![[PukiWiki]](image/picc.png "[PukiWiki]")
#author("2025-12-07T15:02:26+00:00","default:sysosa","sysosa") #author("2025-12-07T20:09:47+00:00","default:sysosa","sysosa") 既に rockylinux9 でnisの提供は終わっているのだが、nisでどうしても運用ということもある っで rockylinux10 での nis 実装を試みた っで rockylinux10 での nis 実装を試みた &size(10){素直に FreeIPA に移った方がいいかもね}; #code(nonumber){{ [root@rockylinux10 ~]# cat /etc/redhat-release Rocky Linux release 10.1 (Red Quartz) [root@rockylinux10 ~]# }} ***ypbind-mt [#b6b4c075] #code(nonumber){{ [root@rockylinux10 ~]# git clone https://github.com/thkukuk/ypbind-mt [root@rockylinux10 ~]# cd ypbind-mt/ [root@rockylinux10 ypbind-mt]# git log -1 commit 044299c049dff949647ada4556c9d25290892911 (HEAD -> master, tag: v2.7.2, origin/master, origin/HEAD) Author: Thorsten Kukuk <kukuk@suse.com> Date: Fri Jan 31 09:44:12 2020 +0100 Release version 2.7.2 [root@rockylinux10 ypbind-mt]# cd .. [root@rockylinux10 ~]# tar --exclude-vcs --transform 's/ypbind-mt/ypbind-mt-2.7.2/' -cvzf ypbind-mt-2.7.2.tar.gz ypbind-mt }} rpmbuildに必要な spec ファイルを rockylinux8 の ypbind から得てみる rpmbuildに必要な spec ファイルを rockylinux8 の ypbind から得て #code(nonumber){{ [root@rockylinux10 ~]# rpm -Uvh http://dl.rockylinux.org/pub/rocky/8/AppStream/source/tree/Packages/y/ypbind-2.5-2.el8.src.rpm [root@rockylinux10 ~]# vi rpmbuild/SPECS/ypbind.spec }} SPECファイルをちょいと修正 #code(diff,nonumber){{ --- rpmbuild/SPECS/ypbind.spec.orig 2021-04-12 18:07:59.000000000 +0900 +++ rpmbuild/SPECS/ypbind.spec 2025-12-07 14:50:51.416924779 +0900 @@ -1,7 +1,7 @@ Summary: The NIS daemon which binds NIS clients to an NIS domain Name: ypbind Epoch: 3 -Version: 2.5 +Version: 2.7.2 Release: 2%{?dist} License: GPLv2 Group: System Environment/Daemons @@ -58,7 +58,7 @@ %patch1 -p1 -b .gettextdomain %patch2 -p1 -b .helpman #%patch3 -p1 -b .systemdso -%patch4 -b .gettext_version +#%patch4 -b .gettext_version autoreconf -fiv }} っで構築 #code(nonumber){{ [root@rockylinux10 ~]# mv ypbind-mt-2.7.2.tar.gz rpmbuild/SOURCES/ [root@rockylinux10 ~]# dnf install epel-release -y [root@rockylinux10 ~]# dnf config-manager --enable crb [root@rockylinux10 ~]# dnf install dbus-glib-devel libnsl2-devel libtirpc-devel systemd-devel [root@rockylinux10 ~]# rpmbuild -bb rpmbuild/SPECS/ypbind.spec [root@rockylinux10 ~]# ls -l rpmbuild/RPMS/x86_64/ total 148 -rw-r--r--. 1 root root 53684 Dec 7 15:31 ypbind-2.7.2-2.el10.x86_64.rpm -rw-r--r--. 1 root root 61778 Dec 7 15:31 ypbind-debuginfo-2.7.2-2.el10.x86_64.rpm -rw-r--r--. 1 root root 27355 Dec 7 15:31 ypbind-debugsource-2.7.2-2.el10.x86_64.rpm [root@rockylinux10 ~]# }} あとnss_nisとyp-toolsが必要です ***nss_nis [#re19ffea] #code(nonumber){{ [root@rockylinux10 ~]# git clone https://github.com/thkukuk/libnss_nis [root@rockylinux10 ~]# cd libnss_nis [root@rockylinux10 libnss_nis]# git log -1 commit 3c206b762ac8557dab3c40ff3a297c9d1bff0d83 (HEAD -> master, tag: v3.4, origin/master, origin/HEAD) Author: Thorsten Kukuk <kukuk@suse.com> Date: Wed Aug 27 10:03:40 2025 +0200 Release version 3.4 [root@rockylinux10 libnss_nis]# [root@rockylinux10 