version: | 2.1.30
|
List-Id: | General Cygwin discussions and problem reports <cygwin.cygwin.com>
|
List-Archive: | <https://cygwin.com/pipermail/cygwin/>
|
List-Post: | <mailto:cygwin AT cygwin DOT com>
|
List-Help: | <mailto:cygwin-request AT cygwin DOT com?subject=help>
|
List-Subscribe: | <https://cygwin.com/mailman/listinfo/cygwin>,
|
| <mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
|
From: | Cedric Blancher via Cygwin <cygwin AT cygwin DOT com>
|
Reply-To: | Cedric Blancher <cedric DOT blancher AT gmail DOT com>
|
Sender: | "Cygwin" <cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com>
|
Good evening!
For your consideration - we need FEEDBACK, please!
New is support running it as service (sc start
ms-nfs41-client-service), setgid()/newgrp support (with a new winsg
utility to run Windows applications with different primary group),
32bit kernel support, ACL+UNC path (cd //host AT port/path1/path2 work in
bash and ksh93)+chgrp+nfs:// support, and the NFS server no longer
needs the "insecure" export switch.
Ced
---------- Forwarded message ---------
From: Roland Mainz <roland DOT mainz AT nrubsig DOT org>
Date: Tue, 28 May 2024 at 19:17
Subject: [Ms-nfs41-client-devel] ANN: NFSv4.1 filesystem client
Windows driver binaries for Windows 10/11 for testing, 2024-05-28 ...
To: <ms-nfs41-client-devel AT lists DOT sourceforge DOT net>
Hi!
----
I've created a set of test binaries for the NFSv4.1 filesystem client
driver for Windows 10/11, based on
https://github.com/kofemann/ms-nfs41-client (commit id
#0cb44281d376cd6aa0e43a402153405b7b32ddd8, git bundle in tarball), for
testing and feedback (download URL in "Download" section below).
Please send comments, bugs, test reports, complaints etc. to the
MailMan mailing list at
https://sourceforge.net/projects/ms-nfs41-client/lists/ms-nfs41-client-devel
# 1. What is this ?
NFSv4.1 client and filesystem driver for Windows 10/11
# 2. Features:
- Full NFSv4.1 protocol support
- idmapper (mapping usernames and uid/gid values between server and
client)
- Support for custom ports (NFSv4 defaults to TCP port 2049, this
client can use different ports per mount)
- Support for nfs://-URL
* Why ? nfs://-URLs are crossplatform, portable and Character-Encoding
independent descriptions of NFSv4 server resources (exports).
- including custom ports and raw IPv6 addresses
- nfs://-URL conversion utility (/usr/bin/nfsurlconv) to convert
URLs, including non-ASCII/Unicode characters in mount path
- Support ssh forwarding, e.g. mounting NFSv4 filesystems via ssh
tunnel
- Support for long paths (up to 4096 bytes), no Windows MAXPATH limit
- Unicode support
- UNC paths
- IPv6 support in UNC paths
- /sbin/nfs_mount prints UNC paths in Win32+Cygwin formats
- Cygwin bash+ksh93 support UNC paths, e.g.
cd //derfwnb4966 AT 2049/nfs4/bigdisk/mysqldb4/
- IPv6 support
- IPv6 address within '[', ']'
(will be converted to *.ipv6-literal.net)
- Windows ACLs
- Win32 C:\Windows\system32\icacls.exe
- Cygwin /usr/bin/setfacl+/usr/bin/getfacl
- Windows Explorer ACL dialog
- SFU/Cygwin support, including:
- uid/gid
- Cygwin symlinks
- Custom primary group support
- Supports primary group changes in the calling process/thread
(via |SetTokenInformation(..., TokenPrimaryGroup,...)|), e.g.
if the calling process/threads switches the primary group
in its access token then the NFSv4.1 client will use that
group as GID for file creation.
- newgrp(1)/sg(1)-style "winsg" utilty to run cmd.exe with
different primary group, e.g.
$ winsg [-] -g group [-c command | /C command] #
- Software compatibility:
- Any NFSv4.1 server (Linux, Solaris, Illumos, FreeBSD, nfs4j,
...)
