Google Linux fixes

This is a collection of Linux enhancements and fixes used internally at Google. These were all sent to their respective maintainers, and most have either been accpted, or obsoleted by another fix.

Commits in Linus's kernel tree

Autofs 4.1.3 does not expire any entries from it's cache when using LDAP, requiring a re-start when an entry changes. This allows users to configure how long the entries stay in the cache.

Patch to kernel-package 8.119ubuntu3 /usr/share/kernel-package/scripts. Adds scripts and Module.symvers file to linux-headers packages built with make-kpkg, and fixes /lib/modules/$(uname -r)/build symlink to point to /usr/src/linux-headers-$(uname -r) instead of local build location.

Patch to hal 0.4.7 to allow configuring user/group at startup instead of only during compile time.

This obvious typo on __rpc_purge_upcall() would cause a race condition that could result in a NULL pointer dereference. (a reworked patch was accepted into 2.6.15-rc3)

A patch to pam_krb5 from (which allows refreshing credentials) allows building on debian against mit krb5 for compatibility with other applications, which are also linked against mit krb5, disables krb4 building (which I didn't bother to get working), and allows creation of a shared ccache for use by all sessions on a single machine.

Patches to gssd in nfs-utils 1.0.7 with the CITI patch. These make gssd look in a secondary location for credentials if the primary location fails, and allows the root user to use nfsnobody credentials.

Patch to gssd in nfs-utils 1.1.1 to search through a path for credentials. Obsoletes gssd-alt-cred.patch.

Patch to nfsmount from util-linux 2.12 + CITI patch. This prevents the user from selecting mountvers=2,nfsvers=3, which would otherwise cause a segfault in mount.

Patch to nfs-utils-1.0.8-rc2 + nfs-utils-1.0.8-rc2-CITI_NFS4_ALL-2.dif that allows the default cred dir to be specified on the command line.

Patch to nfs-utils-1.0.8-rc2 + nfs-utils-1.0.8-rc2-CITI_NFS4_ALL-2.dif that keeps gssd from closing all pipes and re-opening them after every DNOTIFY signal. This works around a kernel oops.

update-grub patch
Small patch to debian's update-grub to more intelligently sort kernels.

gtk-cups-all.diff (Bug Report)
Patch to the GTK+ cups printing backend to work with SSL printers and use 2 connections instead of 20.

Add ping6 support to heartbeat.

Add IPv6 support to ldirectord.

ipvsadm - Extended ipvsadm to support IPv6 addresses.

Many iterations of (user|group)add tools were fixed to avoid get(pw|gr)ent calls that will take forever against any large, networked nss.

Google Linux hacks

This is a collection of hacks to solve various problems that will eventually be solved with proper code.

Ubuntu (Debian) installer hard-codes security.(| into /etc/apt/sources.list. This is fixed by creating a known good sources.list.apt-setup during base-config/early_command, and will eventually be made to use debconf.

During kubuntu-desktop installation, kdm asks for xdm choice even if it's been preseeded to be gdm and debconf/priority=critical. Adding another debconf database file before installation fixes this.

Name: shared/default-x-display-manager
Template: shared/default-x-display-manager
Value: gdm
Owners: gdm, kdm
Flags: seen
 choices = gdm, kdm

The Debian/Ubuntu local device security model involves adding users to a list of groups to gain access. Sunce Linux 2.6 sorts gids numerically, these are always at the beginning of the list, and waste space in the already small NFSv3 (and older, actually sunrpc auth_unix) 16 group limit. Changing these to higer gids works around the problem.