libnss_nis]# cd .. [root@rockylinux10 ~]# tar --exclude-vcs --transform 's/libnss_nis/libnss_nis-3.4/' -cvzf libnss_nis-3.4.tar.gz libnss_nis }} こちらも rockylinux8 の nss_nis を拾って spec ファイルを弄ります #code(nonumber){{ [root@rockylinux10 ~]# rpm -Uvh http://dl.rockylinux.org/pub/rocky/8/BaseOS/source/tree/Packages/n/nss_nis-3.0-8.el8.src.rpm [root@rockylinux10 ~]# vi rpmbuild/SPECS/nss_nis.spec }} #code(diff,nonumber){{ --- rpmbuild/SPECS/nss_nis.spec.orig 2025-12-07 15:36:02.915918747 +0900 +++ rpmbuild/SPECS/nss_nis.spec 2025-12-07 15:36:28.432590734 +0900 @@ -1,11 +1,11 @@ Name: nss_nis -Version: 3.0 +Version: 3.4 Release: 8%{?dist} Summary: Name Service Switch (NSS) module using NIS License: LGPLv2+ Group: System Environment/Base Url: https://github.com/thkukuk/libnss_nis -Source: https://github.com/thkukuk/libnss_nis/archive/v%{version}.tar.gz +Source: https://github.com/thkukuk/libnss_nis/archive/v%{version}.tar.gz#/libnss_nis-%{version}.tar.gz # https://github.com/systemd/systemd/issues/7074 Source2: nss_nis.conf }} #code(nonumber){{ [root@rockylinux10 ~]# mv libnss_nis-3.4.tar.gz rpmbuild/SOURCES/ [root@rockylinux10 ~]# rpmbuild -bb rpmbuild/SPECS/nss_nis.spec [root@rockylinux10 ~]# ls -l rpmbuild/RPMS/x86_64/nss_nis-* -rw-r--r--. 1 root root 40944 Dec 7 15:38 rpmbuild/RPMS/x86_64/nss_nis-3.4-8.el10.x86_64.rpm -rw-r--r--. 1 root root 75813 Dec 7 15:38 rpmbuild/RPMS/x86_64/nss_nis-debuginfo-3.4-8.el10.x86_64.rpm -rw-r--r--. 1 root root 27120 Dec 7 15:38 rpmbuild/RPMS/x86_64/nss_nis-debugsource-3.4-8.el10.x86_64.rpm [root@rockylinux10 ~]# }} ***yp-tools [#c1add5c1] 本家様 [[https://github.com/thkukuk/yp-tools>+https://github.com/thkukuk/yp-tools]] での最新版は version 4.2.3 で6年前. rockylinux8 の yp-tools も version 4.2.3 なので rockylinux8 の yp-tools を rebuild で対応する 本家様 [[https://github.com/thkukuk/yp-tools>+https://github.com/thkukuk/yp-tools]] での最新版は version 4.2.3 で6年前. rockylinux8 の yp-tools も version 4.2.3 と最新版なので、rebuild で対応します #code(nonumber){{ [root@rockylinux10 ~]# curl -O http://dl.rockylinux.org/pub/rocky/8/AppStream/source/tree/Packages/y/yp-tools-4.2.3-2.el8.src.rpm [root@rockylinux10 ~]# rpmbuild --rebuild yp-tools-4.2.3-2.el8.src.rpm [root@rockylinux10 ~]# ls -l rpmbuild/RPMS/x86_64/yp-tools-* -rw-r--r--. 1 root root 83149 Dec 7 15:42 rpmbuild/RPMS/x86_64/yp-tools-4.2.3-2.el10.x86_64.rpm -rw-r--r--. 1 root root 92601 Dec 7 15:42 rpmbuild/RPMS/x86_64/yp-tools-debuginfo-4.2.3-2.el10.x86_64.rpm -rw-r--r--. 1 root root 26926 Dec 7 15:42 rpmbuild/RPMS/x86_64/yp-tools-debugsource-4.2.3-2.el10.x86_64.rpm [root@rockylinux10 ~]# }} ***nis clientを構築 [#e525b62f] そろったのでインストール #code(nonumber){{ [root@rockylinux10 ~]# dnf localinstall \ ./rpmbuild/RPMS/x86_64/ypbind-2.7.2-2.el10.x86_64.rpm \ ./rpmbuild/RPMS/x86_64/nss_nis-3.4-8.el10.x86_64.rpm \ ./rpmbuild/RPMS/x86_64/yp-tools-4.2.3-2.el10.x86_64.rpm [root@rockylinux10 ~]# [root@rockylinux10 ~]# vi /etc/yp.conf domain sybyl server nis [root@rockylinux10 ~]# systemctl enable ypbind --now }} これで「/etc/yp.conf」を弄って「systemctl enable ypbind --now」を実行すると nis client になれる. あとnis情報をアカウント認証に繋げるには「/etc/nsswitch.conf」とか弄るのだが、ここは authselect で調整できるようにしたい. 