- All tools from Cygwin/MinGW
- Visual Studio
- VMware Workstation (can use VMs hosted on NFSv4.1 filesystem)
# 3. Requirements:
- Windows 10 (32bit or 64bit) or Windows 11
- Cygwin:
- Cygwin versions:
- 64bit: >= 3.5.3 (or 3.6.x-devel)
- 32bit: >= 3.3.6
- Packages (required):
cygwin
cygwin-devel
cygrunsrv
cygutils
cygutils-extra
bash
bzip2
coreutils
getent
gdb
grep
hostname
less
libiconv
libiconv2
pax
pbzip2
procps-ng
sed
tar
time
util-linux
wget
- Packages (recommended):
libnfs (for /usr/bin/nfs-ls)
make
git
gcc-core
gcc-g++
clang
mingw64-i686-clang
mingw64-x86_64-clang
dos2unix
unzip
# 4. Download:
$ mkdir -p ~/download
$ cd ~/download
$ wget 'http://www.nrubsig.org/people/gisburn/work/msnfs41client/releases/testing/msnfs41client_cygwin_binaries_20240528_12h15m_git0cb4428.tar.bz2'
$ openssl sha256
"msnfs41client_cygwin_binaries_20240528_12h15m_git0cb4428.tar.bz2"
SHA2-256(msnfs41client_cygwin_binaries_20240528_12h15m_git0cb4428.tar.bz2)=
e3d7adeef8b28161410bb7095036043aa587190488bf9247a00b881c19dbcc0d
# 5. Installation (as "Administrator"):
$ (cd / && tar -xf
~/download/msnfs41client_cygwin_binaries_20240528_12h15m_git0cb4428.tar.bz2
)
$ /sbin/msnfs41client install
<REBOOT>
# 6. Deinstallation:
$ (set -o xtrace ; cd / && tar -tf
~/download/msnfs41client_cygwin_binaries_20240528_12h15m_git0cb4428.tar.bz2
| while read i ; do [[ -f "$i" ]] && rm "$i" ; done)
<REBOOT>
# 7. Usage:
# Option a)
# * Start NFSv4 client daemon as Windows service (requires
# "Adminstrator" account):
$ sc start ms-nfs41-client-service
# * Notes:
# - requires "Adminstrator" account, and one nfsd client daemon is
# used for all users on a machine.
# - The "ms-nfs41-client-service" service is installed by default as
# "disabled" and therefore always requires a "manual" start (e.g.
# $ sc start ms-nfs41-client-service #)
# - note that DOS devices are virtualised per LSA Logon, so each Logon
# needs to do a separare nfs_mount.exe to mount a NFSv4 share
# - nfsd_debug.exe will run as user "SYSTEM", but will do user
# impersonation for each request
# - stopping the service will NOT unmount filesystems, and due to a
# bug a reboot is required to restart and mount any NFSv4
# filesystems again
# * Administration:
# - Follow new log messages:
$ tail -f '/var/log/ms-nfs41-client-service.log'
# - Query service status:
$ sc queryex ms-nfs41-client-service
# - Query service config:
$ sc qc ms-nfs41-client-service
# - Start service automatically:
# (nfsd_debug.exe will be started automagically, but mounts are
# not restored):
$ sc config ms-nfs41-client-service start=auto
# - Start service manually (default):
$ sc config ms-nfs41-client-service start=disabled
# Option b)
# Run the NFSv4 client daemon manually:
#
# - run this preferably as "Administrator", but this is not a requirement
# - requires separate terminal
$ /sbin/msnfs41client run_daemon
# Mount a filesystem and use it
$ /sbin/nfs_mount -o rw N 10.49.20.110:/net_tmpfs2
Successfully mounted '10 DOT 49 DOT 20 DOT 110 AT 2049' to drive 'N:'
$ cd /cygdrive/n/
$ ls -la
total 4
drwxrwxrwt 5 Unix_User+0 Unix_Group+0 100 Dec 7 14:17 .
dr-xr-xr-x 1 roland_mainz Kein 0 Dec 14 13:48 ..
drwxr-xr-x 3 Unix_User+197608 Unix_Group+197121 80 Dec 12 16:24 10492030
drwxr-xr-x 3 Unix_User+197608 Unix_Group+197121 60 Dec 13 17:58 directory_t
drwxr-xr-x 3 Unix_User+197608 Unix_Group+197121 60 Dec 7 11:01 test2
# Unmount filesystem:
$ cd ~ && /sbin/nfs_mount -d N:
# OR
$ cd ~
$ net use N: /delete
# List mounted NFSv4.1 filesystems:
$ /sbin/nfs_mount
# 8. Notes:
- Cygwin 32bit can be installed like this:
---- snip ----
# Install Cygwin 32bit on Windows 32 with packages required by "ms-nfs41-client"
# (Windows NFSv4.1 client):
# 1. Get installer from https://www.cygwin.com/setup-x86.exe
# 2. Run installer with these arguments:
setup-x86.exe --allow-unsupported-windows -q --no-verify --site
http://ctm.crouchingtigerhiddenfruitbat.org/pub/cygwin/circa/2022/11/23/063457
-P cygwin,cygwin-devel,cygrunsrv,cygutils,cygutils-extra,bash,bzip2,coreutils,getent,gdb,grep,hostname,less,libiconv,libiconv2,pax,pbzip2,procps-ng,sed,tar,time,util-linux,wget,libnfs,make,git,dos2unix,unzip
---- snip ----
- Idmapping (including uid/gid mapping) between NFSv4 client and
NFSv4 server works via /lib/msnfs41client/cygwin_idmapper.ksh,
which either uses builtin static data, or /usr/bin/getent passwd
and /usr/bin/getent group.
As getent uses the configured name services it should work with
LDAP too.
This is still work-in-progress, with the goal that both NFSv4
client and server can use different uid/gid numeric values for
client and server side.
- UNC paths are supported, after successful mounting /sbin/nfs_mount
will list the paths in Cygwin UNC format.
- SIDs work, users with valid Windows accounts (see Cygwin idmapping
above get their SIDs, unknown users with valid uid/gid values get
Unix_User+id/Unix_Group+id SIDs, and all others are mapped
to nobody/nogroup SIDs.
- Workflow for nfs://-URLs:
- Create nfs://-URLs with nfsurlconv, read $ nfsurlconv --man # for usage
- pass URL to nfs_mount.exe like this:
$ nfs_mount -o sec=sys,rw 'L' nfs://derfwnb4966_ipv4//bigdisk #
- Cygwin symlinks are supported, but might require
$ fsutil behavior set SymlinkEvaluation L2L:1 R2R:1 L2R:1 R2L:1 #.
This includes symlinks to UNC paths, e.g. as Admin
$ cmd /c 'mklink /d c:\home\rmainz
\\derfwpc5131_ipv6 AT 2049\nfs4\export\home2\rmainz' #
and then $ cd /cygdrive/c/home/rmainz/ # should work
- performance: All binaries are build without any optimisation, so
the filesystem is much slower than it could be.
- bad performance due to Windows Defender AntiVirus:
Option 1:
# disable Windows defender realtime monitoring
# (requires Admin shell)
powershell -Command 'Set-MpPreference -DisableRealtimeMonitoring 1'
Option 2:
Add "nfsd.exe", "nfsd_debug.exe", "ksh93.exe", "bash.exe",
"git.exe" and other offending commands to the process name
whitelist.
- performance: Use vmxnet3 in VMware to improve performance
- ACLs are supported via the normal Windows ACL tools, but on
Linux require the nfs4_getfacl/nfs4_setfacl utilities to see the
data.
* Example 1 (assuming that Windows, Linux NFSv4 client and NFSv4
server have a user "siegfried_wulsch"):
- On Windows on a NFSv4 filesystem:
$ icacls myhorribledata.txt /grant "siegfried_wulsch:WD" #
- On Linux NFSv4 clients you will then see this:
---- snip ----
$ nfs4_getfacl myhorribledata.txt
A::OWNER@:rwatTcCy
A::siegfried_wulsch AT global DOT loc:rwatcy
A::GROUP@:rtcy
A::EVERYONE@:rtcy
---- snip ----
* Example 2 (assuming that Windows, Linux NFSv4 client and NFSv4
server have a group "cygwingrp2"):
- On Windows on a NFSv4 filesystem:
$ icacls myhorribledata.txt /grant "cygwingrp2:(WDAC)" /t /c #
- On Linux NFSv4 clients you will then see this:
---- snip ----
$ nfs4_getfacl myhorribledata.txt
A::OWNER@:rwatTcCy
A::GROUP@:rtcy
A:g:cygwingrp2 AT global DOT loc:rtcy
A::EVERYONE@:rtcy
---- snip ----
- nfs_mount.exe vs. reserved ports:
By default the NFSv4 server on Solaris, Illumos, Linux
etc. only accepts connections if the NFSv4 client uses a
"privileged (TCP) port", i.e. using a TCP port number < 1024.
If nfsd.exe/nfsd_debug.exe is started without the Windows priviledge
to use reserved ports, then a mount attempt can fail.
This can be worked around on the NFSv4 server side - on Linux using
the "insecure" export option in /etc/exports and on Solaris/Illumos
using export option "resvport" (see nfs(5)).