一応これでnis clientになれるが、「/etc/nsswitch.conf」とか弄りたくないので authselect で調整できるようにしたい. ***authselect [#jc0a7a2d] 既存で使われている authselect のSRPMを取得して、nisを有効にさせてみる #code(nonumber){{ [root@rockylinux10 ~]# dnf download --source authselect [root@rockylinux10 ~]# rpm -Uvh authselect-1.5.0-8.el10.src.rpm [root@rockylinux10 ~]# dnf builddep authselect [root@rockylinux10 ~]# [root@rockylinux10 ~]# rpmbuild -ba ~/rpmbuild/SPECS/authselect.spec \ --define "with_nis_profile 1" \ --define "rhel 0" [root@rockylinux10 ~]# ls -l rpmbuild/RPMS/x86_64/authselect-* -rw-r--r--. 1 root root 144109 Dec 7 23:17 rpmbuild/RPMS/x86_64/authselect-1.5.0-8.el10.x86_64.rpm -rw-r--r--. 1 root root 39413 Dec 7 23:17 rpmbuild/RPMS/x86_64/authselect-debuginfo-1.5.0-8.el10.x86_64.rpm -rw-r--r--. 1 root root 51690 Dec 7 23:17 rpmbuild/RPMS/x86_64/authselect-debugsource-1.5.0-8.el10.x86_64.rpm -rw-r--r--. 1 root root 13067 Dec 7 23:17 rpmbuild/RPMS/x86_64/authselect-devel-1.5.0-8.el10.x86_64.rpm -rw-r--r--. 1 root root 210462 Dec 7 23:17 rpmbuild/RPMS/x86_64/authselect-libs-1.5.0-8.el10.x86_64.rpm -rw-r--r--. 1 root root 97684 Dec 7 23:17 rpmbuild/RPMS/x86_64/authselect-libs-debuginfo-1.5.0-8.el10.x86_64.rpm [root@rockylinux10 ~]# [root@rockylinux10 ~]# rpm -qpli ./rpmbuild/RPMS/x86_64/authselect-libs-1.5.0-8.el10.x86_64.rpm |less : /usr/share/authselect/default/nis /usr/share/authselect/default/nis/README /usr/share/authselect/default/nis/REQUIREMENTS /usr/share/authselect/default/nis/dconf-db /usr/share/authselect/default/nis/dconf-locks /usr/share/authselect/default/nis/fingerprint-auth /usr/share/authselect/default/nis/nsswitch.conf /usr/share/authselect/default/nis/password-auth /usr/share/authselect/default/nis/postlogin /usr/share/authselect/default/nis/smartcard-auth /usr/share/authselect/default/nis/system-auth : [root@rockylinux10 ~]# }} #code(nonumber){{ [root@rockylinux10 ~]# dnf reinstall rpmbuild/RPMS/x86_64/authselect-libs-1.5.0-8.el10.x86_64.rpm [root@rockylinux10 ~]# authselect list - local Local users only - nis Enable NIS for system authentication - sssd Enable SSSD for system authentication (also for local users only) - winbind Enable winbind for system authentication [root@rockylinux10 ~]# [root@rockylinux10 ~]# authselect select nis --force }} ***autofs [#zc8a98fb] nis masterでauto.master, auto.homeを一元管理して、nis clientのmount環境を整備するかならautofsも再調整が必要となります &size(10){libnsl2-devel(epel)とlibtirpc-devel(crb)パッケージがあると nis 対応になってくれます}; #code(nonumber){{ [root@rockylinux10 ~]# dnf download --source autofs [root@rockylinux10 ~]# rpm -Uvh autofs-5.1.9-13.el10.src.rpm [root@rockylinux10 ~]# dnf builddep autofs [root@rockylinux10 ~]# rpmbuild -bb rpmbuild/SPECS/autofs.spec [root@rockylinux10 ~]# dnf reinstall ./rpmbuild/RPMS/x86_64/autofs-5.1.9-13.el10.x86_64.rpm [root@rockylinux10 ~]# ls -l rpmbuild/RPMS/x86_64/autofs-* -rw-r--r--. 1 root root 381498 Dec 8 00:22 rpmbuild/RPMS/x86_64/autofs-5.1.9-13.el10.x86_64.rpm -rw-r--r--. 1 root root 739023 Dec 8 00:22 rpmbuild/RPMS/x86_64/autofs-debuginfo-5.1.9-13.el10.x86_64.rpm -rw-r--r--. 1 root root 270953 Dec 8 00:22 rpmbuild/RPMS/x86_64/autofs-debugsource-5.1.9-13.el10.x86_64.rpm [root@rockylinux10 ~]# }} (確認) #code(nonumber){{ [root@rockylinux10 ~]# rpm -qpli ./rpmbuild/RPMS/x86_64/autofs-5.1.9-13.el10.x86_64.rpm | less : /usr/lib64/autofs/lookup_nis.so : /usr/lib64/autofs/lookup_yp.so : [root@rockylinux10 ~]# }} ***update禁止 [#s085231e] 「dnf update」とか実行するとnisの機能のが消されますので「/etc/yum.conf」に下記の行を加えます #code(nonumber){{ exclude=ypbind nss_nis yp-tools authselect-libs autofs }} ***ypserv [#bc9bfbef] nis マスターを rockylinux10 で作ってみます #code(nonumber){{ [root@rockylinux10 ~]# git clone https://github.com/thkukuk/ypserv [root@rockylinux10 ~]# cd ypserv/ [root@rockylinux10 ypserv]# git log -1 commit 009d67bc5c814581790548b27720ffcb25ff9bef (HEAD -> master, origin/master, origin/HEAD) Author: Thorsten Kukuk <kukuk@suse.com> Date: Sun Mar 2 19:58:15 2025 +0100 ypserv.8: fix ypwhich.1 reference [root@rockylinux10 ypserv]# [root@rockylinux10 ypserv]# cd .. [root@rockylinux10 ~]# tar --exclude-vcs --transform 's/ypserv/ypserv-4.2/' -cvzf ypserv-4.2.tar.gz ypserv }} #code(nonumber){{ [root@rockylinux10 ~]# rpm -Uvh http://dl.rockylinux.org/pub/rocky/8/AppStream/source/tree/Packages/y/ypserv-4.1-1.el8.src.rpm [root@rockylinux10 ~]# vi rpmbuild/SPECS/ypserv.spec }} #code(diff,nonumber){{ --- rpmbuild/SPECS/ypserv.spec.orig 2022-04-17 10:11:09.000000000 +0900 +++ rpmbuild/SPECS/ypserv.spec 2025-12-08 05:00:24.690960526 +0900 @@ -3,11 +3,11 @@ Summary: The NIS (Network Information Service) server Url: http://www.linux-nis.org/nis/ypserv/index.html Name: ypserv -Version: 4.1 +Version: 4.2 Release: 1%{?dist} License: GPLv2 Group: System Environment/Daemons -Source0: https://github.com/thkukuk/%{name}/archive/v%{version}.tar.gz +Source0: https://github.com/thkukuk/%{name}/archive/v%{version}.tar.gz#/ypserv-%{version}.tar.gz Source1: ypserv.service Source2: yppasswdd.service Source3: ypxfrd.service @@ -86,7 +86,7 @@ %ifarch s390 s390x export CFLAGS="$RPM_OPT_FLAGS -fPIC" %else -export CFLAGS="$RPM_OPT_FLAGS -fpic" +export CFLAGS="$RPM_OPT_FLAGS -fpic -Wno-error" %endif }} #code(nonumber){{ [root@rockylinux10 ~]# mv ypserv-4.2.tar.gz rpmbuild/SOURCES/ [root@rockylinux10 ~]# dnf install tokyocabinet-devel libnsl2-devel libtirpc-devel systemd-devel [root@rockylinux10 ~]# rpmbuild -bb rpmbuild/SPECS/ypserv.spec [root@rockylinux10 ~]# ls -l rpmbuild/RPMS/x86_64/ypserv-* -rw-r--r--. 1 root root 154616 Dec 8 05:01 rpmbuild/RPMS/x86_64/ypserv-4.2-1.el10.x86_64.rpm -rw-r--r--. 1 root root 201509 Dec 8 05:01 rpmbuild/RPMS/x86_64/ypserv-debuginfo-4.2-1.el10.x86_64.rpm -rw-r--r--. 1 root root 64987 Dec 8 05:01 rpmbuild/RPMS/x86_64/ypserv-debugsource-4.2-1.el10.x86_64.rpm [root@rockylinux10 ~]# }} 「lib/yp_db.c」の部分で厳密にエラーが起こりますが、これはGCCが厳密にコンパイルしているため. chatgptの提案でパッチが提案されたが「lib/yp_db.c」を結構弄るようで却下. 「-Wno-error」を加えて逃げることにした. これで大丈夫って訳ではないのだが、、