- Accessing mounts from a VMware/QEMU/VirtualBox VM using NAT requires
the the "insecure" export option in /etc/exports and on
Solaris/Illumos using export option "resvport" (see nfs(5)), as the
NFSv4 client source TCP port will be >= 1024.
# 9. Known issues:
- The kernel driver ("nfs41_driver.sys") does not yet have a
cryptographic signature for SecureBoot - which means it will only
work if SecureBoot is turned off (otherwise
$ /sbin/msnfs41client install # will FAIL!)
- If nfsd_debug.exe crashes or gets killed, the only safe way
to run it again requires a reboot
- LDAP support does not work yet
- Attribute caching is too aggressive
- Caching in the kernel does not always work. For example
$ tail -f ... # does not not see new data.
Workaround: Use GNU tail'S $ tail --follow=name ... #
Working theory is that this is related to FCB caching, see
|FCB_STATE_FILESIZECACHEING_ENABLED|, as the nfs41_driver.sys
kernel module does not see the |stat()| syscalls. But $ tail -f ... #
always works for a momemnt if something else opens the same file.
- Unmounting and then mounting the same filesystem causes issues
as the name cache in nfsd*.exe is not flushed on umount, including
leftover delegations.
- krb5p security with AES keys do not work against the linux server,
as it does not support gss krb5 v2 tokens with rotated data.
- When recovering opens and locks outside of the server's grace
period, client does not check whether the file has been modified
by another client.
- If nfsd.exe is restarted while a drive is mapped, that drive needs
to be remounted before further use.
- Does not allow renaming a file on top of an existing open file.
Connectathon's special test op_ren has been commented out.
- File access timestamps might be wrong for delegations.
- Extended attributes are supported with some limitations:
a) the server must support NFS Named Attributes,
b) the order of listings cannot be guaranteed by NFS, and
c) the EaSize field cannot be reported for directory queries of
FileBothDirInformation, FileFullDirInfo, or FileIdFullDirInfo.
- Win10/32bit-only: $ net use H: /delete # does not work,
use $ nfs_mount -d 'H' instead #
# 10. Notes for troubleshooting && finding bugs/debugging:
- nfsd_debug.exe has the -d option to set a level for debug
output.
Edit /sbin/msnfs41client to set the "-d" option.
- The "msnfs41client" script has the option "watch_kernel_debuglog"
to get the debug output of the kernel module.
Run as Admin: $ /sbin/msnfs41client watch_kernel_debuglog #
Currently requires DebugView
(https://learn.microsoft.com/en-gb/sysinternals/downloads/debugview)
to be installed.
- Watching network traffic:
WireShark has a command line tool called "tshark", which can be used
to see NFSv4 traffic. As NFSv4 uses RPC you have to filter for RPC,
and the RPC filter automatically identifies NFSv4 traffic on it's RPC
id.
Example for Windows:
(for NFSv4 default TCP port "2049", replace "2049" with the
desired port if you use a custom port ; use "ipconfig" to find the
correct interface name, in this case "Ethernet0"):
---- snip ----
$ nfsv4port=2049 ; /cygdrive/c/Program\ Files/Wireshark/tshark \
-f "port $nfsv4port" -d "tcp.port==${nfsv4port},rpc" -i Ethernet0
---- snip ----
If you are running inside a VMware VM on a Linux host it
might require $ chmod a+rw /dev/vmnet0 # on VMware host, so that
the VM can use "Promiscuous Mode".
# 11. Source code:
- Source code can be obtained from https://github.com/kofemann/ms-nfs41-client
- Build instructions can be found at
https://github.com/kofemann/ms-nfs41-client/tree/master/cygwin
----
Bye,
Roland
--
__ . . __
(o.\ \/ /.o) roland DOT mainz AT nrubsig DOT org
\__\/\/__/ MPEG specialist, C&&JAVA&&Sun&&Unix programmer
/O /==\ O\ TEL +49 641 3992797
(;O/ \/ \O;)
_______________________________________________
Ms-nfs41-client-devel mailing list
Ms-nfs41-client-devel AT lists DOT sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/ms-nfs41-client-devel
--
Cedric Blancher <cedric DOT blancher AT gmail DOT com>
[https://plus.google.com/u/0/+CedricBlancher/]
Institute Pasteur
--
Problem reports: https://cygwin.com/problems.html
FAQ: https://cygwin.com/faq/
Documentation: https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
- Raw text -